diff options
author | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2016-08-22 10:27:00 +0000 |
---|---|---|
committer | Raphael Kubo da Costa <rakuco@FreeBSD.org> | 2016-08-22 10:27:00 +0000 |
commit | f191df747ed8566b751eabf82c8234f2144b4400 (patch) | |
tree | d64470f4f8ff1c365d50000f5f3605293f2e30aa | |
parent | 5d651255d44b8acb3b263199dfdf0e147714eb7d (diff) | |
download | ports-f191df747ed8566b751eabf82c8234f2144b4400.tar.gz ports-f191df747ed8566b751eabf82c8234f2144b4400.zip |
MFH: r417968 r418048 r420303
devel/qca: Fix building without SSLv3 and SHA-0
- Add 2 patches from upstream project
- Fix building when libssl does not have SSLv3
- Fix building when libcrypto does not have SHA-0
- Replace USE_OPENSSL with USES= ssl
- Rework files/patch-libressl with `make makepatch`
Tested with devel/qca and devel/qca-qt5
PR: 210053
Approved by: Maintainer time-out
Obtained from: KDE
Differential Revision: D6885
devel/qca: Fix build failure on 9.3 / OpenSSL 0.9.7
- Re-add patch for compression to satisfy 0.9.7
PR: 210053
Adjust the SHA0 removal patch.
The upstream fix was still returning "sha0" in all_hash_types() even when SHA0
support is not present. The fix has also been submitted upstream.
PR: 211833
Submitted by: matthew@reztek.cz
Approved by: ports-secteam (junovitch)
Notes
Notes:
svn path=/branches/2016Q3/; revision=420596
-rw-r--r-- | devel/qca/Makefile | 3 | ||||
-rw-r--r-- | devel/qca/files/patch-libressl | 15 | ||||
-rw-r--r-- | devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt | 28 | ||||
-rw-r--r-- | devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp | 73 |
4 files changed, 103 insertions, 16 deletions
diff --git a/devel/qca/Makefile b/devel/qca/Makefile index 447226a5617c..544c6e592419 100644 --- a/devel/qca/Makefile +++ b/devel/qca/Makefile @@ -3,6 +3,7 @@ PORTNAME= qca PORTVERSION= 2.1.1 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= KDE/stable/qca/${PORTVERSION}/src @@ -38,7 +39,7 @@ GNUPG_CMAKE_ON= -DWITH_gnupg_PLUGIN=yes GNUPG_RUN_DEPENDS= gpg2:security/gnupg OPENSSL_CMAKE_ON= -DWITH_ossl_PLUGIN=yes -OPENSSL_USE= OPENSSL=yes +OPENSSL_USES= ssl SASL_CMAKE_ON= -DWITH_cyrus-sasl_PLUGIN=yes SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 diff --git a/devel/qca/files/patch-libressl b/devel/qca/files/patch-libressl deleted file mode 100644 index 2edf422f1d72..000000000000 --- a/devel/qca/files/patch-libressl +++ /dev/null @@ -1,15 +0,0 @@ ---- plugins/qca-ossl/qca-ossl.cpp.orig 2015-10-02 09:39:21 UTC -+++ plugins/qca-ossl/qca-ossl.cpp -@@ -5805,7 +5805,11 @@ public: - { - SessionInfo sessInfo; - -- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session)); -+#ifndef OPENSSL_NO_COMP -+ sessInfo.isCompressed = (0 != ssl->session->compress_meth); -+#else -+ sessInfo.isCompressed = 0; -+#endif - - if (ssl->version == TLS1_VERSION) - sessInfo.version = TLS::TLS_v1; diff --git a/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt b/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt new file mode 100644 index 000000000000..8e9ecf0c4f86 --- /dev/null +++ b/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt @@ -0,0 +1,28 @@ +qca-ossl: Fix build without support for SHA-0 +https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156 + +LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha +anymore. +Wikipedia says about SHA-0: "160-bit hash function published in 1993 +under the name SHA. It was withdrawn shortly after publication due to +an undisclosed "significant flaw" and replaced by the slightly revised +version SHA-1.' + +REVIEW: 125387 + +--- plugins/qca-ossl/CMakeLists.txt.orig ++++ plugins/qca-ossl/CMakeLists.txt +@@ -24,6 +24,13 @@ + else(HAVE_OPENSSL_AES_CTR) + message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support") + endif(HAVE_OPENSSL_AES_CTR) ++ ++ check_function_exists(EVP_sha HAVE_OPENSSL_SHA0) ++ if(HAVE_OPENSSL_SHA0) ++ add_definitions(-DHAVE_OPENSSL_SHA0) ++ else(HAVE_OPENSSL_SHA0) ++ message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support") ++ endif(HAVE_OPENSSL_SHA0) + + set(QCA_OSSL_SOURCES qca-ossl.cpp) + diff --git a/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp b/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp new file mode 100644 index 000000000000..ee560f195ef5 --- /dev/null +++ b/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp @@ -0,0 +1,73 @@ +qca-ossl: Fix build without SSLv3 +http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232 + +This fixes building with LibreSSL >= 2.3.0 which has removed support +for SSLv3 completely. As far as I know OpenSSL can be configured to +build without it, so it might be helpful there as well. + +REVIEW: 125386 + +qca-ossl: Fix build without support for SHA-0 +https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156 + +LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha +anymore. +Wikipedia says about SHA-0: "160-bit hash function published in 1993 +under the name SHA. It was withdrawn shortly after publication due to +an undisclosed "significant flaw" and replaced by the slightly revised +version SHA-1.' + +REVIEW: 125387 + +Also includes: +qca-ossl: Remove SHA0 from all_hash_types() when it is not available. +https://git.reviewboard.kde.org/r/128700/ + +--- plugins/qca-ossl/qca-ossl.cpp.orig 2015-10-02 09:39:21 UTC ++++ plugins/qca-ossl/qca-ossl.cpp +@@ -5403,9 +5403,11 @@ public: + ctx = SSL_CTX_new(SSLv2_client_method()); + break; + #endif ++#ifndef OPENSSL_NO_SSL3_METHOD + case TLS::SSL_v3: + ctx = SSL_CTX_new(SSLv3_client_method()); + break; ++#endif + case TLS::TLS_v1: + ctx = SSL_CTX_new(TLSv1_client_method()); + break; +@@ -5805,7 +5807,11 @@ public: + { + SessionInfo sessInfo; + +- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session)); ++#ifndef OPENSSL_NO_COMP ++ sessInfo.isCompressed = (0 != ssl->session->compress_meth); ++#else ++ sessInfo.isCompressed = 0; ++#endif + + if (ssl->version == TLS1_VERSION) + sessInfo.version = TLS::TLS_v1; +@@ -6880,7 +6886,9 @@ static QStringList all_hash_types() + { + QStringList list; + list += "sha1"; ++#ifdef HAVE_OPENSSL_SHA0 + list += "sha0"; ++#endif + list += "ripemd160"; + #ifdef HAVE_OPENSSL_MD2 + list += "md2"; +@@ -7133,8 +7141,10 @@ public: + return new opensslInfoContext(this); + else if ( type == "sha1" ) + return new opensslHashContext( EVP_sha1(), this, type); ++#ifdef HAVE_OPENSSL_SHA0 + else if ( type == "sha0" ) + return new opensslHashContext( EVP_sha(), this, type); ++#endif + else if ( type == "ripemd160" ) + return new opensslHashContext( EVP_ripemd160(), this, type); + #ifdef HAVE_OPENSSL_MD2 |