UPDATE: security/qca-qt5

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE: security/qca-qt5

Rafael Sadowski
Please find below a simple update to the latest stable version of QCA.
LibreSSL patches from Gentoo developer Stefan Strogin from here:
https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241
"Trusted source" -- tb@

I also added a patch from FreeBSD to fix linking botan. (Tested but botan
is disabled for now). Other notable changes:

- Only new exports added so bump minor.
- Cleanup WANTLIB
- Fix MASTER_SITE URL
- Cleanup plugin configuration

Tested with net/konversation and #freenode via SSL.

OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/qca-qt5/Makefile,v
retrieving revision 1.5
diff -u -p -u -p -r1.5 Makefile
--- Makefile 12 Jul 2019 20:49:35 -0000 1.5
+++ Makefile 10 Nov 2019 09:26:16 -0000
@@ -2,25 +2,22 @@
 # separate port for Qt5 because it's too different from Qt4 case
 COMMENT = Qt Cryptographic Architecture
 
-V = 2.1.3
+V = 2.2.1
 DISTNAME = qca-${V}
 PKGNAME = qca-qt5-${V}
 CATEGORIES = security
-REVISION = 2
 
-SHARED_LIBS = qca-qt5 0.0
+SHARED_LIBS = qca-qt5 0.1
 
 HOMEPAGE = https://userbase.kde.org/QCA
 
 # LGPLv2.1
 PERMIT_PACKAGE = Yes
 
-WANTLIB += Qt5Core c m pthread
-WANTLIB += ${COMPILER_LIBCXX}
-WANTLIB += crypto ssl
+WANTLIB += ${COMPILER_LIBCXX} Qt5Core c crypto m ssl
 
+MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/}
 EXTRACT_SUFX = .tar.xz
-MASTER_SITES = ${MASTER_SITE_KDE:=stable/qca/${V}/src/}
 
 MODULES = devel/cmake \
  x11/qt5
@@ -32,10 +29,13 @@ CONFIGURE_ARGS = -DCMAKE_INSTALL_PREFIX=
  -DQCA_MAN_INSTALL_DIR=${LOCALBASE}/man \
  -DQCA_BINARY_INSTALL_DIR=${PREFIX}/bin \
  -DQCA_FEATURE_INSTALL_DIR=${MODQT_LIBDIR}/mkspecs/features \
- -DBUILD_PLUGINS="ossl" \
- -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen:Bool=ON \
+ -DBUILD_PLUGINS="none" \
+ -DCMAKE_DISABLE_FIND_PACKAGE_Doxygen=ON \
  -DQCA_SUFFIX=qt5 \
  -Dqca_CERTSTORE=/etc/ssl/cert.pem \
- -DQT4_BUILD:Bool=OFF
+ -DQT4_BUILD=OFF
+
+# Enable plugins (qca checks for "yes")
+CONFIGURE_ARGS += -DWITH_ossl_PLUGIN=yes
 
 .include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/qca-qt5/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -u -p -r1.1.1.1 distinfo
--- distinfo 20 Jul 2017 18:34:41 -0000 1.1.1.1
+++ distinfo 10 Nov 2019 09:26:16 -0000
@@ -1,2 +1,2 @@
-SHA256 (qca-2.1.3.tar.xz) = AD/YajJCEFegOxioFo21LilAl4+dteu7agiIL4qx41M=
-SIZE (qca-2.1.3.tar.xz) = 686340
+SHA256 (qca-2.2.1.tar.xz) = 1xbS2OPtjZW72wYfAwgdfQMiBvdGowpNKdchlvUOewI=
+SIZE (qca-2.2.1.tar.xz) = 691676
Index: patches/patch-plugins_qca-botan_CMakeLists_txt
===================================================================
RCS file: patches/patch-plugins_qca-botan_CMakeLists_txt
diff -N patches/patch-plugins_qca-botan_CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-plugins_qca-botan_CMakeLists_txt 10 Nov 2019 09:26:16 -0000
@@ -0,0 +1,15 @@
+$OpenBSD$
+
+Fix qca-botan linking.
+
+Index: plugins/qca-botan/CMakeLists.txt
+--- plugins/qca-botan/CMakeLists.txt.orig
++++ plugins/qca-botan/CMakeLists.txt
+@@ -16,6 +16,7 @@ if(BOTAN_FOUND)
+     set_property(TARGET qca-botan  PROPERTY SUFFIX ".dylib")
+   endif()
+
++  target_link_directories(qca-botan PRIVATE ${BOTAN_LIBRARY_DIRS})
+   target_link_libraries(qca-botan ${QT_QTCORE_LIBRARY} ${QCA_LIB_NAME} ${BOTAN_LIBRARIES})
+
+   if(NOT DEVELOPER_MODE)
Index: patches/patch-plugins_qca-ossl_ossl110-compat_h
===================================================================
RCS file: patches/patch-plugins_qca-ossl_ossl110-compat_h
diff -N patches/patch-plugins_qca-ossl_ossl110-compat_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-plugins_qca-ossl_ossl110-compat_h 10 Nov 2019 09:26:16 -0000
@@ -0,0 +1,30 @@
+$OpenBSD$
+
+LibreSSL 3.0.x support from Stefan Strogin <[hidden email]>
+
+Index: plugins/qca-ossl/ossl110-compat.h
+--- plugins/qca-ossl/ossl110-compat.h.orig
++++ plugins/qca-ossl/ossl110-compat.h
+@@ -205,22 +205,6 @@ static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int
+     return 1;
+ }
+
+-static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m,
+-    unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
+-{
+-    if (!meth) return 0;
+-    meth->rsa_sign = sign;
+-    return 1;
+-}
+-
+-static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m,
+-    unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa))
+-{
+-    if (!meth) return 0;
+-    meth->rsa_verify = verify;
+-    return 1;
+-}
+-
+ static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+ {
+     if (!meth) return 0;
Index: patches/patch-plugins_qca-ossl_qca-ossl_cpp
===================================================================
RCS file: patches/patch-plugins_qca-ossl_qca-ossl_cpp
diff -N patches/patch-plugins_qca-ossl_qca-ossl_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-plugins_qca-ossl_qca-ossl_cpp 10 Nov 2019 09:26:16 -0000
@@ -0,0 +1,40 @@
+$OpenBSD$
+
+LibreSSL 3.0.x support from Stefan Strogin <[hidden email]>
+
+Index: plugins/qca-ossl/qca-ossl.cpp
+--- plugins/qca-ossl/qca-ossl.cpp.orig
++++ plugins/qca-ossl/qca-ossl.cpp
+@@ -62,12 +62,12 @@
+ #endif
+
+ // OpenSSL 1.1.0 compatibility macros
+-#ifdef OSSL_110
++#if defined(OSSL_110) && !defined(LIBRESSL_VERSION_NUMBER)
+ #define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
+ #define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
+ #endif
+
+-#ifdef OSSL_110
++#if defined(OSSL_110) && !defined(LIBRESSL_VERSION_NUMBER)
+ #include <openssl/kdf.h>
+ #endif
+
+@@ -1280,7 +1280,7 @@ class opensslPbkdf2Context : public KDFContext (public
+ protected:
+ };
+
+-#ifdef OSSL_110
++#if defined(OSSL_110) && !defined(LIBRESSL_VERSION_NUMBER)
+ class opensslHkdfContext : public HKDFContext
+ {
+ public:
+@@ -7489,7 +7489,7 @@ class opensslProvider : public Provider (public)
+ #endif
+ else if ( type == "pbkdf2(sha1)" )
+ return new opensslPbkdf2Context( this, type );
+-#ifdef OSSL_110
++#if defined(OSSL_110) && !defined(LIBRESSL_VERSION_NUMBER)
+ else if ( type == "hkdf(sha256)" )
+ return new opensslHkdfContext( this, type );
+ #endif

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: security/qca-qt5

Landry Breuil-5
On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote:

> Please find below a simple update to the latest stable version of QCA.
> LibreSSL patches from Gentoo developer Stefan Strogin from here:
> https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241
> "Trusted source" -- tb@
>
> I also added a patch from FreeBSD to fix linking botan. (Tested but botan
> is disabled for now). Other notable changes:
>
> - Only new exports added so bump minor.
> - Cleanup WANTLIB
> - Fix MASTER_SITE URL
> - Cleanup plugin configuration
>
> Tested with net/konversation and #freenode via SSL.

blows for me - does it need a newer version of libressl ?
or requires openssl from ports ?

/usr/obj/ports/qca-qt5-2.2.1/bin/c++  -DHAVE_OPENSSL_AES_CCM -DHAVE_OPENSSL_AES_CTR -DHAVE_OPENSSL_AES_GCM -DQCA_SYSTEMSTORE_PATH=\"/etc/ssl/cert.pem\" -DQT_CORE_LIB -DQT_DISABLE_DEPRECATED_BEFORE=0 -DQT_NO_DEBUG -Dqca_ossl_EXPORTS -Iplugins/qca-ossl -I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl -I/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/include/QtCrypto -I. -I/usr/local/include/X11/qt5/QtNetwork -isystem /usr/local/include/X11/qt5 -isystem /usr/local/include/X11/qt5/QtCore -isystem /usr/local/lib/qt5/./mkspecs/openbsd-clang -O2 -pipe -DNDEBUG -fPIC   -fPIC -MD -MT plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -MF plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o.d -o plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -c /usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp
/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:66:9: warning: 'M_ASN1_IA5STRING_new' macro redefined [-Wmacro-redefined]
#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
        ^
/usr/include/openssl/asn1.h:575:9: note: previous definition is here
#define M_ASN1_IA5STRING_new ASN1_IA5STRING_new
        ^
/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:67:9: warning: 'RSA_F_RSA_EAY_PRIVATE_DECRYPT' macro redefined [-Wmacro-redefined]
#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
        ^
/usr/include/openssl/rsa.h:581:9: note: previous definition is here
#define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
        ^
/usr/obj/ports/qca-qt5-2.2.1/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:71:10: fatal error: 'openssl/kdf.h' file not found
#include <openssl/kdf.h>

Reply | Threaded
Open this post in threaded view
|

Re: UPDATE: security/qca-qt5

Landry Breuil-5
On Sun, Nov 10, 2019 at 11:07:51AM +0100, Landry Breuil wrote:

> On Sun, Nov 10, 2019 at 10:37:40AM +0100, Rafael Sadowski wrote:
> > Please find below a simple update to the latest stable version of QCA.
> > LibreSSL patches from Gentoo developer Stefan Strogin from here:
> > https://github.com/gentoo/libressl/commit/3e69b18db758fe808a7bcdf339504c80a84cb241
> > "Trusted source" -- tb@
> >
> > I also added a patch from FreeBSD to fix linking botan. (Tested but botan
> > is disabled for now). Other notable changes:
> >
> > - Only new exports added so bump minor.
> > - Cleanup WANTLIB
> > - Fix MASTER_SITE URL
> > - Cleanup plugin configuration
> >
> > Tested with net/konversation and #freenode via SSL.
>
> blows for me - does it need a newer version of libressl ?
> or requires openssl from ports ?

builds much better once i correctly apply the patches. Now testbuilding
qgis against it...