unbreak tls in Qt4

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

unbreak tls in Qt4

Theo Buehler-3
The SSL/TLS support in Qt4 was broken during the notBefore/notAfter
reshuffling way back in August last year. You'd get an error such as

[21:54:10] W:QSslSocket: cannot call unresolved function X509_getm_notBefore
Segmentation fault (core dumped)

No one complained until rsadowski showed it to me here in Bucharest.
Once this has seen more testing it should probably land in -stable,
I would appreciate some help with that.

Index: Makefile
===================================================================
RCS file: /var/cvs/ports/x11/qt4/Makefile,v
retrieving revision 1.158
diff -u -p -r1.158 Makefile
--- Makefile 12 Jul 2019 20:51:20 -0000 1.158
+++ Makefile 11 Nov 2019 21:40:26 -0000
@@ -25,14 +25,14 @@ PKGNAME-main = qt4-${PKGVERSION}
 PKGNAME-debug = qt4-debug-${PKGVERSION}
 FULLPKGNAME-html = qt4-html-${PKGVERSION}
 FULLPKGPATH-html = ${BASE_PKGPATH},-html
-REVISION-main = 19
-REVISION-mysql = 6
-REVISION-postgresql = 6
-REVISION-sqlite2 = 6
-REVISION-tds = 6
+REVISION-main = 20
+REVISION-mysql = 7
+REVISION-postgresql = 7
+REVISION-sqlite2 = 7
+REVISION-tds = 7
 REVISION-debug = 3
-REVISION-examples = 7
-REVISION-html = 3
+REVISION-examples = 8
+REVISION-html = 4
 
 # XXX qmake include parser is bogus
 DPB_PROPERTIES = parallel nojunk
Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
===================================================================
RCS file: /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v
retrieving revision 1.1
diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
--- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 27 Aug 2018 03:54:57 -0000 1.1
+++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 11 Nov 2019 20:07:24 -0000
@@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock
 Index: src/network/ssl/qsslsocket_openssl_symbols_p.h
 --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig
 +++ src/network/ssl/qsslsocket_openssl_symbols_p.h
-@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
+@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a);
+ void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
+ X509_NAME *q_X509_get_issuer_name(X509 *a);
+ X509_NAME *q_X509_get_subject_name(X509 *a);
++ASN1_TIME *q_X509_getm_notBefore(const X509 *x);
++ASN1_TIME *q_X509_getm_notAfter(const X509 *x);
+ int q_X509_verify_cert(X509_STORE_CTX *ctx);
+ int q_X509_NAME_entry_count(X509_NAME *a);
+ X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
+@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
  #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
  #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
          q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
 -#define q_X509_get_notAfter(x) X509_get_notAfter(x)
 -#define q_X509_get_notBefore(x) X509_get_notBefore(x)
-+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x)
-+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x)
++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x)
++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x)
  #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
  (char *)(rsa))
  #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\

Reply | Threaded
Open this post in threaded view
|

Re: unbreak tls in Qt4

Rafael Sadowski
Yeah, the issue is gone. Tested with net/psi. Thanks for taking care of
it. One commit below.

On Mon Nov 11, 2019 at 11:47:12PM +0200, Theo Buehler wrote:

> The SSL/TLS support in Qt4 was broken during the notBefore/notAfter
> reshuffling way back in August last year. You'd get an error such as
>
> [21:54:10] W:QSslSocket: cannot call unresolved function X509_getm_notBefore
> Segmentation fault (core dumped)
>
> No one complained until rsadowski showed it to me here in Bucharest.
> Once this has seen more testing it should probably land in -stable,
> I would appreciate some help with that.
>
> Index: Makefile
> ===================================================================
> RCS file: /var/cvs/ports/x11/qt4/Makefile,v
> retrieving revision 1.158
> diff -u -p -r1.158 Makefile
> --- Makefile 12 Jul 2019 20:51:20 -0000 1.158
> +++ Makefile 11 Nov 2019 21:40:26 -0000
> @@ -25,14 +25,14 @@ PKGNAME-main = qt4-${PKGVERSION}
>  PKGNAME-debug = qt4-debug-${PKGVERSION}
>  FULLPKGNAME-html = qt4-html-${PKGVERSION}
>  FULLPKGPATH-html = ${BASE_PKGPATH},-html
> -REVISION-main = 19
> -REVISION-mysql = 6
> -REVISION-postgresql = 6
> -REVISION-sqlite2 = 6
> -REVISION-tds = 6
> +REVISION-main = 20
> +REVISION-mysql = 7
> +REVISION-postgresql = 7
> +REVISION-sqlite2 = 7
> +REVISION-tds = 7
>  REVISION-debug = 3
> -REVISION-examples = 7
> -REVISION-html = 3
> +REVISION-examples = 8
> +REVISION-html = 4

The diff is part of qtnetwork which is part of -main, so we just need
the bump -main. With this, OK rsadowski@

Thanks!

>  
>  # XXX qmake include parser is bogus
>  DPB_PROPERTIES = parallel nojunk
> Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
> ===================================================================
> RCS file: /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
> --- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 27 Aug 2018 03:54:57 -0000 1.1
> +++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 11 Nov 2019 20:07:24 -0000
> @@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock
>  Index: src/network/ssl/qsslsocket_openssl_symbols_p.h
>  --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig
>  +++ src/network/ssl/qsslsocket_openssl_symbols_p.h
> -@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
> +@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a);
> + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
> + X509_NAME *q_X509_get_issuer_name(X509 *a);
> + X509_NAME *q_X509_get_subject_name(X509 *a);
> ++ASN1_TIME *q_X509_getm_notBefore(const X509 *x);
> ++ASN1_TIME *q_X509_getm_notAfter(const X509 *x);
> + int q_X509_verify_cert(X509_STORE_CTX *ctx);
> + int q_X509_NAME_entry_count(X509_NAME *a);
> + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
> +@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
>   #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
>   #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
>           q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
>  -#define q_X509_get_notAfter(x) X509_get_notAfter(x)
>  -#define q_X509_get_notBefore(x) X509_get_notBefore(x)
> -+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x)
> -+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x)
> ++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x)
> ++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x)
>   #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
>   (char *)(rsa))
>   #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\

Reply | Threaded
Open this post in threaded view
|

Re: unbreak tls in Qt4

Jeremie Courreges-Anglas-2
On Tue, Nov 12 2019, Rafael Sadowski <[hidden email]> wrote:

> Yeah, the issue is gone. Tested with net/psi. Thanks for taking care of
> it. One commit below.
>
> On Mon Nov 11, 2019 at 11:47:12PM +0200, Theo Buehler wrote:
>> The SSL/TLS support in Qt4 was broken during the notBefore/notAfter
>> reshuffling way back in August last year. You'd get an error such as
>>
>> [21:54:10] W:QSslSocket: cannot call unresolved function X509_getm_notBefore
>> Segmentation fault (core dumped)
>>
>> No one complained until rsadowski showed it to me here in Bucharest.
>> Once this has seen more testing it should probably land in -stable,
>> I would appreciate some help with that.
>>
>> Index: Makefile
>> ===================================================================
>> RCS file: /var/cvs/ports/x11/qt4/Makefile,v
>> retrieving revision 1.158
>> diff -u -p -r1.158 Makefile
>> --- Makefile 12 Jul 2019 20:51:20 -0000 1.158
>> +++ Makefile 11 Nov 2019 21:40:26 -0000
>> @@ -25,14 +25,14 @@ PKGNAME-main = qt4-${PKGVERSION}
>>  PKGNAME-debug = qt4-debug-${PKGVERSION}
>>  FULLPKGNAME-html = qt4-html-${PKGVERSION}
>>  FULLPKGPATH-html = ${BASE_PKGPATH},-html
>> -REVISION-main = 19
>> -REVISION-mysql = 6
>> -REVISION-postgresql = 6
>> -REVISION-sqlite2 = 6
>> -REVISION-tds = 6
>> +REVISION-main = 20
>> +REVISION-mysql = 7
>> +REVISION-postgresql = 7
>> +REVISION-sqlite2 = 7
>> +REVISION-tds = 7
>>  REVISION-debug = 3
>> -REVISION-examples = 7
>> -REVISION-html = 3
>> +REVISION-examples = 8
>> +REVISION-html = 4
>
> The diff is part of qtnetwork which is part of -main, so we just need
> the bump -main. With this, OK rsadowski@

Makes sense to me, ok jca@

--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: unbreak tls in Qt4

Stuart Henderson
In reply to this post by Rafael Sadowski
On 2019/11/12 10:37, Rafael Sadowski wrote:
>
> The diff is part of qtnetwork which is part of -main, so we just need
> the bump -main. With this, OK rsadowski@

As long as you are certain nothing else pulls in this header.
(If in doubt, bump)


> Thanks!
>
> >  
> >  # XXX qmake include parser is bogus
> >  DPB_PROPERTIES = parallel nojunk
> > Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
> > ===================================================================
> > RCS file: /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v
> > retrieving revision 1.1
> > diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
> > --- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 27 Aug 2018 03:54:57 -0000 1.1
> > +++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 11 Nov 2019 20:07:24 -0000
> > @@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock
> >  Index: src/network/ssl/qsslsocket_openssl_symbols_p.h
> >  --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig
> >  +++ src/network/ssl/qsslsocket_openssl_symbols_p.h
> > -@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
> > +@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a);
> > + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
> > + X509_NAME *q_X509_get_issuer_name(X509 *a);
> > + X509_NAME *q_X509_get_subject_name(X509 *a);
> > ++ASN1_TIME *q_X509_getm_notBefore(const X509 *x);
> > ++ASN1_TIME *q_X509_getm_notAfter(const X509 *x);
> > + int q_X509_verify_cert(X509_STORE_CTX *ctx);
> > + int q_X509_NAME_entry_count(X509_NAME *a);
> > + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
> > +@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
> >   #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
> >   #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
> >           q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
> >  -#define q_X509_get_notAfter(x) X509_get_notAfter(x)
> >  -#define q_X509_get_notBefore(x) X509_get_notBefore(x)
> > -+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x)
> > -+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x)
> > ++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x)
> > ++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x)
> >   #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
> >   (char *)(rsa))
> >   #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
>

Reply | Threaded
Open this post in threaded view
|

Re: unbreak tls in Qt4

Theo Buehler-5
On Wed, Nov 13, 2019 at 12:14:38PM +0000, Stuart Henderson wrote:
> On 2019/11/12 10:37, Rafael Sadowski wrote:
> >
> > The diff is part of qtnetwork which is part of -main, so we just need
> > the bump -main. With this, OK rsadowski@
>
> As long as you are certain nothing else pulls in this header.
> (If in doubt, bump)

I think we're good with just a bump of -main. It's a private header of
qtnetwork and there are no occurrences of the string qsslsocket_openssl
outside of it (except from translations and the changelog):

$ ag -l qsslsocket_openssl /usr/ports/pobj/qt4-4.8.7/qt-everywhere-opensource-src-4.8.7
include/QtNetwork/headers.pri
include/QtNetwork/private/qsslsocket_openssl_symbols_p.h
include/QtNetwork/private/qsslsocket_openssl_p.h
translations/qt_sv.ts
translations/qt_da.ts
translations/qt_hu.ts
translations/qt_zh_CN.ts
translations/qt_pt.ts
translations/qt_zh_TW.ts
translations/qt_es.ts
src/network/ssl/qsslcertificate.cpp
src/network/ssl/qsslsocket_openssl.cpp
src/network/ssl/qsslsocket_openssl_symbols_p.h
src/network/ssl/ssl.pri
src/network/ssl/qsslkey.cpp
src/network/ssl/qsslsocket_openssl_symbols.cpp
src/network/ssl/qsslsocket.cpp
src/network/ssl/qsslsocket_openssl_p.h
changes-4.8.7

>
>
> > Thanks!
> >
> > >  
> > >  # XXX qmake include parser is bogus
> > >  DPB_PROPERTIES = parallel nojunk
> > > Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
> > > ===================================================================
> > > RCS file: /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v
> > > retrieving revision 1.1
> > > diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h
> > > --- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 27 Aug 2018 03:54:57 -0000 1.1
> > > +++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 11 Nov 2019 20:07:24 -0000
> > > @@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock
> > >  Index: src/network/ssl/qsslsocket_openssl_symbols_p.h
> > >  --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig
> > >  +++ src/network/ssl/qsslsocket_openssl_symbols_p.h
> > > -@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
> > > +@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a);
> > > + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d);
> > > + X509_NAME *q_X509_get_issuer_name(X509 *a);
> > > + X509_NAME *q_X509_get_subject_name(X509 *a);
> > > ++ASN1_TIME *q_X509_getm_notBefore(const X509 *x);
> > > ++ASN1_TIME *q_X509_getm_notAfter(const X509 *x);
> > > + int q_X509_verify_cert(X509_STORE_CTX *ctx);
> > > + int q_X509_NAME_entry_count(X509_NAME *a);
> > > + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b);
> > > +@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp,
> > >   #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
> > >   #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
> > >           q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
> > >  -#define q_X509_get_notAfter(x) X509_get_notAfter(x)
> > >  -#define q_X509_get_notBefore(x) X509_get_notBefore(x)
> > > -+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x)
> > > -+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x)
> > > ++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x)
> > > ++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x)
> > >   #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
> > >   (char *)(rsa))
> > >   #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
> >