Re: unbreak tls in Qt4
On Wed, Nov 13, 2019 at 12:14:38PM +, Stuart Henderson wrote: > On 2019/11/12 10:37, Rafael Sadowski wrote: > > > > The diff is part of qtnetwork which is part of -main, so we just need > > the bump -main. With this, OK rsadowski@ > > As long as you are certain nothing else pulls in this header. > (If in doubt, bump) I think we're good with just a bump of -main. It's a private header of qtnetwork and there are no occurrences of the string qsslsocket_openssl outside of it (except from translations and the changelog): $ ag -l qsslsocket_openssl /usr/ports/pobj/qt4-4.8.7/qt-everywhere-opensource-src-4.8.7 include/QtNetwork/headers.pri include/QtNetwork/private/qsslsocket_openssl_symbols_p.h include/QtNetwork/private/qsslsocket_openssl_p.h translations/qt_sv.ts translations/qt_da.ts translations/qt_hu.ts translations/qt_zh_CN.ts translations/qt_pt.ts translations/qt_zh_TW.ts translations/qt_es.ts src/network/ssl/qsslcertificate.cpp src/network/ssl/qsslsocket_openssl.cpp src/network/ssl/qsslsocket_openssl_symbols_p.h src/network/ssl/ssl.pri src/network/ssl/qsslkey.cpp src/network/ssl/qsslsocket_openssl_symbols.cpp src/network/ssl/qsslsocket.cpp src/network/ssl/qsslsocket_openssl_p.h changes-4.8.7 > > > > Thanks! > > > > > > > > # XXX qmake include parser is bogus > > > DPB_PROPERTIES = parallelnojunk > > > Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h > > > === > > > RCS file: > > > /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v > > > retrieving revision 1.1 > > > diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h > > > --- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 27 Aug > > > 2018 03:54:57 - 1.1 > > > +++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 11 Nov > > > 2019 20:07:24 - > > > @@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock > > > Index: src/network/ssl/qsslsocket_openssl_symbols_p.h > > > --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig > > > +++ src/network/ssl/qsslsocket_openssl_symbols_p.h > > > -@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char > > > **pp, > > > +@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a); > > > + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d); > > > + X509_NAME *q_X509_get_issuer_name(X509 *a); > > > + X509_NAME *q_X509_get_subject_name(X509 *a); > > > ++ASN1_TIME *q_X509_getm_notBefore(const X509 *x); > > > ++ASN1_TIME *q_X509_getm_notAfter(const X509 *x); > > > + int q_X509_verify_cert(X509_STORE_CTX *ctx); > > > + int q_X509_NAME_entry_count(X509_NAME *a); > > > + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); > > > +@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char > > > **pp, > > > #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), > > > (i)) > > > #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ > > > q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) > > > -#define q_X509_get_notAfter(x) X509_get_notAfter(x) > > > -#define q_X509_get_notBefore(x) X509_get_notBefore(x) > > > -+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x) > > > -+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x) > > > ++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x) > > > ++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x) > > > #define q_EVP_PKEY_assign_RSA(pkey,rsa) > > > q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ > > > (char *)(rsa)) > > > #define q_EVP_PKEY_assign_DSA(pkey,dsa) > > > q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ > >
Re: unbreak tls in Qt4
On 2019/11/12 10:37, Rafael Sadowski wrote: > > The diff is part of qtnetwork which is part of -main, so we just need > the bump -main. With this, OK rsadowski@ As long as you are certain nothing else pulls in this header. (If in doubt, bump) > Thanks! > > > > > # XXX qmake include parser is bogus > > DPB_PROPERTIES = parallelnojunk > > Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h > > === > > RCS file: > > /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v > > retrieving revision 1.1 > > diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h > > --- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h27 Aug > > 2018 03:54:57 - 1.1 > > +++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h11 Nov > > 2019 20:07:24 - > > @@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock > > Index: src/network/ssl/qsslsocket_openssl_symbols_p.h > > --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig > > +++ src/network/ssl/qsslsocket_openssl_symbols_p.h > > -@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, > > +@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a); > > + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d); > > + X509_NAME *q_X509_get_issuer_name(X509 *a); > > + X509_NAME *q_X509_get_subject_name(X509 *a); > > ++ASN1_TIME *q_X509_getm_notBefore(const X509 *x); > > ++ASN1_TIME *q_X509_getm_notAfter(const X509 *x); > > + int q_X509_verify_cert(X509_STORE_CTX *ctx); > > + int q_X509_NAME_entry_count(X509_NAME *a); > > + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); > > +@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, > > #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) > > #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ > > q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) > > -#define q_X509_get_notAfter(x) X509_get_notAfter(x) > > -#define q_X509_get_notBefore(x) X509_get_notBefore(x) > > -+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x) > > -+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x) > > ++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x) > > ++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x) > > #define q_EVP_PKEY_assign_RSA(pkey,rsa) > > q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ > > (char *)(rsa)) > > #define q_EVP_PKEY_assign_DSA(pkey,dsa) > > q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ >
Re: unbreak tls in Qt4
On Tue, Nov 12 2019, Rafael Sadowski wrote: > Yeah, the issue is gone. Tested with net/psi. Thanks for taking care of > it. One commit below. > > On Mon Nov 11, 2019 at 11:47:12PM +0200, Theo Buehler wrote: >> The SSL/TLS support in Qt4 was broken during the notBefore/notAfter >> reshuffling way back in August last year. You'd get an error such as >> >> [21:54:10] W:QSslSocket: cannot call unresolved function X509_getm_notBefore >> Segmentation fault (core dumped) >> >> No one complained until rsadowski showed it to me here in Bucharest. >> Once this has seen more testing it should probably land in -stable, >> I would appreciate some help with that. >> >> Index: Makefile >> === >> RCS file: /var/cvs/ports/x11/qt4/Makefile,v >> retrieving revision 1.158 >> diff -u -p -r1.158 Makefile >> --- Makefile 12 Jul 2019 20:51:20 - 1.158 >> +++ Makefile 11 Nov 2019 21:40:26 - >> @@ -25,14 +25,14 @@ PKGNAME-main = qt4-${PKGVERSION} >> PKGNAME-debug = qt4-debug-${PKGVERSION} >> FULLPKGNAME-html = qt4-html-${PKGVERSION} >> FULLPKGPATH-html = ${BASE_PKGPATH},-html >> -REVISION-main = 19 >> -REVISION-mysql =6 >> -REVISION-postgresql = 6 >> -REVISION-sqlite2 = 6 >> -REVISION-tds = 6 >> +REVISION-main = 20 >> +REVISION-mysql =7 >> +REVISION-postgresql = 7 >> +REVISION-sqlite2 = 7 >> +REVISION-tds = 7 >> REVISION-debug =3 >> -REVISION-examples = 7 >> -REVISION-html = 3 >> +REVISION-examples = 8 >> +REVISION-html = 4 > > The diff is part of qtnetwork which is part of -main, so we just need > the bump -main. With this, OK rsadowski@ Makes sense to me, ok jca@ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: unbreak tls in Qt4
Yeah, the issue is gone. Tested with net/psi. Thanks for taking care of it. One commit below. On Mon Nov 11, 2019 at 11:47:12PM +0200, Theo Buehler wrote: > The SSL/TLS support in Qt4 was broken during the notBefore/notAfter > reshuffling way back in August last year. You'd get an error such as > > [21:54:10] W:QSslSocket: cannot call unresolved function X509_getm_notBefore > Segmentation fault (core dumped) > > No one complained until rsadowski showed it to me here in Bucharest. > Once this has seen more testing it should probably land in -stable, > I would appreciate some help with that. > > Index: Makefile > === > RCS file: /var/cvs/ports/x11/qt4/Makefile,v > retrieving revision 1.158 > diff -u -p -r1.158 Makefile > --- Makefile 12 Jul 2019 20:51:20 - 1.158 > +++ Makefile 11 Nov 2019 21:40:26 - > @@ -25,14 +25,14 @@ PKGNAME-main =qt4-${PKGVERSION} > PKGNAME-debug = qt4-debug-${PKGVERSION} > FULLPKGNAME-html = qt4-html-${PKGVERSION} > FULLPKGPATH-html = ${BASE_PKGPATH},-html > -REVISION-main = 19 > -REVISION-mysql = 6 > -REVISION-postgresql =6 > -REVISION-sqlite2 = 6 > -REVISION-tds = 6 > +REVISION-main = 20 > +REVISION-mysql = 7 > +REVISION-postgresql =7 > +REVISION-sqlite2 = 7 > +REVISION-tds = 7 > REVISION-debug = 3 > -REVISION-examples = 7 > -REVISION-html = 3 > +REVISION-examples = 8 > +REVISION-html = 4 The diff is part of qtnetwork which is part of -main, so we just need the bump -main. With this, OK rsadowski@ Thanks! > > # XXX qmake include parser is bogus > DPB_PROPERTIES = parallelnojunk > Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h > === > RCS file: > /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v > retrieving revision 1.1 > diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h > --- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 27 Aug > 2018 03:54:57 - 1.1 > +++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h 11 Nov > 2019 20:07:24 - > @@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock > Index: src/network/ssl/qsslsocket_openssl_symbols_p.h > --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig > +++ src/network/ssl/qsslsocket_openssl_symbols_p.h > -@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, > +@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a); > + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d); > + X509_NAME *q_X509_get_issuer_name(X509 *a); > + X509_NAME *q_X509_get_subject_name(X509 *a); > ++ASN1_TIME *q_X509_getm_notBefore(const X509 *x); > ++ASN1_TIME *q_X509_getm_notAfter(const X509 *x); > + int q_X509_verify_cert(X509_STORE_CTX *ctx); > + int q_X509_NAME_entry_count(X509_NAME *a); > + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); > +@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, > #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) > #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ > q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) > -#define q_X509_get_notAfter(x) X509_get_notAfter(x) > -#define q_X509_get_notBefore(x) X509_get_notBefore(x) > -+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x) > -+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x) > ++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x) > ++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x) > #define q_EVP_PKEY_assign_RSA(pkey,rsa) > q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ > (char *)(rsa)) > #define q_EVP_PKEY_assign_DSA(pkey,dsa) > q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
unbreak tls in Qt4
The SSL/TLS support in Qt4 was broken during the notBefore/notAfter reshuffling way back in August last year. You'd get an error such as [21:54:10] W:QSslSocket: cannot call unresolved function X509_getm_notBefore Segmentation fault (core dumped) No one complained until rsadowski showed it to me here in Bucharest. Once this has seen more testing it should probably land in -stable, I would appreciate some help with that. Index: Makefile === RCS file: /var/cvs/ports/x11/qt4/Makefile,v retrieving revision 1.158 diff -u -p -r1.158 Makefile --- Makefile12 Jul 2019 20:51:20 - 1.158 +++ Makefile11 Nov 2019 21:40:26 - @@ -25,14 +25,14 @@ PKGNAME-main = qt4-${PKGVERSION} PKGNAME-debug =qt4-debug-${PKGVERSION} FULLPKGNAME-html = qt4-html-${PKGVERSION} FULLPKGPATH-html = ${BASE_PKGPATH},-html -REVISION-main =19 -REVISION-mysql = 6 -REVISION-postgresql = 6 -REVISION-sqlite2 = 6 -REVISION-tds = 6 +REVISION-main =20 +REVISION-mysql = 7 +REVISION-postgresql = 7 +REVISION-sqlite2 = 7 +REVISION-tds = 7 REVISION-debug = 3 -REVISION-examples =7 -REVISION-html =3 +REVISION-examples =8 +REVISION-html =4 # XXX qmake include parser is bogus DPB_PROPERTIES = parallelnojunk Index: patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h === RCS file: /var/cvs/ports/x11/qt4/patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h,v retrieving revision 1.1 diff -u -p -r1.1 patch-src_network_ssl_qsslsocket_openssl_symbols_p_h --- patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h27 Aug 2018 03:54:57 - 1.1 +++ patches/patch-src_network_ssl_qsslsocket_openssl_symbols_p_h11 Nov 2019 20:07:24 - @@ -3,14 +3,23 @@ $OpenBSD: patch-src_network_ssl_qsslsock Index: src/network/ssl/qsslsocket_openssl_symbols_p.h --- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig +++ src/network/ssl/qsslsocket_openssl_symbols_p.h -@@ -410,8 +410,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, +@@ -360,6 +360,8 @@ int q_X509_get_ext_count(X509 *a); + void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d); + X509_NAME *q_X509_get_issuer_name(X509 *a); + X509_NAME *q_X509_get_subject_name(X509 *a); ++ASN1_TIME *q_X509_getm_notBefore(const X509 *x); ++ASN1_TIME *q_X509_getm_notAfter(const X509 *x); + int q_X509_verify_cert(X509_STORE_CTX *ctx); + int q_X509_NAME_entry_count(X509_NAME *a); + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); +@@ -410,8 +412,8 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) -#define q_X509_get_notAfter(x) X509_get_notAfter(x) -#define q_X509_get_notBefore(x) X509_get_notBefore(x) -+#define q_X509_getm_notAfter(x) X509_getm_notAfter(x) -+#define q_X509_getm_notBefore(x) X509_getm_notBefore(x) ++#define q_X509_getm_notAfter(x) q_X509_getm_notAfter(x) ++#define q_X509_getm_notBefore(x) q_X509_getm_notBefore(x) #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ (char *)(rsa)) #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\