Re: Qt 5.9 openssl problems on F26
On Aug 23, 2017 13:43, "Thiago Macieira" wrote: There's also a licensing component here. One cannot distribute GPLv2-only software linking to OpenSSL 1.1. Don't buy into the crazy FSF crap. It's bullshit, and it's just a bedtime story made up by the FSF to try to push their agenda and try to convince people that GPLv3 solves some problems. OpenSSL uses the Apache 2.0 license, and Apache is very clear that they consider it compatible with GPLv2. To quote the Apache people from *their* license page: "Despite our best efforts, the FSF has never considered the Apache License to be compatible with GPL version 2, citing the patent termination and indemnification provisions as restrictions not present in the older GPL license. The Apache Software Foundation believes that you should always try to obey the constraints expressed by the copyright holder when redistributing their work." That's basically saying that the Apache people are ok with the GPLv2 combination, and they are saying that you should listen to the copyright holder (which is not the FSF when it comes to subsurface). It's literally the FSF being crazy (not the first time) and trying to push their agenda (also not the first time). Note the " despite our best efforts" language. The Apache people gave up on the FSF. Linus ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Sunday, 6 August 2017 00:07:30 PDT Dirk Hohndel wrote: > While I don't even pretend to be a security expert, this is a topic that I > have quite some familiarity with. Yes, right now OpenSSL 1.0.2 (latest) is > still considered "as secure" as 1.1.0 latest. I can understand the Qt team > delaying this migration for 5.10 as it is quite painful. There's also a licensing component here. One cannot distribute GPLv2-only software linking to OpenSSL 1.1. Subsurface is GPLv2-only, isn't it? -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Sunday, 6 August 2017 18:42:24 PDT Linus Torvalds wrote: > On Sat, Aug 5, 2017 at 9:16 PM, Thiago Macieira wrote: > > Patch and diff links in > > http://code.qt.io/cgit/qt/qtbase.git/commit/? > > id=cfbe03a6e035ab3cce5f04962cddd06bd414dcea > > It doesn't really apply cleanly, but it's fixable, so I have 5.9 on F26 > working. dbb2374d20959472ca379a38c37774518eef5bfe, dc8bfab82eb051a516a4138e50f2d8de5095319e and f78a189da5d9e13a96a52b9d17cdc80df06ed8c8 also touch those same files and they appear between current 5.9 branch tip and the OpenSSL 1.1 commit above. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Sat, Aug 5, 2017 at 9:16 PM, Thiago Macieira wrote: > > Patch and diff links in > http://code.qt.io/cgit/qt/qtbase.git/commit/? > id=cfbe03a6e035ab3cce5f04962cddd06bd414dcea It doesn't really apply cleanly, but it's fixable, so I have 5.9 on F26 working. Linus ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
While I don't even pretend to be a security expert, this is a topic that I have quite some familiarity with. Yes, right now OpenSSL 1.0.2 (latest) is still considered "as secure" as 1.1.0 latest. I can understand the Qt team delaying this migration for 5.10 as it is quite painful. /D -- From my phone Original Message From: Thiago Macieira Sent: Sun Aug 06 05:26:04 GMT+01:00 2017 To: Linus Torvalds Cc: Subsurface Mailing List Subject: Re: Qt 5.9 openssl problems on F26 On Saturday, 5 August 2017 17:07:50 PDT Linus Torvalds wrote: > You don't use old versions of security software. It's that easy. Not done, > not acceptable, not a solution. To be clear: OpenSSL 1.0.2l was released on the very same day as 1.1.0f. Both branches are currently maintained. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Saturday, 5 August 2017 17:07:50 PDT Linus Torvalds wrote: > You don't use old versions of security software. It's that easy. Not done, > not acceptable, not a solution. To be clear: OpenSSL 1.0.2l was released on the very same day as 1.1.0f. Both branches are currently maintained. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Saturday, 5 August 2017 20:54:59 PDT Linus Torvalds wrote: > On Aug 5, 2017 20:48, "Thiago Macieira" wrote: > > From the Qt Project's point of view, it's a new feature, so it was added to > the devleopment branch. But it seems the patch is clean enough to be > backported if a Linux distribution wants it for its purposes. > > Christ, you people have some odd ideas about "new features". Like that > while "it compiles" thing. Small new feature, that. I agree on the "it compiles", but those at fault are the OpenSSL developers for suddenly breaking source compatibility with no grace period. See https://www.mail-archive.com/tech@openbsd.org/msg36437.html for someone else complaining about the same issue (no, not Theo). From Qt's point of view, it's a large refactoring of a central piece of technology. We couldn't add it to the stable release without further testing. Timing also didn't help: Qt 5.9 had already been feature frozen for almost two months when the patch was first uploaded (no idea when the author first began working on it). > Can you point me to the actual patch that is clean enough to backport? Lubomir sent the link, which includes all 63 iterations of the patch: https://codereview.qt-project.org/189399 Patch and diff links in http://code.qt.io/cgit/qt/qtbase.git/commit/? id=cfbe03a6e035ab3cce5f04962cddd06bd414dcea -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Aug 5, 2017 20:48, "Thiago Macieira" wrote: >From the Qt Project's point of view, it's a new feature, so it was added to the devleopment branch. But it seems the patch is clean enough to be backported if a Linux distribution wants it for its purposes. Christ, you people have some odd ideas about "new features". Like that while "it compiles" thing. Small new feature, that. Can you point me to the actual patch that is clean enough to backport? Linus ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Saturday, 5 August 2017 17:07:50 PDT Linus Torvalds wrote: > I did see some patches, and another big report that was allegedly closed > because of those patches, but they don't actually seem to be merged > although the bug report said they were upstream. I suspect that there is > some branch that worked at some point. They are, but in Qt 5.10. You're building 5.9.1. From the Qt Project's point of view, it's a new feature, so it was added to the devleopment branch. But it seems the patch is clean enough to be backported if a Linux distribution wants it for its purposes. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Saturday, 5 August 2017 15:40:01 PDT Linus Torvalds wrote: > Ok, I've worked around this by just using my old build, but it means > that ssl doesn't work, which in turn means that I can't actually do > the cloud access etc on my F26 desktop. > > So I'm tried of my old broken At-5.9 build, and would like to know how > to make a proper build against openssl-1.1.0, which is what F26 has. OpenSSL 1.1 is work in progress for Qt. You have to use 1.0. OpenSSL developers decided to break source compatibility and we haven't had time to adapt. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On Aug 5, 2017 16:44, "Lubomir I. Ivanov" wrote: this post suggests a solution; use older openssl - e.g. 1.0.2: Oh, I know about *that* solution, but that's just a bad joke. You don't use old versions of security software. It's that easy. Not done, not acceptable, not a solution. I did see some patches, and another big report that was allegedly closed because of those patches, but they don't actually seem to be merged although the bug report said they were upstream. I suspect that there is some branch that worked at some point. Linus ___ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
Re: Qt 5.9 openssl problems on F26
On 6 August 2017 at 01:40, Linus Torvalds wrote:
> Ok, I've worked around this by just using my old build, but it means
> that ssl doesn't work, which in turn means that I can't actually do
> the cloud access etc on my F26 desktop.
>
> So I'm tried of my old broken At-5.9 build, and would like to know how
> to make a proper build against openssl-1.1.0, which is what F26 has.
>
> I get complete failure with qtbase, which just doesn't build at all:
>
> ssl/qsslcertificate_openssl.cpp: In function ‘uint qHash(const
> QSslCertificate&, uint)’:
> ssl/qsslcertificate_openssl.cpp:69:30: error: invalid use of
> incomplete type ‘X509 {aka struct x509_st}’
> return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed);
>
> and a lot of other similar errors.
>
> Googling it finds a few Qt bug reports that are closed, but it's not
> clear *why* they were closed or what the fix to build against modern
> openssl headers actually is.
>
> This is all with a clean tree after a full re-configure. Current
> up-to-date qt5 (and yes, my qtbase tree matches what the qt5 top-level
> module says), followed by:
>
> perl init-repository -f --module-subset=default,qtwebkit
> ./configure -prefix $PWD/qtbase -opensource -nomake examples
> -nomake tests -confirm-license
>
> so I'm wondering what's up. I can't be the only one building Qt on
> F26. What's the magic to make it work?
>
this post suggests a solution; use older openssl - e.g. 1.0.2:
https://stackoverflow.com/a/35516953
looking at the source of openssl they made breaking changes in 1.1.0
and the X509 structs are now private.
so QtBase 5.9 won't work. support for openssl 1.1.0 should arrive in
Qt 5.10 with a "opensslv11" flag (?)...i read that somewhere.
related bugreport:
https://bugreports.qt.io/browse/QTBUG-52905
patches:
https://codereview.qt-project.org/#/c/189399/
lubomir
--
___
subsurface mailing list
subsurface@subsurface-divelog.org
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
