svn commit: r417968 - in head/devel/qca: . files

Bernard Spil brnrd at FreeBSD.org
Sun Jul 3 12:10:20 UTC 2016 

Author: brnrd
Date: Sun Jul  3 12:10:18 2016
New Revision: 417968
URL: https://svnweb.freebsd.org/changeset/ports/417968

Log:
  devel/qca: Fix building without SSLv3 and SHA-0
  
    - Add 2 patches from upstream project
      - Fix building when libssl does not have SSLv3
      - Fix building when libcrypto does not have SHA-0
    - Replace USE_OPENSSL with USES= ssl
    - Rework files/patch-libressl with `make makepatch`
  
  Tested with devel/qca and devel/qca-qt5
  
  PR:		210053
  Approved by:	Maintainer time-out
  Obtained from:	KDE
  Differential Revision:	D6885

Added:
  head/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt   (contents, props changed)
  head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
     - copied, changed from r417960, head/devel/qca/files/patch-libressl
Deleted:
  head/devel/qca/files/patch-libressl
Modified:
  head/devel/qca/Makefile

Modified: head/devel/qca/Makefile
==============================================================================
--- head/devel/qca/Makefile	Sun Jul  3 11:29:57 2016	(r417967)
+++ head/devel/qca/Makefile	Sun Jul  3 12:10:18 2016	(r417968)
@@ -38,7 +38,7 @@ GNUPG_CMAKE_ON=		-DWITH_gnupg_PLUGIN=yes
 GNUPG_RUN_DEPENDS=	gpg2:security/gnupg
 
 OPENSSL_CMAKE_ON=	-DWITH_ossl_PLUGIN=yes
-OPENSSL_USE=		OPENSSL=yes
+OPENSSL_USES=		ssl
 
 SASL_CMAKE_ON=		-DWITH_cyrus-sasl_PLUGIN=yes
 SASL_LIB_DEPENDS=	libsasl2.so:security/cyrus-sasl2

Added: head/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/devel/qca/files/patch-plugins_qca-ossl_CMakeLists.txt	Sun Jul  3 12:10:18 2016	(r417968)
@@ -0,0 +1,28 @@
+qca-ossl: Fix build without support for SHA-0 
+https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156
+
+LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha 
+anymore. 
+Wikipedia says about SHA-0: "160-bit hash function published in 1993 
+under the name SHA. It was withdrawn shortly after publication due to 
+an undisclosed "significant flaw" and replaced by the slightly revised 
+version SHA-1.' 
+
+REVIEW: 125387 
+
+--- plugins/qca-ossl/CMakeLists.txt.orig
++++ plugins/qca-ossl/CMakeLists.txt
+@@ -24,6 +24,13 @@
+   else(HAVE_OPENSSL_AES_CTR)
+     message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
+   endif(HAVE_OPENSSL_AES_CTR)
++
++  check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
++  if(HAVE_OPENSSL_SHA0)
++    add_definitions(-DHAVE_OPENSSL_SHA0)
++  else(HAVE_OPENSSL_SHA0)
++    message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
++  endif(HAVE_OPENSSL_SHA0)
+ 
+   set(QCA_OSSL_SOURCES qca-ossl.cpp)
+ 

Copied and modified: head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp (from r417960, head/devel/qca/files/patch-libressl)
==============================================================================
--- head/devel/qca/files/patch-libressl	Sun Jul  3 08:15:25 2016	(r417960, copy source)
+++ head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp	Sun Jul  3 12:10:18 2016	(r417968)
@@ -1,15 +1,46 @@
---- plugins/qca-ossl/qca-ossl.cpp.orig	2015-10-02 09:39:21 UTC
+qca-ossl: Fix build without SSLv3 
+http://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232
+
+This fixes building with LibreSSL >= 2.3.0 which has removed support 
+for SSLv3 completely. As far as I know OpenSSL can be configured to 
+build without it, so it might be helpful there as well. 
+
+REVIEW: 125386 
+
+qca-ossl: Fix build without support for SHA-0 
+https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156
+
+LibreSSL >= 2.3.0 removed support for SHA-0, so there's no EVP_sha 
+anymore. 
+Wikipedia says about SHA-0: "160-bit hash function published in 1993 
+under the name SHA. It was withdrawn shortly after publication due to 
+an undisclosed "significant flaw" and replaced by the slightly revised 
+version SHA-1.' 
+
+REVIEW: 125387 
+
+--- plugins/qca-ossl/qca-ossl.cpp.orig	2016-07-03 11:34:48 UTC
 +++ plugins/qca-ossl/qca-ossl.cpp
-@@ -5805,7 +5805,11 @@ public:
- 	{
- 		SessionInfo sessInfo;
- 
--		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
-+#ifndef OPENSSL_NO_COMP
-+		sessInfo.isCompressed = (0 != ssl->session->compress_meth);
-+#else
-+		sessInfo.isCompressed = 0;
+@@ -5403,9 +5403,11 @@
+ 			ctx = SSL_CTX_new(SSLv2_client_method());
+ 			break;
+ #endif
++#ifndef OPENSSL_NO_SSL3_METHOD
+ 		case TLS::SSL_v3:
+ 			ctx = SSL_CTX_new(SSLv3_client_method());
+ 			break;
 +#endif
- 
- 		if (ssl->version == TLS1_VERSION)
- 			sessInfo.version = TLS::TLS_v1;
+ 		case TLS::TLS_v1:
+ 			ctx = SSL_CTX_new(TLSv1_client_method());
+ 			break;
+@@ -7135,8 +7135,10 @@
+ 			return new opensslInfoContext(this);
+ 		else if ( type == "sha1" )
+ 			return new opensslHashContext( EVP_sha1(), this, type);
++#ifdef HAVE_OPENSSL_SHA0
+ 		else if ( type == "sha0" )
+ 			return new opensslHashContext( EVP_sha(), this, type);
++#endif
+ 		else if ( type == "ripemd160" )
+ 			return new opensslHashContext( EVP_ripemd160(), this, type);
+ #ifdef HAVE_OPENSSL_MD2

More information about the svn-ports-all mailing list