From efb85b9bff52947d9675fe7f8e89260154f35479 Mon Sep 17 00:00:00 2001 From: Kevin Kofler Date: Sun, 26 Mar 2017 18:52:22 +0200 Subject: [PATCH 01/44] Update to 5.8.0 - Really debootstrap :-P --- .gitignore | 1 + ...r-add-missing-out-of-line-destructor.patch | 45 --- qt5-qtbase-5.7.1-firebird.patch | 45 --- qt5-qtbase-5.7.1-libpng.patch | 33 -- qt5-qtbase-5.8-QTBUG-55583.patch | 38 -- qt5-qtbase-5.8-QTBUG-56140.patch | 48 --- qt5-qtbase-5.8.0-firebird.patch | 37 ++ qt5-qtbase.spec | 131 +++---- qtbase-hidpi_scale_at_192.patch | 9 +- qtbase-opensource-src-5.6.0-arm.patch | 13 - ...pensource-src-5.7.1-QT_VERSION_CHECK.patch | 12 - ...nsource-src-5.7.1-moc_system_defines.patch | 331 ------------------ ...pensource-src-5.8.0-QT_VERSION_CHECK.patch | 11 + sources | 2 +- 14 files changed, 125 insertions(+), 631 deletions(-) delete mode 100644 0053-QMimeXMLProvider-add-missing-out-of-line-destructor.patch delete mode 100644 qt5-qtbase-5.7.1-firebird.patch delete mode 100644 qt5-qtbase-5.7.1-libpng.patch delete mode 100644 qt5-qtbase-5.8-QTBUG-55583.patch delete mode 100644 qt5-qtbase-5.8-QTBUG-56140.patch create mode 100644 qt5-qtbase-5.8.0-firebird.patch delete mode 100644 qtbase-opensource-src-5.6.0-arm.patch delete mode 100644 qtbase-opensource-src-5.7.1-QT_VERSION_CHECK.patch delete mode 100644 qtbase-opensource-src-5.7.1-moc_system_defines.patch create mode 100644 qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch diff --git a/.gitignore b/.gitignore index 852757c..1ed676a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /qtbase-opensource-src-5.6.1.tar.xz /qtbase-opensource-src-5.7.0.tar.xz /qtbase-opensource-src-5.7.1.tar.xz +/qtbase-opensource-src-5.8.0.tar.xz diff --git a/0053-QMimeXMLProvider-add-missing-out-of-line-destructor.patch b/0053-QMimeXMLProvider-add-missing-out-of-line-destructor.patch deleted file mode 100644 index af69c01..0000000 --- a/0053-QMimeXMLProvider-add-missing-out-of-line-destructor.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 7740f5e98b2f3ab5d9c1f512d1a89e9e1b64434d Mon Sep 17 00:00:00 2001 -From: J-P Nurmi -Date: Thu, 13 Oct 2016 13:04:33 +0200 -Subject: [PATCH 053/233] QMimeXMLProvider: add missing out-of-line destructor - -Fixes build with the latest GCC 7. - -Change-Id: I4900a256ed1c6cb177d7f94d54e5b07c06ddad08 -Task-number: QTBUG-56514 -Reviewed-by: Marc Mutz ---- - src/corelib/mimetypes/qmimeprovider.cpp | 4 ++++ - src/corelib/mimetypes/qmimeprovider_p.h | 1 + - 2 files changed, 5 insertions(+) - -diff --git a/src/corelib/mimetypes/qmimeprovider.cpp b/src/corelib/mimetypes/qmimeprovider.cpp -index fbd14e2..aa8d8c9 100644 ---- a/src/corelib/mimetypes/qmimeprovider.cpp -+++ b/src/corelib/mimetypes/qmimeprovider.cpp -@@ -706,6 +706,10 @@ QMimeXMLProvider::QMimeXMLProvider(QMimeDatabasePrivate *db) - initResources(); - } - -+QMimeXMLProvider::~QMimeXMLProvider() -+{ -+} -+ - bool QMimeXMLProvider::isValid() - { - return true; -diff --git a/src/corelib/mimetypes/qmimeprovider_p.h b/src/corelib/mimetypes/qmimeprovider_p.h -index c0517d6..8eba71e 100644 ---- a/src/corelib/mimetypes/qmimeprovider_p.h -+++ b/src/corelib/mimetypes/qmimeprovider_p.h -@@ -132,6 +132,7 @@ class QMimeXMLProvider : public QMimeProviderBase - { - public: - QMimeXMLProvider(QMimeDatabasePrivate *db); -+ ~QMimeXMLProvider(); - - virtual bool isValid() Q_DECL_OVERRIDE; - virtual QMimeType mimeTypeForName(const QString &name) Q_DECL_OVERRIDE; --- -2.9.3 - diff --git a/qt5-qtbase-5.7.1-firebird.patch b/qt5-qtbase-5.7.1-firebird.patch deleted file mode 100644 index dec14a7..0000000 --- a/qt5-qtbase-5.7.1-firebird.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.cpp.than qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.cpp ---- qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.cpp.than 2016-11-28 11:53:02.621749003 -0500 -+++ qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.cpp 2016-11-28 11:53:17.072001489 -0500 -@@ -37,7 +37,7 @@ - ** - ****************************************************************************/ - --#include -+#include - - int main(int, char **) - { -diff -up qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.pro.than qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.pro ---- qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.pro.than 2016-11-29 08:00:35.270039482 -0500 -+++ qtbase-opensource-src-5.7.1/config.tests/unix/ibase/ibase.pro 2016-11-29 08:00:41.280142713 -0500 -@@ -1,3 +1,3 @@ - SOURCES = ibase.cpp - CONFIG -= qt dylib --LIBS += -lgds -+LIBS += -lfbclient -diff -up qtbase-opensource-src-5.7.1/src/plugins/sqldrivers/ibase/ibase.pro.than qtbase-opensource-src-5.7.1/src/plugins/sqldrivers/ibase/ibase.pro -diff -up qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase.pri.than qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase.pri ---- qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase.pri.than 2016-11-29 08:04:26.344004252 -0500 -+++ qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase.pri 2016-11-29 08:04:56.684523066 -0500 -@@ -2,7 +2,7 @@ HEADERS += $$PWD/qsql_ibase_p.h - SOURCES += $$PWD/qsql_ibase.cpp - - unix { -- !contains(LIBS, .*gds.*):!contains(LIBS, .*libfb.*):LIBS += -lgds -+ !contains(LIBS, .*gds.*):!contains(LIBS, .*libfb.*):LIBS += -lfbclient - } else { - !contains(LIBS, .*gds.*):!contains(LIBS, .*fbclient.*) { - LIBS += -lgds32_ms -diff -up qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase_p.h.than qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase_p.h ---- qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase_p.h.than 2016-11-29 08:27:25.917767879 -0500 -+++ qtbase-opensource-src-5.7.1/src/sql/drivers/ibase/qsql_ibase_p.h 2016-11-29 08:27:53.338244987 -0500 -@@ -52,7 +52,7 @@ - // - - #include --#include -+#include - - #ifdef QT_PLUGIN - #define Q_EXPORT_SQLDRIVER_IBASE diff --git a/qt5-qtbase-5.7.1-libpng.patch b/qt5-qtbase-5.7.1-libpng.patch deleted file mode 100644 index f479d1c..0000000 --- a/qt5-qtbase-5.7.1-libpng.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- qtbase-opensource-src-5.7.1/src/src.pro.orig 2016-10-05 19:33:26.000000000 +0200 -+++ qtbase-opensource-src-5.7.1/src/src.pro 2016-11-09 12:31:35.781935319 +0100 -@@ -135,8 +135,10 @@ - contains(QT_CONFIG, zlib)|cross_compile { - SUBDIRS += src_qtzlib - contains(QT_CONFIG, zlib) { -- src_3rdparty_libpng.depends += src_corelib -- src_3rdparty_freetype.depends += src_corelib -+ !contains(QT_CONFIG, system-png) { -+ src_3rdparty_libpng.depends += src_corelib -+ src_3rdparty_freetype.depends += src_corelib -+ } - } - } - SUBDIRS += src_tools_bootstrap src_tools_moc src_tools_rcc -@@ -167,10 +169,13 @@ - SUBDIRS += src_angle - src_gui.depends += src_angle - } -- contains(QT_CONFIG, png) { -- SUBDIRS += src_3rdparty_libpng -- src_3rdparty_freetype.depends += src_3rdparty_libpng -- src_gui.depends += src_3rdparty_libpng -+ -+ !contains(QT_CONFIG, system-png) { -+ contains(QT_CONFIG, png) { -+ SUBDIRS += src_3rdparty_libpng -+ src_3rdparty_freetype.depends += src_3rdparty_libpng -+ src_gui.depends += src_3rdparty_libpng -+ } - } - contains(QT_CONFIG, freetype) { - SUBDIRS += src_3rdparty_freetype diff --git a/qt5-qtbase-5.8-QTBUG-55583.patch b/qt5-qtbase-5.8-QTBUG-55583.patch deleted file mode 100644 index 67efee1..0000000 --- a/qt5-qtbase-5.8-QTBUG-55583.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 84ea00d47049d882f2fabf1446ec6c6eb5fe3038 Mon Sep 17 00:00:00 2001 -From: J-P Nurmi -Date: Tue, 6 Dec 2016 16:30:31 +0100 -Subject: [PATCH] QGtk3Dialog: don't crash on Wayland - -Check if it's an X11 window before calling XSetTransientForHint(). -No transient parent will be set for GTK+ dialogs on Wayland. That -has to be implemented separately. - -Task-number: QTBUG-55583 -Change-Id: Iabc2a72681c8157bb2f2fe500892853aa397106b -Reviewed-by: Dmitry Shachnev -Reviewed-by: Shawn Rutledge ---- - src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp b/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp -index ba5089a..699b058 100644 ---- a/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp -+++ b/src/plugins/platformthemes/gtk3/qgtk3dialoghelpers.cpp -@@ -135,10 +135,12 @@ bool QGtk3Dialog::show(Qt::WindowFlags flags, Qt::WindowModality modality, QWind - - GdkWindow *gdkWindow = gtk_widget_get_window(gtkWidget); - if (parent) { -- GdkDisplay *gdkDisplay = gdk_window_get_display(gdkWindow); -- XSetTransientForHint(gdk_x11_display_get_xdisplay(gdkDisplay), -- gdk_x11_window_get_xid(gdkWindow), -- parent->winId()); -+ if (GDK_IS_X11_WINDOW(gdkWindow)) { -+ GdkDisplay *gdkDisplay = gdk_window_get_display(gdkWindow); -+ XSetTransientForHint(gdk_x11_display_get_xdisplay(gdkDisplay), -+ gdk_x11_window_get_xid(gdkWindow), -+ parent->winId()); -+ } - } - - if (modality != Qt::NonModal) { diff --git a/qt5-qtbase-5.8-QTBUG-56140.patch b/qt5-qtbase-5.8-QTBUG-56140.patch deleted file mode 100644 index e3024f7..0000000 --- a/qt5-qtbase-5.8-QTBUG-56140.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up qtbase-opensource-src-5.7.1/src/plugins/platforms/eglfs/qeglfsdeviceintegration.cpp.0295 qtbase-opensource-src-5.7.1/src/plugins/platforms/eglfs/qeglfsdeviceintegration.cpp ---- qtbase-opensource-src-5.7.1/src/plugins/platforms/eglfs/qeglfsdeviceintegration.cpp.0295 2017-02-09 07:41:56.976681266 -0600 -+++ qtbase-opensource-src-5.7.1/src/plugins/platforms/eglfs/qeglfsdeviceintegration.cpp 2017-02-09 07:43:31.812667108 -0600 -@@ -222,7 +222,7 @@ QDpi QEGLDeviceIntegration::logicalDpi() - - qreal QEGLDeviceIntegration::pixelDensity() const - { -- return qRound(logicalDpi().first / qreal(100)); -+ return qMax(1, qRound(logicalDpi().first / qreal(100))); - } - - Qt::ScreenOrientation QEGLDeviceIntegration::nativeOrientation() const -diff -up qtbase-opensource-src-5.7.1/src/plugins/platforms/windows/qwindowsscreen.cpp.0295 qtbase-opensource-src-5.7.1/src/plugins/platforms/windows/qwindowsscreen.cpp ---- qtbase-opensource-src-5.7.1/src/plugins/platforms/windows/qwindowsscreen.cpp.0295 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/src/plugins/platforms/windows/qwindowsscreen.cpp 2017-02-09 07:41:56.976681266 -0600 -@@ -264,7 +264,7 @@ qreal QWindowsScreen::pixelDensity() con - // the pixel density since it is reflects the Windows UI scaling. - // High DPI auto scaling should be disabled when the user chooses - // small fonts on a High DPI monitor, resulting in lower logical DPI. -- return qRound(logicalDpi().first / 96); -+ return qMax(1, qRound(logicalDpi().first / 96)); - } - - /*! -diff -up qtbase-opensource-src-5.7.1/src/plugins/platforms/winrt/qwinrtscreen.cpp.0295 qtbase-opensource-src-5.7.1/src/plugins/platforms/winrt/qwinrtscreen.cpp ---- qtbase-opensource-src-5.7.1/src/plugins/platforms/winrt/qwinrtscreen.cpp.0295 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/src/plugins/platforms/winrt/qwinrtscreen.cpp 2017-02-09 07:41:56.976681266 -0600 -@@ -644,7 +644,7 @@ QDpi QWinRTScreen::logicalDpi() const - qreal QWinRTScreen::pixelDensity() const - { - Q_D(const QWinRTScreen); -- return qRound(d->logicalDpi / 96); -+ return qMax(1, qRound(d->logicalDpi / 96)); - } - - qreal QWinRTScreen::scaleFactor() const -diff -up qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp.0295 qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp ---- qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp.0295 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp 2017-02-09 07:41:56.977681276 -0600 -@@ -633,7 +633,7 @@ void QXcbScreen::updateGeometry(const QR - m_sizeMillimeters = sizeInMillimeters(xGeometry.size(), virtualDpi()); - - qreal dpi = xGeometry.width() / physicalSize().width() * qreal(25.4); -- m_pixelDensity = qRound(dpi/96); -+ m_pixelDensity = qMax(1, qRound(dpi/96)); - m_geometry = QRect(xGeometry.topLeft(), xGeometry.size()); - m_availableGeometry = xGeometry & m_virtualDesktop->workArea(); - QWindowSystemInterface::handleScreenGeometryChange(QPlatformScreen::screen(), m_geometry, m_availableGeometry); diff --git a/qt5-qtbase-5.8.0-firebird.patch b/qt5-qtbase-5.8.0-firebird.patch new file mode 100644 index 0000000..75c0861 --- /dev/null +++ b/qt5-qtbase-5.8.0-firebird.patch @@ -0,0 +1,37 @@ +diff -r -u a/config.tests/unix/ibase/ibase.cpp b/config.tests/unix/ibase/ibase.cpp +--- a/config.tests/unix/ibase/ibase.cpp 2017-01-18 15:20:58.000000000 +0100 ++++ b/config.tests/unix/ibase/ibase.cpp 2017-01-27 11:19:39.894994134 +0100 +@@ -37,7 +37,7 @@ + ** + ****************************************************************************/ + +-#include ++#include + + int main(int, char **) + { +diff -r -u a/src/plugins/sqldrivers/ibase/qsql_ibase_p.h b/src/plugins/sqldrivers/ibase/qsql_ibase_p.h +--- a/src/plugins/sqldrivers/ibase/qsql_ibase_p.h 2017-01-18 15:20:58.000000000 +0100 ++++ b/src/plugins/sqldrivers/ibase/qsql_ibase_p.h 2017-01-27 11:29:10.169983782 +0100 +@@ -52,7 +52,7 @@ + // + + #include +-#include ++#include + + #ifdef QT_PLUGIN + #define Q_EXPORT_SQLDRIVER_IBASE +diff -r -u a/src/sql/configure.json b/src/sql/configure.json +--- a/src/sql/configure.json 2017-01-18 15:20:58.000000000 +0100 ++++ b/src/sql/configure.json 2017-01-27 11:23:31.186794680 +0100 +@@ -51,7 +51,8 @@ + "test": "unix/ibase", + "sources": [ + { "libs": "-lgds32_ms", "condition": "config.win32" }, +- { "libs": "-lgds", "condition": "!config.win32" } ++ { "libs": "-lgds", "condition": "!config.win32" }, ++ { "libs": "-lfbclient", "condition": "!config.win32" } + ] + }, + "mysql": { diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 416a5d6..f3e3c68 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -24,12 +24,6 @@ # set to 1 to enable bootstrap %global bootstrap 0 -%if 0%{?fedora} > 25 || 0%{?rhel} > 7 -# set to 1 for openssl-1.1.x support -#global openssl11 1 -%global firebird3x 1 -%endif - %if 0%{?fedora} > 21 # use external qt_settings pkg %global qt_settings 1 @@ -65,13 +59,13 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components -Version: 5.7.1 -Release: 15%{?dist} +Version: 5.8.0 +Release: 5%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions Url: http://qt-project.org/ -Source0: http://download.qt.io/official_releases/qt/5.7/%{version}/submodules/%{qt_module}-opensource-src-%{version}.tar.xz +Source0: http://download.qt.io/official_releases/qt/5.8/%{version}/submodules/%{qt_module}-opensource-src-%{version}.tar.xz # https://bugzilla.redhat.com/show_bug.cgi?id=1227295 Source1: qtlogging.ini @@ -95,7 +89,7 @@ Patch4: qtbase-opensource-src-5.3.2-QTBUG-35459.patch # upstreamable patches # namespace QT_VERSION_CHECK to workaround major/minor being pre-defined (#1396755) -Patch50: qtbase-opensource-src-5.7.1-QT_VERSION_CHECK.patch +Patch50: qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch # 1381828 - Broken window scaling for some QT5 applications (#1381828) # This patch moves the threshold for 2x scaling from the DPI of 144 to 192, @@ -108,36 +102,15 @@ Patch51: qtbase-hidpi_scale_at_192.patch # 2. Workaround sysmacros.h (pre)defining major/minor a breaking stuff Patch52: qtbase-opensource-src-5.7.1-moc_macros.patch -# arm patch -Patch54: qtbase-opensource-src-5.6.0-arm.patch - -# recently passed code review, now integrated into 5.8 branch -# https://codereview.qt-project.org/126102/ -Patch60: qtbase-opensource-src-5.7.1-moc_system_defines.patch - # drop -O3 and make -O2 by default Patch61: qt5-qtbase-cxxflag.patch -# Fix png system compilation -Patch62: qt5-qtbase-5.7.1-libpng.patch - # adapted from berolinux for fedora # https://github.com/patch-exchange/openssl-1.1-transition/blob/master/qt5-qtbase/qtbase-5.7.0-openssl-1.1.patch Patch63: qt5-qtbase-5.7.1-openssl11.patch # support firebird version 3.x -Patch64: qt5-qtbase-5.7.1-firebird.patch - -## upstream patches -## 5.8 branch -# https://bugzilla.redhat.com/show_bug.cgi?id=1403500 -# https://bugreports.qt.io/browse/QTBUG-55583 -Patch100: qt5-qtbase-5.8-QTBUG-55583.patch -# Ensure a pixel density of at least 1 for Qt::AA_EnableHighDpiScaling -# https://bugreports.qt.io/browse/QTBUG-56140 -Patch101: qt5-qtbase-5.8-QTBUG-56140.patch -# gcc7 FTBFS fix -Patch153: 0053-QMimeXMLProvider-add-missing-out-of-line-destructor.patch +Patch64: qt5-qtbase-5.8.0-firebird.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -221,7 +194,7 @@ BuildRequires: libicu-devel BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil) BuildRequires: pkgconfig(zlib) BuildRequires: perl-generators -BuildRequires: qt5-rpm-macros >= %{version} +BuildRequires: qt5-rpm-macros >= 5.7.1 %if 0%{?tests} BuildRequires: dbus-x11 @@ -270,7 +243,7 @@ Requires: %{name}-gui%{?_isa} Requires: pkgconfig(egl) %endif Requires: pkgconfig(gl) -Requires: qt5-rpm-macros >= %{version} +Requires: qt5-rpm-macros >= 5.7.1 %if 0%{?use_clang} Requires: clang >= 3.7.0 %endif @@ -282,8 +255,7 @@ Requires: clang >= 3.7.0 Summary: API documentation for %{name} License: GFDL Requires: %{name} = %{version}-%{release} -BuildRequires: qt5-qhelpgenerator -BuildRequires: qt5-qdoc +BuildRequires: qt5-doctools BuildArch: noarch %description doc @@ -370,23 +342,15 @@ Qt5 libraries used for drawing widgets and OpenGL items. %setup -q -n %{qt_module}-opensource-src-%{version} %patch4 -p1 -b .QTBUG-35459 -%patch100 -p1 -b .QTBUG-55583 -%patch101 -p1 -b .QTBUG-56140 -%patch153 -p1 -b .0053 %patch50 -p1 -b .QT_VERSION_CHECK %patch51 -p1 -b .hidpi_scale_at_192 %patch52 -p1 -b .moc_macros -%patch54 -p1 -b .arm -%patch60 -p1 -b .moc_system_defines %patch61 -p1 -b .qt5-qtbase-cxxflag -%patch62 -p1 -b .libpng %if 0%{?openssl11} %patch63 -p1 -b .openssl11 %endif -%if 0%{?firebird3x} %patch64 -p1 -b .firebird -%endif %if 0%{?inject_optflags} ## adjust $RPM_OPT_FLAGS @@ -453,7 +417,8 @@ export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -DOPENSSL_API_COMPAT=0x10100000L" export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DOPENSSL_API_COMPAT=0x10100000L" %endif -./configure -v \ +./configure \ + -verbose \ -confirm-license \ -opensource \ -prefix %{_qt5_prefix} \ @@ -478,18 +443,15 @@ export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DOPENSSL_API_COMPAT=0x10100000L" -glib \ -gtk \ %{?ibase} \ - -iconv \ -icu \ %{?journald} \ %{?openssl} \ - -optimized-qmake \ %{!?examples:-nomake examples} \ %{!?tests:-nomake tests} \ - -no-pch \ -no-rpath \ -no-separate-debug-info \ %ifarch %{ix86} - -no-sse2 \ + -no-sse2 -no-pch \ %endif -no-strip \ -system-libjpeg \ @@ -700,6 +662,7 @@ fi %{_qt5_libdir}/libQt5Sql.so.5* %{_qt5_libdir}/libQt5Test.so.5* %{_qt5_libdir}/libQt5Xml.so.5* +%{_qt5_libdir}/libQt5EglFSDeviceIntegration.so.5* %dir %{_qt5_libdir}/cmake/ %dir %{_qt5_libdir}/cmake/Qt5/ %dir %{_qt5_libdir}/cmake/Qt5Concurrent/ @@ -810,6 +773,8 @@ fi %{_qt5_headerdir}/QtTest/ %{_qt5_headerdir}/QtWidgets/ %{_qt5_headerdir}/QtXml/ +%{_qt5_headerdir}/QtEglFSDeviceIntegration +%{_qt5_headerdir}/QtInputSupport %{_qt5_archdatadir}/mkspecs/ %{_qt5_libdir}/libQt5Concurrent.prl %{_qt5_libdir}/libQt5Concurrent.so @@ -835,6 +800,8 @@ fi %{_qt5_libdir}/libQt5XcbQpa.so %{_qt5_libdir}/libQt5Xml.prl %{_qt5_libdir}/libQt5Xml.so +%{_qt5_libdir}/libQt5EglFSDeviceIntegration.prl +%{_qt5_libdir}/libQt5EglFSDeviceIntegration.so %{_qt5_libdir}/cmake/Qt5/Qt5Config*.cmake %{_qt5_libdir}/cmake/Qt5Concurrent/Qt5ConcurrentConfig*.cmake %{_qt5_libdir}/cmake/Qt5Core/Qt5CoreConfig*.cmake @@ -851,6 +818,7 @@ fi %{_qt5_libdir}/cmake/Qt5Widgets/Qt5WidgetsConfig*.cmake %{_qt5_libdir}/cmake/Qt5Widgets/Qt5WidgetsMacros.cmake %{_qt5_libdir}/cmake/Qt5Xml/Qt5XmlConfig*.cmake +%{_qt5_libdir}/cmake/Qt5/Qt5ModuleLocation.cmake %{_qt5_libdir}/pkgconfig/Qt5.pc %{_qt5_libdir}/pkgconfig/Qt5Concurrent.pc %{_qt5_libdir}/pkgconfig/Qt5Core.pc @@ -864,8 +832,9 @@ fi %{_qt5_libdir}/pkgconfig/Qt5Widgets.pc %{_qt5_libdir}/pkgconfig/Qt5Xml.pc %if 0%{?egl} -%{_qt5_libdir}/libQt5EglDeviceIntegration.prl -%{_qt5_libdir}/libQt5EglDeviceIntegration.so + +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsEglDeviceIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QVncIntegrationPlugin.cmake %{_qt5_libdir}/libQt5EglFsKmsSupport.prl %{_qt5_libdir}/libQt5EglFsKmsSupport.so %endif @@ -879,9 +848,41 @@ fi %{_qt5_libdir}/libQt5OpenGLExtensions.prl %{_qt5_libdir}/cmake/Qt5OpenGLExtensions/ %{_qt5_libdir}/pkgconfig/Qt5OpenGLExtensions.pc -%{_qt5_headerdir}/QtPlatformSupport/ -%{_qt5_libdir}/libQt5PlatformSupport.*a -%{_qt5_libdir}/libQt5PlatformSupport.prl +%{_qt5_libdir}/libQt5AccessibilitySupport.*a +%{_qt5_libdir}/libQt5AccessibilitySupport.prl +%{_qt5_headerdir}/QtAccessibilitySupport +%{_qt5_libdir}/libQt5DeviceDiscoverySupport.*a +%{_qt5_libdir}/libQt5DeviceDiscoverySupport.prl +%{_qt5_headerdir}/QtDeviceDiscoverySupport +%{_qt5_libdir}/libQt5EglSupport.*a +%{_qt5_libdir}/libQt5EglSupport.prl +%{_qt5_headerdir}/QtEglSupport +%{_qt5_libdir}/libQt5EventDispatcherSupport.*a +%{_qt5_libdir}/libQt5EventDispatcherSupport.prl +%{_qt5_headerdir}/QtEventDispatcherSupport +%{_qt5_libdir}/libQt5FbSupport.*a +%{_qt5_libdir}/libQt5FbSupport.prl +%{_qt5_headerdir}/QtFbSupport +%{_qt5_libdir}/libQt5FontDatabaseSupport.*a +%{_qt5_libdir}/libQt5FontDatabaseSupport.prl +%{_qt5_headerdir}/QtFontDatabaseSupport +%{_qt5_libdir}/libQt5GlxSupport.*a +%{_qt5_libdir}/libQt5GlxSupport.prl +%{_qt5_headerdir}/QtGlxSupport +%{_qt5_libdir}/libQt5InputSupport.*a +%{_qt5_libdir}/libQt5InputSupport.prl +%{_qt5_libdir}/libQt5LinuxAccessibilitySupport.*a +%{_qt5_libdir}/libQt5LinuxAccessibilitySupport.prl +%{_qt5_headerdir}/QtLinuxAccessibilitySupport +%{_qt5_libdir}/libQt5PlatformCompositorSupport.*a +%{_qt5_libdir}/libQt5PlatformCompositorSupport.prl +%{_qt5_headerdir}/QtPlatformCompositorSupport +%{_qt5_libdir}/libQt5ServiceSupport.*a +%{_qt5_libdir}/libQt5ServiceSupport.prl +%{_qt5_headerdir}/QtServiceSupport +%{_qt5_libdir}/libQt5ThemeSupport.*a +%{_qt5_libdir}/libQt5ThemeSupport.prl +%{_qt5_headerdir}/QtThemeSupport %if 0%{?examples} %files examples @@ -952,7 +953,6 @@ fi %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QComposePlatformInputContextPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QIbusPlatformInputContextPlugin.cmake %if 0%{?egl} -%{_qt5_libdir}/libQt5EglDeviceIntegration.so.5* %{_qt5_libdir}/libQt5EglFsKmsSupport.so.5* %{_qt5_plugindir}/platforms/libqeglfs.so %{_qt5_plugindir}/platforms/libqminimalegl.so @@ -966,12 +966,12 @@ fi %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSX11IntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsGbmIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbEglIntegrationPlugin.cmake -%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsEglDeviceIntegrationPlugin.cmake %endif %{_qt5_plugindir}/platforms/libqlinuxfb.so %{_qt5_plugindir}/platforms/libqminimal.so %{_qt5_plugindir}/platforms/libqoffscreen.so %{_qt5_plugindir}/platforms/libqxcb.so +%{_qt5_plugindir}/platforms/libqvnc.so %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QLinuxFbIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QMinimalIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QOffscreenIntegrationPlugin.cmake @@ -985,11 +985,22 @@ fi %changelog -* Fri Feb 17 2017 Rex Dieter - 5.7.1-15 -- gcc7 FTBFS fix (#1423090) +* Sat Jan 28 2017 Helio Chissini de Castro - 5.8.0-5 +- Really debootstrap :-P -* Thu Feb 09 2017 Rex Dieter - 5.7.1-14 -- 5.8 backport: Ensure a pixel density of at least 1 for Qt::AA_EnableHighDpiScaling (QTBUG-56140) +* Fri Jan 27 2017 Helio Chissini de Castro - 5.8.0-4 +- Debootstrap +- Use meta doctools package to build docs + +* Fri Jan 27 2017 Helio Chissini de Castro - 5.8.0-3 +- Unify firebird patch for both versions +- Bootstrap again for copr + +* Thu Jan 26 2017 Helio Chissini de Castro - 5.8.0-2 +- Debootstrap after tools built. New tool needed qtattributionsscanner + +* Thu Jan 26 2017 Helio Chissini de Castro - 5.8.0-1 +- Initial update for 5.8.0 * Tue Jan 24 2017 Rex Dieter - 5.7.1-13 - Broken window scaling (#1381828) diff --git a/qtbase-hidpi_scale_at_192.patch b/qtbase-hidpi_scale_at_192.patch index bd85294..123f1ae 100644 --- a/qtbase-hidpi_scale_at_192.patch +++ b/qtbase-hidpi_scale_at_192.patch @@ -1,12 +1,11 @@ -diff -up qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp.hidpi_scale_at_192 qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp ---- qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp.hidpi_scale_at_192 2017-02-09 07:47:26.060096259 -0600 -+++ qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp 2017-02-09 07:48:11.497567447 -0600 +--- qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp.orig 2017-01-11 11:42:59.544860428 +0100 ++++ qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp 2017-01-11 11:43:51.142956762 +0100 @@ -633,7 +633,7 @@ void QXcbScreen::updateGeometry(const QR m_sizeMillimeters = sizeInMillimeters(xGeometry.size(), virtualDpi()); qreal dpi = xGeometry.width() / physicalSize().width() * qreal(25.4); -- m_pixelDensity = qMax(1, qRound(dpi/96)); -+ m_pixelDensity = qMax(1, (int) (dpi/96)); // instead of rounding at 1.5, round at 2.0 (same as GNOME) +- m_pixelDensity = qRound(dpi/96); ++ m_pixelDensity = (int) (dpi/96); // instead of rounding at 1.5, round at 2.0 (same as GNOME) m_geometry = QRect(xGeometry.topLeft(), xGeometry.size()); m_availableGeometry = xGeometry & m_virtualDesktop->workArea(); QWindowSystemInterface::handleScreenGeometryChange(QPlatformScreen::screen(), m_geometry, m_availableGeometry); diff --git a/qtbase-opensource-src-5.6.0-arm.patch b/qtbase-opensource-src-5.6.0-arm.patch deleted file mode 100644 index 63df719..0000000 --- a/qtbase-opensource-src-5.6.0-arm.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up qtbase-opensource-src-5.6.0-beta/configure.than qtbase-opensource-src-5.6.0-beta/configure ---- qtbase-opensource-src-5.6.0-beta/configure.than 2016-02-12 13:56:20.057741037 +0100 -+++ qtbase-opensource-src-5.6.0-beta/configure 2016-02-12 14:10:10.267768256 +0100 -@@ -4346,6 +4346,9 @@ if [ "$QMAKESPEC" != "$XQMAKESPEC" ]; th - else - # not cross compiling, host == target - CFG_HOST_ARCH="$CFG_ARCH" -+ if [ "$CFG_ARCH" = "arm" ] ; then -+ CFG_CPUFEATURES="neon" -+ fi - CFG_HOST_CPUFEATURES="$CFG_CPUFEATURES" - fi - unset OUTFILE diff --git a/qtbase-opensource-src-5.7.1-QT_VERSION_CHECK.patch b/qtbase-opensource-src-5.7.1-QT_VERSION_CHECK.patch deleted file mode 100644 index 1b3a0e9..0000000 --- a/qtbase-opensource-src-5.7.1-QT_VERSION_CHECK.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up qtbase-opensource-src-5.7.1/src/corelib/global/qglobal.h.QT_VERSION_CHECK qtbase-opensource-src-5.7.1/src/corelib/global/qglobal.h ---- qtbase-opensource-src-5.7.1/src/corelib/global/qglobal.h.QT_VERSION_CHECK 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/src/corelib/global/qglobal.h 2016-12-08 12:19:41.165310158 -0600 -@@ -54,7 +54,7 @@ - /* - can be used like #if (QT_VERSION >= QT_VERSION_CHECK(4, 4, 0)) - */ --#define QT_VERSION_CHECK(major, minor, patch) ((major<<16)|(minor<<8)|(patch)) -+#define QT_VERSION_CHECK(qt_version_check_major, qt_version_check_minor, qt_version_check_patch) ((qt_version_check_major<<16)|(qt_version_check_minor<<8)|(qt_version_check_patch)) - - #if !defined(QT_BUILD_QMAKE) && !defined(QT_BUILD_CONFIGURE) - #include diff --git a/qtbase-opensource-src-5.7.1-moc_system_defines.patch b/qtbase-opensource-src-5.7.1-moc_system_defines.patch deleted file mode 100644 index a8acd8f..0000000 --- a/qtbase-opensource-src-5.7.1-moc_system_defines.patch +++ /dev/null @@ -1,331 +0,0 @@ -diff -up qtbase-opensource-src-5.7.1/mkspecs/features/moc.prf.moc_system_defines qtbase-opensource-src-5.7.1/mkspecs/features/moc.prf ---- qtbase-opensource-src-5.7.1/mkspecs/features/moc.prf.moc_system_defines 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/mkspecs/features/moc.prf 2016-12-09 10:24:12.463205987 -0600 -@@ -24,8 +24,25 @@ win32:count(MOC_INCLUDEPATH, 40, >) { - write_file($$absolute_path($$WIN_INCLUDETEMP, $$OUT_PWD), WIN_INCLUDETEMP_CONT)|error("Aborting.") - } - -+# QNX's compiler sets "gcc" config, but does not support the -dM option; -+# iOS builds are multi-arch, so this feature cannot possibly work. -+if(gcc|intel_icl|msvc):!rim_qcc:!ios { -+ moc_predefs.CONFIG = no_link -+ gcc: moc_predefs.commands = $$QMAKE_CXX $$QMAKE_CXXFLAGS -dM -E -o ${QMAKE_FILE_OUT} ${QMAKE_FILE_IN} -+ else:intel_icl: moc_predefs.commands = $$QMAKE_CXX $$QMAKE_CXXFLAGS -QdM -P -Fi${QMAKE_FILE_OUT} ${QMAKE_FILE_IN} -+ else:msvc { -+ # make sure that our bin dir is first in path, so qmake is found -+ moc_predefs.commands = PATH $$shell_path($$[QT_INSTALL_BINS/src]);%PATH%& -+ moc_predefs.commands += $$QMAKE_CXX -Bxqmake $$QMAKE_CXXFLAGS -E ${QMAKE_FILE_IN} 2>NUL >${QMAKE_FILE_OUT} -+ } else: error("Oops, I messed up") -+ moc_predefs.output = $$MOC_DIR/moc_predefs.h -+ moc_predefs.input = MOC_PREDEF_FILE -+ silent: moc_predefs.commands = @echo generating $$moc_predefs.output$$escape_expand(\n\t)@$$moc_predefs.commands -+ QMAKE_EXTRA_COMPILERS += moc_predefs -+ MOC_PREDEF_FILE = $$[QT_HOST_DATA/src]/mkspecs/features/data/dummy.cpp -+} -+ - defineReplace(mocCmdBase) { -- RET = - !isEmpty(WIN_INCLUDETEMP) { - incvar = @$$WIN_INCLUDETEMP - } else { -@@ -34,7 +51,13 @@ defineReplace(mocCmdBase) { - incvar += -I$$shell_quote($$inc) - incvar += $$QMAKE_FRAMEWORKPATH_FLAGS - } -- RET += $$QMAKE_MOC $(DEFINES) $$join(QMAKE_COMPILER_DEFINES, " -D", -D) $$incvar $$QMAKE_MOC_OPTIONS -+ -+ RET = $$QMAKE_MOC $(DEFINES) -+ -+ isEmpty(MOC_PREDEF_FILE): RET += $$join(QMAKE_COMPILER_DEFINES, " -D", -D) -+ else: RET += --include $$moc_predefs.output -+ -+ RET += $$incvar $$QMAKE_MOC_OPTIONS - return($$RET) - } - -@@ -46,7 +69,7 @@ moc_header.output = $$MOC_DIR/$${QMAKE_H - moc_header.input = HEADERS - moc_header.variable_out = SOURCES - moc_header.name = MOC ${QMAKE_FILE_IN} --moc_header.depends += $$WIN_INCLUDETEMP -+moc_header.depends += $$WIN_INCLUDETEMP $$moc_predefs.output - silent:moc_header.commands = @echo moc ${QMAKE_FILE_IN} && $$moc_header.commands - QMAKE_EXTRA_COMPILERS += moc_header - INCREDIBUILD_XGE += moc_header -@@ -58,7 +81,7 @@ moc_source.commands = ${QMAKE_FUNC_mocCm - moc_source.output = $$MOC_DIR/$${QMAKE_CPP_MOD_MOC}${QMAKE_FILE_BASE}$${QMAKE_EXT_CPP_MOC} - moc_source.input = SOURCES OBJECTIVE_SOURCES - moc_source.name = MOC ${QMAKE_FILE_IN} --moc_source.depends += $$WIN_INCLUDETEMP -+moc_source.depends += $$WIN_INCLUDETEMP $$moc_predefs.output - silent:moc_source.commands = @echo moc ${QMAKE_FILE_IN} && $$moc_source.commands - QMAKE_EXTRA_COMPILERS += moc_source - INCREDIBUILD_XGE += moc_source -diff -up qtbase-opensource-src-5.7.1/qmake/main.cpp.moc_system_defines qtbase-opensource-src-5.7.1/qmake/main.cpp ---- qtbase-opensource-src-5.7.1/qmake/main.cpp.moc_system_defines 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/qmake/main.cpp 2016-12-09 10:24:12.463205987 -0600 -@@ -42,6 +42,10 @@ - #include - #include - -+#ifdef Q_OS_WIN -+# include -+#endif -+ - QT_BEGIN_NAMESPACE - - #ifdef Q_OS_WIN -@@ -241,6 +245,30 @@ static int doInstall(int argc, char **ar - return 3; - } - -+static int dumpMacros(const wchar_t *cmdline) -+{ -+ // from http://stackoverflow.com/questions/3665537/how-to-find-out-cl-exes-built-in-macros -+ int argc; -+ wchar_t **argv = CommandLineToArgvW(cmdline, &argc); -+ if (!argv) -+ return 2; -+ for (int i = 0; i < argc; ++i) { -+ if (argv[i][0] != L'-' || argv[i][1] != 'D') -+ continue; -+ -+ wchar_t *value = wcschr(argv[i], L'='); -+ if (value) { -+ *value = 0; -+ ++value; -+ } else { -+ // point to the NUL at the end, so we don't print anything -+ value = argv[i] + wcslen(argv[i]); -+ } -+ wprintf(L"#define %Ls %Ls\n", argv[i] + 2, value); -+ } -+ return 0; -+} -+ - #endif // Q_OS_WIN - - /* This is to work around lame implementation on Darwin. It has been noted that the getpwd(3) function -@@ -275,6 +303,15 @@ int runQMake(int argc, char **argv) - // Workaround for inferior/missing command line tools on Windows: make our own! - if (argc >= 2 && !strcmp(argv[1], "-install")) - return doInstall(argc - 2, argv + 2); -+ -+ { -+ // Support running as Visual C++'s compiler -+ const wchar_t *cmdline = _wgetenv(L"MSC_CMD_FLAGS"); -+ if (!cmdline || !*cmdline) -+ cmdline = _wgetenv(L"MSC_IDE_FLAGS"); -+ if (cmdline && *cmdline) -+ return dumpMacros(cmdline); -+ } - #endif - - QMakeVfs vfs; -diff -up qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp.moc_system_defines qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp ---- qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp.moc_system_defines 2016-12-09 10:24:12.458205887 -0600 -+++ qtbase-opensource-src-5.7.1/src/tools/moc/main.cpp 2016-12-09 10:53:10.285347282 -0600 -@@ -259,6 +259,11 @@ int runMoc(int argc, char **argv) - prependIncludeOption.setValueName(QStringLiteral("file")); - parser.addOption(prependIncludeOption); - -+ QCommandLineOption includeOption(QStringLiteral("include")); -+ includeOption.setDescription(QStringLiteral("Parse as an #include before the main source(s).")); -+ includeOption.setValueName(QStringLiteral("file")); -+ parser.addOption(includeOption); -+ - QCommandLineOption noNotesWarningsCompatOption(QStringLiteral("n")); - noNotesWarningsCompatOption.setDescription(QStringLiteral("Do not display notes (-nn) or warnings (-nw). Compatibility option.")); - noNotesWarningsCompatOption.setValueName(QStringLiteral("which")); -@@ -415,7 +420,31 @@ int runMoc(int argc, char **argv) - moc.includes = pp.includes; - - // 1. preprocess -- moc.symbols = pp.preprocessed(moc.filename, &in); -+ const auto includeFiles = parser.values(includeOption); -+ for (const QString &includeName : includeFiles) { -+ QByteArray rawName = pp.resolveInclude(QFile::encodeName(includeName), moc.filename); -+ if (rawName.isEmpty()) { -+ fprintf(stderr, "Warning: Failed to resolve include \"%s\" for moc file %s\n", -+ includeName.toLocal8Bit().constData(), -+ moc.filename.isEmpty() ? "" : moc.filename.constData()); -+ } else { -+ QFile f(QFile::decodeName(rawName)); -+ if (f.open(QIODevice::ReadOnly)) { -+ moc.symbols += Symbol(0, MOC_INCLUDE_BEGIN, rawName); -+ moc.symbols += pp.preprocessed(rawName, &f); -+ moc.symbols += Symbol(0, MOC_INCLUDE_END, rawName); -+ } else { -+ fprintf(stderr, "Warning: Cannot open %s included by moc file %s: %s\n", -+ rawName.constData(), -+ moc.filename.isEmpty() ? "" : moc.filename.constData(), -+ f.errorString().toLocal8Bit().constData()); -+ } -+ } -+ } -+ moc.symbols += pp.preprocessed(moc.filename, &in); -+ -+ // We obviously do not support MS extensions -+ pp.macros.remove("_MSC_EXTENSIONS"); - - if (!pp.preprocessOnly) { - // 2. parse -diff -up qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.cpp.moc_system_defines qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.cpp ---- qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.cpp.moc_system_defines 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.cpp 2016-12-09 10:24:12.464206007 -0600 -@@ -1008,6 +1008,37 @@ static void mergeStringLiterals(Symbols - } - } - -+QByteArray Preprocessor::resolveInclude(const QByteArray &include, const QByteArray &relativeTo) -+{ -+ // #### stringery -+ QFileInfo fi; -+ if (!relativeTo.isEmpty()) -+ fi.setFile(QFileInfo(QString::fromLocal8Bit(relativeTo.constData())).dir(), QString::fromLocal8Bit(include.constData())); -+ for (int j = 0; j < Preprocessor::includes.size() && !fi.exists(); ++j) { -+ const IncludePath &p = Preprocessor::includes.at(j); -+ if (p.isFrameworkPath) { -+ const int slashPos = include.indexOf('/'); -+ if (slashPos == -1) -+ continue; -+ QByteArray frameworkCandidate = include.left(slashPos); -+ frameworkCandidate.append(".framework/Headers/"); -+ fi.setFile(QString::fromLocal8Bit(QByteArray(p.path + '/' + frameworkCandidate).constData()), QString::fromLocal8Bit(include.mid(slashPos + 1).constData())); -+ } else { -+ fi.setFile(QString::fromLocal8Bit(p.path.constData()), QString::fromLocal8Bit(include.constData())); -+ } -+ // try again, maybe there's a file later in the include paths with the same name -+ // (186067) -+ if (fi.isDir()) { -+ fi = QFileInfo(); -+ continue; -+ } -+ } -+ -+ if (!fi.exists() || fi.isDir()) -+ return QByteArray(); -+ return fi.canonicalFilePath().toLocal8Bit(); -+} -+ - void Preprocessor::preprocess(const QByteArray &filename, Symbols &preprocessed) - { - currentFilenames.push(filename); -@@ -1028,32 +1059,9 @@ void Preprocessor::preprocess(const QByt - continue; - until(PP_NEWLINE); - -- // #### stringery -- QFileInfo fi; -- if (local) -- fi.setFile(QFileInfo(QString::fromLocal8Bit(filename.constData())).dir(), QString::fromLocal8Bit(include.constData())); -- for (int j = 0; j < Preprocessor::includes.size() && !fi.exists(); ++j) { -- const IncludePath &p = Preprocessor::includes.at(j); -- if (p.isFrameworkPath) { -- const int slashPos = include.indexOf('/'); -- if (slashPos == -1) -- continue; -- fi.setFile(QString::fromLocal8Bit(p.path + '/' + include.left(slashPos) + ".framework/Headers/"), -- QString::fromLocal8Bit(include.mid(slashPos + 1).constData())); -- } else { -- fi.setFile(QString::fromLocal8Bit(p.path.constData()), QString::fromLocal8Bit(include.constData())); -- } -- // try again, maybe there's a file later in the include paths with the same name -- // (186067) -- if (fi.isDir()) { -- fi = QFileInfo(); -- continue; -- } -- } -- -- if (!fi.exists() || fi.isDir()) -+ include = resolveInclude(include, local ? filename : QByteArray()); -+ if (include.isNull()) - continue; -- include = fi.canonicalFilePath().toLocal8Bit(); - - if (Preprocessor::preprocessedIncludes.contains(include)) - continue; -@@ -1208,6 +1216,7 @@ Symbols Preprocessor::preprocessed(const - input = cleaned(input); - - // phase 2: tokenize for the preprocessor -+ index = 0; - symbols = tokenize(input); - - #if 0 -diff -up qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.h.moc_system_defines qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.h ---- qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.h.moc_system_defines 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/src/tools/moc/preprocessor.h 2016-12-09 10:24:12.464206007 -0600 -@@ -62,6 +62,7 @@ public: - QList frameworks; - QSet preprocessedIncludes; - Macros macros; -+ QByteArray resolveInclude(const QByteArray &filename, const QByteArray &relativeTo); - Symbols preprocessed(const QByteArray &filename, QFile *device); - - void parseDefineArguments(Macro *m); -diff -up qtbase-opensource-src-5.7.1/tests/auto/tools/moc/subdir/extradefines.h.moc_system_defines qtbase-opensource-src-5.7.1/tests/auto/tools/moc/subdir/extradefines.h ---- qtbase-opensource-src-5.7.1/tests/auto/tools/moc/subdir/extradefines.h.moc_system_defines 2016-12-09 10:24:12.464206007 -0600 -+++ qtbase-opensource-src-5.7.1/tests/auto/tools/moc/subdir/extradefines.h 2016-12-09 10:24:12.464206007 -0600 -@@ -0,0 +1 @@ -+#define FOO 1 -diff -up qtbase-opensource-src-5.7.1/tests/auto/tools/moc/tst_moc.cpp.moc_system_defines qtbase-opensource-src-5.7.1/tests/auto/tools/moc/tst_moc.cpp ---- qtbase-opensource-src-5.7.1/tests/auto/tools/moc/tst_moc.cpp.moc_system_defines 2016-12-01 02:17:04.000000000 -0600 -+++ qtbase-opensource-src-5.7.1/tests/auto/tools/moc/tst_moc.cpp 2016-12-09 10:24:12.465206027 -0600 -@@ -576,6 +576,8 @@ private slots: - void frameworkSearchPath(); - void cstyleEnums(); - void defineMacroViaCmdline(); -+ void defineMacroViaForcedInclude(); -+ void defineMacroViaForcedIncludeRelative(); - void specifyMetaTagsFromCmdline(); - void invokable(); - void singleFunctionKeywordSignalAndSlot(); -@@ -1244,6 +1246,46 @@ void tst_Moc::defineMacroViaCmdline() - args << m_sourceDirectory + QStringLiteral("/macro-on-cmdline.h"); - - proc.start(m_moc, args); -+ QVERIFY(proc.waitForFinished()); -+ QCOMPARE(proc.exitCode(), 0); -+ QCOMPARE(proc.readAllStandardError(), QByteArray()); -+ QByteArray mocOut = proc.readAllStandardOutput(); -+ QVERIFY(!mocOut.isEmpty()); -+#else -+ QSKIP("Only tested on linux/gcc"); -+#endif -+} -+ -+void tst_Moc::defineMacroViaForcedInclude() -+{ -+#if defined(Q_OS_LINUX) && defined(Q_CC_GNU) && !defined(QT_NO_PROCESS) -+ QProcess proc; -+ -+ QStringList args; -+ args << "--include" << m_sourceDirectory + QLatin1String("/subdir/extradefines.h"); -+ args << m_sourceDirectory + QStringLiteral("/macro-on-cmdline.h"); -+ -+ proc.start(m_moc, args); -+ QVERIFY(proc.waitForFinished()); -+ QCOMPARE(proc.exitCode(), 0); -+ QCOMPARE(proc.readAllStandardError(), QByteArray()); -+ QByteArray mocOut = proc.readAllStandardOutput(); -+ QVERIFY(!mocOut.isEmpty()); -+#else -+ QSKIP("Only tested on linux/gcc"); -+#endif -+} -+ -+void tst_Moc::defineMacroViaForcedIncludeRelative() -+{ -+#if defined(Q_OS_LINUX) && defined(Q_CC_GNU) && !defined(QT_NO_PROCESS) -+ QProcess proc; -+ -+ QStringList args; -+ args << "--include" << QStringLiteral("extradefines.h") << "-I" + m_sourceDirectory + "/subdir"; -+ args << m_sourceDirectory + QStringLiteral("/macro-on-cmdline.h"); -+ -+ proc.start(m_moc, args); - QVERIFY(proc.waitForFinished()); - QCOMPARE(proc.exitCode(), 0); - QCOMPARE(proc.readAllStandardError(), QByteArray()); diff --git a/qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch b/qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch new file mode 100644 index 0000000..d94caf4 --- /dev/null +++ b/qtbase-opensource-src-5.8.0-QT_VERSION_CHECK.patch @@ -0,0 +1,11 @@ +--- qtbase-opensource-src-5.8.0/src/corelib/global/qglobal.h.orig 2017-01-26 10:45:40.905010896 +0100 ++++ qtbase-opensource-src-5.8.0/src/corelib/global/qglobal.h 2017-01-26 10:46:50.299858887 +0100 +@@ -55,7 +55,7 @@ + /* + can be used like #if (QT_VERSION >= QT_VERSION_CHECK(4, 4, 0)) + */ +-#define QT_VERSION_CHECK(major, minor, patch) ((major<<16)|(minor<<8)|(patch)) ++#define QT_VERSION_CHECK(qt_version_check_major, qt_version_check_minor, qt_version_check_patch) ((qt_version_check_major<<16)|(qt_version_check_minor<<8)|(qt_version_check_patch)) + + #ifdef QT_BOOTSTRAPPED + #include diff --git a/sources b/sources index c96e61f..c728b29 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f0809befe04160fbb73bbf38a06a2073 qtbase-opensource-src-5.7.1.tar.xz +SHA512 (qtbase-opensource-src-5.8.0.tar.xz) = 36a1ba4b0dba02ae65c3b2b0aa3fb3767cbee4dbdf204c9ded7d1700e70144ce85a3a66167f86cc716a1fdd38d832962b2a752e803b0647d03032b2685da5ced From 9ceb7d9081adb99785dfc6f3004289b549b2192e Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Mon, 27 Mar 2017 10:54:44 -0500 Subject: [PATCH 02/44] bootstrap (rawhide) revert some minor changes introduced since 5.7 move *Plugin.cmake items to runtime (not -devel) --- qt5-qtbase.spec | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index f3e3c68..e2e6611 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -22,7 +22,7 @@ %global rpm_macros_dir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) # set to 1 to enable bootstrap -%global bootstrap 0 +%global bootstrap 1 %if 0%{?fedora} > 21 # use external qt_settings pkg @@ -445,13 +445,15 @@ export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DOPENSSL_API_COMPAT=0x10100000L" %{?ibase} \ -icu \ %{?journald} \ + -optimized-qmake \ %{?openssl} \ %{!?examples:-nomake examples} \ %{!?tests:-nomake tests} \ + -no-pch \ -no-rpath \ -no-separate-debug-info \ %ifarch %{ix86} - -no-sse2 -no-pch \ + -no-sse2 \ %endif -no-strip \ -system-libjpeg \ @@ -832,9 +834,6 @@ fi %{_qt5_libdir}/pkgconfig/Qt5Widgets.pc %{_qt5_libdir}/pkgconfig/Qt5Xml.pc %if 0%{?egl} - -%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsEglDeviceIntegrationPlugin.cmake -%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QVncIntegrationPlugin.cmake %{_qt5_libdir}/libQt5EglFsKmsSupport.prl %{_qt5_libdir}/libQt5EglFsKmsSupport.so %endif @@ -966,6 +965,7 @@ fi %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSX11IntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsGbmIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbEglIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsEglDeviceIntegrationPlugin.cmake %endif %{_qt5_plugindir}/platforms/libqlinuxfb.so %{_qt5_plugindir}/platforms/libqminimal.so @@ -975,6 +975,7 @@ fi %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QLinuxFbIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QMinimalIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QOffscreenIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QVncIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbIntegrationPlugin.cmake %{_qt5_plugindir}/xcbglintegrations/libqxcb-glx-integration.so %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbGlxIntegrationPlugin.cmake @@ -985,6 +986,11 @@ fi %changelog +* Mon Mar 27 2017 Rex Dieter - 5.8.0-6 +- bootstrap (rawhide) +- revert some minor changes introduced since 5.7 +- move *Plugin.cmake items to runtime (not -devel) + * Sat Jan 28 2017 Helio Chissini de Castro - 5.8.0-5 - Really debootstrap :-P From 32769146b7a8290faac90f2694601137f8e0670a Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Mon, 27 Mar 2017 12:33:51 -0500 Subject: [PATCH 03/44] pull in big-endian buildfix --- .gitignore | 1 + qt5-qtbase.spec | 6 ++++++ sources | 1 + 3 files changed, 8 insertions(+) diff --git a/.gitignore b/.gitignore index 1ed676a..008140c 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /qtbase-opensource-src-5.7.0.tar.xz /qtbase-opensource-src-5.7.1.tar.xz /qtbase-opensource-src-5.8.0.tar.xz +/0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index e2e6611..16a6eea 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -112,6 +112,10 @@ Patch63: qt5-qtbase-5.7.1-openssl11.patch # support firebird version 3.x Patch64: qt5-qtbase-5.8.0-firebird.patch +## upstream patches +#http://code.qt.io/cgit/qt/qtbase.git/commit/?id=6f64bfa654fb7e20bb75ec3b0544b81482babb44 +Patch493: 0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch + # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are # not there, the platform to integrate with isn't either. Then Qt will just @@ -352,6 +356,8 @@ Qt5 libraries used for drawing widgets and OpenGL items. %endif %patch64 -p1 -b .firebird +%patch493 -p1 -b .0493 + %if 0%{?inject_optflags} ## adjust $RPM_OPT_FLAGS diff --git a/sources b/sources index c728b29..21414cf 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (qtbase-opensource-src-5.8.0.tar.xz) = 36a1ba4b0dba02ae65c3b2b0aa3fb3767cbee4dbdf204c9ded7d1700e70144ce85a3a66167f86cc716a1fdd38d832962b2a752e803b0647d03032b2685da5ced +SHA512 (0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch) = a03c6b2f321dfb596df587edf7ae5dafedf685d0239f5744e27f73d32977b203b112ef10db19aa0b85409c595214f0b65d0255fc0859fee1671736d951470558 From 0844cd226c9e26851683204d24b95c64bad287c5 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 29 Mar 2017 09:14:36 -0500 Subject: [PATCH 04/44] rebuild --- qt5-qtbase.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 16a6eea..a4b3cf7 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -60,7 +60,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.8.0 -Release: 5%{?dist} +Release: 7%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -992,6 +992,9 @@ fi %changelog +* Wed Mar 29 2017 Rex Dieter - 5.8.0-7 +- rebuild + * Mon Mar 27 2017 Rex Dieter - 5.8.0-6 - bootstrap (rawhide) - revert some minor changes introduced since 5.7 From 6e2865a3af80d6f21bf97cd3727280999092e058 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Thu, 30 Mar 2017 05:38:02 -0500 Subject: [PATCH 05/44] de-bootstrap --- qt5-qtbase.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index a4b3cf7..7364100 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -22,7 +22,7 @@ %global rpm_macros_dir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) # set to 1 to enable bootstrap -%global bootstrap 1 +#global bootstrap 1 %if 0%{?fedora} > 21 # use external qt_settings pkg @@ -60,7 +60,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.8.0 -Release: 7%{?dist} +Release: 8%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -992,6 +992,9 @@ fi %changelog +* Thu Mar 30 2017 Rex Dieter - 5.8.0-8 +- de-bootstrap + * Wed Mar 29 2017 Rex Dieter - 5.8.0-7 - rebuild From d95935f33203c139fdd3a88aeb7d453643a8758d Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Thu, 30 Mar 2017 08:17:29 -0500 Subject: [PATCH 06/44] make -doc arch'd (workaround bug #1437522) --- qt5-qtbase.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 7364100..ddf175a 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -260,8 +260,8 @@ Summary: API documentation for %{name} License: GFDL Requires: %{name} = %{version}-%{release} BuildRequires: qt5-doctools -BuildArch: noarch - +## noarch build currently FTBFS, see https://bugzilla.redhat.com/1437522 +#BuildArch: noarch %description doc %{summary}. %endif @@ -994,6 +994,7 @@ fi %changelog * Thu Mar 30 2017 Rex Dieter - 5.8.0-8 - de-bootstrap +- make -doc arch'd (workaround bug #1437522) * Wed Mar 29 2017 Rex Dieter - 5.8.0-7 - rebuild From 8090378c806af97a83bd44e7acf51eab49861da9 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Thu, 30 Mar 2017 08:18:18 -0500 Subject: [PATCH 07/44] +Obsoletes to ease noarch->arch upgrade path --- qt5-qtbase.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index ddf175a..3908011 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -262,6 +262,8 @@ Requires: %{name} = %{version}-%{release} BuildRequires: qt5-doctools ## noarch build currently FTBFS, see https://bugzilla.redhat.com/1437522 #BuildArch: noarch +## when made arch'd +Obsoletes: qt5-qtbase-doc < 5.8.0-8 %description doc %{summary}. %endif From e245437f7e9c29658c01ed3c322dc6552d39cdb0 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Fri, 5 May 2017 15:50:23 +0200 Subject: [PATCH 08/44] - Upstream 5.9.0 beta 3 --- .gitignore | 1 + qt5-qtbase.spec | 100 +++++++++--------------------------------------- sources | 3 +- 3 files changed, 21 insertions(+), 83 deletions(-) diff --git a/.gitignore b/.gitignore index 008140c..fa3e82c 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /qtbase-opensource-src-5.7.1.tar.xz /qtbase-opensource-src-5.8.0.tar.xz /0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch +/qtbase-opensource-src-5.9.0-beta3.tar.xz diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 3908011..d91f445 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -21,9 +21,6 @@ %global rpm_macros_dir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) -# set to 1 to enable bootstrap -#global bootstrap 1 - %if 0%{?fedora} > 21 # use external qt_settings pkg %global qt_settings 1 @@ -46,26 +43,18 @@ BuildRequires: pkgconfig(libsystemd) %global qt5_null_flag -fno-delete-null-pointer-checks %endif -# define to build docs, need to undef this for bootstrapping -# where qt5-qttools builds are not yet available -# only primary archs (for now), allow secondary to bootstrap -%if ! 0%{?bootstrap} -%ifarch %{arm} %{ix86} x86_64 %{power64} s390 s390x aarch64 -%global docs 1 -%endif %global examples 1 %global tests 1 -%endif Name: qt5-qtbase Summary: Qt5 - QtBase components -Version: 5.8.0 -Release: 8%{?dist} +Version: 5.9.0 +Release: 0.beta.3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions Url: http://qt-project.org/ -Source0: http://download.qt.io/official_releases/qt/5.8/%{version}/submodules/%{qt_module}-opensource-src-%{version}.tar.xz +Source0: http://download.qt.io/development_releases/qt/5.9/%{version}-beta3/submodules/%{qt_module}-opensource-src-%{version}-beta3.tar.xz # https://bugzilla.redhat.com/show_bug.cgi?id=1227295 Source1: qtlogging.ini @@ -112,10 +101,6 @@ Patch63: qt5-qtbase-5.7.1-openssl11.patch # support firebird version 3.x Patch64: qt5-qtbase-5.8.0-firebird.patch -## upstream patches -#http://code.qt.io/cgit/qt/qtbase.git/commit/?id=6f64bfa654fb7e20bb75ec3b0544b81482babb44 -Patch493: 0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch - # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are # not there, the platform to integrate with isn't either. Then Qt will just @@ -188,7 +173,8 @@ BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(harfbuzz) >= 0.9.42 %endif BuildRequires: pkgconfig(icu-i18n) -BuildRequires: pkgconfig(libpcre) >= 8.30 +BuildRequires: pkgconfig(libpcre2-posix) >= 10.20 +BuildRequires: pkgconfig(libpcre) >= 8.0 %define pcre -system-pcre BuildRequires: pkgconfig(xcb-xkb) %else @@ -254,20 +240,6 @@ Requires: clang >= 3.7.0 %description devel %{summary}. -%if 0%{?docs} -%package doc -Summary: API documentation for %{name} -License: GFDL -Requires: %{name} = %{version}-%{release} -BuildRequires: qt5-doctools -## noarch build currently FTBFS, see https://bugzilla.redhat.com/1437522 -#BuildArch: noarch -## when made arch'd -Obsoletes: qt5-qtbase-doc < 5.8.0-8 -%description doc -%{summary}. -%endif - %package examples Summary: Programming examples for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} @@ -345,21 +317,19 @@ Qt5 libraries used for drawing widgets and OpenGL items. %prep -%setup -q -n %{qt_module}-opensource-src-%{version} +%setup -q -n %{qt_module}-opensource-src-%{version}-beta3 %patch4 -p1 -b .QTBUG-35459 %patch50 -p1 -b .QT_VERSION_CHECK -%patch51 -p1 -b .hidpi_scale_at_192 +#patch51 -p1 -b .hidpi_scale_at_192 %patch52 -p1 -b .moc_macros -%patch61 -p1 -b .qt5-qtbase-cxxflag +#patch61 -p1 -b .qt5-qtbase-cxxflag %if 0%{?openssl11} %patch63 -p1 -b .openssl11 %endif %patch64 -p1 -b .firebird -%patch493 -p1 -b .0493 - %if 0%{?inject_optflags} ## adjust $RPM_OPT_FLAGS @@ -487,23 +457,9 @@ make %{?_smp_mflags} -C qmake \ make %{?_smp_mflags} -%if 0%{?docs} -# HACK to avoid multilib conflicts in noarch content -# see also https://bugreports.qt-project.org/browse/QTBUG-42071 -QT_HASH_SEED=0; export QT_HASH_SEED - -make html_docs -make qch_docs -%endif - - %install make install INSTALL_ROOT=%{buildroot} -%if 0%{?docs} -make install_docs INSTALL_ROOT=%{buildroot} -%endif - install -m644 -p -D %{SOURCE1} %{buildroot}%{_qt5_datadir}/qtlogging.ini # Qt5.pc @@ -720,32 +676,6 @@ fi # mostly empty for now, consider: filesystem/dir ownership, licenses %{rpm_macros_dir}/macros.qt5-qtbase -%if 0%{?docs} -%files doc -%license LICENSE.FDL -%doc dist/README dist/changes-5.* -%{_qt5_docdir}/*.qch -%if 0%{?examples} -%if 0%{!?bootstrap} -# included in -examples instead, see bug #1212750 -%exclude %{_qt5_docdir}/*/examples-manifest.xml -%endif -%endif -%{_qt5_docdir}/qmake/ -%{_qt5_docdir}/qtconcurrent/ -%{_qt5_docdir}/qtcore/ -%{_qt5_docdir}/qtdbus/ -%{_qt5_docdir}/qtgui/ -%{_qt5_docdir}/qtnetwork/ -%{_qt5_docdir}/qtopengl/ -%{_qt5_docdir}/qtplatformheaders/ -%{_qt5_docdir}/qtprintsupport/ -%{_qt5_docdir}/qtsql/ -%{_qt5_docdir}/qttestlib/ -%{_qt5_docdir}/qtwidgets/ -%{_qt5_docdir}/qtxml/ -%endif - %files devel %if "%{_qt5_bindir}" != "%{_bindir}" %dir %{_qt5_bindir} @@ -890,12 +820,12 @@ fi %{_qt5_libdir}/libQt5ThemeSupport.*a %{_qt5_libdir}/libQt5ThemeSupport.prl %{_qt5_headerdir}/QtThemeSupport +%{_qt5_libdir}/libQt5KmsSupport.*a +%{_qt5_libdir}/libQt5KmsSupport.prl +%{_qt5_headerdir}/QtKmsSupport %if 0%{?examples} %files examples -%if 0%{!?bootstrap} -%{_qt5_docdir}/*/examples-manifest.xml -%endif %{_qt5_examplesdir}/ %endif @@ -968,12 +898,14 @@ fi %{_qt5_plugindir}/egldeviceintegrations/libqeglfs-x11-integration.so %{_qt5_plugindir}/xcbglintegrations/libqxcb-egl-integration.so %{_qt5_plugindir}/egldeviceintegrations/libqeglfs-kms-egldevice-integration.so +%{_qt5_plugindir}/egldeviceintegrations/libqeglfs-emu-integration.so %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QMinimalEglIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSX11IntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsGbmIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QXcbEglIntegrationPlugin.cmake %{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSKmsEglDeviceIntegrationPlugin.cmake +%{_qt5_libdir}/cmake/Qt5Gui/Qt5Gui_QEglFSEmulatorIntegrationPlugin.cmake %endif %{_qt5_plugindir}/platforms/libqlinuxfb.so %{_qt5_plugindir}/platforms/libqminimal.so @@ -994,6 +926,12 @@ fi %changelog +* Fri May 05 2017 Helio Chissini de Castro - 5.9.0-0.beta.3 +- Beta 3 release + +* Fri Apr 14 2017 Helio Chissini de Castro - 5.9.0-0.beta.1 +- No more docs, no more bootstrap. Docs comes now on a single package. + * Thu Mar 30 2017 Rex Dieter - 5.8.0-8 - de-bootstrap - make -doc arch'd (workaround bug #1437522) diff --git a/sources b/sources index 21414cf..7453a4f 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (qtbase-opensource-src-5.8.0.tar.xz) = 36a1ba4b0dba02ae65c3b2b0aa3fb3767cbee4dbdf204c9ded7d1700e70144ce85a3a66167f86cc716a1fdd38d832962b2a752e803b0647d03032b2685da5ced -SHA512 (0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch) = a03c6b2f321dfb596df587edf7ae5dafedf685d0239f5744e27f73d32977b203b112ef10db19aa0b85409c595214f0b65d0255fc0859fee1671736d951470558 +SHA512 (qtbase-opensource-src-5.9.0-beta3.tar.xz) = c1bd75415e921c8df90853943f72dcbc5b1337a102ce6966d8a7d8e085c749fc3dc651f5fff4cd1460523ecbce3194ca2db5ebe86586b65203e091c46dd39e86 From 4b715ffd1c663a92cc43afcceb0f1c958e4f3e29 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Mon, 8 May 2017 12:14:33 -0500 Subject: [PATCH 09/44] include recommended qtdbus patches, fix Release --- ...etaType-s-custom-information-to-QDBu.patch | 429 ++++++++++++++++++ ...crashes-during-application-destructi.patch | 121 +++++ qt5-qtbase.spec | 13 +- 3 files changed, 562 insertions(+), 1 deletion(-) create mode 100644 0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch create mode 100644 0002-Fix-some-QtDBus-crashes-during-application-destructi.patch diff --git a/0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch b/0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch new file mode 100644 index 0000000..781c267 --- /dev/null +++ b/0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch @@ -0,0 +1,429 @@ +From 04cc2a3abad6ed825a97225b96a2e04f30fefcb1 Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Thu, 28 Apr 2016 15:00:58 -0700 +Subject: [PATCH 1/2] Merge the QDBusMetaType's custom information to + QDBusConnectionManager + +This allows us to get rid of two Q_GLOBAL_STATIC in QtDBus, which means +fewer opportunities for screwing up the order of destruction. And since +QDBusConnectionManager now ensures that the types are initialized, we +don't need to re-initialize them everywhere. + +The Q_GLOBAL_STATIC for QDBusConnectionManager ensures the proper +thread-safe locking, so we don't need to lock for every type that we're +trying to register. This should make things faster. + +But as a side-effect, trying to register a D-Bus metatype will cause the +QDBusConnectionManager thread to start too. + +Change-Id: Ifea6e497f11a461db432ffff1449a4e535234485 +--- + src/dbus/qdbusconnection.cpp | 1 + + src/dbus/qdbusconnectionmanager_p.h | 3 +- + src/dbus/qdbusintegrator.cpp | 1 - + src/dbus/qdbusmetatype.cpp | 185 +++++++++++++++++++----------------- + src/dbus/qdbusmetatype_p.h | 27 +++++- + src/dbus/qdbusmisc.cpp | 3 +- + 6 files changed, 127 insertions(+), 93 deletions(-) + +diff --git a/src/dbus/qdbusconnection.cpp b/src/dbus/qdbusconnection.cpp +index f95cc3a..4187f19 100644 +--- a/src/dbus/qdbusconnection.cpp ++++ b/src/dbus/qdbusconnection.cpp +@@ -182,6 +182,7 @@ void QDBusConnectionManager::run() + } + } + connectionHash.clear(); ++ customTypes.clear(); + + // allow deletion from any thread without warning + moveToThread(Q_NULLPTR); +diff --git a/src/dbus/qdbusconnectionmanager_p.h b/src/dbus/qdbusconnectionmanager_p.h +index 1c7dea8..fd6cd84 100644 +--- a/src/dbus/qdbusconnectionmanager_p.h ++++ b/src/dbus/qdbusconnectionmanager_p.h +@@ -55,13 +55,14 @@ + + #include + #include "qdbusconnection_p.h" ++#include "qdbusmetatype_p.h" + #include "private/qthread_p.h" + + #ifndef QT_NO_DBUS + + QT_BEGIN_NAMESPACE + +-class QDBusConnectionManager : public QDaemonThread ++class QDBusConnectionManager : public QDaemonThread, public QDBusMetaTypeId + { + Q_OBJECT + struct ConnectionRequestData; +diff --git a/src/dbus/qdbusintegrator.cpp b/src/dbus/qdbusintegrator.cpp +index c63fb05..19f79e9 100644 +--- a/src/dbus/qdbusintegrator.cpp ++++ b/src/dbus/qdbusintegrator.cpp +@@ -1036,7 +1036,6 @@ QDBusConnectionPrivate::QDBusConnectionPrivate(QObject *p) + qdbusThreadDebug = qdbusDefaultThreadDebug; + #endif + +- QDBusMetaTypeId::init(); + connect(this, &QDBusConnectionPrivate::dispatchStatusChanged, + this, &QDBusConnectionPrivate::doDispatch, Qt::QueuedConnection); + connect(this, &QDBusConnectionPrivate::spyHooksFinished, +diff --git a/src/dbus/qdbusmetatype.cpp b/src/dbus/qdbusmetatype.cpp +index fb2b407..9ab3c34 100644 +--- a/src/dbus/qdbusmetatype.cpp ++++ b/src/dbus/qdbusmetatype.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2016 Intel Corporation. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtDBus module of the Qt Toolkit. +@@ -39,19 +40,15 @@ + + #include "qdbusmetatype.h" + #include "qdbusmetatype_p.h" +- +-#include + #include "qdbus_symbols_p.h" + +-#include +-#include +-#include +-#include ++#include + + #include "qdbusargument_p.h" + #include "qdbusutil_p.h" + #include "qdbusunixfiledescriptor.h" + #ifndef QT_BOOTSTRAPPED ++#include "qdbusconnectionmanager_p.h" + #include "qdbusmessage.h" + #endif + +@@ -64,82 +61,72 @@ + + QT_BEGIN_NAMESPACE + +-class QDBusCustomTypeInfo +-{ +-public: +- QDBusCustomTypeInfo() : signature(), marshall(0), demarshall(0) +- { } +- +- // Suggestion: +- // change 'signature' to char* and make QDBusCustomTypeInfo a Movable type +- QByteArray signature; +- QDBusMetaType::MarshallFunction marshall; +- QDBusMetaType::DemarshallFunction demarshall; +-}; ++static void registerMarshallOperatorsNoLock(QVector &ct, int id, ++ QDBusMetaType::MarshallFunction mf, ++ QDBusMetaType::DemarshallFunction df); + + template +-inline static void registerHelper(T * = 0) ++inline static void registerHelper(QVector &ct) + { + void (*mf)(QDBusArgument &, const T *) = qDBusMarshallHelper; + void (*df)(const QDBusArgument &, T *) = qDBusDemarshallHelper; +- QDBusMetaType::registerMarshallOperators(qMetaTypeId(), ++ registerMarshallOperatorsNoLock(ct, qMetaTypeId(), + reinterpret_cast(mf), + reinterpret_cast(df)); + } + +-void QDBusMetaTypeId::init() ++QDBusMetaTypeId *QDBusMetaTypeId::instance() + { +- static QBasicAtomicInt initialized = Q_BASIC_ATOMIC_INITIALIZER(false); +- +- // reentrancy is not a problem since everything else is locked on their own +- // set the guard variable at the end +- if (!initialized.load()) { +- // register our types with Qt Core (calling qMetaTypeId() does this implicitly) +- (void)message(); +- (void)argument(); +- (void)variant(); +- (void)objectpath(); +- (void)signature(); +- (void)error(); +- (void)unixfd(); ++#ifdef QT_BOOTSTRAPPED ++ static QDBusMetaTypeId self; ++ return &self; ++#else ++ return QDBusConnectionManager::instance(); ++#endif ++} ++ ++QDBusMetaTypeId::QDBusMetaTypeId() ++{ ++ // register our types with Qt Core (calling qMetaTypeId() does this implicitly) ++ (void)message(); ++ (void)argument(); ++ (void)variant(); ++ (void)objectpath(); ++ (void)signature(); ++ (void)error(); ++ (void)unixfd(); + + #ifndef QDBUS_NO_SPECIALTYPES +- // and register Qt Core's with us +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- registerHelper(); +- +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); +- qDBusRegisterMetaType >(); ++ // and register Qt Core's with us ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ registerHelper(customTypes); ++ ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); ++ registerHelper >(customTypes); + #endif +- +- initialized.store(true); +- } + } + +-Q_GLOBAL_STATIC(QVector, customTypes) +-Q_GLOBAL_STATIC(QReadWriteLock, customTypesLock) +- + /*! + \class QDBusMetaType + \inmodule QtDBus +@@ -217,14 +204,22 @@ void QDBusMetaType::registerMarshallOperators(int id, MarshallFunction mf, + DemarshallFunction df) + { + QByteArray var; +- QVector *ct = customTypes(); +- if (id < 0 || !mf || !df || !ct) ++ QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); ++ if (id < 0 || !mf || !df || !mgr) + return; // error! + +- QWriteLocker locker(customTypesLock()); +- if (id >= ct->size()) +- ct->resize(id + 1); +- QDBusCustomTypeInfo &info = (*ct)[id]; ++ QWriteLocker locker(&mgr->customTypesLock); ++ QVector &ct = mgr->customTypes; ++ registerMarshallOperatorsNoLock(ct, id, mf, df); ++} ++ ++static void registerMarshallOperatorsNoLock(QVector &ct, int id, ++ QDBusMetaType::MarshallFunction mf, ++ QDBusMetaType::DemarshallFunction df) ++{ ++ if (id >= ct.size()) ++ ct.resize(id + 1); ++ QDBusCustomTypeInfo &info = ct[id]; + info.marshall = mf; + info.demarshall = df; + } +@@ -241,12 +236,16 @@ bool QDBusMetaType::marshall(QDBusArgument &arg, int id, const void *data) + + MarshallFunction mf; + { +- QReadLocker locker(customTypesLock()); +- QVector *ct = customTypes(); +- if (id >= ct->size()) ++ const QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); ++ if (!mgr) ++ return false; // shutting down ++ ++ QReadLocker locker(&mgr->customTypesLock); ++ const QVector &ct = mgr->customTypes; ++ if (id >= ct.size()) + return false; // non-existent + +- const QDBusCustomTypeInfo &info = (*ct).at(id); ++ const QDBusCustomTypeInfo &info = ct.at(id); + if (!info.marshall) { + mf = 0; // make gcc happy + return false; +@@ -270,12 +269,16 @@ bool QDBusMetaType::demarshall(const QDBusArgument &arg, int id, void *data) + + DemarshallFunction df; + { +- QReadLocker locker(customTypesLock()); +- QVector *ct = customTypes(); +- if (id >= ct->size()) ++ const QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); ++ if (!mgr) ++ return false; // shutting down ++ ++ QReadLocker locker(&mgr->customTypesLock); ++ const QVector &ct = mgr->customTypes; ++ if (id >= ct.size()) + return false; // non-existent + +- const QDBusCustomTypeInfo &info = (*ct).at(id); ++ const QDBusCustomTypeInfo &info = ct.at(id); + if (!info.demarshall) { + df = 0; // make gcc happy + return false; +@@ -434,7 +437,11 @@ const char *QDBusMetaType::typeToSignature(int type) + DBUS_TYPE_BYTE_AS_STRING; // ay + } + +- QDBusMetaTypeId::init(); ++ // try the database ++ QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); ++ if (!mgr) ++ return Q_NULLPTR; // shutting down ++ + if (type == QDBusMetaTypeId::variant()) + return DBUS_TYPE_VARIANT_AS_STRING; + else if (type == QDBusMetaTypeId::objectpath()) +@@ -444,14 +451,13 @@ const char *QDBusMetaType::typeToSignature(int type) + else if (type == QDBusMetaTypeId::unixfd()) + return DBUS_TYPE_UNIX_FD_AS_STRING; + +- // try the database +- QVector *ct = customTypes(); + { +- QReadLocker locker(customTypesLock()); +- if (type >= ct->size()) ++ QReadLocker locker(&mgr->customTypesLock); ++ const QVector &ct = mgr->customTypes; ++ if (type >= ct.size()) + return 0; // type not registered with us + +- const QDBusCustomTypeInfo &info = (*ct).at(type); ++ const QDBusCustomTypeInfo &info = ct.at(type); + + if (!info.signature.isNull()) + return info.signature; +@@ -468,8 +474,9 @@ const char *QDBusMetaType::typeToSignature(int type) + QByteArray signature = QDBusArgumentPrivate::createSignature(type); + + // re-acquire lock +- QWriteLocker locker(customTypesLock()); +- info = &(*ct)[type]; ++ QWriteLocker locker(&mgr->customTypesLock); ++ QVector &ct = mgr->customTypes; ++ info = &ct[type]; + info->signature = signature; + } + return info->signature; +diff --git a/src/dbus/qdbusmetatype_p.h b/src/dbus/qdbusmetatype_p.h +index 1aa1155..1f7e613 100644 +--- a/src/dbus/qdbusmetatype_p.h ++++ b/src/dbus/qdbusmetatype_p.h +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2016 Intel Corporation. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtDBus module of the Qt Toolkit. +@@ -60,10 +61,27 @@ + #include + #include + ++#include ++#include ++#include ++ + #ifndef QT_NO_DBUS + + QT_BEGIN_NAMESPACE + ++class QDBusCustomTypeInfo ++{ ++public: ++ QDBusCustomTypeInfo() : signature(), marshall(0), demarshall(0) ++ { } ++ ++ // Suggestion: ++ // change 'signature' to char* and make QDBusCustomTypeInfo a Movable type ++ QByteArray signature; ++ QDBusMetaType::MarshallFunction marshall; ++ QDBusMetaType::DemarshallFunction demarshall; ++}; ++ + struct QDBusMetaTypeId + { + static int message(); // QDBusMessage +@@ -74,7 +92,14 @@ struct QDBusMetaTypeId + static int error(); // QDBusError + static int unixfd(); // QDBusUnixFileDescriptor + +- static void init(); ++ static void init() { instance(); } ++ static QDBusMetaTypeId *instance(); ++ ++ mutable QReadWriteLock customTypesLock; ++ QVector customTypes; ++ ++protected: ++ QDBusMetaTypeId(); + }; + + inline int QDBusMetaTypeId::message() +diff --git a/src/dbus/qdbusmisc.cpp b/src/dbus/qdbusmisc.cpp +index 930c3bd..01436da 100644 +--- a/src/dbus/qdbusmisc.cpp ++++ b/src/dbus/qdbusmisc.cpp +@@ -144,8 +144,9 @@ int qDBusParametersForMethod(const QMetaMethod &mm, QVector &metaTypes, QSt + + int qDBusParametersForMethod(const QList ¶meterTypes, QVector& metaTypes, QString &errorMsg) + { +- QDBusMetaTypeId::init(); + metaTypes.clear(); ++ if (!QDBusMetaTypeId::instance()) ++ return -1; + + metaTypes.append(0); // return type + int inputCount = 0; +-- +2.9.3 + diff --git a/0002-Fix-some-QtDBus-crashes-during-application-destructi.patch b/0002-Fix-some-QtDBus-crashes-during-application-destructi.patch new file mode 100644 index 0000000..8139a5d --- /dev/null +++ b/0002-Fix-some-QtDBus-crashes-during-application-destructi.patch @@ -0,0 +1,121 @@ +From 72700167cf051e5053f03bf4f4be391cd7514502 Mon Sep 17 00:00:00 2001 +From: Thiago Macieira +Date: Tue, 31 May 2016 17:33:03 -0300 +Subject: [PATCH 2/2] Fix some QtDBus crashes during application destruction + +It's possible that some code executes after QDBusConnectionManager is +destroyed and still tries to access QtDBus. Protect against such +crashes. + +Change-Id: I87e17314d8b24ae983b1fffd1453c13fbd3cf48e +--- + src/dbus/qdbusconnection.cpp | 12 ++++++++---- + src/dbus/qdbusintegrator.cpp | 3 +++ + src/dbus/qdbusserver.cpp | 12 ++++++++++-- + 3 files changed, 21 insertions(+), 6 deletions(-) + +diff --git a/src/dbus/qdbusconnection.cpp b/src/dbus/qdbusconnection.cpp +index 4187f19..aa14ac2 100644 +--- a/src/dbus/qdbusconnection.cpp ++++ b/src/dbus/qdbusconnection.cpp +@@ -418,7 +418,7 @@ void QDBusConnectionManager::createServer(const QString &address, void *server) + */ + QDBusConnection::QDBusConnection(const QString &name) + { +- if (name.isEmpty()) { ++ if (name.isEmpty() || _q_manager.isDestroyed()) { + d = 0; + } else { + QMutexLocker locker(&_q_manager()->mutex); +@@ -483,7 +483,7 @@ QDBusConnection &QDBusConnection::operator=(const QDBusConnection &other) + */ + QDBusConnection QDBusConnection::connectToBus(BusType type, const QString &name) + { +- if (!qdbus_loadLibDBus()) { ++ if (_q_manager.isDestroyed() || !qdbus_loadLibDBus()) { + QDBusConnectionPrivate *d = 0; + return QDBusConnection(d); + } +@@ -497,7 +497,7 @@ QDBusConnection QDBusConnection::connectToBus(BusType type, const QString &name) + QDBusConnection QDBusConnection::connectToBus(const QString &address, + const QString &name) + { +- if (!qdbus_loadLibDBus()) { ++ if (_q_manager.isDestroyed() || !qdbus_loadLibDBus()) { + QDBusConnectionPrivate *d = 0; + return QDBusConnection(d); + } +@@ -512,7 +512,7 @@ QDBusConnection QDBusConnection::connectToBus(const QString &address, + QDBusConnection QDBusConnection::connectToPeer(const QString &address, + const QString &name) + { +- if (!qdbus_loadLibDBus()) { ++ if (_q_manager.isDestroyed() || !qdbus_loadLibDBus()) { + QDBusConnectionPrivate *d = 0; + return QDBusConnection(d); + } +@@ -1167,6 +1167,8 @@ bool QDBusConnection::unregisterService(const QString &serviceName) + */ + QDBusConnection QDBusConnection::sessionBus() + { ++ if (_q_manager.isDestroyed()) ++ return QDBusConnection(Q_NULLPTR); + return QDBusConnection(_q_manager()->busConnection(SessionBus)); + } + +@@ -1179,6 +1181,8 @@ QDBusConnection QDBusConnection::sessionBus() + */ + QDBusConnection QDBusConnection::systemBus() + { ++ if (_q_manager.isDestroyed()) ++ return QDBusConnection(Q_NULLPTR); + return QDBusConnection(_q_manager()->busConnection(SystemBus)); + } + +diff --git a/src/dbus/qdbusintegrator.cpp b/src/dbus/qdbusintegrator.cpp +index 19f79e9..f8dc702 100644 +--- a/src/dbus/qdbusintegrator.cpp ++++ b/src/dbus/qdbusintegrator.cpp +@@ -299,6 +299,9 @@ static void qDBusNewConnection(DBusServer *server, DBusConnection *connection, v + Q_ASSERT(connection); + Q_ASSERT(data); + ++ if (!QDBusConnectionManager::instance()) ++ return; ++ + // keep the connection alive + q_dbus_connection_ref(connection); + QDBusConnectionPrivate *serverConnection = static_cast(data); +diff --git a/src/dbus/qdbusserver.cpp b/src/dbus/qdbusserver.cpp +index 027ce93..b1f9be2 100644 +--- a/src/dbus/qdbusserver.cpp ++++ b/src/dbus/qdbusserver.cpp +@@ -68,7 +68,11 @@ QDBusServer::QDBusServer(const QString &address, QObject *parent) + if (!qdbus_loadLibDBus()) + return; + +- emit QDBusConnectionManager::instance()->serverRequested(address, this); ++ QDBusConnectionManager *instance = QDBusConnectionManager::instance(); ++ if (!instance) ++ return; ++ ++ emit instance->serverRequested(address, this); + QObject::connect(d, SIGNAL(newServerConnection(QDBusConnectionPrivate*)), + this, SLOT(_q_newConnection(QDBusConnectionPrivate*)), Qt::QueuedConnection); + } +@@ -93,7 +97,11 @@ QDBusServer::QDBusServer(QObject *parent) + return; + } + +- emit QDBusConnectionManager::instance()->serverRequested(address, this); ++ QDBusConnectionManager *instance = QDBusConnectionManager::instance(); ++ if (!instance) ++ return; ++ ++ emit instance->serverRequested(address, this); + QObject::connect(d, SIGNAL(newServerConnection(QDBusConnectionPrivate*)), + this, SLOT(_q_newConnection(QDBusConnectionPrivate*)), Qt::QueuedConnection); + } +-- +2.9.3 + diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index d91f445..075ff78 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 0.beta.3%{?dist} +Release: 0.4.beta3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -101,6 +101,11 @@ Patch63: qt5-qtbase-5.7.1-openssl11.patch # support firebird version 3.x Patch64: qt5-qtbase-5.8.0-firebird.patch +## upstream patches (under review) +# https://codereview.qt-project.org/#/c/180232/ +Patch401: 0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch +Patch402: 0002-Fix-some-QtDBus-crashes-during-application-destructi.patch + # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are # not there, the platform to integrate with isn't either. Then Qt will just @@ -319,6 +324,9 @@ Qt5 libraries used for drawing widgets and OpenGL items. %prep %setup -q -n %{qt_module}-opensource-src-%{version}-beta3 +%patch401 -p1 -b .0401 +%patch402 -p1 -b .0402 + %patch4 -p1 -b .QTBUG-35459 %patch50 -p1 -b .QT_VERSION_CHECK @@ -926,6 +934,9 @@ fi %changelog +* Mon May 08 2017 Rex Dieter - 5.9.0-0.4.beta3 +- include recommended qtdbus patches, fix Release + * Fri May 05 2017 Helio Chissini de Castro - 5.9.0-0.beta.3 - Beta 3 release From f75707f390f3a6ad198fe1b31961f5c8bc8fc4ff Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 15 May 2017 20:07:13 +0000 Subject: [PATCH 10/44] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild --- qt5-qtbase.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 075ff78..cb0ab93 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 0.4.beta3%{?dist} +Release: 0.5.beta3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -934,6 +934,9 @@ fi %changelog +* Mon May 15 2017 Fedora Release Engineering - 5.9.0-0.5.beta3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild + * Mon May 08 2017 Rex Dieter - 5.9.0-0.4.beta3 - include recommended qtdbus patches, fix Release From 22adfb20d7a933f85843987bb806043f65ce4a80 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Tue, 16 May 2017 12:18:12 -0500 Subject: [PATCH 11/44] -common: Obsoletes: qt5-qtquick1(-devel) --- qt5-qtbase.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index cb0ab93..87dfaa5 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 0.5.beta3%{?dist} +Release: 0.6.beta3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -224,6 +224,9 @@ handling. %package common Summary: Common files for Qt5 +# offer upgrade path for qtquick1 somewhere... may as well be here -- rex +Obsoletes: qt5-qtquick1 < 5.9.0 +Obsoletes: qt5-qtquick1-devel < 5.9.0 Requires: %{name} = %{version}-%{release} BuildArch: noarch %description common @@ -934,6 +937,9 @@ fi %changelog +* Tue May 16 2017 Rex Dieter - 5.9.0-0.6.beta3 +- -common: Obsoletes: qt5-qtquick1(-devel) + * Mon May 15 2017 Fedora Release Engineering - 5.9.0-0.5.beta3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild From 4e688c90a52095b04b8f9291c2d1d41d8e9d6c12 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 24 May 2017 13:36:40 +0200 Subject: [PATCH 12/44] - Release candidate --- .gitignore | 1 + qt5-qtbase.spec | 15 +++++++++------ sources | 2 +- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index fa3e82c..5932e72 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ /qtbase-opensource-src-5.8.0.tar.xz /0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch /qtbase-opensource-src-5.9.0-beta3.tar.xz +/qtbase-opensource-src-5.9.0-rc.tar.xz diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 87dfaa5..c0364df 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,12 +49,12 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 0.6.beta3%{?dist} +Release: 0.rc.1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions Url: http://qt-project.org/ -Source0: http://download.qt.io/development_releases/qt/5.9/%{version}-beta3/submodules/%{qt_module}-opensource-src-%{version}-beta3.tar.xz +Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc1/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz # https://bugzilla.redhat.com/show_bug.cgi?id=1227295 Source1: qtlogging.ini @@ -325,7 +325,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. %prep -%setup -q -n %{qt_module}-opensource-src-%{version}-beta3 +%setup -q -n %{qt_module}-opensource-src-%{version}-rc %patch401 -p1 -b .0401 %patch402 -p1 -b .0402 @@ -495,7 +495,7 @@ translationdir=%{_qt5_translationdir} Name: Qt5 Description: Qt5 Configuration -Version: 5.7.1 +Version: 5.9.0 EOF # rpm macros @@ -937,6 +937,9 @@ fi %changelog +* Tue May 09 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 +- Upstream Release Candidate 1 + * Tue May 16 2017 Rex Dieter - 5.9.0-0.6.beta3 - -common: Obsoletes: qt5-qtquick1(-devel) @@ -1024,7 +1027,7 @@ fi - New upstream version * Thu Oct 20 2016 Rex Dieter - 5.7.0-10 -- fix Source0 URL +- fix Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc1/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz * Thu Sep 29 2016 Rex Dieter - 5.7.0-9 - Requires: openssl-libs%%{?_isa} (#1328659) @@ -1196,7 +1199,7 @@ fi - Crash in QXcbWindow::setParent() due to NULL xcbScreen (QTBUG-50081, #1291003) * Mon Dec 21 2015 Rex Dieter 5.6.0-0.17.beta -- fix/update Release: tag +- fix/update Release: 0.rc.1%{?dist} * Fri Dec 18 2015 Rex Dieter 5.6.0-0.16 - 5.6.0-beta (final) diff --git a/sources b/sources index 7453a4f..36e0691 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qtbase-opensource-src-5.9.0-beta3.tar.xz) = c1bd75415e921c8df90853943f72dcbc5b1337a102ce6966d8a7d8e085c749fc3dc651f5fff4cd1460523ecbce3194ca2db5ebe86586b65203e091c46dd39e86 +SHA512 (qtbase-opensource-src-5.9.0-rc.tar.xz) = e3dbe38b109dcd4e96d27cc159a5a4df8c6474db43771b58a62a7242dbf4185fa3e89cc64a6524bf87bf698abed129e50cf3dcf5f110c8d78535dd735a8d99a1 From 7b9849ffcd43885f9e996b4b3d79ceea5756b8e4 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 24 May 2017 13:38:44 +0200 Subject: [PATCH 13/44] - Release candidate --- qt5-qtbase.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index c0364df..ba9f6dc 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -937,6 +937,9 @@ fi %changelog +* Wed May 24 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 +- Upstream Release Candidate 1 + * Tue May 09 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 - Upstream Release Candidate 1 From 7a9bc1bbeab55bfd21cd86dc58c0b2437a93e1db Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 24 May 2017 13:39:24 +0200 Subject: [PATCH 14/44] - Release candidate --- qt5-qtbase.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index ba9f6dc..dd417dd 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -940,9 +940,6 @@ fi * Wed May 24 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 - Upstream Release Candidate 1 -* Tue May 09 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 -- Upstream Release Candidate 1 - * Tue May 16 2017 Rex Dieter - 5.9.0-0.6.beta3 - -common: Obsoletes: qt5-qtquick1(-devel) From a894d2cd4444d342ed868471cef619a57807713a Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 24 May 2017 13:47:36 +0200 Subject: [PATCH 15/44] - Release candidate --- qt5-qtbase.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index dd417dd..3399cf5 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -104,7 +104,6 @@ Patch64: qt5-qtbase-5.8.0-firebird.patch ## upstream patches (under review) # https://codereview.qt-project.org/#/c/180232/ Patch401: 0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch -Patch402: 0002-Fix-some-QtDBus-crashes-during-application-destructi.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -328,7 +327,6 @@ Qt5 libraries used for drawing widgets and OpenGL items. %setup -q -n %{qt_module}-opensource-src-%{version}-rc %patch401 -p1 -b .0401 -%patch402 -p1 -b .0402 %patch4 -p1 -b .QTBUG-35459 From dfe5703894c0a808a9cd073519969a6e38c449bb Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Fri, 26 May 2017 15:22:58 +0200 Subject: [PATCH 16/44] - Release candidate --- qt5-qtbase.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 3399cf5..bd45b12 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,12 +49,12 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 0.rc.1%{?dist} +Release: 0.1.rc%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions Url: http://qt-project.org/ -Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc1/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz +Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz # https://bugzilla.redhat.com/show_bug.cgi?id=1227295 Source1: qtlogging.ini @@ -935,6 +935,9 @@ fi %changelog +* Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc +- Upstream Release Candidate retagged + * Wed May 24 2017 Helio Chissini de Castro - 5.9.0-0.rc.1 - Upstream Release Candidate 1 @@ -1025,7 +1028,7 @@ fi - New upstream version * Thu Oct 20 2016 Rex Dieter - 5.7.0-10 -- fix Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc1/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz +- fix Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz * Thu Sep 29 2016 Rex Dieter - 5.7.0-9 - Requires: openssl-libs%%{?_isa} (#1328659) @@ -1197,7 +1200,7 @@ fi - Crash in QXcbWindow::setParent() due to NULL xcbScreen (QTBUG-50081, #1291003) * Mon Dec 21 2015 Rex Dieter 5.6.0-0.17.beta -- fix/update Release: 0.rc.1%{?dist} +- fix/update Release: 0.1.rc%{?dist} * Fri Dec 18 2015 Rex Dieter 5.6.0-0.16 - 5.6.0-beta (final) From a74a9fa59b821e24df03eb67e4bc12b4a731ddf1 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 31 May 2017 13:46:00 +0200 Subject: [PATCH 17/44] - 5.9.0 Final --- .gitignore | 1 + qt5-qtbase.spec | 13 ++++++++----- sources | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 5932e72..124b3b0 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch /qtbase-opensource-src-5.9.0-beta3.tar.xz /qtbase-opensource-src-5.9.0-rc.tar.xz +/qtbase-opensource-src-5.9.0.tar.xz diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index bd45b12..0ce8027 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,12 +49,12 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 0.1.rc%{?dist} +Release: 0.rc.1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions Url: http://qt-project.org/ -Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz +Source0: https://download.qt.io/official_releases/qt/5.9/5.9.0/submodules/qtbase-opensource-src-5.9.0.tar.xz # https://bugzilla.redhat.com/show_bug.cgi?id=1227295 Source1: qtlogging.ini @@ -324,7 +324,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. %prep -%setup -q -n %{qt_module}-opensource-src-%{version}-rc +%setup -q -n %{qt_module}-opensource-src-%{version} %patch401 -p1 -b .0401 @@ -935,6 +935,9 @@ fi %changelog +* Tue May 31 2017 Helio Chissini de Castro - 5.9.0-1 +- Upstream official release + * Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc - Upstream Release Candidate retagged @@ -1028,7 +1031,7 @@ fi - New upstream version * Thu Oct 20 2016 Rex Dieter - 5.7.0-10 -- fix Source0: https://download.qt.io/development_releases/qt/5.9/%{version}-rc/submodules/%{qt_module}-opensource-src-%{version}-rc.tar.xz +- fix Source0: https://download.qt.io/official_releases/qt/5.9/5.9.0/submodules/qtbase-opensource-src-5.9.0.tar.xz * Thu Sep 29 2016 Rex Dieter - 5.7.0-9 - Requires: openssl-libs%%{?_isa} (#1328659) @@ -1200,7 +1203,7 @@ fi - Crash in QXcbWindow::setParent() due to NULL xcbScreen (QTBUG-50081, #1291003) * Mon Dec 21 2015 Rex Dieter 5.6.0-0.17.beta -- fix/update Release: 0.1.rc%{?dist} +- fix/update Release: 0.rc.1%{?dist} * Fri Dec 18 2015 Rex Dieter 5.6.0-0.16 - 5.6.0-beta (final) diff --git a/sources b/sources index 36e0691..5b205bf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qtbase-opensource-src-5.9.0-rc.tar.xz) = e3dbe38b109dcd4e96d27cc159a5a4df8c6474db43771b58a62a7242dbf4185fa3e89cc64a6524bf87bf698abed129e50cf3dcf5f110c8d78535dd735a8d99a1 +SHA512 (qtbase-opensource-src-5.9.0.tar.xz) = 15b921c26dbedc7c339a5e1a235255a18b66fa53ac8af6f2d1ad64d939f1fee9817c8f115eac9a417ed0d2f832fb895b29acc61e393c97415447a067ea031be7 From 58ddb0cb5928cd58996549a7ff1e5a3e24770d87 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 31 May 2017 13:48:11 +0200 Subject: [PATCH 18/44] Fix date --- qt5-qtbase.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 0ce8027..59fb90d 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -935,9 +935,6 @@ fi %changelog -* Tue May 31 2017 Helio Chissini de Castro - 5.9.0-1 -- Upstream official release - * Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc - Upstream Release Candidate retagged From a0cfc469aa075692d3c81a0bb6aa3478247507f8 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 31 May 2017 13:49:20 +0200 Subject: [PATCH 19/44] - 5.9.0 Final --- qt5-qtbase.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 59fb90d..ffddb7b 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -935,6 +935,9 @@ fi %changelog +* Wed May 31 2017 Helio Chissini de Castro - 5.9.0-1 +- Upstream official release + * Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc - Upstream Release Candidate retagged From 0fdcd4c059b166245191e2ba1f4c35b3aa1aaf2c Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 31 May 2017 13:51:07 +0200 Subject: [PATCH 20/44] Fix date --- qt5-qtbase.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index ffddb7b..59fb90d 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -935,9 +935,6 @@ fi %changelog -* Wed May 31 2017 Helio Chissini de Castro - 5.9.0-1 -- Upstream official release - * Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc - Upstream Release Candidate retagged From b632435fccaf2b9623ff5eabe3d1ab05cf595098 Mon Sep 17 00:00:00 2001 From: Helio Chissini de Castro Date: Wed, 31 May 2017 13:51:54 +0200 Subject: [PATCH 21/44] - 5.9.0 Final --- qt5-qtbase.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 59fb90d..5d5d6ce 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 0.rc.1%{?dist} +Release: 1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -935,6 +935,9 @@ fi %changelog +* Wed May 31 2017 Helio Chissini de Castro - 5.9.0-1 +- Upstream official release + * Fri May 26 2017 Helio Chissini de Castro - 5.9.0-0.1.rc - Upstream Release Candidate retagged @@ -1200,7 +1203,7 @@ fi - Crash in QXcbWindow::setParent() due to NULL xcbScreen (QTBUG-50081, #1291003) * Mon Dec 21 2015 Rex Dieter 5.6.0-0.17.beta -- fix/update Release: 0.rc.1%{?dist} +- fix/update Release: 1%{?dist} * Fri Dec 18 2015 Rex Dieter 5.6.0-0.16 - 5.6.0-beta (final) From 8b64b2c9321d3fd93065a40c91b1cb2545db9596 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Thu, 1 Jun 2017 13:24:12 -0500 Subject: [PATCH 22/44] workaround gold linker issue with duplicate symbols (f27+, #1458003) --- qt5-qtbase.spec | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 5d5d6ce..867d61e 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 1%{?dist} +Release: 2%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -215,6 +215,13 @@ Requires: %{name}-common = %{version}-%{release} %define tds -no-sql-tds %endif +# workaround gold linker bug by not using it +# https://bugzilla.redhat.com/1458003 +# https://sourceware.org/bugzilla/show_bug.cgi?id=21074 +%if 0%{?fedora} > 26 +%global use_gold_linker -no-use-gold-linker +%endif + %description Qt is a software toolkit for developing applications. @@ -452,6 +459,7 @@ export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DOPENSSL_API_COMPAT=0x10100000L" %{?xcb} \ %{?xkbcommon} \ -system-zlib \ + %{?use_gold_linker} \ -no-directfb %if ! 0%{?inject_optflags} @@ -935,6 +943,9 @@ fi %changelog +* Thu Jun 01 2017 Rex Dieter - 5.9.0-2 +- workaround gold linker issue with duplicate symbols (f27+, #1458003) + * Wed May 31 2017 Helio Chissini de Castro - 5.9.0-1 - Upstream official release From 8e24008f23ca0ad292e518398faaee29aef4e5d2 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Fri, 16 Jun 2017 09:44:02 -0500 Subject: [PATCH 23/44] old sources --- .gitignore | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.gitignore b/.gitignore index 124b3b0..0785c54 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1 @@ -/qtbase-opensource-src-5.5.1.tar.xz -/qtbase-opensource-src-5.6.0-beta.tar.gz -/qtbase-opensource-src-5.6.0-rc.tar.xz -/sources -/qtbase-opensource-src-5.6.0.tar.xz -/qtbase-opensource-src-5.6.1.tar.xz -/qtbase-opensource-src-5.7.0.tar.xz -/qtbase-opensource-src-5.7.1.tar.xz -/qtbase-opensource-src-5.8.0.tar.xz -/0493-fix-VNC-platform-plugin-build-on-big-endian-machines.patch -/qtbase-opensource-src-5.9.0-beta3.tar.xz -/qtbase-opensource-src-5.9.0-rc.tar.xz /qtbase-opensource-src-5.9.0.tar.xz From b71fc696b2846e464652518aaddc71b26b48239c Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Fri, 16 Jun 2017 09:47:32 -0500 Subject: [PATCH 24/44] create_cmake.prf: adjust CMAKE_NO_PRIVATE_INCLUDES (#1456211,QTBUG-37417) --- qt5-qtbase.spec | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 867d61e..0afee84 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,12 +49,12 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 2%{?dist} +Release: 3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions -Url: http://qt-project.org/ -Source0: https://download.qt.io/official_releases/qt/5.9/5.9.0/submodules/qtbase-opensource-src-5.9.0.tar.xz +Url: http://qt-project.org/ +Source0: https://download.qt.io/official_releases/qt/5.9/%{version}/submodules/%{qt_module}-opensource-src-%{version}.tar.xz # https://bugzilla.redhat.com/show_bug.cgi?id=1227295 Source1: qtlogging.ini @@ -386,6 +386,10 @@ sed -i -e "s|^#!/usr/bin/env perl$|#!%{__perl}|" \ bin/syncqt.pl \ mkspecs/features/data/unix/findclasslist.pl +# Fix missing private includes https://bugreports.qt.io/browse/QTBUG-37417 +sed -e '/CMAKE_NO_PRIVATE_INCLUDES\ \=\ true/d' -i +mkspecs/features/create_cmake.prf + %build ## FIXME/TODO: @@ -474,6 +478,7 @@ make %{?_smp_mflags} -C qmake \ make %{?_smp_mflags} + %install make install INSTALL_ROOT=%{buildroot} @@ -943,6 +948,9 @@ fi %changelog +* Fri Jun 16 2017 Rex Dieter - 5.9.0-3 +- create_cmake.prf: adjust CMAKE_NO_PRIVATE_INCLUDES (#1456211,QTBUG-37417) + * Thu Jun 01 2017 Rex Dieter - 5.9.0-2 - workaround gold linker issue with duplicate symbols (f27+, #1458003) From 6162fbda3fcf827fc43080a4fdc2b4a167a0353e Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Fri, 16 Jun 2017 10:03:03 -0500 Subject: [PATCH 25/44] fix previous commit --- qt5-qtbase.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 0afee84..329d58e 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -387,8 +387,8 @@ sed -i -e "s|^#!/usr/bin/env perl$|#!%{__perl}|" \ mkspecs/features/data/unix/findclasslist.pl # Fix missing private includes https://bugreports.qt.io/browse/QTBUG-37417 -sed -e '/CMAKE_NO_PRIVATE_INCLUDES\ \=\ true/d' -i -mkspecs/features/create_cmake.prf +sed -e '/CMAKE_NO_PRIVATE_INCLUDES\ \=\ true/d' -i \ + mkspecs/features/create_cmake.prf %build From 241e6ae46df06dc8ef131d640decd93c8246eb51 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Thu, 6 Jul 2017 15:05:37 +0200 Subject: [PATCH 26/44] fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-10040 --- qt5-qtbase.spec | 5 ++++- qtbase-opensource-src-5.3.2-QTBUG-35459.patch | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 329d58e..8cf37ed 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 3%{?dist} +Release: 4%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -948,6 +948,9 @@ fi %changelog +* Thu Jul 06 2017 Than Ngo - 5.9.0-4 +- fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-10040 + * Fri Jun 16 2017 Rex Dieter - 5.9.0-3 - create_cmake.prf: adjust CMAKE_NO_PRIVATE_INCLUDES (#1456211,QTBUG-37417) diff --git a/qtbase-opensource-src-5.3.2-QTBUG-35459.patch b/qtbase-opensource-src-5.3.2-QTBUG-35459.patch index 1ef698b..e156250 100644 --- a/qtbase-opensource-src-5.3.2-QTBUG-35459.patch +++ b/qtbase-opensource-src-5.3.2-QTBUG-35459.patch @@ -7,7 +7,7 @@ diff -up qtbase-opensource-src-5.3.2/src/xml/sax/qxml_p.h.QTBUG-35459 qtbase-ope static const int dtdRecursionLimit = 2; // The maximum amount of characters an entity value may contain, after expansion. - static const int entityCharacterLimit = 1024; -+ static const int entityCharacterLimit = 65536; ++ static const int entityCharacterLimit = 4096; const QString &string(); void stringClear(); From 921d3a65eefb11bd5c7bed60c287931784fcd711 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Fri, 14 Jul 2017 13:50:46 +0200 Subject: [PATCH 27/44] fixed build issue with new mariad --- qt5-qtbase.spec | 9 ++++++++- qtbase-opensource-src-5.9.0-mysql.patch | 12 ++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 qtbase-opensource-src-5.9.0-mysql.patch diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 8cf37ed..7fa94e8 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 4%{?dist} +Release: 5%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -101,6 +101,9 @@ Patch63: qt5-qtbase-5.7.1-openssl11.patch # support firebird version 3.x Patch64: qt5-qtbase-5.8.0-firebird.patch +# fix for new mariadb +Patch65: qtbase-opensource-src-5.9.0-mysql.patch + ## upstream patches (under review) # https://codereview.qt-project.org/#/c/180232/ Patch401: 0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch @@ -345,6 +348,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch63 -p1 -b .openssl11 %endif %patch64 -p1 -b .firebird +%patch65 -p1 -b .mysql %if 0%{?inject_optflags} ## adjust $RPM_OPT_FLAGS @@ -948,6 +952,9 @@ fi %changelog +* Fri Jul 14 2017 Than Ngo - 5.9.0-5 +- fixed build issue with new mariadb + * Thu Jul 06 2017 Than Ngo - 5.9.0-4 - fixed bz#1409600, stack overflow in QXmlSimpleReader, CVE-2016-10040 diff --git a/qtbase-opensource-src-5.9.0-mysql.patch b/qtbase-opensource-src-5.9.0-mysql.patch new file mode 100644 index 0000000..c190ca6 --- /dev/null +++ b/qtbase-opensource-src-5.9.0-mysql.patch @@ -0,0 +1,12 @@ +diff -up qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql.cpp.than qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql.cpp +diff -up qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h.than qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h +--- qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h.than 2017-07-14 13:43:50.831203768 +0200 ++++ qtbase-opensource-src-5.9.0/src/plugins/sqldrivers/mysql/qsql_mysql_p.h 2017-07-14 13:44:24.364948006 +0200 +@@ -58,6 +58,7 @@ + #endif + + #include ++#include + + #ifdef QT_PLUGIN + #define Q_EXPORT_SQLDRIVER_MYSQL From 46844ac11595dc8a821996ec840a917f7430771d Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Tue, 18 Jul 2017 12:58:26 +0200 Subject: [PATCH 28/44] fixed bz#1442553, multilib issue --- qt5-qtbase.spec | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 7fa94e8..331b83a 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.0 -Release: 5%{?dist} +Release: 6%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -574,6 +574,17 @@ popd install -p -m755 -D %{SOURCE6} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/10-qt5-check-opengl2.sh +# fix bz#1442553 multilib issue +privat_header_file=%{buildroot}%{_qt5_headerdir}/QtCore/%{version}/QtCore/private/qconfig_p.h +grep -v QT_FEATURE_sse2 $privat_header_file > ${privat_header_file}.me +mv ${privat_header_file}.me ${privat_header_file} +cat >>${privat_header_file}< - 5.9.0-6 +- fixed bz#1442553, multilib issue + * Fri Jul 14 2017 Than Ngo - 5.9.0-5 - fixed build issue with new mariadb From 69c9a202b6ca9d7f89edefd3b43437c717615c66 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 19 Jul 2017 08:44:21 -0500 Subject: [PATCH 29/44] 5.9.1 --- .gitignore | 3 +- ...etaType-s-custom-information-to-QDBu.patch | 429 ------------------ ...crashes-during-application-destructi.patch | 121 ----- qt5-qtbase-5.8.0-firebird.patch | 37 -- qt5-qtbase-5.9.1-firebird.patch | 37 ++ qt5-qtbase.spec | 21 +- sources | 3 +- 7 files changed, 54 insertions(+), 597 deletions(-) delete mode 100644 0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch delete mode 100644 0002-Fix-some-QtDBus-crashes-during-application-destructi.patch delete mode 100644 qt5-qtbase-5.8.0-firebird.patch create mode 100644 qt5-qtbase-5.9.1-firebird.patch diff --git a/.gitignore b/.gitignore index 0785c54..b2d05f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -/qtbase-opensource-src-5.9.0.tar.xz +/qtbase-opensource-src-5.9.1.tar.xz +/0086-Fix-detection-of-AT-SPI.patch diff --git a/0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch b/0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch deleted file mode 100644 index 781c267..0000000 --- a/0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch +++ /dev/null @@ -1,429 +0,0 @@ -From 04cc2a3abad6ed825a97225b96a2e04f30fefcb1 Mon Sep 17 00:00:00 2001 -From: Thiago Macieira -Date: Thu, 28 Apr 2016 15:00:58 -0700 -Subject: [PATCH 1/2] Merge the QDBusMetaType's custom information to - QDBusConnectionManager - -This allows us to get rid of two Q_GLOBAL_STATIC in QtDBus, which means -fewer opportunities for screwing up the order of destruction. And since -QDBusConnectionManager now ensures that the types are initialized, we -don't need to re-initialize them everywhere. - -The Q_GLOBAL_STATIC for QDBusConnectionManager ensures the proper -thread-safe locking, so we don't need to lock for every type that we're -trying to register. This should make things faster. - -But as a side-effect, trying to register a D-Bus metatype will cause the -QDBusConnectionManager thread to start too. - -Change-Id: Ifea6e497f11a461db432ffff1449a4e535234485 ---- - src/dbus/qdbusconnection.cpp | 1 + - src/dbus/qdbusconnectionmanager_p.h | 3 +- - src/dbus/qdbusintegrator.cpp | 1 - - src/dbus/qdbusmetatype.cpp | 185 +++++++++++++++++++----------------- - src/dbus/qdbusmetatype_p.h | 27 +++++- - src/dbus/qdbusmisc.cpp | 3 +- - 6 files changed, 127 insertions(+), 93 deletions(-) - -diff --git a/src/dbus/qdbusconnection.cpp b/src/dbus/qdbusconnection.cpp -index f95cc3a..4187f19 100644 ---- a/src/dbus/qdbusconnection.cpp -+++ b/src/dbus/qdbusconnection.cpp -@@ -182,6 +182,7 @@ void QDBusConnectionManager::run() - } - } - connectionHash.clear(); -+ customTypes.clear(); - - // allow deletion from any thread without warning - moveToThread(Q_NULLPTR); -diff --git a/src/dbus/qdbusconnectionmanager_p.h b/src/dbus/qdbusconnectionmanager_p.h -index 1c7dea8..fd6cd84 100644 ---- a/src/dbus/qdbusconnectionmanager_p.h -+++ b/src/dbus/qdbusconnectionmanager_p.h -@@ -55,13 +55,14 @@ - - #include - #include "qdbusconnection_p.h" -+#include "qdbusmetatype_p.h" - #include "private/qthread_p.h" - - #ifndef QT_NO_DBUS - - QT_BEGIN_NAMESPACE - --class QDBusConnectionManager : public QDaemonThread -+class QDBusConnectionManager : public QDaemonThread, public QDBusMetaTypeId - { - Q_OBJECT - struct ConnectionRequestData; -diff --git a/src/dbus/qdbusintegrator.cpp b/src/dbus/qdbusintegrator.cpp -index c63fb05..19f79e9 100644 ---- a/src/dbus/qdbusintegrator.cpp -+++ b/src/dbus/qdbusintegrator.cpp -@@ -1036,7 +1036,6 @@ QDBusConnectionPrivate::QDBusConnectionPrivate(QObject *p) - qdbusThreadDebug = qdbusDefaultThreadDebug; - #endif - -- QDBusMetaTypeId::init(); - connect(this, &QDBusConnectionPrivate::dispatchStatusChanged, - this, &QDBusConnectionPrivate::doDispatch, Qt::QueuedConnection); - connect(this, &QDBusConnectionPrivate::spyHooksFinished, -diff --git a/src/dbus/qdbusmetatype.cpp b/src/dbus/qdbusmetatype.cpp -index fb2b407..9ab3c34 100644 ---- a/src/dbus/qdbusmetatype.cpp -+++ b/src/dbus/qdbusmetatype.cpp -@@ -1,6 +1,7 @@ - /**************************************************************************** - ** - ** Copyright (C) 2016 The Qt Company Ltd. -+** Copyright (C) 2016 Intel Corporation. - ** Contact: https://www.qt.io/licensing/ - ** - ** This file is part of the QtDBus module of the Qt Toolkit. -@@ -39,19 +40,15 @@ - - #include "qdbusmetatype.h" - #include "qdbusmetatype_p.h" -- --#include - #include "qdbus_symbols_p.h" - --#include --#include --#include --#include -+#include - - #include "qdbusargument_p.h" - #include "qdbusutil_p.h" - #include "qdbusunixfiledescriptor.h" - #ifndef QT_BOOTSTRAPPED -+#include "qdbusconnectionmanager_p.h" - #include "qdbusmessage.h" - #endif - -@@ -64,82 +61,72 @@ - - QT_BEGIN_NAMESPACE - --class QDBusCustomTypeInfo --{ --public: -- QDBusCustomTypeInfo() : signature(), marshall(0), demarshall(0) -- { } -- -- // Suggestion: -- // change 'signature' to char* and make QDBusCustomTypeInfo a Movable type -- QByteArray signature; -- QDBusMetaType::MarshallFunction marshall; -- QDBusMetaType::DemarshallFunction demarshall; --}; -+static void registerMarshallOperatorsNoLock(QVector &ct, int id, -+ QDBusMetaType::MarshallFunction mf, -+ QDBusMetaType::DemarshallFunction df); - - template --inline static void registerHelper(T * = 0) -+inline static void registerHelper(QVector &ct) - { - void (*mf)(QDBusArgument &, const T *) = qDBusMarshallHelper; - void (*df)(const QDBusArgument &, T *) = qDBusDemarshallHelper; -- QDBusMetaType::registerMarshallOperators(qMetaTypeId(), -+ registerMarshallOperatorsNoLock(ct, qMetaTypeId(), - reinterpret_cast(mf), - reinterpret_cast(df)); - } - --void QDBusMetaTypeId::init() -+QDBusMetaTypeId *QDBusMetaTypeId::instance() - { -- static QBasicAtomicInt initialized = Q_BASIC_ATOMIC_INITIALIZER(false); -- -- // reentrancy is not a problem since everything else is locked on their own -- // set the guard variable at the end -- if (!initialized.load()) { -- // register our types with Qt Core (calling qMetaTypeId() does this implicitly) -- (void)message(); -- (void)argument(); -- (void)variant(); -- (void)objectpath(); -- (void)signature(); -- (void)error(); -- (void)unixfd(); -+#ifdef QT_BOOTSTRAPPED -+ static QDBusMetaTypeId self; -+ return &self; -+#else -+ return QDBusConnectionManager::instance(); -+#endif -+} -+ -+QDBusMetaTypeId::QDBusMetaTypeId() -+{ -+ // register our types with Qt Core (calling qMetaTypeId() does this implicitly) -+ (void)message(); -+ (void)argument(); -+ (void)variant(); -+ (void)objectpath(); -+ (void)signature(); -+ (void)error(); -+ (void)unixfd(); - - #ifndef QDBUS_NO_SPECIALTYPES -- // and register Qt Core's with us -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- registerHelper(); -- -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -- qDBusRegisterMetaType >(); -+ // and register Qt Core's with us -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ registerHelper(customTypes); -+ -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); -+ registerHelper >(customTypes); - #endif -- -- initialized.store(true); -- } - } - --Q_GLOBAL_STATIC(QVector, customTypes) --Q_GLOBAL_STATIC(QReadWriteLock, customTypesLock) -- - /*! - \class QDBusMetaType - \inmodule QtDBus -@@ -217,14 +204,22 @@ void QDBusMetaType::registerMarshallOperators(int id, MarshallFunction mf, - DemarshallFunction df) - { - QByteArray var; -- QVector *ct = customTypes(); -- if (id < 0 || !mf || !df || !ct) -+ QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); -+ if (id < 0 || !mf || !df || !mgr) - return; // error! - -- QWriteLocker locker(customTypesLock()); -- if (id >= ct->size()) -- ct->resize(id + 1); -- QDBusCustomTypeInfo &info = (*ct)[id]; -+ QWriteLocker locker(&mgr->customTypesLock); -+ QVector &ct = mgr->customTypes; -+ registerMarshallOperatorsNoLock(ct, id, mf, df); -+} -+ -+static void registerMarshallOperatorsNoLock(QVector &ct, int id, -+ QDBusMetaType::MarshallFunction mf, -+ QDBusMetaType::DemarshallFunction df) -+{ -+ if (id >= ct.size()) -+ ct.resize(id + 1); -+ QDBusCustomTypeInfo &info = ct[id]; - info.marshall = mf; - info.demarshall = df; - } -@@ -241,12 +236,16 @@ bool QDBusMetaType::marshall(QDBusArgument &arg, int id, const void *data) - - MarshallFunction mf; - { -- QReadLocker locker(customTypesLock()); -- QVector *ct = customTypes(); -- if (id >= ct->size()) -+ const QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); -+ if (!mgr) -+ return false; // shutting down -+ -+ QReadLocker locker(&mgr->customTypesLock); -+ const QVector &ct = mgr->customTypes; -+ if (id >= ct.size()) - return false; // non-existent - -- const QDBusCustomTypeInfo &info = (*ct).at(id); -+ const QDBusCustomTypeInfo &info = ct.at(id); - if (!info.marshall) { - mf = 0; // make gcc happy - return false; -@@ -270,12 +269,16 @@ bool QDBusMetaType::demarshall(const QDBusArgument &arg, int id, void *data) - - DemarshallFunction df; - { -- QReadLocker locker(customTypesLock()); -- QVector *ct = customTypes(); -- if (id >= ct->size()) -+ const QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); -+ if (!mgr) -+ return false; // shutting down -+ -+ QReadLocker locker(&mgr->customTypesLock); -+ const QVector &ct = mgr->customTypes; -+ if (id >= ct.size()) - return false; // non-existent - -- const QDBusCustomTypeInfo &info = (*ct).at(id); -+ const QDBusCustomTypeInfo &info = ct.at(id); - if (!info.demarshall) { - df = 0; // make gcc happy - return false; -@@ -434,7 +437,11 @@ const char *QDBusMetaType::typeToSignature(int type) - DBUS_TYPE_BYTE_AS_STRING; // ay - } - -- QDBusMetaTypeId::init(); -+ // try the database -+ QDBusMetaTypeId *mgr = QDBusMetaTypeId::instance(); -+ if (!mgr) -+ return Q_NULLPTR; // shutting down -+ - if (type == QDBusMetaTypeId::variant()) - return DBUS_TYPE_VARIANT_AS_STRING; - else if (type == QDBusMetaTypeId::objectpath()) -@@ -444,14 +451,13 @@ const char *QDBusMetaType::typeToSignature(int type) - else if (type == QDBusMetaTypeId::unixfd()) - return DBUS_TYPE_UNIX_FD_AS_STRING; - -- // try the database -- QVector *ct = customTypes(); - { -- QReadLocker locker(customTypesLock()); -- if (type >= ct->size()) -+ QReadLocker locker(&mgr->customTypesLock); -+ const QVector &ct = mgr->customTypes; -+ if (type >= ct.size()) - return 0; // type not registered with us - -- const QDBusCustomTypeInfo &info = (*ct).at(type); -+ const QDBusCustomTypeInfo &info = ct.at(type); - - if (!info.signature.isNull()) - return info.signature; -@@ -468,8 +474,9 @@ const char *QDBusMetaType::typeToSignature(int type) - QByteArray signature = QDBusArgumentPrivate::createSignature(type); - - // re-acquire lock -- QWriteLocker locker(customTypesLock()); -- info = &(*ct)[type]; -+ QWriteLocker locker(&mgr->customTypesLock); -+ QVector &ct = mgr->customTypes; -+ info = &ct[type]; - info->signature = signature; - } - return info->signature; -diff --git a/src/dbus/qdbusmetatype_p.h b/src/dbus/qdbusmetatype_p.h -index 1aa1155..1f7e613 100644 ---- a/src/dbus/qdbusmetatype_p.h -+++ b/src/dbus/qdbusmetatype_p.h -@@ -1,6 +1,7 @@ - /**************************************************************************** - ** - ** Copyright (C) 2016 The Qt Company Ltd. -+** Copyright (C) 2016 Intel Corporation. - ** Contact: https://www.qt.io/licensing/ - ** - ** This file is part of the QtDBus module of the Qt Toolkit. -@@ -60,10 +61,27 @@ - #include - #include - -+#include -+#include -+#include -+ - #ifndef QT_NO_DBUS - - QT_BEGIN_NAMESPACE - -+class QDBusCustomTypeInfo -+{ -+public: -+ QDBusCustomTypeInfo() : signature(), marshall(0), demarshall(0) -+ { } -+ -+ // Suggestion: -+ // change 'signature' to char* and make QDBusCustomTypeInfo a Movable type -+ QByteArray signature; -+ QDBusMetaType::MarshallFunction marshall; -+ QDBusMetaType::DemarshallFunction demarshall; -+}; -+ - struct QDBusMetaTypeId - { - static int message(); // QDBusMessage -@@ -74,7 +92,14 @@ struct QDBusMetaTypeId - static int error(); // QDBusError - static int unixfd(); // QDBusUnixFileDescriptor - -- static void init(); -+ static void init() { instance(); } -+ static QDBusMetaTypeId *instance(); -+ -+ mutable QReadWriteLock customTypesLock; -+ QVector customTypes; -+ -+protected: -+ QDBusMetaTypeId(); - }; - - inline int QDBusMetaTypeId::message() -diff --git a/src/dbus/qdbusmisc.cpp b/src/dbus/qdbusmisc.cpp -index 930c3bd..01436da 100644 ---- a/src/dbus/qdbusmisc.cpp -+++ b/src/dbus/qdbusmisc.cpp -@@ -144,8 +144,9 @@ int qDBusParametersForMethod(const QMetaMethod &mm, QVector &metaTypes, QSt - - int qDBusParametersForMethod(const QList ¶meterTypes, QVector& metaTypes, QString &errorMsg) - { -- QDBusMetaTypeId::init(); - metaTypes.clear(); -+ if (!QDBusMetaTypeId::instance()) -+ return -1; - - metaTypes.append(0); // return type - int inputCount = 0; --- -2.9.3 - diff --git a/0002-Fix-some-QtDBus-crashes-during-application-destructi.patch b/0002-Fix-some-QtDBus-crashes-during-application-destructi.patch deleted file mode 100644 index 8139a5d..0000000 --- a/0002-Fix-some-QtDBus-crashes-during-application-destructi.patch +++ /dev/null @@ -1,121 +0,0 @@ -From 72700167cf051e5053f03bf4f4be391cd7514502 Mon Sep 17 00:00:00 2001 -From: Thiago Macieira -Date: Tue, 31 May 2016 17:33:03 -0300 -Subject: [PATCH 2/2] Fix some QtDBus crashes during application destruction - -It's possible that some code executes after QDBusConnectionManager is -destroyed and still tries to access QtDBus. Protect against such -crashes. - -Change-Id: I87e17314d8b24ae983b1fffd1453c13fbd3cf48e ---- - src/dbus/qdbusconnection.cpp | 12 ++++++++---- - src/dbus/qdbusintegrator.cpp | 3 +++ - src/dbus/qdbusserver.cpp | 12 ++++++++++-- - 3 files changed, 21 insertions(+), 6 deletions(-) - -diff --git a/src/dbus/qdbusconnection.cpp b/src/dbus/qdbusconnection.cpp -index 4187f19..aa14ac2 100644 ---- a/src/dbus/qdbusconnection.cpp -+++ b/src/dbus/qdbusconnection.cpp -@@ -418,7 +418,7 @@ void QDBusConnectionManager::createServer(const QString &address, void *server) - */ - QDBusConnection::QDBusConnection(const QString &name) - { -- if (name.isEmpty()) { -+ if (name.isEmpty() || _q_manager.isDestroyed()) { - d = 0; - } else { - QMutexLocker locker(&_q_manager()->mutex); -@@ -483,7 +483,7 @@ QDBusConnection &QDBusConnection::operator=(const QDBusConnection &other) - */ - QDBusConnection QDBusConnection::connectToBus(BusType type, const QString &name) - { -- if (!qdbus_loadLibDBus()) { -+ if (_q_manager.isDestroyed() || !qdbus_loadLibDBus()) { - QDBusConnectionPrivate *d = 0; - return QDBusConnection(d); - } -@@ -497,7 +497,7 @@ QDBusConnection QDBusConnection::connectToBus(BusType type, const QString &name) - QDBusConnection QDBusConnection::connectToBus(const QString &address, - const QString &name) - { -- if (!qdbus_loadLibDBus()) { -+ if (_q_manager.isDestroyed() || !qdbus_loadLibDBus()) { - QDBusConnectionPrivate *d = 0; - return QDBusConnection(d); - } -@@ -512,7 +512,7 @@ QDBusConnection QDBusConnection::connectToBus(const QString &address, - QDBusConnection QDBusConnection::connectToPeer(const QString &address, - const QString &name) - { -- if (!qdbus_loadLibDBus()) { -+ if (_q_manager.isDestroyed() || !qdbus_loadLibDBus()) { - QDBusConnectionPrivate *d = 0; - return QDBusConnection(d); - } -@@ -1167,6 +1167,8 @@ bool QDBusConnection::unregisterService(const QString &serviceName) - */ - QDBusConnection QDBusConnection::sessionBus() - { -+ if (_q_manager.isDestroyed()) -+ return QDBusConnection(Q_NULLPTR); - return QDBusConnection(_q_manager()->busConnection(SessionBus)); - } - -@@ -1179,6 +1181,8 @@ QDBusConnection QDBusConnection::sessionBus() - */ - QDBusConnection QDBusConnection::systemBus() - { -+ if (_q_manager.isDestroyed()) -+ return QDBusConnection(Q_NULLPTR); - return QDBusConnection(_q_manager()->busConnection(SystemBus)); - } - -diff --git a/src/dbus/qdbusintegrator.cpp b/src/dbus/qdbusintegrator.cpp -index 19f79e9..f8dc702 100644 ---- a/src/dbus/qdbusintegrator.cpp -+++ b/src/dbus/qdbusintegrator.cpp -@@ -299,6 +299,9 @@ static void qDBusNewConnection(DBusServer *server, DBusConnection *connection, v - Q_ASSERT(connection); - Q_ASSERT(data); - -+ if (!QDBusConnectionManager::instance()) -+ return; -+ - // keep the connection alive - q_dbus_connection_ref(connection); - QDBusConnectionPrivate *serverConnection = static_cast(data); -diff --git a/src/dbus/qdbusserver.cpp b/src/dbus/qdbusserver.cpp -index 027ce93..b1f9be2 100644 ---- a/src/dbus/qdbusserver.cpp -+++ b/src/dbus/qdbusserver.cpp -@@ -68,7 +68,11 @@ QDBusServer::QDBusServer(const QString &address, QObject *parent) - if (!qdbus_loadLibDBus()) - return; - -- emit QDBusConnectionManager::instance()->serverRequested(address, this); -+ QDBusConnectionManager *instance = QDBusConnectionManager::instance(); -+ if (!instance) -+ return; -+ -+ emit instance->serverRequested(address, this); - QObject::connect(d, SIGNAL(newServerConnection(QDBusConnectionPrivate*)), - this, SLOT(_q_newConnection(QDBusConnectionPrivate*)), Qt::QueuedConnection); - } -@@ -93,7 +97,11 @@ QDBusServer::QDBusServer(QObject *parent) - return; - } - -- emit QDBusConnectionManager::instance()->serverRequested(address, this); -+ QDBusConnectionManager *instance = QDBusConnectionManager::instance(); -+ if (!instance) -+ return; -+ -+ emit instance->serverRequested(address, this); - QObject::connect(d, SIGNAL(newServerConnection(QDBusConnectionPrivate*)), - this, SLOT(_q_newConnection(QDBusConnectionPrivate*)), Qt::QueuedConnection); - } --- -2.9.3 - diff --git a/qt5-qtbase-5.8.0-firebird.patch b/qt5-qtbase-5.8.0-firebird.patch deleted file mode 100644 index 75c0861..0000000 --- a/qt5-qtbase-5.8.0-firebird.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -r -u a/config.tests/unix/ibase/ibase.cpp b/config.tests/unix/ibase/ibase.cpp ---- a/config.tests/unix/ibase/ibase.cpp 2017-01-18 15:20:58.000000000 +0100 -+++ b/config.tests/unix/ibase/ibase.cpp 2017-01-27 11:19:39.894994134 +0100 -@@ -37,7 +37,7 @@ - ** - ****************************************************************************/ - --#include -+#include - - int main(int, char **) - { -diff -r -u a/src/plugins/sqldrivers/ibase/qsql_ibase_p.h b/src/plugins/sqldrivers/ibase/qsql_ibase_p.h ---- a/src/plugins/sqldrivers/ibase/qsql_ibase_p.h 2017-01-18 15:20:58.000000000 +0100 -+++ b/src/plugins/sqldrivers/ibase/qsql_ibase_p.h 2017-01-27 11:29:10.169983782 +0100 -@@ -52,7 +52,7 @@ - // - - #include --#include -+#include - - #ifdef QT_PLUGIN - #define Q_EXPORT_SQLDRIVER_IBASE -diff -r -u a/src/sql/configure.json b/src/sql/configure.json ---- a/src/sql/configure.json 2017-01-18 15:20:58.000000000 +0100 -+++ b/src/sql/configure.json 2017-01-27 11:23:31.186794680 +0100 -@@ -51,7 +51,8 @@ - "test": "unix/ibase", - "sources": [ - { "libs": "-lgds32_ms", "condition": "config.win32" }, -- { "libs": "-lgds", "condition": "!config.win32" } -+ { "libs": "-lgds", "condition": "!config.win32" }, -+ { "libs": "-lfbclient", "condition": "!config.win32" } - ] - }, - "mysql": { diff --git a/qt5-qtbase-5.9.1-firebird.patch b/qt5-qtbase-5.9.1-firebird.patch new file mode 100644 index 0000000..1789a35 --- /dev/null +++ b/qt5-qtbase-5.9.1-firebird.patch @@ -0,0 +1,37 @@ +diff -up qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp.firebird qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp +--- qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp.firebird 2017-06-28 04:54:29.000000000 -0500 ++++ qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp 2017-07-16 08:28:47.833992502 -0500 +@@ -37,7 +37,7 @@ + ** + ****************************************************************************/ + +-#include ++#include + + int main(int, char **) + { +diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json.firebird qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json +--- qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json.firebird 2017-06-28 04:54:29.000000000 -0500 ++++ qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json 2017-07-16 12:38:43.730108724 -0500 +@@ -50,7 +50,8 @@ + "test": "unix/ibase", + "sources": [ + { "libs": "-lgds32_ms", "condition": "config.win32" }, +- { "libs": "-lgds", "condition": "!config.win32" } ++ { "libs": "-lgds", "condition": "!config.win32" }, ++ { "libs": "-lfbclient", "condition": "!config.win32" } + ] + }, + "mysql": { +diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h.firebird qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h +--- qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h.firebird 2017-06-28 04:54:29.000000000 -0500 ++++ qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h 2017-07-16 08:28:47.833992502 -0500 +@@ -52,7 +52,7 @@ + // + + #include +-#include ++#include + + #ifdef QT_PLUGIN + #define Q_EXPORT_SQLDRIVER_IBASE diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 331b83a..0b624b3 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -48,8 +48,8 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components -Version: 5.9.0 -Release: 6%{?dist} +Version: 5.9.1 +Release: 1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -99,14 +99,13 @@ Patch61: qt5-qtbase-cxxflag.patch Patch63: qt5-qtbase-5.7.1-openssl11.patch # support firebird version 3.x -Patch64: qt5-qtbase-5.8.0-firebird.patch +Patch64: qt5-qtbase-5.9.1-firebird.patch # fix for new mariadb Patch65: qtbase-opensource-src-5.9.0-mysql.patch -## upstream patches (under review) -# https://codereview.qt-project.org/#/c/180232/ -Patch401: 0001-Merge-the-QDBusMetaType-s-custom-information-to-QDBu.patch +## upstream patches (5.9 branch) +Patch486: 0086-Fix-detection-of-AT-SPI.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -124,6 +123,8 @@ BuildRequires: libjpeg-devel BuildRequires: libmng-devel BuildRequires: libtiff-devel BuildRequires: pkgconfig(alsa) +# required for -accessibility +BuildRequires: pkgconfig(atspi-2) %if 0%{?use_clang} BuildRequires: clang >= 3.7.0 %endif @@ -336,8 +337,6 @@ Qt5 libraries used for drawing widgets and OpenGL items. %prep %setup -q -n %{qt_module}-opensource-src-%{version} -%patch401 -p1 -b .0401 - %patch4 -p1 -b .QTBUG-35459 %patch50 -p1 -b .QT_VERSION_CHECK @@ -350,6 +349,8 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch64 -p1 -b .firebird %patch65 -p1 -b .mysql +%patch486 -p1 -b .0086 + %if 0%{?inject_optflags} ## adjust $RPM_OPT_FLAGS @@ -586,6 +587,7 @@ cat >>${privat_header_file}< - 5.9.1-1 +- 5.9.1 + * Tue Jul 18 2017 Than Ngo - 5.9.0-6 - fixed bz#1442553, multilib issue diff --git a/sources b/sources index 5b205bf..33d24a4 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (qtbase-opensource-src-5.9.0.tar.xz) = 15b921c26dbedc7c339a5e1a235255a18b66fa53ac8af6f2d1ad64d939f1fee9817c8f115eac9a417ed0d2f832fb895b29acc61e393c97415447a067ea031be7 +SHA512 (qtbase-opensource-src-5.9.1.tar.xz) = b384e91b3fd88b2f32e826e3dd1c930213683a0fdbfd284a319204fa8d27c796b54324cf4a715f6bebd92fca6426e37cf0be5866fc1f6053b8758570ddb2fa45 +SHA512 (0086-Fix-detection-of-AT-SPI.patch) = f78f481369e4b68400ae122a7cf4d20030ee8ea89ea211f98f5ffa895d449acd9a7207d3b010e927a7a33d644eab90e1d5bb951d71e1a5b1a11f4ac1a0241bce From 7db91a4ff05e7ae63539bc13d4df55a0f4b94367 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 27 Jul 2017 12:42:52 +0000 Subject: [PATCH 30/44] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- qt5-qtbase.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 0b624b3..f5c6aac 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -49,7 +49,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 1%{?dist} +Release: 2%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -965,6 +965,9 @@ fi %changelog +* Thu Jul 27 2017 Fedora Release Engineering - 5.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Wed Jul 19 2017 Rex Dieter - 5.9.1-1 - 5.9.1 From f46a671628b374d644097b1838e2745cb4bee4e4 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Thu, 27 Jul 2017 15:30:00 +0200 Subject: [PATCH 31/44] fixed bz#1401459, backport openssl-1.1 support --- qt5-qtbase-5.7.1-openssl11.patch | 809 ------ qt5-qtbase-5.9.1-openssl11.patch | 4150 ++++++++++++++++++++++++++++++ qt5-qtbase.spec | 52 +- 3 files changed, 4172 insertions(+), 839 deletions(-) delete mode 100644 qt5-qtbase-5.7.1-openssl11.patch create mode 100644 qt5-qtbase-5.9.1-openssl11.patch diff --git a/qt5-qtbase-5.7.1-openssl11.patch b/qt5-qtbase-5.7.1-openssl11.patch deleted file mode 100644 index 19f778b..0000000 --- a/qt5-qtbase-5.7.1-openssl11.patch +++ /dev/null @@ -1,809 +0,0 @@ -diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp ---- qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 -+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp 2016-11-28 09:22:07.374079451 -0500 -@@ -64,9 +64,12 @@ bool QSslCertificate::operator==(const Q - uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW - { - if (X509 * const x509 = key.d->x509) { -- (void)q_X509_cmp(x509, x509); // populate x509->sha1_hash -- // (if someone knows a better way...) -- return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed); -+ unsigned int len; -+ unsigned char md[EVP_MAX_MD_SIZE]; -+ const EVP_MD *sha1 = q_EVP_sha1(); -+ -+ q_X509_digest(x509, sha1, md, &len); -+ return qHashBits(md, len, seed); - } else { - return seed; - } -@@ -90,7 +93,7 @@ QByteArray QSslCertificate::version() co - QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); - if (d->versionString.isEmpty() && d->x509) - d->versionString = -- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); -+ QByteArray::number(qlonglong(X509_get_version(d->x509)) + 1); - - return d->versionString; - } -@@ -99,7 +102,7 @@ QByteArray QSslCertificate::serialNumber - { - QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); - if (d->serialNumberString.isEmpty() && d->x509) { -- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; -+ ASN1_INTEGER *serialNumber = X509_get_serialNumber(d->x509); - QByteArray hexString; - hexString.reserve(serialNumber->length * 3); - for (int a = 0; a < serialNumber->length; ++a) { -@@ -206,7 +209,7 @@ QMultiMaptype == GEN_EMAIL) - result.insert(QSsl::EmailEntry, altName); - } -- q_sk_pop_free((STACK*)altNames, reinterpret_cast(q_sk_free)); -+ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)altNames, reinterpret_cast(q_OPENSSL_sk_free)); - } - - return result; -@@ -235,25 +238,22 @@ QSslKey QSslCertificate::publicKey() con - QSslKey key; - - key.d->type = QSsl::PublicKey; -- X509_PUBKEY *xkey = d->x509->cert_info->key; -+ X509_PUBKEY *xkey = X509_get_X509_PUBKEY(d->x509); - EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); - Q_ASSERT(pkey); - -- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { -- key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); -+ if ((key.d->rsa = q_EVP_PKEY_get1_RSA(pkey))) { - key.d->algorithm = QSsl::Rsa; - key.d->isNull = false; -- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { -- key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); -+ } else if ((key.d->dsa = q_EVP_PKEY_get1_DSA(pkey))) { - key.d->algorithm = QSsl::Dsa; - key.d->isNull = false; - #ifndef OPENSSL_NO_EC -- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { -- key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey); -+ } else if ((key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey))) { - key.d->algorithm = QSsl::Ec; - key.d->isNull = false; - #endif -- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { -+ } else if (EVP_PKEY_get1_DH(pkey)) { - // DH unsupported - } else { - // error? -@@ -380,11 +380,7 @@ static QVariant x509ExtensionToValue(X50 - } - } - --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -- q_sk_pop_free((_STACK*)info, reinterpret_cast(q_sk_free)); --#else -- q_sk_pop_free((STACK*)info, reinterpret_cast(q_sk_free)); --#endif -+ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)info, reinterpret_cast(q_OPENSSL_sk_free)); - return result; - } - break; -@@ -607,7 +603,7 @@ static QMap _q_mapF - unsigned char *data = 0; - int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); - info.insertMulti(name, QString::fromUtf8((char*)data, size)); -- q_CRYPTO_free(data); -+ q_OPENSSL_free(data); - } - - return info; -diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp ---- qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 -+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp 2016-11-28 09:22:07.374079451 -0500 -@@ -110,7 +110,7 @@ void QSslContext::initSslContext(QSslCon - init_context: - switch (sslContext->sslConfiguration.protocol()) { - case QSsl::SslV2: --#ifndef OPENSSL_NO_SSL2 -+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L - sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); - #else - // SSL 2 not supported by the system, but chosen deliberately -> error -@@ -331,7 +331,7 @@ init_context: - q_DH_free(dh); - - #ifndef OPENSSL_NO_EC --#if OPENSSL_VERSION_NUMBER >= 0x10002000L -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L - if (q_SSLeay() >= 0x10002000L) { - q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); - } else -@@ -487,7 +487,7 @@ bool QSslContext::cacheSession(SSL* ssl) - unsigned char *data = reinterpret_cast(m_sessionASN1.data()); - if (!q_i2d_SSL_SESSION(session, &data)) - qCWarning(lcSsl, "could not store persistent version of SSL session"); -- m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint; -+ m_sessionTicketLifeTimeHint = SSL_SESSION_get_ticket_lifetime_hint(session); - } - } - -diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp ---- qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 -+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp 2016-11-28 09:22:07.374079451 -0500 -@@ -84,28 +84,26 @@ void QSslKeyPrivate::clear(bool deep) - - bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) - { -- if (pkey->type == EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { - isNull = false; - algorithm = QSsl::Rsa; - type = QSsl::PrivateKey; - -- rsa = q_RSA_new(); -- memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); -+ rsa = q_EVP_PKEY_get1_RSA(pkey); - - return true; - } -- else if (pkey->type == EVP_PKEY_DSA) { -+ else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) { - isNull = false; - algorithm = QSsl::Dsa; - type = QSsl::PrivateKey; - -- dsa = q_DSA_new(); -- memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA)); -+ dsa = q_EVP_PKEY_get1_DSA(pkey); - - return true; - } - #ifndef OPENSSL_NO_EC -- else if (pkey->type == EVP_PKEY_EC) { -+ else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { - isNull = false; - algorithm = QSsl::Ec; - type = QSsl::PrivateKey; -@@ -178,8 +176,8 @@ int QSslKeyPrivate::length() const - return -1; - - switch (algorithm) { -- case QSsl::Rsa: return q_BN_num_bits(rsa->n); -- case QSsl::Dsa: return q_BN_num_bits(dsa->p); -+ case QSsl::Rsa: return q_RSA_bits(rsa); -+ case QSsl::Dsa: return q_DSA_bits(dsa); - #ifndef OPENSSL_NO_EC - case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); - #endif -@@ -273,7 +271,7 @@ Qt::HANDLE QSslKeyPrivate::handle() cons - - static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) - { -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - const EVP_CIPHER* type = 0; - int i = 0, len = 0; - -@@ -291,21 +289,22 @@ static QByteArray doCrypt(QSslKeyPrivate - - QByteArray output; - output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); -- q_EVP_CIPHER_CTX_init(&ctx); -- q_EVP_CipherInit(&ctx, type, NULL, NULL, enc); -- q_EVP_CIPHER_CTX_set_key_length(&ctx, key.size()); -+ q_EVP_CIPHER_CTX_init(ctx); -+ q_EVP_CipherInit(ctx, type, NULL, NULL, enc); -+ q_EVP_CIPHER_CTX_set_key_length(ctx, key.size()); - if (cipher == QSslKeyPrivate::Rc2Cbc) -- q_EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); -- q_EVP_CipherInit(&ctx, NULL, -+ q_EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); -+ q_EVP_CipherInit(ctx, NULL, - reinterpret_cast(key.constData()), - reinterpret_cast(iv.constData()), enc); -- q_EVP_CipherUpdate(&ctx, -+ q_EVP_CipherUpdate(ctx, - reinterpret_cast(output.data()), &len, - reinterpret_cast(data.constData()), data.size()); -- q_EVP_CipherFinal(&ctx, -+ q_EVP_CipherFinal(ctx, - reinterpret_cast(output.data()) + len, &i); - len += i; -- q_EVP_CIPHER_CTX_cleanup(&ctx); -+ q_EVP_CIPHER_CTX_cleanup(ctx); -+ EVP_CIPHER_CTX_free(ctx); - - return output.left(len); - } -diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp ---- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 -+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp 2016-11-28 09:22:07.374079451 -0500 -@@ -98,70 +98,6 @@ bool QSslSocketPrivate::s_loadRootCertsO - int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; - #endif - --/* \internal -- -- From OpenSSL's thread(3) manual page: -- -- OpenSSL can safely be used in multi-threaded applications provided that at -- least two callback functions are set. -- -- locking_function(int mode, int n, const char *file, int line) is needed to -- perform locking on shared data structures. (Note that OpenSSL uses a -- number of global data structures that will be implicitly shared -- whenever multiple threads use OpenSSL.) Multi-threaded -- applications will crash at random if it is not set. ... -- ... -- id_function(void) is a function that returns a thread ID. It is not -- needed on Windows nor on platforms where getpid() returns a different -- ID for each thread (most notably Linux) --*/ --class QOpenSslLocks --{ --public: -- inline QOpenSslLocks() -- : initLocker(QMutex::Recursive), -- locksLocker(QMutex::Recursive) -- { -- QMutexLocker locker(&locksLocker); -- int numLocks = q_CRYPTO_num_locks(); -- locks = new QMutex *[numLocks]; -- memset(locks, 0, numLocks * sizeof(QMutex *)); -- } -- inline ~QOpenSslLocks() -- { -- QMutexLocker locker(&locksLocker); -- for (int i = 0; i < q_CRYPTO_num_locks(); ++i) -- delete locks[i]; -- delete [] locks; -- -- QSslSocketPrivate::deinitialize(); -- } -- inline QMutex *lock(int num) -- { -- QMutexLocker locker(&locksLocker); -- QMutex *tmp = locks[num]; -- if (!tmp) -- tmp = locks[num] = new QMutex(QMutex::Recursive); -- return tmp; -- } -- -- QMutex *globalLock() -- { -- return &locksLocker; -- } -- -- QMutex *initLock() -- { -- return &initLocker; -- } -- --private: -- QMutex initLocker; -- QMutex locksLocker; -- QMutex **locks; --}; --Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) -- - QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() - { - QString errorString; -@@ -175,23 +111,8 @@ QString QSslSocketBackendPrivate::getErr - return errorString; - } - --extern "C" { --static void locking_function(int mode, int lockNumber, const char *, int) --{ -- QMutex *mutex = openssl_locks()->lock(lockNumber); -- -- // Lock or unlock it -- if (mode & CRYPTO_LOCK) -- mutex->lock(); -- else -- mutex->unlock(); --} --static unsigned long id_function() --{ -- return (quintptr)QThread::currentThreadId(); --} -- - #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) -+extern "C" { - static unsigned int q_ssl_psk_client_callback(SSL *ssl, - const char *hint, - char *identity, unsigned int max_identity_len, -@@ -457,8 +378,6 @@ void QSslSocketBackendPrivate::destroySs - */ - void QSslSocketPrivate::deinitialize() - { -- q_CRYPTO_set_id_callback(0); -- q_CRYPTO_set_locking_callback(0); - q_ERR_free_strings(); - } - -@@ -479,15 +398,10 @@ bool QSslSocketPrivate::ensureLibraryLoa - if (!q_resolveOpenSslSymbols()) - return false; - -- // Check if the library itself needs to be initialized. -- QMutexLocker locker(openssl_locks()->initLock()); -- - if (!s_libraryLoaded) { - s_libraryLoaded = true; - - // Initialize OpenSSL. -- q_CRYPTO_set_id_callback(id_function); -- q_CRYPTO_set_locking_callback(locking_function); - if (q_SSL_library_init() != 1) - return false; - q_SSL_load_error_strings(); -@@ -509,7 +423,6 @@ bool QSslSocketPrivate::ensureLibraryLoa - - void QSslSocketPrivate::ensureCiphersAndCertsLoaded() - { -- QMutexLocker locker(openssl_locks()->initLock()); - if (s_loadedCiphersAndCerts) - return; - s_loadedCiphersAndCerts = true; -@@ -594,7 +507,7 @@ QString QSslSocketPrivate::sslLibraryVer - if (!supportsSsl()) - return QString(); - -- const char *versionString = q_SSLeay_version(SSLEAY_VERSION); -+ const char *versionString = q_OpenSSL_version(OPENSSL_VERSION); - if (!versionString) - return QString(); - -@@ -1519,7 +1432,7 @@ void QSslSocketBackendPrivate::continueH - if (readBufferMaxSize) - plainSocket->setReadBufferSize(readBufferMaxSize); - -- if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) -+ if (SSL_session_reused(ssl)) - configuration.peerSessionShared = true; - - #ifdef QT_DECRYPT_SSL_TRAFFIC -@@ -1661,7 +1574,7 @@ QList QSslSocketBackendPrivat - // Build the chain of intermediate certificates - STACK_OF(X509) *intermediates = 0; - if (certificateChain.length() > 1) { -- intermediates = (STACK_OF(X509) *) q_sk_new_null(); -+ intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null(); - - if (!intermediates) { - q_X509_STORE_free(certStore); -@@ -1675,11 +1588,7 @@ QList QSslSocketBackendPrivat - first = false; - continue; - } --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -- q_sk_push( (_STACK *)intermediates, reinterpret_cast(cert.handle())); --#else -- q_sk_push( (STACK *)intermediates, reinterpret_cast(cert.handle())); --#endif -+ q_OPENSSL_sk_push( (OPENSSL_STACK *)intermediates, reinterpret_cast(cert.handle())); - } - } - -@@ -1703,11 +1612,7 @@ QList QSslSocketBackendPrivat - (void) q_X509_verify_cert(storeContext); - - q_X509_STORE_CTX_free(storeContext); --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -- q_sk_free( (_STACK *) intermediates); --#else -- q_sk_free( (STACK *) intermediates); --#endif -+ q_OPENSSL_sk_free( (OPENSSL_STACK *) intermediates); - - // Now process the errors - const auto errorList = std::move(_q_sslErrorList()->errors); -@@ -1781,7 +1686,7 @@ bool QSslSocketBackendPrivate::importPkc - // Convert to Qt types - if (!key->d->fromEVP_PKEY(pkey)) { - qCWarning(lcSsl, "Unable to convert private key"); -- q_sk_pop_free(reinterpret_cast(ca), reinterpret_cast(q_sk_free)); -+ q_OPENSSL_sk_pop_free(reinterpret_cast(ca), reinterpret_cast(q_OPENSSL_sk_free)); - q_X509_free(x509); - q_EVP_PKEY_free(pkey); - q_PKCS12_free(p12); -@@ -1796,7 +1701,7 @@ bool QSslSocketBackendPrivate::importPkc - *caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca); - - // Clean up -- q_sk_pop_free(reinterpret_cast(ca), reinterpret_cast(q_sk_free)); -+ q_OPENSSL_sk_pop_free(reinterpret_cast(ca), reinterpret_cast(q_OPENSSL_sk_free)); - q_X509_free(x509); - q_EVP_PKEY_free(pkey); - q_PKCS12_free(p12); -diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_p.h.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_p.h ---- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_p.h.openssl11 2016-11-17 14:34:21.000000000 -0500 -+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_p.h 2016-11-28 09:22:07.374079451 -0500 -@@ -97,10 +97,6 @@ - #include - #include - --#if OPENSSL_VERSION_NUMBER >= 0x10000000L --typedef _STACK STACK; --#endif -- - QT_BEGIN_NAMESPACE - - struct QSslErrorEntry { -@@ -126,9 +122,7 @@ public: - BIO *writeBio; - SSL_SESSION *session; - QVector errorList; --#if OPENSSL_VERSION_NUMBER >= 0x10001000L - static int s_indexForSSLExtraData; // index used in SSL_get_ex_data to get the matching QSslSocketBackendPrivate --#endif - - // Platform specific functions - void startClientEncryption() Q_DECL_OVERRIDE; -diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp ---- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 -+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp 2016-11-28 10:05:04.077593416 -0500 -@@ -145,22 +145,19 @@ DEFINEFUNC(int, ASN1_STRING_length, ASN1 - DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); - DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) - DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) --DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) - DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) - DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) --DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) -+DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return) -+DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) - DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) - DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) - #ifndef OPENSSL_NO_EC - DEFINEFUNC(const EC_GROUP*, EC_KEY_get0_group, const EC_KEY* k, k, return 0, return) - DEFINEFUNC(int, EC_GROUP_get_degree, const EC_GROUP* g, g, return 0, return) - #endif --DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) --DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) --DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) --DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) - DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return) - DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) -+DEFINEFUNC(int, DSA_bits, const DSA *a, a, return 0, return) - DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return) - DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return 0, return) - DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return) -@@ -176,6 +173,7 @@ DEFINEFUNC(const EVP_CIPHER *, EVP_des_c - DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return 0, return) - DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return 0, return) - DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) -+DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return 0, return) - DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) - DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return) - #ifndef OPENSSL_NO_EC -@@ -227,19 +225,13 @@ DEFINEFUNC2(void, RAND_seed, const void - DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return) - DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return 0, return) - DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG) --DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) --DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) --#if OPENSSL_VERSION_NUMBER >= 0x10000000L --DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) --DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) --DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) --DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) --#else --DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) --DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) --DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) --DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) --#endif -+DEFINEFUNC(int, RSA_bits, const RSA *a, a, return 0, return) -+DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) -+DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) -+DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return 0, return) -+DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) -+DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) -+DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return 0, return) - DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return) - DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return) - DEFINEFUNC3(char *, SSL_CIPHER_description, SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) -@@ -302,9 +294,6 @@ DEFINEFUNC2(void *, SSL_get_ex_data, con - DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callback_t callback, callback, return, DUMMYARG) - #endif - #if OPENSSL_VERSION_NUMBER >= 0x10000000L --#ifndef OPENSSL_NO_SSL2 --DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) --#endif - #ifndef OPENSSL_NO_SSL3_METHOD - DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) - #endif -@@ -314,7 +303,7 @@ DEFINEFUNC(const SSL_METHOD *, TLSv1_cli - DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) - DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) - #endif --#ifndef OPENSSL_NO_SSL2 -+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L - DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) - #endif - #ifndef OPENSSL_NO_SSL3_METHOD -@@ -327,9 +316,6 @@ DEFINEFUNC(const SSL_METHOD *, TLSv1_1_s - DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) - #endif - #else --#ifndef OPENSSL_NO_SSL2 --DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) --#endif - #ifndef OPENSSL_NO_SSL3_METHOD - DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) - #endif -@@ -350,8 +336,11 @@ DEFINEFUNC2(int, X509_cmp, X509 *a, a, X - DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return 0, return) - #endif - DEFINEFUNC2(void, X509_print, BIO *a, a, X509 *b, b, return, DUMMYARG); -+DEFINEFUNC4(int, X509_digest, const X509 *x509, x509, const EVP_MD *type, type, unsigned char *md, md, unsigned int *len, len, return -1, return) - DEFINEFUNC(ASN1_OBJECT *, X509_EXTENSION_get_object, X509_EXTENSION *a, a, return 0, return) - DEFINEFUNC(void, X509_free, X509 *a, a, return, DUMMYARG) -+DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *a, a, return 0, return) -+DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *a, a, return 0, return) - DEFINEFUNC2(X509_EXTENSION *, X509_get_ext, X509 *a, a, int b, b, return 0, return) - DEFINEFUNC(int, X509_get_ext_count, X509 *a, a, return 0, return) - DEFINEFUNC4(void *, X509_get_ext_d2i, X509 *a, a, int b, b, int *c, c, int *d, d, return 0, return) -@@ -386,6 +375,7 @@ DEFINEFUNC(int, X509_STORE_CTX_get_error - DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) - DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) - DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return) -+DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG) - #ifdef SSLEAY_MACROS - DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) - DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) -@@ -400,7 +390,10 @@ DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, - #endif - DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) - DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) -+DEFINEFUNC(void, OPENSSL_free, void *a, a, return, DUMMYARG) - DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) -+DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return) -+DEFINEFUNC(const char *, OpenSSL_version, int a, a, return 0, return) - DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) - DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) - DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return) -@@ -432,6 +425,9 @@ DEFINEFUNC2(size_t, EC_get_builtin_curve - DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return) - #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L - #endif // OPENSSL_NO_EC -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return) -+#endif // OPENSSL_VERSION_NUMBER >= 0x10100000L - - DEFINEFUNC5(int, PKCS12_parse, PKCS12 *p12, p12, const char *pass, pass, EVP_PKEY **pkey, pkey, \ - X509 **cert, cert, STACK_OF(X509) **ca, ca, return 1, return); -@@ -769,11 +765,10 @@ bool q_resolveOpenSslSymbols() - #endif - RESOLVEFUNC(BN_num_bits) - RESOLVEFUNC(CRYPTO_free) -- RESOLVEFUNC(CRYPTO_num_locks) -- RESOLVEFUNC(CRYPTO_set_id_callback) -- RESOLVEFUNC(CRYPTO_set_locking_callback) - RESOLVEFUNC(DSA_new) - RESOLVEFUNC(DSA_free) -+ RESOLVEFUNC(OPENSSL_free) -+ RESOLVEFUNC(DSA_bits) - RESOLVEFUNC(ERR_error_string) - RESOLVEFUNC(ERR_get_error) - RESOLVEFUNC(ERR_free_strings) -@@ -787,6 +782,7 @@ bool q_resolveOpenSslSymbols() - RESOLVEFUNC(EVP_des_cbc) - RESOLVEFUNC(EVP_des_ede3_cbc) - RESOLVEFUNC(EVP_rc2_cbc) -+ RESOLVEFUNC(EVP_sha1) - RESOLVEFUNC(EVP_PKEY_assign) - RESOLVEFUNC(EVP_PKEY_set1_RSA) - RESOLVEFUNC(EVP_PKEY_set1_DSA) -@@ -795,7 +791,9 @@ bool q_resolveOpenSslSymbols() - #endif - RESOLVEFUNC(EVP_PKEY_free) - RESOLVEFUNC(EVP_PKEY_get1_DSA) -+ /*RESOLVEFUNC(EVP_PKEY_get0_DSA)*/ - RESOLVEFUNC(EVP_PKEY_get1_RSA) -+ //RESOLVEFUNC(EVP_PKEY_get0_RSA) - #ifndef OPENSSL_NO_EC - RESOLVEFUNC(EVP_PKEY_get1_EC_KEY) - #endif -@@ -836,12 +834,13 @@ bool q_resolveOpenSslSymbols() - RESOLVEFUNC(RAND_status) - RESOLVEFUNC(RSA_new) - RESOLVEFUNC(RSA_free) -- RESOLVEFUNC(sk_new_null) -- RESOLVEFUNC(sk_push) -- RESOLVEFUNC(sk_free) -- RESOLVEFUNC(sk_num) -- RESOLVEFUNC(sk_pop_free) -- RESOLVEFUNC(sk_value) -+ RESOLVEFUNC(RSA_bits) -+ RESOLVEFUNC(OPENSSL_sk_new_null) -+ RESOLVEFUNC(OPENSSL_sk_push) -+ RESOLVEFUNC(OPENSSL_sk_free) -+ RESOLVEFUNC(OPENSSL_sk_num) -+ RESOLVEFUNC(OPENSSL_sk_pop_free) -+ RESOLVEFUNC(OPENSSL_sk_value) - RESOLVEFUNC(SSL_CIPHER_description) - RESOLVEFUNC(SSL_CIPHER_get_bits) - RESOLVEFUNC(SSL_CTX_check_private_key) -@@ -891,9 +890,6 @@ bool q_resolveOpenSslSymbols() - RESOLVEFUNC(SSL_set_psk_client_callback) - #endif - RESOLVEFUNC(SSL_write) --#ifndef OPENSSL_NO_SSL2 -- RESOLVEFUNC(SSLv2_client_method) --#endif - #ifndef OPENSSL_NO_SSL3_METHOD - RESOLVEFUNC(SSLv3_client_method) - #endif -@@ -903,9 +899,6 @@ bool q_resolveOpenSslSymbols() - RESOLVEFUNC(TLSv1_1_client_method) - RESOLVEFUNC(TLSv1_2_client_method) - #endif --#ifndef OPENSSL_NO_SSL2 -- RESOLVEFUNC(SSLv2_server_method) --#endif - #ifndef OPENSSL_NO_SSL3_METHOD - RESOLVEFUNC(SSLv3_server_method) - #endif -@@ -938,6 +931,8 @@ bool q_resolveOpenSslSymbols() - RESOLVEFUNC(X509_print) - RESOLVEFUNC(X509_EXTENSION_get_object) - RESOLVEFUNC(X509_free) -+ RESOLVEFUNC(X509_get_notBefore) -+ RESOLVEFUNC(X509_get_notAfter) - RESOLVEFUNC(X509_get_ext) - RESOLVEFUNC(X509_get_ext_count) - RESOLVEFUNC(X509_get_ext_d2i) -@@ -963,6 +958,8 @@ bool q_resolveOpenSslSymbols() - RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) - RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) - RESOLVEFUNC(SSL_CTX_load_verify_locations) -+ RESOLVEFUNC(OpenSSL_version_num) -+ RESOLVEFUNC(OpenSSL_version) - RESOLVEFUNC(SSLeay) - RESOLVEFUNC(SSLeay_version) - RESOLVEFUNC(i2d_SSL_SESSION) -diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h ---- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h.openssl11 2016-11-17 14:34:21.000000000 -0500 -+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h 2016-11-28 10:02:51.125249192 -0500 -@@ -221,21 +221,18 @@ int q_ASN1_STRING_length(ASN1_STRING *a) - int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); - long q_BIO_ctrl(BIO *a, int b, long c, void *d); - int q_BIO_free(BIO *a); --BIO *q_BIO_new(BIO_METHOD *a); - BIO *q_BIO_new_mem_buf(void *a, int b); - int q_BIO_read(BIO *a, void *b, int c); --BIO_METHOD *q_BIO_s_mem(); -+BIO *q_BIO_new(const BIO_METHOD *a); -+const BIO_METHOD *q_BIO_s_mem(); - int q_BIO_write(BIO *a, const void *b, int c); - int q_BN_num_bits(const BIGNUM *a); - #ifndef OPENSSL_NO_EC - const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k); - int q_EC_GROUP_get_degree(const EC_GROUP* g); - #endif --int q_CRYPTO_num_locks(); --void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); --void q_CRYPTO_set_id_callback(unsigned long (*a)()); --void q_CRYPTO_free(void *a); - DSA *q_DSA_new(); -+int q_DSA_bits(const DSA *d); - void q_DSA_free(DSA *a); - X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); - char *q_ERR_error_string(unsigned long a, char *b); -@@ -251,6 +248,7 @@ int q_EVP_CipherFinal(EVP_CIPHER_CTX *ct - const EVP_CIPHER *q_EVP_des_cbc(); - const EVP_CIPHER *q_EVP_des_ede3_cbc(); - const EVP_CIPHER *q_EVP_rc2_cbc(); -+const EVP_MD *q_EVP_sha1(); - int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); - Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); - int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); -@@ -259,7 +257,9 @@ int q_EVP_PKEY_set1_EC_KEY(EVP_PKEY *a, - #endif - void q_EVP_PKEY_free(EVP_PKEY *a); - RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a); -+RSA *q_EVP_PKEY_get0_RSA(EVP_PKEY *a); - DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a); -+DSA *q_EVP_PKEY_get0_DSA(EVP_PKEY *a); - #ifndef OPENSSL_NO_EC - EC_KEY *q_EVP_PKEY_get1_EC_KEY(EVP_PKEY *a); - #endif -@@ -306,20 +306,14 @@ int q_PEM_write_bio_EC_PUBKEY(BIO *a, EC - void q_RAND_seed(const void *a, int b); - int q_RAND_status(); - RSA *q_RSA_new(); -+int q_RSA_bits(const RSA *r); - void q_RSA_free(RSA *a); --int q_sk_num(STACK *a); --void q_sk_pop_free(STACK *a, void (*b)(void *)); --#if OPENSSL_VERSION_NUMBER >= 0x10000000L --_STACK *q_sk_new_null(); --void q_sk_push(_STACK *st, void *data); --void q_sk_free(_STACK *a); --void * q_sk_value(STACK *a, int b); --#else --STACK *q_sk_new_null(); --void q_sk_push(STACK *st, char *data); --void q_sk_free(STACK *a); --char * q_sk_value(STACK *a, int b); --#endif -+int q_OPENSSL_sk_num(OPENSSL_STACK *a); -+void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); -+OPENSSL_STACK *q_OPENSSL_sk_new_null(); -+void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); -+void q_OPENSSL_sk_free(OPENSSL_STACK *a); -+void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); - int q_SSL_accept(SSL *a); - int q_SSL_clear(SSL *a); - char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c); -@@ -378,7 +372,7 @@ typedef unsigned int (*q_psk_client_call - void q_SSL_set_psk_client_callback(SSL *ssl, q_psk_client_callback_t callback); - #endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) - #if OPENSSL_VERSION_NUMBER >= 0x10000000L --#ifndef OPENSSL_NO_SSL2 -+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L - const SSL_METHOD *q_SSLv2_client_method(); - #endif - #ifndef OPENSSL_NO_SSL3_METHOD -@@ -388,7 +382,7 @@ const SSL_METHOD *q_SSLv23_client_method - const SSL_METHOD *q_TLSv1_client_method(); - const SSL_METHOD *q_TLSv1_1_client_method(); - const SSL_METHOD *q_TLSv1_2_client_method(); --#ifndef OPENSSL_NO_SSL2 -+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L - const SSL_METHOD *q_SSLv2_server_method(); - #endif - #ifndef OPENSSL_NO_SSL3_METHOD -@@ -430,8 +424,11 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_o - X509 *q_X509_dup(X509 *a); - #endif - void q_X509_print(BIO *a, X509*b); -+int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len); - ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); - void q_X509_free(X509 *a); -+ASN1_TIME *q_X509_get_notBefore(X509 *a); -+ASN1_TIME *q_X509_get_notAfter(X509 *a); - X509_EXTENSION *q_X509_get_ext(X509 *a, int b); - int q_X509_get_ext_count(X509 *a); - void *q_X509_get_ext_d2i(X509 *a, int b, int *c, int *d); -@@ -519,10 +516,14 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign - PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ - bp,(char *)x,enc,kstr,klen,cb,u) - #endif -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) -+#else -+long q_SSL_CTX_set_options(SSL_CTX *ctx, long options); -+#endif - #define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) --#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) --#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) -+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) -+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) - #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) - #define q_sk_GENERAL_NAME_value(st, i) q_SKM_sk_value(GENERAL_NAME, (st), (i)) - #define q_sk_X509_num(st) q_SKM_sk_num(X509, (st)) -@@ -531,8 +532,6 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign - #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) - #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ - q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) --#define q_X509_get_notAfter(x) X509_get_notAfter(x) --#define q_X509_get_notBefore(x) X509_get_notBefore(x) - #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ - (char *)(rsa)) - #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ -@@ -540,7 +539,10 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign - #define q_OpenSSL_add_all_algorithms() q_OPENSSL_add_all_algorithms_conf() - void q_OPENSSL_add_all_algorithms_noconf(); - void q_OPENSSL_add_all_algorithms_conf(); -+void q_OPENSSL_free(void *addr); - int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); -+long q_OpenSSL_version_num(); -+const char *q_OpenSSL_version(int type); - long q_SSLeay(); - const char *q_SSLeay_version(int type); - int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); diff --git a/qt5-qtbase-5.9.1-openssl11.patch b/qt5-qtbase-5.9.1-openssl11.patch new file mode 100644 index 0000000..c26bede --- /dev/null +++ b/qt5-qtbase-5.9.1-openssl11.patch @@ -0,0 +1,4150 @@ +diff -Nur qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.cpp qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.cpp +--- qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.cpp 2017-07-27 13:36:11.792844593 +0200 +@@ -0,0 +1,48 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the config.tests of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++#include ++ ++#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L ++# error "OpenSSL >= 1.1 is required" ++#endif ++ ++int main() ++{ ++} +diff -Nur qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.pro qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.pro +--- qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.pro 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.pro 2017-07-27 13:36:11.792844593 +0200 +@@ -0,0 +1,2 @@ ++SOURCES = openssl.cpp ++CONFIG -= x11 qt +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/configure.json qtbase-opensource-src-5.9.1/src/network/configure.json +--- qtbase-opensource-src-5.9.1.than/src/network/configure.json 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/configure.json 2017-07-27 13:36:11.792844593 +0200 +@@ -105,6 +105,12 @@ + "type": "compile", + "test": "unix/sctp", + "use": "network" ++ }, ++ "openssl11": { ++ "label": "OpenSSL v. 1.1 support", ++ "type": "compile", ++ "test": "unix/openssl11", ++ "use": "network" + } + }, + +@@ -172,6 +178,11 @@ + "condition": "config.winrt || features.securetransport || features.openssl", + "output": [ "publicFeature", "feature" ] + }, ++ "opensslv11": { ++ "label": "OpenSSL v. 1.1", ++ "condition": "tests.openssl11", ++ "output": ["publicFeature", "feature"] ++ }, + "sctp": { + "label": "SCTP", + "autoDetect": false, +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcertificate_openssl.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcertificate_openssl.cpp 2017-07-27 13:36:11.793844555 +0200 +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2016 Richard J. Moore + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -64,12 +65,14 @@ + uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW + { + if (X509 * const x509 = key.d->x509) { +- (void)q_X509_cmp(x509, x509); // populate x509->sha1_hash +- // (if someone knows a better way...) +- return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed); +- } else { +- return seed; ++ const EVP_MD *sha1 = q_EVP_sha1(); ++ unsigned int len = 0; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ q_X509_digest(x509, sha1, md, &len); ++ return qHashBits(md, len, seed); + } ++ ++ return seed; + } + + bool QSslCertificate::isNull() const +@@ -89,8 +92,7 @@ + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->versionString.isEmpty() && d->x509) +- d->versionString = +- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); ++ d->versionString = QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); + + return d->versionString; + } +@@ -99,7 +101,7 @@ + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->serialNumberString.isEmpty() && d->x509) { +- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; ++ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); + QByteArray hexString; + hexString.reserve(serialNumber->length * 3); + for (int a = 0; a < serialNumber->length; ++a) { +@@ -199,14 +201,15 @@ + continue; + } + +- const char *altNameStr = reinterpret_cast(q_ASN1_STRING_data(genName->d.ia5)); ++ const char *altNameStr = reinterpret_cast(q_ASN1_STRING_get0_data(genName->d.ia5)); + const QString altName = QString::fromLatin1(altNameStr, len); + if (genName->type == GEN_DNS) + result.insert(QSsl::DnsEntry, altName); + else if (genName->type == GEN_EMAIL) + result.insert(QSsl::EmailEntry, altName); + } +- q_sk_pop_free((STACK*)altNames, reinterpret_cast(q_sk_free)); ++ ++ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)altNames, reinterpret_cast(q_OPENSSL_sk_free)); + } + + return result; +@@ -235,25 +238,26 @@ + QSslKey key; + + key.d->type = QSsl::PublicKey; +- X509_PUBKEY *xkey = d->x509->cert_info->key; +- EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); ++ ++ EVP_PKEY *pkey = q_X509_get_pubkey(d->x509); + Q_ASSERT(pkey); ++ const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); + +- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { ++ if (keyType == EVP_PKEY_RSA) { + key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); + key.d->algorithm = QSsl::Rsa; + key.d->isNull = false; +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { ++ } else if (keyType == EVP_PKEY_DSA) { + key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); + key.d->algorithm = QSsl::Dsa; + key.d->isNull = false; + #ifndef OPENSSL_NO_EC +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { ++ } else if (keyType == EVP_PKEY_EC) { + key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey); + key.d->algorithm = QSsl::Ec; + key.d->isNull = false; + #endif +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { ++ } else if (keyType == EVP_PKEY_DH) { + // DH unsupported + } else { + // error? +@@ -275,7 +279,7 @@ + X509V3_EXT_METHOD *meth = const_cast(q_X509V3_EXT_get(ext)); + if (!meth) { + ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext); +- QByteArray result( reinterpret_cast(q_ASN1_STRING_data(value)), ++ QByteArray result( reinterpret_cast(q_ASN1_STRING_get0_data(value)), + q_ASN1_STRING_length(value)); + return result; + } +@@ -371,7 +375,7 @@ + continue; + } + +- const char *uriStr = reinterpret_cast(q_ASN1_STRING_data(name->d.uniformResourceIdentifier)); ++ const char *uriStr = reinterpret_cast(q_ASN1_STRING_get0_data(name->d.uniformResourceIdentifier)); + const QString uri = QString::fromUtf8(uriStr, len); + + result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri; +@@ -380,11 +384,7 @@ + } + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_pop_free((_STACK*)info, reinterpret_cast(q_sk_free)); +-#else +- q_sk_pop_free((STACK*)info, reinterpret_cast(q_sk_free)); +-#endif ++ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)info, reinterpret_cast(q_OPENSSL_sk_free)); + return result; + } + break; +@@ -607,7 +607,11 @@ + unsigned char *data = 0; + int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); + info.insertMulti(name, QString::fromUtf8((char*)data, size)); ++#if QT_CONFIG(opensslv11) ++ q_CRYPTO_free(data, 0, 0); ++#else + q_CRYPTO_free(data); ++#endif + } + + return info; +@@ -619,8 +623,9 @@ + if (!x509 || !QSslSocket::supportsSsl()) + return certificate; + +- ASN1_TIME *nbef = q_X509_get_notBefore(x509); +- ASN1_TIME *naft = q_X509_get_notAfter(x509); ++ ASN1_TIME *nbef = q_X509_getm_notBefore(x509); ++ ASN1_TIME *naft = q_X509_getm_notAfter(x509); ++ + certificate.d->notValidBefore = q_getTimeFromASN1(nbef); + certificate.d->notValidAfter = q_getTimeFromASN1(naft); + certificate.d->null = false; +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl11.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl11.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl11.cpp 2017-07-27 13:36:11.794844517 +0200 +@@ -0,0 +1,277 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Copyright (C) 2016 Richard J. Moore ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include ++#include ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++#include ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ if (sslContext->sslConfiguration.protocol() == QSsl::SslV2) { ++ // SSL 2 is no longer supported, but chosen deliberately -> error ++ sslContext->ctx = nullptr; ++ unsupportedProtocol = true; ++ } else { ++ // The ssl options will actually control the supported methods ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method()); ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_OPENSSL_init_ssl(0, nullptr) == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, nullptr, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = nullptr; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_PSK ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // !OPENSSL_NO_PSK ++ ++ const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#ifdef OPENSSL_NO_EC ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version with disabled elliptic curves")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++#else ++ // Set the curves to be used. ++ std::vector curves; ++ curves.reserve(qcurves.size()); ++ for (const auto &sslCurve : qcurves) ++ curves.push_back(sslCurve.id); ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_CURVES, long(curves.size()), &curves[0])) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++#endif ++ } ++} ++ ++QT_END_NAMESPACE +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl.cpp 2017-07-27 13:36:11.793844555 +0200 +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. + ** Copyright (C) 2014 Governikus GmbH & Co. KG. + ** Contact: https://www.qt.io/licensing/ +@@ -41,22 +41,14 @@ + + + #include +-#include +-#include + + #include "private/qssl_p.h" + #include "private/qsslcontext_openssl_p.h" +-#include "private/qsslsocket_p.h" + #include "private/qsslsocket_openssl_p.h" + #include "private/qsslsocket_openssl_symbols_p.h" +-#include "private/qssldiffiehellmanparameters_p.h" + + QT_BEGIN_NAMESPACE + +-// defined in qsslsocket_openssl.cpp: +-extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); +-extern QString getErrorsFromOpenSsl(); +- + QSslContext::QSslContext() + : ctx(0), + pkey(0), +@@ -78,301 +70,6 @@ + q_SSL_SESSION_free(session); + } + +-static inline QString msgErrorSettingEllipticCurves(const QString &why) +-{ +- return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); +-} +- +-// static +-void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) +-{ +- sslContext->sslConfiguration = configuration; +- sslContext->errorCode = QSslError::NoError; +- +- bool client = (mode == QSslSocket::SslClientMode); +- +- bool reinitialized = false; +- bool unsupportedProtocol = false; +-init_context: +- switch (sslContext->sslConfiguration.protocol()) { +- case QSsl::SslV2: +-#ifndef OPENSSL_NO_SSL2 +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); +-#else +- // SSL 2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::SslV3: +-#ifndef OPENSSL_NO_SSL3_METHOD +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); +-#else +- // SSL 3 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::SecureProtocols: +- // SSLv2 and SSLv3 will be disabled by SSL options +- // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. +- case QSsl::TlsV1SslV3: +- // SSLv2 will will be disabled by SSL options +- case QSsl::AnyProtocol: +- default: +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +- break; +- case QSsl::TlsV1_0: +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); +- break; +- case QSsl::TlsV1_1: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); +-#else +- // TLS 1.1 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::TlsV1_2: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); +-#else +- // TLS 1.2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::TlsV1_0OrLater: +- // Specific protocols will be specified via SSL options. +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +- break; +- case QSsl::TlsV1_1OrLater: +- case QSsl::TlsV1_2OrLater: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- // Specific protocols will be specified via SSL options. +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +-#else +- // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- } +- +- if (!sslContext->ctx) { +- // After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them +- // by re-initializing the library. +- if (!reinitialized) { +- reinitialized = true; +- if (q_SSL_library_init() == 1) +- goto init_context; +- } +- +- sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( +- unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() +- ); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // Enable bug workarounds. +- long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); +- q_SSL_CTX_set_options(sslContext->ctx, options); +- +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- // Tell OpenSSL to release memory early +- // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html +- if (q_SSLeay() >= 0x10000000L) +- q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); +-#endif +- +- // Initialize ciphers +- QByteArray cipherString; +- bool first = true; +- QList ciphers = sslContext->sslConfiguration.ciphers(); +- if (ciphers.isEmpty()) +- ciphers = QSslSocketPrivate::defaultCiphers(); +- for (const QSslCipher &cipher : qAsConst(ciphers)) { +- if (first) +- first = false; +- else +- cipherString.append(':'); +- cipherString.append(cipher.name().toLatin1()); +- } +- +- if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { +- sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- const QDateTime now = QDateTime::currentDateTimeUtc(); +- +- // Add all our CAs to this store. +- const auto caCertificates = sslContext->sslConfiguration.caCertificates(); +- for (const QSslCertificate &caCertificate : caCertificates) { +- // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: +- // +- // If several CA certificates matching the name, key identifier, and +- // serial number condition are available, only the first one will be +- // examined. This may lead to unexpected results if the same CA +- // certificate is available with different expiration dates. If a +- // ``certificate expired'' verification error occurs, no other +- // certificate will be searched. Make sure to not have expired +- // certificates mixed with valid ones. +- // +- // See also: QSslSocketBackendPrivate::verify() +- if (caCertificate.expiryDate() >= now) { +- q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); +- } +- } +- +- if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { +- // tell OpenSSL the directories where to look up the root certs on demand +- const QList unixDirs = QSslSocketPrivate::unixRootCertDirectories(); +- for (const QByteArray &unixDir : unixDirs) +- q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); +- } +- +- if (!sslContext->sslConfiguration.localCertificate().isNull()) { +- // Require a private key as well. +- if (sslContext->sslConfiguration.privateKey().isNull()) { +- sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // Load certificate +- if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { +- sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { +- sslContext->pkey = reinterpret_cast(configuration.d->privateKey.handle()); +- } else { +- // Load private key +- sslContext->pkey = q_EVP_PKEY_new(); +- // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. +- // this lead to a memory leak. Now we use the *_set1_* functions which do not +- // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. +- if (configuration.d->privateKey.algorithm() == QSsl::Rsa) +- q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); +- else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) +- q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); +-#ifndef OPENSSL_NO_EC +- else if (configuration.d->privateKey.algorithm() == QSsl::Ec) +- q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); +-#endif +- } +- +- if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { +- sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- if (configuration.d->privateKey.algorithm() == QSsl::Opaque) +- sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey +- +- // Check if the certificate matches the private key. +- if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { +- sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // If we have any intermediate certificates then we need to add them to our chain +- bool first = true; +- for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { +- if (first) { +- first = false; +- continue; +- } +- q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, +- q_X509_dup(reinterpret_cast(cert.handle()))); +- } +- } +- +- // Initialize peer verification. +- if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { +- q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); +- } else { +- q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); +- } +- +- // Set verification depth. +- if (sslContext->sslConfiguration.peerVerifyDepth() != 0) +- q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); +- +- // set persisted session if the user set it +- if (!configuration.sessionTicket().isEmpty()) +- sslContext->setSessionASN1(configuration.sessionTicket()); +- +- // Set temp DH params +- QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); +- +- if (!dhparams.isValid()) { +- sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- if (!dhparams.isEmpty()) { +- const QByteArray ¶ms = dhparams.d->derData; +- const char *ptr = params.constData(); +- DH *dh = q_d2i_DHparams(NULL, reinterpret_cast(&ptr), params.length()); +- if (dh == NULL) +- qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); +- q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); +- q_DH_free(dh); +- } +- +-#ifndef OPENSSL_NO_EC +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { +- q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); +- } else +-#endif +- { +- // Set temp ECDH params +- EC_KEY *ecdh = 0; +- ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); +- q_EC_KEY_free(ecdh); +- } +-#endif // OPENSSL_NO_EC +- +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +- if (!client) +- q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); +-#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +- +- const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); +- if (!qcurves.isEmpty()) { +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) +- // Set the curves to be used +- if (q_SSLeay() >= 0x10002000L) { +- // SSL_CTX_ctrl wants a non-const pointer as last argument, +- // but let's avoid a copy into a temporary array +- if (!q_SSL_CTX_ctrl(sslContext->ctx, +- SSL_CTRL_SET_CURVES, +- qcurves.size(), +- const_cast(reinterpret_cast(qcurves.data())))) { +- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- } +- } else +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) +- { +- // specific curves requested, but not possible to set -> error +- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); +- sslContext->errorCode = QSslError::UnspecifiedError; +- } +- } +-} +- + QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) + { + QSslContext *sslContext = new QSslContext(); +@@ -463,7 +160,7 @@ + m_npnContext.len = m_supportedNPNVersions.count(); + m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { + // Callback's type has a parameter 'const unsigned char ** out' + // since it was introduced in 1.0.2. Internally, OpenSSL's own code + // (tests/examples) cast it to unsigned char * (since it's 'out'). +@@ -508,7 +205,7 @@ + unsigned char *data = reinterpret_cast(m_sessionASN1.data()); + if (!q_i2d_SSL_SESSION(session, &data)) + qCWarning(lcSsl, "could not store persistent version of SSL session"); +- m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint; ++ m_sessionTicketLifeTimeHint = q_SSL_SESSION_get_ticket_lifetime_hint(session); + } + } + +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_opensslpre11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_opensslpre11.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_opensslpre11.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_opensslpre11.cpp 2017-07-27 13:36:11.794844517 +0200 +@@ -0,0 +1,354 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include ++#include ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ switch (sslContext->sslConfiguration.protocol()) { ++ case QSsl::SslV2: ++#ifndef OPENSSL_NO_SSL2 ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); ++#else ++ // SSL 2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SslV3: ++#ifndef OPENSSL_NO_SSL3_METHOD ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#else ++ // SSL 3 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SecureProtocols: ++ // SSLv2 and SSLv3 will be disabled by SSL options ++ // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. ++ case QSsl::TlsV1SslV3: ++ // SSLv2 will will be disabled by SSL options ++ case QSsl::AnyProtocol: ++ default: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_0: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); ++ break; ++ case QSsl::TlsV1_1: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); ++#else ++ // TLS 1.1 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_2: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); ++#else ++ // TLS 1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_0OrLater: ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_1OrLater: ++ case QSsl::TlsV1_2OrLater: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++#else ++ // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_SSL_library_init() == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ if (q_SSLeay() >= 0x10000000L) ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++#endif ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_EC ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); ++ } else ++#endif ++ { ++ // Set temp ECDH params ++ EC_KEY *ecdh = 0; ++ ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ++ q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); ++ q_EC_KEY_free(ecdh); ++ } ++#endif // OPENSSL_NO_EC ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ ++ const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ // Set the curves to be used ++ if (q_SSLeay() >= 0x10002000L) { ++ // SSL_CTX_ctrl wants a non-const pointer as last argument, ++ // but let's avoid a copy into a temporary array ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, ++ SSL_CTRL_SET_CURVES, ++ qcurves.size(), ++ const_cast(reinterpret_cast(qcurves.data())))) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } else ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ { ++ // specific curves requested, but not possible to set -> error ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } ++} ++ ++QT_END_NAMESPACE +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp 2017-07-27 13:36:11.795844480 +0200 +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2015 Mikkel Krautz ++** Copyright (C) 2016 Richard J. Moore + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -50,8 +51,8 @@ + #include + #endif + +-// For q_BN_is_word. + #include ++#include + + QT_BEGIN_NAMESPACE + +@@ -62,13 +63,6 @@ + + QSslSocketPrivate::ensureInitialized(); + +- // Mark p < 1024 bits as unsafe. +- if (q_BN_num_bits(dh->p) < 1024) { +- return false; +- } +- +- if (q_DH_check(dh, &status) != 1) +- return false; + + // From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters: + // +@@ -81,11 +75,39 @@ + // Without the test, the IETF parameters would + // fail validation. For details, see Diffie-Hellman + // Parameter Check (when g = 2, must p mod 24 == 11?). ++#if QT_CONFIG(opensslv11) ++ // Mark p < 1024 bits as unsafe. ++ if (q_DH_bits(dh) < 1024) ++ return false; ++ ++ if (q_DH_check(dh, &status) != 1) ++ return false; ++ ++ const BIGNUM *p = nullptr; ++ const BIGNUM *q = nullptr; ++ const BIGNUM *g = nullptr; ++ q_DH_get0_pqg(dh, &p, &q, &g); ++ ++ if (q_BN_is_word(const_cast(g), DH_GENERATOR_2)) { ++ long residue = q_BN_mod_word(p, 24); ++ if (residue == 11 || residue == 23) ++ status &= ~DH_NOT_SUITABLE_GENERATOR; ++ } ++ ++#else ++ // Mark p < 1024 bits as unsafe. ++ if (q_BN_num_bits(dh->p) < 1024) ++ return false; ++ ++ if (q_DH_check(dh, &status) != 1) ++ return false; ++ + if (q_BN_is_word(dh->g, DH_GENERATOR_2)) { + long residue = q_BN_mod_word(dh->p, 24); + if (residue == 11 || residue == 23) + status &= ~DH_NOT_SUITABLE_GENERATOR; + } ++#endif + + bad |= DH_CHECK_P_NOT_PRIME; + bad |= DH_CHECK_P_NOT_SAFE_PRIME; +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve.h +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve.h 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve.h 2017-07-27 13:36:11.795844480 +0200 +@@ -80,6 +80,7 @@ + friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW; + friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW; + ++ friend class QSslContext; + friend class QSslSocketPrivate; + friend class QSslSocketBackendPrivate; + }; +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve_openssl.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve_openssl.cpp 2017-07-27 13:36:11.795844480 +0200 +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Copyright (C) 2016 Richard J. Moore + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -78,17 +79,18 @@ + QSslEllipticCurve result; + + #ifndef OPENSSL_NO_EC +- const QByteArray curveNameLatin1 = name.toLatin1(); + ++ const QByteArray curveNameLatin1 = name.toLatin1(); + int nid = q_OBJ_sn2nid(curveNameLatin1.data()); + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (nid == 0 && q_SSLeay() >= 0x10002000L) ++ if (nid == 0 && QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) + nid = q_EC_curve_nist2nid(curveNameLatin1.data()); + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + + result.id = nid; +-#endif ++ ++#endif // !OPENSSL_NO_EC + + return result; + } +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslkey_openssl.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslkey_openssl.cpp 2017-07-27 13:36:11.795844480 +0200 +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2016 Richard J. Moore + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -84,33 +85,30 @@ + + bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) + { +- if (pkey->type == EVP_PKEY_RSA) { ++#if QT_CONFIG(opensslv11) ++ const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); ++#else ++ const int keyType = pkey->type; ++#endif ++ if (keyType == EVP_PKEY_RSA) { + isNull = false; + algorithm = QSsl::Rsa; + type = QSsl::PrivateKey; +- +- rsa = q_RSA_new(); +- memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); +- ++ rsa = q_EVP_PKEY_get1_RSA(pkey); + return true; +- } +- else if (pkey->type == EVP_PKEY_DSA) { ++ } else if (keyType == EVP_PKEY_DSA) { + isNull = false; + algorithm = QSsl::Dsa; + type = QSsl::PrivateKey; +- +- dsa = q_DSA_new(); +- memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA)); +- ++ dsa = q_EVP_PKEY_get1_DSA(pkey); + return true; + } + #ifndef OPENSSL_NO_EC +- else if (pkey->type == EVP_PKEY_EC) { ++ else if (keyType == EVP_PKEY_EC) { + isNull = false; + algorithm = QSsl::Ec; + type = QSsl::PrivateKey; +- ec = q_EC_KEY_dup(q_EVP_PKEY_get1_EC_KEY(pkey)); +- ++ ec = q_EVP_PKEY_get1_EC_KEY(pkey); + return true; + } + #endif +@@ -178,8 +176,8 @@ + return -1; + + switch (algorithm) { +- case QSsl::Rsa: return q_BN_num_bits(rsa->n); +- case QSsl::Dsa: return q_BN_num_bits(dsa->p); ++ case QSsl::Rsa: return q_RSA_bits(rsa); ++ case QSsl::Dsa: return q_DSA_bits(dsa); + #ifndef OPENSSL_NO_EC + case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); + #endif +@@ -273,7 +271,13 @@ + + static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) + { +- EVP_CIPHER_CTX ctx; ++#if QT_CONFIG(opensslv11) ++ EVP_CIPHER_CTX *ctx = q_EVP_CIPHER_CTX_new(); ++#else ++ EVP_CIPHER_CTX evpCipherContext; ++ EVP_CIPHER_CTX *ctx = &evpCipherContext; ++#endif ++ + const EVP_CIPHER* type = 0; + int i = 0, len = 0; + +@@ -291,21 +295,44 @@ + + QByteArray output; + output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); +- q_EVP_CIPHER_CTX_init(&ctx); +- q_EVP_CipherInit(&ctx, type, NULL, NULL, enc); +- q_EVP_CIPHER_CTX_set_key_length(&ctx, key.size()); ++ ++#if QT_CONFIG(opensslv11) ++ q_EVP_CIPHER_CTX_reset(ctx); ++#else ++ q_EVP_CIPHER_CTX_init(ctx); ++#endif ++ ++ q_EVP_CipherInit(ctx, type, NULL, NULL, enc); ++ q_EVP_CIPHER_CTX_set_key_length(ctx, key.size()); + if (cipher == QSslKeyPrivate::Rc2Cbc) +- q_EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); +- q_EVP_CipherInit(&ctx, NULL, ++ q_EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); ++ ++#if QT_CONFIG(opensslv11) ++ // EVP_CipherInit in 1.1 resets the context thus making the calls above useless. ++ // We call EVP_CipherInit_ex instead. ++ q_EVP_CipherInit_ex(ctx, nullptr, nullptr, ++ reinterpret_cast(key.constData()), ++ reinterpret_cast(iv.constData()), ++ enc); ++#else ++ q_EVP_CipherInit(ctx, NULL, + reinterpret_cast(key.constData()), + reinterpret_cast(iv.constData()), enc); +- q_EVP_CipherUpdate(&ctx, ++#endif // opensslv11 ++ ++ q_EVP_CipherUpdate(ctx, + reinterpret_cast(output.data()), &len, + reinterpret_cast(data.constData()), data.size()); +- q_EVP_CipherFinal(&ctx, ++ q_EVP_CipherFinal(ctx, + reinterpret_cast(output.data()) + len, &i); + len += i; +- q_EVP_CIPHER_CTX_cleanup(&ctx); ++ ++#if QT_CONFIG(opensslv11) ++ q_EVP_CIPHER_CTX_reset(ctx); ++ q_EVP_CIPHER_CTX_free(ctx); ++#else ++ q_EVP_CIPHER_CTX_cleanup(ctx); ++#endif + + return output.left(len); + } +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11.cpp 2017-07-27 13:36:11.797844405 +0200 +@@ -0,0 +1,285 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Copyright (C) 2016 Richard J. Moore ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++QT_BEGIN_NAMESPACE ++ ++Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_opensslInitMutex, (QMutex::Recursive)) ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ // This function exists only for compatibility with the pre-11 code, ++ // where deinitialize() actually does some cleanup. To be discarded ++ // once we retire < 1.1. ++} ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ if (q_OPENSSL_init_ssl(0, nullptr) != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms(); ++ ++ QSslSocketBackendPrivate::s_indexForSSLExtraData ++ = q_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0L, nullptr, nullptr, ++ nullptr, nullptr); ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_DARWIN) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_OpenSSL_version_num(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_OpenSSL_version(OPENSSL_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_session_reused(ssl)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (q_SSL_get_session(ssl)) { ++ size_t master_key_len = q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), 0, 0); ++ size_t client_random_len = q_SSL_get_client_random(ssl, 0, 0); ++ QByteArray masterKey(int(master_key_len), 0); // Will not overflow ++ QByteArray clientRandom(int(client_random_len), 0); // Will not overflow ++ ++ q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), ++ reinterpret_cast(masterKey.data()), ++ masterKey.size()); ++ q_SSL_get_client_random(ssl, reinterpret_cast(clientRandom.data()), ++ clientRandom.size()); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++ ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ if (mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11_symbols_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11_symbols_p.h +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11_symbols_p.h 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11_symbols_p.h 2017-07-27 13:36:11.798844367 +0200 +@@ -0,0 +1,132 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2016 Richard J. Moore ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++#ifndef QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++#define QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++ ++// ++// W A R N I N G ++// ------------- ++// ++// This file is not part of the Qt API. It exists purely as an ++// implementation detail. This header file may change from version to ++// version without notice, or even be removed. ++// ++// We mean it. ++// ++ ++// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done ++// in qsslsocket_openssl_symbols_p.h. ++ ++#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H ++#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" ++#endif ++ ++const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); ++ ++Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); ++Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); ++ ++int q_DSA_bits(DSA *a); ++int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); ++int q_EVP_PKEY_base_id(EVP_PKEY *a); ++int q_RSA_bits(RSA *a); ++int q_OPENSSL_sk_num(OPENSSL_STACK *a); ++void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ++OPENSSL_STACK *q_OPENSSL_sk_new_null(); ++void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); ++void q_OPENSSL_sk_free(OPENSSL_STACK *a); ++void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ++int q_SSL_session_reused(SSL *a); ++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen); ++size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); ++int q_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++const SSL_METHOD *q_TLS_method(); ++const SSL_METHOD *q_TLS_client_method(); ++const SSL_METHOD *q_TLS_server_method(); ++ASN1_TIME *q_X509_getm_notBefore(X509 *a); ++ASN1_TIME *q_X509_getm_notAfter(X509 *a); ++ ++long q_X509_get_version(X509 *a); ++EVP_PKEY *q_X509_get_pubkey(X509 *a); ++void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); ++STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); ++void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ++int q_DH_bits(DH *dh); ++ ++# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ ++ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) ++ ++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) ++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) ++ ++#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS \ ++ | OPENSSL_INIT_LOAD_CONFIG, NULL) ++#define q_OPENSSL_add_all_algorithms_noconf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) ++ ++int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++void q_CRYPTO_free(void *str, const char *file, int line); ++ ++long q_OpenSSL_version_num(); ++const char *q_OpenSSL_version(int type); ++ ++unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); ++ ++#endif +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl.cpp 2017-07-27 13:36:11.797844405 +0200 +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 Governikus GmbH & Co. KG + ** Contact: https://www.qt.io/licensing/ + ** +@@ -97,70 +97,6 @@ + int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; + #endif + +-/* \internal +- +- From OpenSSL's thread(3) manual page: +- +- OpenSSL can safely be used in multi-threaded applications provided that at +- least two callback functions are set. +- +- locking_function(int mode, int n, const char *file, int line) is needed to +- perform locking on shared data structures. (Note that OpenSSL uses a +- number of global data structures that will be implicitly shared +- whenever multiple threads use OpenSSL.) Multi-threaded +- applications will crash at random if it is not set. ... +- ... +- id_function(void) is a function that returns a thread ID. It is not +- needed on Windows nor on platforms where getpid() returns a different +- ID for each thread (most notably Linux) +-*/ +-class QOpenSslLocks +-{ +-public: +- inline QOpenSslLocks() +- : initLocker(QMutex::Recursive), +- locksLocker(QMutex::Recursive) +- { +- QMutexLocker locker(&locksLocker); +- int numLocks = q_CRYPTO_num_locks(); +- locks = new QMutex *[numLocks]; +- memset(locks, 0, numLocks * sizeof(QMutex *)); +- } +- inline ~QOpenSslLocks() +- { +- QMutexLocker locker(&locksLocker); +- for (int i = 0; i < q_CRYPTO_num_locks(); ++i) +- delete locks[i]; +- delete [] locks; +- +- QSslSocketPrivate::deinitialize(); +- } +- inline QMutex *lock(int num) +- { +- QMutexLocker locker(&locksLocker); +- QMutex *tmp = locks[num]; +- if (!tmp) +- tmp = locks[num] = new QMutex(QMutex::Recursive); +- return tmp; +- } +- +- QMutex *globalLock() +- { +- return &locksLocker; +- } +- +- QMutex *initLock() +- { +- return &initLocker; +- } +- +-private: +- QMutex initLocker; +- QMutex locksLocker; +- QMutex **locks; +-}; +-Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) +- + QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() + { + QString errorString; +@@ -175,20 +111,6 @@ + } + + extern "C" { +-static void locking_function(int mode, int lockNumber, const char *, int) +-{ +- QMutex *mutex = openssl_locks()->lock(lockNumber); +- +- // Lock or unlock it +- if (mode & CRYPTO_LOCK) +- mutex->lock(); +- else +- mutex->unlock(); +-} +-static unsigned long id_function() +-{ +- return (quintptr)QThread::currentThreadId(); +-} + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) + static unsigned int q_ssl_psk_client_callback(SSL *ssl, +@@ -227,7 +149,7 @@ + destroySslContext(); + } + +-QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) ++QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher) + { + QSslCipher ciph; + +@@ -283,6 +205,7 @@ + QMutex mutex; + QVector errors; + }; ++ + Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) + + int q_X509Callback(int ok, X509_STORE_CTX *ctx) +@@ -312,7 +235,7 @@ + } + #endif + } +- // Always return OK to allow verification to continue. We're handle the ++ // Always return OK to allow verification to continue. We handle the + // errors gracefully after collecting all errors, after verification has + // completed. + return 1; +@@ -397,7 +320,7 @@ + if (configuration.protocol != QSsl::SslV2 && + configuration.protocol != QSsl::SslV3 && + configuration.protocol != QSsl::UnknownProtocol && +- mode == QSslSocket::SslClientMode && q_SSLeay() >= 0x00090806fL) { ++ mode == QSslSocket::SslClientMode && QSslSocket::sslLibraryVersionNumber() >= 0x00090806fL) { + // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. + QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; + if (tlsHostName.isEmpty()) +@@ -438,13 +361,13 @@ + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L + // Save a pointer to this object into the SSL structure. +- if (q_SSLeay() >= 0x10001000L) ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) + q_SSL_set_ex_data(ssl, s_indexForSSLExtraData, this); + #endif + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) + // Set the client callback for PSK +- if (q_SSLeay() >= 0x10001000L) { ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) { + if (mode == QSslSocket::SslClientMode) + q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_client_callback); + else if (mode == QSslSocket::SslServerMode) +@@ -466,16 +389,6 @@ + + /*! + \internal +-*/ +-void QSslSocketPrivate::deinitialize() +-{ +- q_CRYPTO_set_id_callback(0); +- q_CRYPTO_set_locking_callback(0); +- q_ERR_free_strings(); +-} +- +-/*! +- \internal + + Does the minimum amount of initialization to determine whether SSL + is supported or not. +@@ -486,91 +399,6 @@ + return ensureLibraryLoaded(); + } + +-bool QSslSocketPrivate::ensureLibraryLoaded() +-{ +- if (!q_resolveOpenSslSymbols()) +- return false; +- +- // Check if the library itself needs to be initialized. +- QMutexLocker locker(openssl_locks()->initLock()); +- +- if (!s_libraryLoaded) { +- s_libraryLoaded = true; +- +- // Initialize OpenSSL. +- q_CRYPTO_set_id_callback(id_function); +- q_CRYPTO_set_locking_callback(locking_function); +- if (q_SSL_library_init() != 1) +- return false; +- q_SSL_load_error_strings(); +- q_OpenSSL_add_all_algorithms(); +- +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- if (q_SSLeay() >= 0x10001000L) +- QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); +-#endif +- +- // Initialize OpenSSL's random seed. +- if (!q_RAND_status()) { +- qWarning("Random number generator not seeded, disabling SSL support"); +- return false; +- } +- } +- return true; +-} +- +-void QSslSocketPrivate::ensureCiphersAndCertsLoaded() +-{ +- QMutexLocker locker(openssl_locks()->initLock()); +- if (s_loadedCiphersAndCerts) +- return; +- s_loadedCiphersAndCerts = true; +- +- resetDefaultCiphers(); +- resetDefaultEllipticCurves(); +- +-#if QT_CONFIG(library) +- //load symbols needed to receive certificates from system store +-#if defined(Q_OS_WIN) +- HINSTANCE hLib = LoadLibraryW(L"Crypt32"); +- if (hLib) { +- ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); +- ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); +- ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); +- if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) +- qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen +- } else { +- qCWarning(lcSsl, "could not load crypt32 library"); // should never happen +- } +-#elif defined(Q_OS_QNX) +- s_loadRootCertsOnDemand = true; +-#elif defined(Q_OS_UNIX) && !defined(Q_OS_MAC) +- // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) +- QList dirs = unixRootCertDirectories(); +- QStringList symLinkFilter; +- symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); +- for (int a = 0; a < dirs.count(); ++a) { +- QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); +- if (iterator.hasNext()) { +- s_loadRootCertsOnDemand = true; +- break; +- } +- } +-#endif +-#endif // QT_CONFIG(library) +- // if on-demand loading was not enabled, load the certs now +- if (!s_loadRootCertsOnDemand) +- setDefaultCaCertificates(systemCaCertificates()); +-#ifdef Q_OS_WIN +- //Enabled for fetching additional root certs from windows update on windows 6+ +- //This flag is set false by setDefaultCaCertificates() indicating the app uses +- //its own cert bundle rather than the system one. +- //Same logic that disables the unix on demand cert loading. +- //Unlike unix, we do preload the certificates from the cert store. +- if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) +- s_loadRootCertsOnDemand = true; +-#endif +-} + + /*! + \internal +@@ -587,26 +415,6 @@ + ensureCiphersAndCertsLoaded(); + } + +-long QSslSocketPrivate::sslLibraryVersionNumber() +-{ +- if (!supportsSsl()) +- return 0; +- +- return q_SSLeay(); +-} +- +-QString QSslSocketPrivate::sslLibraryVersionString() +-{ +- if (!supportsSsl()) +- return QString(); +- +- const char *versionString = q_SSLeay_version(SSLEAY_VERSION); +- if (!versionString) +- return QString(); +- +- return QString::fromLatin1(versionString); +-} +- + long QSslSocketPrivate::sslLibraryBuildVersionNumber() + { + return OPENSSL_VERSION_NUMBER; +@@ -628,7 +436,11 @@ + */ + void QSslSocketPrivate::resetDefaultCiphers() + { ++#if QT_CONFIG(opensslv11) ++ SSL_CTX *myCtx = q_SSL_CTX_new(q_TLS_client_method()); ++#else + SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); ++#endif + SSL *mySsl = q_SSL_new(myCtx); + + QList ciphers; +@@ -664,7 +476,7 @@ + QVector curves; + + #ifndef OPENSSL_NO_EC +- const size_t curveCount = q_EC_get_builtin_curves(NULL, 0); ++ const size_t curveCount = q_EC_get_builtin_curves(nullptr, 0); + + QVarLengthArray builtinCurves(static_cast(curveCount)); + +@@ -698,13 +510,14 @@ + if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { + HCERTSTORE hSystemStore; + hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); +- if(hSystemStore) { +- PCCERT_CONTEXT pc = NULL; +- while(1) { +- pc = ptrCertFindCertificateInStore( hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pc); +- if(!pc) ++ if (hSystemStore) { ++ PCCERT_CONTEXT pc = nullptr; ++ while (1) { ++ pc = ptrCertFindCertificateInStore(hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, pc); ++ if (!pc) + break; +- QByteArray der((const char *)(pc->pbCertEncoded), static_cast(pc->cbCertEncoded)); ++ QByteArray der(reinterpret_cast(pc->pbCertEncoded), ++ static_cast(pc->cbCertEncoded)); + QSslCertificate cert(der, QSsl::Der); + systemCerts.append(cert); + } +@@ -1502,14 +1315,8 @@ + { + if (!ssl) + return QSslCipher(); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- // FIXME This is fairly evil, but needed to keep source level compatibility +- // with the OpenSSL 0.9.x implementation at maximum -- some other functions +- // don't take a const SSL_CIPHER* when they should +- SSL_CIPHER *sessionCipher = const_cast(q_SSL_get_current_cipher(ssl)); +-#else +- SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); +-#endif ++ ++ const SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); + return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); + } + +@@ -1535,112 +1342,6 @@ + return QSsl::UnknownProtocol; + } + +-void QSslSocketBackendPrivate::continueHandshake() +-{ +- Q_Q(QSslSocket); +- // if we have a max read buffer size, reset the plain socket's to match +- if (readBufferMaxSize) +- plainSocket->setReadBufferSize(readBufferMaxSize); +- +- if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) +- configuration.peerSessionShared = true; +- +-#ifdef QT_DECRYPT_SSL_TRAFFIC +- if (ssl->session && ssl->s3) { +- const char *mk = reinterpret_cast(ssl->session->master_key); +- QByteArray masterKey(mk, ssl->session->master_key_length); +- const char *random = reinterpret_cast(ssl->s3->client_random); +- QByteArray clientRandom(random, SSL3_RANDOM_SIZE); +- +- // different format, needed for e.g. older Wireshark versions: +-// const char *sid = reinterpret_cast(ssl->session->session_id); +-// QByteArray sessionID(sid, ssl->session->session_id_length); +-// QByteArray debugLineRSA("RSA Session-ID:"); +-// debugLineRSA.append(sessionID.toHex().toUpper()); +-// debugLineRSA.append(" Master-Key:"); +-// debugLineRSA.append(masterKey.toHex().toUpper()); +-// debugLineRSA.append("\n"); +- +- QByteArray debugLineClientRandom("CLIENT_RANDOM "); +- debugLineClientRandom.append(clientRandom.toHex().toUpper()); +- debugLineClientRandom.append(" "); +- debugLineClientRandom.append(masterKey.toHex().toUpper()); +- debugLineClientRandom.append("\n"); +- +- QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); +- QFile file(sslKeyFile); +- if (!file.open(QIODevice::Append)) +- qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; +- if (!file.write(debugLineClientRandom)) +- qCWarning(lcSsl) << "could not write to file" << sslKeyFile; +- file.close(); +- } else { +- qCWarning(lcSsl, "could not decrypt SSL traffic"); +- } +-#endif +- +- // Cache this SSL session inside the QSslContext +- if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { +- if (!sslContextPointer->cacheSession(ssl)) { +- sslContextPointer.clear(); // we could not cache the session +- } else { +- // Cache the session for permanent usage as well +- if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { +- if (!sslContextPointer->sessionASN1().isEmpty()) +- configuration.sslSession = sslContextPointer->sessionASN1(); +- configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); +- } +- } +- } +- +-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +- +- configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; +- if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { +- // we could not agree -> be conservative and use HTTP/1.1 +- configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); +- } else { +- const unsigned char *proto = 0; +- unsigned int proto_len = 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { +- q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); +- if (proto_len && mode == QSslSocket::SslClientMode) { +- // Client does not have a callback that sets it ... +- configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; +- } +- } +- +- if (!proto_len) { // Test if NPN was more lucky ... +-#else +- { +-#endif +- q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); +- } +- +- if (proto_len) +- configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast(proto), proto_len); +- else +- configuration.nextNegotiatedProtocol.clear(); +- } +-#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... +- +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { +- EVP_PKEY *key; +- if (q_SSL_get_server_tmp_key(ssl, &key)) +- configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); +- } +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... +- +- connectionEncrypted = true; +- emit q->encrypted(); +- if (autoStartHandshake && pendingClose) { +- pendingClose = false; +- q->disconnectFromHost(); +- } +-} +- + QList QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) + { + ensureInitialized(); +@@ -1694,12 +1395,12 @@ + QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex); + + // Register a custom callback to get all verification errors. +- X509_STORE_set_verify_cb_func(certStore, q_X509Callback); ++ q_X509_STORE_set_verify_cb(certStore, q_X509Callback); + + // Build the chain of intermediate certificates + STACK_OF(X509) *intermediates = 0; + if (certificateChain.length() > 1) { +- intermediates = (STACK_OF(X509) *) q_sk_new_null(); ++ intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null(); + + if (!intermediates) { + q_X509_STORE_free(certStore); +@@ -1713,11 +1414,8 @@ + first = false; + continue; + } +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_push( (_STACK *)intermediates, reinterpret_cast(cert.handle())); +-#else +- q_sk_push( (STACK *)intermediates, reinterpret_cast(cert.handle())); +-#endif ++ ++ q_OPENSSL_sk_push((OPENSSL_STACK *)intermediates, reinterpret_cast(cert.handle())); + } + } + +@@ -1741,11 +1439,7 @@ + (void) q_X509_verify_cert(storeContext); + + q_X509_STORE_CTX_free(storeContext); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_free( (_STACK *) intermediates); +-#else +- q_sk_free( (STACK *) intermediates); +-#endif ++ q_OPENSSL_sk_free((OPENSSL_STACK *)intermediates); + + // Now process the errors + const auto errorList = std::move(_q_sslErrorList()->errors); +@@ -1819,7 +1513,8 @@ + // Convert to Qt types + if (!key->d->fromEVP_PKEY(pkey)) { + qCWarning(lcSsl, "Unable to convert private key"); +- q_sk_pop_free(reinterpret_cast(ca), reinterpret_cast(q_sk_free)); ++ q_OPENSSL_sk_pop_free(reinterpret_cast(ca), ++ reinterpret_cast(q_OPENSSL_sk_free)); + q_X509_free(x509); + q_EVP_PKEY_free(pkey); + q_PKCS12_free(p12); +@@ -1834,7 +1529,11 @@ + *caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca); + + // Clean up +- q_sk_pop_free(reinterpret_cast(ca), reinterpret_cast(q_sk_free)); ++ // TODO: verify ASAP, in the past we had sk_pop_free with q_OPENSSL_sk_free ++ // which seems to be blatantly wrong and even crashes with 1.1. ++ q_OPENSSL_sk_pop_free(reinterpret_cast(ca), ++ reinterpret_cast(q_X509_free)); ++ + q_X509_free(x509); + q_EVP_PKEY_free(pkey); + q_PKCS12_free(p12); +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_p.h +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_p.h 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_p.h 2017-07-27 13:36:11.798844367 +0200 +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -98,8 +98,8 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-typedef _STACK STACK; ++#if QT_CONFIG(opensslv11) ++#include + #endif + + QT_BEGIN_NAMESPACE +@@ -151,7 +151,7 @@ + #endif + + Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); +- static QSslCipher QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher); ++ static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); + static QList STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); + static QList verify(const QList &certificateChain, const QString &hostName); + static QString getErrorsFromOpenSsl(); +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11.cpp 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11.cpp 2017-07-27 13:36:11.800844292 +0200 +@@ -0,0 +1,424 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++QT_BEGIN_NAMESPACE ++ ++/* \internal ++ ++ From OpenSSL's thread(3) manual page: ++ ++ OpenSSL can safely be used in multi-threaded applications provided that at ++ least two callback functions are set. ++ ++ locking_function(int mode, int n, const char *file, int line) is needed to ++ perform locking on shared data structures. (Note that OpenSSL uses a ++ number of global data structures that will be implicitly shared ++ whenever multiple threads use OpenSSL.) Multi-threaded ++ applications will crash at random if it is not set. ... ++ ... ++ id_function(void) is a function that returns a thread ID. It is not ++ needed on Windows nor on platforms where getpid() returns a different ++ ID for each thread (most notably Linux) ++*/ ++ ++class QOpenSslLocks ++{ ++public: ++ QOpenSslLocks() ++ : initLocker(QMutex::Recursive), ++ locksLocker(QMutex::Recursive) ++ { ++ QMutexLocker locker(&locksLocker); ++ int numLocks = q_CRYPTO_num_locks(); ++ locks = new QMutex *[numLocks]; ++ memset(locks, 0, numLocks * sizeof(QMutex *)); ++ } ++ ~QOpenSslLocks() ++ { ++ QMutexLocker locker(&locksLocker); ++ for (int i = 0; i < q_CRYPTO_num_locks(); ++i) ++ delete locks[i]; ++ delete [] locks; ++ ++ QSslSocketPrivate::deinitialize(); ++ } ++ QMutex *lock(int num) ++ { ++ QMutexLocker locker(&locksLocker); ++ QMutex *tmp = locks[num]; ++ if (!tmp) ++ tmp = locks[num] = new QMutex(QMutex::Recursive); ++ return tmp; ++ } ++ ++ QMutex *globalLock() ++ { ++ return &locksLocker; ++ } ++ ++ QMutex *initLock() ++ { ++ return &initLocker; ++ } ++ ++private: ++ QMutex initLocker; ++ QMutex locksLocker; ++ QMutex **locks; ++}; ++ ++Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) ++ ++extern "C" { ++static void locking_function(int mode, int lockNumber, const char *, int) ++{ ++ QMutex *mutex = openssl_locks()->lock(lockNumber); ++ ++ // Lock or unlock it ++ if (mode & CRYPTO_LOCK) ++ mutex->lock(); ++ else ++ mutex->unlock(); ++} ++static unsigned long id_function() ++{ ++ return (quintptr)QThread::currentThreadId(); ++} ++ ++} // extern "C" ++ ++static void q_OpenSSL_add_all_algorithms_safe() ++{ ++#ifdef Q_OS_WIN ++ // Prior to version 1.0.1m an attempt to call OpenSSL_add_all_algorithms on ++ // Windows could result in 'exit' call from OPENSSL_config (QTBUG-43843). ++ // We can predict this and avoid OPENSSL_add_all_algorithms call. ++ // From OpenSSL docs: ++ // "An application does not need to add algorithms to use them explicitly, ++ // for example by EVP_sha1(). It just needs to add them if it (or any of ++ // the functions it calls) needs to lookup algorithms. ++ // The cipher and digest lookup functions are used in many parts of the ++ // library. If the table is not initialized several functions will ++ // misbehave and complain they cannot find algorithms. This includes the ++ // PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in ++ // the OpenSSL mailing lists." ++ // ++ // Anyway, as a result, we chose not to call this function if it would exit. ++ ++ if (q_SSLeay() < 0x100010DFL) ++ { ++ // Now, before we try to call it, check if an attempt to open config file ++ // will result in exit: ++ if (char *confFileName = q_CONF_get1_default_config_file()) { ++ BIO *confFile = q_BIO_new_file(confFileName, "r"); ++ const auto lastError = q_ERR_peek_last_error(); ++ q_CRYPTO_free(confFileName); ++ if (confFile) { ++ q_BIO_free(confFile); ++ } else { ++ q_ERR_clear_error(); ++ if (ERR_GET_REASON(lastError) == ERR_R_SYS_LIB) { ++ qCWarning(lcSsl, "failed to open openssl.conf file"); ++ return; ++ } ++ } ++ } ++ } ++#endif // Q_OS_WIN ++ ++ q_OpenSSL_add_all_algorithms(); ++} ++ ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ q_CRYPTO_set_id_callback(0); ++ q_CRYPTO_set_locking_callback(0); ++ q_ERR_free_strings(); ++} ++ ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ // Check if the library itself needs to be initialized. ++ QMutexLocker locker(openssl_locks()->initLock()); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ q_CRYPTO_set_id_callback(id_function); ++ q_CRYPTO_set_locking_callback(locking_function); ++ if (q_SSL_library_init() != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms_safe(); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ if (q_SSLeay() >= 0x10001000L) ++ QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); ++#endif ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ QMutexLocker locker(openssl_locks()->initLock()); ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_SSLeay(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_SSLeay_version(SSLEAY_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (ssl->session && ssl->s3) { ++ const char *mk = reinterpret_cast(ssl->session->master_key); ++ QByteArray masterKey(mk, ssl->session->master_key_length); ++ const char *random = reinterpret_cast(ssl->s3->client_random); ++ QByteArray clientRandom(random, SSL3_RANDOM_SIZE); ++ ++ // different format, needed for e.g. older Wireshark versions: ++// const char *sid = reinterpret_cast(ssl->session->session_id); ++// QByteArray sessionID(sid, ssl->session->session_id_length); ++// QByteArray debugLineRSA("RSA Session-ID:"); ++// debugLineRSA.append(sessionID.toHex().toUpper()); ++// debugLineRSA.append(" Master-Key:"); ++// debugLineRSA.append(masterKey.toHex().toUpper()); ++// debugLineRSA.append("\n"); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++#else ++ { ++#endif ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h 1970-01-01 01:00:00.000000000 +0100 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h 2017-07-27 13:36:11.801844254 +0200 +@@ -0,0 +1,230 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++ ++#ifndef QSSLSOCKET_OPENSSLPRE11_SYMBOLS_P_H ++#define QSSLSOCKET_OPENSSLPRE11_SYMBOLS_P_H ++ ++// ++// W A R N I N G ++// ------------- ++// ++// This file is not part of the Qt API. It exists purely as an ++// implementation detail. This header file may change from version to ++// version without notice, or even be removed. ++// ++// We mean it. ++// ++ ++// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done ++// in qsslsocket_openssl_symbols_p.h. ++ ++#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H ++#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" ++#endif ++ ++unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); ++BIO *q_BIO_new_file(const char *filename, const char *mode); ++void q_ERR_clear_error(); ++Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a); ++Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); ++int q_CRYPTO_num_locks(); ++void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); ++void q_CRYPTO_set_id_callback(unsigned long (*a)()); ++void q_CRYPTO_free(void *a); ++unsigned long q_ERR_peek_last_error(); ++void q_ERR_free_strings(); ++void q_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); ++void q_EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++typedef _STACK STACK; ++#endif ++ ++// The typedef we use to make our pre 1.1 code look more like 1.1 (less ifdefs). ++typedef STACK OPENSSL_STACK; ++ ++// We resolve q_sk_ functions, but use q_OPENSSL_sk_ macros in code to reduce ++// the amount of #ifdefs. ++int q_sk_num(STACK *a); ++#define q_OPENSSL_sk_num(a) q_sk_num(a) ++void q_sk_pop_free(STACK *a, void (*b)(void *)); ++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b) ++STACK *q_sk_new_null(); ++#define q_OPENSSL_sk_new_null() q_sk_new_null() ++ ++void q_sk_free(STACK *a); ++ ++// Just a name alias (not a function call expression) since in code we take an ++// address of this: ++#define q_OPENSSL_sk_free q_sk_free ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++void *q_sk_value(STACK *a, int b); ++void q_sk_push(STACK *st, void *data); ++#else ++char *q_sk_value(STACK *a, int b); ++void q_sk_push(STACK *st, char *data); ++#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L ++ ++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b) ++#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a); ++#else ++SSL_CTX *q_SSL_CTX_new(SSL_METHOD *a); ++#endif ++ ++int q_SSL_library_init(); ++void q_SSL_load_error_strings(); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++#endif ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#ifndef OPENSSL_NO_SSL2 ++const SSL_METHOD *q_SSLv2_client_method(); ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++const SSL_METHOD *q_SSLv3_client_method(); ++#endif ++const SSL_METHOD *q_SSLv23_client_method(); ++const SSL_METHOD *q_TLSv1_client_method(); ++const SSL_METHOD *q_TLSv1_1_client_method(); ++const SSL_METHOD *q_TLSv1_2_client_method(); ++#ifndef OPENSSL_NO_SSL2 ++const SSL_METHOD *q_SSLv2_server_method(); ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++const SSL_METHOD *q_SSLv3_server_method(); ++#endif ++const SSL_METHOD *q_SSLv23_server_method(); ++const SSL_METHOD *q_TLSv1_server_method(); ++const SSL_METHOD *q_TLSv1_1_server_method(); ++const SSL_METHOD *q_TLSv1_2_server_method(); ++#else ++#ifndef OPENSSL_NO_SSL2 ++SSL_METHOD *q_SSLv2_client_method(); ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++SSL_METHOD *q_SSLv3_client_method(); ++#endif ++SSL_METHOD *q_SSLv23_client_method(); ++SSL_METHOD *q_TLSv1_client_method(); ++SSL_METHOD *q_TLSv1_1_client_method(); ++SSL_METHOD *q_TLSv1_2_client_method(); ++#ifndef OPENSSL_NO_SSL2 ++SSL_METHOD *q_SSLv2_server_method(); ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++SSL_METHOD *q_SSLv3_server_method(); ++#endif ++SSL_METHOD *q_SSLv23_server_method(); ++SSL_METHOD *q_TLSv1_server_method(); ++SSL_METHOD *q_TLSv1_1_server_method(); ++SSL_METHOD *q_TLSv1_2_server_method(); ++#endif ++ ++STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); ++ ++#ifdef SSLEAY_MACROS ++int q_i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); ++int q_i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); ++RSA *q_d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); ++DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); ++#define q_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ ++ (RSA *)q_PEM_ASN1_read_bio( \ ++ (void *(*)(void**, const unsigned char**, long int))q_d2i_RSAPrivateKey, PEM_STRING_RSA, bp, (void **)x, cb, u) ++#define q_PEM_read_bio_DSAPrivateKey(bp, x, cb, u) \ ++ (DSA *)q_PEM_ASN1_read_bio( \ ++ (void *(*)(void**, const unsigned char**, long int))q_d2i_DSAPrivateKey, PEM_STRING_DSA, bp, (void **)x, cb, u) ++#define q_PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_RSAPrivateKey,PEM_STRING_RSA,\ ++ bp,(char *)x,enc,kstr,klen,cb,u) ++#define q_PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ ++ bp,(char *)x,enc,kstr,klen,cb,u) ++#define q_PEM_read_bio_DHparams(bp, dh, cb, u) \ ++ (DH *)q_PEM_ASN1_read_bio( \ ++ (void *(*)(void**, const unsigned char**, long int))q_d2i_DHparams, PEM_STRING_DHPARAMS, bp, (void **)x, cb, u) ++#endif // SSLEAY_MACROS ++ ++#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) ++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) ++#define q_X509_getm_notAfter(x) X509_get_notAfter(x) ++#define q_X509_getm_notBefore(x) X509_get_notBefore(x) ++ ++// "Forward compatibility" with OpenSSL 1.1 (to save on #if-ery elsewhere): ++#define q_X509_get_version(x509) q_ASN1_INTEGER_get((x509)->cert_info->version) ++#define q_ASN1_STRING_get0_data(x) q_ASN1_STRING_data(x) ++#define q_EVP_PKEY_base_id(pkey) ((pkey)->type) ++#define q_X509_get_pubkey(x509) q_X509_PUBKEY_get((x509)->cert_info->key) ++#define q_SSL_SESSION_get_ticket_lifetime_hint(s) ((s)->tlsext_tick_lifetime_hint) ++#define q_RSA_bits(rsa) q_BN_num_bits((rsa)->n) ++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p) ++#define q_X509_STORE_set_verify_cb(s,c) X509_STORE_set_verify_cb_func((s),(c)) ++ ++char *q_CONF_get1_default_config_file(); ++void q_OPENSSL_add_all_algorithms_noconf(); ++void q_OPENSSL_add_all_algorithms_conf(); ++ ++long q_SSLeay(); ++const char *q_SSLeay_version(int type); ++ ++ ++#endif // QSSLSOCKET_OPENSSL_PRE11_SYMBOLS_P_H +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols.cpp +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-07-27 13:36:11.799844330 +0200 +@@ -1,7 +1,8 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2016 Richard J. Moore + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -136,49 +137,195 @@ + + #endif // QT_LINKED_OPENSSL + ++#if QT_CONFIG(opensslv11) ++ ++// Below are the functions first introduced in version 1.1: ++ ++DEFINEFUNC(const unsigned char *, ASN1_STRING_get0_data, const ASN1_STRING *a, a, return 0, return) ++DEFINEFUNC2(int, OPENSSL_init_ssl, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) ++DEFINEFUNC2(int, OPENSSL_init_crypto, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) ++DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return) ++DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) ++DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) ++DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) ++DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) ++DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) ++DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) ++DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return 0, return) ++DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) ++DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) ++DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return) ++DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return) ++DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) ++ ++DEFINEFUNC(const SSL_METHOD *, TLS_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLS_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLS_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_getm_notBefore, X509 *a, a, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *a, a, return 0, return) ++DEFINEFUNC(long, X509_get_version, X509 *a, a, return -1, return) ++DEFINEFUNC(EVP_PKEY *, X509_get_pubkey, X509 *a, a, return 0, return) ++DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_verify_cb verify_cb, verify_cb, return, DUMMYARG) ++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return 0, return) ++DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG) ++DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return) ++DEFINEFUNC(const char *, OpenSSL_version, int a, a, return 0, return) ++DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return) ++DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG) ++DEFINEFUNC(int, DH_bits, DH *dh, dh, return 0, return) ++ ++#else // QT_CONFIG(opensslv11) ++ ++// Functions below are either deprecated or removed in OpenSSL >= 1.1: ++ ++DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) ++ + #ifdef SSLEAY_MACROS + DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return 0, return) + #endif ++DEFINEFUNC2(BIO *, BIO_new_file, const char *filename, filename, const char *mode, mode, return 0, return) ++DEFINEFUNC(void, ERR_clear_error, DUMMYARG, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) ++DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) ++DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) ++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) ++DEFINEFUNC(unsigned long, ERR_peek_last_error, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++ ++#ifdef SSLEAY_MACROS ++DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) ++DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) ++#endif // SSLEAY_MACROS ++ ++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) ++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) ++#else ++DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L ++ ++DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) ++DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#else ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++ ++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) ++ ++#ifdef SSLEAY_MACROS ++DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) ++DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) ++#ifndef OPENSSL_NO_EC ++DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) ++#endif ++DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) ++DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) ++#ifndef OPENSSL_NO_EC ++DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) ++#endif ++#endif ++DEFINEFUNC(char *, CONF_get1_default_config_file, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) ++DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) ++ ++#endif // QT_CONFIG(opensslv11) ++ + DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return) +-DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) + DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return) +-DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); ++DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return) + DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) + DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) +-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) + DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) + DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) +-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++ + DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) + DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L +-DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) +-#endif + DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast(-1), return) + #ifndef OPENSSL_NO_EC + DEFINEFUNC(const EC_GROUP*, EC_KEY_get0_group, const EC_KEY* k, k, return 0, return) + DEFINEFUNC(int, EC_GROUP_get_degree, const EC_GROUP* g, g, return 0, return) + #endif +-DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) +-DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) +-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) + DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) + DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return) + DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return 0, return) + DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) +-DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) +-DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) +-DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return); ++DEFINEFUNC(EVP_CIPHER_CTX *, EVP_CIPHER_CTX_new, void, DUMMYARG, return 0, return) ++DEFINEFUNC(void, EVP_CIPHER_CTX_free, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return) + DEFINEFUNC2(int, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX *ctx, ctx, int keylen, keylen, return 0, return) +-DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return); +-DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return); +-DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return); ++DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return) ++DEFINEFUNC6(int, EVP_CipherInit_ex, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *cipher, cipher, ENGINE *impl, impl, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return) ++DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return) ++DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_des_cbc, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) + DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) + DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return) +@@ -202,10 +349,8 @@ + DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d, return -1, return) + + DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return) +-#ifdef SSLEAY_MACROS +-DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) +-DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) +-#else ++ ++#ifndef SSLEAY_MACROS + DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) +@@ -218,7 +363,7 @@ + #ifndef OPENSSL_NO_EC + DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return) + #endif +-#endif ++#endif // !SSLEAY_MACROS + DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) +@@ -234,23 +379,10 @@ + DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return) + DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG) +-DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) +-DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) +-DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) +-DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) +-#else +-DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) +-DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) +-DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) +-#endif + DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return) + DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return) +-DEFINEFUNC3(char *, SSL_CIPHER_description, SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) +-DEFINEFUNC2(int, SSL_CIPHER_get_bits, SSL_CIPHER *a, a, int *b, b, return 0, return) ++DEFINEFUNC3(char *, SSL_CIPHER_description, const SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) ++DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *a, a, int *b, b, return 0, return) + DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return) + DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return) + DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return) +@@ -287,8 +419,6 @@ + #else + DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, return -1, return) + #endif +-DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) +-DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) + DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return) + DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, void *parg, parg, return -1, return) + DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return) +@@ -301,7 +431,6 @@ + DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return 0, return) + DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return 0, return) + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) + DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return) + DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return NULL, return) + #endif +@@ -310,51 +439,9 @@ + DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG) + DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return) + #endif +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#else +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif + DEFINEFUNC3(int, SSL_write, SSL *a, a, const void *b, b, int c, c, return -1, return) + DEFINEFUNC2(int, X509_cmp, X509 *a, a, X509 *b, b, return -1, return) ++DEFINEFUNC4(int, X509_digest, const X509 *x509, x509, const EVP_MD *type, type, unsigned char *md, md, unsigned int *len, len, return -1, return) + #ifndef SSLEAY_MACROS + DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return 0, return) + #endif +@@ -378,6 +465,7 @@ + DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) + DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) + DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) ++DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *a, a, return 0, return) + DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return) + DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return) +@@ -393,25 +481,8 @@ + DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) +-DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) + DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return) +-#ifdef SSLEAY_MACROS +-DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) +-DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) +-#ifndef OPENSSL_NO_EC +-DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) +-#endif +-DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) +-DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) +-#ifndef OPENSSL_NO_EC +-DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) +-#endif +-#endif +-DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) +-DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) + DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) +-DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) +-DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) + DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return) + DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return 0, return) + #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +@@ -694,8 +765,8 @@ + #ifndef Q_OS_DARWIN + // second attempt: find the development files libssl.so and libcrypto.so + // +- // disabled on OS X/iOS: +- // OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third ++ // disabled on macOS/iOS: ++ // macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third + // attempt, _after_ /Contents/Frameworks has been searched. + // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. + libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); +@@ -754,8 +825,12 @@ + static bool symbolsResolved = false; + static bool triedToResolveSymbols = false; + #ifndef QT_NO_THREAD ++#if QT_CONFIG(opensslv11) ++ QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_OPENSSL_init_ssl)); ++#else + QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_SSL_library_init)); + #endif ++#endif + if (symbolsResolved) + return true; + if (triedToResolveSymbols) +@@ -771,11 +846,145 @@ + // failed to load them + return false; + ++#if QT_CONFIG(opensslv11) ++ ++ RESOLVEFUNC(OPENSSL_init_ssl) ++ RESOLVEFUNC(OPENSSL_init_crypto) ++ RESOLVEFUNC(ASN1_STRING_get0_data) ++ RESOLVEFUNC(EVP_CIPHER_CTX_reset) ++ RESOLVEFUNC(EVP_PKEY_base_id) ++ RESOLVEFUNC(RSA_bits) ++ RESOLVEFUNC(OPENSSL_sk_new_null) ++ RESOLVEFUNC(OPENSSL_sk_push) ++ RESOLVEFUNC(OPENSSL_sk_free) ++ RESOLVEFUNC(OPENSSL_sk_num) ++ RESOLVEFUNC(OPENSSL_sk_pop_free) ++ RESOLVEFUNC(OPENSSL_sk_value) ++ RESOLVEFUNC(DH_get0_pqg) ++ RESOLVEFUNC(SSL_CTX_set_options) ++ RESOLVEFUNC(SSL_get_client_random) ++ RESOLVEFUNC(SSL_SESSION_get_master_key) ++ RESOLVEFUNC(SSL_session_reused) ++ RESOLVEFUNC(SSL_get_session) ++ RESOLVEFUNC(CRYPTO_get_ex_new_index) ++ RESOLVEFUNC(TLS_method) ++ RESOLVEFUNC(TLS_client_method) ++ RESOLVEFUNC(TLS_server_method) ++ RESOLVEFUNC(X509_STORE_CTX_get0_chain) ++ RESOLVEFUNC(X509_getm_notBefore) ++ RESOLVEFUNC(X509_getm_notAfter) ++ RESOLVEFUNC(X509_get_version) ++ RESOLVEFUNC(X509_get_pubkey) ++ RESOLVEFUNC(X509_STORE_set_verify_cb) ++ RESOLVEFUNC(CRYPTO_free) ++ RESOLVEFUNC(OpenSSL_version_num) ++ RESOLVEFUNC(OpenSSL_version) ++ if (!_q_OpenSSL_version) { ++ // Apparently, we were built with OpenSSL 1.1 enabled but are now using ++ // a wrong library. ++ delete libs.first; ++ delete libs.second; ++ qCWarning(lcSsl, "Incompatible version of OpenSSL"); ++ return false; ++ } ++ ++ RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) ++ RESOLVEFUNC(DH_bits) ++ RESOLVEFUNC(DSA_bits) ++ ++#else // !opensslv11 ++ ++ RESOLVEFUNC(ASN1_STRING_data) ++ + #ifdef SSLEAY_MACROS + RESOLVEFUNC(ASN1_dup) ++#endif // SSLEAY_MACROS ++ RESOLVEFUNC(BIO_new_file) ++ RESOLVEFUNC(ERR_clear_error) ++ RESOLVEFUNC(CRYPTO_free) ++ RESOLVEFUNC(CRYPTO_num_locks) ++ RESOLVEFUNC(CRYPTO_set_id_callback) ++ RESOLVEFUNC(CRYPTO_set_locking_callback) ++ RESOLVEFUNC(ERR_peek_last_error) ++ RESOLVEFUNC(ERR_free_strings) ++ RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) ++ RESOLVEFUNC(EVP_CIPHER_CTX_init) ++ ++#ifdef SSLEAY_MACROS // ### verify ++ RESOLVEFUNC(PEM_ASN1_read_bio) ++#endif // SSLEAY_MACROS ++ ++ RESOLVEFUNC(sk_new_null) ++ RESOLVEFUNC(sk_push) ++ RESOLVEFUNC(sk_free) ++ RESOLVEFUNC(sk_num) ++ RESOLVEFUNC(sk_pop_free) ++ RESOLVEFUNC(sk_value) ++ RESOLVEFUNC(SSL_library_init) ++ RESOLVEFUNC(SSL_load_error_strings) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(SSL_get_ex_new_index) + #endif ++#ifndef OPENSSL_NO_SSL2 ++ RESOLVEFUNC(SSLv2_client_method) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++ RESOLVEFUNC(SSLv3_client_method) ++#endif ++ RESOLVEFUNC(SSLv23_client_method) ++ RESOLVEFUNC(TLSv1_client_method) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(TLSv1_1_client_method) ++ RESOLVEFUNC(TLSv1_2_client_method) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++ RESOLVEFUNC(SSLv2_server_method) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++ RESOLVEFUNC(SSLv3_server_method) ++#endif ++ RESOLVEFUNC(SSLv23_server_method) ++ RESOLVEFUNC(TLSv1_server_method) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(TLSv1_1_server_method) ++ RESOLVEFUNC(TLSv1_2_server_method) ++#endif ++ RESOLVEFUNC(X509_STORE_CTX_get_chain) ++#ifdef SSLEAY_MACROS ++ RESOLVEFUNC(i2d_DSAPrivateKey) ++ RESOLVEFUNC(i2d_RSAPrivateKey) ++ RESOLVEFUNC(d2i_DSAPrivateKey) ++ RESOLVEFUNC(d2i_RSAPrivateKey) ++#endif ++ RESOLVEFUNC(CONF_get1_default_config_file) ++ RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) ++ RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) ++ RESOLVEFUNC(SSLeay) ++ ++ if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { ++ // OpenSSL 1.1 has deprecated and removed SSLeay. We consider a failure to ++ // resolve this symbol as a failure to resolve symbols. ++ // The right operand of '||' above is ... a bit of paranoia. ++ delete libs.first; ++ delete libs.second; ++ qCWarning(lcSsl, "Incompatible version of OpenSSL"); ++ return false; ++ } ++ ++ ++ RESOLVEFUNC(SSLeay_version) ++ ++#ifndef OPENSSL_NO_EC ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) ++ RESOLVEFUNC(EC_curve_nist2nid) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ++#endif // OPENSSL_NO_EC ++ ++ ++#endif // !opensslv11 ++ + RESOLVEFUNC(ASN1_INTEGER_get) +- RESOLVEFUNC(ASN1_STRING_data) + RESOLVEFUNC(ASN1_STRING_length) + RESOLVEFUNC(ASN1_STRING_to_UTF8) + RESOLVEFUNC(BIO_ctrl) +@@ -794,25 +1003,22 @@ + RESOLVEFUNC(BN_is_word) + #endif + RESOLVEFUNC(BN_mod_word) +- RESOLVEFUNC(CRYPTO_free) +- RESOLVEFUNC(CRYPTO_num_locks) +- RESOLVEFUNC(CRYPTO_set_id_callback) +- RESOLVEFUNC(CRYPTO_set_locking_callback) + RESOLVEFUNC(DSA_new) + RESOLVEFUNC(DSA_free) + RESOLVEFUNC(ERR_error_string) + RESOLVEFUNC(ERR_get_error) +- RESOLVEFUNC(ERR_free_strings) +- RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) +- RESOLVEFUNC(EVP_CIPHER_CTX_init) ++ RESOLVEFUNC(EVP_CIPHER_CTX_new) ++ RESOLVEFUNC(EVP_CIPHER_CTX_free) + RESOLVEFUNC(EVP_CIPHER_CTX_ctrl) + RESOLVEFUNC(EVP_CIPHER_CTX_set_key_length) + RESOLVEFUNC(EVP_CipherInit) ++ RESOLVEFUNC(EVP_CipherInit_ex) + RESOLVEFUNC(EVP_CipherUpdate) + RESOLVEFUNC(EVP_CipherFinal) + RESOLVEFUNC(EVP_des_cbc) + RESOLVEFUNC(EVP_des_ede3_cbc) + RESOLVEFUNC(EVP_rc2_cbc) ++ RESOLVEFUNC(EVP_sha1) + RESOLVEFUNC(EVP_PKEY_assign) + RESOLVEFUNC(EVP_PKEY_set1_RSA) + RESOLVEFUNC(EVP_PKEY_set1_DSA) +@@ -834,9 +1040,8 @@ + RESOLVEFUNC(i2t_ASN1_OBJECT) + RESOLVEFUNC(OBJ_obj2txt) + RESOLVEFUNC(OBJ_obj2nid) +-#ifdef SSLEAY_MACROS // ### verify +- RESOLVEFUNC(PEM_ASN1_read_bio) +-#else ++ ++#ifndef SSLEAY_MACROS + RESOLVEFUNC(PEM_read_bio_PrivateKey) + RESOLVEFUNC(PEM_read_bio_DSAPrivateKey) + RESOLVEFUNC(PEM_read_bio_RSAPrivateKey) +@@ -849,7 +1054,8 @@ + #ifndef OPENSSL_NO_EC + RESOLVEFUNC(PEM_write_bio_ECPrivateKey) + #endif +-#endif ++#endif // !SSLEAY_MACROS ++ + RESOLVEFUNC(PEM_read_bio_PUBKEY) + RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY) + RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY) +@@ -865,12 +1071,6 @@ + RESOLVEFUNC(RAND_status) + RESOLVEFUNC(RSA_new) + RESOLVEFUNC(RSA_free) +- RESOLVEFUNC(sk_new_null) +- RESOLVEFUNC(sk_push) +- RESOLVEFUNC(sk_free) +- RESOLVEFUNC(sk_num) +- RESOLVEFUNC(sk_pop_free) +- RESOLVEFUNC(sk_value) + RESOLVEFUNC(SSL_CIPHER_description) + RESOLVEFUNC(SSL_CIPHER_get_bits) + RESOLVEFUNC(SSL_CTX_check_private_key) +@@ -898,8 +1098,6 @@ + RESOLVEFUNC(SSL_get_peer_cert_chain) + RESOLVEFUNC(SSL_get_peer_certificate) + RESOLVEFUNC(SSL_get_verify_result) +- RESOLVEFUNC(SSL_library_init) +- RESOLVEFUNC(SSL_load_error_strings) + RESOLVEFUNC(SSL_new) + RESOLVEFUNC(SSL_ctrl) + RESOLVEFUNC(SSL_read) +@@ -912,7 +1110,6 @@ + RESOLVEFUNC(SSL_get1_session) + RESOLVEFUNC(SSL_get_session) + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(SSL_get_ex_new_index) + RESOLVEFUNC(SSL_set_ex_data) + RESOLVEFUNC(SSL_get_ex_data) + #endif +@@ -922,30 +1119,6 @@ + RESOLVEFUNC(SSL_CTX_use_psk_identity_hint) + #endif + RESOLVEFUNC(SSL_write) +-#ifndef OPENSSL_NO_SSL2 +- RESOLVEFUNC(SSLv2_client_method) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +- RESOLVEFUNC(SSLv3_client_method) +-#endif +- RESOLVEFUNC(SSLv23_client_method) +- RESOLVEFUNC(TLSv1_client_method) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(TLSv1_1_client_method) +- RESOLVEFUNC(TLSv1_2_client_method) +-#endif +-#ifndef OPENSSL_NO_SSL2 +- RESOLVEFUNC(SSLv2_server_method) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +- RESOLVEFUNC(SSLv3_server_method) +-#endif +- RESOLVEFUNC(SSLv23_server_method) +- RESOLVEFUNC(TLSv1_server_method) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(TLSv1_1_server_method) +- RESOLVEFUNC(TLSv1_2_server_method) +-#endif + RESOLVEFUNC(X509_NAME_entry_count) + RESOLVEFUNC(X509_NAME_get_entry) + RESOLVEFUNC(X509_NAME_ENTRY_get_data) +@@ -961,12 +1134,12 @@ + RESOLVEFUNC(X509_STORE_CTX_get_error) + RESOLVEFUNC(X509_STORE_CTX_get_error_depth) + RESOLVEFUNC(X509_STORE_CTX_get_current_cert) +- RESOLVEFUNC(X509_STORE_CTX_get_chain) + RESOLVEFUNC(X509_cmp) + #ifndef SSLEAY_MACROS + RESOLVEFUNC(X509_dup) + #endif + RESOLVEFUNC(X509_print) ++ RESOLVEFUNC(X509_digest) + RESOLVEFUNC(X509_EXTENSION_get_object) + RESOLVEFUNC(X509_free) + RESOLVEFUNC(X509_get_ext) +@@ -982,20 +1155,11 @@ + RESOLVEFUNC(X509_check_issued) + RESOLVEFUNC(X509_get_issuer_name) + RESOLVEFUNC(X509_get_subject_name) ++ RESOLVEFUNC(X509_get_serialNumber) + RESOLVEFUNC(X509_verify_cert) + RESOLVEFUNC(d2i_X509) + RESOLVEFUNC(i2d_X509) +-#ifdef SSLEAY_MACROS +- RESOLVEFUNC(i2d_DSAPrivateKey) +- RESOLVEFUNC(i2d_RSAPrivateKey) +- RESOLVEFUNC(d2i_DSAPrivateKey) +- RESOLVEFUNC(d2i_RSAPrivateKey) +-#endif +- RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) +- RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) + RESOLVEFUNC(SSL_CTX_load_verify_locations) +- RESOLVEFUNC(SSLeay) +- RESOLVEFUNC(SSLeay_version) + RESOLVEFUNC(i2d_SSL_SESSION) + RESOLVEFUNC(d2i_SSL_SESSION) + #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +@@ -1019,27 +1183,14 @@ + RESOLVEFUNC(EC_KEY_new_by_curve_name) + RESOLVEFUNC(EC_KEY_free) + RESOLVEFUNC(EC_get_builtin_curves) +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) +- RESOLVEFUNC(EC_curve_nist2nid) +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + #endif // OPENSSL_NO_EC + RESOLVEFUNC(PKCS12_parse) + RESOLVEFUNC(d2i_PKCS12_bio) + RESOLVEFUNC(PKCS12_free) + ++ symbolsResolved = true; + delete libs.first; + delete libs.second; +- if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { +- // OpenSSL 1.1 deprecated and removed SSLeay. We consider a failure to +- // resolve this symbol as a failure to resolve symbols. +- // The right operand of '||' above ... a bit of paranoia. +- qCWarning(lcSsl, "Incompatible version of OpenSSL"); +- return false; +- } +- +- symbolsResolved = true; +- + return true; + } + #endif // QT_CONFIG(library) +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols_p.h +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-07-27 13:36:11.800844292 +0200 +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. + ** Contact: https://www.qt.io/licensing/ + ** +@@ -56,6 +56,7 @@ + #ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H + #define QSSLSOCKET_OPENSSL_SYMBOLS_P_H + ++ + // + // W A R N I N G + // ------------- +@@ -215,17 +216,20 @@ + + #endif // !defined QT_LINKED_OPENSSL + ++#if QT_CONFIG(opensslv11) ++#include "qsslsocket_openssl11_symbols_p.h" ++#else ++#include "qsslsocket_opensslpre11_symbols_p.h" ++#endif // QT_CONFIG ++ + bool q_resolveOpenSslSymbols(); + long q_ASN1_INTEGER_get(ASN1_INTEGER *a); +-unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); + int q_ASN1_STRING_length(ASN1_STRING *a); + int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); + long q_BIO_ctrl(BIO *a, int b, long c, void *d); + Q_AUTOTEST_EXPORT int q_BIO_free(BIO *a); +-Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a); + BIO *q_BIO_new_mem_buf(void *a, int b); + int q_BIO_read(BIO *a, void *b, int c); +-Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); + Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c); + int q_BN_num_bits(const BIGNUM *a); + #if OPENSSL_VERSION_NUMBER >= 0x10100000L +@@ -247,26 +251,23 @@ + const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k); + int q_EC_GROUP_get_degree(const EC_GROUP* g); + #endif +-int q_CRYPTO_num_locks(); +-void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); +-void q_CRYPTO_set_id_callback(unsigned long (*a)()); +-void q_CRYPTO_free(void *a); + DSA *q_DSA_new(); + void q_DSA_free(DSA *a); + X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); + char *q_ERR_error_string(unsigned long a, char *b); + unsigned long q_ERR_get_error(); +-void q_ERR_free_strings(); +-void q_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +-void q_EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); ++EVP_CIPHER_CTX *q_EVP_CIPHER_CTX_new(); ++void q_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); + int q_EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); + int q_EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); + int q_EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv, int enc); ++int q_EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); + int q_EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); + int q_EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + const EVP_CIPHER *q_EVP_des_cbc(); + const EVP_CIPHER *q_EVP_des_ede3_cbc(); + const EVP_CIPHER *q_EVP_rc2_cbc(); ++const EVP_MD *q_EVP_sha1(); + int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); + Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); + int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); +@@ -310,7 +311,7 @@ + int q_PEM_write_bio_ECPrivateKey(BIO *a, EC_KEY *b, const EVP_CIPHER *c, unsigned char *d, + int e, pem_password_cb *f, void *g); + #endif +-#endif ++#endif // SSLEAY_MACROS + Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PUBKEY(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d); + DSA *q_PEM_read_bio_DSA_PUBKEY(BIO *a, DSA **b, pem_password_cb *c, void *d); + RSA *q_PEM_read_bio_RSA_PUBKEY(BIO *a, RSA **b, pem_password_cb *c, void *d); +@@ -326,23 +327,10 @@ + int q_RAND_status(); + RSA *q_RSA_new(); + void q_RSA_free(RSA *a); +-int q_sk_num(STACK *a); +-void q_sk_pop_free(STACK *a, void (*b)(void *)); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-_STACK *q_sk_new_null(); +-void q_sk_push(_STACK *st, void *data); +-void q_sk_free(_STACK *a); +-void * q_sk_value(STACK *a, int b); +-#else +-STACK *q_sk_new_null(); +-void q_sk_push(STACK *st, char *data); +-void q_sk_free(STACK *a); +-char * q_sk_value(STACK *a, int b); +-#endif + int q_SSL_accept(SSL *a); + int q_SSL_clear(SSL *a); +-char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c); +-int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b); ++char *q_SSL_CIPHER_description(const SSL_CIPHER *a, char *b, int c); ++int q_SSL_CIPHER_get_bits(const SSL_CIPHER *a, int *b); + int q_SSL_connect(SSL *a); + int q_SSL_CTX_check_private_key(const SSL_CTX *a); + long q_SSL_CTX_ctrl(SSL_CTX *a, int b, long c, void *d); +@@ -374,8 +362,6 @@ + STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); + X509 *q_SSL_get_peer_certificate(SSL *a); + long q_SSL_get_verify_result(const SSL *a); +-int q_SSL_library_init(); +-void q_SSL_load_error_strings(); + SSL *q_SSL_new(SSL_CTX *a); + long q_SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); + int q_SSL_read(SSL *a, void *b, int c); +@@ -388,7 +374,6 @@ + SSL_SESSION *q_SSL_get1_session(SSL *ssl); + SSL_SESSION *q_SSL_get_session(const SSL *ssl); + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +-int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int q_SSL_set_ex_data(SSL *ssl, int idx, void *arg); + void *q_SSL_get_ex_data(const SSL *ssl, int idx); + #endif +@@ -399,49 +384,6 @@ + void q_SSL_set_psk_server_callback(SSL *ssl, q_psk_server_callback_t callback); + int q_SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); + #endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-#ifndef OPENSSL_NO_SSL2 +-const SSL_METHOD *q_SSLv2_client_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-const SSL_METHOD *q_SSLv3_client_method(); +-#endif +-const SSL_METHOD *q_SSLv23_client_method(); +-const SSL_METHOD *q_TLSv1_client_method(); +-const SSL_METHOD *q_TLSv1_1_client_method(); +-const SSL_METHOD *q_TLSv1_2_client_method(); +-#ifndef OPENSSL_NO_SSL2 +-const SSL_METHOD *q_SSLv2_server_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-const SSL_METHOD *q_SSLv3_server_method(); +-#endif +-const SSL_METHOD *q_SSLv23_server_method(); +-const SSL_METHOD *q_TLSv1_server_method(); +-const SSL_METHOD *q_TLSv1_1_server_method(); +-const SSL_METHOD *q_TLSv1_2_server_method(); +-#else +-#ifndef OPENSSL_NO_SSL2 +-SSL_METHOD *q_SSLv2_client_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-SSL_METHOD *q_SSLv3_client_method(); +-#endif +-SSL_METHOD *q_SSLv23_client_method(); +-SSL_METHOD *q_TLSv1_client_method(); +-SSL_METHOD *q_TLSv1_1_client_method(); +-SSL_METHOD *q_TLSv1_2_client_method(); +-#ifndef OPENSSL_NO_SSL2 +-SSL_METHOD *q_SSLv2_server_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-SSL_METHOD *q_SSLv3_server_method(); +-#endif +-SSL_METHOD *q_SSLv23_server_method(); +-SSL_METHOD *q_TLSv1_server_method(); +-SSL_METHOD *q_TLSv1_1_server_method(); +-SSL_METHOD *q_TLSv1_2_server_method(); +-#endif + int q_SSL_write(SSL *a, const void *b, int c); + int q_X509_cmp(X509 *a, X509 *b); + #ifdef SSLEAY_MACROS +@@ -452,6 +394,7 @@ + X509 *q_X509_dup(X509 *a); + #endif + void q_X509_print(BIO *a, X509*b); ++int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len); + ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); + void q_X509_free(X509 *a); + X509_EXTENSION *q_X509_get_ext(X509 *a, int b); +@@ -471,6 +414,7 @@ + int q_X509_check_issued(X509 *a, X509 *b); + X509_NAME *q_X509_get_issuer_name(X509 *a); + X509_NAME *q_X509_get_subject_name(X509 *a); ++ASN1_INTEGER *q_X509_get_serialNumber(X509 *a); + int q_X509_verify_cert(X509_STORE_CTX *ctx); + int q_X509_NAME_entry_count(X509_NAME *a); + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); +@@ -488,7 +432,6 @@ + int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +-STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + + // Diffie-Hellman support + DH *q_DH_new(); +@@ -522,34 +465,9 @@ + PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12); + void q_PKCS12_free(PKCS12 *pkcs12); + +- + #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) + #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +-#ifdef SSLEAY_MACROS +-int q_i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +-int q_i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); +-RSA *q_d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +-DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); +-#define q_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ +- (RSA *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_RSAPrivateKey, PEM_STRING_RSA, bp, (void **)x, cb, u) +-#define q_PEM_read_bio_DSAPrivateKey(bp, x, cb, u) \ +- (DSA *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_DSAPrivateKey, PEM_STRING_DSA, bp, (void **)x, cb, u) +-#define q_PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_RSAPrivateKey,PEM_STRING_RSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define q_PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define q_PEM_read_bio_DHparams(bp, dh, cb, u) \ +- (DH *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_DHparams, PEM_STRING_DHPARAMS, bp, (void **)x, cb, u) +-#endif +-#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) + #define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +-#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) +-#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) + #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) + #define q_sk_GENERAL_NAME_value(st, i) q_SKM_sk_value(GENERAL_NAME, (st), (i)) + #define q_sk_X509_num(st) q_SKM_sk_num(X509, (st)) +@@ -558,18 +476,12 @@ + #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) + #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ + q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +-#define q_X509_get_notAfter(x) X509_get_notAfter(x) +-#define q_X509_get_notBefore(x) X509_get_notBefore(x) + #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) + #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) + #define q_OpenSSL_add_all_algorithms() q_OPENSSL_add_all_algorithms_conf() +-void q_OPENSSL_add_all_algorithms_noconf(); +-void q_OPENSSL_add_all_algorithms_conf(); + int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); +-long q_SSLeay(); +-const char *q_SSLeay_version(int type); + int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); + SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); + +diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/ssl.pri qtbase-opensource-src-5.9.1/src/network/ssl/ssl.pri +--- qtbase-opensource-src-5.9.1.than/src/network/ssl/ssl.pri 2017-06-28 11:54:29.000000000 +0200 ++++ qtbase-opensource-src-5.9.1/src/network/ssl/ssl.pri 2017-07-27 13:36:11.801844254 +0200 +@@ -60,13 +60,25 @@ + HEADERS += ssl/qsslcontext_openssl_p.h \ + ssl/qsslsocket_openssl_p.h \ + ssl/qsslsocket_openssl_symbols_p.h +- SOURCES += ssl/qsslcertificate_openssl.cpp \ +- ssl/qsslcontext_openssl.cpp \ ++ SOURCES += ssl/qsslsocket_openssl_symbols.cpp \ + ssl/qssldiffiehellmanparameters_openssl.cpp \ ++ ssl/qsslcertificate_openssl.cpp \ + ssl/qsslellipticcurve_openssl.cpp \ + ssl/qsslkey_openssl.cpp \ + ssl/qsslsocket_openssl.cpp \ +- ssl/qsslsocket_openssl_symbols.cpp ++ ssl/qsslcontext_openssl.cpp ++ ++ qtConfig(opensslv11) { ++ HEADERS += ssl/qsslsocket_openssl11_symbols_p.h ++ SOURCES += ssl/qsslsocket_openssl11.cpp \ ++ ssl/qsslcontext_openssl11.cpp ++ ++ QMAKE_CXXFLAGS += -DOPENSSL_API_COMPAT=0x10100000L ++ } else { ++ HEADERS += ssl/qsslsocket_opensslpre11_symbols_p.h ++ SOURCES += ssl/qsslsocket_opensslpre11.cpp \ ++ ssl/qsslcontext_opensslpre11.cpp ++ } + + darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp + diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index f5c6aac..147186b 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -1,20 +1,24 @@ # See http://bugzilla.redhat.com/223663 -%define multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9 -%define multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 +%global multilib_archs x86_64 %{ix86} %{?mips} ppc64 ppc s390x s390 sparc64 sparcv9 +%global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 + +# support openssl-1.1 +%global openssl11 1 +%global openssl -openssl-linked # support qtchooser (adds qtchooser .conf file) -%define qtchooser 1 +%global qtchooser 1 %if 0%{?qtchooser} -%define priority 10 +%global priority 10 %ifarch %{multilib_basearchs} -%define priority 15 +%global priority 15 %endif %endif -%define platform linux-g++ +%global platform linux-g++ %if 0%{?use_clang} -%define platform linux-clang +%global platform linux-clang %endif %global qt_module qtbase @@ -49,7 +53,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 2%{?dist} +Release: 3%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -94,9 +98,8 @@ Patch52: qtbase-opensource-src-5.7.1-moc_macros.patch # drop -O3 and make -O2 by default Patch61: qt5-qtbase-cxxflag.patch -# adapted from berolinux for fedora -# https://github.com/patch-exchange/openssl-1.1-transition/blob/master/qt5-qtbase/qtbase-5.7.0-openssl-1.1.patch -Patch63: qt5-qtbase-5.7.1-openssl11.patch +# backport from upstream +Patch63: qt5-qtbase-5.9.1-openssl11.patch # support firebird version 3.x Patch64: qt5-qtbase-5.9.1-firebird.patch @@ -143,16 +146,7 @@ BuildRequires: pkgconfig(libproxy-1.0) BuildRequires: pkgconfig(ice) pkgconfig(sm) BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libudev) -%if 0%{?fedora} > 25 || 0%{?rhel} > 7 -%global openssl -openssl-linked -BuildRequires: compat-openssl10-devel -#global openssl -openssl -# since openssl is loaded dynamically, add an explicit dependency -#Requires: openssl-libs%{?_isa} -%else -%global openssl -openssl-linked BuildRequires: pkgconfig(openssl) -%endif BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib) %if 0%{?fedora} %global xkbcommon -system-xkbcommon @@ -170,7 +164,7 @@ Provides: bundled(libxkbcommon) = 0.4.1 %endif BuildRequires: pkgconfig(xkeyboard-config) %if 0%{?fedora} || 0%{?rhel} > 6 -%define egl 1 +%global egl 1 BuildRequires: pkgconfig(egl) BuildRequires: pkgconfig(gbm) BuildRequires: pkgconfig(glesv2) @@ -183,11 +177,11 @@ BuildRequires: pkgconfig(harfbuzz) >= 0.9.42 BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(libpcre2-posix) >= 10.20 BuildRequires: pkgconfig(libpcre) >= 8.0 -%define pcre -system-pcre +%global pcre -system-pcre BuildRequires: pkgconfig(xcb-xkb) %else BuildRequires: libicu-devel -%define pcre -qt-pcre +%global pcre -qt-pcre %endif BuildRequires: pkgconfig(xcb) pkgconfig(xcb-glx) pkgconfig(xcb-icccm) pkgconfig(xcb-image) pkgconfig(xcb-keysyms) pkgconfig(xcb-renderutil) BuildRequires: pkgconfig(zlib) @@ -215,8 +209,8 @@ Requires: %{name}-common = %{version}-%{release} ## Sql drivers %if 0%{?rhel} -%define ibase -no-sql-ibase -%define tds -no-sql-tds +%global ibase -no-sql-ibase +%global tds -no-sql-tds %endif # workaround gold linker bug by not using it @@ -414,11 +408,6 @@ export CFLAGS="$CFLAGS $RPM_OPT_FLAGS" export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS" export LDFLAGS="$LDFLAGS $RPM_LD_FLAGS" export MAKEFLAGS="%{?_smp_mflags}" -%if 0%{?openssl11} -export OPENSSL_LIBS="-lssl -lcrypto" -export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -DOPENSSL_API_COMPAT=0x10100000L" -export CXXFLAGS="$CXXFLAGS $RPM_OPT_FLAGS -DOPENSSL_API_COMPAT=0x10100000L" -%endif ./configure \ -verbose \ @@ -965,6 +954,9 @@ fi %changelog +* Thu Jul 27 2017 Than Ngo - 5.9.1-3 +- fixed bz#1401459, backport openssl-1.1 support + * Thu Jul 27 2017 Fedora Release Engineering - 5.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From e894279872f89699024b71f829c61de59c312016 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Thu, 27 Jul 2017 16:38:47 +0200 Subject: [PATCH 32/44] add BuildRequires: openssl-devel for openssl-1.1 --- qt5-qtbase.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 147186b..eae2494 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -146,7 +146,7 @@ BuildRequires: pkgconfig(libproxy-1.0) BuildRequires: pkgconfig(ice) pkgconfig(sm) BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libudev) -BuildRequires: pkgconfig(openssl) +BuildRequires: openssl-devel BuildRequires: pkgconfig(libpulse) pkgconfig(libpulse-mainloop-glib) %if 0%{?fedora} %global xkbcommon -system-xkbcommon From c34c751a6a5b3c170f60c8b9037c30307b804054 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Sun, 30 Jul 2017 16:11:57 +0200 Subject: [PATCH 33/44] Rebuild with fixed binutils for ppc64le (#1475636) --- qt5-qtbase.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index eae2494..f3a96be 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -53,7 +53,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 3%{?dist} +Release: 4%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -954,6 +954,9 @@ fi %changelog +* Sun Jul 30 2017 Florian Weimer - 5.9.1-4 +- Rebuild with binutils fix for ppc64le (#1475636) + * Thu Jul 27 2017 Than Ngo - 5.9.1-3 - fixed bz#1401459, backport openssl-1.1 support From 5811291b7103057b82e1c3bcfa9ca533ada9b461 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 2 Aug 2017 13:49:29 +0200 Subject: [PATCH 34/44] added privat headers for Qt5 Xcb --- qt5-qtbase.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index f3a96be..330d869 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -53,7 +53,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 4%{?dist} +Release: 5%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -576,6 +576,9 @@ cat >>${privat_header_file}< - 5.9.1-5 +- added privat headers for Qt5 Xcb + * Sun Jul 30 2017 Florian Weimer - 5.9.1-4 - Rebuild with binutils fix for ppc64le (#1475636) From 6a8a1e7326cc067219c561a587ced59aeda8edaf Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Fri, 18 Aug 2017 13:11:49 +0200 Subject: [PATCH 35/44] Rebase previously used patches so we can use them again --- qt5-qtbase-cxxflag.patch | 11 ++++++----- qt5-qtbase.spec | 4 ++-- qtbase-hidpi_scale_at_192.patch | 14 ++++++++------ 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/qt5-qtbase-cxxflag.patch b/qt5-qtbase-cxxflag.patch index d428c6f..321f051 100644 --- a/qt5-qtbase-cxxflag.patch +++ b/qt5-qtbase-cxxflag.patch @@ -1,12 +1,13 @@ -diff -up qtbase-opensource-src-5.6.0/mkspecs/common/gcc-base.conf.than qtbase-opensource-src-5.6.0/mkspecs/common/gcc-base.conf ---- qtbase-opensource-src-5.6.0/mkspecs/common/gcc-base.conf.than 2016-06-02 17:30:07.249027901 +0200 -+++ qtbase-opensource-src-5.6.0/mkspecs/common/gcc-base.conf 2016-06-02 17:30:14.681748012 +0200 +diff --git a/mkspecs/common/gcc-base.conf b/mkspecs/common/gcc-base.conf +index e7e6ee1..ff2a939 100644 +--- a/mkspecs/common/gcc-base.conf ++++ b/mkspecs/common/gcc-base.conf @@ -32,7 +32,7 @@ # QMAKE_CFLAGS_OPTIMIZE = -O2 -QMAKE_CFLAGS_OPTIMIZE_FULL = -O3 +QMAKE_CFLAGS_OPTIMIZE_FULL = -O2 + QMAKE_CFLAGS_OPTIMIZE_DEBUG = -Og + QMAKE_CFLAGS_OPTIMIZE_SIZE = -Os - QMAKE_CFLAGS += -pipe - QMAKE_CFLAGS_DEPS += -M diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 330d869..9eb56b4 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -334,9 +334,9 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch4 -p1 -b .QTBUG-35459 %patch50 -p1 -b .QT_VERSION_CHECK -#patch51 -p1 -b .hidpi_scale_at_192 +%patch51 -p1 -b .hidpi_scale_at_192 %patch52 -p1 -b .moc_macros -#patch61 -p1 -b .qt5-qtbase-cxxflag +%patch61 -p1 -b .qt5-qtbase-cxxflag %if 0%{?openssl11} %patch63 -p1 -b .openssl11 %endif diff --git a/qtbase-hidpi_scale_at_192.patch b/qtbase-hidpi_scale_at_192.patch index 123f1ae..c6c377d 100644 --- a/qtbase-hidpi_scale_at_192.patch +++ b/qtbase-hidpi_scale_at_192.patch @@ -1,11 +1,13 @@ ---- qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp.orig 2017-01-11 11:42:59.544860428 +0100 -+++ qtbase-opensource-src-5.7.1/src/plugins/platforms/xcb/qxcbscreen.cpp 2017-01-11 11:43:51.142956762 +0100 -@@ -633,7 +633,7 @@ void QXcbScreen::updateGeometry(const QR +diff --git a/src/plugins/platforms/xcb/qxcbscreen.cpp b/src/plugins/platforms/xcb/qxcbscreen.cpp +index 5e136b5..0ad2842 100644 +--- a/src/plugins/platforms/xcb/qxcbscreen.cpp ++++ b/src/plugins/platforms/xcb/qxcbscreen.cpp +@@ -620,7 +620,7 @@ void QXcbScreen::updateGeometry(const QRect &geom, uint8_t rotation) m_sizeMillimeters = sizeInMillimeters(xGeometry.size(), virtualDpi()); - + qreal dpi = xGeometry.width() / physicalSize().width() * qreal(25.4); -- m_pixelDensity = qRound(dpi/96); -+ m_pixelDensity = (int) (dpi/96); // instead of rounding at 1.5, round at 2.0 (same as GNOME) +- m_pixelDensity = qMax(1, qRound(dpi/96)); ++ m_pixelDensity = qMax(1, (int) (dpi/96)); // instead of rounding at 1.5, round at 2.0 (same as GNOME) m_geometry = QRect(xGeometry.topLeft(), xGeometry.size()); m_availableGeometry = xGeometry & m_virtualDesktop->workArea(); QWindowSystemInterface::handleScreenGeometryChange(QPlatformScreen::screen(), m_geometry, m_availableGeometry); From 82a0d13a63f9e67185ec64a44d8e606bcf1c4925 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Mon, 25 Sep 2017 08:37:10 -0500 Subject: [PATCH 36/44] enable openssl11 support only for f27+ (for now) Use mariadb-connector-c-devel, f28+ (#1493909) Backport upstream mariadb patch --- .gitignore | 1 + qt5-qtbase.spec | 14 +++++++++++++- sources | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index b2d05f2..90dbf63 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /qtbase-opensource-src-5.9.1.tar.xz /0086-Fix-detection-of-AT-SPI.patch +/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 9eb56b4..478b124 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -3,7 +3,9 @@ %global multilib_basearchs x86_64 %{?mips64} ppc64 s390x sparc64 # support openssl-1.1 +%if 0%{?fedora} > 26 %global openssl11 1 +%endif %global openssl -openssl-linked # support qtchooser (adds qtchooser .conf file) @@ -53,7 +55,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 5%{?dist} +Release: 6%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -109,6 +111,7 @@ Patch65: qtbase-opensource-src-5.9.0-mysql.patch ## upstream patches (5.9 branch) Patch486: 0086-Fix-detection-of-AT-SPI.patch +Patch902: 0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -284,7 +287,11 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %package mysql Summary: MySQL driver for Qt5's SQL classes +%if 0%{?fedora} > 27 +BuildRequires: mariadb-connector-c-devel +%else BuildRequires: mysql-devel +%endif Requires: %{name}%{?_isa} = %{version}-%{release} %description mysql %{summary}. @@ -958,6 +965,11 @@ fi %changelog +* Mon Sep 25 2017 Rex Dieter - 5.9.1-6 +- enable openssl11 support only for f27+ (for now) +- Use mariadb-connector-c-devel, f28+ (#1493909) +- Backport upstream mariadb patch + * Wed Aug 02 2017 Than Ngo - 5.9.1-5 - added privat headers for Qt5 Xcb diff --git a/sources b/sources index 33d24a4..1629ab8 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (qtbase-opensource-src-5.9.1.tar.xz) = b384e91b3fd88b2f32e826e3dd1c930213683a0fdbfd284a319204fa8d27c796b54324cf4a715f6bebd92fca6426e37cf0be5866fc1f6053b8758570ddb2fa45 SHA512 (0086-Fix-detection-of-AT-SPI.patch) = f78f481369e4b68400ae122a7cf4d20030ee8ea89ea211f98f5ffa895d449acd9a7207d3b010e927a7a33d644eab90e1d5bb951d71e1a5b1a11f4ac1a0241bce +SHA512 (0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch) = 10d94b35e2f750230772bd9b6f8c8e4d6c9ca4308537aabf3cbca9cebb1941acc9a915896b65f16815cac739c53f0f061812cbd97993a25f71a98bb06bd0c571 From 4f76b8e9ca1a4df2b89149478d79f0ed4fe8da01 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Mon, 25 Sep 2017 10:25:22 -0500 Subject: [PATCH 37/44] apply mysql.patch only on f28+ --- qt5-qtbase.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 478b124..374f0b1 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -348,7 +348,9 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch63 -p1 -b .openssl11 %endif %patch64 -p1 -b .firebird +%if 0%{?fedora} > 27 %patch65 -p1 -b .mysql +%endif %patch486 -p1 -b .0086 From bf5d04680baec7aa23d6e4a54a88f8344aa3acdc Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Tue, 26 Sep 2017 08:09:29 -0500 Subject: [PATCH 38/44] actually apply mariadb-related patch (#1491316) --- qt5-qtbase.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 374f0b1..193bb6d 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -55,7 +55,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 6%{?dist} +Release: 7%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -353,6 +353,7 @@ Qt5 libraries used for drawing widgets and OpenGL items. %endif %patch486 -p1 -b .0086 +%patch902 -p1 -b .0502 %if 0%{?inject_optflags} ## adjust $RPM_OPT_FLAGS @@ -967,10 +968,13 @@ fi %changelog +* Tue Sep 26 2017 Rex Dieter - 5.9.1-7 +- actually apply mariadb-related patch (#1491316) + * Mon Sep 25 2017 Rex Dieter - 5.9.1-6 - enable openssl11 support only for f27+ (for now) - Use mariadb-connector-c-devel, f28+ (#1493909) -- Backport upstream mariadb patch +- Backport upstream mariadb patch (#1491316) * Wed Aug 02 2017 Than Ngo - 5.9.1-5 - added privat headers for Qt5 Xcb From 343ee6e998aee86b50151cddacd639fb97cc9ce2 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 27 Sep 2017 09:43:36 -0500 Subject: [PATCH 39/44] refresh mariadb patch wrt cr#206850 (#1491316) --- .gitignore | 1 - ..._library_end-once-when-using-MariaDB.patch | 32 +++++++++++++++++++ qt5-qtbase.spec | 6 +++- sources | 1 - 4 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch diff --git a/.gitignore b/.gitignore index 90dbf63..b2d05f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ /qtbase-opensource-src-5.9.1.tar.xz /0086-Fix-detection-of-AT-SPI.patch -/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch diff --git a/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch b/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch new file mode 100644 index 0000000..15e6ee6 --- /dev/null +++ b/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch @@ -0,0 +1,32 @@ +diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp.0502 qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp +--- qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp.0502 2017-06-28 04:54:29.000000000 -0500 ++++ qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp 2017-09-27 09:40:49.397425236 -0500 +@@ -1158,16 +1158,22 @@ static void qLibraryInit() + } + # endif // MYSQL_VERSION_ID + #endif // Q_NO_MYSQL_EMBEDDED ++ ++#ifdef MARIADB_BASE_VERSION || defined(MARIADB_VERSION_ID) ++ qAddPostRoutine(mysql_server_end); ++#endif + } + + static void qLibraryEnd() + { +-#ifndef Q_NO_MYSQL_EMBEDDED +-# if MYSQL_VERSION_ID > 40000 +-# if (MYSQL_VERSION_ID >= 40110 && MYSQL_VERSION_ID < 50000) || MYSQL_VERSION_ID >= 50003 +- mysql_library_end(); +-# else +- mysql_server_end(); ++#if !defined(MARIADB_BASE_VERSION) || !defined(MARIADB_VERSION_ID) ++# if !defined(Q_NO_MYSQL_EMBEDDED) ++# if MYSQL_VERSION_ID > 40000 ++# if (MYSQL_VERSION_ID >= 40110 && MYSQL_VERSION_ID < 50000) || MYSQL_VERSION_ID >= 50003 ++ mysql_library_end(); ++# else ++ mysql_server_end(); ++# endif + # endif + # endif + #endif diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index 193bb6d..d279b5c 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -55,7 +55,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 7%{?dist} +Release: 8%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -111,6 +111,7 @@ Patch65: qtbase-opensource-src-5.9.0-mysql.patch ## upstream patches (5.9 branch) Patch486: 0086-Fix-detection-of-AT-SPI.patch +# refreshed/updated with https://codereview.qt-project.org/#/c/206850/ Patch902: 0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. @@ -968,6 +969,9 @@ fi %changelog +* Wed Sep 27 2017 Rex Dieter - 5.9.1-8 +- refresh mariadb patch wrt cr#206850 (#1491316) + * Tue Sep 26 2017 Rex Dieter - 5.9.1-7 - actually apply mariadb-related patch (#1491316) diff --git a/sources b/sources index 1629ab8..33d24a4 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ SHA512 (qtbase-opensource-src-5.9.1.tar.xz) = b384e91b3fd88b2f32e826e3dd1c930213683a0fdbfd284a319204fa8d27c796b54324cf4a715f6bebd92fca6426e37cf0be5866fc1f6053b8758570ddb2fa45 SHA512 (0086-Fix-detection-of-AT-SPI.patch) = f78f481369e4b68400ae122a7cf4d20030ee8ea89ea211f98f5ffa895d449acd9a7207d3b010e927a7a33d644eab90e1d5bb951d71e1a5b1a11f4ac1a0241bce -SHA512 (0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch) = 10d94b35e2f750230772bd9b6f8c8e4d6c9ca4308537aabf3cbca9cebb1941acc9a915896b65f16815cac739c53f0f061812cbd97993a25f71a98bb06bd0c571 From 9fc4b6e74ceaef1902981668fb8c52cf6d355d14 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 27 Sep 2017 10:48:08 -0500 Subject: [PATCH 40/44] refresh mariadb patch to actually match cr#206850 logic (#1491316) --- ...Only-call-mysql_library_end-once-when-using-MariaDB.patch | 4 ++-- qt5-qtbase.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch b/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch index 15e6ee6..c755127 100644 --- a/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch +++ b/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch @@ -6,7 +6,7 @@ diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp # endif // MYSQL_VERSION_ID #endif // Q_NO_MYSQL_EMBEDDED + -+#ifdef MARIADB_BASE_VERSION || defined(MARIADB_VERSION_ID) ++#if defined(MARIADB_BASE_VERSION) || defined(MARIADB_VERSION_ID) + qAddPostRoutine(mysql_server_end); +#endif } @@ -19,7 +19,7 @@ diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp - mysql_library_end(); -# else - mysql_server_end(); -+#if !defined(MARIADB_BASE_VERSION) || !defined(MARIADB_VERSION_ID) ++#if !defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID) +# if !defined(Q_NO_MYSQL_EMBEDDED) +# if MYSQL_VERSION_ID > 40000 +# if (MYSQL_VERSION_ID >= 40110 && MYSQL_VERSION_ID < 50000) || MYSQL_VERSION_ID >= 50003 diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index d279b5c..f4ca44e 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -55,7 +55,7 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components Version: 5.9.1 -Release: 8%{?dist} +Release: 9%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -969,6 +969,9 @@ fi %changelog +* Wed Sep 27 2017 Rex Dieter - 5.9.1-9 +- refresh mariadb patch to actually match cr#206850 logic (#1491316) + * Wed Sep 27 2017 Rex Dieter - 5.9.1-8 - refresh mariadb patch wrt cr#206850 (#1491316) From 3b3961f8ca110fe80b1e99a25a8f7dacf03ecf0d Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 9 Oct 2017 08:51:46 +0200 Subject: [PATCH 41/44] 5.9.2 --- .gitignore | 1 + ..._library_end-once-when-using-MariaDB.patch | 32 ----------------- qt5-qtbase-5.9.1-firebird.patch | 34 +++++++------------ qt5-qtbase.spec | 13 +++---- sources | 3 +- 5 files changed, 19 insertions(+), 64 deletions(-) delete mode 100644 0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch diff --git a/.gitignore b/.gitignore index b2d05f2..2e1e989 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /qtbase-opensource-src-5.9.1.tar.xz /0086-Fix-detection-of-AT-SPI.patch +/qtbase-opensource-src-5.9.2.tar.xz diff --git a/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch b/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch deleted file mode 100644 index c755127..0000000 --- a/0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp.0502 qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp ---- qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp.0502 2017-06-28 04:54:29.000000000 -0500 -+++ qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/mysql/qsql_mysql.cpp 2017-09-27 09:40:49.397425236 -0500 -@@ -1158,16 +1158,22 @@ static void qLibraryInit() - } - # endif // MYSQL_VERSION_ID - #endif // Q_NO_MYSQL_EMBEDDED -+ -+#if defined(MARIADB_BASE_VERSION) || defined(MARIADB_VERSION_ID) -+ qAddPostRoutine(mysql_server_end); -+#endif - } - - static void qLibraryEnd() - { --#ifndef Q_NO_MYSQL_EMBEDDED --# if MYSQL_VERSION_ID > 40000 --# if (MYSQL_VERSION_ID >= 40110 && MYSQL_VERSION_ID < 50000) || MYSQL_VERSION_ID >= 50003 -- mysql_library_end(); --# else -- mysql_server_end(); -+#if !defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID) -+# if !defined(Q_NO_MYSQL_EMBEDDED) -+# if MYSQL_VERSION_ID > 40000 -+# if (MYSQL_VERSION_ID >= 40110 && MYSQL_VERSION_ID < 50000) || MYSQL_VERSION_ID >= 50003 -+ mysql_library_end(); -+# else -+ mysql_server_end(); -+# endif - # endif - # endif - #endif diff --git a/qt5-qtbase-5.9.1-firebird.patch b/qt5-qtbase-5.9.1-firebird.patch index 1789a35..a141e2a 100644 --- a/qt5-qtbase-5.9.1-firebird.patch +++ b/qt5-qtbase-5.9.1-firebird.patch @@ -1,20 +1,9 @@ -diff -up qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp.firebird qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp ---- qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp.firebird 2017-06-28 04:54:29.000000000 -0500 -+++ qtbase-opensource-src-5.9.1/config.tests/unix/ibase/ibase.cpp 2017-07-16 08:28:47.833992502 -0500 -@@ -37,7 +37,7 @@ - ** - ****************************************************************************/ - --#include -+#include - - int main(int, char **) - { -diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json.firebird qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json ---- qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json.firebird 2017-06-28 04:54:29.000000000 -0500 -+++ qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json 2017-07-16 12:38:43.730108724 -0500 -@@ -50,7 +50,8 @@ - "test": "unix/ibase", +diff --git a/src/plugins/sqldrivers/configure.json b/src/plugins/sqldrivers/configure.json +index 234f880..d53f035 100644 +--- a/src/plugins/sqldrivers/configure.json ++++ b/src/plugins/sqldrivers/configure.json +@@ -54,7 +54,8 @@ + }, "sources": [ { "libs": "-lgds32_ms", "condition": "config.win32" }, - { "libs": "-lgds", "condition": "!config.win32" } @@ -23,15 +12,16 @@ diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/configure.json.fireb ] }, "mysql": { -diff -up qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h.firebird qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h ---- qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h.firebird 2017-06-28 04:54:29.000000000 -0500 -+++ qtbase-opensource-src-5.9.1/src/plugins/sqldrivers/ibase/qsql_ibase_p.h 2017-07-16 08:28:47.833992502 -0500 +diff --git a/src/plugins/sqldrivers/ibase/qsql_ibase_p.h b/src/plugins/sqldrivers/ibase/qsql_ibase_p.h +index c7cee41..6a9c56c 100644 +--- a/src/plugins/sqldrivers/ibase/qsql_ibase_p.h ++++ b/src/plugins/sqldrivers/ibase/qsql_ibase_p.h @@ -52,7 +52,7 @@ // - + #include -#include +#include - + #ifdef QT_PLUGIN #define Q_EXPORT_SQLDRIVER_IBASE diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec index f4ca44e..f1f365a 100644 --- a/qt5-qtbase.spec +++ b/qt5-qtbase.spec @@ -54,8 +54,8 @@ BuildRequires: pkgconfig(libsystemd) Name: qt5-qtbase Summary: Qt5 - QtBase components -Version: 5.9.1 -Release: 9%{?dist} +Version: 5.9.2 +Release: 1%{?dist} # See LGPL_EXCEPTIONS.txt, for exception details License: LGPLv2 with exceptions or GPLv3 with exceptions @@ -110,9 +110,6 @@ Patch64: qt5-qtbase-5.9.1-firebird.patch Patch65: qtbase-opensource-src-5.9.0-mysql.patch ## upstream patches (5.9 branch) -Patch486: 0086-Fix-detection-of-AT-SPI.patch -# refreshed/updated with https://codereview.qt-project.org/#/c/206850/ -Patch902: 0502-Only-call-mysql_library_end-once-when-using-MariaDB.patch # Do not check any files in %%{_qt5_plugindir}/platformthemes/ for requires. # Those themes are there for platform integration. If the required libraries are @@ -353,9 +350,6 @@ Qt5 libraries used for drawing widgets and OpenGL items. %patch65 -p1 -b .mysql %endif -%patch486 -p1 -b .0086 -%patch902 -p1 -b .0502 - %if 0%{?inject_optflags} ## adjust $RPM_OPT_FLAGS @@ -969,6 +963,9 @@ fi %changelog +* Mon Oct 09 2017 Jan Grulich - 5.9.2-1 +- 5.9.2 + * Wed Sep 27 2017 Rex Dieter - 5.9.1-9 - refresh mariadb patch to actually match cr#206850 logic (#1491316) diff --git a/sources b/sources index 33d24a4..2624a33 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (qtbase-opensource-src-5.9.1.tar.xz) = b384e91b3fd88b2f32e826e3dd1c930213683a0fdbfd284a319204fa8d27c796b54324cf4a715f6bebd92fca6426e37cf0be5866fc1f6053b8758570ddb2fa45 -SHA512 (0086-Fix-detection-of-AT-SPI.patch) = f78f481369e4b68400ae122a7cf4d20030ee8ea89ea211f98f5ffa895d449acd9a7207d3b010e927a7a33d644eab90e1d5bb951d71e1a5b1a11f4ac1a0241bce +SHA512 (qtbase-opensource-src-5.9.2.tar.xz) = a2f965871645256f3d019f71f3febb875455a29d03fccc7a3371ddfeb193b0af12394e779df05adf69fd10fe7b0d966f3915a24528ec7eb3bc36c2db6af2b6e7 From 3a12929e93a79c5cdd6ffc66f25922937750f463 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 9 Oct 2017 09:05:20 +0200 Subject: [PATCH 42/44] Rebase openssl11 patch --- qt5-qtbase-5.9.1-openssl11.patch | 2202 +++--------------------------- 1 file changed, 215 insertions(+), 1987 deletions(-) diff --git a/qt5-qtbase-5.9.1-openssl11.patch b/qt5-qtbase-5.9.1-openssl11.patch index c26bede..8875fc5 100644 --- a/qt5-qtbase-5.9.1-openssl11.patch +++ b/qt5-qtbase-5.9.1-openssl11.patch @@ -1,67 +1,10 @@ -diff -Nur qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.cpp qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.cpp ---- qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.cpp 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.cpp 2017-07-27 13:36:11.792844593 +0200 -@@ -0,0 +1,48 @@ -+/**************************************************************************** -+** -+** Copyright (C) 2017 The Qt Company Ltd. -+** Contact: https://www.qt.io/licensing/ -+** -+** This file is part of the config.tests of the Qt Toolkit. -+** -+** $QT_BEGIN_LICENSE:LGPL$ -+** Commercial License Usage -+** Licensees holding valid commercial Qt licenses may use this file in -+** accordance with the commercial license agreement provided with the -+** Software or, alternatively, in accordance with the terms contained in -+** a written agreement between you and The Qt Company. For licensing terms -+** and conditions see https://www.qt.io/terms-conditions. For further -+** information use the contact form at https://www.qt.io/contact-us. -+** -+** GNU Lesser General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU Lesser -+** General Public License version 3 as published by the Free Software -+** Foundation and appearing in the file LICENSE.LGPL3 included in the -+** packaging of this file. Please review the following information to -+** ensure the GNU Lesser General Public License version 3 requirements -+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -+** -+** GNU General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU -+** General Public License version 2.0 or (at your option) the GNU General -+** Public license version 3 or any later version approved by the KDE Free -+** Qt Foundation. The licenses are as published by the Free Software -+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -+** included in the packaging of this file. Please review the following -+** information to ensure the GNU General Public License requirements will -+** be met: https://www.gnu.org/licenses/gpl-2.0.html and -+** https://www.gnu.org/licenses/gpl-3.0.html. -+** -+** $QT_END_LICENSE$ -+** -+****************************************************************************/ -+ -+#include -+ -+#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L -+# error "OpenSSL >= 1.1 is required" -+#endif -+ -+int main() -+{ -+} -diff -Nur qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.pro qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.pro ---- qtbase-opensource-src-5.9.1.than/config.tests/unix/openssl11/openssl.pro 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/config.tests/unix/openssl11/openssl.pro 2017-07-27 13:36:11.792844593 +0200 -@@ -0,0 +1,2 @@ -+SOURCES = openssl.cpp -+CONFIG -= x11 qt -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/configure.json qtbase-opensource-src-5.9.1/src/network/configure.json ---- qtbase-opensource-src-5.9.1.than/src/network/configure.json 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/configure.json 2017-07-27 13:36:11.792844593 +0200 -@@ -105,6 +105,12 @@ - "type": "compile", - "test": "unix/sctp", +diff --git a/src/network/configure.json b/src/network/configure.json +index 916448a..5ecf1ad 100644 +--- a/src/network/configure.json ++++ b/src/network/configure.json +@@ -154,6 +154,12 @@ + ] + }, "use": "network" + }, + "openssl11": { @@ -71,8 +14,8 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/configure.json qtbase-ope + "use": "network" } }, - -@@ -172,6 +178,11 @@ + +@@ -221,6 +227,11 @@ "condition": "config.winrt || features.securetransport || features.openssl", "output": [ "publicFeature", "feature" ] }, @@ -84,9 +27,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/configure.json qtbase-ope "sctp": { "label": "SCTP", "autoDetect": false, -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcertificate_openssl.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcertificate_openssl.cpp 2017-07-27 13:36:11.793844555 +0200 +diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp +index 28b7eda..71e514a 100644 +--- a/src/network/ssl/qsslcertificate_openssl.cpp ++++ b/src/network/ssl/qsslcertificate_openssl.cpp @@ -1,6 +1,7 @@ /**************************************************************************** ** @@ -96,7 +40,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. -@@ -64,12 +65,14 @@ +@@ -64,12 +65,14 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW { if (X509 * const x509 = key.d->x509) { @@ -114,19 +58,19 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens + + return seed; } - + bool QSslCertificate::isNull() const -@@ -89,8 +92,7 @@ +@@ -89,8 +92,7 @@ QByteArray QSslCertificate::version() const { QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); if (d->versionString.isEmpty() && d->x509) - d->versionString = - QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); + d->versionString = QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); - + return d->versionString; } -@@ -99,7 +101,7 @@ +@@ -99,7 +101,7 @@ QByteArray QSslCertificate::serialNumber() const { QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); if (d->serialNumberString.isEmpty() && d->x509) { @@ -135,10 +79,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens QByteArray hexString; hexString.reserve(serialNumber->length * 3); for (int a = 0; a < serialNumber->length; ++a) { -@@ -199,14 +201,15 @@ +@@ -199,14 +201,15 @@ QMultiMap QSslCertificate::subjectAlter continue; } - + - const char *altNameStr = reinterpret_cast(q_ASN1_STRING_data(genName->d.ia5)); + const char *altNameStr = reinterpret_cast(q_ASN1_STRING_get0_data(genName->d.ia5)); const QString altName = QString::fromLatin1(altNameStr, len); @@ -151,11 +95,11 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens + + q_OPENSSL_sk_pop_free((OPENSSL_STACK*)altNames, reinterpret_cast(q_OPENSSL_sk_free)); } - + return result; -@@ -235,25 +238,26 @@ +@@ -235,25 +238,26 @@ QSslKey QSslCertificate::publicKey() const QSslKey key; - + key.d->type = QSsl::PublicKey; - X509_PUBKEY *xkey = d->x509->cert_info->key; - EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); @@ -163,7 +107,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens + EVP_PKEY *pkey = q_X509_get_pubkey(d->x509); Q_ASSERT(pkey); + const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); - + - if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { + if (keyType == EVP_PKEY_RSA) { key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); @@ -186,7 +130,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens // DH unsupported } else { // error? -@@ -275,7 +279,7 @@ +@@ -275,7 +279,7 @@ static QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext) X509V3_EXT_METHOD *meth = const_cast(q_X509V3_EXT_get(ext)); if (!meth) { ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext); @@ -195,19 +139,19 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens q_ASN1_STRING_length(value)); return result; } -@@ -371,7 +375,7 @@ +@@ -371,7 +375,7 @@ static QVariant x509ExtensionToValue(X509_EXTENSION *ext) continue; } - + - const char *uriStr = reinterpret_cast(q_ASN1_STRING_data(name->d.uniformResourceIdentifier)); + const char *uriStr = reinterpret_cast(q_ASN1_STRING_get0_data(name->d.uniformResourceIdentifier)); const QString uri = QString::fromUtf8(uriStr, len); - + result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri; -@@ -380,11 +384,7 @@ +@@ -380,11 +384,7 @@ static QVariant x509ExtensionToValue(X509_EXTENSION *ext) } } - + -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - q_sk_pop_free((_STACK*)info, reinterpret_cast(q_sk_free)); -#else @@ -217,7 +161,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens return result; } break; -@@ -607,7 +607,11 @@ +@@ -607,7 +607,11 @@ static QMap _q_mapFromX509Name(X509_NAME *name) unsigned char *data = 0; int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); info.insertMulti(name, QString::fromUtf8((char*)data, size)); @@ -227,12 +171,12 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens q_CRYPTO_free(data); +#endif } - + return info; -@@ -619,8 +623,9 @@ +@@ -619,8 +623,9 @@ QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509) if (!x509 || !QSslSocket::supportsSsl()) return certificate; - + - ASN1_TIME *nbef = q_X509_get_notBefore(x509); - ASN1_TIME *naft = q_X509_get_notAfter(x509); + ASN1_TIME *nbef = q_X509_getm_notBefore(x509); @@ -241,290 +185,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcertificate_opens certificate.d->notValidBefore = q_getTimeFromASN1(nbef); certificate.d->notValidAfter = q_getTimeFromASN1(naft); certificate.d->null = false; -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl11.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl11.cpp 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl11.cpp 2017-07-27 13:36:11.794844517 +0200 -@@ -0,0 +1,277 @@ -+/**************************************************************************** -+** -+** Copyright (C) 2017 The Qt Company Ltd. -+** Copyright (C) 2014 BlackBerry Limited. All rights reserved. -+** Copyright (C) 2014 Governikus GmbH & Co. KG. -+** Copyright (C) 2016 Richard J. Moore -+** Contact: https://www.qt.io/licensing/ -+** -+** This file is part of the QtNetwork module of the Qt Toolkit. -+** -+** $QT_BEGIN_LICENSE:LGPL$ -+** Commercial License Usage -+** Licensees holding valid commercial Qt licenses may use this file in -+** accordance with the commercial license agreement provided with the -+** Software or, alternatively, in accordance with the terms contained in -+** a written agreement between you and The Qt Company. For licensing terms -+** and conditions see https://www.qt.io/terms-conditions. For further -+** information use the contact form at https://www.qt.io/contact-us. -+** -+** GNU Lesser General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU Lesser -+** General Public License version 3 as published by the Free Software -+** Foundation and appearing in the file LICENSE.LGPL3 included in the -+** packaging of this file. Please review the following information to -+** ensure the GNU Lesser General Public License version 3 requirements -+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -+** -+** GNU General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU -+** General Public License version 2.0 or (at your option) the GNU General -+** Public license version 3 or any later version approved by the KDE Free -+** Qt Foundation. The licenses are as published by the Free Software -+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -+** included in the packaging of this file. Please review the following -+** information to ensure the GNU General Public License requirements will -+** be met: https://www.gnu.org/licenses/gpl-2.0.html and -+** https://www.gnu.org/licenses/gpl-3.0.html. -+** -+** $QT_END_LICENSE$ -+** -+****************************************************************************/ -+ -+ -+#include -+#include -+ -+#include "private/qssl_p.h" -+#include "private/qsslcontext_openssl_p.h" -+#include "private/qsslsocket_p.h" -+#include "private/qsslsocket_openssl_p.h" -+#include "private/qsslsocket_openssl_symbols_p.h" -+#include "private/qssldiffiehellmanparameters_p.h" -+ -+#include -+ -+QT_BEGIN_NAMESPACE -+ -+// defined in qsslsocket_openssl.cpp: -+extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); -+extern QString getErrorsFromOpenSsl(); -+ -+static inline QString msgErrorSettingEllipticCurves(const QString &why) -+{ -+ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); -+} -+ -+// static -+void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) -+{ -+ sslContext->sslConfiguration = configuration; -+ sslContext->errorCode = QSslError::NoError; -+ -+ bool client = (mode == QSslSocket::SslClientMode); -+ -+ bool reinitialized = false; -+ bool unsupportedProtocol = false; -+init_context: -+ if (sslContext->sslConfiguration.protocol() == QSsl::SslV2) { -+ // SSL 2 is no longer supported, but chosen deliberately -> error -+ sslContext->ctx = nullptr; -+ unsupportedProtocol = true; -+ } else { -+ // The ssl options will actually control the supported methods -+ sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method()); -+ } -+ -+ if (!sslContext->ctx) { -+ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them -+ // by re-initializing the library. -+ if (!reinitialized) { -+ reinitialized = true; -+ if (q_OPENSSL_init_ssl(0, nullptr) == 1) -+ goto init_context; -+ } -+ -+ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( -+ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() -+ ); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ // Enable bug workarounds. -+ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); -+ q_SSL_CTX_set_options(sslContext->ctx, options); -+ -+ // Tell OpenSSL to release memory early -+ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html -+ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); -+ -+ // Initialize ciphers -+ QByteArray cipherString; -+ bool first = true; -+ QList ciphers = sslContext->sslConfiguration.ciphers(); -+ if (ciphers.isEmpty()) -+ ciphers = QSslSocketPrivate::defaultCiphers(); -+ for (const QSslCipher &cipher : qAsConst(ciphers)) { -+ if (first) -+ first = false; -+ else -+ cipherString.append(':'); -+ cipherString.append(cipher.name().toLatin1()); -+ } -+ -+ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { -+ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ const QDateTime now = QDateTime::currentDateTimeUtc(); -+ -+ // Add all our CAs to this store. -+ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); -+ for (const QSslCertificate &caCertificate : caCertificates) { -+ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: -+ // -+ // If several CA certificates matching the name, key identifier, and -+ // serial number condition are available, only the first one will be -+ // examined. This may lead to unexpected results if the same CA -+ // certificate is available with different expiration dates. If a -+ // ``certificate expired'' verification error occurs, no other -+ // certificate will be searched. Make sure to not have expired -+ // certificates mixed with valid ones. -+ // -+ // See also: QSslSocketBackendPrivate::verify() -+ if (caCertificate.expiryDate() >= now) { -+ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); -+ } -+ } -+ -+ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { -+ // tell OpenSSL the directories where to look up the root certs on demand -+ const QList unixDirs = QSslSocketPrivate::unixRootCertDirectories(); -+ for (const QByteArray &unixDir : unixDirs) -+ q_SSL_CTX_load_verify_locations(sslContext->ctx, nullptr, unixDir.constData()); -+ } -+ -+ if (!sslContext->sslConfiguration.localCertificate().isNull()) { -+ // Require a private key as well. -+ if (sslContext->sslConfiguration.privateKey().isNull()) { -+ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ // Load certificate -+ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { -+ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { -+ sslContext->pkey = reinterpret_cast(configuration.d->privateKey.handle()); -+ } else { -+ // Load private key -+ sslContext->pkey = q_EVP_PKEY_new(); -+ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. -+ // this lead to a memory leak. Now we use the *_set1_* functions which do not -+ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. -+ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) -+ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); -+ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) -+ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); -+#ifndef OPENSSL_NO_EC -+ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) -+ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); -+#endif -+ } -+ -+ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { -+ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) -+ sslContext->pkey = nullptr; // Don't free the private key, it belongs to QSslKey -+ -+ // Check if the certificate matches the private key. -+ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { -+ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ // If we have any intermediate certificates then we need to add them to our chain -+ bool first = true; -+ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { -+ if (first) { -+ first = false; -+ continue; -+ } -+ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, -+ q_X509_dup(reinterpret_cast(cert.handle()))); -+ } -+ } -+ -+ // Initialize peer verification. -+ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { -+ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr); -+ } else { -+ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); -+ } -+ -+ // Set verification depth. -+ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) -+ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); -+ -+ // set persisted session if the user set it -+ if (!configuration.sessionTicket().isEmpty()) -+ sslContext->setSessionASN1(configuration.sessionTicket()); -+ -+ // Set temp DH params -+ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); -+ -+ if (!dhparams.isValid()) { -+ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ if (!dhparams.isEmpty()) { -+ const QByteArray ¶ms = dhparams.d->derData; -+ const char *ptr = params.constData(); -+ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast(&ptr), params.length()); -+ if (dh == NULL) -+ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); -+ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); -+ q_DH_free(dh); -+ } -+ -+#ifndef OPENSSL_NO_PSK -+ if (!client) -+ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); -+#endif // !OPENSSL_NO_PSK -+ -+ const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); -+ if (!qcurves.isEmpty()) { -+#ifdef OPENSSL_NO_EC -+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version with disabled elliptic curves")); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+#else -+ // Set the curves to be used. -+ std::vector curves; -+ curves.reserve(qcurves.size()); -+ for (const auto &sslCurve : qcurves) -+ curves.push_back(sslCurve.id); -+ if (!q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_CURVES, long(curves.size()), &curves[0])) { -+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ } -+#endif -+ } -+} -+ -+QT_END_NAMESPACE -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_openssl.cpp 2017-07-27 13:36:11.793844555 +0200 +diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +index c92d8fc..cef5037 100644 +--- a/src/network/ssl/qsslcontext_openssl.cpp ++++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -1,6 +1,6 @@ /**************************************************************************** ** @@ -534,21 +198,21 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.c ** Copyright (C) 2014 Governikus GmbH & Co. KG. ** Contact: https://www.qt.io/licensing/ @@ -41,22 +41,14 @@ - - + + #include -#include -#include - + #include "private/qssl_p.h" #include "private/qsslcontext_openssl_p.h" -#include "private/qsslsocket_p.h" #include "private/qsslsocket_openssl_p.h" #include "private/qsslsocket_openssl_symbols_p.h" -#include "private/qssldiffiehellmanparameters_p.h" - + QT_BEGIN_NAMESPACE - + -// defined in qsslsocket_openssl.cpp: -extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); -extern QString getErrorsFromOpenSsl(); @@ -556,10 +220,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.c QSslContext::QSslContext() : ctx(0), pkey(0), -@@ -78,301 +70,6 @@ +@@ -78,301 +70,6 @@ QSslContext::~QSslContext() q_SSL_SESSION_free(session); } - + -static inline QString msgErrorSettingEllipticCurves(const QString &why) -{ - return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); @@ -858,7 +522,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.c QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) { QSslContext *sslContext = new QSslContext(); -@@ -463,7 +160,7 @@ +@@ -463,7 +160,7 @@ SSL* QSslContext::createSsl() m_npnContext.len = m_supportedNPNVersions.count(); m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; #if OPENSSL_VERSION_NUMBER >= 0x10002000L @@ -867,7 +531,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.c // Callback's type has a parameter 'const unsigned char ** out' // since it was introduced in 1.0.2. Internally, OpenSSL's own code // (tests/examples) cast it to unsigned char * (since it's 'out'). -@@ -508,7 +205,7 @@ +@@ -508,7 +205,7 @@ bool QSslContext::cacheSession(SSL* ssl) unsigned char *data = reinterpret_cast(m_sessionASN1.data()); if (!q_i2d_SSL_SESSION(session, &data)) qCWarning(lcSsl, "could not store persistent version of SSL session"); @@ -875,368 +539,11 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_openssl.c + m_sessionTicketLifeTimeHint = q_SSL_SESSION_get_ticket_lifetime_hint(session); } } - -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_opensslpre11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_opensslpre11.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslcontext_opensslpre11.cpp 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslcontext_opensslpre11.cpp 2017-07-27 13:36:11.794844517 +0200 -@@ -0,0 +1,354 @@ -+/**************************************************************************** -+** -+** Copyright (C) 2017 The Qt Company Ltd. -+** Copyright (C) 2014 BlackBerry Limited. All rights reserved. -+** Copyright (C) 2014 Governikus GmbH & Co. KG. -+** Contact: https://www.qt.io/licensing/ -+** -+** This file is part of the QtNetwork module of the Qt Toolkit. -+** -+** $QT_BEGIN_LICENSE:LGPL$ -+** Commercial License Usage -+** Licensees holding valid commercial Qt licenses may use this file in -+** accordance with the commercial license agreement provided with the -+** Software or, alternatively, in accordance with the terms contained in -+** a written agreement between you and The Qt Company. For licensing terms -+** and conditions see https://www.qt.io/terms-conditions. For further -+** information use the contact form at https://www.qt.io/contact-us. -+** -+** GNU Lesser General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU Lesser -+** General Public License version 3 as published by the Free Software -+** Foundation and appearing in the file LICENSE.LGPL3 included in the -+** packaging of this file. Please review the following information to -+** ensure the GNU Lesser General Public License version 3 requirements -+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -+** -+** GNU General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU -+** General Public License version 2.0 or (at your option) the GNU General -+** Public license version 3 or any later version approved by the KDE Free -+** Qt Foundation. The licenses are as published by the Free Software -+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -+** included in the packaging of this file. Please review the following -+** information to ensure the GNU General Public License requirements will -+** be met: https://www.gnu.org/licenses/gpl-2.0.html and -+** https://www.gnu.org/licenses/gpl-3.0.html. -+** -+** $QT_END_LICENSE$ -+** -+****************************************************************************/ -+ -+ -+#include -+#include -+ -+#include "private/qssl_p.h" -+#include "private/qsslcontext_openssl_p.h" -+#include "private/qsslsocket_p.h" -+#include "private/qsslsocket_openssl_p.h" -+#include "private/qsslsocket_openssl_symbols_p.h" -+#include "private/qssldiffiehellmanparameters_p.h" -+ -+QT_BEGIN_NAMESPACE -+ -+// defined in qsslsocket_openssl.cpp: -+extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); -+extern QString getErrorsFromOpenSsl(); -+ -+static inline QString msgErrorSettingEllipticCurves(const QString &why) -+{ -+ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); -+} -+ -+// static -+void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) -+{ -+ sslContext->sslConfiguration = configuration; -+ sslContext->errorCode = QSslError::NoError; -+ -+ bool client = (mode == QSslSocket::SslClientMode); -+ -+ bool reinitialized = false; -+ bool unsupportedProtocol = false; -+init_context: -+ switch (sslContext->sslConfiguration.protocol()) { -+ case QSsl::SslV2: -+#ifndef OPENSSL_NO_SSL2 -+ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); -+#else -+ // SSL 2 not supported by the system, but chosen deliberately -> error -+ sslContext->ctx = 0; -+ unsupportedProtocol = true; -+#endif -+ break; -+ case QSsl::SslV3: -+#ifndef OPENSSL_NO_SSL3_METHOD -+ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); -+#else -+ // SSL 3 not supported by the system, but chosen deliberately -> error -+ sslContext->ctx = 0; -+ unsupportedProtocol = true; -+#endif -+ break; -+ case QSsl::SecureProtocols: -+ // SSLv2 and SSLv3 will be disabled by SSL options -+ // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. -+ case QSsl::TlsV1SslV3: -+ // SSLv2 will will be disabled by SSL options -+ case QSsl::AnyProtocol: -+ default: -+ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); -+ break; -+ case QSsl::TlsV1_0: -+ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); -+ break; -+ case QSsl::TlsV1_1: -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L -+ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); -+#else -+ // TLS 1.1 not supported by the system, but chosen deliberately -> error -+ sslContext->ctx = 0; -+ unsupportedProtocol = true; -+#endif -+ break; -+ case QSsl::TlsV1_2: -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L -+ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); -+#else -+ // TLS 1.2 not supported by the system, but chosen deliberately -> error -+ sslContext->ctx = 0; -+ unsupportedProtocol = true; -+#endif -+ break; -+ case QSsl::TlsV1_0OrLater: -+ // Specific protocols will be specified via SSL options. -+ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); -+ break; -+ case QSsl::TlsV1_1OrLater: -+ case QSsl::TlsV1_2OrLater: -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L -+ // Specific protocols will be specified via SSL options. -+ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); -+#else -+ // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error -+ sslContext->ctx = 0; -+ unsupportedProtocol = true; -+#endif -+ break; -+ } -+ -+ if (!sslContext->ctx) { -+ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them -+ // by re-initializing the library. -+ if (!reinitialized) { -+ reinitialized = true; -+ if (q_SSL_library_init() == 1) -+ goto init_context; -+ } -+ -+ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( -+ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() -+ ); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ // Enable bug workarounds. -+ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); -+ q_SSL_CTX_set_options(sslContext->ctx, options); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+ // Tell OpenSSL to release memory early -+ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html -+ if (q_SSLeay() >= 0x10000000L) -+ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); -+#endif -+ -+ // Initialize ciphers -+ QByteArray cipherString; -+ bool first = true; -+ QList ciphers = sslContext->sslConfiguration.ciphers(); -+ if (ciphers.isEmpty()) -+ ciphers = QSslSocketPrivate::defaultCiphers(); -+ for (const QSslCipher &cipher : qAsConst(ciphers)) { -+ if (first) -+ first = false; -+ else -+ cipherString.append(':'); -+ cipherString.append(cipher.name().toLatin1()); -+ } -+ -+ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { -+ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ const QDateTime now = QDateTime::currentDateTimeUtc(); -+ -+ // Add all our CAs to this store. -+ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); -+ for (const QSslCertificate &caCertificate : caCertificates) { -+ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: -+ // -+ // If several CA certificates matching the name, key identifier, and -+ // serial number condition are available, only the first one will be -+ // examined. This may lead to unexpected results if the same CA -+ // certificate is available with different expiration dates. If a -+ // ``certificate expired'' verification error occurs, no other -+ // certificate will be searched. Make sure to not have expired -+ // certificates mixed with valid ones. -+ // -+ // See also: QSslSocketBackendPrivate::verify() -+ if (caCertificate.expiryDate() >= now) { -+ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); -+ } -+ } -+ -+ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { -+ // tell OpenSSL the directories where to look up the root certs on demand -+ const QList unixDirs = QSslSocketPrivate::unixRootCertDirectories(); -+ for (const QByteArray &unixDir : unixDirs) -+ q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); -+ } -+ -+ if (!sslContext->sslConfiguration.localCertificate().isNull()) { -+ // Require a private key as well. -+ if (sslContext->sslConfiguration.privateKey().isNull()) { -+ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ // Load certificate -+ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { -+ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { -+ sslContext->pkey = reinterpret_cast(configuration.d->privateKey.handle()); -+ } else { -+ // Load private key -+ sslContext->pkey = q_EVP_PKEY_new(); -+ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. -+ // this lead to a memory leak. Now we use the *_set1_* functions which do not -+ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. -+ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) -+ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); -+ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) -+ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); -+#ifndef OPENSSL_NO_EC -+ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) -+ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); -+#endif -+ } -+ -+ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { -+ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) -+ sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey -+ -+ // Check if the certificate matches the private key. -+ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { -+ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ // If we have any intermediate certificates then we need to add them to our chain -+ bool first = true; -+ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { -+ if (first) { -+ first = false; -+ continue; -+ } -+ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, -+ q_X509_dup(reinterpret_cast(cert.handle()))); -+ } -+ } -+ -+ // Initialize peer verification. -+ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { -+ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); -+ } else { -+ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); -+ } -+ -+ // Set verification depth. -+ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) -+ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); -+ -+ // set persisted session if the user set it -+ if (!configuration.sessionTicket().isEmpty()) -+ sslContext->setSessionASN1(configuration.sessionTicket()); -+ -+ // Set temp DH params -+ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); -+ -+ if (!dhparams.isValid()) { -+ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ return; -+ } -+ -+ if (!dhparams.isEmpty()) { -+ const QByteArray ¶ms = dhparams.d->derData; -+ const char *ptr = params.constData(); -+ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast(&ptr), params.length()); -+ if (dh == NULL) -+ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); -+ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); -+ q_DH_free(dh); -+ } -+ -+#ifndef OPENSSL_NO_EC -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L -+ if (q_SSLeay() >= 0x10002000L) { -+ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); -+ } else -+#endif -+ { -+ // Set temp ECDH params -+ EC_KEY *ecdh = 0; -+ ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); -+ q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); -+ q_EC_KEY_free(ecdh); -+ } -+#endif // OPENSSL_NO_EC -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) -+ if (!client) -+ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); -+#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) -+ -+ const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); -+ if (!qcurves.isEmpty()) { -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+ // Set the curves to be used -+ if (q_SSLeay() >= 0x10002000L) { -+ // SSL_CTX_ctrl wants a non-const pointer as last argument, -+ // but let's avoid a copy into a temporary array -+ if (!q_SSL_CTX_ctrl(sslContext->ctx, -+ SSL_CTRL_SET_CURVES, -+ qcurves.size(), -+ const_cast(reinterpret_cast(qcurves.data())))) { -+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ } -+ } else -+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+ { -+ // specific curves requested, but not possible to set -> error -+ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); -+ sslContext->errorCode = QSslError::UnspecifiedError; -+ } -+ } -+} -+ -+QT_END_NAMESPACE -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp 2017-07-27 13:36:11.795844480 +0200 + +diff --git a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +index 90687b0..5ebad82 100644 +--- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp ++++ b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp @@ -1,6 +1,7 @@ /**************************************************************************** ** @@ -1248,17 +555,17 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qssldiffiehellmanpara @@ -50,8 +51,8 @@ #include #endif - + -// For q_BN_is_word. #include +#include - + QT_BEGIN_NAMESPACE - -@@ -62,13 +63,6 @@ - + +@@ -62,13 +63,6 @@ static bool isSafeDH(DH *dh) + QSslSocketPrivate::ensureInitialized(); - + - // Mark p < 1024 bits as unsafe. - if (q_BN_num_bits(dh->p) < 1024) { - return false; @@ -1266,10 +573,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qssldiffiehellmanpara - - if (q_DH_check(dh, &status) != 1) - return false; - + // From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters: // -@@ -81,11 +75,39 @@ +@@ -81,11 +75,39 @@ static bool isSafeDH(DH *dh) // Without the test, the IETF parameters would // fail validation. For details, see Diffie-Hellman // Parameter Check (when g = 2, must p mod 24 == 11?). @@ -1306,23 +613,25 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qssldiffiehellmanpara status &= ~DH_NOT_SUITABLE_GENERATOR; } +#endif - + bad |= DH_CHECK_P_NOT_PRIME; bad |= DH_CHECK_P_NOT_SAFE_PRIME; -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve.h ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve.h 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve.h 2017-07-27 13:36:11.795844480 +0200 -@@ -80,6 +80,7 @@ +diff --git a/src/network/ssl/qsslellipticcurve.h b/src/network/ssl/qsslellipticcurve.h +index 2315660..57dda19 100644 +--- a/src/network/ssl/qsslellipticcurve.h ++++ b/src/network/ssl/qsslellipticcurve.h +@@ -80,6 +80,7 @@ private: friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW; friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW; - + + friend class QSslContext; friend class QSslSocketPrivate; friend class QSslSocketBackendPrivate; }; -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve_openssl.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslellipticcurve_openssl.cpp 2017-07-27 13:36:11.795844480 +0200 +diff --git a/src/network/ssl/qsslellipticcurve_openssl.cpp b/src/network/ssl/qsslellipticcurve_openssl.cpp +index e18197b..8cd1483 100644 +--- a/src/network/ssl/qsslellipticcurve_openssl.cpp ++++ b/src/network/ssl/qsslellipticcurve_openssl.cpp @@ -1,6 +1,7 @@ /**************************************************************************** ** @@ -1331,31 +640,32 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslellipticcurve_ope ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. -@@ -78,17 +79,18 @@ +@@ -78,17 +79,18 @@ QSslEllipticCurve QSslEllipticCurve::fromShortName(const QString &name) QSslEllipticCurve result; - + #ifndef OPENSSL_NO_EC - const QByteArray curveNameLatin1 = name.toLatin1(); - + + const QByteArray curveNameLatin1 = name.toLatin1(); int nid = q_OBJ_sn2nid(curveNameLatin1.data()); - + #if OPENSSL_VERSION_NUMBER >= 0x10002000L - if (nid == 0 && q_SSLeay() >= 0x10002000L) + if (nid == 0 && QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) nid = q_EC_curve_nist2nid(curveNameLatin1.data()); #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L - + result.id = nid; -#endif + +#endif // !OPENSSL_NO_EC - + return result; } -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslkey_openssl.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslkey_openssl.cpp 2017-07-27 13:36:11.795844480 +0200 +diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp +index 2611902..2b03af9 100644 +--- a/src/network/ssl/qsslkey_openssl.cpp ++++ b/src/network/ssl/qsslkey_openssl.cpp @@ -1,6 +1,7 @@ /**************************************************************************** ** @@ -1365,10 +675,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp q ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. -@@ -84,33 +85,30 @@ - - bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) - { +@@ -87,33 +88,32 @@ bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) + if (pkey == nullptr) + return false; + - if (pkey->type == EVP_PKEY_RSA) { +#if QT_CONFIG(opensslv11) + const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); @@ -1379,7 +689,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp q isNull = false; algorithm = QSsl::Rsa; type = QSsl::PrivateKey; -- + - rsa = q_RSA_new(); - memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); - @@ -1391,7 +701,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp q isNull = false; algorithm = QSsl::Dsa; type = QSsl::PrivateKey; -- + - dsa = q_DSA_new(); - memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA)); - @@ -1410,9 +720,9 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp q return true; } #endif -@@ -178,8 +176,8 @@ +@@ -181,8 +181,8 @@ int QSslKeyPrivate::length() const return -1; - + switch (algorithm) { - case QSsl::Rsa: return q_BN_num_bits(rsa->n); - case QSsl::Dsa: return q_BN_num_bits(dsa->p); @@ -1421,8 +731,8 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp q #ifndef OPENSSL_NO_EC case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); #endif -@@ -273,7 +271,13 @@ - +@@ -276,7 +276,13 @@ Qt::HANDLE QSslKeyPrivate::handle() const + static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) { - EVP_CIPHER_CTX ctx; @@ -1435,9 +745,9 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp q + const EVP_CIPHER* type = 0; int i = 0, len = 0; - -@@ -291,21 +295,44 @@ - + +@@ -294,21 +300,44 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, + QByteArray output; output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); - q_EVP_CIPHER_CTX_init(&ctx); @@ -1486,437 +796,13 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslkey_openssl.cpp q +#else + q_EVP_CIPHER_CTX_cleanup(ctx); +#endif - + return output.left(len); } -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11.cpp 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11.cpp 2017-07-27 13:36:11.797844405 +0200 -@@ -0,0 +1,285 @@ -+/**************************************************************************** -+** -+** Copyright (C) 2017 The Qt Company Ltd. -+** Copyright (C) 2014 Governikus GmbH & Co. KG -+** Copyright (C) 2016 Richard J. Moore -+** Contact: https://www.qt.io/licensing/ -+** -+** This file is part of the QtNetwork module of the Qt Toolkit. -+** -+** $QT_BEGIN_LICENSE:LGPL$ -+** Commercial License Usage -+** Licensees holding valid commercial Qt licenses may use this file in -+** accordance with the commercial license agreement provided with the -+** Software or, alternatively, in accordance with the terms contained in -+** a written agreement between you and The Qt Company. For licensing terms -+** and conditions see https://www.qt.io/terms-conditions. For further -+** information use the contact form at https://www.qt.io/contact-us. -+** -+** GNU Lesser General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU Lesser -+** General Public License version 3 as published by the Free Software -+** Foundation and appearing in the file LICENSE.LGPL3 included in the -+** packaging of this file. Please review the following information to -+** ensure the GNU Lesser General Public License version 3 requirements -+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -+** -+** GNU General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU -+** General Public License version 2.0 or (at your option) the GNU General -+** Public license version 3 or any later version approved by the KDE Free -+** Qt Foundation. The licenses are as published by the Free Software -+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -+** included in the packaging of this file. Please review the following -+** information to ensure the GNU General Public License requirements will -+** be met: https://www.gnu.org/licenses/gpl-2.0.html and -+** https://www.gnu.org/licenses/gpl-3.0.html. -+** -+** $QT_END_LICENSE$ -+** -+****************************************************************************/ -+ -+/**************************************************************************** -+** -+** In addition, as a special exception, the copyright holders listed above give -+** permission to link the code of its release of Qt with the OpenSSL project's -+** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the -+** same license as the original version), and distribute the linked executables. -+** -+** You must comply with the GNU General Public License version 2 in all -+** respects for all of the code used other than the "OpenSSL" code. If you -+** modify this file, you may extend this exception to your version of the file, -+** but you are not obligated to do so. If you do not wish to do so, delete -+** this exception statement from your version of this file. -+** -+****************************************************************************/ -+ -+//#define QT_DECRYPT_SSL_TRAFFIC -+ -+#include "qssl_p.h" -+#include "qsslsocket_openssl_p.h" -+#include "qsslsocket_openssl_symbols_p.h" -+#include "qsslsocket.h" -+#include "qsslkey.h" -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+QT_BEGIN_NAMESPACE -+ -+Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_opensslInitMutex, (QMutex::Recursive)) -+ -+/*! -+ \internal -+*/ -+void QSslSocketPrivate::deinitialize() -+{ -+ // This function exists only for compatibility with the pre-11 code, -+ // where deinitialize() actually does some cleanup. To be discarded -+ // once we retire < 1.1. -+} -+ -+bool QSslSocketPrivate::ensureLibraryLoaded() -+{ -+ if (!q_resolveOpenSslSymbols()) -+ return false; -+ -+ const QMutexLocker locker(qt_opensslInitMutex); -+ -+ if (!s_libraryLoaded) { -+ s_libraryLoaded = true; -+ -+ // Initialize OpenSSL. -+ if (q_OPENSSL_init_ssl(0, nullptr) != 1) -+ return false; -+ q_SSL_load_error_strings(); -+ q_OpenSSL_add_all_algorithms(); -+ -+ QSslSocketBackendPrivate::s_indexForSSLExtraData -+ = q_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0L, nullptr, nullptr, -+ nullptr, nullptr); -+ -+ // Initialize OpenSSL's random seed. -+ if (!q_RAND_status()) { -+ qWarning("Random number generator not seeded, disabling SSL support"); -+ return false; -+ } -+ } -+ return true; -+} -+ -+void QSslSocketPrivate::ensureCiphersAndCertsLoaded() -+{ -+ const QMutexLocker locker(qt_opensslInitMutex); -+ -+ if (s_loadedCiphersAndCerts) -+ return; -+ s_loadedCiphersAndCerts = true; -+ -+ resetDefaultCiphers(); -+ resetDefaultEllipticCurves(); -+ -+#if QT_CONFIG(library) -+ //load symbols needed to receive certificates from system store -+#if defined(Q_OS_WIN) -+ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); -+ if (hLib) { -+ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); -+ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); -+ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); -+ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) -+ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen -+ } else { -+ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen -+ } -+#elif defined(Q_OS_QNX) -+ s_loadRootCertsOnDemand = true; -+#elif defined(Q_OS_UNIX) && !defined(Q_OS_DARWIN) -+ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) -+ QList dirs = unixRootCertDirectories(); -+ QStringList symLinkFilter; -+ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); -+ for (int a = 0; a < dirs.count(); ++a) { -+ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); -+ if (iterator.hasNext()) { -+ s_loadRootCertsOnDemand = true; -+ break; -+ } -+ } -+#endif -+#endif // QT_CONFIG(library) -+ // if on-demand loading was not enabled, load the certs now -+ if (!s_loadRootCertsOnDemand) -+ setDefaultCaCertificates(systemCaCertificates()); -+#ifdef Q_OS_WIN -+ //Enabled for fetching additional root certs from windows update on windows 6+ -+ //This flag is set false by setDefaultCaCertificates() indicating the app uses -+ //its own cert bundle rather than the system one. -+ //Same logic that disables the unix on demand cert loading. -+ //Unlike unix, we do preload the certificates from the cert store. -+ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) -+ s_loadRootCertsOnDemand = true; -+#endif -+} -+ -+long QSslSocketPrivate::sslLibraryVersionNumber() -+{ -+ if (!supportsSsl()) -+ return 0; -+ -+ return q_OpenSSL_version_num(); -+} -+ -+QString QSslSocketPrivate::sslLibraryVersionString() -+{ -+ if (!supportsSsl()) -+ return QString(); -+ -+ const char *versionString = q_OpenSSL_version(OPENSSL_VERSION); -+ if (!versionString) -+ return QString(); -+ -+ return QString::fromLatin1(versionString); -+} -+ -+void QSslSocketBackendPrivate::continueHandshake() -+{ -+ Q_Q(QSslSocket); -+ // if we have a max read buffer size, reset the plain socket's to match -+ if (readBufferMaxSize) -+ plainSocket->setReadBufferSize(readBufferMaxSize); -+ -+ if (q_SSL_session_reused(ssl)) -+ configuration.peerSessionShared = true; -+ -+#ifdef QT_DECRYPT_SSL_TRAFFIC -+ if (q_SSL_get_session(ssl)) { -+ size_t master_key_len = q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), 0, 0); -+ size_t client_random_len = q_SSL_get_client_random(ssl, 0, 0); -+ QByteArray masterKey(int(master_key_len), 0); // Will not overflow -+ QByteArray clientRandom(int(client_random_len), 0); // Will not overflow -+ -+ q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), -+ reinterpret_cast(masterKey.data()), -+ masterKey.size()); -+ q_SSL_get_client_random(ssl, reinterpret_cast(clientRandom.data()), -+ clientRandom.size()); -+ -+ QByteArray debugLineClientRandom("CLIENT_RANDOM "); -+ debugLineClientRandom.append(clientRandom.toHex().toUpper()); -+ debugLineClientRandom.append(" "); -+ debugLineClientRandom.append(masterKey.toHex().toUpper()); -+ debugLineClientRandom.append("\n"); -+ -+ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); -+ QFile file(sslKeyFile); -+ if (!file.open(QIODevice::Append)) -+ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; -+ if (!file.write(debugLineClientRandom)) -+ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; -+ file.close(); -+ } else { -+ qCWarning(lcSsl, "could not decrypt SSL traffic"); -+ } -+#endif -+ -+ // Cache this SSL session inside the QSslContext -+ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { -+ if (!sslContextPointer->cacheSession(ssl)) { -+ sslContextPointer.clear(); // we could not cache the session -+ } else { -+ // Cache the session for permanent usage as well -+ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { -+ if (!sslContextPointer->sessionASN1().isEmpty()) -+ configuration.sslSession = sslContextPointer->sessionASN1(); -+ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); -+ } -+ } -+ } -+ -+#if !defined(OPENSSL_NO_NEXTPROTONEG) -+ -+ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; -+ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { -+ // we could not agree -> be conservative and use HTTP/1.1 -+ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); -+ } else { -+ const unsigned char *proto = 0; -+ unsigned int proto_len = 0; -+ -+ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); -+ if (proto_len && mode == QSslSocket::SslClientMode) { -+ // Client does not have a callback that sets it ... -+ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; -+ } -+ -+ if (!proto_len) { // Test if NPN was more lucky ... -+ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); -+ } -+ -+ if (proto_len) -+ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast(proto), proto_len); -+ else -+ configuration.nextNegotiatedProtocol.clear(); -+ } -+#endif // !defined(OPENSSL_NO_NEXTPROTONEG) -+ -+ if (mode == QSslSocket::SslClientMode) { -+ EVP_PKEY *key; -+ if (q_SSL_get_server_tmp_key(ssl, &key)) -+ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); -+ } -+ -+ connectionEncrypted = true; -+ emit q->encrypted(); -+ if (autoStartHandshake && pendingClose) { -+ pendingClose = false; -+ q->disconnectFromHost(); -+ } -+} -+ -+QT_END_NAMESPACE -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11_symbols_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11_symbols_p.h ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl11_symbols_p.h 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl11_symbols_p.h 2017-07-27 13:36:11.798844367 +0200 -@@ -0,0 +1,132 @@ -+/**************************************************************************** -+** -+** Copyright (C) 2017 The Qt Company Ltd. -+** Copyright (C) 2014 BlackBerry Limited. All rights reserved. -+** Copyright (C) 2016 Richard J. Moore -+** Contact: https://www.qt.io/licensing/ -+** -+** This file is part of the QtNetwork module of the Qt Toolkit. -+** -+** $QT_BEGIN_LICENSE:LGPL$ -+** Commercial License Usage -+** Licensees holding valid commercial Qt licenses may use this file in -+** accordance with the commercial license agreement provided with the -+** Software or, alternatively, in accordance with the terms contained in -+** a written agreement between you and The Qt Company. For licensing terms -+** and conditions see https://www.qt.io/terms-conditions. For further -+** information use the contact form at https://www.qt.io/contact-us. -+** -+** GNU Lesser General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU Lesser -+** General Public License version 3 as published by the Free Software -+** Foundation and appearing in the file LICENSE.LGPL3 included in the -+** packaging of this file. Please review the following information to -+** ensure the GNU Lesser General Public License version 3 requirements -+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -+** -+** GNU General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU -+** General Public License version 2.0 or (at your option) the GNU General -+** Public license version 3 or any later version approved by the KDE Free -+** Qt Foundation. The licenses are as published by the Free Software -+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -+** included in the packaging of this file. Please review the following -+** information to ensure the GNU General Public License requirements will -+** be met: https://www.gnu.org/licenses/gpl-2.0.html and -+** https://www.gnu.org/licenses/gpl-3.0.html. -+** -+** $QT_END_LICENSE$ -+** -+****************************************************************************/ -+ -+/**************************************************************************** -+** -+** In addition, as a special exception, the copyright holders listed above give -+** permission to link the code of its release of Qt with the OpenSSL project's -+** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the -+** same license as the original version), and distribute the linked executables. -+** -+** You must comply with the GNU General Public License version 2 in all -+** respects for all of the code used other than the "OpenSSL" code. If you -+** modify this file, you may extend this exception to your version of the file, -+** but you are not obligated to do so. If you do not wish to do so, delete -+** this exception statement from your version of this file. -+** -+****************************************************************************/ -+ -+#ifndef QSSLSOCKET_OPENSSL11_SYMBOLS_P_H -+#define QSSLSOCKET_OPENSSL11_SYMBOLS_P_H -+ -+// -+// W A R N I N G -+// ------------- -+// -+// This file is not part of the Qt API. It exists purely as an -+// implementation detail. This header file may change from version to -+// version without notice, or even be removed. -+// -+// We mean it. -+// -+ -+// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done -+// in qsslsocket_openssl_symbols_p.h. -+ -+#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H -+#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" -+#endif -+ -+const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); -+ -+Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); -+Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); -+ -+int q_DSA_bits(DSA *a); -+int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); -+int q_EVP_PKEY_base_id(EVP_PKEY *a); -+int q_RSA_bits(RSA *a); -+int q_OPENSSL_sk_num(OPENSSL_STACK *a); -+void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); -+OPENSSL_STACK *q_OPENSSL_sk_new_null(); -+void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); -+void q_OPENSSL_sk_free(OPENSSL_STACK *a); -+void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); -+int q_SSL_session_reused(SSL *a); -+unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); -+int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); -+size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen); -+size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); -+int q_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+const SSL_METHOD *q_TLS_method(); -+const SSL_METHOD *q_TLS_client_method(); -+const SSL_METHOD *q_TLS_server_method(); -+ASN1_TIME *q_X509_getm_notBefore(X509 *a); -+ASN1_TIME *q_X509_getm_notAfter(X509 *a); -+ -+long q_X509_get_version(X509 *a); -+EVP_PKEY *q_X509_get_pubkey(X509 *a); -+void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); -+STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); -+void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -+int q_DH_bits(DH *dh); -+ -+# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ -+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) -+ -+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) -+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) -+ -+#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -+ | OPENSSL_INIT_ADD_ALL_DIGESTS \ -+ | OPENSSL_INIT_LOAD_CONFIG, NULL) -+#define q_OPENSSL_add_all_algorithms_noconf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ -+ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) -+ -+int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); -+void q_CRYPTO_free(void *str, const char *file, int line); -+ -+long q_OpenSSL_version_num(); -+const char *q_OpenSSL_version(int type); -+ -+unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); -+ -+#endif -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cpp 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl.cpp 2017-07-27 13:36:11.797844405 +0200 +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index ab82cdc..c838e01 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -1,6 +1,6 @@ /**************************************************************************** ** @@ -1925,10 +811,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp ** Copyright (C) 2014 Governikus GmbH & Co. KG ** Contact: https://www.qt.io/licensing/ ** -@@ -97,70 +97,6 @@ +@@ -97,70 +97,6 @@ bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; #endif - + -/* \internal - - From OpenSSL's thread(3) manual page: @@ -1996,9 +882,9 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() { QString errorString; -@@ -175,20 +111,6 @@ +@@ -175,20 +111,6 @@ QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() } - + extern "C" { -static void locking_function(int mode, int lockNumber, const char *, int) -{ @@ -2014,27 +900,27 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp -{ - return (quintptr)QThread::currentThreadId(); -} - + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) static unsigned int q_ssl_psk_client_callback(SSL *ssl, -@@ -227,7 +149,7 @@ +@@ -227,7 +149,7 @@ QSslSocketBackendPrivate::~QSslSocketBackendPrivate() destroySslContext(); } - + -QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) +QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher) { QSslCipher ciph; - -@@ -283,6 +205,7 @@ + +@@ -283,6 +205,7 @@ struct QSslErrorList QMutex mutex; QVector errors; }; + Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) - + int q_X509Callback(int ok, X509_STORE_CTX *ctx) -@@ -312,7 +235,7 @@ +@@ -312,7 +235,7 @@ int q_X509Callback(int ok, X509_STORE_CTX *ctx) } #endif } @@ -2043,7 +929,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp // errors gracefully after collecting all errors, after verification has // completed. return 1; -@@ -397,7 +320,7 @@ +@@ -397,7 +320,7 @@ bool QSslSocketBackendPrivate::initSslContext() if (configuration.protocol != QSsl::SslV2 && configuration.protocol != QSsl::SslV3 && configuration.protocol != QSsl::UnknownProtocol && @@ -2052,15 +938,15 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; if (tlsHostName.isEmpty()) -@@ -438,13 +361,13 @@ - +@@ -438,13 +361,13 @@ bool QSslSocketBackendPrivate::initSslContext() + #if OPENSSL_VERSION_NUMBER >= 0x10001000L // Save a pointer to this object into the SSL structure. - if (q_SSLeay() >= 0x10001000L) + if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) q_SSL_set_ex_data(ssl, s_indexForSSLExtraData, this); #endif - + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) // Set the client callback for PSK - if (q_SSLeay() >= 0x10001000L) { @@ -2068,8 +954,8 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp if (mode == QSslSocket::SslClientMode) q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_client_callback); else if (mode == QSslSocket::SslServerMode) -@@ -466,16 +389,6 @@ - +@@ -466,16 +389,6 @@ void QSslSocketBackendPrivate::destroySslContext() + /*! \internal -*/ @@ -2082,13 +968,13 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp - -/*! - \internal - + Does the minimum amount of initialization to determine whether SSL is supported or not. -@@ -486,91 +399,6 @@ +@@ -486,91 +399,6 @@ bool QSslSocketPrivate::supportsSsl() return ensureLibraryLoaded(); } - + -bool QSslSocketPrivate::ensureLibraryLoaded() -{ - if (!q_resolveOpenSslSymbols()) @@ -2174,13 +1060,13 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp - s_loadRootCertsOnDemand = true; -#endif -} - + /*! \internal -@@ -587,26 +415,6 @@ +@@ -587,26 +415,6 @@ void QSslSocketPrivate::ensureInitialized() ensureCiphersAndCertsLoaded(); } - + -long QSslSocketPrivate::sslLibraryVersionNumber() -{ - if (!supportsSsl()) @@ -2204,7 +1090,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp long QSslSocketPrivate::sslLibraryBuildVersionNumber() { return OPENSSL_VERSION_NUMBER; -@@ -628,7 +436,11 @@ +@@ -628,7 +436,11 @@ QString QSslSocketPrivate::sslLibraryBuildVersionString() */ void QSslSocketPrivate::resetDefaultCiphers() { @@ -2214,18 +1100,18 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); +#endif SSL *mySsl = q_SSL_new(myCtx); - + QList ciphers; -@@ -664,7 +476,7 @@ +@@ -664,7 +476,7 @@ void QSslSocketPrivate::resetDefaultEllipticCurves() QVector curves; - + #ifndef OPENSSL_NO_EC - const size_t curveCount = q_EC_get_builtin_curves(NULL, 0); + const size_t curveCount = q_EC_get_builtin_curves(nullptr, 0); - + QVarLengthArray builtinCurves(static_cast(curveCount)); - -@@ -698,13 +510,14 @@ + +@@ -698,13 +510,14 @@ QList QSslSocketPrivate::systemCaCertificates() if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { HCERTSTORE hSystemStore; hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); @@ -2246,7 +1132,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp QSslCertificate cert(der, QSsl::Der); systemCerts.append(cert); } -@@ -1502,14 +1315,8 @@ +@@ -1502,14 +1315,8 @@ QSslCipher QSslSocketBackendPrivate::sessionCipher() const { if (!ssl) return QSslCipher(); @@ -2262,11 +1148,11 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp + const SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); } - -@@ -1535,112 +1342,6 @@ + +@@ -1535,112 +1342,6 @@ QSsl::SslProtocol QSslSocketBackendPrivate::sessionProtocol() const return QSsl::UnknownProtocol; } - + -void QSslSocketBackendPrivate::continueHandshake() -{ - Q_Q(QSslSocket); @@ -2376,22 +1262,22 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp QList QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) { ensureInitialized(); -@@ -1694,12 +1395,12 @@ +@@ -1694,12 +1395,12 @@ QList QSslSocketBackendPrivate::verify(const QList & QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex); - + // Register a custom callback to get all verification errors. - X509_STORE_set_verify_cb_func(certStore, q_X509Callback); + q_X509_STORE_set_verify_cb(certStore, q_X509Callback); - + // Build the chain of intermediate certificates STACK_OF(X509) *intermediates = 0; if (certificateChain.length() > 1) { - intermediates = (STACK_OF(X509) *) q_sk_new_null(); + intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null(); - + if (!intermediates) { q_X509_STORE_free(certStore); -@@ -1713,11 +1414,8 @@ +@@ -1713,11 +1414,8 @@ QList QSslSocketBackendPrivate::verify(const QList & first = false; continue; } @@ -2404,10 +1290,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp + q_OPENSSL_sk_push((OPENSSL_STACK *)intermediates, reinterpret_cast(cert.handle())); } } - -@@ -1741,11 +1439,7 @@ + +@@ -1741,11 +1439,7 @@ QList QSslSocketBackendPrivate::verify(const QList & (void) q_X509_verify_cert(storeContext); - + q_X509_STORE_CTX_free(storeContext); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - q_sk_free( (_STACK *) intermediates); @@ -2415,10 +1301,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp - q_sk_free( (STACK *) intermediates); -#endif + q_OPENSSL_sk_free((OPENSSL_STACK *)intermediates); - + // Now process the errors const auto errorList = std::move(_q_sslErrorList()->errors); -@@ -1819,7 +1513,8 @@ +@@ -1819,7 +1513,8 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device, // Convert to Qt types if (!key->d->fromEVP_PKEY(pkey)) { qCWarning(lcSsl, "Unable to convert private key"); @@ -2428,9 +1314,9 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp q_X509_free(x509); q_EVP_PKEY_free(pkey); q_PKCS12_free(p12); -@@ -1834,7 +1529,11 @@ +@@ -1834,7 +1529,11 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device, *caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca); - + // Clean up - q_sk_pop_free(reinterpret_cast(ca), reinterpret_cast(q_sk_free)); + // TODO: verify ASAP, in the past we had sk_pop_free with q_OPENSSL_sk_free @@ -2441,9 +1327,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl.cp q_X509_free(x509); q_EVP_PKEY_free(pkey); q_PKCS12_free(p12); -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_p.h ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_p.h 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_p.h 2017-07-27 13:36:11.798844367 +0200 +diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h +index b2adb3e..7f9e884 100644 +--- a/src/network/ssl/qsslsocket_openssl_p.h ++++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -1,6 +1,6 @@ /**************************************************************************** ** @@ -2455,688 +1342,27 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_p. @@ -98,8 +98,8 @@ #include #include - + -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -typedef _STACK STACK; +#if QT_CONFIG(opensslv11) +#include #endif - + QT_BEGIN_NAMESPACE -@@ -151,7 +151,7 @@ +@@ -151,7 +151,7 @@ public: #endif - + Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); - static QSslCipher QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher); + static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); static QList STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); static QList verify(const QList &certificateChain, const QString &hostName); static QString getErrorsFromOpenSsl(); -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11.cpp 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11.cpp 2017-07-27 13:36:11.800844292 +0200 -@@ -0,0 +1,424 @@ -+/**************************************************************************** -+** -+** Copyright (C) 2017 The Qt Company Ltd. -+** Copyright (C) 2014 Governikus GmbH & Co. KG -+** Contact: https://www.qt.io/licensing/ -+** -+** This file is part of the QtNetwork module of the Qt Toolkit. -+** -+** $QT_BEGIN_LICENSE:LGPL$ -+** Commercial License Usage -+** Licensees holding valid commercial Qt licenses may use this file in -+** accordance with the commercial license agreement provided with the -+** Software or, alternatively, in accordance with the terms contained in -+** a written agreement between you and The Qt Company. For licensing terms -+** and conditions see https://www.qt.io/terms-conditions. For further -+** information use the contact form at https://www.qt.io/contact-us. -+** -+** GNU Lesser General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU Lesser -+** General Public License version 3 as published by the Free Software -+** Foundation and appearing in the file LICENSE.LGPL3 included in the -+** packaging of this file. Please review the following information to -+** ensure the GNU Lesser General Public License version 3 requirements -+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -+** -+** GNU General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU -+** General Public License version 2.0 or (at your option) the GNU General -+** Public license version 3 or any later version approved by the KDE Free -+** Qt Foundation. The licenses are as published by the Free Software -+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -+** included in the packaging of this file. Please review the following -+** information to ensure the GNU General Public License requirements will -+** be met: https://www.gnu.org/licenses/gpl-2.0.html and -+** https://www.gnu.org/licenses/gpl-3.0.html. -+** -+** $QT_END_LICENSE$ -+** -+****************************************************************************/ -+ -+/**************************************************************************** -+** -+** In addition, as a special exception, the copyright holders listed above give -+** permission to link the code of its release of Qt with the OpenSSL project's -+** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the -+** same license as the original version), and distribute the linked executables. -+** -+** You must comply with the GNU General Public License version 2 in all -+** respects for all of the code used other than the "OpenSSL" code. If you -+** modify this file, you may extend this exception to your version of the file, -+** but you are not obligated to do so. If you do not wish to do so, delete -+** this exception statement from your version of this file. -+** -+****************************************************************************/ -+ -+//#define QT_DECRYPT_SSL_TRAFFIC -+ -+#include "qssl_p.h" -+#include "qsslsocket_openssl_p.h" -+#include "qsslsocket_openssl_symbols_p.h" -+#include "qsslsocket.h" -+#include "qsslkey.h" -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+QT_BEGIN_NAMESPACE -+ -+/* \internal -+ -+ From OpenSSL's thread(3) manual page: -+ -+ OpenSSL can safely be used in multi-threaded applications provided that at -+ least two callback functions are set. -+ -+ locking_function(int mode, int n, const char *file, int line) is needed to -+ perform locking on shared data structures. (Note that OpenSSL uses a -+ number of global data structures that will be implicitly shared -+ whenever multiple threads use OpenSSL.) Multi-threaded -+ applications will crash at random if it is not set. ... -+ ... -+ id_function(void) is a function that returns a thread ID. It is not -+ needed on Windows nor on platforms where getpid() returns a different -+ ID for each thread (most notably Linux) -+*/ -+ -+class QOpenSslLocks -+{ -+public: -+ QOpenSslLocks() -+ : initLocker(QMutex::Recursive), -+ locksLocker(QMutex::Recursive) -+ { -+ QMutexLocker locker(&locksLocker); -+ int numLocks = q_CRYPTO_num_locks(); -+ locks = new QMutex *[numLocks]; -+ memset(locks, 0, numLocks * sizeof(QMutex *)); -+ } -+ ~QOpenSslLocks() -+ { -+ QMutexLocker locker(&locksLocker); -+ for (int i = 0; i < q_CRYPTO_num_locks(); ++i) -+ delete locks[i]; -+ delete [] locks; -+ -+ QSslSocketPrivate::deinitialize(); -+ } -+ QMutex *lock(int num) -+ { -+ QMutexLocker locker(&locksLocker); -+ QMutex *tmp = locks[num]; -+ if (!tmp) -+ tmp = locks[num] = new QMutex(QMutex::Recursive); -+ return tmp; -+ } -+ -+ QMutex *globalLock() -+ { -+ return &locksLocker; -+ } -+ -+ QMutex *initLock() -+ { -+ return &initLocker; -+ } -+ -+private: -+ QMutex initLocker; -+ QMutex locksLocker; -+ QMutex **locks; -+}; -+ -+Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) -+ -+extern "C" { -+static void locking_function(int mode, int lockNumber, const char *, int) -+{ -+ QMutex *mutex = openssl_locks()->lock(lockNumber); -+ -+ // Lock or unlock it -+ if (mode & CRYPTO_LOCK) -+ mutex->lock(); -+ else -+ mutex->unlock(); -+} -+static unsigned long id_function() -+{ -+ return (quintptr)QThread::currentThreadId(); -+} -+ -+} // extern "C" -+ -+static void q_OpenSSL_add_all_algorithms_safe() -+{ -+#ifdef Q_OS_WIN -+ // Prior to version 1.0.1m an attempt to call OpenSSL_add_all_algorithms on -+ // Windows could result in 'exit' call from OPENSSL_config (QTBUG-43843). -+ // We can predict this and avoid OPENSSL_add_all_algorithms call. -+ // From OpenSSL docs: -+ // "An application does not need to add algorithms to use them explicitly, -+ // for example by EVP_sha1(). It just needs to add them if it (or any of -+ // the functions it calls) needs to lookup algorithms. -+ // The cipher and digest lookup functions are used in many parts of the -+ // library. If the table is not initialized several functions will -+ // misbehave and complain they cannot find algorithms. This includes the -+ // PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in -+ // the OpenSSL mailing lists." -+ // -+ // Anyway, as a result, we chose not to call this function if it would exit. -+ -+ if (q_SSLeay() < 0x100010DFL) -+ { -+ // Now, before we try to call it, check if an attempt to open config file -+ // will result in exit: -+ if (char *confFileName = q_CONF_get1_default_config_file()) { -+ BIO *confFile = q_BIO_new_file(confFileName, "r"); -+ const auto lastError = q_ERR_peek_last_error(); -+ q_CRYPTO_free(confFileName); -+ if (confFile) { -+ q_BIO_free(confFile); -+ } else { -+ q_ERR_clear_error(); -+ if (ERR_GET_REASON(lastError) == ERR_R_SYS_LIB) { -+ qCWarning(lcSsl, "failed to open openssl.conf file"); -+ return; -+ } -+ } -+ } -+ } -+#endif // Q_OS_WIN -+ -+ q_OpenSSL_add_all_algorithms(); -+} -+ -+ -+/*! -+ \internal -+*/ -+void QSslSocketPrivate::deinitialize() -+{ -+ q_CRYPTO_set_id_callback(0); -+ q_CRYPTO_set_locking_callback(0); -+ q_ERR_free_strings(); -+} -+ -+ -+bool QSslSocketPrivate::ensureLibraryLoaded() -+{ -+ if (!q_resolveOpenSslSymbols()) -+ return false; -+ -+ // Check if the library itself needs to be initialized. -+ QMutexLocker locker(openssl_locks()->initLock()); -+ -+ if (!s_libraryLoaded) { -+ s_libraryLoaded = true; -+ -+ // Initialize OpenSSL. -+ q_CRYPTO_set_id_callback(id_function); -+ q_CRYPTO_set_locking_callback(locking_function); -+ if (q_SSL_library_init() != 1) -+ return false; -+ q_SSL_load_error_strings(); -+ q_OpenSSL_add_all_algorithms_safe(); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L -+ if (q_SSLeay() >= 0x10001000L) -+ QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); -+#endif -+ -+ // Initialize OpenSSL's random seed. -+ if (!q_RAND_status()) { -+ qWarning("Random number generator not seeded, disabling SSL support"); -+ return false; -+ } -+ } -+ return true; -+} -+ -+void QSslSocketPrivate::ensureCiphersAndCertsLoaded() -+{ -+ QMutexLocker locker(openssl_locks()->initLock()); -+ if (s_loadedCiphersAndCerts) -+ return; -+ s_loadedCiphersAndCerts = true; -+ -+ resetDefaultCiphers(); -+ resetDefaultEllipticCurves(); -+ -+#if QT_CONFIG(library) -+ //load symbols needed to receive certificates from system store -+#if defined(Q_OS_WIN) -+ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); -+ if (hLib) { -+ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); -+ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); -+ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); -+ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) -+ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen -+ } else { -+ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen -+ } -+#elif defined(Q_OS_QNX) -+ s_loadRootCertsOnDemand = true; -+#elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS) -+ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) -+ QList dirs = unixRootCertDirectories(); -+ QStringList symLinkFilter; -+ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); -+ for (int a = 0; a < dirs.count(); ++a) { -+ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); -+ if (iterator.hasNext()) { -+ s_loadRootCertsOnDemand = true; -+ break; -+ } -+ } -+#endif -+#endif // QT_CONFIG(library) -+ // if on-demand loading was not enabled, load the certs now -+ if (!s_loadRootCertsOnDemand) -+ setDefaultCaCertificates(systemCaCertificates()); -+#ifdef Q_OS_WIN -+ //Enabled for fetching additional root certs from windows update on windows 6+ -+ //This flag is set false by setDefaultCaCertificates() indicating the app uses -+ //its own cert bundle rather than the system one. -+ //Same logic that disables the unix on demand cert loading. -+ //Unlike unix, we do preload the certificates from the cert store. -+ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) -+ s_loadRootCertsOnDemand = true; -+#endif -+} -+ -+long QSslSocketPrivate::sslLibraryVersionNumber() -+{ -+ if (!supportsSsl()) -+ return 0; -+ -+ return q_SSLeay(); -+} -+ -+QString QSslSocketPrivate::sslLibraryVersionString() -+{ -+ if (!supportsSsl()) -+ return QString(); -+ -+ const char *versionString = q_SSLeay_version(SSLEAY_VERSION); -+ if (!versionString) -+ return QString(); -+ -+ return QString::fromLatin1(versionString); -+} -+ -+void QSslSocketBackendPrivate::continueHandshake() -+{ -+ Q_Q(QSslSocket); -+ // if we have a max read buffer size, reset the plain socket's to match -+ if (readBufferMaxSize) -+ plainSocket->setReadBufferSize(readBufferMaxSize); -+ -+ if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) -+ configuration.peerSessionShared = true; -+ -+#ifdef QT_DECRYPT_SSL_TRAFFIC -+ if (ssl->session && ssl->s3) { -+ const char *mk = reinterpret_cast(ssl->session->master_key); -+ QByteArray masterKey(mk, ssl->session->master_key_length); -+ const char *random = reinterpret_cast(ssl->s3->client_random); -+ QByteArray clientRandom(random, SSL3_RANDOM_SIZE); -+ -+ // different format, needed for e.g. older Wireshark versions: -+// const char *sid = reinterpret_cast(ssl->session->session_id); -+// QByteArray sessionID(sid, ssl->session->session_id_length); -+// QByteArray debugLineRSA("RSA Session-ID:"); -+// debugLineRSA.append(sessionID.toHex().toUpper()); -+// debugLineRSA.append(" Master-Key:"); -+// debugLineRSA.append(masterKey.toHex().toUpper()); -+// debugLineRSA.append("\n"); -+ -+ QByteArray debugLineClientRandom("CLIENT_RANDOM "); -+ debugLineClientRandom.append(clientRandom.toHex().toUpper()); -+ debugLineClientRandom.append(" "); -+ debugLineClientRandom.append(masterKey.toHex().toUpper()); -+ debugLineClientRandom.append("\n"); -+ -+ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); -+ QFile file(sslKeyFile); -+ if (!file.open(QIODevice::Append)) -+ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; -+ if (!file.write(debugLineClientRandom)) -+ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; -+ file.close(); -+ } else { -+ qCWarning(lcSsl, "could not decrypt SSL traffic"); -+ } -+#endif -+ -+ // Cache this SSL session inside the QSslContext -+ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { -+ if (!sslContextPointer->cacheSession(ssl)) { -+ sslContextPointer.clear(); // we could not cache the session -+ } else { -+ // Cache the session for permanent usage as well -+ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { -+ if (!sslContextPointer->sessionASN1().isEmpty()) -+ configuration.sslSession = sslContextPointer->sessionASN1(); -+ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); -+ } -+ } -+ } -+ -+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) -+ -+ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; -+ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { -+ // we could not agree -> be conservative and use HTTP/1.1 -+ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); -+ } else { -+ const unsigned char *proto = 0; -+ unsigned int proto_len = 0; -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L -+ if (q_SSLeay() >= 0x10002000L) { -+ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); -+ if (proto_len && mode == QSslSocket::SslClientMode) { -+ // Client does not have a callback that sets it ... -+ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; -+ } -+ } -+ -+ if (!proto_len) { // Test if NPN was more lucky ... -+#else -+ { -+#endif -+ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); -+ } -+ -+ if (proto_len) -+ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast(proto), proto_len); -+ else -+ configuration.nextNegotiatedProtocol.clear(); -+ } -+#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L -+ if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { -+ EVP_PKEY *key; -+ if (q_SSL_get_server_tmp_key(ssl, &key)) -+ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); -+ } -+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... -+ -+ connectionEncrypted = true; -+ emit q->encrypted(); -+ if (autoStartHandshake && pendingClose) { -+ pendingClose = false; -+ q->disconnectFromHost(); -+ } -+} -+ -+QT_END_NAMESPACE -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h 1970-01-01 01:00:00.000000000 +0100 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h 2017-07-27 13:36:11.801844254 +0200 -@@ -0,0 +1,230 @@ -+/**************************************************************************** -+** -+** Copyright (C) 2017 The Qt Company Ltd. -+** Copyright (C) 2014 BlackBerry Limited. All rights reserved. -+** Contact: https://www.qt.io/licensing/ -+** -+** This file is part of the QtNetwork module of the Qt Toolkit. -+** -+** $QT_BEGIN_LICENSE:LGPL$ -+** Commercial License Usage -+** Licensees holding valid commercial Qt licenses may use this file in -+** accordance with the commercial license agreement provided with the -+** Software or, alternatively, in accordance with the terms contained in -+** a written agreement between you and The Qt Company. For licensing terms -+** and conditions see https://www.qt.io/terms-conditions. For further -+** information use the contact form at https://www.qt.io/contact-us. -+** -+** GNU Lesser General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU Lesser -+** General Public License version 3 as published by the Free Software -+** Foundation and appearing in the file LICENSE.LGPL3 included in the -+** packaging of this file. Please review the following information to -+** ensure the GNU Lesser General Public License version 3 requirements -+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. -+** -+** GNU General Public License Usage -+** Alternatively, this file may be used under the terms of the GNU -+** General Public License version 2.0 or (at your option) the GNU General -+** Public license version 3 or any later version approved by the KDE Free -+** Qt Foundation. The licenses are as published by the Free Software -+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 -+** included in the packaging of this file. Please review the following -+** information to ensure the GNU General Public License requirements will -+** be met: https://www.gnu.org/licenses/gpl-2.0.html and -+** https://www.gnu.org/licenses/gpl-3.0.html. -+** -+** $QT_END_LICENSE$ -+** -+****************************************************************************/ -+ -+/**************************************************************************** -+** -+** In addition, as a special exception, the copyright holders listed above give -+** permission to link the code of its release of Qt with the OpenSSL project's -+** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the -+** same license as the original version), and distribute the linked executables. -+** -+** You must comply with the GNU General Public License version 2 in all -+** respects for all of the code used other than the "OpenSSL" code. If you -+** modify this file, you may extend this exception to your version of the file, -+** but you are not obligated to do so. If you do not wish to do so, delete -+** this exception statement from your version of this file. -+** -+****************************************************************************/ -+ -+ -+#ifndef QSSLSOCKET_OPENSSLPRE11_SYMBOLS_P_H -+#define QSSLSOCKET_OPENSSLPRE11_SYMBOLS_P_H -+ -+// -+// W A R N I N G -+// ------------- -+// -+// This file is not part of the Qt API. It exists purely as an -+// implementation detail. This header file may change from version to -+// version without notice, or even be removed. -+// -+// We mean it. -+// -+ -+// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done -+// in qsslsocket_openssl_symbols_p.h. -+ -+#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H -+#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" -+#endif -+ -+unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); -+BIO *q_BIO_new_file(const char *filename, const char *mode); -+void q_ERR_clear_error(); -+Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a); -+Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); -+int q_CRYPTO_num_locks(); -+void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); -+void q_CRYPTO_set_id_callback(unsigned long (*a)()); -+void q_CRYPTO_free(void *a); -+unsigned long q_ERR_peek_last_error(); -+void q_ERR_free_strings(); -+void q_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); -+void q_EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+typedef _STACK STACK; -+#endif -+ -+// The typedef we use to make our pre 1.1 code look more like 1.1 (less ifdefs). -+typedef STACK OPENSSL_STACK; -+ -+// We resolve q_sk_ functions, but use q_OPENSSL_sk_ macros in code to reduce -+// the amount of #ifdefs. -+int q_sk_num(STACK *a); -+#define q_OPENSSL_sk_num(a) q_sk_num(a) -+void q_sk_pop_free(STACK *a, void (*b)(void *)); -+#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b) -+STACK *q_sk_new_null(); -+#define q_OPENSSL_sk_new_null() q_sk_new_null() -+ -+void q_sk_free(STACK *a); -+ -+// Just a name alias (not a function call expression) since in code we take an -+// address of this: -+#define q_OPENSSL_sk_free q_sk_free -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+void *q_sk_value(STACK *a, int b); -+void q_sk_push(STACK *st, void *data); -+#else -+char *q_sk_value(STACK *a, int b); -+void q_sk_push(STACK *st, char *data); -+#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L -+ -+#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b) -+#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data) -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a); -+#else -+SSL_CTX *q_SSL_CTX_new(SSL_METHOD *a); -+#endif -+ -+int q_SSL_library_init(); -+void q_SSL_load_error_strings(); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L -+int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -+#endif -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#ifndef OPENSSL_NO_SSL2 -+const SSL_METHOD *q_SSLv2_client_method(); -+#endif -+#ifndef OPENSSL_NO_SSL3_METHOD -+const SSL_METHOD *q_SSLv3_client_method(); -+#endif -+const SSL_METHOD *q_SSLv23_client_method(); -+const SSL_METHOD *q_TLSv1_client_method(); -+const SSL_METHOD *q_TLSv1_1_client_method(); -+const SSL_METHOD *q_TLSv1_2_client_method(); -+#ifndef OPENSSL_NO_SSL2 -+const SSL_METHOD *q_SSLv2_server_method(); -+#endif -+#ifndef OPENSSL_NO_SSL3_METHOD -+const SSL_METHOD *q_SSLv3_server_method(); -+#endif -+const SSL_METHOD *q_SSLv23_server_method(); -+const SSL_METHOD *q_TLSv1_server_method(); -+const SSL_METHOD *q_TLSv1_1_server_method(); -+const SSL_METHOD *q_TLSv1_2_server_method(); -+#else -+#ifndef OPENSSL_NO_SSL2 -+SSL_METHOD *q_SSLv2_client_method(); -+#endif -+#ifndef OPENSSL_NO_SSL3_METHOD -+SSL_METHOD *q_SSLv3_client_method(); -+#endif -+SSL_METHOD *q_SSLv23_client_method(); -+SSL_METHOD *q_TLSv1_client_method(); -+SSL_METHOD *q_TLSv1_1_client_method(); -+SSL_METHOD *q_TLSv1_2_client_method(); -+#ifndef OPENSSL_NO_SSL2 -+SSL_METHOD *q_SSLv2_server_method(); -+#endif -+#ifndef OPENSSL_NO_SSL3_METHOD -+SSL_METHOD *q_SSLv3_server_method(); -+#endif -+SSL_METHOD *q_SSLv23_server_method(); -+SSL_METHOD *q_TLSv1_server_method(); -+SSL_METHOD *q_TLSv1_1_server_method(); -+SSL_METHOD *q_TLSv1_2_server_method(); -+#endif -+ -+STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); -+ -+#ifdef SSLEAY_MACROS -+int q_i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); -+int q_i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); -+RSA *q_d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); -+DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); -+#define q_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ -+ (RSA *)q_PEM_ASN1_read_bio( \ -+ (void *(*)(void**, const unsigned char**, long int))q_d2i_RSAPrivateKey, PEM_STRING_RSA, bp, (void **)x, cb, u) -+#define q_PEM_read_bio_DSAPrivateKey(bp, x, cb, u) \ -+ (DSA *)q_PEM_ASN1_read_bio( \ -+ (void *(*)(void**, const unsigned char**, long int))q_d2i_DSAPrivateKey, PEM_STRING_DSA, bp, (void **)x, cb, u) -+#define q_PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_RSAPrivateKey,PEM_STRING_RSA,\ -+ bp,(char *)x,enc,kstr,klen,cb,u) -+#define q_PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ -+ PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ -+ bp,(char *)x,enc,kstr,klen,cb,u) -+#define q_PEM_read_bio_DHparams(bp, dh, cb, u) \ -+ (DH *)q_PEM_ASN1_read_bio( \ -+ (void *(*)(void**, const unsigned char**, long int))q_d2i_DHparams, PEM_STRING_DHPARAMS, bp, (void **)x, cb, u) -+#endif // SSLEAY_MACROS -+ -+#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) -+#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) -+#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) -+#define q_X509_getm_notAfter(x) X509_get_notAfter(x) -+#define q_X509_getm_notBefore(x) X509_get_notBefore(x) -+ -+// "Forward compatibility" with OpenSSL 1.1 (to save on #if-ery elsewhere): -+#define q_X509_get_version(x509) q_ASN1_INTEGER_get((x509)->cert_info->version) -+#define q_ASN1_STRING_get0_data(x) q_ASN1_STRING_data(x) -+#define q_EVP_PKEY_base_id(pkey) ((pkey)->type) -+#define q_X509_get_pubkey(x509) q_X509_PUBKEY_get((x509)->cert_info->key) -+#define q_SSL_SESSION_get_ticket_lifetime_hint(s) ((s)->tlsext_tick_lifetime_hint) -+#define q_RSA_bits(rsa) q_BN_num_bits((rsa)->n) -+#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p) -+#define q_X509_STORE_set_verify_cb(s,c) X509_STORE_set_verify_cb_func((s),(c)) -+ -+char *q_CONF_get1_default_config_file(); -+void q_OPENSSL_add_all_algorithms_noconf(); -+void q_OPENSSL_add_all_algorithms_conf(); -+ -+long q_SSLeay(); -+const char *q_SSLeay_version(int type); -+ -+ -+#endif // QSSLSOCKET_OPENSSL_PRE11_SYMBOLS_P_H -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols.cpp qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols.cpp ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-07-27 13:36:11.799844330 +0200 +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index c344a94..0ef8bf6 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -1,7 +1,8 @@ /**************************************************************************** ** @@ -3147,10 +1373,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy ** Contact: https://www.qt.io/licensing/ ** ** This file is part of the QtNetwork module of the Qt Toolkit. -@@ -136,49 +137,195 @@ - +@@ -136,49 +137,195 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) + #endif // QT_LINKED_OPENSSL - + +#if QT_CONFIG(opensslv11) + +// Below are the functions first introduced in version 1.1: @@ -3361,9 +1587,9 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return) -@@ -202,10 +349,8 @@ +@@ -202,10 +349,8 @@ DEFINEFUNC3(int, i2t_ASN1_OBJECT, char *a, a, int b, b, ASN1_OBJECT *c, c, retur DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d, return -1, return) - + DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return) -#ifdef SSLEAY_MACROS -DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) @@ -3374,7 +1600,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) -@@ -218,7 +363,7 @@ +@@ -218,7 +363,7 @@ DEFINEFUNC7(int, PEM_write_bio_RSAPrivateKey, BIO *a, a, RSA *b, b, const EVP_CI #ifndef OPENSSL_NO_EC DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return) #endif @@ -3383,7 +1609,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) -@@ -234,23 +379,10 @@ +@@ -234,23 +379,10 @@ DEFINEFUNC2(void, RAND_seed, const void *a, a, int b, b, return, DUMMYARG) DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return) DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG) @@ -3409,7 +1635,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return) DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return) DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return) -@@ -287,8 +419,6 @@ +@@ -287,8 +419,6 @@ DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return) #else DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, return -1, return) #endif @@ -3418,7 +1644,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return) DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, void *parg, parg, return -1, return) DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return) -@@ -301,7 +431,6 @@ +@@ -301,7 +431,6 @@ DEFINEFUNC(void, SSL_SESSION_free, SSL_SESSION *ses, ses, return, DUMMYARG) DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return 0, return) DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return 0, return) #if OPENSSL_VERSION_NUMBER >= 0x10001000L @@ -3426,7 +1652,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return) DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return NULL, return) #endif -@@ -310,51 +439,9 @@ +@@ -310,51 +439,9 @@ DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callb DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG) DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return) #endif @@ -3479,7 +1705,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy #ifndef SSLEAY_MACROS DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return 0, return) #endif -@@ -378,6 +465,7 @@ +@@ -378,6 +465,7 @@ DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, ASN1_STRING *b, b, return 0, retu DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) @@ -3487,7 +1713,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return) DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return) -@@ -393,25 +481,8 @@ +@@ -393,25 +481,8 @@ DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, ret DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return) DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return) DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) @@ -3513,7 +1739,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return) DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return 0, return) #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) -@@ -694,8 +765,8 @@ +@@ -694,8 +765,8 @@ static QPair loadOpenSsl() #ifndef Q_OS_DARWIN // second attempt: find the development files libssl.so and libcrypto.so // @@ -3524,7 +1750,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy // attempt, _after_ /Contents/Frameworks has been searched. // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); -@@ -754,8 +825,12 @@ +@@ -754,8 +825,12 @@ bool q_resolveOpenSslSymbols() static bool symbolsResolved = false; static bool triedToResolveSymbols = false; #ifndef QT_NO_THREAD @@ -3537,10 +1763,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy if (symbolsResolved) return true; if (triedToResolveSymbols) -@@ -771,11 +846,145 @@ +@@ -771,11 +846,145 @@ bool q_resolveOpenSslSymbols() // failed to load them return false; - + +#if QT_CONFIG(opensslv11) + + RESOLVEFUNC(OPENSSL_init_ssl) @@ -3619,10 +1845,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy + RESOLVEFUNC(SSL_load_error_strings) +#if OPENSSL_VERSION_NUMBER >= 0x10001000L + RESOLVEFUNC(SSL_get_ex_new_index) - #endif ++#endif +#ifndef OPENSSL_NO_SSL2 + RESOLVEFUNC(SSLv2_client_method) -+#endif + #endif +#ifndef OPENSSL_NO_SSL3_METHOD + RESOLVEFUNC(SSLv3_client_method) +#endif @@ -3684,7 +1910,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(ASN1_STRING_length) RESOLVEFUNC(ASN1_STRING_to_UTF8) RESOLVEFUNC(BIO_ctrl) -@@ -794,25 +1003,22 @@ +@@ -794,25 +1003,22 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(BN_is_word) #endif RESOLVEFUNC(BN_mod_word) @@ -3714,7 +1940,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(EVP_PKEY_assign) RESOLVEFUNC(EVP_PKEY_set1_RSA) RESOLVEFUNC(EVP_PKEY_set1_DSA) -@@ -834,9 +1040,8 @@ +@@ -834,9 +1040,8 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(i2t_ASN1_OBJECT) RESOLVEFUNC(OBJ_obj2txt) RESOLVEFUNC(OBJ_obj2nid) @@ -3726,7 +1952,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(PEM_read_bio_PrivateKey) RESOLVEFUNC(PEM_read_bio_DSAPrivateKey) RESOLVEFUNC(PEM_read_bio_RSAPrivateKey) -@@ -849,7 +1054,8 @@ +@@ -849,7 +1054,8 @@ bool q_resolveOpenSslSymbols() #ifndef OPENSSL_NO_EC RESOLVEFUNC(PEM_write_bio_ECPrivateKey) #endif @@ -3736,7 +1962,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(PEM_read_bio_PUBKEY) RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY) RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY) -@@ -865,12 +1071,6 @@ +@@ -865,12 +1071,6 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(RAND_status) RESOLVEFUNC(RSA_new) RESOLVEFUNC(RSA_free) @@ -3749,7 +1975,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(SSL_CIPHER_description) RESOLVEFUNC(SSL_CIPHER_get_bits) RESOLVEFUNC(SSL_CTX_check_private_key) -@@ -898,8 +1098,6 @@ +@@ -898,8 +1098,6 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_get_peer_cert_chain) RESOLVEFUNC(SSL_get_peer_certificate) RESOLVEFUNC(SSL_get_verify_result) @@ -3758,7 +1984,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(SSL_new) RESOLVEFUNC(SSL_ctrl) RESOLVEFUNC(SSL_read) -@@ -912,7 +1110,6 @@ +@@ -912,7 +1110,6 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_get1_session) RESOLVEFUNC(SSL_get_session) #if OPENSSL_VERSION_NUMBER >= 0x10001000L @@ -3766,7 +1992,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(SSL_set_ex_data) RESOLVEFUNC(SSL_get_ex_data) #endif -@@ -922,30 +1119,6 @@ +@@ -922,30 +1119,6 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_CTX_use_psk_identity_hint) #endif RESOLVEFUNC(SSL_write) @@ -3797,7 +2023,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(X509_NAME_entry_count) RESOLVEFUNC(X509_NAME_get_entry) RESOLVEFUNC(X509_NAME_ENTRY_get_data) -@@ -961,12 +1134,12 @@ +@@ -961,12 +1134,12 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(X509_STORE_CTX_get_error) RESOLVEFUNC(X509_STORE_CTX_get_error_depth) RESOLVEFUNC(X509_STORE_CTX_get_current_cert) @@ -3811,7 +2037,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(X509_EXTENSION_get_object) RESOLVEFUNC(X509_free) RESOLVEFUNC(X509_get_ext) -@@ -982,20 +1155,11 @@ +@@ -982,20 +1155,11 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(X509_check_issued) RESOLVEFUNC(X509_get_issuer_name) RESOLVEFUNC(X509_get_subject_name) @@ -3833,7 +2059,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(i2d_SSL_SESSION) RESOLVEFUNC(d2i_SSL_SESSION) #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) -@@ -1019,27 +1183,14 @@ +@@ -1019,27 +1183,14 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(EC_KEY_new_by_curve_name) RESOLVEFUNC(EC_KEY_free) RESOLVEFUNC(EC_get_builtin_curves) @@ -3845,7 +2071,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy RESOLVEFUNC(PKCS12_parse) RESOLVEFUNC(d2i_PKCS12_bio) RESOLVEFUNC(PKCS12_free) - + + symbolsResolved = true; delete libs.first; delete libs.second; @@ -3862,9 +2088,10 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy return true; } #endif // QT_CONFIG(library) -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols_p.h qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols_p.h ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-07-27 13:36:11.800844292 +0200 +diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h +index b35a895..796bf2d 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -1,6 +1,6 @@ /**************************************************************************** ** @@ -3876,15 +2103,15 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy @@ -56,6 +56,7 @@ #ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H #define QSSLSOCKET_OPENSSL_SYMBOLS_P_H - + + // // W A R N I N G // ------------- -@@ -215,17 +216,20 @@ - +@@ -215,17 +216,20 @@ QT_BEGIN_NAMESPACE + #endif // !defined QT_LINKED_OPENSSL - + +#if QT_CONFIG(opensslv11) +#include "qsslsocket_openssl11_symbols_p.h" +#else @@ -3905,7 +2132,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c); int q_BN_num_bits(const BIGNUM *a); #if OPENSSL_VERSION_NUMBER >= 0x10100000L -@@ -247,26 +251,23 @@ +@@ -247,26 +251,23 @@ BN_ULONG q_BN_mod_word(const BIGNUM *a, BN_ULONG w); const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k); int q_EC_GROUP_get_degree(const EC_GROUP* g); #endif @@ -3936,7 +2163,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); -@@ -310,7 +311,7 @@ +@@ -310,7 +311,7 @@ int q_PEM_write_bio_RSAPrivateKey(BIO *a, RSA *b, const EVP_CIPHER *c, unsigned int q_PEM_write_bio_ECPrivateKey(BIO *a, EC_KEY *b, const EVP_CIPHER *c, unsigned char *d, int e, pem_password_cb *f, void *g); #endif @@ -3945,7 +2172,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PUBKEY(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d); DSA *q_PEM_read_bio_DSA_PUBKEY(BIO *a, DSA **b, pem_password_cb *c, void *d); RSA *q_PEM_read_bio_RSA_PUBKEY(BIO *a, RSA **b, pem_password_cb *c, void *d); -@@ -326,23 +327,10 @@ +@@ -326,23 +327,10 @@ void q_RAND_seed(const void *a, int b); int q_RAND_status(); RSA *q_RSA_new(); void q_RSA_free(RSA *a); @@ -3971,7 +2198,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy int q_SSL_connect(SSL *a); int q_SSL_CTX_check_private_key(const SSL_CTX *a); long q_SSL_CTX_ctrl(SSL_CTX *a, int b, long c, void *d); -@@ -374,8 +362,6 @@ +@@ -374,8 +362,6 @@ int q_SSL_get_error(SSL *a, int b); STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); X509 *q_SSL_get_peer_certificate(SSL *a); long q_SSL_get_verify_result(const SSL *a); @@ -3980,7 +2207,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy SSL *q_SSL_new(SSL_CTX *a); long q_SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); int q_SSL_read(SSL *a, void *b, int c); -@@ -388,7 +374,6 @@ +@@ -388,7 +374,6 @@ void q_SSL_SESSION_free(SSL_SESSION *ses); SSL_SESSION *q_SSL_get1_session(SSL *ssl); SSL_SESSION *q_SSL_get_session(const SSL *ssl); #if OPENSSL_VERSION_NUMBER >= 0x10001000L @@ -3988,7 +2215,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy int q_SSL_set_ex_data(SSL *ssl, int idx, void *arg); void *q_SSL_get_ex_data(const SSL *ssl, int idx); #endif -@@ -399,49 +384,6 @@ +@@ -399,49 +384,6 @@ typedef unsigned int (*q_psk_server_callback_t)(SSL *ssl, const char *identity, void q_SSL_set_psk_server_callback(SSL *ssl, q_psk_server_callback_t callback); int q_SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); #endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) @@ -4038,7 +2265,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy int q_SSL_write(SSL *a, const void *b, int c); int q_X509_cmp(X509 *a, X509 *b); #ifdef SSLEAY_MACROS -@@ -452,6 +394,7 @@ +@@ -452,6 +394,7 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); X509 *q_X509_dup(X509 *a); #endif void q_X509_print(BIO *a, X509*b); @@ -4046,7 +2273,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); void q_X509_free(X509 *a); X509_EXTENSION *q_X509_get_ext(X509 *a, int b); -@@ -471,6 +414,7 @@ +@@ -471,6 +414,7 @@ int q_ASN1_STRING_print(BIO *a, ASN1_STRING *b); int q_X509_check_issued(X509 *a, X509 *b); X509_NAME *q_X509_get_issuer_name(X509 *a); X509_NAME *q_X509_get_subject_name(X509 *a); @@ -4054,18 +2281,18 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy int q_X509_verify_cert(X509_STORE_CTX *ctx); int q_X509_NAME_entry_count(X509_NAME *a); X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); -@@ -488,7 +432,6 @@ +@@ -488,7 +432,6 @@ int q_X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); -STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); - + // Diffie-Hellman support DH *q_DH_new(); -@@ -522,34 +465,9 @@ +@@ -522,34 +465,9 @@ int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12); void q_PKCS12_free(PKCS12 *pkcs12); - + - #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) @@ -4097,7 +2324,7 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) #define q_sk_GENERAL_NAME_value(st, i) q_SKM_sk_value(GENERAL_NAME, (st), (i)) #define q_sk_X509_num(st) q_SKM_sk_num(X509, (st)) -@@ -558,18 +476,12 @@ +@@ -558,18 +476,12 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) @@ -4115,11 +2342,12 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/qsslsocket_openssl_sy -const char *q_SSLeay_version(int type); int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); - -diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/ssl.pri qtbase-opensource-src-5.9.1/src/network/ssl/ssl.pri ---- qtbase-opensource-src-5.9.1.than/src/network/ssl/ssl.pri 2017-06-28 11:54:29.000000000 +0200 -+++ qtbase-opensource-src-5.9.1/src/network/ssl/ssl.pri 2017-07-27 13:36:11.801844254 +0200 -@@ -60,13 +60,25 @@ + +diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri +index 52ce2ee..949ebc3 100644 +--- a/src/network/ssl/ssl.pri ++++ b/src/network/ssl/ssl.pri +@@ -60,13 +60,25 @@ qtConfig(ssl) { HEADERS += ssl/qsslcontext_openssl_p.h \ ssl/qsslsocket_openssl_p.h \ ssl/qsslsocket_openssl_symbols_p.h @@ -4145,6 +2373,6 @@ diff -Nur qtbase-opensource-src-5.9.1.than/src/network/ssl/ssl.pri qtbase-openso + SOURCES += ssl/qsslsocket_opensslpre11.cpp \ + ssl/qsslcontext_opensslpre11.cpp + } - + darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp - + From bea0c40370debde4dd614725ad043c1b259830f8 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 9 Oct 2017 09:24:21 +0200 Subject: [PATCH 43/44] Properly rebase openssl11 patch --- qt5-qtbase-5.9.1-openssl11.patch | 1564 ++++++++++++++++++++++++++++++ 1 file changed, 1564 insertions(+) diff --git a/qt5-qtbase-5.9.1-openssl11.patch b/qt5-qtbase-5.9.1-openssl11.patch index 8875fc5..1344724 100644 --- a/qt5-qtbase-5.9.1-openssl11.patch +++ b/qt5-qtbase-5.9.1-openssl11.patch @@ -1,3 +1,65 @@ +diff --git a/config.tests/unix/openssl11/openssl.cpp b/config.tests/unix/openssl11/openssl.cpp +new file mode 100644 +index 0000000..c20cc59 +--- /dev/null ++++ b/config.tests/unix/openssl11/openssl.cpp +@@ -0,0 +1,48 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the config.tests of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++#include ++ ++#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L ++# error "OpenSSL >= 1.1 is required" ++#endif ++ ++int main() ++{ ++} +diff --git a/config.tests/unix/openssl11/openssl.pro b/config.tests/unix/openssl11/openssl.pro +new file mode 100644 +index 0000000..a023aee +--- /dev/null ++++ b/config.tests/unix/openssl11/openssl.pro +@@ -0,0 +1,2 @@ ++SOURCES = openssl.cpp ++CONFIG -= x11 qt diff --git a/src/network/configure.json b/src/network/configure.json index 916448a..5ecf1ad 100644 --- a/src/network/configure.json @@ -540,6 +602,649 @@ index c92d8fc..cef5037 100644 } } +diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp +new file mode 100644 +index 0000000..787b6ae +--- /dev/null ++++ b/src/network/ssl/qsslcontext_openssl11.cpp +@@ -0,0 +1,277 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Copyright (C) 2016 Richard J. Moore ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include ++#include ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++#include ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ if (sslContext->sslConfiguration.protocol() == QSsl::SslV2) { ++ // SSL 2 is no longer supported, but chosen deliberately -> error ++ sslContext->ctx = nullptr; ++ unsupportedProtocol = true; ++ } else { ++ // The ssl options will actually control the supported methods ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method()); ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_OPENSSL_init_ssl(0, nullptr) == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, nullptr, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = nullptr; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_PSK ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // !OPENSSL_NO_PSK ++ ++ const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#ifdef OPENSSL_NO_EC ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version with disabled elliptic curves")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++#else ++ // Set the curves to be used. ++ std::vector curves; ++ curves.reserve(qcurves.size()); ++ for (const auto &sslCurve : qcurves) ++ curves.push_back(sslCurve.id); ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_CURVES, long(curves.size()), &curves[0])) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++#endif ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qsslcontext_opensslpre11.cpp b/src/network/ssl/qsslcontext_opensslpre11.cpp +new file mode 100644 +index 0000000..9c01c2f +--- /dev/null ++++ b/src/network/ssl/qsslcontext_opensslpre11.cpp +@@ -0,0 +1,354 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include ++#include ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ switch (sslContext->sslConfiguration.protocol()) { ++ case QSsl::SslV2: ++#ifndef OPENSSL_NO_SSL2 ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); ++#else ++ // SSL 2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SslV3: ++#ifndef OPENSSL_NO_SSL3_METHOD ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#else ++ // SSL 3 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SecureProtocols: ++ // SSLv2 and SSLv3 will be disabled by SSL options ++ // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. ++ case QSsl::TlsV1SslV3: ++ // SSLv2 will will be disabled by SSL options ++ case QSsl::AnyProtocol: ++ default: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_0: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); ++ break; ++ case QSsl::TlsV1_1: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); ++#else ++ // TLS 1.1 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_2: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); ++#else ++ // TLS 1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_0OrLater: ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_1OrLater: ++ case QSsl::TlsV1_2OrLater: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++#else ++ // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_SSL_library_init() == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ if (q_SSLeay() >= 0x10000000L) ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++#endif ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_EC ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); ++ } else ++#endif ++ { ++ // Set temp ECDH params ++ EC_KEY *ecdh = 0; ++ ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ++ q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); ++ q_EC_KEY_free(ecdh); ++ } ++#endif // OPENSSL_NO_EC ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ ++ const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ // Set the curves to be used ++ if (q_SSLeay() >= 0x10002000L) { ++ // SSL_CTX_ctrl wants a non-const pointer as last argument, ++ // but let's avoid a copy into a temporary array ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, ++ SSL_CTRL_SET_CURVES, ++ qcurves.size(), ++ const_cast(reinterpret_cast(qcurves.data())))) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } else ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ { ++ // specific curves requested, but not possible to set -> error ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } ++} ++ ++QT_END_NAMESPACE diff --git a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp index 90687b0..5ebad82 100644 --- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp @@ -1327,6 +2032,435 @@ index ab82cdc..c838e01 100644 q_X509_free(x509); q_EVP_PKEY_free(pkey); q_PKCS12_free(p12); +diff --git a/src/network/ssl/qsslsocket_openssl11.cpp b/src/network/ssl/qsslsocket_openssl11.cpp +new file mode 100644 +index 0000000..b6d1894 +--- /dev/null ++++ b/src/network/ssl/qsslsocket_openssl11.cpp +@@ -0,0 +1,285 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Copyright (C) 2016 Richard J. Moore ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++QT_BEGIN_NAMESPACE ++ ++Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_opensslInitMutex, (QMutex::Recursive)) ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ // This function exists only for compatibility with the pre-11 code, ++ // where deinitialize() actually does some cleanup. To be discarded ++ // once we retire < 1.1. ++} ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ if (q_OPENSSL_init_ssl(0, nullptr) != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms(); ++ ++ QSslSocketBackendPrivate::s_indexForSSLExtraData ++ = q_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0L, nullptr, nullptr, ++ nullptr, nullptr); ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_DARWIN) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_OpenSSL_version_num(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_OpenSSL_version(OPENSSL_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_session_reused(ssl)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (q_SSL_get_session(ssl)) { ++ size_t master_key_len = q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), 0, 0); ++ size_t client_random_len = q_SSL_get_client_random(ssl, 0, 0); ++ QByteArray masterKey(int(master_key_len), 0); // Will not overflow ++ QByteArray clientRandom(int(client_random_len), 0); // Will not overflow ++ ++ q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), ++ reinterpret_cast(masterKey.data()), ++ masterKey.size()); ++ q_SSL_get_client_random(ssl, reinterpret_cast(clientRandom.data()), ++ clientRandom.size()); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++ ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ if (mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +new file mode 100644 +index 0000000..2980b3d +--- /dev/null ++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -0,0 +1,132 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2016 Richard J. Moore ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++#ifndef QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++#define QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++ ++// ++// W A R N I N G ++// ------------- ++// ++// This file is not part of the Qt API. It exists purely as an ++// implementation detail. This header file may change from version to ++// version without notice, or even be removed. ++// ++// We mean it. ++// ++ ++// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done ++// in qsslsocket_openssl_symbols_p.h. ++ ++#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H ++#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" ++#endif ++ ++const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); ++ ++Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); ++Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); ++ ++int q_DSA_bits(DSA *a); ++int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); ++int q_EVP_PKEY_base_id(EVP_PKEY *a); ++int q_RSA_bits(RSA *a); ++int q_OPENSSL_sk_num(OPENSSL_STACK *a); ++void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ++OPENSSL_STACK *q_OPENSSL_sk_new_null(); ++void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); ++void q_OPENSSL_sk_free(OPENSSL_STACK *a); ++void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ++int q_SSL_session_reused(SSL *a); ++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen); ++size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); ++int q_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++const SSL_METHOD *q_TLS_method(); ++const SSL_METHOD *q_TLS_client_method(); ++const SSL_METHOD *q_TLS_server_method(); ++ASN1_TIME *q_X509_getm_notBefore(X509 *a); ++ASN1_TIME *q_X509_getm_notAfter(X509 *a); ++ ++long q_X509_get_version(X509 *a); ++EVP_PKEY *q_X509_get_pubkey(X509 *a); ++void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); ++STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); ++void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ++int q_DH_bits(DH *dh); ++ ++# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ ++ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) ++ ++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) ++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) ++ ++#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS \ ++ | OPENSSL_INIT_LOAD_CONFIG, NULL) ++#define q_OPENSSL_add_all_algorithms_noconf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) ++ ++int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++void q_CRYPTO_free(void *str, const char *file, int line); ++ ++long q_OpenSSL_version_num(); ++const char *q_OpenSSL_version(int type); ++ ++unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); ++ ++#endif diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index b2adb3e..7f9e884 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h @@ -2343,6 +3477,436 @@ index b35a895..796bf2d 100644 int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); +diff --git a/src/network/ssl/qsslsocket_opensslpre11.cpp b/src/network/ssl/qsslsocket_opensslpre11.cpp +new file mode 100644 +index 0000000..e51888c +--- /dev/null ++++ b/src/network/ssl/qsslsocket_opensslpre11.cpp +@@ -0,0 +1,424 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++QT_BEGIN_NAMESPACE ++ ++/* \internal ++ ++ From OpenSSL's thread(3) manual page: ++ ++ OpenSSL can safely be used in multi-threaded applications provided that at ++ least two callback functions are set. ++ ++ locking_function(int mode, int n, const char *file, int line) is needed to ++ perform locking on shared data structures. (Note that OpenSSL uses a ++ number of global data structures that will be implicitly shared ++ whenever multiple threads use OpenSSL.) Multi-threaded ++ applications will crash at random if it is not set. ... ++ ... ++ id_function(void) is a function that returns a thread ID. It is not ++ needed on Windows nor on platforms where getpid() returns a different ++ ID for each thread (most notably Linux) ++*/ ++ ++class QOpenSslLocks ++{ ++public: ++ QOpenSslLocks() ++ : initLocker(QMutex::Recursive), ++ locksLocker(QMutex::Recursive) ++ { ++ QMutexLocker locker(&locksLocker); ++ int numLocks = q_CRYPTO_num_locks(); ++ locks = new QMutex *[numLocks]; ++ memset(locks, 0, numLocks * sizeof(QMutex *)); ++ } ++ ~QOpenSslLocks() ++ { ++ QMutexLocker locker(&locksLocker); ++ for (int i = 0; i < q_CRYPTO_num_locks(); ++i) ++ delete locks[i]; ++ delete [] locks; ++ ++ QSslSocketPrivate::deinitialize(); ++ } ++ QMutex *lock(int num) ++ { ++ QMutexLocker locker(&locksLocker); ++ QMutex *tmp = locks[num]; ++ if (!tmp) ++ tmp = locks[num] = new QMutex(QMutex::Recursive); ++ return tmp; ++ } ++ ++ QMutex *globalLock() ++ { ++ return &locksLocker; ++ } ++ ++ QMutex *initLock() ++ { ++ return &initLocker; ++ } ++ ++private: ++ QMutex initLocker; ++ QMutex locksLocker; ++ QMutex **locks; ++}; ++ ++Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) ++ ++extern "C" { ++static void locking_function(int mode, int lockNumber, const char *, int) ++{ ++ QMutex *mutex = openssl_locks()->lock(lockNumber); ++ ++ // Lock or unlock it ++ if (mode & CRYPTO_LOCK) ++ mutex->lock(); ++ else ++ mutex->unlock(); ++} ++static unsigned long id_function() ++{ ++ return (quintptr)QThread::currentThreadId(); ++} ++ ++} // extern "C" ++ ++static void q_OpenSSL_add_all_algorithms_safe() ++{ ++#ifdef Q_OS_WIN ++ // Prior to version 1.0.1m an attempt to call OpenSSL_add_all_algorithms on ++ // Windows could result in 'exit' call from OPENSSL_config (QTBUG-43843). ++ // We can predict this and avoid OPENSSL_add_all_algorithms call. ++ // From OpenSSL docs: ++ // "An application does not need to add algorithms to use them explicitly, ++ // for example by EVP_sha1(). It just needs to add them if it (or any of ++ // the functions it calls) needs to lookup algorithms. ++ // The cipher and digest lookup functions are used in many parts of the ++ // library. If the table is not initialized several functions will ++ // misbehave and complain they cannot find algorithms. This includes the ++ // PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in ++ // the OpenSSL mailing lists." ++ // ++ // Anyway, as a result, we chose not to call this function if it would exit. ++ ++ if (q_SSLeay() < 0x100010DFL) ++ { ++ // Now, before we try to call it, check if an attempt to open config file ++ // will result in exit: ++ if (char *confFileName = q_CONF_get1_default_config_file()) { ++ BIO *confFile = q_BIO_new_file(confFileName, "r"); ++ const auto lastError = q_ERR_peek_last_error(); ++ q_CRYPTO_free(confFileName); ++ if (confFile) { ++ q_BIO_free(confFile); ++ } else { ++ q_ERR_clear_error(); ++ if (ERR_GET_REASON(lastError) == ERR_R_SYS_LIB) { ++ qCWarning(lcSsl, "failed to open openssl.conf file"); ++ return; ++ } ++ } ++ } ++ } ++#endif // Q_OS_WIN ++ ++ q_OpenSSL_add_all_algorithms(); ++} ++ ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ q_CRYPTO_set_id_callback(0); ++ q_CRYPTO_set_locking_callback(0); ++ q_ERR_free_strings(); ++} ++ ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ // Check if the library itself needs to be initialized. ++ QMutexLocker locker(openssl_locks()->initLock()); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ q_CRYPTO_set_id_callback(id_function); ++ q_CRYPTO_set_locking_callback(locking_function); ++ if (q_SSL_library_init() != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms_safe(); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ if (q_SSLeay() >= 0x10001000L) ++ QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); ++#endif ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ QMutexLocker locker(openssl_locks()->initLock()); ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_SSLeay(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_SSLeay_version(SSLEAY_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (ssl->session && ssl->s3) { ++ const char *mk = reinterpret_cast(ssl->session->master_key); ++ QByteArray masterKey(mk, ssl->session->master_key_length); ++ const char *random = reinterpret_cast(ssl->s3->client_random); ++ QByteArray clientRandom(random, SSL3_RANDOM_SIZE); ++ ++ // different format, needed for e.g. older Wireshark versions: ++// const char *sid = reinterpret_cast(ssl->session->session_id); ++// QByteArray sessionID(sid, ssl->session->session_id_length); ++// QByteArray debugLineRSA("RSA Session-ID:"); ++// debugLineRSA.append(sessionID.toHex().toUpper()); ++// debugLineRSA.append(" Master-Key:"); ++// debugLineRSA.append(masterKey.toHex().toUpper()); ++// debugLineRSA.append("\n"); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++#else ++ { ++#endif ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri index 52ce2ee..949ebc3 100644 --- a/src/network/ssl/ssl.pri From ae07984e4d9b24b29773c2a43609a7c0b1c60aec Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 9 Oct 2017 10:34:12 +0200 Subject: [PATCH 44/44] Properly rebase firebird patch --- qt5-qtbase-5.9.1-firebird.patch | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/qt5-qtbase-5.9.1-firebird.patch b/qt5-qtbase-5.9.1-firebird.patch index a141e2a..a3510d9 100644 --- a/qt5-qtbase-5.9.1-firebird.patch +++ b/qt5-qtbase-5.9.1-firebird.patch @@ -1,8 +1,13 @@ diff --git a/src/plugins/sqldrivers/configure.json b/src/plugins/sqldrivers/configure.json -index 234f880..d53f035 100644 +index 234f880..7b13671 100644 --- a/src/plugins/sqldrivers/configure.json +++ b/src/plugins/sqldrivers/configure.json -@@ -54,7 +54,8 @@ +@@ -50,11 +50,12 @@ + "ibase": { + "label": "InterBase", + "test": { +- "include": "ibase.h" ++ "include": "firebird/ibase.h" }, "sources": [ { "libs": "-lgds32_ms", "condition": "config.win32" },