/var/tmp/portage/app-crypt/qca-2.2.0_pre20180606/work/qca-2.2.0_pre20180606/plugins/qca-ossl/qca-ossl.cpp: In function ‘QCA::SecureArray opensslQCAPlugin::dsasig_der_to_raw(const QCA::SecureArray&)’: /var/tmp/portage/app-crypt/qca-2.2.0_pre20180606/work/qca-2.2.0_pre20180606/plugins/qca-ossl/qca-ossl.cpp:145:2: error: ‘DSA_SIG_get0’ was not declared in this scope DSA_SIG_get0(sig, &bnr, &bns); ^~~~~~~~~~~~ /var/tmp/portage/app-crypt/qca-2.2.0_pre20180606/work/qca-2.2.0_pre20180606/plugins/qca-ossl/qca-ossl.cpp:145:2: note: suggested alternative: ‘DSA_SIG_new’ ------------------------------------------------------------------- This is an unstable amd64 chroot image at a tinderbox (==build bot) name: 17.0-hardened_libressl_20180609-100331 ------------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-7.3.0 * Available Python interpreters, in order of preference: [1] python3.5 [2] python2.7 (fallback) Available Ruby profiles: [1] ruby23 (with Rubygems) * emerge -qpv app-crypt/qca [ebuild N ] app-crypt/qca-2.2.0_pre20180606 USE="libressl ssl -botan -debug -doc -examples -gcrypt -gpg -logger -nss -pkcs11 -sasl -softstore {-test}"
Created attachment 535490 [details] emerge-info.txt
Created attachment 535492 [details] app-crypt:qca-2.2.0_pre20180606:20180610-055511.log
Created attachment 535494 [details] emerge-history.txt
Created attachment 535496 [details] environment
Created attachment 535498 [details] etc.portage.tbz2
Created attachment 535500 [details] logs.tbz2
Created attachment 535502 [details] temp.tbz2
This might be a dup of bug #657714 but I'm just curious why it fails with a different message althougth I do have -j1 here.
*** Bug 667956 has been marked as a duplicate of this bug. ***
Created attachment 558122 [details, diff] libressl-2_82.patch Patch to fix compilation with libressl-2.8.2.
Thanks for your work, please submit your change upstream. They are unaware of it as far as I can see.
ping
*** Bug 657714 has been marked as a duplicate of this bug. ***
I have made a patch for the upstream: https://phabricator.kde.org/D20259
The patch for app-crypt/qca-2.2.0_pre20180606 is slightly different, made a PR: https://github.com/gentoo/gentoo/pull/11594
We're not going to patch this snapshot anymore - upstream is close to a proper new release.
All right, I shall add this patch to libressl overlay then while the next release is not made. Meanwhile I am going to try to upstream it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=19114816f2468b127302df95af1ba3ec1f577136 commit 19114816f2468b127302df95af1ba3ec1f577136 Author: Stefan Strogin <stefan.strogin@gmail.com> AuthorDate: 2019-04-07 21:15:02 +0000 Commit: Stefan Strogin <stefan.strogin@gmail.com> CommitDate: 2019-04-07 21:15:02 +0000 app-crypt/qca: add package from gentoo.git; patch for LibreSSL Bug: https://bugs.gentoo.org/657720 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com> app-crypt/qca/Manifest | 1 + .../qca/files/qca-2.2.0_pre20180606-libressl.patch | 81 +++++++++++++++++++ app-crypt/qca/files/qca-disable-pgp-test.patch | 13 ++++ app-crypt/qca/metadata.xml | 26 +++++++ app-crypt/qca/qca-2.2.0_pre20180606.ebuild | 90 ++++++++++++++++++++++ 5 files changed, 211 insertions(+)
*** Bug 683114 has been marked as a duplicate of this bug. ***
I see there's an ongoing patch review in $URL, let's backport that once it lands.
(In reply to Michael Palimaka (kensington) from comment #20) > I see there's an ongoing patch review in $URL, let's backport that once it > lands. yeah - it fails today at a stable amd64system: .dir/qca-ossl.cpp.o -MF plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o.d -o plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -c /var/tmp/portage/app-crypt/qca-2.2.0/work/qca-2.2.0/plugins/qca-ossl/qca-ossl.cpp /var/tmp/portage/app-crypt/qca-2.2.0/work/qca-2.2.0/plugins/qca-ossl/qca-ossl.cpp:66: warning: "M_ASN1_IA5STRING_new" redefined #define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() In file included from /usr/include/openssl/objects.h:960, from /usr/include/openssl/evp.h:86, from /var/tmp/portage/app-crypt/qca-2.2.0/work/qca-2.2.0/plugins/qca-ossl/qca-ossl.cpp:30: /usr/include/openssl/asn1.h:636: note: this is the location of the previous definition #define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ /var/tmp/portage/app-crypt/qca-2.2.0/work/qca-2.2.0/plugins/qca-ossl/qca-ossl.cpp:67: warning: "RSA_F_RSA_EAY_PRIVATE_DECRYPT" redefined #define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT In file included from /usr/include/openssl/x509.h:96, from /usr/include/openssl/pem.h:71, from /var/tmp/portage/app-crypt/qca-2.2.0/work/qca-2.2.0/plugins/qca-ossl/qca-ossl.cpp:38: /usr/include/openssl/rsa.h:466: note: this is the location of the previous definition #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 /var/tmp/portage/app-crypt/qca-2.2.0/work/qca-2.2.0/plugins/qca-ossl/qca-ossl.cpp:71:10: fatal error: openssl/kdf.h: No such file or directory #include <openssl/kdf.h> ^~~~~~~~~~~~~~~ compilation terminated. [115/122] /usr/bin/x86_64-pc-linux-gnu-g++ -DQCA_SYSTEMSTORE_PATH=\"/etc/ssl/certs/ca-certificates.crt\" -DQT_COR
FWIW 2.2.0 from LibreSSL overlay compiles fine here
(In reply to Toralf Förster from comment #22) > FWIW 2.2.0 from LibreSSL overlay compiles fine here but got this: #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 /var/tmp/portage/app-crypt/qca-2.2.1/work/qca-2.2.1/plugins/qca-ossl/qca-ossl.cpp:71:10: fatal error: openssl/kdf.h: No such file or directory #include <openssl/kdf.h> ^~~~~~~~~~~~~~~ compilation terminated. at tinderbox image 17.0-desktop-plasma-systemd_libressl_20190424-221315
the 2.2.0 libressl patch from the libressl overlay also works with the 2.2.1
*** Bug 690070 has been marked as a duplicate of this bug. ***
*** Bug 691696 has been marked as a duplicate of this bug. ***
(In reply to René Fuchs from comment #24) > the 2.2.0 libressl patch from the libressl overlay also works with the 2.2.1 bug 691696 says no, or?
If I were to guess, the difference there is dev-libs/libressl-3.0.0.
*** Bug 703572 has been marked as a duplicate of this bug. ***
FWIW bug 703572 was with LibreSSL 3.0.2 and qca-2.2.1
Qt itself does not support libressl, re-assigning.
*** Bug 709288 has been marked as a duplicate of this bug. ***
Created attachment 614472 [details, diff] qca-9999_libressl_3.patch Based on the patch from libressl overlay. Note: " - RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); " That part should be made with #IFDEF and else for openssl. ossl110-compat.h is gone. https://github.com/KDE/qca/commit/001f827a4fc4475d8489f662df588e68423e0e2a "Drop support for openssl <= 1.1" qca-2.2.90 released
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=d471fcc439ce9bf0e920d69de3680819a4986d89 commit d471fcc439ce9bf0e920d69de3680819a4986d89 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-02-26 03:42:41 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-02-26 03:42:49 +0000 app-crypt/qca: add LibreSSL patch for 2.3.0 Bug: https://bugs.gentoo.org/657720 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Stefan Strogin <steils@gentoo.org> app-crypt/qca/Manifest | 1 + app-crypt/qca/files/qca-2.3.0-libressl.patch | 68 +++++++++++++++++++++ app-crypt/qca/qca-2.3.0.ebuild | 91 ++++++++++++++++++++++++++++ 3 files changed, 160 insertions(+)
Added a patch for 2.3.0; it has become much smaller than before.
(In reply to Stefan Strogin from comment #35) > Added a patch for 2.3.0; it has become much smaller than before. Works best for qca-9999 too. Please obsolete my patch. Can't do it myself.
Has somebody a patch for this upstream change? https://github.com/KDE/qca/commit/cabc7d32da5328e305b1875c9aa73c681debbacb "Fix OpenSSL cipher names OpenSSL provides own function to get cipher suite name by id. No any sense to support own cipher suites list. Also now this plugin will provide not just all available cipher suites. But only these which enabled and can be used. For old SSLv3 protocol ciphers have TLS variant names. It changes prefix SSL with TLS." >>> Preparing source in /var/tmp/portage/app-crypt/qca-9999/work/qca-9999 ... * Applying qca-disable-pgp-test.patch ... patching file unittest/CMakeLists.txt Hunk #1 succeeded at 22 with fuzz 1 (offset -1 lines). [ ok ] * Applying qca-2.3.0-libressl.patch ... [ ok ] * User patches applied. ... FAILED: plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o /usr/lib/ccache/bin/x86_64-pc-linux-gnu-g++ -DHAVE_OPENSSL_AES_CCM -DHAVE_OPENSSL_AES_CTR -DHAVE_OPENSSL_AES_GCM -DQCA_SYSTEMSTORE_PATH=\"/etc/ssl/certs/ca-certificates.crt\" -DQT_CORE_LIB -DQT_NO_CAST_FROM_ASCII -DQT_NO_CAST_FROM_BYTEARRAY -DQT_NO_CAST_TO_ASCII -DQT_NO_DEBUG -DQT_NO_NARROWING_CONVERSIONS_IN_CONNECT -DQT_NO_SIGNALS_SLOTS_KEYWORDS -DQT_NO_URL_CAST_FROM_STRING -DQT_STRICT_ITERATORS -DQT_USE_QSTRINGBUILDER -D_DEFAULT_SOURCE -Dqca_ossl_EXPORTS -Iplugins/qca-ossl -I/var/tmp/portage/app-crypt/qca-9999/work/qca-9999/plugins/qca-ossl -Iplugins/qca-ossl/qca-ossl_autogen/include -I/var/tmp/portage/app-crypt/qca-9999/work/qca-9999/include/QtCrypto -I. -isystem /usr/include/qt5 -isystem /usr/include/qt5/QtCore -isystem /usr/lib64/qt5/mkspecs/linux-g++ -march=native -mtune=native -O2 -pipe -Wcast-align -Wnon-virtual-dtor -Wno-long-long -Wundef -Wchar-subscripts -Wall -W -Wpointer-arith -Wwrite-strings -Wformat-security -fno-check-new -fno-common -Wsuggest-override -Wlogical-op -fPIC -fPIC -MD -MT plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -MF plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o.d -o plugins/qca-ossl/CMakeFiles/qca-ossl.dir/qca-ossl.cpp.o -c /var/tmp/portage/app-crypt/qca-9999/work/qca-9999/plugins/qca-ossl/qca-ossl.cpp /var/tmp/portage/app-crypt/qca-9999/work/qca-9999/plugins/qca-ossl/qca-ossl.cpp: In member function ‘virtual QStringList opensslQCAPlugin::MyTLSContext::supportedCipherSuites(const QCA::TLS::Version&) const’: /var/tmp/portage/app-crypt/qca-9999/work/qca-9999/plugins/qca-ossl/qca-ossl.cpp:4985:39: error: ‘TLS1_3_VERSION’ was not declared in this scope; did you mean ‘TLS1_2_VERSION’? 4985 | SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); | ^~~~~~~~~~~~~~ | TLS1_2_VERSION /var/tmp/portage/app-crypt/qca-9999/work/qca-9999/plugins/qca-ossl/qca-ossl.cpp:5006:38: error: ‘SSL_CIPHER_standard_name’ was not declared in this scope; did you mean ‘SSL_CIPHER_get_name’? 5006 | cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher)); | ^~~~~~~~~~~~~~~~~~~~~~~~ | SSL_CIPHER_get_name /var/tmp/portage/app-crypt/qca-9999/work/qca-9999/plugins/qca-ossl/qca-ossl.cpp: In member function ‘virtual QCA::TLSContext::SessionInfo opensslQCAPlugin::MyTLSContext::sessionInfo() const’: /var/tmp/portage/app-crypt/qca-9999/work/qca-9999/plugins/qca-ossl/qca-ossl.cpp:5398:46: error: ‘SSL_CIPHER_standard_name’ was not declared in this scope; did you mean ‘SSL_CIPHER_get_name’? 5398 | sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); | ^~~~~~~~~~~~~~~~~~~~~~~~ | SSL_CIPHER_get_name
https://github.com/libressl-portable/portable/issues/78 "no -stdname or SSL_CIPHER_standard_name #78" So openssl and now KDE/qca does it the bad way?
app-crypt/qca-2.3.1:2/2::gentoo with the patch from LibreSSL overlay: /var/tmp/portage/app-crypt/qca-2.3.1/work/qca-2.3.1/plugins/qca-ossl/qca-ossl.cpp: In member function ‘virtual QStringList opensslQCAPlugin::MyTLSContext::supportedCipherSuites(const QCA::TLS::Version&) const’: /var/tmp/portage/app-crypt/qca-2.3.1/work/qca-2.3.1/plugins/qca-ossl/qca-ossl.cpp:5001:39: error: ‘TLS1_3_VERSION’ was not declared in this scope; did you mean ‘TLS1_2_VERSION’? 5001 | SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); | ^~~~~~~~~~~~~~ | TLS1_2_VERSION /var/tmp/portage/app-crypt/qca-2.3.1/work/qca-2.3.1/plugins/qca-ossl/qca-ossl.cpp:5022:38: error: ‘SSL_CIPHER_standard_name’ was not declared in this scope; did you mean ‘SSL_CIPHER_get_name’? 5022 | cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher)); | ^~~~~~~~~~~~~~~~~~~~~~~~ | SSL_CIPHER_get_name /var/tmp/portage/app-crypt/qca-2.3.1/work/qca-2.3.1/plugins/qca-ossl/qca-ossl.cpp: In member function ‘virtual QCA::TLSContext::SessionInfo opensslQCAPlugin::MyTLSContext::sessionInfo() const’: /var/tmp/portage/app-crypt/qca-2.3.1/work/qca-2.3.1/plugins/qca-ossl/qca-ossl.cpp:5415:46: error: ‘SSL_CIPHER_standard_name’ was not declared in this scope; did you mean ‘SSL_CIPHER_get_name’? 5415 | sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); | ^~~~~~~~~~~~~~~~~~~~~~~~ | SSL_CIPHER_get_name /var/tmp/portage/app-crypt/qca-2.3.1/work/qca-2.3.1/plugins/qca-ossl/qca-ossl.cpp: In member function ‘virtual void opensslProvider::init()’: /var/tmp/portage/app-crypt/qca-2.3.1/work/qca-2.3.1/plugins/qca-ossl/qca-ossl.cpp:6709:24: warning: ‘void qsrand(uint)’ is deprecated: use QRandomGenerator instead [-Wdeprecated-declarations]
https://github.com/gentoo/libressl/commit/bffe57b626ad8540ac37e4569947a3b33d8032e6 qca-2.3.1-libressl.patch works for app-crypt/qca-9999::qt too.
(In reply to jospezial from comment #40) > https://github.com/gentoo/libressl/commit/ > bffe57b626ad8540ac37e4569947a3b33d8032e6 > > qca-2.3.1-libressl.patch works for app-crypt/qca-9999::qt too. After some upstream changes some hunks of the patch are rejected.
Created attachment 663109 [details, diff] qca-9999-libressl.patch
kde proj is out here.
