Created attachment 413512 [details, diff] 0001-dev-qt-qtnetwork-add-libressl-support.patch .
Created attachment 413514 [details, diff] qtnetwork-5.4.2-r1.ebuild.diff adding diff for easier readability
Using libressl-2.2.3 with openssl dummy ebuild from libressl overlay: x86_64-pc-linux-gnu-g++ -c -O2 -pipe -fvisibility=hidden -fvisibility-inlines-hidden -std=c++0x -fno-exceptions -Wall -W -D_REENTRANT -fPIC -DQT_NO_MTDEV -DQT_NO_EVDEV -DQT_NO_TSLIB -DQT_NO_LIBINPUT -DQT_NO_USING_NAMESPACE -DQT_BUILD_NETWORK_LIB -DQT_BUILDING_QT -DQT_NO_CAST_TO_ASCII -DQT_ASCII_CAST_WARNINGS -DQT_MOC_COMPAT -DQT_USE_QSTRINGBUILDER -DQT_DEPRECATED_WARNINGS -DQT_DISABLE_DEPRECATED_BEFORE=0x050000 -DQT_NO_EXCEPTIONS -D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_CORE_LIB -I. -I../../include -I../../include/QtNetwork -I../../include/QtNetwork/5.5.0 -I../../include/QtNetwork/5.5.0/QtNetwork -Ikernel -isystem /usr/include/qt5/QtCore/5.5.0 -isystem /usr/include/qt5/QtCore/5.5.0/QtCore -isystem /usr/include/qt5 -isystem /usr/include/qt5/QtCore -I.moc -I../../mkspecs/linux-g++ -o .obj/qsslellipticcurve_openssl.o ssl/qsslellipticcurve_openssl.cpp ssl/qsslcontext_openssl.cpp: In static member function ‘static QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode, const QSslConfiguration&, bool)’: ssl/qsslcontext_openssl.cpp:347:33: error: ‘SSL_CTRL_SET_CURVES’ was not declared in this scope SSL_CTRL_SET_CURVES, ^ Makefile:20537: recipe for target '.obj/qsslcontext_openssl.o' failed make: *** [.obj/qsslcontext_openssl.o] Error 1 make: *** Waiting for unfinished jobs.... * ERROR: dev-qt/qtnetwork-5.5.0::qt failed (compile phase):
interesting, could you create a new bug with complete info (build log, USE flags and so on) and make it block this bug?
yes, it seems this is a regression in 5.5.0, but 5.4.2 works, see https://bugreports.qt.io/browse/QTBUG-46292 https://github.com/libressl-portable/openbsd/issues/33
Created attachment 414236 [details, diff] 0001-Fix-compilation-with-libressl.patch
Can you test this patch? Especially runtime.
Can confirm that both patches work on x86_64; at least it allows it to build. I don't know how to test the runtime behaviour, as I don't use this Qt module in my projects. FWIW.
(In reply to Julian Ospald (hasufell) from comment #5) > Created attachment 414236 [details, diff] [details, diff] > 0001-Fix-compilation-with-libressl.patch Did you also send this patch upstream? (In reply to Julian Ospald (hasufell) from comment #4) > yes, it seems this is a regression in 5.5.0, but 5.4.2 works, see > > https://bugreports.qt.io/browse/QTBUG-46292 > https://github.com/libressl-portable/openbsd/issues/33 If 5.4.2 works, why not patch the ebuild for 5.4.2 so that it has the libressl flag?
(In reply to Marek Behun from comment #8) > (In reply to Julian Ospald (hasufell) from comment #5) > > Created attachment 414236 [details, diff] [details, diff] [details, diff] > > 0001-Fix-compilation-with-libressl.patch > > Did you also send this patch upstream? > > (In reply to Julian Ospald (hasufell) from comment #4) > > yes, it seems this is a regression in 5.5.0, but 5.4.2 works, see > > > > https://bugreports.qt.io/browse/QTBUG-46292 > > https://github.com/libressl-portable/openbsd/issues/33 > > If 5.4.2 works, why not patch the ebuild for 5.4.2 so that it has the > libressl flag? 5.4.2 won't be around forever. Better to get it fixed properly for a permanent fix.
It compiles fine with dev-qt/qtnetwork-5.5.1 If you want to upgrade libresslified Kde4 to kde5 you will need this two patches: ebuild patch adding the libressl flag and the compile patch
dev-qt/qtnetwork-5.6.0_beta still does not compile without that compilation patch.
I can confirm this issue still exists and the patch still needed (and works) with libressl-2.3.2-r1 (and qtnetwork-5.5.1) I have been running the patch for a couple of months without issue. Upstream Qt has declared this WONTFIX. (Ref: https://bugreports.qt.io/browse/QTBUG-46292 ) Yet it affects nearly every gentoo libressl user (who doesn't have at least one qt application installed?).
The patch needs to go to http://codereview.qt-project.org/ if it is to have any chance of being accepted.
Any news about merging this patch?
(In reply to timofonic from comment #14) > Any news about merging this patch? It needs to go upstream to http://codereview.qt-project.org/ .
It looks as there has to be SSL_CTRL_GET_SERVER_TMP_KEY added to the patch? ssl/qsslsocket_openssl.cpp: In member function ‘virtual void QSslSocketBackendPrivate::continueHandshake()’: ssl/qsslsocket_openssl.cpp:1581:31: error: ‘SSL_CTRL_GET_SERVER_TMP_KEY’ was not declared in this scope if (q_SSL_get_server_tmp_key(ssl, &key)) ^ Makefile:19892: recipe for target '.obj/qsslsocket_openssl.o' failed make: *** [.obj/qsslsocket_openssl.o] Error 1 dev-qt/qtnetwork-5.7.0_alpha
Created attachment 428320 [details] qtnetwork-5.7.0_alpha-build.log Could somebody help me to modify the patch to workaround the new error in dev-qt/qtnetwork-5.7.0_alpha ? The old patch does only help against the old error. x86_64-pc-linux-gnu-g++ -c -march=native -O2 -pipe -std=c++1z -fvisibility=hidden -fvisibility-inlines-hidden -fno-exceptions -Wall -W -Wvla -Wdate-time -D_REENTRANT -fPIC -DQT_NO_MTDEV -DQT_NO_EVDEV -DQT_NO_TSLIB -DQT_NO_LIBINPUT -DQT_NO_USING_NAMESPACE -DQT_BUILD_NETWORK_LIB -DQT_BUILDING_QT -DQT_NO_CAST_TO_ASCII -DQT_ASCII_CAST_WARNINGS -DQT_MOC_COMPAT -DQT_USE_QSTRINGBUILDER -DQT_DEPRECATED_WARNINGS -DQT_DISABLE_DEPRECATED_BEFORE=0x050000 -DQT_NO_EXCEPTIONS -D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_CORE_LIB -I. -I../../include -I../../include/QtNetwork -I../../include/QtNetwork/5.7.0 -I../../include/QtNetwork/5.7.0/QtNetwork -Ikernel -isystem /usr/include/qt5/QtCore/5.7.0 -isystem /usr/include/qt5/QtCore/5.7.0/QtCore -isystem /usr/include/qt5 -isystem /usr/include/qt5/QtCore -I.moc -I../../mkspecs/linux-g++ -o .obj/qsslsocket_openssl.o ssl/qsslsocket_openssl.cpp In file included from ssl/qsslsocket_openssl.cpp:61:0: ssl/qsslsocket_openssl.cpp: In member function ‘virtual void QSslSocketBackendPrivate::continueHandshake()’: ssl/qsslsocket_openssl_symbols_p.h:493:62: error: ‘SSL_CTRL_GET_SERVER_TMP_KEY’ was not declared in this scope #define q_SSL_get_server_tmp_key(ssl, key) q_SSL_ctrl((ssl), SSL_CTRL_GET_SERVER_TMP_KEY, 0, (char *)key) ^ ssl/qsslsocket_openssl.cpp:1581:13: note: in expansion of macro ‘q_SSL_get_server_tmp_key’ if (q_SSL_get_server_tmp_key(ssl, &key)) ^ Makefile:19864: recipe for target '.obj/qsslsocket_openssl.o' failed ================================================================= Package Settings ================================================================= dev-libs/libressl-2.2.6::gentoo was built with the following: USE="asm -static-libs" ABI_X86="32 64 -x32"
This is the part in qsslsocket_openssl.cpp of dev-qt/qtnetwork-5.7.0_alpha #if OPENSSL_VERSION_NUMBER >= 0x10002000L if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { EVP_PKEY *key; if (q_SSL_get_server_tmp_key(ssl, &key)) configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); } #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... I think I have to change #if OPENSSL_VERSION_NUMBER >= 0x10002000L to #if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(q_SSL_get_server_tmp_key(ssl, &key)) or this better?: #if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(q_SSL_get_server_tmp_key) or #if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_get_server_tmp_key) I could remove that part and it should work for libressl. But then openssl users will have limited features?
@jospezial It's probably a better idea to remove the check for OPENSSL_VERSION_NUMBER and instead check: defined(SSL_CTRL_GET_SERVER_TMP_KEY) I'm trying to get the first patch upstreamed right now, going to see if I can get that upstreamed into 5.7.0/5.8.0 as well. https://codereview.qt-project.org/#/c/154800/
Created attachment 430294 [details, diff] Patch to fix building with LibreSSL from Code Review. It doesn't appear that the QT project is interested in maintaining LibreSSL support as ifdef cases in the OpenSSL backend, because they are planning to drop everything below 1.1.0 soon. Attached is a patch that probably would've been otherwise merged.
Created attachment 430296 [details, diff] 5.7 Patch Here's the patch updated for 5.7
Thanks a lot for taking the time to follow up with upstream. Since upstream appears to be rejecting the patch, I don't think think it's a good idea that we carry it downstream.
(In reply to Michael Palimaka (kensington) from comment #22) > Since upstream appears to be rejecting the patch, I don't think think it's a > good idea that we carry it downstream. Agreed. Soon the patch would be *very* large. If I get the go-ahead from upstream, I'll try to create a new LibreSSL backend. Hopefully we don't have to force openssl usage for qt..
Just so everyone gets an update on this, a new backend is in order. One day it might even use libtls instead of libcrypto+libssl. :)
new regression in latest 5.7.9999 checking for OpenSSL... g++ -c -pipe -O2 -Wall -W -fPIC -I../../../../qtnetwork-5.7.9999/config.tests/unix/openssl -I. -I../../../../qtnetwork-5.7.9999/mkspecs/linux-g++ -o openssl.o ../../../../qtnetwork-5.7.9999/config.tests/unix/openssl/openssl.cpp ../../../../qtnetwork-5.7.9999/config.tests/unix/openssl/openssl.cpp:49:4: error: #error "OpenSSL was reported as >= 1.0.2 but is missing required features, possibly it's libressl which is unsupported" # error "OpenSSL was reported as >= 1.0.2 but is missing required features, possibly it's libressl which is unsupported" ^ gmake: *** [Makefile:177: openssl.o] Error 1 OpenSSL disabled. OpenSSL support cannot be enabled due to functionality tests! Turn on verbose messaging (-v) to /var/tmp/portage/dev-qt/qtnetwork-5.7.9999/work/qtnetwork-5.7.9999/configure to see the final report. If you believe this message is in error you may use the continue switch (-continue) to /var/tmp/portage/dev-qt/qtnetwork-5.7.9999/work/qtnetwork-5.7.9999/configure to continue. * ERROR: dev-qt/qtnetwork-5.7.9999::qt failed (configure phase): * configure failed
http://code.qt.io/cgit/qt/qtbase.git/commit/?h=5.7&id=8c7d6b94d5e1e28c0352c5ae6ac52d4d1ea9b681 "Detect if the 'openssl' is really libressl at configure time. Qt does not support libressl which reports itself as openssl but uses a high version number. This means that we expect it to have features that it doesn't and will fail to build. Instead detect this situation at configure time and disable the ssl support. "
Created attachment 437876 [details, diff] Patch for latest 5.7.9999 config.tests/unix/openssl/openssl.cpp This reverts http://code.qt.io/cgit/qt/qtbase.git/commit/?h=5.7&id=8c7d6b94d5e1e28c0352c5ae6ac52d4d1ea9b681
(In reply to Aric Belsito from comment #24) > Just so everyone gets an update on this, a new backend is in order. > > One day it might even use libtls instead of libcrypto+libssl. :) Any news about the new libressl backend? Is there work in progress, we can see?
(In reply to jospezial from comment #25) > new regression in latest 5.7.9999 Not a regression... libressl has never been supported. Upstream has made it clear that they do not intend to make/keep the openssl backend compatible with libressl, so I will not apply any downstream patch that does that. The only solution I see here is that someone writes a libressl backend for qtnetwork and gets it merged upstream.
Bug #561854 lists this bug as one of its dependencies, and since this bug is *not* resolved, please don't close it as RESOLVED CANTFIX as there's no way to know on that bug if it's been fixed or not (radio silence is being enforced there). "The only solution I see here is that someone writes a libressl backend for qtnetwork and gets it merged upstream." Until that happens, this bug should remain open so it can be properly tracked in bug #561854.
*** Bug 592710 has been marked as a duplicate of this bug. ***
*** Bug 597096 has been marked as a duplicate of this bug. ***
Created attachment 462288 [details, diff] Patch for latest 5.7.9999 This seems to be the only patch needed for dev-qt/qtnetwork-5.7.9999 with dev-libs/libressl-2.5.1
*** Bug 615432 has been marked as a duplicate of this bug. ***
*** Bug 625944 has been marked as a duplicate of this bug. ***
This breaks all our patches in QT5.10: http://code.qt.io/cgit/qt/qtbase.git/commit/?h=5.10&id=cfbe03a6e035ab3cce5f04962cddd06bd414dcea "QSslSocket: OpenSSL 1.1 backend This patch-set implements a new QSslSocket backend based on OpenSSL 1.1." So where is the libressl combatible backend?
dev-qt/qtnetwork-5.9.9999::qt successfully built against dev-libs/libressl-2.6.1 Will test qt-5.10 again.
(In reply to jospezial from comment #37) > dev-qt/qtnetwork-5.9.9999::qt successfully built against > dev-libs/libressl-2.6.1 without libressl specific patches.
does not work with dev-qt/qtnetwork-5.10.9999 In file included from /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslsocket_openssl_symbols_p.h:220:0, from /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslcertificate.cpp:116: /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslsocket_openssl11_symbols_p.h:87:22: error: ‘OPENSSL_STACK’ was not declared in this scope int q_OPENSSL_sk_num(OPENSSL_STACK *a); ^~~~~~~~~~~~~ /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslsocket_openssl11_symbols_p.h:87:22: note: suggested alternative: ‘OPENSSL_BLOCK’ int q_OPENSSL_sk_num(OPENSSL_STACK *a); ^~~~~~~~~~~~~ OPENSSL_BLOCK /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslsocket_openssl11_symbols_p.h:87:37: error: ‘a’ was not declared in this scope int q_OPENSSL_sk_num(OPENSSL_STACK *a); ^ /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslsocket_openssl11_symbols_p.h:88:28: error: variable or field ‘q_OPENSSL_sk_pop_free’ declared void void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ^~~~~~~~~~~~~ /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslsocket_openssl11_symbols_p.h:88:28: error: ‘OPENSSL_STACK’ was not declared in this scope /var/tmp/portage/dev-qt/qtnetwork-5.10.9999/work/qtnetwork-5.10.9999/src/network/ssl/qsslsocket_openssl11_symbols_p.h:88:28: note: suggested alternative: ‘OPENSSL_BLOCK’ void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ^~~~~~~~~~~~~ OPENSSL_BLOCK all in http://code.qt.io/cgit/qt/qtbase.git/commit/?h=dev&id=cfbe03a6e035ab3cce5f04962cddd06bd414dcea depends on OPENSSL_STACK
(In reply to jospezial from comment #39) > does not work with dev-qt/qtnetwork-5.10.9999 > all in > http://code.qt.io/cgit/qt/qtbase.git/commit/ > ?h=dev&id=cfbe03a6e035ab3cce5f04962cddd06bd414dcea > depends on OPENSSL_STACK Thats's because it tries to use its OpenSSL 1.1 backend (OPENSSL_STACK is just a typedef that exists in 1.1 but not in 1.0). You should be able to tell qtnetwork "configure" not to use it, with something like "-no-opensslv11", it should fall back to its OpenSSL 1.0 backend. Can you try to modify the ebuild this way and see if it works?
https://bugs.gentoo.org/show_bug.cgi?id=625944 is a duplicate of this bug This bug here should be reopened. As "in progress"?
*** Bug 635854 has been marked as a duplicate of this bug. ***
Reopening. It seems the situation got better in 5.9 and later, combined with a recent libressl (>= 2.6? please confirm).
(In reply to Davide Pesavento from comment #44) > It seems the situation got better in 5.9 and later Comment #39 suggests that situation is bad again in 5.10.
And comment #40 has a solution (untested, but I'm optimistic)
I can confirm that dev-libs/libressl-2.6.2 works with dev-qt/qtnetwork-5.9.2 without a patch. All that is needed is to add a libressl use flag and conditionally depend on dev-libs/libressl. I fully expect that qtnetwork-5.7.1 and qtnetwork-5.6.2 both require a patch to compile, even with the latest libressl. I attempted to confirm this, but it looks like I would need to downgrade my entire qt install to test it.
Created attachment 502750 [details] qtnetwork-5.9.2.ebuild Working ebuild for dev-qt/qtnetwork-5.9.2. No patches required. Also in the libressl overlay: https://github.com/gentoo/libressl/
I attempted to compile qtnetwork-5.10. It has not been released from upstream yet. The latest development version is 5.10.0_beta3. I did not find ebuilds for this in the qt overlay, only 5.10.9999. I don't like to use *.9999 builds because they are not reproducible from one day to the next. One person can get one result and another person on another day can get a completely different result. To compile qtnetwork, you also need the corresponding version of qtcore I, therefore, created my own ebuild for dev-qt/qtcore-5.10.0_beta3 and was surprised to discover that neither portage qt5-build.eclass nor the qt overlay qt5-build.eclass was capable of constructing the correct SRC_URI. Apparently, upstream changed some of their naming convention for version 5.10. Has nobody on the QT team tried any of alpha, beta1, beta2, or beta3 on any qt 5.10 packages? They all use the same code, so it is broken for all of them. Their hesitation to fix 5.9.2 for libressl support due to possible breakage in 5.10 made me think that 5.10 was emanate and otherwise tested, but this clearly isn't the case. I updated the eclass to fix this issue for the development releases and was able to download compile and install qtcore-5.10.0_beta3 without issue. Next came qtnetwork-5.10.0_beta3. I created an ebuild based the qtnetwork-5.10.9999 ebuild in the qt overlay. At first I tried the minimum change: add libressl use flag and conditionally depend on libresl. No changes to configure options, no patches. This build failed, as expected based on comments #39 and #40 above. The errors included several refferences to a missing OPENSSL_STACK. Next, I tried the suggestion from comment #40 and added: $(usex libressl -no-opensslv11 '') to the myconf array. This wouldn't even configure, giving the error: ERROR: Unknown command line option '-no-opensslv11' Likewise, $(usex libressl -no-openssl11 '') (omitting the 'v') gave a similar error. I dug into it and found that ${S}/config.tests/unix/openssl11/openssl.cpp contained a configure test that checked #if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L Libressl fails this check (meaning the openssl v1.1 code should be used) because it defines OPENSSL_VERSION_NUMBER as 0x20000000L in /usr/include/openssl/opensslv.h I modified the test to be: #if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) so that libressl will fail and configure will fall back to openssl 1.0 code. I really hoped that this was the winner and everything would work fine, but it still didn't compile. I got the following error: .obj/qssldiffiehellmanparameters_openssl.o:qssldiffiehellmanparameters_openssl.cpp:function isSafeDH(dh_st*): error: undefined reference to 'q_BN_is_word(bignum_st*, unsigned long)' collect2: error: ld returned 1 exit status This error at first glance appears to be qt upstream's fault since libressl clearly defines BN_is_word in /usr/include/openssl/bn.h and the q_ prefix usually means a qt specific version of a function. I will look into this further, but this comment is long enough for now.
Created attachment 502766 [details] qt-5.10.0_beta3-libressl.tar.gz (doesn't work yet) Here are all the ebuilds, eclasses and patches for my attempt in the previous post.
Ok. I figured it out. Qt 5.10 performs a configure test to determine if the openssl version is 1.1 or greater. The code then uses #if QT_CONFIG(opensslv11) to test for this. However, there are 3 places in the code where #if OPENSSL_VERSION_NUMBER >= 0x10100000L is used instead. Two are in src/network/ssl/qsslsocket_openssl_symbols_p.h and one is in src/network/ssl/qsslsocket_openssl_symbols.cpp. The fix is to patch these three the QT_CONFIG style. After that everything compiled fine.
Created attachment 502770 [details] qt-5.10.0_beta3-libressl.tar.gz (compiles) Files that allow qtnetwork-5.10.0_beta3 to compile against libressl.
I have opened bug 636680 to track the issue with qt5-build.eclass for qt 5.10 since it is an unrelated issue.
Created attachment 502778 [details] qt-5.10.0_beta3-libressl.tar.gz (compiles) Oops. Forgot to run repoman before I posted. There was an unquoted variable in the qtnetwork ebuild that is now fixed.
qtnetwork-5.9.3 doesn't support libreoffice.
(In reply to jy6x2b32pie9 from comment #55) > qtnetwork-5.9.3 doesn't support libreoffice. One needs to think about what one writes, I sorry. Doesn't support libressl, of course. Brute copy of qtnetwork-5.9.2.ebuild from libressl overlay into local qtnetwork-5.9.3.ebuild looks like it works. At least, it passes everything with FEATURES="test" enabled.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/qt.git/commit/?id=1badf7a1bca143d3819cb076932a7d33778aaf79 commit 1badf7a1bca143d3819cb076932a7d33778aaf79 Author: Michael Palimaka <kensington@gentoo.org> AuthorDate: 2018-02-10 02:49:08 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2018-02-10 02:49:45 +0000 dev-qt/qtnetwork: introduce libressl support This commit deliberately only targets 5.9.9999 until I can complete testing on later versions. Bug: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.19, Repoman-2.3.6 dev-qt/qtnetwork/qtnetwork-5.9.9999.ebuild | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)}
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a18e99a64734c9970ae93f101990a28fb44bcae1 commit a18e99a64734c9970ae93f101990a28fb44bcae1 Author: Michael Palimaka <kensington@gentoo.org> AuthorDate: 2018-02-10 02:50:07 +0000 Commit: Michael Palimaka <kensington@gentoo.org> CommitDate: 2018-02-10 02:50:18 +0000 dev-qt/qtnetwork: introduce libressl support Bug: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.19, Repoman-2.3.6 dev-qt/qtnetwork/qtnetwork-5.9.4.ebuild | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)}
qtnetwork-5.9.4 builds and runs fine against dev-libs/libressl-{2.6.4, 2.7.2}
https://gitweb.gentoo.org/proj/kde.git/commit/?id=1a0a9c1107bb12ec33987093e44aef4952f91716 "kde5-functions.eclass: Raise QT_MINIMAL to 5.10.1 for kde-plasma live" So what are your patches for qt 5.10 and 5.11 ? RIP qt-5.9!
(In reply to jospezial from comment #60) > https://gitweb.gentoo.org/proj/kde.git/commit/ > ?id=1a0a9c1107bb12ec33987093e44aef4952f91716 > "kde5-functions.eclass: Raise QT_MINIMAL to 5.10.1 for kde-plasma live" > > So what are your patches for qt 5.10 and 5.11 ? > > RIP qt-5.9! You didn't bring any patches?
(In reply to maurerpe from comment #54) > Created attachment 502778 [details] > qt-5.10.0_beta3-libressl.tar.gz (compiles) > > Oops. Forgot to run repoman before I posted. There was an unquoted > variable in the qtnetwork ebuild that is now fixed. That patch still works with dev-qt/qtnetwork-5.10.1 and dev-libs/libressl-2.7.2 Will test qt-5.11 later.
Created attachment 529810 [details, diff] my patch to compile dev-qt/qtnetwork-5.11.9999::qt against dev-libs/libressl-2.7.2
(In reply to jospezial from comment #63) > Created attachment 529810 [details, diff] [details, diff] > my patch to compile dev-qt/qtnetwork-5.11.9999::qt against > dev-libs/libressl-2.7.2 Can confirm that patch working for qtnetwork-5.11
With my patch and dev-libs/libressl-2.8.0 x86_64-pc-linux-gnu-g++ -c -march=native -O2 -pipe -std=c++1z -fvisibility=hidden -fvisibility-inlines-hidden -fno-exceptions -Wall -W -Wvla -Wdate-time -Wshift-overflow=2 -Wduplicated-cond -Wno-stringop-overflow -D_REENTRANT -fPIC -DQT_NO_USING_NAMESPACE -DQT_NO_FOREACH -DQT_USE_SYSTEM_PROXIES -DQT_NO_NARROWING_CONVERSIONS_IN_CONNECT -DQT_BUILD_NETWORK_LIB -DQT_BUILDING_QT -DQT_NO_CAST_TO_ASCII -DQT_ASCII_CAST_WARNINGS -DQT_MOC_COMPAT -DQT_USE_QSTRINGBUILDER -DQT_DEPRECATED_WARNINGS -DQT_DISABLE_DEPRECATED_BEFORE=0x050000 -DQT_NO_EXCEPTIONS -D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -DQT_NO_DEBUG -DQT_CORE_LIB -I/var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/src/network -I. -I/var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/src/network/kernel -I../../include -I../../include/QtNetwork -I../../include/QtNetwork/5.11.2 -I../../include/QtNetwork/5.11.2/QtNetwork -isystem /usr/include/qt5/QtCore/5.11.2 -isystem /usr/include/qt5/QtCore/5.11.2/QtCore -isystem /usr/include/qt5 -isystem /usr/include/qt5/QtCore -I.moc -I/var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/mkspecs/linux-g++ -o .obj/qsslsocket_openssl_symbols.o /var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp In file included from /var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp:58: /var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp: In function ‘BIO_METHOD* q_BIO_s_mem()’: /var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/src/network/ssl/qsslsocket_openssl_symbols_p.h:185:37: error: invalid conversion from ‘const BIO_METHOD*’ {aka ‘const bio_method_st*’} to ‘BIO_METHOD*’ {aka ‘bio_method_st*’} [-fpermissive] ret q_##func(arg) { funcret func(a); } /var/tmp/portage/dev-qt/qtnetwork-5.11.9999/work/qtnetwork-5.11.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp:194:1: note: in expansion of macro ‘DEFINEFUNC’ DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ^~~~~~~~~~ make: *** [Makefile:3466: .obj/qsslsocket_openssl_symbols.o] Error 1 * ERROR: dev-qt/qtnetwork-5.11.9999::qt failed (compile phase): * emake failed
This is causing trouble in revdeps.
(In reply to jospezial from comment #63) > Created attachment 529810 [details, diff] [details, diff] > my patch to compile dev-qt/qtnetwork-5.11.9999::qt against > dev-libs/libressl-2.7.2 Works for me with qtnetwork-5.11.1 and libressl-2.6.5.
I don't know if I've created a duplicate but I made a bug report about an issue building =dev-qt/qtnetwork-5.9.6 with =dev-libs/libressl-2.8.1 here: https://bugs.gentoo.org/668218. Building and running =dev-qt/qtnetwork-5.9.6 was working with =dev-libs/libressl-2.8.0.
Ok so it's fixed upstream in 5.11.2.
nevermind, it's not https://ptpb.pw/iXHd
(In reply to Pablo Cholaky from comment #64) the (In reply to Stefan Strogin from comment #67) Here I do get : with libressl-2.6.5 and qtnetwork-5.11.1 6/QtCore -isystem /usr/include/qt5 -isystem /usr/include/qt5/QtCore -I.moc -I../../mkspecs/linux-g++ -o .obj/qhttpnetworkconnectionchannel.o access/qhttpnetworkconnectionchannel.cpp In file included from ../../include/QtCore/qglobal.h:1:0, from ../../include/QtNetwork/../../src/network/kernel/qtnetworkglobal.h:43, from ../../include/QtNetwork/qtnetworkglobal.h:1, from ../../include/QtNetwork/5.11.1/QtNetwork/private/../../../../../src/network/kernel/qtnetworkglobal_p.h:54, from ../../include/QtNetwork/5.11.1/QtNetwork/private/qtnetworkglobal_p.h:1, from access/qhttpnetworkconnection_p.h:54, from access/qhttpnetworkconnection.cpp:40: ../../include/QtCore/../../src/corelib/global/qglobal.h:86:30: error: division by zero in #if #define QT_CONFIG(feature) (1/QT_FEATURE_##feature == 1) ^
pagorman opened a bug report with a patch for 5.11.1 with libressl 2.8.2 https://bugs.gentoo.org/670170
As his patch seems to work, I made a pull request that is now merged on official libressl overlay. https://github.com/gentoo/libressl/pull/254 Feel free to test it and write feedback.
(In reply to Quentin R. from comment #73) > As his patch seems to work, I made a pull request that is now merged on > official libressl overlay. https://github.com/gentoo/libressl/pull/254 Feel > free to test it and write feedback. Using the patch the system still fails to build on my machine. Build.log and emerge --info attached.
Created attachment 554572 [details] Failed build after applying patch from https://github.com/gentoo/libressl/
Created attachment 554574 [details] emerge --info qtnetwork emerge -pqv qtnetwork [ebuild N ] dev-qt/qtnetwork-5.11.1 USE="libressl ssl -bindist -connman -debug -libproxy -networkmanager -test"
N.B. I am building against the stable LibreSSL 2.6.5 though
*** Bug 671414 has been marked as a duplicate of this bug. ***
I have been able to build qtnetwork-5.11.2 against libressl 2.6.5 with a subset of the github.com/gentoo/libressl patch, attached. Prior I experienced errors identical to Simeon Simeonov.
Created attachment 555740 [details, diff] Patch to buil;d qtnetwork-5.11.2 against libressl 2.6.5
(In reply to Sasha Sokolov from comment #80) > Created attachment 555740 [details, diff] [details, diff] > Patch to buil;d qtnetwork-5.11.2 against libressl 2.6.5 The patch worked for me even with the current qtnetwork-5.11.1. Thanks!
Build of qtnetwork 5.11.1/5.11.2 with this patch is successful. Thanks. (In reply to Sasha Sokolov from comment #80) > Created attachment 555740 [details, diff] [details, diff] > Patch to buil;d qtnetwork-5.11.2 against libressl 2.6.5
the build works with https://github.com/gentoo/libressl/blob/57f31bb387b1adfe0eb5c5938448a01b90c39410/dev-qt/qtnetwork/qtnetwork-5.11.2.ebuild when building against >=dev-libs/libressl-2.8.0 (currently masked for testing): https://github.com/gentoo/libressl/issues/258#issuecomment-440218330
Created attachment 558324 [details, diff] my patch to compile dev-qt/qtnetwork-5.12.9999::qt against dev-libs/libressl-2.9.0 patch had to be changed because of: http://code.qt.io/cgit/qt/qtbase.git/commit/?id=b6cd5fdc6b7c799a80126659f35801af9a26601a "configure: inline openssl test sources" tested against dev-libs/libressl-2.9.0
Which patch works with current qtnetwork 5.11.3 and libressl 2.8.3?
(In reply to Pavel Volkov from comment #85) > Which patch works with current qtnetwork 5.11.3 and libressl 2.8.3? Yes, please try my personal patch: https://github.com/waltercool/waltercooloverlay/blob/65e914b358bd0b06a4301f6c938bdd6a9fba9d53/dev-qt/qtnetwork/files/qtnetwork-5.11-libressl.patch
(In reply to Pavel Volkov from comment #85) > Which patch works with current qtnetwork 5.11.3 and libressl 2.8.3? Pavel, the Gentoo libressl overlay has the appropriate patch in it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e7ebc1bc36959b7a842b5800b4459dd444c3b5d6 commit e7ebc1bc36959b7a842b5800b4459dd444c3b5d6 Author: Stefan Strogin <stefan.strogin@gmail.com> AuthorDate: 2019-03-02 00:50:42 +0000 Commit: Stefan Strogin <stefan.strogin@gmail.com> CommitDate: 2019-03-02 00:50:42 +0000 dev-qt/qtnetwork: bump version to 5.12.1; add patch Bug: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com> dev-qt/qtnetwork/Manifest | 1 + .../files/qtnetwork-5.12.1-libressl.patch | 93 ++++++++++++++++++++++ dev-qt/qtnetwork/qtnetwork-5.12.1.ebuild | 67 ++++++++++++++++ 3 files changed, 161 insertions(+)
I'm having the compile failure reported in https://github.com/gentoo/libressl/issues/258 with the current version (qtnetwork-5.12.1::libressl), using libressl-2.9.0 on i686. I have an amd64 box which worked fine with that combination, so I'm not sure what's going on.
(In reply to Anthony Parsons from comment #89) Apologies for the bugspam, turned out to be PEBKAC. Thought my system was up to date but turns out I actually had 2.6.3 installed. It's a data point all the same; might be a good idea to specify min version >=2.7 in DEPEND?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=7d74943a95d64012d973fb65510c4d70a3f463f3 commit 7d74943a95d64012d973fb65510c4d70a3f463f3 Author: Stefan Strogin <stefan.strogin@gmail.com> AuthorDate: 2019-03-17 18:45:04 +0000 Commit: Stefan Strogin <stefan.strogin@gmail.com> CommitDate: 2019-03-17 18:45:04 +0000 dev-qt/qtnetwork: bump version to 5.12.2 Bug: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com> dev-qt/qtnetwork/Manifest | 1 + dev-qt/qtnetwork/qtnetwork-5.12.2.ebuild | 67 ++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+)
Please update to 5.12.3.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=481fd481c08bf0fd9ad37c956354345c0212b8e9 commit 481fd481c08bf0fd9ad37c956354345c0212b8e9 Author: Dennis Gaebler <dennis.gaebler@uni-ulm.de> AuthorDate: 2019-04-22 12:30:46 +0000 Commit: Stefan Strogin <stefan.strogin@gmail.com> CommitDate: 2019-04-22 18:04:44 +0000 dev-qt/qtnetwork: Add 5.12.3 Reported-by: Dennis Gaebler <dennis.gaebler@uni-ulm.de> Bug: https://bugs.gentoo.org/562050 Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com> dev-qt/qtnetwork/Manifest | 1 + dev-qt/qtnetwork/qtnetwork-5.12.3.ebuild | 67 ++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+)
Updated patch for 5.12.4 (currently in the Qt overlay): https://github.com/gentoo/libressl/pull/297
Created attachment 580336 [details, diff] my patch to compile dev-qt/qtnetwork-5.13.9999::qt against dev-libs/libressl-2.9.2 updated with patch from aidanharris
and daily greets the groundhog :) sorry but its so frustrating please add for 5.12.4
(In reply to René Fuchs from comment #96) > and daily greets the groundhog :) sorry but its so frustrating > > please add for 5.12.4 https://github.com/gentoo/libressl/commit/b5e619354bc10456fbbda75bbbc02cf9a2a98834 dev-qt/qtnetwork-5.12.4: Add 5.12.4 and https://github.com/gentoo/libressl/commit/b61ba94129f03f1f4b982cdab1f71838fbbd51c9
How long does it take for gentoo/libressl repo changes to show up i gentoo-mirror/libressl? It's been over 6 days...
(In reply to Pavel Volkov from comment #98) > How long does it take for gentoo/libressl repo changes to show up i > gentoo-mirror/libressl? > > It's been over 6 days... For those kind of bugs at master, it doesn't. Those patches are bad fix usually and QT team doesn't want to suppprt LibreSSL. Your only option here would be adding LibreSSL overlay, or add patches into your own overlay. Personally I have my own patches into my overlay, I added qtnetwork patch for 5.12.4 onto my overlay at least (https://gitlab.com/waltercool/waltercooloverlay) Master branch of Gentoo usually don't pick patches rejected by project owner (as QT) due excessive maintenance at every release.
(In reply to Pablo Cholaky from comment #99) > Your only option here would be adding LibreSSL overlay, or add patches into > your own overlay. Well, libressl overlay tracks gentoo-mirror/libressl on github. Last version there is 5.12.3, so I wonder when I'll see 5.12.4. I know I can add it to locally.
Oh my bad, you meant libressl mirror and not gentoo mirror. Well, as workaround, you can try to sync the normal one and update with egencache at /etc/portage/repos.d, isn't that bad.
(In reply to Pablo Cholaky from comment #99) > (In reply to Pavel Volkov from comment #98) > > How long does it take for gentoo/libressl repo changes to show up i > > gentoo-mirror/libressl? > > > > It's been over 6 days... > > For those kind of bugs at master, it doesn't. Those patches are bad fix > usually and QT team doesn't want to suppprt LibreSSL. > > Your only option here would be adding LibreSSL overlay, or add patches into > your own overlay. > > Personally I have my own patches into my overlay, I added qtnetwork patch > for 5.12.4 onto my overlay at least > (https://gitlab.com/waltercool/waltercooloverlay) > > Master branch of Gentoo usually don't pick patches rejected by project owner > (as QT) due excessive maintenance at every release. What? we had BFQ months (even years) in gentoo-sources before it was mainlined... Please merge this, there's no reason not to.
Any update on this? FreeBSD has had this in the tree for years...
qt-5.14 branch is giving us more libressl headaches. Will dig deeper in it soon.
(In reply to jospezial from comment #104) > qt-5.14 branch is giving us more libressl headaches. > > Will dig deeper in it soon. old patch still works. Tested with libressl-3.0.0
With libressl 3.0.1 my KMail accounts can't connect to server anymore: error:10FFF067:elliptic curve routines:CRYPTO_internal:invalid field Reverting to 3.0.0 fixes this. Rebuilding qtnetwork and akonadi makes no difference.
Thanks, Pavel. I have got the same error in quassel client (also uses qtnetwork). Masked libressl-3.0.1 for now.
Big upstream changes in dev and qt-5.15: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1a878e65c21be10c7c64839ebf6f2b27170feb00 "QSslSocket - remove old OpenSSL backend (< 1.1) OpenSSL 1.0.2 will stop receiving all support at the end of 2019. Qt 5.15 is our next LTS thus makes sense remove OpenSSL 1.0.2 support there. This also allows us quite a significant cleanup of an old heavily if-defed code and all 'pre11' suffixed source files. [ChangeLog][QtNetwork][SSL] Removed OpenSSL 1.0.x support, now 1.1.x is required" That causes reworking of our patch to compile with libressl for sure.
After all this time and LibreSSL development the patch has become relatively small and easy to maintain. LibreSSL project has maintained it for more than a year in the libressl overlay (I think quite successfully). And I intend to continue maintaining it if you guys in Qt project will be so kind to accept it into gentoo.git (see https://github.com/gentoo/gentoo/pull/14494).
Ultimately that is for Qt team to decide if they accept a downstream-only patch. Given that Qt5 feature development is coming to an end soon, and with the dust on openssl-1.1 settled, I give it a higher chance than say back in Qt-5.10 times. Personally I'd like to see evidence that it no longer causes fallout as seen in the known linked qtnetwork consumer bugs though: bug 658802 (might be broken entirely on its own though) bug 659496 bug 650288 bug 645580 bug 671288 And then, will Qt 5.15 indeed need a different patch again already? Please check out 5.15.9999 in qt overlay for that. (In reply to jospezial from comment #108) > Big upstream changes in dev and qt-5.15: > [...] > That causes reworking of our patch to compile with libressl for sure.
Andreas, Thanks. I'll check all of these bugs, and prepare a patch for qtnetwork-5.15.
Let's see how the 5.15 patch looks like. If it's as small and simple as the one for 5.14, I'm willing to accept it. For Qt6, we could consider upstreaming it again, they might change their mind after seeing that the patch has become a lot more manageable.
Davide, Andreas, I have checked these bugs. It looks like bug 658802 and bug 659496 have nothing to do with libressl indeed. bug 650288, bug 645580 and bug 671288 will be fixed by enabling LibreSSL support in dev-qt/qtnetwork in the main tree. I have prepared the patch for qtnetwork-5.15.9999, I have sent as a PR to qt overlay mirror on github. It's a little bigger than for qtnetwork-5.14, mainly because OpenSSL <1.1 support was removed from Qt 5.15. Earlier LibreSSL support was based on OpenSSL 1.0.x, now it is based on OpenSSL 1.1. So I had to reuse some definitions from the old src/network/ssl/*_opensslpre11.{cpp,h} files, for example. Anyway if Qt is not going to drop OpenSSL 1.1 support soon:), and LibreSSL development won't stop, the patch will become smaller in time, and you can count on me in maintaining it.
And to be sure, I have tested runtime of qtnetwork-5.15.9999 with LibreSSL, with quassel Qt client. Runs, connects using an encrypted connection.
>>> Installing (3 of 45) dev-qt/qtnetwork-5.15.9999::qt Thank you for the patch. I have bitten my teeth out on porting the patches from the deleted pre-1.1 files to the new file structure. OCSP in compile and some undefined dereferences in install made my life hard.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ad08d4df67f1e2235ae1847448ed4e2c35d87ab5 commit ad08d4df67f1e2235ae1847448ed4e2c35d87ab5 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-04-11 05:01:07 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-04-11 05:02:25 +0000 dev-qt/qtnetwork: version bump to 5.14.2 Reported-by: Dennis Gaebler <dennis.gaebler@uni-ulm.de> Closes: https://github.com/gentoo/libressl/pull/318 Bug: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Stefan Strogin <steils@gentoo.org> dev-qt/qtnetwork/Manifest | 1 + dev-qt/qtnetwork/metadata.xml | 1 + dev-qt/qtnetwork/qtnetwork-5.14.2.ebuild | 70 ++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=9e800fa134c8a71ffdbe546ec0dc9477a6f4c185 commit 9e800fa134c8a71ffdbe546ec0dc9477a6f4c185 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-05-27 08:14:40 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-05-27 08:14:40 +0000 dev-qt/qtnetwork: version bump to 5.15.0 Bug: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Stefan Strogin <steils@gentoo.org> dev-qt/qtnetwork/Manifest | 1 + .../files/qtnetwork-5.15.0-libressl.patch | 340 +++++++++++++++++++++ dev-qt/qtnetwork/qtnetwork-5.15.0.ebuild | 67 ++++ 3 files changed, 408 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=568a924b3f62d0acff635b2379aedd85ebbc0b99 commit 568a924b3f62d0acff635b2379aedd85ebbc0b99 Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-05-27 08:26:20 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-05-28 05:50:22 +0000 dev-qt/qtnetwork: add patch for LibreSSL Closes: https://bugs.gentoo.org/562050 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Stefan Strogin <steils@gentoo.org> .../files/qtnetwork-5.15.0-libressl.patch | 340 +++++++++++++++++++++ dev-qt/qtnetwork/qtnetwork-5.15.0.ebuild | 9 +- 2 files changed, 347 insertions(+), 2 deletions(-)
The patch worked a long time for the live ebuilds too but now upstream made changes: https://code.qt.io/cgit/qt/qtbase.git/commit/src/network/ssl?h=5.15&id=9bd8b6974dc4d41b205de2ed7e424624d91c569a "QSsl: workaround a 'very secure' OpenSSL version (CentOS 8.x et al) CentOS it seems not only backported some OpenSSL 3 functions, but also raised the default security level to 2, making some of our keys (and MDs?) 'too weak' and failing auto-tests here and there as a result. For our auto-test we lower the level to 1, as it is expected to be." In file included from /var/tmp/portage/dev-qt/qtnetwork-5.15.9999/work/qtnetwork-5.15.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp:58: /var/tmp/portage/dev-qt/qtnetwork-5.15.9999/work/qtnetwork-5.15.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp: In function ‘int q_SSL_CTX_get_security_level(const SSL_CTX*)’: /var/tmp/portage/dev-qt/qtnetwork-5.15.9999/work/qtnetwork-5.15.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp:173:17: error: ‘SSL_CTX_get_security_level’ was not declared in this scope; did you mean ‘q_SSL_CTX_get_security_level’? 173 | DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return) | ^~~~~~~~~~~~~~~~~~~~~~~~~~ /var/tmp/portage/dev-qt/qtnetwork-5.15.9999/work/qtnetwork-5.15.9999/src/network/ssl/qsslsocket_openssl_symbols_p.h:196:33: note: in definition of macro ‘DEFINEFUNC’ 196 | ret q_##func(arg) { funcret func(a); } | ^~~~ /var/tmp/portage/dev-qt/qtnetwork-5.15.9999/work/qtnetwork-5.15.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp: In function ‘void q_SSL_CTX_set_security_level(SSL_CTX*, int)’: /var/tmp/portage/dev-qt/qtnetwork-5.15.9999/work/qtnetwork-5.15.9999/src/network/ssl/qsslsocket_openssl_symbols.cpp:174:19: error: ‘SSL_CTX_set_security_level’ was not declared in this scope; did you mean ‘q_SSL_CTX_set_security_level’? 174 | DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return) | ^~~~~~~~~~~~~~~~~~~~~~~~~~ /var/tmp/portage/dev-qt/qtnetwork-5.15.9999/work/qtnetwork-5.15.9999/src/network/ssl/qsslsocket_openssl_symbols_p.h:200:40: note: in definition of macro ‘DEFINEFUNC2’ 200 | ret q_##func(arg1, arg2) { funcret func(a, b); } | ^~~~ make: *** [Makefile:3564: .obj/qsslsocket_openssl_symbols.o] Error 1 make: *** Waiting for unfinished jobs.... * ERROR: dev-qt/qtnetwork-5.15.9999::qt failed (compile phase): * emake failed I think #ifdef SSL_SECOP_PEER could be used for the new patch.
that was with qtnetwork-5.15.1-libressl.patch
Created attachment 663100 [details, diff] qtnetwork-5.15.9999(5.15.2)-libressl.patch added https://code.qt.io/cgit/qt/qtbase.git/commit/src/network?h=5.15&id=9bd8b6974dc4d41b205de2ed7e424624d91c569a fix to qtnetwork-5.15.1-libressl.patch possibly useful for upcoming qtnetwork-5.15.2 release
Comment on attachment 663100 [details, diff] qtnetwork-5.15.9999(5.15.2)-libressl.patch qtnetwork-5.15.9999 of course