diff options
| author | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-28 08:26:42 +0200 |
|---|---|---|
| committer | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-28 08:26:42 +0200 |
| commit | 5061fe0c2c7743370e1d379d6fa60eed26ff1470 (patch) | |
| tree | 4a4ee79a6e0694d3c7ad6fbeff33343d83458e6c /pkgs/development/libraries | |
| parent | a2538606e3115e16db2e5075ecf37b886ad64ede (diff) | |
| parent | 98640fd48212f8e6552517f667bba1901f5936d4 (diff) | |
| download | nixpkgs-5061fe0c2c7743370e1d379d6fa60eed26ff1470.tar nixpkgs-5061fe0c2c7743370e1d379d6fa60eed26ff1470.tar.gz nixpkgs-5061fe0c2c7743370e1d379d6fa60eed26ff1470.tar.bz2 nixpkgs-5061fe0c2c7743370e1d379d6fa60eed26ff1470.tar.lz nixpkgs-5061fe0c2c7743370e1d379d6fa60eed26ff1470.tar.xz nixpkgs-5061fe0c2c7743370e1d379d6fa60eed26ff1470.tar.zst nixpkgs-5061fe0c2c7743370e1d379d6fa60eed26ff1470.zip | |
Merge staging-next into staging
Diffstat (limited to 'pkgs/development/libraries')
127 files changed, 5941 insertions, 2192 deletions
diff --git a/pkgs/development/libraries/aacskeys/default.nix b/pkgs/development/libraries/aacskeys/default.nix deleted file mode 100644 index 9e28bfd4fe2..00000000000 --- a/pkgs/development/libraries/aacskeys/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{stdenv, fetchurl, openssl, jdk, premake3}: - -# Info on how to use / obtain aacs keys: -# http://vlc-bluray.whoknowsmy.name/ -# https://wiki.archlinux.org/index.php/BluRay - - -let baseName = "aacskeys"; - version = "0.4.0e"; -in - -stdenv.mkDerivation { - name = "${baseName}-${version}"; - - patchPhase = '' - substituteInPlace "premake.lua" \ - --replace "/usr/lib/jvm/java-6-sun/include" "${jdk}/include" - ''; - - src = fetchurl { - url = "http://deb-multimedia.org/pool/main/a/${baseName}/${baseName}_${version}.orig.tar.gz"; - sha256 = "0d3zvwixpkixfkkc16wj37h2xbcq5hsqqhqngzqr6pslmqr67vnr"; - }; - - buildInputs = [openssl jdk premake3]; - - installPhase = '' - mkdir -p $out/{bin,lib,share/${baseName}} - - # Install lib - install -Dm444 lib/linux/libaacskeys.so $out/lib - - # Install program - install -Dm555 bin/linux/aacskeys $out/bin - - # Install resources - install -Dm444 HostKeyCertificate.txt $out/share/${baseName} - install -Dm444 ProcessingDeviceKeysSimple.txt $out/share/${baseName} - ''; - - meta = with stdenv.lib; { - homepage = http://forum.doom9.org/showthread.php?t=123311; - description = "A library and program to retrieve decryption keys for HD discs"; - platforms = platforms.linux; - license = licenses.publicDomain; - }; -} diff --git a/pkgs/development/libraries/agda/agda-iowa-stdlib/default.nix b/pkgs/development/libraries/agda/agda-iowa-stdlib/default.nix index 3ab4ed3e962..e2d64841985 100644 --- a/pkgs/development/libraries/agda/agda-iowa-stdlib/default.nix +++ b/pkgs/development/libraries/agda/agda-iowa-stdlib/default.nix @@ -1,14 +1,14 @@ { stdenv, agda, fetchFromGitHub }: agda.mkDerivation (self: rec { - version = "1.4.0"; + version = "1.5.0"; name = "agda-iowa-stdlib-${version}"; src = fetchFromGitHub { owner = "cedille"; repo = "ial"; rev = "v${version}"; - sha256 = "1gwxpybxwdj5ipbb3gapm7r5hfl3g6sj9kp13954pdmx8d5b0gma"; + sha256 = "0dlis6v6nzbscf713cmwlx8h9n2gxghci8y21qak3hp18gkxdp0g"; }; sourceDirectories = [ "./." ]; diff --git a/pkgs/development/libraries/agda/agda-prelude/default.nix b/pkgs/development/libraries/agda/agda-prelude/default.nix index e3dcf765dfd..a57ee6e08ba 100644 --- a/pkgs/development/libraries/agda/agda-prelude/default.nix +++ b/pkgs/development/libraries/agda/agda-prelude/default.nix @@ -1,13 +1,13 @@ { stdenv, agda, fetchgit }: agda.mkDerivation (self: rec { - version = "0dca24a81d417db2ae8fc871eccb7776f7eae952"; + version = "eacc961c2c312b7443109a7872f99d55557df317"; name = "agda-prelude-${version}"; src = fetchgit { url = "https://github.com/UlfNorell/agda-prelude.git"; rev = version; - sha256 = "0gwfgvj96i1mx5v01bi46h567d1q1fbgvzv6z8zv91l2jhybwff5"; + sha256 = "0iql67hb1q0fn8dwkcx07brkdkxqfqrsbwjy71ndir0k7qzw7qv2"; }; topSourceDirectories = [ "src" ]; diff --git a/pkgs/development/libraries/agda/agda-stdlib/default.nix b/pkgs/development/libraries/agda/agda-stdlib/default.nix index b6208eeeb51..4d071251ee8 100644 --- a/pkgs/development/libraries/agda/agda-stdlib/default.nix +++ b/pkgs/development/libraries/agda/agda-stdlib/default.nix @@ -1,14 +1,14 @@ { stdenv, agda, fetchFromGitHub, ghcWithPackages }: agda.mkDerivation (self: rec { - version = "1.0.1"; + version = "1.1"; name = "agda-stdlib-${version}"; src = fetchFromGitHub { repo = "agda-stdlib"; owner = "agda"; rev = "v${version}"; - sha256 = "0ia7mgxs5g9849r26yrx07lrx65vhlrxqqh5b6d69gfi1pykb4j2"; + sha256 = "190bxsy92ffmvwpmyyg3lxs91vyss2z25rqz1w79gkj56484cy64"; }; nativeBuildInputs = [ (ghcWithPackages (self : [ self.filemanip ])) ]; diff --git a/pkgs/development/libraries/allegro/5.nix b/pkgs/development/libraries/allegro/5.nix index 46e3d02963d..b267c62d6c7 100644 --- a/pkgs/development/libraries/allegro/5.nix +++ b/pkgs/development/libraries/allegro/5.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "allegro"; - version = "5.2.4.0"; + version = "5.2.5.0"; src = fetchFromGitHub { owner = "liballeg"; repo = "allegro5"; rev = version; - sha256 = "01y3hirn5b08f188nnhb2cbqj4vzysr7l2qpz2208srv8arzmj2d"; + sha256 = "1jrnizpwznyxz2c7zb75lfy7l51ww5jlqfaahcrycfj1xay9mpqp"; }; buildInputs = [ @@ -28,14 +28,6 @@ stdenv.mkDerivation rec { libpulseaudio libpthreadstubs ]; - patches = [ - # fix compilation with mesa 18.2.5 - (fetchpatch { - url = "https://github.com/liballeg/allegro5/commit/a40d30e21802ecf5c9382cf34af9b01bd3781e47.patch"; - sha256 = "1f1xlj5y2vr6wzmcz04s8kxn8cfdwrg9kjlnvpz9dix1z3qjnd4m"; - }) - ]; - postPatch = '' sed -e 's@/XInput2.h@/XI2.h@g' -i CMakeLists.txt "src/"*.c ''; diff --git a/pkgs/development/libraries/at-spi2-atk/default.nix b/pkgs/development/libraries/at-spi2-atk/default.nix index 00465a617f4..a805949bf11 100644 --- a/pkgs/development/libraries/at-spi2-atk/default.nix +++ b/pkgs/development/libraries/at-spi2-atk/default.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation rec { description = "D-Bus bridge for Assistive Technology Service Provider Interface (AT-SPI) and Accessibility Toolkit (ATK)"; homepage = https://gitlab.gnome.org/GNOME/at-spi2-atk; license = licenses.lgpl2Plus; # NOTE: 2018-06-06: Please check the license when upstream sorts-out licensing: https://gitlab.gnome.org/GNOME/at-spi2-atk/issues/2 - maintainers = with maintainers; [ jtojnar gnome3.maintainers ]; + maintainers = gnome3.maintainers; platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix index 21649d1728c..e7cea235ceb 100644 --- a/pkgs/development/libraries/at-spi2-core/default.nix +++ b/pkgs/development/libraries/at-spi2-core/default.nix @@ -59,7 +59,7 @@ stdenv.mkDerivation rec { description = "Assistive Technology Service Provider Interface protocol definitions and daemon for D-Bus"; homepage = https://gitlab.gnome.org/GNOME/at-spi2-core; license = licenses.lgpl2Plus; # NOTE: 2018-06-06: Please check the license when upstream sorts-out licensing: https://gitlab.gnome.org/GNOME/at-spi2-core/issues/2 - maintainers = with maintainers; [ jtojnar gnome3.maintainers ]; + maintainers = gnome3.maintainers; platforms = platforms.unix; }; } diff --git a/pkgs/development/libraries/avahi/default.nix b/pkgs/development/libraries/avahi/default.nix index 76010dacc5e..ee451818831 100644 --- a/pkgs/development/libraries/avahi/default.nix +++ b/pkgs/development/libraries/avahi/default.nix @@ -73,7 +73,7 @@ stdenv.mkDerivation rec { homepage = http://avahi.org; license = licenses.lgpl2Plus; platforms = platforms.unix; - maintainers = with maintainers; [ lovek323 ]; + maintainers = with maintainers; [ lovek323 globin ]; longDescription = '' Avahi is a system which facilitates service discovery on a local diff --git a/pkgs/development/libraries/babl/default.nix b/pkgs/development/libraries/babl/default.nix index eff6ff62632..d95797d5a5f 100644 --- a/pkgs/development/libraries/babl/default.nix +++ b/pkgs/development/libraries/babl/default.nix @@ -1,15 +1,41 @@ -{ stdenv, fetchurl }: +{ stdenv +, fetchurl +, meson +, ninja +, pkgconfig +, gobject-introspection +, lcms2 +}: stdenv.mkDerivation rec { pname = "babl"; - version = "0.1.66"; + version = "0.1.72"; + + outputs = [ "out" "dev" ]; src = fetchurl { - url = "https://ftp.gtk.org/pub/babl/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.bz2"; - sha256 = "0qx1dwbinxihwl2lmxi60qiqi402jlrdcnixx14kk6j88n9xi79n"; + url = "https://download.gimp.org/pub/babl/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; + sha256 = "0hkagjrnza77aasa1kss5hvy37ndm50y6i7hkdn2z8hzgc4i3qb4"; }; - doCheck = true; + patches = [ + # Apple linker does not know --version-script flag + # https://gitlab.gnome.org/GNOME/babl/merge_requests/26 + ./fix-darwin.patch + ]; + + nativeBuildInputs = [ + meson + ninja + pkgconfig + gobject-introspection + ]; + + buildInputs = [ + lcms2 + ]; + + doCheck = !stdenv.isDarwin; meta = with stdenv.lib; { description = "Image pixel format conversion library"; diff --git a/pkgs/development/libraries/babl/fix-darwin.patch b/pkgs/development/libraries/babl/fix-darwin.patch new file mode 100644 index 00000000000..eaeff63689f --- /dev/null +++ b/pkgs/development/libraries/babl/fix-darwin.patch @@ -0,0 +1,16 @@ +diff --git a/babl/meson.build b/babl/meson.build +index b551c9a..f452435 100644 +--- a/babl/meson.build ++++ b/babl/meson.build +@@ -24,9 +24,9 @@ + ] + + # Linker arguments +-babl_link_args = [ ++babl_link_args = cc.get_supported_link_arguments([ + '-Wl,--version-script,' + version_script, +-] ++]) + if platform_win32 + babl_link_args += '-Wl,--no-undefined' + endif diff --git a/pkgs/development/libraries/cctz/default.nix b/pkgs/development/libraries/cctz/default.nix index 457b51dea7a..5897f84efff 100644 --- a/pkgs/development/libraries/cctz/default.nix +++ b/pkgs/development/libraries/cctz/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub }: +{ stdenv, fetchFromGitHub, darwin }: stdenv.mkDerivation rec { pname = "cctz"; @@ -13,8 +13,14 @@ stdenv.mkDerivation rec { makeFlags = [ "PREFIX=$(out)" ]; + buildInputs = stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Foundation; + installTargets = [ "install_hdrs" "install_shared_lib" ]; + postInstall = stdenv.lib.optionalString stdenv.isDarwin '' + install_name_tool -id $out/lib/libcctz.so $out/lib/libcctz.so + ''; + enableParallelBuilding = true; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/cm256cc/default.nix b/pkgs/development/libraries/cm256cc/default.nix new file mode 100644 index 00000000000..aaf40998102 --- /dev/null +++ b/pkgs/development/libraries/cm256cc/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, cmake, boost } : + +stdenv.mkDerivation rec { + pname = "cm256cc"; + version = "1.0.5"; + + src = fetchFromGitHub { + owner = "f4exb"; + repo = "cm256cc"; + rev = "v${version}"; + sha256 = "0d16y3lhdwr644am4sxqpshpbc3qik6dgr1w2c39vy75w9ff61a0"; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ boost ]; + + meta = with stdenv.lib; { + description = "Fast GF(256) Cauchy MDS Block Erasure Codec in C++"; + homepage = "https://github.com/f4exb/cm256cc"; + platforms = platforms.linux; + maintainers = with maintainers; [ alkeryn ]; + }; +} diff --git a/pkgs/development/libraries/directfb/default.nix b/pkgs/development/libraries/directfb/default.nix index 3d831efbcb7..f7545bb03d5 100644 --- a/pkgs/development/libraries/directfb/default.nix +++ b/pkgs/development/libraries/directfb/default.nix @@ -1,31 +1,29 @@ -{ stdenv, fetchurl, pkgconfig, perl, zlib, libjpeg, freetype, libpng, giflib +{ stdenv, lib, fetchFromGitHub, autoreconfHook, perl, pkgconfig, flux, zlib +, libjpeg, freetype, libpng, giflib , enableX11 ? true, xorg , enableSDL ? true, SDL }: -let s = -rec { - version = "1.7.7"; - name="directfb-${version}"; - sha256 = "18r7h0pwbyyk8z3pgdv77nmma8lvr1si9gl1ghxgxf1ivhwcd1dp"; - url="http://directfb.org/downloads/Core/DirectFB-1.7/DirectFB-${version}.tar.gz"; -} -; in -stdenv.mkDerivation { - inherit (s) name; - src = fetchurl { - inherit (s) url sha256; +stdenv.mkDerivation rec { + pname = "directfb"; + version = "1.7.7"; + + src = fetchFromGitHub { + owner = "deniskropp"; + repo = "DirectFB"; + rev = "DIRECTFB_${lib.replaceStrings ["."] ["_"] version}"; + sha256 = "0bs3yzb7hy3mgydrj8ycg7pllrd2b6j0gxj596inyr7ihssr3i0y"; }; - nativeBuildInputs = [ perl pkgconfig ]; + nativeBuildInputs = [ autoreconfHook perl pkgconfig flux ]; buildInputs = [ zlib libjpeg freetype giflib libpng ] - ++ stdenv.lib.optional enableSDL SDL - ++ stdenv.lib.optionals enableX11 (with xorg; [ + ++ lib.optional enableSDL SDL + ++ lib.optionals enableX11 (with xorg; [ xorgproto libX11 libXext libXrender ]); - NIX_LDFLAGS="-lgcc_s"; + NIX_LDFLAGS = "-lgcc_s"; configureFlags = [ "--enable-sdl" @@ -35,14 +33,11 @@ stdenv.mkDerivation { "--enable-fbdev" "--enable-mmx" "--enable-sse" - #"--enable-sysfs" # not recognized "--with-software" "--with-smooth-scaling" - ] ++ stdenv.lib.optionals enableX11 [ - "--enable-x11" - ]; + ] ++ lib.optional enableX11 "--enable-x11"; - meta = with stdenv.lib; { + meta = with lib; { description = "Graphics and input library designed with embedded systems in mind"; longDescription = '' DirectFB is a thin library that provides hardware graphics acceleration, @@ -54,7 +49,7 @@ stdenv.mkDerivation { power to embedded systems and sets a new standard for graphics under Linux. ''; - homepage = http://directfb.org/; + homepage = "https://github.com/deniskropp/DirectFB"; license = licenses.lgpl21; platforms = platforms.linux; maintainers = [ maintainers.bjornfor ]; diff --git a/pkgs/development/libraries/directfb/default.upstream b/pkgs/development/libraries/directfb/default.upstream deleted file mode 100644 index ef4ed8e490d..00000000000 --- a/pkgs/development/libraries/directfb/default.upstream +++ /dev/null @@ -1,3 +0,0 @@ -url 'http://directfb.org/index.php?path=Main%2FDownloads' -version_link 'DirectFB-[0-9]' -minimize_overwrite diff --git a/pkgs/development/libraries/dlib/default.nix b/pkgs/development/libraries/dlib/default.nix index e28b1add7e2..dfa5509fb98 100644 --- a/pkgs/development/libraries/dlib/default.nix +++ b/pkgs/development/libraries/dlib/default.nix @@ -6,14 +6,14 @@ }: stdenv.mkDerivation rec { - version = "19.16"; pname = "dlib"; + version = "19.17"; src = fetchFromGitHub { owner = "davisking"; repo = "dlib"; rev ="v${version}"; - sha256 = "0ix52npsxfm6324jli7y0zkyijl5yirv2yzfncyd4sq0r9fcwb4p"; + sha256 = "0g11ilma6cll3bd2ahm66j1sjb9v4rxz3xjbfkcg5pjsvb49n029"; }; postPatch = '' diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix index 9b05165e1b2..ec6f07f0953 100644 --- a/pkgs/development/libraries/exiv2/default.nix +++ b/pkgs/development/libraries/exiv2/default.nix @@ -14,20 +14,15 @@ stdenv.mkDerivation rec { pname = "exiv2"; - version = "0.27.1"; + version = "0.27.2"; src = fetchFromGitHub rec { owner = "exiv2"; repo = "exiv2"; - rev = version; - sha256 = "0b5m921070fkyif0zlyb49gly3p6xd0hv1jyym4j25hx12gzbx0c"; + rev = "v${version}"; + sha256 = "0n8il52yzbmvbkryrl8waz7hd9a2fdkw8zsrmhyh63jlvmmc31gf"; }; - patches = [ - # https://github.com/Exiv2/exiv2/commit/aae88060ca85a483cd7fe791ba116c04d96c0bf9#comments - ./fix-cmake.patch - ]; - cmakeFlags = [ "-DEXIV2_BUILD_PO=ON" "-DEXIV2_BUILD_DOC=ON" @@ -58,7 +53,7 @@ stdenv.mkDerivation rec { "doc" ]; - doCheck = stdenv.isLinux; + doCheck = true; # Test setup found by inspecting ${src}/.travis/run.sh; problems without cmake. checkTarget = "tests"; @@ -72,6 +67,14 @@ stdenv.mkDerivation rec { ${stdenv.lib.optionalString stdenv.isAarch64 '' rm -f ../tests/bugfixes/github/test_CVE_2018_12265.py ''} + + ${stdenv.lib.optionalString stdenv.isDarwin '' + export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:`pwd`/lib + # Removing tests depending on charset conversion + substituteInPlace ../test/Makefile --replace "conversions.sh" "" + rm -f ../tests/bugfixes/redmine/test_issue_460.py + rm -f ../tests/bugfixes/redmine/test_issue_662.py + ''} ''; postCheck = '' diff --git a/pkgs/development/libraries/exiv2/fix-cmake.patch b/pkgs/development/libraries/exiv2/fix-cmake.patch deleted file mode 100644 index 1e19aed8b90..00000000000 --- a/pkgs/development/libraries/exiv2/fix-cmake.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 34087004..41b3a068 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -239,9 +239,9 @@ install(FILES - ${CMAKE_BINARY_DIR}/exiv2lib_export.h - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/exiv2) - --install(EXPORT exiv2Config DESTINATION "${CMAKE_INSTALL_LIBDIR}/exiv2/cmake") -+install(EXPORT exiv2Config DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/exiv2") - --install(FILES ${CMAKE_CURRENT_BINARY_DIR}/exiv2ConfigVersion.cmake DESTINATION "${CMAKE_INSTALL_LIBDIR}/exiv2/cmake") -+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/exiv2ConfigVersion.cmake DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/exiv2") - - # ****************************************************************************** - # exiv2 application diff --git a/pkgs/development/libraries/exosip/default.nix b/pkgs/development/libraries/exosip/default.nix index 8e9b2a641cf..4968c38bfd3 100644 --- a/pkgs/development/libraries/exosip/default.nix +++ b/pkgs/development/libraries/exosip/default.nix @@ -1,20 +1,27 @@ -{stdenv, fetchurl, libosip, openssl, pkgconfig }: +{ stdenv, fetchurl, libosip, openssl, pkgconfig, fetchpatch }: stdenv.mkDerivation rec { pname = "libexosip2"; version = "4.1.0"; - + src = fetchurl { url = "mirror://savannah/exosip/libeXosip2-${version}.tar.gz"; sha256 = "17cna8kpc8nk1si419vgr6r42k2lda0rdk50vlxrw8rzg0xp2xrw"; }; - + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libosip openssl ]; - + + patches = [ + (fetchpatch { + url = "https://sources.debian.net/data/main/libe/libexosip2/4.1.0-2.1/debian/patches/openssl110.patch"; + sha256 = "01q2dax7pwh197mn18r22y38mrsky85mvs9vbkn9fpcilrdayal6"; + }) + ]; + meta = with stdenv.lib; { license = licenses.gpl2Plus; description = "Library that hides the complexity of using the SIP protocol"; - platforms =platforms.linux; + platforms = platforms.linux; }; } diff --git a/pkgs/development/libraries/ffmpeg-full/default.nix b/pkgs/development/libraries/ffmpeg-full/default.nix index 00131688f09..3b1aeeebaab 100644 --- a/pkgs/development/libraries/ffmpeg-full/default.nix +++ b/pkgs/development/libraries/ffmpeg-full/default.nix @@ -52,6 +52,7 @@ , bzip2 ? null , celt ? null # CELT decoder #, crystalhd ? null # Broadcom CrystalHD hardware acceleration +, dav1d ? null # AV1 decoder (focused on speed and correctness) #, decklinkExtlib ? false, blackmagic-design-desktop-video ? null # Blackmagic Design DeckLink I/O support , fdkaacExtlib ? false, fdk_aac ? null # Fraunhofer FDK AAC de/encoder #, flite ? null # Flite (voice synthesis) support @@ -97,7 +98,7 @@ , libXv ? null # Xlib support , libXext ? null # Xlib support , lzma ? null # xz-utils -, nvenc ? !stdenv.isDarwin, nv-codec-headers ? null # NVIDIA NVENC support +, nvenc ? !stdenv.isDarwin && !stdenv.isAarch64, nv-codec-headers ? null # NVIDIA NVENC support , openal ? null # OpenAL 1.1 capture support #, opencl ? null # OpenCL code , opencore-amr ? null # AMR-NB de/encoder & AMR-WB decoder @@ -163,6 +164,9 @@ * libvpx(stable 1.3.0) openal openjpeg pulseaudio rtmpdump samba vid-stab * wavpack x265 xavs * + * Need fixes to support AArch64: + * libmfx(intel-media-sdk) nvenc + * * Not supported: * stagefright-h264(android only) * @@ -175,7 +179,7 @@ */ let - inherit (stdenv) isCygwin isDarwin isFreeBSD isLinux; + inherit (stdenv) isCygwin isDarwin isFreeBSD isLinux isAarch64; inherit (stdenv.lib) optional optionals optionalString enableFeature; in @@ -234,17 +238,14 @@ assert opensslExtlib -> gnutls == null && openssl != null && nonfreeLicensing; stdenv.mkDerivation rec { pname = "ffmpeg-full"; - version = "4.1.4"; + version = "4.2"; src = fetchurl { url = "https://www.ffmpeg.org/releases/ffmpeg-${version}.tar.xz"; - sha256 = "1qd7a10gs12ifcp31gramcgqjl77swskjfp7cijibgyg5yl4kw7i"; + sha256 = "1mgcxm7sqkajx35px05szsmn9mawwm03cfpmk3br7bcp3a1i0gq2"; }; - patches = [(fetchpatch { # remove on update - name = "fix-hardcoded-tables.diff"; - url = "http://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff_plain/c8232e50074f"; - sha256 = "0jlksks4fjajby8fjk7rfp414gxfdgd6q9khq26i52xvf4kg2dw6"; - })]; + + patches = [ ./prefer-libdav1d-over-libaom.patch ]; prePatch = '' patchShebangs . @@ -327,6 +328,7 @@ stdenv.mkDerivation rec { (enableFeature (bzip2 != null) "bzlib") (enableFeature (celt != null) "libcelt") #(enableFeature crystalhd "crystalhd") + (enableFeature (dav1d != null) "libdav1d") #(enableFeature decklinkExtlib "decklink") (enableFeature (fdkaacExtlib && gplLicensing) "libfdk-aac") #(enableFeature (flite != null) "libflite") @@ -351,7 +353,7 @@ stdenv.mkDerivation rec { (enableFeature (if isLinux then libdc1394 != null && libraw1394 != null else false) "libdc1394") (enableFeature (libiconv != null) "iconv") #(enableFeature (if isLinux then libiec61883 != null && libavc1394 != null && libraw1394 != null else false) "libiec61883") - (enableFeature (if isLinux then libmfx != null else false) "libmfx") + (enableFeature (if isLinux && !isAarch64 then libmfx != null else false) "libmfx") (enableFeature (libmodplug != null) "libmodplug") (enableFeature (libmysofa != null) "libmysofa") #(enableFeature (libnut != null) "libnut") @@ -414,7 +416,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl pkgconfig texinfo yasm ]; buildInputs = [ - bzip2 celt fontconfig freetype frei0r fribidi game-music-emu gnutls gsm + bzip2 celt dav1d fontconfig freetype frei0r fribidi game-music-emu gnutls gsm libjack2 ladspaH lame libaom libass libbluray libbs2b libcaca libdc1394 libmodplug libmysofa libogg libopus libssh libtheora libvdpau libvorbis libvpx libwebp libX11 libxcb libXv libXext lzma openal openjpeg libpulseaudio rtmpdump opencore-amr @@ -424,7 +426,7 @@ stdenv.mkDerivation rec { ++ optionals nonfreeLicensing [ fdk_aac openssl ] ++ optional ((isLinux || isFreeBSD) && libva != null) libva ++ optionals isLinux [ alsaLib libraw1394 libv4l ] - ++ optional (isLinux && libmfx != null) libmfx + ++ optional (isLinux && !isAarch64 && libmfx != null) libmfx ++ optional nvenc nv-codec-headers ++ optionals stdenv.isDarwin [ Cocoa CoreServices CoreAudio AVFoundation MediaToolbox VideoDecodeAcceleration diff --git a/pkgs/development/libraries/ffmpeg-full/prefer-libdav1d-over-libaom.patch b/pkgs/development/libraries/ffmpeg-full/prefer-libdav1d-over-libaom.patch new file mode 100644 index 00000000000..789bfc2674f --- /dev/null +++ b/pkgs/development/libraries/ffmpeg-full/prefer-libdav1d-over-libaom.patch @@ -0,0 +1,19 @@ +diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c +index d2f9a39ce5..2342399a8e 100644 +--- a/libavcodec/allcodecs.c ++++ b/libavcodec/allcodecs.c +@@ -679,13 +679,13 @@ extern AVCodec ff_pcm_mulaw_at_encoder; + extern AVCodec ff_pcm_mulaw_at_decoder; + extern AVCodec ff_qdmc_at_decoder; + extern AVCodec ff_qdm2_at_decoder; ++extern AVCodec ff_libdav1d_decoder; + extern AVCodec ff_libaom_av1_decoder; + extern AVCodec ff_libaom_av1_encoder; + extern AVCodec ff_libaribb24_decoder; + extern AVCodec ff_libcelt_decoder; + extern AVCodec ff_libcodec2_encoder; + extern AVCodec ff_libcodec2_decoder; +-extern AVCodec ff_libdav1d_decoder; + extern AVCodec ff_libdavs2_decoder; + extern AVCodec ff_libfdk_aac_encoder; + extern AVCodec ff_libfdk_aac_decoder; diff --git a/pkgs/development/libraries/folly/default.nix b/pkgs/development/libraries/folly/default.nix index 6a51154c459..b072df506a9 100644 --- a/pkgs/development/libraries/folly/default.nix +++ b/pkgs/development/libraries/folly/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "folly"; - version = "2019.07.22.00"; + version = "2019.08.05.00"; src = fetchFromGitHub { owner = "facebook"; repo = "folly"; rev = "v${version}"; - sha256 = "1vh5jrqz0lp6rc5fr6vk3yqss5vaycdsyap12mcr0cniv419fdxa"; + sha256 = "03arl9hg06rzbyaf3fzyk7q8d5mfbzfwmhqnfnvqcgzlqdj0gaa5"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/gegl/3.0.nix b/pkgs/development/libraries/gegl/3.0.nix deleted file mode 100644 index 54ee7662d06..00000000000 --- a/pkgs/development/libraries/gegl/3.0.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ stdenv, fetchurl, pkgconfig, glib, babl, libpng, cairo, libjpeg, which -, librsvg, pango, gtk, bzip2, json-glib, intltool, autoreconfHook, libraw -, libwebp, gnome3, libintl }: - -stdenv.mkDerivation rec { - name = "gegl-0.3.34"; - - src = fetchurl { - url = "https://download.gimp.org/pub/gegl/0.3/${name}.tar.bz2"; - sha256 = "010k86wn8cmr07rqwa4lccrmiiqrwbnkxvic4lpapwgbamv258jw"; - }; - - hardeningDisable = [ "format" ]; - - # needs fonts otherwise don't know how to pass them - configureFlags = [ "--disable-docs" ]; - - enableParallelBuilding = true; - - doCheck = true; - - buildInputs = [ - libpng cairo libjpeg librsvg pango gtk bzip2 - libraw libwebp gnome3.gexiv2 - ]; - - propagatedBuildInputs = [ glib json-glib babl ]; # for gegl-3.0.pc - - nativeBuildInputs = [ pkgconfig intltool which autoreconfHook libintl ]; - - meta = with stdenv.lib; { - description = "Graph-based image processing framework"; - homepage = http://www.gegl.org; - license = licenses.gpl3; - maintainers = with maintainers; [ jtojnar ]; - platforms = platforms.unix; - }; -} diff --git a/pkgs/development/libraries/gfbgraph/default.nix b/pkgs/development/libraries/gfbgraph/default.nix index 1bdcb7d8b28..235cd195071 100644 --- a/pkgs/development/libraries/gfbgraph/default.nix +++ b/pkgs/development/libraries/gfbgraph/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, glib, librest +{ stdenv, fetchurl, pkgconfig, glib, librest, gnome-online-accounts , gnome3, libsoup, json-glib, gobject-introspection }: stdenv.mkDerivation rec { @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig gobject-introspection ]; - buildInputs = [ glib gnome3.gnome-online-accounts ]; + buildInputs = [ glib gnome-online-accounts ]; propagatedBuildInputs = [ libsoup json-glib librest ]; configureFlags = [ "--enable-introspection" ]; diff --git a/pkgs/development/libraries/globalplatform/default.nix b/pkgs/development/libraries/globalplatform/default.nix index 28d32765e30..b3cf36107af 100644 --- a/pkgs/development/libraries/globalplatform/default.nix +++ b/pkgs/development/libraries/globalplatform/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, zlib, openssl, pcsclite }: +{ stdenv, fetchurl, pkgconfig, zlib, openssl_1_0_2, pcsclite }: stdenv.mkDerivation rec { pname = "globalplatform"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ zlib openssl pcsclite ]; + buildInputs = [ zlib openssl_1_0_2 pcsclite ]; meta = with stdenv.lib; { homepage = https://sourceforge.net/p/globalplatform/wiki/Home/; diff --git a/pkgs/development/libraries/globalplatform/gppcscconnectionplugin.nix b/pkgs/development/libraries/globalplatform/gppcscconnectionplugin.nix index b4900bb953d..e01deea1175 100644 --- a/pkgs/development/libraries/globalplatform/gppcscconnectionplugin.nix +++ b/pkgs/development/libraries/globalplatform/gppcscconnectionplugin.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, globalplatform, openssl, pcsclite }: +{ stdenv, fetchurl, pkgconfig, globalplatform, openssl_1_0_2, pcsclite }: stdenv.mkDerivation rec { pname = "gppcscconnectionplugin"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ globalplatform openssl pcsclite ]; + buildInputs = [ globalplatform openssl_1_0_2 pcsclite ]; meta = with stdenv.lib; { homepage = https://sourceforge.net/p/globalplatform/wiki/Home/; diff --git a/pkgs/development/libraries/gnome-online-accounts/default.nix b/pkgs/development/libraries/gnome-online-accounts/default.nix new file mode 100644 index 00000000000..9ae4a572d93 --- /dev/null +++ b/pkgs/development/libraries/gnome-online-accounts/default.nix @@ -0,0 +1,52 @@ +{ stdenv, fetchurl, pkgconfig, vala, glib, libxslt, gtk3, wrapGAppsHook +, webkitgtk, json-glib, librest, libsecret, gtk-doc, gobject-introspection +, gettext, icu, glib-networking, hicolor-icon-theme +, libsoup, docbook_xsl, docbook_xml_dtd_412, gnome3, gcr, kerberos +}: + +let + pname = "gnome-online-accounts"; + version = "3.32.0"; +in stdenv.mkDerivation rec { + name = "${pname}-${version}"; + + src = fetchurl { + url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; + sha256 = "1anlx0rb2hafg9929pgfms25mdz23sd0vdva06h6zlf8f5byc68w"; + }; + + outputs = [ "out" "man" "dev" "devdoc" ]; + + configureFlags = [ + "--enable-media-server" + "--enable-kerberos" + "--enable-lastfm" + "--enable-todoist" + "--enable-gtk-doc" + "--enable-documentation" + ]; + + enableParallelBuilding = true; + + nativeBuildInputs = [ + pkgconfig gobject-introspection vala gettext wrapGAppsHook + libxslt docbook_xsl docbook_xml_dtd_412 gtk-doc + hicolor-icon-theme # for setup-hook + ]; + buildInputs = [ + glib gtk3 webkitgtk json-glib librest libsecret glib-networking icu libsoup + gcr kerberos + ]; + + passthru = { + updateScript = gnome3.updateScript { + packageName = pname; + attrPath = "gnome3.${pname}"; + }; + }; + + meta = with stdenv.lib; { + platforms = platforms.linux; + maintainers = gnome3.maintainers; + }; +} diff --git a/pkgs/development/libraries/gnome-video-effects/default.nix b/pkgs/development/libraries/gnome-video-effects/default.nix new file mode 100644 index 00000000000..03799c1ef7c --- /dev/null +++ b/pkgs/development/libraries/gnome-video-effects/default.nix @@ -0,0 +1,46 @@ +{ stdenv +, fetchurl +, pkgconfig +, meson +, ninja +, gettext +, gnome3 +}: + +stdenv.mkDerivation rec { + pname = "gnome-video-effects"; + version = "0.5.0"; + + src = fetchurl { + url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; + sha256 = "1j6h98whgkcxrh30bwvnxvyqxrxchgpdgqhl0j71xz7x72dqxijd"; + }; + + patches = [ + # Fix effectsdir in .pc file + # https://gitlab.gnome.org/GNOME/gnome-video-effects/commit/955404195ada606819974dd63c48956f25611e14 + ./fix-pc-file.patch + ]; + + nativeBuildInputs = [ + meson + ninja + pkgconfig + gettext + ]; + + passthru = { + updateScript = gnome3.updateScript { + packageName = pname; + versionPolicy = "none"; + }; + }; + + meta = with stdenv.lib; { + description = "A collection of GStreamer effects to be used in different GNOME Modules"; + homepage = https://wiki.gnome.org/Projects/GnomeVideoEffects; + platforms = platforms.linux; + maintainers = gnome3.maintainers; + license = licenses.gpl2; + }; +} diff --git a/pkgs/development/libraries/gnome-video-effects/fix-pc-file.patch b/pkgs/development/libraries/gnome-video-effects/fix-pc-file.patch new file mode 100644 index 00000000000..62b29e7d025 --- /dev/null +++ b/pkgs/development/libraries/gnome-video-effects/fix-pc-file.patch @@ -0,0 +1,11 @@ +--- a/meson.build ++++ b/meson.build +@@ -17,7 +17,7 @@ + # Can't use pkgconfig helper https://github.com/mesonbuild/meson/issues/2253 + conf = configuration_data() + conf.set('prefix', prefix) +-conf.set('datarootdir', pkgdatadir) ++conf.set('datarootdir', datadir) + conf.set('VERSION', meson.project_version()) + + pkg = configure_file(configuration: conf, diff --git a/pkgs/development/libraries/grantlee/5/default.nix b/pkgs/development/libraries/grantlee/5/default.nix index 3b14efe8a5f..45096e031d3 100644 --- a/pkgs/development/libraries/grantlee/5/default.nix +++ b/pkgs/development/libraries/grantlee/5/default.nix @@ -3,8 +3,7 @@ mkDerivation rec { pname = "grantlee"; version = "5.1.0"; - grantleeCompatVersion = "5.1"; - grantleePluginPrefix = "lib/grantlee/${grantleeCompatVersion}"; + grantleePluginPrefix = "lib/grantlee/${lib.versions.majorMinor version}"; src = fetchurl { url = "https://github.com/steveire/grantlee/archive/v${version}.tar.gz"; diff --git a/pkgs/development/libraries/grantlee/5/grantlee-cxx11.patch b/pkgs/development/libraries/grantlee/5/grantlee-cxx11.patch new file mode 100644 index 00000000000..d049d6c96f8 --- /dev/null +++ b/pkgs/development/libraries/grantlee/5/grantlee-cxx11.patch @@ -0,0 +1,24 @@ +From 3a5fc7662da3261be6496611900c095844e56ab1 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Sat, 20 Jul 2019 17:35:30 +0200 +Subject: [PATCH] Fix compile with newer Qt/cmake combination + +Without this i get huge errors about Qt needing C++11 support +--- + CMakeLists.txt | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 6d51110..0859788 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -11,6 +11,9 @@ endif() + + project(Grantlee) + ++set (CMAKE_CXX_STANDARD 11) ++set (CMAKE_CXX_EXTENSIONS OFF) ++ + # Workaround for http://public.kitware.com/Bug/view.php?id=12301 + if (MINGW) + if(NOT CMAKE_BUILD_TYPE) diff --git a/pkgs/development/libraries/grantlee/5/series b/pkgs/development/libraries/grantlee/5/series index 9c4015a1c19..19850b2e7e4 100644 --- a/pkgs/development/libraries/grantlee/5/series +++ b/pkgs/development/libraries/grantlee/5/series @@ -1,2 +1,3 @@ grantlee-nix-profiles.patch grantlee-no-canonicalize-filepath.patch +grantlee-cxx11.patch diff --git a/pkgs/development/libraries/graphene-hardened-malloc/default.nix b/pkgs/development/libraries/graphene-hardened-malloc/default.nix index dc3defac638..66c5d8eb061 100644 --- a/pkgs/development/libraries/graphene-hardened-malloc/default.nix +++ b/pkgs/development/libraries/graphene-hardened-malloc/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "graphene-hardened-malloc"; - version = "1"; + version = "2"; src = fetchurl { url = "https://github.com/GrapheneOS/hardened_malloc/archive/${version}.tar.gz"; - sha256 = "1z3kb9fr6w9fcdc42bh8k5b4r10sn5hrwwk4m691qjdgk5hlj3aa"; + sha256 = "0zsl4vl65ic6lw5rzcjzvcxg8makg683abnwvy60zfap8hvijvjb"; }; installPhase = '' diff --git a/pkgs/development/libraries/graphene/0001-meson-add-options-for-tests-installation-dirs.patch b/pkgs/development/libraries/graphene/0001-meson-add-options-for-tests-installation-dirs.patch index d6a441e1577..51bc206659d 100644 --- a/pkgs/development/libraries/graphene/0001-meson-add-options-for-tests-installation-dirs.patch +++ b/pkgs/development/libraries/graphene/0001-meson-add-options-for-tests-installation-dirs.patch @@ -1,34 +1,31 @@ -From c550bf4a41e9f86351b0a65ea3d6c9ab616e27c0 Mon Sep 17 00:00:00 2001 +From 2bf6614a6d7516e194e39eb691c05b486860153c Mon Sep 17 00:00:00 2001 From: worldofpeace <worldofpeace@protonmail.ch> Date: Thu, 16 May 2019 21:15:15 -0400 Subject: [PATCH] meson: add options for tests installation dirs --- - meson_options.txt | 6 ++++++ - src/tests/meson.build | 19 ++++++++++++++----- + meson_options.txt | 6 ++++++ + tests/meson.build | 19 ++++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/meson_options.txt b/meson_options.txt -index c938805..c1e9e95 100644 +index 578bdae..6f5fa23 100644 --- a/meson_options.txt +++ b/meson_options.txt -@@ -19,6 +19,12 @@ option('arm_neon', type: 'boolean', - option('tests', type: 'boolean', +@@ -22,3 +22,9 @@ option('tests', type: 'boolean', + option('installed_tests', type: 'boolean', value: true, - description: 'Build the test suite (requires GObject)') + description: 'Install tests') +option('installed_test_datadir', type: 'string', + value: '', + description: 'Installation directory for data files in tests') +option('installed_test_bindir', type: 'string', + value: '', + description: 'Installation directory for binary files in tests') - option('benchmarks', type: 'boolean', - value: true, - description: 'Build the benchmarks suite (requires GObject)') -diff --git a/src/tests/meson.build b/src/tests/meson.build -index 62129c6..0186400 100644 ---- a/src/tests/meson.build -+++ b/src/tests/meson.build +diff --git a/tests/meson.build b/tests/meson.build +index 1f9bd0e..0253ac3 100644 +--- a/tests/meson.build ++++ b/tests/meson.build @@ -22,8 +22,17 @@ unit_tests = [ python = python3.find_python() gen_installed_test = join_paths(meson.current_source_dir(), 'gen-installed-test.py') @@ -47,33 +44,33 @@ index 62129c6..0186400 100644 + test_bindir = join_paths(get_option('prefix'), get_option('libexecdir'), test_suffix) +endif - foreach unit: unit_tests - wrapper = '@0@.test'.format(unit) -@@ -32,13 +41,13 @@ foreach unit: unit_tests - command: [ - python, - gen_installed_test, -- '--testdir=@0@'.format(installed_test_bindir), -+ '--testdir=@0@'.format(test_bindir), - '--testname=@0@'.format(unit), - '--outdir=@OUTDIR@', - '--outfile=@0@'.format(wrapper), - ], - install: true, -- install_dir: installed_test_datadir) -+ install_dir: test_datadir) - - exe = executable(unit, unit + '.c', - dependencies: graphene_dep, -@@ -50,7 +59,7 @@ foreach unit: unit_tests - '-DGLIB_DISABLE_DEPRECATION_WARNINGS', - ], - install: true, -- install_dir: installed_test_bindir) -+ install_dir: test_bindir) + # Make tests conditional on having mutest-1 installed system-wide, or + # available as a subproject +@@ -42,13 +51,13 @@ if mutest_dep.found() + command: [ + python, + gen_installed_test, +- '--testdir=@0@'.format(installed_test_bindir), ++ '--testdir=@0@'.format(test_bindir), + '--testname=@0@'.format(unit), + '--outdir=@OUTDIR@', + '--outfile=@0@'.format(wrapper), + ], + install: get_option('installed_tests'), +- install_dir: installed_test_datadir, ++ install_dir: test_datadir, + ) - test(unit, exe, args: [ '--tap', '-k' ]) - endforeach + test(unit, +@@ -57,7 +66,7 @@ if mutest_dep.found() + include_directories: graphene_inc, + c_args: common_cflags, + install: get_option('installed_tests'), +- install_dir: installed_test_bindir, ++ install_dir: test_bindir, + ), + env: ['MUTEST_OUTPUT=tap'], + protocol: 'tap', -- -2.21.0 +2.22.0 diff --git a/pkgs/development/libraries/graphene/default.nix b/pkgs/development/libraries/graphene/default.nix index 253fce4ea0d..c439e763e73 100644 --- a/pkgs/development/libraries/graphene/default.nix +++ b/pkgs/development/libraries/graphene/default.nix @@ -4,6 +4,8 @@ , meson , ninja , python3 +, mutest +, nixosTests , glib , gtk-doc , docbook_xsl @@ -13,7 +15,7 @@ stdenv.mkDerivation rec { pname = "graphene"; - version = "1.8.6"; + version = "1.9.6"; outputs = [ "out" "devdoc" "installedTests" ]; @@ -21,7 +23,7 @@ stdenv.mkDerivation rec { owner = "ebassi"; repo = pname; rev = version; - sha256 = "1hdbdzcz86jrvsq5h954ph9q62m8jr2a5s5acklxhdkfqn5bkbv8"; + sha256 = "0hb7s6g00l7zlf4hlfda55krn0pls9ajz0hcqrh8m656zr18ddwa"; }; patches = [ @@ -41,17 +43,27 @@ stdenv.mkDerivation rec { meson ninja pkgconfig + gobject-introspection python3 ]; buildInputs = [ + glib gobject-introspection ]; checkInputs = [ - glib + mutest ]; + doCheck = true; + + passthru = { + tests = { + installedTests = nixosTests.graphene; + }; + }; + meta = with stdenv.lib; { description = "A thin layer of graphic data types"; homepage = "https://ebassi.github.com/graphene"; diff --git a/pkgs/development/libraries/grilo-plugins/default.nix b/pkgs/development/libraries/grilo-plugins/default.nix new file mode 100644 index 00000000000..118a910a168 --- /dev/null +++ b/pkgs/development/libraries/grilo-plugins/default.nix @@ -0,0 +1,82 @@ +{ stdenv +, fetchurl +, meson +, ninja +, pkgconfig +, gettext +, gperf +, sqlite +, librest +, libarchive +, libsoup +, gnome3 +, libxml2 +, lua5_3 +, liboauth +, libgdata +, libmediaart +, grilo +, gnome-online-accounts +, gmime +, json-glib +, avahi +, tracker +, dleyna-server +, itstool +, totem-pl-parser +}: + +stdenv.mkDerivation rec { + pname = "grilo-plugins"; + version = "0.3.9"; + + src = fetchurl { + url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; + sha256 = "1hv84b56qjic8vz8iz46ikhrxx31l29ilbr8dm5qcghbd8ikw8j1"; + }; + + nativeBuildInputs = [ + meson + ninja + pkgconfig + gettext + itstool + gperf # for lua-factory + ]; + + buildInputs = [ + grilo + libxml2 + libgdata + lua5_3 + liboauth + sqlite + gnome-online-accounts + totem-pl-parser + librest + libarchive + libsoup + gmime + json-glib + avahi + libmediaart + tracker + dleyna-server + ]; + + passthru = { + updateScript = gnome3.updateScript { + packageName = pname; + attrPath = "gnome3.${pname}"; + versionPolicy = "none"; + }; + }; + + meta = with stdenv.lib; { + homepage = https://wiki.gnome.org/Projects/Grilo; + description = "A collection of plugins for the Grilo framework"; + maintainers = gnome3.maintainers; + license = licenses.lgpl21; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/grilo/default.nix b/pkgs/development/libraries/grilo/default.nix new file mode 100644 index 00000000000..b2a7f0bd5ae --- /dev/null +++ b/pkgs/development/libraries/grilo/default.nix @@ -0,0 +1,62 @@ +{ stdenv, fetchurl, meson, ninja, pkgconfig, gettext, vala, glib, liboauth, gtk3 +, gtk-doc, docbook_xsl, docbook_xml_dtd_43, fetchpatch +, libxml2, gnome3, gobject-introspection, libsoup, totem-pl-parser }: + +let + pname = "grilo"; + version = "0.3.9"; # if you change minor, also change ./setup-hook.sh +in stdenv.mkDerivation rec { + name = "${pname}-${version}"; + + outputs = [ "out" "dev" "man" "devdoc" ]; + outputBin = "dev"; + + src = fetchurl { + url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; + sha256 = "1wnabc69730jsv8dljj5ik8g7p581nw60mw1mkgamkzjcb6821bk"; + }; + + setupHook = ./setup-hook.sh; + + mesonFlags = [ + "-Dgtk_doc=true" + ]; + + patches = [ + # https://gitlab.gnome.org/GNOME/grilo/merge_requests/45 + # commits are from a separate branch so they shouldn't 404 + (fetchpatch { + url = "https://gitlab.gnome.org/worldofpeace/grilo/commit/f6993c2a8a6c1a6246372569f9f7a9179955c95e.patch"; + sha256 = "1x4s0ahs60dqyphgv2dy3x2sjnxv5ydd55kdlcjsys5870ijwbi8"; + }) + (fetchpatch { + url = "https://gitlab.gnome.org/worldofpeace/grilo/commit/61bca28b141162a33eb2fb575ef1daf0f21c7741.patch"; + sha256 = "1147xbmaq61myfwxz0pagdv056krfmh1s78qjbiy5k7k203qrjz0"; + }) + (fetchpatch { + url = "https://gitlab.gnome.org/worldofpeace/grilo/commit/363b198a062eeb8aaa5489ea9720e69d428e885c.patch"; + sha256 = "01w1bfzdbnxy5l37b2z7a9h2mrxziqkzdw02dybjphy85nb0hz5w"; + }) + ]; + + nativeBuildInputs = [ + meson ninja pkgconfig gettext gobject-introspection vala + gtk-doc docbook_xsl docbook_xml_dtd_43 + ]; + buildInputs = [ glib liboauth gtk3 libxml2 libsoup totem-pl-parser ]; + + passthru = { + updateScript = gnome3.updateScript { + packageName = pname; + versionPolicy = "none"; + }; + }; + + meta = with stdenv.lib; { + homepage = https://wiki.gnome.org/Projects/Grilo; + description = "Framework that provides access to various sources of multimedia content, using a pluggable system"; + maintainers = gnome3.maintainers; + license = licenses.lgpl2; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/grilo/setup-hook.sh b/pkgs/development/libraries/grilo/setup-hook.sh new file mode 100644 index 00000000000..9337c520a20 --- /dev/null +++ b/pkgs/development/libraries/grilo/setup-hook.sh @@ -0,0 +1,7 @@ +make_grilo_find_plugins() { + if [ -d "$1"/lib/grilo-0.3 ]; then + addToSearchPath GRL_PLUGIN_PATH "$1/lib/grilo-0.3" + fi +} + +addEnvHooks "$hostOffset" make_grilo_find_plugins diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix index af8fbcb9a54..d45aba1cb37 100644 --- a/pkgs/development/libraries/grpc/default.nix +++ b/pkgs/development/libraries/grpc/default.nix @@ -1,13 +1,13 @@ { stdenv, fetchFromGitHub, cmake, zlib, c-ares, pkgconfig, openssl, protobuf, gflags }: stdenv.mkDerivation rec { - version = "1.22.0"; + version = "1.23.0"; # N.B: if you change this, change pythonPackages.grpcio and pythonPackages.grpcio-tools to a matching version too pname = "grpc"; src = fetchFromGitHub { owner = "grpc"; repo = "grpc"; rev = "v${version}"; - sha256 = "10wf9sakkxpcvc09n1h91x6slwwhxblghs4zn95klyc4m6py1gfg"; + sha256 = "14svfy7lvz8lf6b7zg1fbypj2n46n9gq0ldgnv85jm0ikv72cgv6"; }; nativeBuildInputs = [ cmake pkgconfig ]; buildInputs = [ zlib c-ares c-ares.cmake-config openssl protobuf gflags ]; @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)"; license = licenses.asl20; - maintainers = [ maintainers.lnl7 ]; + maintainers = [ maintainers.lnl7 maintainers.marsam ]; homepage = https://grpc.io/; }; } diff --git a/pkgs/development/libraries/gthree/default.nix b/pkgs/development/libraries/gthree/default.nix new file mode 100644 index 00000000000..6588b8ab440 --- /dev/null +++ b/pkgs/development/libraries/gthree/default.nix @@ -0,0 +1,72 @@ +{ stdenv +, fetchFromGitHub +, fetchpatch +, ninja +, meson +, pkgconfig +, gobject-introspection +, gtk-doc +, docbook_xsl +, docbook_xml_dtd_43 +, glib +, gtk3 +, graphene +, epoxy +, json-glib +}: + +stdenv.mkDerivation rec { + pname = "gthree"; + version = "unstable-2019-08-21"; + + outputs = [ "out" "dev" "devdoc" ]; + + src = fetchFromGitHub { + owner = "alexlarsson"; + repo = "gthree"; + rev = "dac46b0f35e29319c004c7e17b5f345ef4c04cb8"; + sha256 = "16ixis2g04000zffm44s7ir64vn3byz9a793g2s76aasqybl86i2"; + }; + + patches = [ + # correctly declare json-glib in .pc file + # https://github.com/alexlarsson/gthree/pull/61 + (fetchpatch { + url = https://github.com/alexlarsson/gthree/commit/784b1f20e0b6eb15f113a51f74c2cba871249861.patch; + sha256 = "07vxafaxris5a98w751aw04nlw0l45np1lba08xd16wdzmkadz0x"; + }) + ]; + + nativeBuildInputs = [ + ninja + meson + pkgconfig + gtk-doc + docbook_xsl + docbook_xml_dtd_43 + gobject-introspection + ]; + + buildInputs = [ + epoxy + ]; + + propagatedBuildInputs = [ + glib + gtk3 + graphene + json-glib + ]; + + mesonFlags = [ + "-Dgtk_doc=${if stdenv.isDarwin then "false" else "true"}" + ]; + + meta = with stdenv.lib; { + description = "GObject/GTK port of three.js"; + homepage = https://github.com/alexlarsson/gthree; + license = licenses.mit; + maintainers = with maintainers; [ jtojnar ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/libraries/hunspell/dictionaries.nix b/pkgs/development/libraries/hunspell/dictionaries.nix index 1c86830f258..4fa369e299d 100644 --- a/pkgs/development/libraries/hunspell/dictionaries.nix +++ b/pkgs/development/libraries/hunspell/dictionaries.nix @@ -312,6 +312,17 @@ in rec { }; }; + en-au = mkDictFromWordlist { + shortName = "en-au"; + shortDescription = "English (Australia)"; + dictFileName = "en_AU"; + src = fetchurl { + url = mirror://sourceforge/wordlist/speller/2018.04.16/hunspell-en_AU-2018.04.16.zip; + sha256 = "1kp06npl1kd05mm9r52cg2iwc13x02zwqgpibdw15b6x43agg6f5"; + }; + }; + en_AU = en-au; + en_GB-ise = en-gb-ise; en-gb-ise = mkDictFromWordlist { shortName = "en-gb-ise"; @@ -629,12 +640,12 @@ in rec { uk_UA = uk-ua; uk-ua = mkDict rec { name = "hunspell-dict-uk-ua-${version}"; - version = "4.2.5"; - _version = "4-2.5"; + version = "4.6.3"; + _version = "4-6.3"; src = fetchurl { url = "https://extensions.libreoffice.org/extensions/ukrainian-spelling-dictionary-and-thesaurus/${_version}/@@download/file/dict-uk_UA-${version}.oxt"; - sha256 = "1s2i9cd569g97kafrswczvwmvg7m9aks8qsbxd1mi73zy2y1r7n4"; + sha256 = "14rd07yx4fx2qxjr5xqc8qy151idd8k2hr5yi18d9r8gccnm9w50"; }; dictFileName = "uk_UA"; diff --git a/pkgs/development/libraries/itk/default.nix b/pkgs/development/libraries/itk/default.nix index a459bd82755..3577e7a8196 100644 --- a/pkgs/development/libraries/itk/default.nix +++ b/pkgs/development/libraries/itk/default.nix @@ -1,11 +1,14 @@ -{ stdenv, fetchurl, cmake, libX11, libuuid, xz, vtk, darwin }: +{ stdenv, fetchFromGitHub, cmake, libX11, libuuid, xz, vtk, darwin }: stdenv.mkDerivation rec { - name = "itk-5.0.0"; + pname = "itk"; + version = "5.0.1"; - src = fetchurl { - url = mirror://sourceforge/itk/InsightToolkit-5.0.0.tar.xz; - sha256 = "0bs63mk4q8jmx38f031jy5w5n9yy5ng9x8ijwinvjyvas8cichqi"; + src = fetchFromGitHub { + owner = "InsightSoftwareConsortium"; + repo = "ITK"; + rev = "v${version}"; + sha256 = "0dcjsn5frjnrphfgw8alnd2ahrvicpx2a2ngb5ixaa9anaicz9z1"; }; cmakeFlags = [ diff --git a/pkgs/development/libraries/kde-frameworks/kdewebkit.nix b/pkgs/development/libraries/kde-frameworks/kdewebkit.nix index b7dcfb7fe64..9f682b44975 100644 --- a/pkgs/development/libraries/kde-frameworks/kdewebkit.nix +++ b/pkgs/development/libraries/kde-frameworks/kdewebkit.nix @@ -8,4 +8,7 @@ mkDerivation { buildInputs = [ kconfig kcoreaddons kio kparts ]; propagatedBuildInputs = [ qtwebkit ]; outputs = [ "out" "dev" ]; + cmakeFlags = [ + "-DBUILD_DESIGNERPLUGIN=OFF" + ]; } diff --git a/pkgs/development/libraries/leatherman/default.nix b/pkgs/development/libraries/leatherman/default.nix index bf6efb9ef21..f91612caca1 100644 --- a/pkgs/development/libraries/leatherman/default.nix +++ b/pkgs/development/libraries/leatherman/default.nix @@ -2,10 +2,10 @@ stdenv.mkDerivation rec { pname = "leatherman"; - version = "1.7.0"; + version = "1.7.1"; src = fetchFromGitHub { - sha256 = "0n6vcbc43hdaxg5inl2b43bsksdkj3k0qxis6gkkclipivp8pz0p"; + sha256 = "0m2dm1gzwj0kwyl031bif89h3n4znml3m5n97hywlbra58ni8km1"; rev = version; repo = "leatherman"; owner = "puppetlabs"; diff --git a/pkgs/development/libraries/libcacard/default.nix b/pkgs/development/libraries/libcacard/default.nix index 48402b9ad45..2e134c5bb63 100644 --- a/pkgs/development/libraries/libcacard/default.nix +++ b/pkgs/development/libraries/libcacard/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libcacard"; - version = "2.6.1"; + version = "2.7.0"; src = fetchurl { url = "https://www.spice-space.org/download/libcacard/${pname}-${version}.tar.xz"; - sha256 = "1w6y0kiakhg7dgyf8yqpm4jj6jiv17zhy9lp3d7z32q1pniccxk2"; + sha256 = "0vyvkk4b6xjwq1ccggql13c1x7g4y90clpkqw28257azgn2a1c8n"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/libdazzle/default.nix b/pkgs/development/libraries/libdazzle/default.nix index 28d9152dcee..f7e0a987b06 100644 --- a/pkgs/development/libraries/libdazzle/default.nix +++ b/pkgs/development/libraries/libdazzle/default.nix @@ -2,7 +2,7 @@ , gtk-doc, docbook_xsl, docbook_xml_dtd_43, glibcLocales, dbus, xvfb_run, glib, gtk3, gnome3 }: let - version = "3.32.2"; + version = "3.32.3"; pname = "libdazzle"; in stdenv.mkDerivation { @@ -13,7 +13,7 @@ stdenv.mkDerivation { src = fetchurl { url = "mirror://gnome/sources/libdazzle/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; - sha256 = "0hgi7gnkna9n42nh7p81crrw0jjj22yr8acych60wxh6hzxqsgs1"; + sha256 = "1s37hv12ikfzhvh86qzgmfcjm3wvp12l2vsr0whl5xmm2harp3bc"; }; nativeBuildInputs = [ ninja meson pkgconfig vala gobject-introspection libxml2 gtk-doc docbook_xsl docbook_xml_dtd_43 glibcLocales dbus xvfb_run ]; diff --git a/pkgs/development/libraries/libdeflate/default.nix b/pkgs/development/libraries/libdeflate/default.nix index 85aad4844ba..b06a0a9450a 100644 --- a/pkgs/development/libraries/libdeflate/default.nix +++ b/pkgs/development/libraries/libdeflate/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libdeflate"; - version = "1.2"; + version = "1.3"; src = fetchFromGitHub { owner = "ebiggers"; repo = "libdeflate"; rev = "v${version}"; - sha256 = "0kmp38s7vahvbgzzhs5v0bfyjgas1in7jn69gpyh70kl08279ly0"; + sha256 = "019xsz5dnbpxiz29j3zqsxyi4ksjkkygi6a2zyc8fxbm8lvaa9ar"; }; postPatch = '' diff --git a/pkgs/development/libraries/libfilezilla/default.nix b/pkgs/development/libraries/libfilezilla/default.nix index a8384de5552..9b6c1d505c1 100644 --- a/pkgs/development/libraries/libfilezilla/default.nix +++ b/pkgs/development/libraries/libfilezilla/default.nix @@ -9,11 +9,11 @@ stdenv.mkDerivation rec { pname = "libfilezilla"; - version = "0.18.0"; + version = "0.18.1"; src = fetchurl { url = "https://download.filezilla-project.org/${pname}/${pname}-${version}.tar.bz2"; - sha256 = "0g4zbyvnxs4db3l5pqazyk42ahvwdqfz2222dbkl8zygblxncyjp"; + sha256 = "15vzi95ibp6a9n4jjfs78z4b1iym8x1yv849gjipxzx64y5awyyb"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/libftdi/default.nix b/pkgs/development/libraries/libftdi/default.nix index 74b87a46ef0..08ec1d84a3f 100644 --- a/pkgs/development/libraries/libftdi/default.nix +++ b/pkgs/development/libraries/libftdi/default.nix @@ -1,6 +1,6 @@ {stdenv, fetchurl, libusb}: -stdenv.mkDerivation rec { +with stdenv; mkDerivation rec { name = "libftdi-0.20"; src = fetchurl { @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { # Hack to avoid TMPDIR in RPATHs. preFixup = ''rm -rf "$(pwd)" ''; - configureFlags = [ "--with-async-mode" ]; + configureFlags = lib.optional (!isDarwin) [ "--with-async-mode" ]; # allow async mode. from ubuntu. see: # https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/libftdi/trusty/view/head:/debian/patches/04_async_mode.diff @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { meta = { description = "A library to talk to FTDI chips using libusb"; homepage = https://www.intra2net.com/en/developer/libftdi/; - license = stdenv.lib.licenses.lgpl21; - platforms = stdenv.lib.platforms.linux; + license = lib.licenses.lgpl21; + platforms = lib.platforms.all; }; } diff --git a/pkgs/development/libraries/libgdata/default.nix b/pkgs/development/libraries/libgdata/default.nix index 48cfa098c9f..f61283aec4a 100644 --- a/pkgs/development/libraries/libgdata/default.nix +++ b/pkgs/development/libraries/libgdata/default.nix @@ -10,6 +10,7 @@ , glib , json-glib , gcr +, gnome-online-accounts , gobject-introspection , liboauth , gnome3 @@ -70,7 +71,7 @@ stdenv.mkDerivation rec { ]; propagatedBuildInputs = [ - gnome3.gnome-online-accounts + gnome-online-accounts json-glib ]; diff --git a/pkgs/development/libraries/libgig/default.nix b/pkgs/development/libraries/libgig/default.nix index 11affa5cbef..27939238278 100644 --- a/pkgs/development/libraries/libgig/default.nix +++ b/pkgs/development/libraries/libgig/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libgig"; - version = "4.1.0"; + version = "4.2.0"; src = fetchurl { url = "https://download.linuxsampler.org/packages/${pname}-${version}.tar.bz2"; - sha256 = "02xx6bqxzgkvrawwnzrnxx1ypk244q4kpwfd58266f9ji8kq18h6"; + sha256 = "1zs5yy124bymfyapsnljr6rv2lnn5inwchm0xnwiw44b2d39l8hn"; }; nativeBuildInputs = [ autoconf automake libtool pkgconfig ]; diff --git a/pkgs/development/libraries/libgnurl/default.nix b/pkgs/development/libraries/libgnurl/default.nix index 4c10a288474..0bb3af37eee 100644 --- a/pkgs/development/libraries/libgnurl/default.nix +++ b/pkgs/development/libraries/libgnurl/default.nix @@ -2,23 +2,38 @@ libidn2, libunistring, nghttp2 }: stdenv.mkDerivation rec { - version = "7.64.0"; - pname = "libgnurl"; + version = "7.65.3"; src = fetchurl { url = "mirror://gnu/gnunet/gnurl-${version}.tar.gz"; - sha256 = "0pvmbi32lixcpk10prplmwrmi4wzp3bc1aiyhr552kx0wqdqmdk8"; + sha256 = "19l7jw3x83qk7yay5968pc39vzvxl55mhn1nmjh51miyda405qa9"; }; nativeBuildInputs = [ libtool groff perl pkgconfig python2 ]; - + buildInputs = [ gnutls zlib libidn2 libunistring nghttp2 ]; configureFlags = [ "--disable-ntlm-wb" "--without-ca-bundle" "--with-ca-fallback" + # below options will cause errors if enabled + "--disable-ftp" + "--disable-tftp" + "--disable-file" + "--disable-ldap" + "--disable-dict" + "--disable-rtsp" + "--disable-telnet" + "--disable-pop3" + "--disable-imap" + "--disable-smb" + "--disable-smtp" + "--disable-gopher" + "--without-ssl" # disables only openssl, not ssl in general + "--without-libpsl" + "--without-librtmp" ]; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/libgpiod/default.nix b/pkgs/development/libraries/libgpiod/default.nix index 5eac024f831..23f46ad2a0c 100644 --- a/pkgs/development/libraries/libgpiod/default.nix +++ b/pkgs/development/libraries/libgpiod/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "libgpiod"; - version = "1.4"; + version = "1.4.1"; src = fetchurl { url = "https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/snapshot/libgpiod-${version}.tar.gz"; - sha256 = "17qc2qbrnmaimxx9i3l30831hy890hp9s5a48iapni1dlr1z27p2"; + sha256 = "0x8ar31b0cp47dgmamxf6a54ixwrjgvs81zra8l9ws4szrzgrnbw"; }; buildInputs = [ kmod ]; diff --git a/pkgs/development/libraries/libivykis/default.nix b/pkgs/development/libraries/libivykis/default.nix index 8d81597351c..bd1432b8a21 100644 --- a/pkgs/development/libraries/libivykis/default.nix +++ b/pkgs/development/libraries/libivykis/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { notification facilities ''; license = licenses.zlib; - maintainers = [ maintainers.rickynils ]; + maintainers = []; platforms = platforms.linux; }; } diff --git a/pkgs/development/libraries/libmodbus/default.nix b/pkgs/development/libraries/libmodbus/default.nix index 182d642bc08..e18de4127a4 100644 --- a/pkgs/development/libraries/libmodbus/default.nix +++ b/pkgs/development/libraries/libmodbus/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl }: stdenv.mkDerivation rec { - name = "libmodbus-3.1.4"; + name = "libmodbus-3.1.6"; src = fetchurl { url = "http://libmodbus.org/releases/${name}.tar.gz"; - sha256 = "0drnil8bzd4n4qb0wv3ilm9zvypxvwmzd65w96d6kfm7x6q65j68"; + sha256 = "05kwz0n5gn9m33cflzv87lz3zp502yp8fpfzbx70knvfl6agmnfp"; }; configureFlags = [ diff --git a/pkgs/development/libraries/libndctl/default.nix b/pkgs/development/libraries/libndctl/default.nix index 6019d79b00d..bfff0c84522 100644 --- a/pkgs/development/libraries/libndctl/default.nix +++ b/pkgs/development/libraries/libndctl/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "libndctl"; - version = "65"; + version = "66"; src = fetchFromGitHub { owner = "pmem"; repo = "ndctl"; rev = "v${version}"; - sha256 = "0d8hzfvyxs2q8kgkwgdizlml41kin4mhx3vpdsjk34pfi7mqy69y"; + sha256 = "1pq1ss6b1lnyfnvdfhpi0x70jjrnm567fcyvkgvhmp2ndzsn393f"; }; outputs = [ "out" "lib" "man" "dev" ]; diff --git a/pkgs/development/libraries/libosinfo/default.nix b/pkgs/development/libraries/libosinfo/default.nix index b971c8924f3..a040956f553 100644 --- a/pkgs/development/libraries/libosinfo/default.nix +++ b/pkgs/development/libraries/libosinfo/default.nix @@ -1,44 +1,32 @@ -{ stdenv, fetchurl, fetchpatch, pkgconfig, intltool, gobject-introspection, gtk-doc, docbook_xsl -, glib, libsoup, libxml2, libxslt, check, curl, perl, hwdata, osinfo-db, vala ? null +{ stdenv, fetchurl, fetchpatch, pkgconfig, gettext, gobject-introspection, gtk-doc, docbook_xsl +, glib, libsoup, libxml2, libxslt, check, curl, perl, hwdata, osinfo-db, substituteAll +, vala ? null }: stdenv.mkDerivation rec { pname = "libosinfo"; - version = "1.5.0"; + version = "1.6.0"; src = fetchurl { url = "https://releases.pagure.org/${pname}/${pname}-${version}.tar.gz"; - sha256 = "12b0xj9fz9q91d1pz9xm6aqap5k1ip0m9m3qvqmwjy1lk1kjasdz"; + sha256 = "1iwh35mahch1ls3sgq7wz8kamxrxisrff5ciqzyh2qxlrqf5qf1w"; }; outputs = [ "out" "dev" "devdoc" ]; nativeBuildInputs = [ - pkgconfig vala intltool gobject-introspection gtk-doc docbook_xsl + pkgconfig vala gettext gobject-introspection gtk-doc docbook_xsl ]; buildInputs = [ glib libsoup libxml2 libxslt ]; checkInputs = [ check curl perl ]; patches = [ - ./osinfo-db-data-dir.patch - # https://nvd.nist.gov/vuln/detail/CVE-2019-13313 - (fetchpatch { - url = "https://gitlab.com/libosinfo/libosinfo/commit/3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc.patch"; - name = "CVE-2019-13313-1.patch"; - sha256 = "1lybywfj6b41zfjk33ap90bab5l84lf5y3kif7vd2b6wq5r91rcn"; - }) - (fetchpatch { - url = "https://gitlab.com/libosinfo/libosinfo/commit/08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a.patch"; - name = "CVE-2019-13313-2.patch"; - sha256 = "1f6rhkrgy3j8nmidk97wnz6p35zs1dsd63d3np76q7qs7ra74w9z"; + (substituteAll { + src = ./osinfo-db-data-dir.patch; + osinfo_db_data_dir = "${osinfo-db}/share"; }) ]; - postPatch = '' - patchShebangs . - substituteInPlace osinfo/osinfo_loader.c --subst-var-by OSINFO_DB_DATA_DIR "${osinfo-db}/share" - ''; - configureFlags = [ "--with-usb-ids-path=${hwdata}/share/hwdata/usb.ids" "--with-pci-ids-path=${hwdata}/share/hwdata/pci.ids" diff --git a/pkgs/development/libraries/libosinfo/osinfo-db-data-dir.patch b/pkgs/development/libraries/libosinfo/osinfo-db-data-dir.patch index 8d202a92d09..2197eca23d9 100644 --- a/pkgs/development/libraries/libosinfo/osinfo-db-data-dir.patch +++ b/pkgs/development/libraries/libosinfo/osinfo-db-data-dir.patch @@ -5,7 +5,7 @@ path = g_getenv("OSINFO_SYSTEM_DIR"); if (!path) - path = DATA_DIR "/osinfo"; -+ path = "@OSINFO_DB_DATA_DIR@/osinfo"; ++ path = "@osinfo_db_data_dir@/osinfo"; file = g_file_new_for_path(path); } diff --git a/pkgs/development/libraries/libosmium/default.nix b/pkgs/development/libraries/libosmium/default.nix index 37b3e8c93d9..eeb8fec5f93 100644 --- a/pkgs/development/libraries/libosmium/default.nix +++ b/pkgs/development/libraries/libosmium/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libosmium"; - version = "2.15.1"; + version = "2.15.2"; src = fetchFromGitHub { owner = "osmcode"; repo = "libosmium"; rev = "v${version}"; - sha256 = "1v1m068lcjngxnwirpi0vqjhqnxn9gqvafjp3sy14vzmgl2sw2kr"; + sha256 = "1fh8wl4grs1c0g9whx90kd4jva3k9b6zbb1cl3isay489gwndgss"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/librealsense/default.nix b/pkgs/development/libraries/librealsense/default.nix index 1ff0b2f646f..468bcfb0a18 100644 --- a/pkgs/development/libraries/librealsense/default.nix +++ b/pkgs/development/libraries/librealsense/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "librealsense"; - version = "2.23.0"; + version = "2.25.0"; src = fetchFromGitHub { owner = "IntelRealSense"; repo = "librealsense"; rev = "v${version}"; - sha256 = "055fvfmkfi71bk7yxa527awq5qrq4dni5xhlaldhak2vlis8glwk"; + sha256 = "029qps0bbck0m2xj0mb5g3pgkk7a1zq8wcilfkvpx72sn7039xvw"; }; buildInputs = [ diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix index 63f6c904330..71b8d2bb20e 100644 --- a/pkgs/development/libraries/libressl/default.nix +++ b/pkgs/development/libraries/libressl/default.nix @@ -13,7 +13,15 @@ let nativeBuildInputs = [ cmake ]; - cmakeFlags = [ "-DENABLE_NC=ON" "-DBUILD_SHARED_LIBS=ON" ]; + cmakeFlags = [ + "-DENABLE_NC=ON" + "-DBUILD_SHARED_LIBS=ON" + # Ensure that the output libraries do not require an executable stack. + # Without this define, assembly files in libcrypto do not include a + # .note.GNU-stack section, and if that section is missing from any object, + # the linker will make the stack executable. + "-DCMAKE_C_FLAGS=-DHAVE_GNU_STACK" + ]; # The autoconf build is broken as of 2.9.1, resulting in the following error: # libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. @@ -41,7 +49,7 @@ let homepage = "https://www.libressl.org"; license = with licenses; [ publicDomain bsdOriginal bsd0 bsd3 gpl3 isc openssl ]; platforms = platforms.all; - maintainers = with maintainers; [ thoughtpolice fpletz globin ]; + maintainers = with maintainers; [ thoughtpolice fpletz ]; }; }; @@ -56,4 +64,9 @@ in { version = "2.9.2"; sha256 = "1m6mz515dcbrbnyz8hrpdfjzdmj1c15vbgnqxdxb89g3z9kq3iy4"; }; + + libressl_3_0 = generic { + version = "3.0.0"; + sha256 = "0xiwri6xcnl3wb5nbc4aw8pv32s3hp13r9v465yr8wykaw211n81"; + }; } diff --git a/pkgs/development/libraries/libspf2/default.nix b/pkgs/development/libraries/libspf2/default.nix new file mode 100644 index 00000000000..d4b11270428 --- /dev/null +++ b/pkgs/development/libraries/libspf2/default.nix @@ -0,0 +1,43 @@ +{ stdenv, fetchurl, autoreconfHook }: + +with stdenv.lib; + +stdenv.mkDerivation rec { + pname = "libspf2"; + version = "1.2.10"; + + src = fetchurl { + url = "https://www.libspf2.org/spf/libspf2-${version}.tar.gz"; + sha256 = "1j91p0qiipzf89qxq4m1wqhdf01hpn1h5xj4djbs51z23bl3s7nr"; + }; + + patches = [ + (fetchurl { + name = "0001-gcc-variadic-macros.patch"; + url = "https://github.com/shevek/libspf2/commit/5852828582f556e73751076ad092f72acf7fc8b6.patch"; + sha256 = "1v6ashqzpr0xidxq0vpkjd8wd66cj8df01kyzj678ljzcrax35hk"; + }) + ]; + + postPatch = '' + # disable static bins compilation + sed -i \ + -e '/bin_PROGRAMS/s/spfquery_static//' src/spfquery/Makefile.am \ + -e '/bin_PROGRAMS/s/spftest_static//' src/spftest/Makefile.am \ + -e '/bin_PROGRAMS/s/spfd_static//' src/spfd/Makefile.am \ + -e '/bin_PROGRAMS/s/spf_example_static//' src/spf_example/Makefile.am + ''; + + # autoreconf necessary because we modified automake files + nativeBuildInputs = [ autoreconfHook ]; + + doCheck = true; + + meta = { + description = "Implementation of the Sender Policy Framework for SMTP authorization"; + homepage = https://www.libspf2.org; + license = with licenses; [ lgpl21Plus bsd2 ]; + maintainers = with maintainers; [ pacien ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/libraries/liburing/default.nix b/pkgs/development/libraries/liburing/default.nix index 5eeb50468de..855c6ce280e 100644 --- a/pkgs/development/libraries/liburing/default.nix +++ b/pkgs/development/libraries/liburing/default.nix @@ -1,16 +1,57 @@ { stdenv, fetchgit +, fetchpatch }: stdenv.mkDerivation rec { pname = "liburing"; - version = "1.0.0pre156_${builtins.substring 0 7 src.rev}"; + version = "0.1"; src = fetchgit { url = "http://git.kernel.dk/liburing"; - rev = "c31c7ec4bcd7bb0d7b28897d730431c02b9d4ea1"; - sha256 = "17d6s03fyajcrijca9d2d6llbf8cl8dyalpxnl39az3452p04s11"; + rev = "refs/tags/liburing-${version}"; + sha256 = "038iqsbm9bdmlwvmb899bc6g1rw5dalr990azynbvgn8qs5adysh"; }; + patches = [ + + # This patch re-introduces support for aarch64-linux, by adding the + # necessary memory barrier primitives for it to work. + # + # Already upstream: remove when moving to the next version + (fetchpatch { + url = "http://git.kernel.dk/cgit/liburing/patch/?id=0520db454c29f1d96cda6cf6cedeb93df65301e8"; + sha256 = "1i8133sb1imzxpplmhlhnaxkffgplhj40vanivc6clbibvhgwpq6"; + }) + + # This patch shuffles the name of the io_uring memory barrier primitives. + # They were using extremely common names by accident, which caused + # namespace conflicts with many other projects using the same names. Note: + # this does not change the user-visible API of liburing (liburing is + # designed exactly to hide the necessary memory barriers when using the + # io_uring syscall directly). It only changes the names of some internals. + # The only reason this caused problems at all is because memory barrier + # primitives are written as preprocessor defines, in a common header file, + # which get included unilaterally. + # + # Already upstream: remove when moving to the next version + (fetchpatch { + url = "http://git.kernel.dk/cgit/liburing/patch/?id=552c6a08d04c74d20eeaa86f535bfd553b352370"; + sha256 = "123d6jdqfy7b8aq9f6ax767n48hhbx6pln3nlrp623595i8zz3wf"; + }) + + # Finally, this patch fixes the aarch64-linux support introduced by the + # first patch, but which was _broken_ by the second patch, in a horrid + # twist of fate: it neglected to change the names of the aarch64 barriers + # appropriately. + # + # Already upstream: remove when moving to the next version + (fetchpatch { + url = "http://git.kernel.dk/cgit/liburing/patch/?id=6e9dd0c8c50b5988a0c77532c9c2bd6afd4790d2"; + sha256 = "11mqa1bp2pdfqh08gpcd98kg7lh3rrng41b4l1wvhxdbvg5rfw9c"; + }) + + ]; + separateDebugInfo = true; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/libvirt-glib/default.nix b/pkgs/development/libraries/libvirt-glib/default.nix index 74c3d24560c..9dd89133f4b 100644 --- a/pkgs/development/libraries/libvirt-glib/default.nix +++ b/pkgs/development/libraries/libvirt-glib/default.nix @@ -1,6 +1,7 @@ { stdenv, fetchurl, pkgconfig, libvirt, glib, libxml2, intltool, libtool, yajl , nettle, libgcrypt, pythonPackages, gobject-introspection, libcap_ng, numactl -, xen, libapparmor, vala +, libapparmor, vala +, xenSupport ? false, xen ? null }: let @@ -19,7 +20,7 @@ in stdenv.mkDerivation rec { buildInputs = [ libvirt glib libxml2 intltool libtool yajl nettle libgcrypt python pygobject2 gobject-introspection libcap_ng numactl libapparmor - ] ++ stdenv.lib.optionals stdenv.isx86_64 [ + ] ++ stdenv.lib.optionals xenSupport [ xen ]; diff --git a/pkgs/development/libraries/libvirt/default.nix b/pkgs/development/libraries/libvirt/default.nix index d5f4ae0ce02..0556e311736 100644 --- a/pkgs/development/libraries/libvirt/default.nix +++ b/pkgs/development/libraries/libvirt/default.nix @@ -129,6 +129,7 @@ in stdenv.mkDerivation rec { binPath = [ iptables iproute pmutils numad numactl bridge-utils dmidecode dnsmasq ebtables ] ++ optionals enableIscsi [ openiscsi ]; in '' substituteInPlace $out/libexec/libvirt-guests.sh \ + --replace 'ON_BOOT=start' 'ON_BOOT=''${ON_BOOT:-start}' \ --replace 'ON_SHUTDOWN=suspend' 'ON_SHUTDOWN=''${ON_SHUTDOWN:-suspend}' \ --replace "$out/bin" '${gettext}/bin' \ --replace 'lock/subsys' 'lock' \ @@ -156,6 +157,6 @@ in stdenv.mkDerivation rec { ''; license = licenses.lgpl2Plus; platforms = platforms.unix; - maintainers = with maintainers; [ fpletz ]; + maintainers = with maintainers; [ fpletz globin ]; }; } diff --git a/pkgs/development/libraries/libvisio/default.nix b/pkgs/development/libraries/libvisio/default.nix index a272d355c84..b807691671f 100644 --- a/pkgs/development/libraries/libvisio/default.nix +++ b/pkgs/development/libraries/libvisio/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "libvisio"; - version = "0.1.6"; + version = "0.1.7"; outputs = [ "out" "bin" "dev" "doc" ]; src = fetchurl { url = "https://dev-www.libreoffice.org/src/libvisio/${pname}-${version}.tar.xz"; - sha256 = "1yahpfl13qk6178irv8jn5ppxdn7isafqisyqsdw0lqxcz9h447y"; + sha256 = "0k7adcbbf27l7n453cca1m6s9yj6qvb5j6bsg2db09ybf3w8vbwg"; }; nativeBuildInputs = [ pkgconfig cppunit doxygen ]; diff --git a/pkgs/development/libraries/libwebsockets/default.nix b/pkgs/development/libraries/libwebsockets/default.nix index 6bec6166246..a297bf61f78 100644 --- a/pkgs/development/libraries/libwebsockets/default.nix +++ b/pkgs/development/libraries/libwebsockets/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libwebsockets"; - version = "3.1.0"; + version = "3.2.0"; src = fetchFromGitHub { owner = "warmcat"; repo = "libwebsockets"; rev = "v${version}"; - sha256 = "1w1wz6snf3cmcpa3f4dci2nz9za2f5rrylxl109id7bcb36xhbdl"; + sha256 = "0ac5755h3w1pl6cznqbvg63dwkqy544fqlhvqyp7s11hgs7jx6l8"; }; buildInputs = [ cmake openssl zlib libuv ]; diff --git a/pkgs/development/libraries/libxmlb/default.nix b/pkgs/development/libraries/libxmlb/default.nix index 209a7328d12..4800a6c405c 100644 --- a/pkgs/development/libraries/libxmlb/default.nix +++ b/pkgs/development/libraries/libxmlb/default.nix @@ -1,25 +1,65 @@ -{ stdenv, fetchFromGitHub, meson, ninja, pkgconfig, glib, libuuid, gobject-introspection, gtk-doc, shared-mime-info, python3, docbook_xsl, docbook_xml_dtd_43 }: +{ stdenv +, fetchFromGitHub +, fetchpatch +, docbook_xml_dtd_43 +, docbook_xsl +, glib +, gobject-introspection +, gtk-doc +, libuuid +, meson +, ninja +, pkgconfig +, python3 +, shared-mime-info +, nixosTests +}: stdenv.mkDerivation rec { pname = "libxmlb"; - version = "0.1.10"; + version = "0.1.11"; - outputs = [ "out" "lib" "dev" "devdoc" ]; + outputs = [ "out" "lib" "dev" "devdoc" "installedTests" ]; src = fetchFromGitHub { owner = "hughsie"; repo = "libxmlb"; rev = version; - sha256 = "1ismh3bdwd0l1fjlhwycam89faxjmpb0wxqlbv58m0z6cxykp6rd"; + sha256 = "1503v76w7543snqyjxykiqa5va62zb0ccn3jlw0gpdx8973v80mr"; }; - nativeBuildInputs = [ meson ninja python3 pkgconfig gobject-introspection gtk-doc shared-mime-info docbook_xsl docbook_xml_dtd_43 ]; + patches = [ + # Fix installed tests + # https://github.com/hughsie/libxmlb/pull/2 + (fetchpatch { + url = "https://github.com/hughsie/libxmlb/commit/78850c8b0f644f729fa21e2bf9ebed0d9d6010f3.diff"; + sha256 = "0zw7c6vy8hscln7za7ijqd9svirach3zdskvbzyxxcsm3xcwxpjm"; + }) - buildInputs = [ glib libuuid ]; + ./installed-tests-path.patch + ]; + + nativeBuildInputs = [ + docbook_xml_dtd_43 + docbook_xsl + gobject-introspection + gtk-doc + meson + ninja + pkgconfig + (python3.withPackages (pkgs: with pkgs; [ setuptools ])) + shared-mime-info + ]; + + buildInputs = [ + glib + libuuid + ]; mesonFlags = [ "--libexecdir=${placeholder "out"}/libexec" "-Dgtkdoc=true" + "-Dinstalled_test_prefix=${placeholder "installedTests"}" ]; preCheck = '' @@ -28,6 +68,12 @@ stdenv.mkDerivation rec { doCheck = true; + passthru = { + tests = { + installed-tests = nixosTests.libxmlb; + }; + }; + meta = with stdenv.lib; { description = "A library to help create and query binary XML blobs"; homepage = https://github.com/hughsie/libxmlb; diff --git a/pkgs/development/libraries/libxmlb/installed-tests-path.patch b/pkgs/development/libraries/libxmlb/installed-tests-path.patch new file mode 100644 index 00000000000..ab36d9efad8 --- /dev/null +++ b/pkgs/development/libraries/libxmlb/installed-tests-path.patch @@ -0,0 +1,24 @@ +diff --git a/meson.build b/meson.build +index b064cb8..1a470cf 100644 +--- a/meson.build ++++ b/meson.build +@@ -103,8 +103,8 @@ + + libexecdir = join_paths(prefix, get_option('libexecdir')) + datadir = join_paths(prefix, get_option('datadir')) +-installed_test_bindir = join_paths(libexecdir, 'installed-tests', meson.project_name()) +-installed_test_datadir = join_paths(datadir, 'installed-tests', meson.project_name()) ++installed_test_bindir = join_paths(get_option('installed_test_prefix'), 'libexec', 'installed-tests', meson.project_name()) ++installed_test_datadir = join_paths(get_option('installed_test_prefix'), 'share', 'installed-tests', meson.project_name()) + + gio = dependency('gio-2.0', version : '>= 2.45.8') + uuid = dependency('uuid') +diff --git a/meson_options.txt b/meson_options.txt +index 27e8cb6..74548ae 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -2,3 +2,4 @@ + option('introspection', type : 'boolean', value : true, description : 'generate GObject Introspection data') + option('tests', type : 'boolean', value : true, description : 'enable tests') + option('stemmer', type : 'boolean', value : false, description : 'enable stemmer support') ++option('installed_test_prefix', type: 'string', value: '', description: 'Prefix for installed tests') diff --git a/pkgs/development/libraries/libzapojit/default.nix b/pkgs/development/libraries/libzapojit/default.nix index 2ad017dc90b..215535fb8f1 100644 --- a/pkgs/development/libraries/libzapojit/default.nix +++ b/pkgs/development/libraries/libzapojit/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, glib, intltool, json-glib, librest, libsoup, gnome3, gobject-introspection }: +{ stdenv, fetchurl, pkgconfig, glib, intltool, json-glib, librest, libsoup, gnome3, gnome-online-accounts, gobject-introspection }: stdenv.mkDerivation rec { pname = "libzapojit"; @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ pkgconfig intltool gobject-introspection ]; - propagatedBuildInputs = [ glib json-glib librest libsoup gnome3.gnome-online-accounts ]; # zapojit-0.0.pc + propagatedBuildInputs = [ glib json-glib librest libsoup gnome-online-accounts ]; # zapojit-0.0.pc passthru = { updateScript = gnome3.updateScript { diff --git a/pkgs/development/libraries/live555/default.nix b/pkgs/development/libraries/live555/default.nix index a5eec1805e1..57dcb3ee6a6 100644 --- a/pkgs/development/libraries/live555/default.nix +++ b/pkgs/development/libraries/live555/default.nix @@ -3,14 +3,14 @@ # Based on https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD stdenv.mkDerivation rec { pname = "live555"; - version = "2019.06.28"; + version = "2019.08.16"; src = fetchurl { # the upstream doesn't provide a stable URL urls = [ "mirror://sourceforge/slackbuildsdirectlinks/live.${version}.tar.gz" "https://download.videolan.org/contrib/live555/live.${version}.tar.gz" ]; - sha256 = "0pn5zhid9z8dsmwkhp2lvy84j5ahjskq1a8srdhd06hvh2w8dh2r"; + sha256 = "1y77dc5qxd731w96x707iibavmkfayy5s557d7lasg742h36lcqv"; }; postPatch = '' diff --git a/pkgs/development/libraries/luaffi/darwin.patch b/pkgs/development/libraries/luaffi/darwin.patch deleted file mode 100644 index 50db81b776d..00000000000 --- a/pkgs/development/libraries/luaffi/darwin.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/Makefile b/Makefile -index b2b5f2c..b690a5d 100644 ---- a/Makefile -+++ b/Makefile -@@ -18,10 +18,10 @@ test: - if [ `uname` = "Darwin" ]; then $(MAKE) test_macosx; else $(MAKE) test_posix; fi - - macosx: -- $(MAKE) posix "SOCC=MACOSX_DEPLOYMENT_TARGET=10.3 $(CC) -dynamiclib -single_module -undefined dynamic_lookup $(SOCFLAGS)" -+ $(MAKE) posix "SOCC= $(CC) -dynamiclib -single_module -undefined dynamic_lookup -Wl,-install_name,$(PREFIX)/lib/$(MODSO) $(SOCFLAGS)" - - test_macosx: -- $(MAKE) test_posix "SOCC=MACOSX_DEPLOYMENT_TARGET=10.3 $(CC) -dynamiclib -single_module -undefined dynamic_lookup $(SOCFLAGS)" -+ $(MAKE) test_posix "SOCC= $(CC) -dynamiclib -single_module -undefined dynamic_lookup -Wl,-install_name,$(PREFIX)/lib/$(MODSO) $(SOCFLAGS)" - - posix: $(MODSO) test_cdecl.so - diff --git a/pkgs/development/libraries/luaffi/default.nix b/pkgs/development/libraries/luaffi/default.nix deleted file mode 100644 index 065562ac82e..00000000000 --- a/pkgs/development/libraries/luaffi/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ stdenv, fetchFromGitHub, lua, pkgconfig }: - -stdenv.mkDerivation { - name = "luaffi-2013-11-08"; - src = fetchFromGitHub { - owner = "jmckaskill"; - repo = "luaffi"; - rev = "abc638c9341025580099dcf77795c4b320ba0e63"; - sha256 = "1hv1y9i66p473hfy36nqj220sfrxdmbd75c1gpjvpk8073vx55ac"; - }; - - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ lua ]; - - patches = [ ./darwin.patch ./makefile-errors.patch ]; - - makeFlags = [ "PREFIX=$(out)" ]; - - installPhase = '' - mkdir -p $out/lib - cp ffi.so $out/lib/ffi.so - ''; - - meta = with stdenv.lib; { - description = "Standalone FFI library for calling C functions from lua. Compatible with the luajit FFI interface."; - homepage = https://github.com/jmckaskill/luaffi; - maintainers = with maintainers; [ ma27 ]; - license = licenses.mit; - platforms = platforms.unix; - }; -} diff --git a/pkgs/development/libraries/luaffi/makefile-errors.patch b/pkgs/development/libraries/luaffi/makefile-errors.patch deleted file mode 100644 index 0ee6e639006..00000000000 --- a/pkgs/development/libraries/luaffi/makefile-errors.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Makefile b/Makefile -index b2b5f2c..49d4c99 100644 ---- a/Makefile -+++ b/Makefile -@@ -6,7 +6,7 @@ LUA=lua - LUA_CFLAGS=`$(PKG_CONFIG) --cflags lua5.2 2>/dev/null || $(PKG_CONFIG) --cflags lua` - SOCFLAGS=-fPIC - SOCC=$(CC) -shared $(SOCFLAGS) --CFLAGS=-fPIC -g -Wall -Werror $(LUA_CFLAGS) -fvisibility=hidden -Wno-unused-function --std=gnu99 -+CFLAGS=-fPIC -g -Wall $(LUA_CFLAGS) -fvisibility=hidden -Wno-unused-function --std=gnu99 - - MODNAME=ffi - MODSO=$(MODNAME).so diff --git a/pkgs/development/libraries/mdds/default.nix b/pkgs/development/libraries/mdds/default.nix index 16502ca4e61..cdc3dfa5ca0 100644 --- a/pkgs/development/libraries/mdds/default.nix +++ b/pkgs/development/libraries/mdds/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "mdds"; - version = "1.4.3"; + version = "1.5.0"; src = fetchurl { url = "https://kohei.us/files/${pname}/src/${pname}-${version}.tar.bz2"; - sha256 = "10cw6irdm6d15nxnys2v5akp8yz52qijpcjvw0frwq7nz5d3vki5"; + sha256 = "03b8i43pw4m767mm0cnbi77x7qhpkzpi9b1f6dpp4cmyszmnsk8l"; }; postInstall = '' diff --git a/pkgs/development/libraries/mutest/default.nix b/pkgs/development/libraries/mutest/default.nix new file mode 100644 index 00000000000..423a93b69a8 --- /dev/null +++ b/pkgs/development/libraries/mutest/default.nix @@ -0,0 +1,34 @@ +{ stdenv +, fetchFromGitHub +, meson +, ninja +}: + +stdenv.mkDerivation rec { + pname = "mutest"; + version = "unstable-2019-08-26"; + + outputs = [ "out" "dev" ]; + + src = fetchFromGitHub { + owner = "ebassi"; + repo = "mutest"; + rev = "e6246c9ae4f36ffe8c021f0a80438f6c7a6efa3a"; + sha256 = "0gdqwq6fvk06wld4rhnw5752hahrvhd69zrci045x25rwx90x26q"; + }; + + nativeBuildInputs = [ + meson + ninja + ]; + + doCheck = true; + + meta = with stdenv.lib; { + homepage = https://ebassi.github.io/mutest/mutest.md.html; + description = "A BDD testing framework for C, inspired by Mocha"; + license = licenses.mit; + maintainers = with maintainers; [ jtojnar worldofpeace ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/libraries/odpic/default.nix b/pkgs/development/libraries/odpic/default.nix index 34af3b0b9e0..f3e8742bb20 100644 --- a/pkgs/development/libraries/odpic/default.nix +++ b/pkgs/development/libraries/odpic/default.nix @@ -1,12 +1,19 @@ -{ stdenv, fetchurl, fixDarwinDylibNames, oracle-instantclient, libaio }: +{ stdenv, fetchFromGitHub, fixDarwinDylibNames, oracle-instantclient, libaio }: + +let + version = "3.2.1"; + libPath = stdenv.lib.makeLibraryPath [ oracle-instantclient.lib ]; + +in stdenv.mkDerivation { + inherit version; -stdenv.mkDerivation rec { pname = "odpic"; - version = "3.1.0"; - src = fetchurl { - url = "https://github.com/oracle/odpi/archive/v${version}.tar.gz"; - sha256 = "0m6g7lbvfir4amf2cnap9wz9fmqrihqpihd84igrd7fp076894c0"; + src = fetchFromGitHub { + owner = "oracle"; + repo = "odpi"; + rev = "v${version}"; + sha256 = "1f9gznc7h73cgx32p55rkhzla6l7l9dg53ilwh6zdgdqlp7n018i"; }; nativeBuildInputs = stdenv.lib.optional stdenv.isDarwin [ fixDarwinDylibNames ]; @@ -14,15 +21,12 @@ stdenv.mkDerivation rec { buildInputs = [ oracle-instantclient ] ++ stdenv.lib.optionals stdenv.isLinux [ libaio ]; - libPath = stdenv.lib.makeLibraryPath - [ oracle-instantclient ]; - dontPatchELF = true; makeFlags = [ "PREFIX=$(out)" "CC=cc" "LD=cc"]; postFixup = '' ${stdenv.lib.optionalString (stdenv.isLinux) '' - patchelf --set-rpath "${libPath}" $out/lib/libodpic${stdenv.hostPlatform.extensions.sharedLibrary} + patchelf --set-rpath "${libPath}:$(patchelf --print-rpath $out/lib/libodpic${stdenv.hostPlatform.extensions.sharedLibrary})" $out/lib/libodpic${stdenv.hostPlatform.extensions.sharedLibrary} ''} ${stdenv.lib.optionalString (stdenv.isDarwin) '' install_name_tool -add_rpath "${libPath}" $out/lib/libodpic${stdenv.hostPlatform.extensions.sharedLibrary} diff --git a/pkgs/development/libraries/oniguruma/default.nix b/pkgs/development/libraries/oniguruma/default.nix index 8582580579d..8a1e1d37c1d 100644 --- a/pkgs/development/libraries/oniguruma/default.nix +++ b/pkgs/development/libraries/oniguruma/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "onig"; - version = "6.9.2"; + version = "6.9.3"; src = fetchFromGitHub { owner = "kkos"; repo = "oniguruma"; rev = "v${version}"; - sha256 = "15asc9v6ylal8fwzlnrh673mp62wngxvv9jx7h86vhljjdap6yfc"; + sha256 = "0wzmqpjmxpryk83acbyhl9gwgm43ixbwraga2g5li9kx88mv4k0n"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/opencv/4.x.nix b/pkgs/development/libraries/opencv/4.x.nix index ab24dcb1944..5732ce9e1ca 100644 --- a/pkgs/development/libraries/opencv/4.x.nix +++ b/pkgs/development/libraries/opencv/4.x.nix @@ -1,5 +1,5 @@ { lib, stdenv -, fetchurl, fetchFromGitHub +, fetchurl, fetchFromGitHub, fetchpatch , cmake, pkgconfig, unzip, zlib, pcre, hdf5 , glog, boost, gflags, protobuf , config @@ -160,6 +160,14 @@ stdenv.mkDerivation rec { cp --no-preserve=mode -r "${contribSrc}/modules" "$NIX_BUILD_TOP/source/opencv_contrib" ''; + patches = [ + (fetchpatch { + url = "https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023.patch"; + name = "CVE-2019-14493.patch"; + sha256 = "14qva9f5z10apz5q0skdyiclr9sgkhab4fzksy1w3b6j6hg4wm7m"; + }) + ]; + # This prevents cmake from using libraries in impure paths (which # causes build failure on non NixOS) # Also, work around https://github.com/NixOS/nixpkgs/issues/26304 with diff --git a/pkgs/development/libraries/opendkim/default.nix b/pkgs/development/libraries/opendkim/default.nix index fd8dadb5398..66496af12f9 100644 --- a/pkgs/development/libraries/opendkim/default.nix +++ b/pkgs/development/libraries/opendkim/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, libbsd, openssl, libmilter -, perl, makeWrapper }: +, autoreconfHook, perl, makeWrapper }: stdenv.mkDerivation rec { pname = "opendkim"; @@ -16,10 +16,12 @@ stdenv.mkDerivation rec { "ac_cv_func_realloc_0_nonnull=yes" ]; - nativeBuildInputs = [ pkgconfig makeWrapper ]; + nativeBuildInputs = [ autoreconfHook pkgconfig makeWrapper ]; buildInputs = [ libbsd openssl libmilter perl ]; + patches = [ ./openssl-1.1.patch ]; + postInstall = '' wrapProgram $out/sbin/opendkim-genkey \ --prefix PATH : ${openssl.bin}/bin diff --git a/pkgs/development/libraries/opendkim/openssl-1.1.patch b/pkgs/development/libraries/opendkim/openssl-1.1.patch new file mode 100644 index 00000000000..c36559cf16c --- /dev/null +++ b/pkgs/development/libraries/opendkim/openssl-1.1.patch @@ -0,0 +1,81 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -864,26 +864,28 @@ + AC_SEARCH_LIBS([ERR_peek_error], [crypto], , + AC_MSG_ERROR([libcrypto not found])) + +- AC_SEARCH_LIBS([SSL_library_init], [ssl], , +- [ +- if test x"$enable_shared" = x"yes" +- then +- AC_MSG_ERROR([Cannot build shared opendkim +- against static openssl libraries. +- Configure with --disable-shared +- to get this working or obtain a +- shared libssl library for +- opendkim to use.]) +- fi +- +- # avoid caching issue - last result of SSL_library_init +- # shouldn't be cached for this next check +- unset ac_cv_search_SSL_library_init +- LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" +- AC_SEARCH_LIBS([SSL_library_init], [ssl], , +- AC_MSG_ERROR([libssl not found]), [-ldl]) +- ] +- ) ++ ++ AC_LINK_IFELSE( ++ [AC_LANG_PROGRAM([[#include <openssl/ssl.h>]], ++ [[SSL_library_init();]])], ++ [od_have_ossl="yes";], ++ [od_have_ossl="no";]) ++ if test x"$od_have_ossl" = x"no" ++ then ++ if test x"$enable_shared" = x"yes" ++ then ++ AC_MSG_ERROR([Cannot build shared opendkim ++ against static openssl libraries. ++ Configure with --disable-shared ++ to get this working or obtain a ++ shared libssl library for ++ opendkim to use.]) ++ fi ++ ++ LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl" ++ AC_SEARCH_LIBS([SSL_library_init], [ssl], , ++ AC_MSG_ERROR([libssl not found]), [-ldl]) ++ fi + + AC_CHECK_DECL([SHA256_DIGEST_LENGTH], + AC_DEFINE([HAVE_SHA256], 1, +--- a/opendkim/opendkim-crypto.c ++++ b/opendkim/opendkim-crypto.c +@@ -222,7 +222,11 @@ + { + assert(pthread_setspecific(id_key, ptr) == 0); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ OPENSSL_thread_stop(); ++#else + ERR_remove_state(0); ++#endif + + free(ptr); + +@@ -392,11 +396,15 @@ + { + if (crypto_init_done) + { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++ OPENSSL_thread_stop(); ++#else + CRYPTO_cleanup_all_ex_data(); + CONF_modules_free(); + EVP_cleanup(); + ERR_free_strings(); + ERR_remove_state(0); ++#endif + + if (nmutexes > 0) + { diff --git a/pkgs/development/libraries/opensaml-cpp/default.nix b/pkgs/development/libraries/opensaml-cpp/default.nix index 1c753008022..0edf6dfa728 100644 --- a/pkgs/development/libraries/opensaml-cpp/default.nix +++ b/pkgs/development/libraries/opensaml-cpp/default.nix @@ -1,17 +1,21 @@ -{ stdenv, fetchgit, autoreconfHook, boost, openssl, log4shib, xercesc, xml-security-c, xml-tooling-c, zlib }: +{ stdenv, fetchgit, autoreconfHook, pkgconfig +, boost, openssl, log4shib, xercesc, xml-security-c, xml-tooling-c, zlib +}: stdenv.mkDerivation rec { pname = "opensaml-cpp"; - version = "2.6.1"; + version = "3.0.1"; src = fetchgit { url = "https://git.shibboleth.net/git/cpp-opensaml.git"; rev = version; - sha256 = "0wjb6jyvh4hwpy1pvhh63i821746nqijysrd4vasbirkf4h6z7nx"; + sha256 = "0ms3sqmwqkrqb92d7jy2hqwnz5yd7cbrz73n321jik0jilrwl5w8"; }; - buildInputs = [ boost openssl log4shib xercesc xml-security-c xml-tooling-c zlib ]; - nativeBuildInputs = [ autoreconfHook ]; + buildInputs = [ + boost openssl log4shib xercesc xml-security-c xml-tooling-c zlib + ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; configureFlags = [ "--with-xmltooling=${xml-tooling-c}" ]; diff --git a/pkgs/development/libraries/openxr-loader/default.nix b/pkgs/development/libraries/openxr-loader/default.nix new file mode 100644 index 00000000000..d1a20552ff7 --- /dev/null +++ b/pkgs/development/libraries/openxr-loader/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchFromGitHub, cmake, python3, libX11, libXxf86vm, libXrandr }: + +stdenv.mkDerivation rec { + pname = "openxr-loader"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "KhronosGroup"; + repo = "OpenXR-SDK-Source"; + rev = "release-${version}"; + sha256 = "1sif2w2vm793j6493364i6pp6s6yqi7fwa6iky5abzmzda51cg5q"; + }; + + nativeBuildInputs = [ cmake python3 ]; + buildInputs = [ libX11 libXxf86vm libXrandr ]; + enableParallelBuilding = true; + + cmakeFlags = [ "-DBUILD_TESTS=OFF" ]; + + outputs = [ "out" "dev" "layers" ]; + + postInstall = '' + mkdir -p "$layers/share" + mv "$out/share/openxr" "$layers/share" + # Use absolute paths in manifests so no LD_LIBRARY_PATH shenanigans are necessary + for file in "$layers/share/openxr/1/api_layers/explicit.d/"*; do + substituteInPlace "$file" --replace '"library_path": "lib' "\"library_path\": \"$layers/lib/lib" + done + mkdir -p "$layers/lib" + mv "$out/lib/libXrApiLayer"* "$layers/lib" + ''; + + meta = with stdenv.lib; { + description = "Khronos OpenXR loader"; + homepage = https://www.khronos.org/openxr; + platforms = platforms.linux; + license = licenses.asl20; + maintainers = [ maintainers.ralith ]; + }; +} diff --git a/pkgs/development/libraries/oracle-instantclient/default.nix b/pkgs/development/libraries/oracle-instantclient/default.nix index 6c5d4b94d53..ea4ee44eb2d 100644 --- a/pkgs/development/libraries/oracle-instantclient/default.nix +++ b/pkgs/development/libraries/oracle-instantclient/default.nix @@ -1,71 +1,126 @@ -{ stdenv, requireFile, autoPatchelfHook, fixDarwinDylibNames, unzip, libaio, makeWrapper, odbcSupport ? false, unixODBC }: +{ stdenv +, fetchurl +, requireFile +, autoPatchelfHook +, fixDarwinDylibNames +, unzip +, libaio +, makeWrapper +, odbcSupport ? true +, unixODBC +}: assert odbcSupport -> unixODBC != null; let inherit (stdenv.lib) optional optionals optionalString; - baseVersion = "12.2"; - version = "${baseVersion}.0.1.0"; + throwSystem = throw "Unsupported system: ${stdenv.hostPlatform.system}"; - requireSource = component: arch: version: rel: hash: (requireFile rec { - name = "instantclient-${component}-${arch}-${version}" + (optionalString (rel != "") "-${rel}") + ".zip"; - url = "http://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html"; - sha256 = hash; - }); + # assemble list of components + components = [ "basic" "sdk" "sqlplus" ] ++ optional odbcSupport "odbc"; - throwSystem = throw "Unsupported system: ${stdenv.hostPlatform.system}"; + # determine the version number, there might be different ones per architecture + version = { + "x86_64-linux" = "19.3.0.0.0"; + "x86_64-darwin" = "18.1.0.0.0"; + }."${stdenv.hostPlatform.system}" or throwSystem; + + # hashes per component and architecture + hashes = { + "x86_64-linux" = { + "basic" = "1yk4ng3a9ka1mzgfph9br6rwclagbgfvmg6kja11nl5dapxdzaxy"; + "sdk" = "115v1gqr0czy7dcf2idwxhc6ja5b0nind0mf1rn8iawgrw560l99"; + "sqlplus" = "0zj5h84ypv4n4678kfix6jih9yakb277l9hc0819iddc0a5slbi5"; + "odbc" = "1g1z6pdn76dp440fh49pm8ijfgjazx4cvxdi665fsr62h62xkvch"; + }; + "x86_64-darwin" = { + "basic" = "fac3cdaaee7526f6c50ff167edb4ba7ab68efb763de24f65f63fb48cc1ba44c0"; + "sdk" = "98e6d797f1ce11e59b042b232f62380cec29ec7d5387b88a9e074b741c13e63a"; + "sqlplus" = "02e66dc52398fced75e7efcb6b4372afcf617f7d88344fb7f0f4bb2bed371f3b"; + "odbc" = "5d0cdd7f9dd2e27affbc9b36ef9fc48e329713ecd36905fdd089366e365ae8a2"; + }; + }."${stdenv.hostPlatform.system}" or throwSystem; + + # rels per component and architecture, optional + rels = { + "x86_64-darwin" = { + "sdk" = "2"; + }; + }."${stdenv.hostPlatform.system}" or {}; + # convert platform to oracle architecture names arch = { x86_64-linux = "linux.x64"; x86_64-darwin = "macos.x64"; }.${stdenv.hostPlatform.system} or throwSystem; - srcs = { - x86_64-linux = [ - (requireSource "basic" arch version "" "5015e3c9fba84e009f7519893f798a1622c37d1ae2c55104ff502c52a0fe5194") - (requireSource "sdk" arch version "" "7f404c3573c062ce487a51ac4cfe650c878d7edf8e73b364ec852645ed1098cb") - (requireSource "sqlplus" arch version "" "d49b2bd97376591ca07e7a836278933c3f251875c215044feac73ba9f451dfc2") ] - ++ optional odbcSupport (requireSource "odbc" arch version "2" "365a4ae32c7062d9fbc3fb41add748e7881f774484a175a4b41a2c294ce9095d"); - x86_64-darwin = [ - (requireSource "basic" arch version "2" "3ed3102e5a24f0da638694191edb34933309fb472eb1df21ad5c86eedac3ebb9") - (requireSource "sdk" arch version "2" "e0befca9c4e71ebc9f444957ffa70f01aeeec5976ea27c40406471b04c34848b") - (requireSource "sqlplus" arch version "2" "d147cbb5b2a954fdcb4b642df4f0bd1153fd56e0f56e7fa301601b4f7e2abe0e") ] - ++ optional odbcSupport (requireSource "odbc" arch version "2" "1805c1ab6c8c5e8df7bdcc35d7f2b94c329ecf4dff9bde55d5f9b159ecd8b64e"); - }.${stdenv.hostPlatform.system} or throwSystem; + # calculate the filename of a single zip file + srcFilename = component: arch: version: rel: + "instantclient-${component}-${arch}-${version}" + + (optionalString (rel != "") "-${rel}") + + (optionalString (arch == "linux.x64") "dbru") + # ¯\_(ツ)_/¯ + ".zip"; + + # fetcher for the clickthrough artifacts (requiring manual download) + fetchClickThrough = srcFilename: hash: (requireFile { + name = srcFilename; + url = "https://www.oracle.com/database/technologies/instant-client/downloads.html"; + sha256 = hash; + }); + + # fetcher for the non clickthrough artifacts + fetchSimple = srcFilename: hash: fetchurl { + url = "https://download.oracle.com/otn_software/linux/instantclient/193000/${srcFilename}"; + sha256 = hash; + }; + + # pick the appropriate fetcher depending on the platform + fetcher = if stdenv.hostPlatform.system == "x86_64-linux" then fetchSimple else fetchClickThrough; + + # assemble srcs + srcs = map (component: + (fetcher (srcFilename component arch version rels."${component}" or "") hashes."${component}" or "")) + components; - extLib = stdenv.hostPlatform.extensions.sharedLibrary; -in stdenv.mkDerivation rec { - inherit version srcs; pname = "oracle-instantclient"; + extLib = stdenv.hostPlatform.extensions.sharedLibrary; +in stdenv.mkDerivation { + inherit pname version srcs; buildInputs = [ stdenv.cc.cc.lib ] - ++ optionals (stdenv.isLinux) [ libaio ] + ++ optional stdenv.isLinux libaio ++ optional odbcSupport unixODBC; nativeBuildInputs = [ makeWrapper unzip ] ++ optional stdenv.isLinux autoPatchelfHook ++ optional stdenv.isDarwin fixDarwinDylibNames; + outputs = [ "out" "dev" "lib"]; + unpackCmd = "unzip $curSrc"; installPhase = '' - mkdir -p "$out/"{bin,include,lib,"share/java","share/${pname}-${version}/demo/"} - install -Dm755 {sqlplus,adrci,genezi} $out/bin - ${optionalString stdenv.isDarwin '' - for exe in "$out/bin/"* ; do - install_name_tool -add_rpath "$out/lib" "$exe" - done - ''} - ln -sfn $out/bin/sqlplus $out/bin/sqlplus64 - install -Dm644 *${extLib}* $out/lib + mkdir -p "$out/"{bin,include,lib,"share/java","share/${pname}-${version}/demo/"} $lib/lib + install -Dm755 {adrci,genezi,uidrvci,sqlplus} $out/bin + + # cp to preserve symlinks + cp -P *${extLib}* $lib/lib + install -Dm644 *.jar $out/share/java install -Dm644 sdk/include/* $out/include install -Dm644 sdk/demo/* $out/share/${pname}-${version}/demo - # PECL::oci8 will not build without this - # this symlink only exists in dist zipfiles for some platforms - ln -sfn $out/lib/libclntsh${extLib}.12.1 $out/lib/libclntsh${extLib} + # provide alias + ln -sfn $out/bin/sqlplus $out/bin/sqlplus64 + ''; + + postFixup = optionalString stdenv.isDarwin '' + for exe in "$out/bin/"* ; do + if [ ! -L "$exe" ]; then + install_name_tool -add_rpath "$lib/lib" "$exe" + fi + done ''; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/poco/default.nix b/pkgs/development/libraries/poco/default.nix index 993e53f2133..c19e343f19a 100644 --- a/pkgs/development/libraries/poco/default.nix +++ b/pkgs/development/libraries/poco/default.nix @@ -28,6 +28,5 @@ stdenv.mkDerivation rec { description = "Cross-platform C++ libraries with a network/internet focus"; license = licenses.boost; maintainers = with maintainers; [ orivej ]; - platforms = platforms.linux; }; } diff --git a/pkgs/development/libraries/protobuf/3.9.nix b/pkgs/development/libraries/protobuf/3.9.nix index 6652ba7648c..a2f3e0e0164 100644 --- a/pkgs/development/libraries/protobuf/3.9.nix +++ b/pkgs/development/libraries/protobuf/3.9.nix @@ -1,6 +1,6 @@ { callPackage, ... }: callPackage ./generic-v3.nix { - version = "3.9.0"; - sha256 = "1xq2njqrbmizwg91ggi1lqr0n26cm2jdyk668ljc24ihrpk0z9bw"; + version = "3.9.1"; + sha256 = "0vv85xb65dx6fa76fsnyps13kaamvwfzd8hr6ii1payr73x4zy2h"; } diff --git a/pkgs/development/libraries/protozero/default.nix b/pkgs/development/libraries/protozero/default.nix index 8704356a537..0bbfab62fcd 100644 --- a/pkgs/development/libraries/protozero/default.nix +++ b/pkgs/development/libraries/protozero/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "protozero"; - version = "1.6.7"; + version = "1.6.8"; src = fetchFromGitHub { owner = "mapbox"; repo = "protozero"; rev = "v${version}"; - sha256 = "1ryvn3iwxiaih3mvyy45nbwxnhzfc8vby0xh9m6d6fpakhcpf6s3"; + sha256 = "1hfijpfylf1c71wa3mk70gjc88b6k1q7cxb87cwqdflw5q2x8ma6"; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/development/libraries/ptlib/default.nix b/pkgs/development/libraries/ptlib/default.nix index d1dcc5fdb97..e7abedf3121 100644 --- a/pkgs/development/libraries/ptlib/default.nix +++ b/pkgs/development/libraries/ptlib/default.nix @@ -25,6 +25,11 @@ stdenv.mkDerivation rec { (fetchpatch { url = http://sources.debian.net/data/main/p/ptlib/2.10.11~dfsg-2.1/debian/patches/no-sslv3; sha256 = "172s1dnnrl54p9sf1nl7s475sm78rpw3p8jxi0pdx6izzl8hcdr0"; }) + (fetchpatch { + name = "openssl-1.1.patch"; + url = "https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0.patch?h=packages/ptlib&id=1dfa9f55e7e030d261228fca27dda82979ca7f30"; + sha256 = "11hdgyyibycg0wf5ls0wk9hksa4jd434i86xqiccbyg17n4l6lc1"; + }) ./ptlib-2.10.11-glibc-2.26.patch ]; diff --git a/pkgs/development/libraries/qca2/default.nix b/pkgs/development/libraries/qca2/default.nix index 33505f9b07f..19b11a60e7b 100644 --- a/pkgs/development/libraries/qca2/default.nix +++ b/pkgs/development/libraries/qca2/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, cmake, pkgconfig, qt, darwin }: +{ stdenv, fetchurl, openssl_1_0_2, cmake, pkgconfig, qt, darwin }: stdenv.mkDerivation rec { pname = "qca"; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ cmake pkgconfig ]; - buildInputs = [ qt ] + buildInputs = [ openssl_1_0_2 qt ] ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/qt-4.x/4.8/default.nix b/pkgs/development/libraries/qt-4.x/4.8/default.nix index f833d130fbb..8c1c76db8f4 100644 --- a/pkgs/development/libraries/qt-4.x/4.8/default.nix +++ b/pkgs/development/libraries/qt-4.x/4.8/default.nix @@ -83,13 +83,14 @@ stdenv.mkDerivation rec { + "21b342d71c19e6d68b649947f913410fe6129ea4/debian/patches/kubuntu_39_fix_medium_font.diff"; sha256 = "0bli44chn03c2y70w1n8l7ss4ya0b40jqqav8yxrykayi01yf95j"; }) - # Patch is no longer available from here, so vendoring it for now. + # Patches are no longer available from here, so vendoring it for now. #(fetchpatch { # name = "qt4-gcc6.patch"; # url = "https://git.archlinux.org/svntogit/packages.git/plain/trunk/qt4-gcc6.patch?h=packages/qt4&id=ca773a144f5abb244ac4f2749eeee9333cac001f"; # sha256 = "07lrva7bjh6i40p7b3ml26a2jlznri8bh7y7iyx5zmvb1gfxmj34"; #}) ./qt4-gcc6.patch + ./qt4-openssl-1.1.patch ] ++ lib.optional gtkStyle (substituteAll ({ src = ./dlopen-gtkstyle.diff; diff --git a/pkgs/development/libraries/qt-4.x/4.8/qt4-openssl-1.1.patch b/pkgs/development/libraries/qt-4.x/4.8/qt4-openssl-1.1.patch new file mode 100644 index 00000000000..1931ceb0c74 --- /dev/null +++ b/pkgs/development/libraries/qt-4.x/4.8/qt4-openssl-1.1.patch @@ -0,0 +1,398 @@ +--- a/src/network/ssl/qsslcertificate.cpp ++++ b/src/network/ssl/qsslcertificate.cpp +@@ -259,10 +259,10 @@ + QByteArray QSslCertificate::version() const + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); +- if (d->versionString.isEmpty() && d->x509) ++ if (d->versionString.isEmpty() && d->x509) { + d->versionString = +- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); +- ++ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); ++ } + return d->versionString; + } + +@@ -276,7 +276,7 @@ + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->serialNumberString.isEmpty() && d->x509) { +- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; ++ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); + // if we cannot convert to a long, just output the hexadecimal number + if (serialNumber->length > 4) { + QByteArray hexString; +@@ -489,24 +489,33 @@ + QSslKey key; + + key.d->type = QSsl::PublicKey; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_PUBKEY *xkey = d->x509->cert_info->key; ++#else ++ X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509); ++#endif + EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); + Q_ASSERT(pkey); + +- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { ++ int key_id; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ key_id = q_EVP_PKEY_type(pkey->type); ++#else ++ key_id = q_EVP_PKEY_base_id(pkey); ++#endif ++ if (key_id == EVP_PKEY_RSA) { + key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); + key.d->algorithm = QSsl::Rsa; + key.d->isNull = false; +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { ++ } else if (key_id == EVP_PKEY_DSA) { + key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); + key.d->algorithm = QSsl::Dsa; + key.d->isNull = false; +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { ++ } else if (key_id == EVP_PKEY_DH) { + // DH unsupported + } else { + // error? + } +- + q_EVP_PKEY_free(pkey); + return key; + } +--- a/src/network/ssl/qsslkey.cpp ++++ b/src/network/ssl/qsslkey.cpp +@@ -321,8 +321,19 @@ + { + if (d->isNull) + return -1; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + return (d->algorithm == QSsl::Rsa) + ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p); ++#else ++ if (d->algorithm == QSsl::Rsa) { ++ return q_RSA_bits(d->rsa); ++ }else{ ++ BIGNUM *p = NULL; ++ q_DSA_get0_pqg(d->dsa, &p, NULL, NULL); ++ return q_BN_num_bits(p); ++ } ++#endif ++ + } + + /*! +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -93,6 +93,7 @@ + bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; + bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* \internal + + From OpenSSL's thread(3) manual page: +@@ -174,6 +175,8 @@ + } + } // extern "C" + ++#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L ++ + QSslSocketBackendPrivate::QSslSocketBackendPrivate() + : ssl(0), + ctx(0), +@@ -222,9 +225,12 @@ + ciph.d->encryptionMethod = descriptionList.at(4).mid(4); + ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export")); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ciph.d->bits = cipher->strength_bits; + ciph.d->supportedBits = cipher->alg_bits; +- ++#else ++ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits); ++#endif + } + return ciph; + } +@@ -367,7 +373,7 @@ + // + // See also: QSslContext::fromConfiguration() + if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { +- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle()); + } + } + +@@ -504,8 +510,10 @@ + */ + void QSslSocketPrivate::deinitialize() + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + q_CRYPTO_set_id_callback(0); + q_CRYPTO_set_locking_callback(0); ++#endif + } + + /*! +@@ -526,13 +534,17 @@ + return false; + + // Check if the library itself needs to be initialized. ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + QMutexLocker locker(openssl_locks()->initLock()); ++#endif + if (!s_libraryLoaded) { + s_libraryLoaded = true; + + // Initialize OpenSSL. ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + q_CRYPTO_set_id_callback(id_function); + q_CRYPTO_set_locking_callback(locking_function); ++#endif + if (q_SSL_library_init() != 1) + return false; + q_SSL_load_error_strings(); +@@ -571,7 +583,9 @@ + + void QSslSocketPrivate::ensureCiphersAndCertsLoaded() + { +- QMutexLocker locker(openssl_locks()->initLock()); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ QMutexLocker locker(openssl_locks()->initLock()); ++#endif + if (s_loadedCiphersAndCerts) + return; + s_loadedCiphersAndCerts = true; +@@ -663,13 +677,18 @@ + STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl); + for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) { + if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { +- if (cipher->valid) { ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ if (cipher->valid) { ++#endif + QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); + if (!ciph.isNull()) { + if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) + ciphers << ciph; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + } ++#endif + } + } + +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -290,6 +290,22 @@ + DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) + DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) + DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) ++DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return) ++ ++DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return) ++DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return) ++DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int *alg_bits, alg_bits, return 0, return) ++DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return) ++DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return) ++DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return) ++DEFINEFUNC(int, RSA_bits, const RSA *rsa, rsa, return 0, return) ++DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return) ++DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return) ++#endif + + #ifdef Q_OS_SYMBIAN + #define RESOLVEFUNC(func, ordinal, lib) \ +@@ -801,6 +817,7 @@ + RESOLVEFUNC(SSL_CTX_use_PrivateKey) + RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey) + RESOLVEFUNC(SSL_CTX_use_PrivateKey_file) ++ RESOLVEFUNC(SSL_CTX_get_cert_store) + RESOLVEFUNC(SSL_accept) + RESOLVEFUNC(SSL_clear) + RESOLVEFUNC(SSL_connect) +@@ -823,6 +840,23 @@ + RESOLVEFUNC(SSL_set_connect_state) + RESOLVEFUNC(SSL_shutdown) + RESOLVEFUNC(SSL_write) ++ ++ RESOLVEFUNC(X509_get_serialNumber) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ RESOLVEFUNC(SSL_CTX_ctrl) ++ RESOLVEFUNC(EVP_PKEY_id) ++ RESOLVEFUNC(EVP_PKEY_base_id) ++ RESOLVEFUNC(SSL_CIPHER_get_bits) ++ RESOLVEFUNC(SSL_CTX_set_options) ++ RESOLVEFUNC(X509_get_version) ++ RESOLVEFUNC(X509_get_X509_PUBKEY) ++ RESOLVEFUNC(RSA_bits) ++ RESOLVEFUNC(DSA_security_bits) ++ RESOLVEFUNC(DSA_get0_pqg) ++ RESOLVEFUNC(X509_get_notAfter) ++ RESOLVEFUNC(X509_get_notBefore) ++#endif ++ + #ifndef OPENSSL_NO_SSL2 + RESOLVEFUNC(SSLv2_client_method) + #endif +--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -399,7 +399,25 @@ + PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ + bp,(char *)x,enc,kstr,klen,cb,u) + #endif ++ ++X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx); ++ASN1_INTEGER * q_X509_get_serialNumber(X509 *x); ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++#define q_X509_get_version(x) X509_get_version(x) ++#else ++int q_EVP_PKEY_id(const EVP_PKEY *pkey); ++int q_EVP_PKEY_base_id(const EVP_PKEY *pkey); ++int q_SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); ++long q_SSL_CTX_set_options(SSL_CTX *ctx, long options); ++long q_X509_get_version(X509 *x); ++X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x); ++int q_RSA_bits(const RSA *rsa); ++int q_DSA_security_bits(const DSA *dsa); ++void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g); ++#endif ++ + #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) + #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) + #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) +@@ -410,8 +428,15 @@ + #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) + #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ + q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define q_X509_get_notAfter(x) X509_get_notAfter(x) + #define q_X509_get_notBefore(x) X509_get_notBefore(x) ++#else ++ASN1_TIME *q_X509_get_notAfter(X509 *x); ++ASN1_TIME *q_X509_get_notBefore(X509 *x); ++#endif ++ + #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) + #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ +--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp.omv~ 2017-03-15 02:27:18.143322736 +0100 ++++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp 2017-03-15 02:29:56.215819741 +0100 +@@ -696,7 +696,7 @@ + unsigned char *data = 0; + int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); + info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size); +- q_CRYPTO_free(data); ++ q_OPENSSL_free(data); + } + return info; + } +--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp.0131~ 2017-03-15 02:22:37.053244125 +0100 ++++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp 2017-03-15 02:22:37.055244057 +0100 +@@ -328,7 +328,7 @@ + if (d->algorithm == QSsl::Rsa) { + return q_RSA_bits(d->rsa); + }else{ +- BIGNUM *p = NULL; ++ const BIGNUM *p = NULL; + q_DSA_get0_pqg(d->dsa, &p, NULL, NULL); + return q_BN_num_bits(p); + } +--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp.0131~ 2017-03-15 02:22:37.054244091 +0100 ++++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-03-15 02:29:41.155236836 +0100 +@@ -111,16 +111,16 @@ + DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); + DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) + DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) +-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) ++DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return) + DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) + DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) +-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) + DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) + DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) + DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) + DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) +-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) ++DEFINEFUNC(void, OPENSSL_free, void *a, a, return, DUMMYARG) + DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) + #if OPENSSL_VERSION_NUMBER < 0x00908000L + DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, unsigned char **b, b, long c, c, return 0, return) +@@ -300,7 +300,7 @@ + DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return) + DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return) + DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return) +-DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return) ++DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, return) + #endif + + #ifdef Q_OS_SYMBIAN +--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h.0131~ 2017-03-15 02:22:37.054244091 +0100 ++++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-03-15 02:29:50.192986268 +0100 +@@ -59,6 +59,9 @@ + QT_BEGIN_NAMESPACE + + #define DUMMYARG ++#ifndef OPENSSL_NO_SSL2 ++#define OPENSSL_NO_SSL2 1 ++#endif + + #if !defined QT_LINKED_OPENSSL + // **************** Shared declarations ****************** +@@ -207,16 +210,16 @@ + int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); + long q_BIO_ctrl(BIO *a, int b, long c, void *d); + int q_BIO_free(BIO *a); +-BIO *q_BIO_new(BIO_METHOD *a); ++BIO *q_BIO_new(const BIO_METHOD *a); + BIO *q_BIO_new_mem_buf(void *a, int b); + int q_BIO_read(BIO *a, void *b, int c); +-BIO_METHOD *q_BIO_s_mem(); ++const BIO_METHOD *q_BIO_s_mem(); + int q_BIO_write(BIO *a, const void *b, int c); + int q_BN_num_bits(const BIGNUM *a); + int q_CRYPTO_num_locks(); + void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); + void q_CRYPTO_set_id_callback(unsigned long (*a)()); +-void q_CRYPTO_free(void *a); ++void q_OPENSSL_free(void *a); + void q_DSA_free(DSA *a); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + // 0.9.8 broke SC and BC by changing this function's signature. +@@ -326,7 +329,6 @@ + void q_SSL_set_connect_state(SSL *a); + int q_SSL_shutdown(SSL *a); + #if OPENSSL_VERSION_NUMBER >= 0x10000000L +-const SSL_METHOD *q_SSLv2_client_method(); + const SSL_METHOD *q_SSLv3_client_method(); + const SSL_METHOD *q_SSLv23_client_method(); + const SSL_METHOD *q_TLSv1_client_method(); +@@ -335,7 +337,6 @@ + const SSL_METHOD *q_SSLv23_server_method(); + const SSL_METHOD *q_TLSv1_server_method(); + #else +-SSL_METHOD *q_SSLv2_client_method(); + SSL_METHOD *q_SSLv3_client_method(); + SSL_METHOD *q_SSLv23_client_method(); + SSL_METHOD *q_TLSv1_client_method(); +@@ -415,7 +416,7 @@ + X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x); + int q_RSA_bits(const RSA *rsa); + int q_DSA_security_bits(const DSA *dsa); +-void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g); ++void q_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); + #endif + + #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) diff --git a/pkgs/development/libraries/qt-5/5.12/qtbase.patch b/pkgs/development/libraries/qt-5/5.12/qtbase.patch index 118ffaa511e..87ed0ddc4d4 100644 --- a/pkgs/development/libraries/qt-5/5.12/qtbase.patch +++ b/pkgs/development/libraries/qt-5/5.12/qtbase.patch @@ -1114,3 +1114,33 @@ diff -aur qtbase-everywhere-src-5.12.3-a/src/widgets/Qt5WidgetsConfigExtras.cmak !!ELSE set(imported_location \"$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") !!ENDIF +diff --git a/mkspecs/features/mac/sdk.mk b/mkspecs/features/mac/sdk.mk +index c40f58c987..e69de29bb2 100644 +--- a/mkspecs/features/mac/sdk.mk ++++ b/mkspecs/features/mac/sdk.mk +@@ -1,25 +0,0 @@ +- +-ifeq ($(QT_MAC_SDK_NO_VERSION_CHECK),) +- CHECK_SDK_COMMAND = /usr/bin/xcrun --sdk $(EXPORT_QMAKE_MAC_SDK) -show-sdk-version 2>&1 +- CURRENT_MAC_SDK_VERSION := $(shell DEVELOPER_DIR=$(EXPORT_QMAKE_XCODE_DEVELOPER_PATH) $(CHECK_SDK_COMMAND)) +- ifneq ($(CURRENT_MAC_SDK_VERSION),$(EXPORT_QMAKE_MAC_SDK_VERSION)) +- # We don't want to complain about out of date SDK unless the target needs to be remade. +- # This covers use-cases such as running 'make check' after moving the build to a +- # computer without Xcode or with a different Xcode version. +- TARGET_UP_TO_DATE := $(shell QT_MAC_SDK_NO_VERSION_CHECK=1 $(MAKE) --question $(QMAKE_TARGET) && echo 1 || echo 0) +- ifeq ($(TARGET_UP_TO_DATE),0) +- ifneq ($(findstring missing DEVELOPER_DIR path,$(CURRENT_MAC_SDK_VERSION)),) +- $(info The developer dir $(EXPORT_QMAKE_XCODE_DEVELOPER_PATH) is no longer valid.) +- else ifneq ($(findstring SDK "$(EXPORT_QMAKE_MAC_SDK)" cannot be located,$(CURRENT_MAC_SDK_VERSION)),) +- $(info The developer dir $(EXPORT_QMAKE_XCODE_DEVELOPER_PATH) no longer contains the $(EXPORT_QMAKE_MAC_SDK_VERSION) platform SDK.) +- else ifneq ($(CURRENT_MAC_SDK_VERSION),) +- $(info The platform SDK has been changed from version $(EXPORT_QMAKE_MAC_SDK_VERSION) to version $(CURRENT_MAC_SDK_VERSION).) +- else +- $(info Unknown error resolving current platform SDK version.) +- endif +- $(info This requires a fresh build. Please wipe the build directory completely,) +- $(info including any .qmake.stash and .qmake.cache files generated by qmake.) +- $(error ^) +- endif +- endif +-endif diff --git a/pkgs/development/libraries/qt-5/5.6/default.nix b/pkgs/development/libraries/qt-5/5.6/default.nix deleted file mode 100644 index d45b014b765..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/default.nix +++ /dev/null @@ -1,193 +0,0 @@ -/* - -# New packages - -READ THIS FIRST - -This module is for official packages in Qt 5. All available packages are listed -in `./srcs.nix`, although a few are not yet packaged in Nixpkgs (see below). - -IF YOUR PACKAGE IS NOT LISTED IN `./srcs.nix`, IT DOES NOT GO HERE. - -Many of the packages released upstream are not yet built in Nixpkgs due to lack -of demand. To add a Nixpkgs build for an upstream package, copy one of the -existing packages here and modify it as necessary. - -# Updates - -1. Update the URL in `./fetch.sh`. -2. Run `./maintainers/scripts/fetch-kde-qt.sh pkgs/development/libraries/qt-5/$VERSION/` - from the top of the Nixpkgs tree. -3. Check that the new packages build correctly. -4. Commit the changes and open a pull request. - -*/ - -{ - newScope, - stdenv, fetchurl, fetchpatch, makeSetupHook, makeWrapper, - bison, cups ? null, harfbuzz, libGL, perl, - gstreamer, gst-plugins-base, - - # options - developerBuild ? false, - decryptSslTraffic ? false, - debug ? false, -}: - -with stdenv.lib; - -let - - qtCompatVersion = srcs.qtbase.version; - - mirror = "http://download.qt.io"; - srcs = import ./srcs.nix { inherit fetchurl; inherit mirror; }; - - patches = { - qtbase = [ - ./qtbase.patch - ./qtbase-fixguicmake.patch - (fetchpatch { - name = "CVE-2018-15518.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=28a6e642af2ccb454dd019f551c2908753f76f08"; - sha256 = "0nyssg7d0br7qgzp481f1w8b4p1bj2ggv9iyfrm1mng5v9fypdd7"; - }) - (fetchpatch { - name = "CVE-2018-19873.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=patch;h=c9b9f663d7243988bcb5fee9180ea9cb3a321a86"; - sha256 = "1q01cafy92c1j8cgrv4sk133mi3d48x8kbg3glbnnbijpc4k6di5"; - }) - (fetchpatch { - name = "CVE-2018-19870.patch"; - url = "http://code.qt.io/cgit/qt/qtbase.git/patch/?id=ac0a910756f91726e03c0e6a89d213bdb4f48fec"; - sha256 = "00qb9yqwvwnp202am3lqirkjxln1cj8v4wvmlyqya6hna176lj2l"; - }) - ]; - qtdeclarative = [ ./qtdeclarative.patch ]; - qtscript = [ ./qtscript.patch ]; - qtserialport = [ ./qtserialport.patch ]; - qttools = [ ./qttools.patch ]; - qtwebengine = [ ./qtwebengine-seccomp.patch ]; - qtwebkit = [ ./qtwebkit.patch ]; - qtvirtualkeyboard = [ - (fetchpatch { - name = "CVE-2018-19865-A.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=c02115db1de1f3aba81e109043766d600f886522"; - sha256 = "0ncnyl8f3ypi1kcb9z2i8j33snix111h28njrx8rb49ny01ap8x2"; - }) - (fetchpatch { - name = "CVE-2018-19865-B.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=01fc537adc74d5e102c8cc93384cdf5cb08b4442"; - sha256 = "19z8kxqf2lpjqr8189ingrpadch4niviw3p5v93zgx24v7950q27"; - }) - (fetchpatch { - name = "CVE-2018-19865-C.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtvirtualkeyboard.git;a=patch;h=993a21ba03534b172d5354405cc9d50a2a822e24"; - sha256 = "1bipqxr9bvy8z402pv9kj2w1yzcsj1v03l09pg5jyg1xh6jbgiky"; - }) - ]; - qtimageformats = [ - (fetchpatch { - name = "CVE-2018-19871.patch"; - url = "https://codereview.qt-project.org/gitweb?p=qt/qtimageformats.git;a=patch;h=9299ab07df61c56b70e047f1fe5f06b6ff541aa3"; - sha256 = "0fd3mxdlc0s405j02bc0g72fvdfvpi31a837xfwf40m5j4jbyndr"; - }) - ]; - qtsvg = [ - (fetchpatch { - name = "CVE-2018-19869.patch"; - url = "http://code.qt.io/cgit/qt/qtsvg.git/patch/?id=c5f1dd14098d1cc2cb52448fb44f53966d331443"; - sha256 = "1kgyfsxw2f0qv5fx9y7wysjsvqikam0qc7wzhklf0406zz6rhxbl"; - }) - ]; - }; - - qtModule = - import ../qtModule.nix - { - inherit perl; - inherit (stdenv) lib; - # Use a variant of mkDerivation that does not include wrapQtApplications - # to avoid cyclic dependencies between Qt modules. - mkDerivation = - import ../mkDerivation.nix - { inherit (stdenv) lib; inherit debug; wrapQtAppsHook = null; } - stdenv.mkDerivation; - } - { inherit self srcs patches; }; - - addPackages = self: with self; - let - callPackage = self.newScope { inherit qtCompatVersion qtModule srcs; }; - in { - - mkDerivationWith = - import ../mkDerivation.nix - { inherit (stdenv) lib; inherit debug; inherit (self) wrapQtAppsHook; }; - - mkDerivation = mkDerivationWith stdenv.mkDerivation; - - qtbase = callPackage ../modules/qtbase.nix { - inherit bison cups harfbuzz libGL; - inherit (srcs.qtbase) src version; - patches = patches.qtbase; - inherit developerBuild decryptSslTraffic; - }; - - /* qt3d = not packaged */ - /* qtactiveqt = not packaged */ - /* qtandroidextras = not packaged */ - /* qtcanvas3d = not packaged */ - qtconnectivity = callPackage ../modules/qtconnectivity.nix {}; - qtdeclarative = callPackage ../modules/qtdeclarative.nix {}; - qtdoc = callPackage ../modules/qtdoc.nix {}; - qtgraphicaleffects = callPackage ../modules/qtgraphicaleffects.nix {}; - qtimageformats = callPackage ../modules/qtimageformats.nix {}; - qtlocation = callPackage ../modules/qtlocation.nix {}; - /* qtmacextras = not packaged */ - qtmultimedia = callPackage ../modules/qtmultimedia.nix { - inherit gstreamer gst-plugins-base; - }; - qtquick1 = null; - qtquickcontrols = callPackage ../modules/qtquickcontrols.nix {}; - qtquickcontrols2 = callPackage ../modules/qtquickcontrols2.nix {}; - qtscript = callPackage ../modules/qtscript.nix {}; - qtsensors = callPackage ../modules/qtsensors.nix {}; - qtserialport = callPackage ../modules/qtserialport.nix {}; - qtsvg = callPackage ../modules/qtsvg.nix {}; - qttools = callPackage ../modules/qttools.nix {}; - qttranslations = callPackage ../modules/qttranslations.nix {}; - qtwayland = callPackage ../modules/qtwayland.nix {}; - qtwebchannel = callPackage ../modules/qtwebchannel.nix {}; - qtwebengine = callPackage ../modules/qtwebengine.nix {}; - qtwebkit = callPackage ../modules/qtwebkit.nix {}; - qtwebsockets = callPackage ../modules/qtwebsockets.nix {}; - /* qtwinextras = not packaged */ - qtx11extras = callPackage ../modules/qtx11extras.nix {}; - qtxmlpatterns = callPackage ../modules/qtxmlpatterns.nix {}; - qtvirtualkeyboard = callPackage ../modules/qtvirtualkeyboard.nix {}; - - env = callPackage ../qt-env.nix {}; - full = env "qt-full-${qtbase.version}" [ - qtconnectivity qtdeclarative qtdoc qtgraphicaleffects qtimageformats - qtlocation qtmultimedia qtquickcontrols qtquickcontrols2 qtscript - qtsensors qtserialport qtsvg qttools qttranslations qtwayland - qtwebchannel qtwebengine qtwebkit qtwebsockets qtx11extras qtxmlpatterns - ]; - - qmake = makeSetupHook { - deps = [ self.qtbase.dev ]; - substitutions = { inherit (stdenv) isDarwin; }; - } ../hooks/qmake-hook.sh; - - wrapQtAppsHook = makeSetupHook { - deps = - [ self.qtbase.dev makeWrapper ] - ++ optional stdenv.isLinux self.qtwayland.dev; - } ../hooks/wrap-qt-apps-hook.sh; - }; - - self = makeScope newScope addPackages; - -in self diff --git a/pkgs/development/libraries/qt-5/5.6/fetch.sh b/pkgs/development/libraries/qt-5/5.6/fetch.sh deleted file mode 100644 index bb9eb66a01d..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/fetch.sh +++ /dev/null @@ -1,2 +0,0 @@ -WGET_ARGS=( http://download.qt.io/official_releases/qt/5.6/5.6.3/submodules/ \ - http://download.qt.io/community_releases/5.6/5.6.3/ ) diff --git a/pkgs/development/libraries/qt-5/5.6/qtbase-fixguicmake.patch b/pkgs/development/libraries/qt-5/5.6/qtbase-fixguicmake.patch deleted file mode 100644 index 8b46d432812..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qtbase-fixguicmake.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -index 0bbc871..3673634 100644 ---- a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -+++ b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -@@ -286,7 +286,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - macro(_populate_$${CMAKE_MODULE_NAME}_plugin_properties Plugin Configuration PLUGIN_LOCATION) - set_property(TARGET Qt5::${Plugin} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - -- set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") -+ set(imported_location \"${PLUGIN_LOCATION}\") - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) - set_target_properties(Qt5::${Plugin} PROPERTIES - \"IMPORTED_LOCATION_${Configuration}\" ${imported_location} -diff --git a/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in b/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in -index 5baf0fd..3583745 100644 ---- a/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in -+++ b/mkspecs/features/data/cmake/Qt5PluginTarget.cmake.in -@@ -2,10 +2,10 @@ - add_library(Qt5::$$CMAKE_PLUGIN_NAME MODULE IMPORTED) - - !!IF !isEmpty(CMAKE_RELEASE_TYPE) --_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"$${CMAKE_PLUGIN_LOCATION_RELEASE}\") -+_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME RELEASE \"$${CMAKE_PLUGIN_DIR}$${CMAKE_PLUGIN_LOCATION_RELEASE}\") - !!ENDIF - !!IF !isEmpty(CMAKE_DEBUG_TYPE) --_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"$${CMAKE_PLUGIN_LOCATION_DEBUG}\") -+_populate_$${CMAKE_MODULE_NAME}_plugin_properties($$CMAKE_PLUGIN_NAME DEBUG \"$${CMAKE_PLUGIN_DIR}$${CMAKE_PLUGIN_LOCATION_DEBUG}\") - !!ENDIF - - list(APPEND Qt5$${CMAKE_MODULE_NAME}_PLUGINS Qt5::$$CMAKE_PLUGIN_NAME) diff --git a/pkgs/development/libraries/qt-5/5.6/qtbase.patch b/pkgs/development/libraries/qt-5/5.6/qtbase.patch deleted file mode 100644 index d8322cbc199..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qtbase.patch +++ /dev/null @@ -1,795 +0,0 @@ -diff --git a/mkspecs/features/create_cmake.prf b/mkspecs/features/create_cmake.prf -index 11fb52a0b1..614fdbb046 100644 ---- a/mkspecs/features/create_cmake.prf -+++ b/mkspecs/features/create_cmake.prf -@@ -21,7 +21,7 @@ load(cmake_functions) - # at cmake time whether package has been found via a symlink, and correct - # that to an absolute path. This is only done for installations to - # the /usr or / prefix. --CMAKE_INSTALL_LIBS_DIR = $$cmakeTargetPath($$[QT_INSTALL_LIBS]) -+CMAKE_INSTALL_LIBS_DIR = $$cmakeTargetPath($$NIX_OUTPUT_OUT/lib/) - contains(CMAKE_INSTALL_LIBS_DIR, ^(/usr)?/lib(64)?.*): CMAKE_USR_MOVE_WORKAROUND = $$CMAKE_INSTALL_LIBS_DIR - - CMAKE_OUT_DIR = $$MODULE_BASE_OUTDIR/lib/cmake -@@ -47,47 +47,22 @@ split_incpath { - $$cmake_extra_source_includes.output - } - --CMAKE_INCLUDE_DIR = $$cmakeRelativePath($$[QT_INSTALL_HEADERS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_INCLUDE_DIR, "^\\.\\./.*") { -- CMAKE_INCLUDE_DIR = $$[QT_INSTALL_HEADERS]/ -- CMAKE_INCLUDE_DIR_IS_ABSOLUTE = True --} -+CMAKE_INCLUDE_DIR = $$NIX_OUTPUT_DEV/include/ -+CMAKE_INCLUDE_DIR_IS_ABSOLUTE = True - - !exists($$first(QT.$${MODULE}_private.includes)): CMAKE_NO_PRIVATE_INCLUDES = true - --CMAKE_LIB_DIR = $$cmakeRelativePath($$[QT_INSTALL_LIBS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_LIB_DIR,"^\\.\\./.*") { -- CMAKE_LIB_DIR = $$[QT_INSTALL_LIBS]/ -- CMAKE_LIB_DIR_IS_ABSOLUTE = True --} else { -- CMAKE_RELATIVE_INSTALL_LIBS_DIR = $$cmakeRelativePath($$[QT_INSTALL_PREFIX], $$[QT_INSTALL_LIBS]) -- # We need to go up another two levels because the CMake files are -- # installed in $${CMAKE_LIB_DIR}/cmake/Qt5$${CMAKE_MODULE_NAME} -- CMAKE_RELATIVE_INSTALL_DIR = "$${CMAKE_RELATIVE_INSTALL_LIBS_DIR}../../" --} -+CMAKE_LIB_DIR = $$NIX_OUTPUT_OUT/lib/ -+CMAKE_LIB_DIR_IS_ABSOLUTE = True - --CMAKE_BIN_DIR = $$cmakeRelativePath($$[QT_HOST_BINS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_BIN_DIR, "^\\.\\./.*") { -- CMAKE_BIN_DIR = $$[QT_HOST_BINS]/ -- CMAKE_BIN_DIR_IS_ABSOLUTE = True --} -+CMAKE_BIN_DIR = $$NIX_OUTPUT_BIN/bin/ -+CMAKE_BIN_DIR_IS_ABSOLUTE = True - --CMAKE_PLUGIN_DIR = $$cmakeRelativePath($$[QT_INSTALL_PLUGINS], $$[QT_INSTALL_PREFIX]) --contains(CMAKE_PLUGIN_DIR, "^\\.\\./.*") { -- CMAKE_PLUGIN_DIR = $$[QT_INSTALL_PLUGINS]/ -- CMAKE_PLUGIN_DIR_IS_ABSOLUTE = True --} -+CMAKE_PLUGIN_DIR = $$NIX_OUTPUT_PLUGIN/ -+CMAKE_PLUGIN_DIR_IS_ABSOLUTE = True - --win32:!wince:!static:!staticlib { -- CMAKE_DLL_DIR = $$cmakeRelativePath($$[QT_INSTALL_BINS], $$[QT_INSTALL_PREFIX]) -- contains(CMAKE_DLL_DIR, "^\\.\\./.*") { -- CMAKE_DLL_DIR = $$[QT_INSTALL_BINS]/ -- CMAKE_DLL_DIR_IS_ABSOLUTE = True -- } --} else { -- CMAKE_DLL_DIR = $$CMAKE_LIB_DIR -- CMAKE_DLL_DIR_IS_ABSOLUTE = $$CMAKE_LIB_DIR_IS_ABSOLUTE --} -+CMAKE_DLL_DIR = $$NIX_OUTPUT_OUT/lib/ -+CMAKE_DLL_DIR_IS_ABSOLUTE = True - - static|staticlib:CMAKE_STATIC_TYPE = true - -@@ -167,7 +142,7 @@ contains(CONFIG, plugin) { - cmake_target_file - - cmake_qt5_plugin_file.files = $$cmake_target_file.output -- cmake_qt5_plugin_file.path = $$[QT_INSTALL_LIBS]/cmake/Qt5$${CMAKE_MODULE_NAME} -+ cmake_qt5_plugin_file.path = $$NIX_OUTPUT_OUT/lib/cmake/Qt5$${CMAKE_MODULE_NAME} - INSTALLS += cmake_qt5_plugin_file - - return() -@@ -314,7 +289,7 @@ exists($$cmake_macros_file.input) { - cmake_qt5_module_files.files += $$cmake_macros_file.output - } - --cmake_qt5_module_files.path = $$[QT_INSTALL_LIBS]/cmake/Qt5$${CMAKE_MODULE_NAME} -+cmake_qt5_module_files.path = $$NIX_OUTPUT_OUT/lib/cmake/Qt5$${CMAKE_MODULE_NAME} - - # We are generating cmake files. Most developers of Qt are not aware of cmake, - # so we require automatic tests to be available. The only module which should -diff --git a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -index d2358cae4b..61d8cc0471 100644 ---- a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -+++ b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in -@@ -9,30 +9,6 @@ if (CMAKE_VERSION VERSION_LESS 3.0.0) - endif() - !!ENDIF - --!!IF !isEmpty(CMAKE_USR_MOVE_WORKAROUND) --!!IF !isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) --set(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"$$[QT_INSTALL_PREFIX]\") --!!ELSE --get_filename_component(_IMPORT_PREFIX \"${CMAKE_CURRENT_LIST_FILE}\" PATH) --# Use original install prefix when loaded through a --# cross-prefix symbolic link such as /lib -> /usr/lib. --get_filename_component(_realCurr \"${_IMPORT_PREFIX}\" REALPATH) --get_filename_component(_realOrig \"$$CMAKE_INSTALL_LIBS_DIR/cmake/Qt5$${CMAKE_MODULE_NAME}\" REALPATH) --if(_realCurr STREQUAL _realOrig) -- get_filename_component(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"$$CMAKE_INSTALL_LIBS_DIR/$${CMAKE_RELATIVE_INSTALL_LIBS_DIR}\" ABSOLUTE) --else() -- get_filename_component(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"${CMAKE_CURRENT_LIST_DIR}/$${CMAKE_RELATIVE_INSTALL_DIR}\" ABSOLUTE) --endif() --unset(_realOrig) --unset(_realCurr) --unset(_IMPORT_PREFIX) --!!ENDIF --!!ELIF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) --get_filename_component(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"${CMAKE_CURRENT_LIST_DIR}/$${CMAKE_RELATIVE_INSTALL_DIR}\" ABSOLUTE) --!!ELSE --set(_qt5$${CMAKE_MODULE_NAME}_install_prefix \"$$[QT_INSTALL_PREFIX]\") --!!ENDIF -- - !!IF !equals(TEMPLATE, aux) - # For backwards compatibility only. Use Qt5$${CMAKE_MODULE_NAME}_VERSION instead. - set(Qt5$${CMAKE_MODULE_NAME}_VERSION_STRING "$$eval(QT.$${MODULE}.MAJOR_VERSION).$$eval(QT.$${MODULE}.MINOR_VERSION).$$eval(QT.$${MODULE}.PATCH_VERSION)") -@@ -58,11 +34,7 @@ endmacro() - macro(_populate_$${CMAKE_MODULE_NAME}_target_properties Configuration LIB_LOCATION IMPLIB_LOCATION) - set_property(TARGET Qt5::$${CMAKE_MODULE_NAME} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - --!!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_DLL_DIR}${LIB_LOCATION}\") --!!ELSE - set(imported_location \"$${CMAKE_DLL_DIR}${LIB_LOCATION}\") --!!ENDIF - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) - set_target_properties(Qt5::$${CMAKE_MODULE_NAME} PROPERTIES - \"INTERFACE_LINK_LIBRARIES\" \"${_Qt5$${CMAKE_MODULE_NAME}_LIB_DEPENDENCIES}\" -@@ -75,11 +47,7 @@ macro(_populate_$${CMAKE_MODULE_NAME}_target_properties Configuration LIB_LOCATI - ) - - !!IF !isEmpty(CMAKE_WINDOWS_BUILD) --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_implib \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") --!!ELSE - set(imported_implib \"IMPORTED_IMPLIB_${Configuration}\" \"$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") --!!ENDIF - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_implib}) - if(NOT \"${IMPLIB_LOCATION}\" STREQUAL \"\") - set_target_properties(Qt5::$${CMAKE_MODULE_NAME} PROPERTIES -@@ -95,24 +63,13 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - !!IF !no_module_headers - !!IF !isEmpty(CMAKE_BUILD_IS_FRAMEWORK) - set(_Qt5$${CMAKE_MODULE_NAME}_OWN_INCLUDE_DIRS -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework\" -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Headers\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Headers\" - ) - !!IF isEmpty(CMAKE_NO_PRIVATE_INCLUDES) - set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/\" -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/$${MODULE_INCNAME}\" -- ) --!!ELSE -- set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS \"\") --!!ENDIF --!!ELSE --!!IF isEmpty(CMAKE_INCLUDE_DIR_IS_ABSOLUTE) -- set(_Qt5$${CMAKE_MODULE_NAME}_OWN_INCLUDE_DIRS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$$CMAKE_INCLUDE_DIR\" \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_INCLUDE_DIR}$${MODULE_INCNAME}\") --!!IF isEmpty(CMAKE_NO_PRIVATE_INCLUDES) -- set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_INCLUDE_DIR}$${MODULE_INCNAME}/$$VERSION\" -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_INCLUDE_DIR}$${MODULE_INCNAME}/$$VERSION/$${MODULE_INCNAME}\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/\" -+ \"$${CMAKE_LIB_DIR}Qt$${CMAKE_MODULE_NAME}.framework/Versions/$$section(VERSION, ., 0, 0)/Headers/$$VERSION/$${MODULE_INCNAME}\" - ) - !!ELSE - set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS \"\") -@@ -128,7 +85,6 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - set(Qt5$${CMAKE_MODULE_NAME}_PRIVATE_INCLUDE_DIRS \"\") - !!ENDIF - !!ENDIF --!!ENDIF - !!IF !isEmpty(CMAKE_ADD_SOURCE_INCLUDE_DIRS) - include(\"${CMAKE_CURRENT_LIST_DIR}/ExtraSourceIncludes.cmake\" OPTIONAL) - !!ENDIF -@@ -254,25 +210,13 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - !!IF !isEmpty(CMAKE_FIND_OTHER_LIBRARY_BUILD) - !!IF isEmpty(CMAKE_DEBUG_TYPE) - !!IF !isEmpty(CMAKE_STATIC_WINDOWS_BUILD) --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- if (EXISTS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ELSE // CMAKE_LIB_DIR_IS_ABSOLUTE - if (EXISTS \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ENDIF // CMAKE_LIB_DIR_IS_ABSOLUTE - _populate_$${CMAKE_MODULE_NAME}_target_properties(DEBUG \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" \"\" ) - !!ELSE // CMAKE_STATIC_WINDOWS_BUILD - if (EXISTS --!!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_DLL_DIR}$${CMAKE_LIB_FILE_LOCATION_DEBUG}\" --!!ELSE - \"$${CMAKE_LIB_FILE_LOCATION_DEBUG}\" --!!ENDIF - AND EXISTS --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ELSE - \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) --!!ENDIF - _populate_$${CMAKE_MODULE_NAME}_target_properties(DEBUG \"$${CMAKE_LIB_FILE_LOCATION_DEBUG}\" \"$${CMAKE_IMPLIB_FILE_LOCATION_DEBUG}\" ) - !!ENDIF // CMAKE_STATIC_WINDOWS_BUILD - endif() -@@ -291,25 +235,13 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - !!IF !isEmpty(CMAKE_FIND_OTHER_LIBRARY_BUILD) - !!IF isEmpty(CMAKE_RELEASE_TYPE) - !!IF !isEmpty(CMAKE_STATIC_WINDOWS_BUILD) --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- if (EXISTS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ELSE // CMAKE_LIB_DIR_IS_ABSOLUTE - if (EXISTS \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ENDIF // CMAKE_LIB_DIR_IS_ABSOLUTE - _populate_$${CMAKE_MODULE_NAME}_target_properties(RELEASE \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" \"\" ) - !!ELSE // CMAKE_STATIC_WINDOWS_BUILD - if (EXISTS --!!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_DLL_DIR}$${CMAKE_LIB_FILE_LOCATION_RELEASE}\" --!!ELSE - \"$${CMAKE_LIB_FILE_LOCATION_RELEASE}\" --!!ENDIF - AND EXISTS --!!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ELSE - \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) --!!ENDIF - _populate_$${CMAKE_MODULE_NAME}_target_properties(RELEASE \"$${CMAKE_LIB_FILE_LOCATION_RELEASE}\" \"$${CMAKE_IMPLIB_FILE_LOCATION_RELEASE}\" ) - !!ENDIF // CMAKE_STATIC_WINDOWS_BUILD - endif() -@@ -328,11 +260,7 @@ if (NOT TARGET Qt5::$${CMAKE_MODULE_NAME}) - macro(_populate_$${CMAKE_MODULE_NAME}_plugin_properties Plugin Configuration PLUGIN_LOCATION) - set_property(TARGET Qt5::${Plugin} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - --!!IF isEmpty(CMAKE_PLUGIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") --!!ELSE - set(imported_location \"$${CMAKE_PLUGIN_DIR}${PLUGIN_LOCATION}\") --!!ENDIF - _qt5_$${CMAKE_MODULE_NAME}_check_file_exists(${imported_location}) - set_target_properties(Qt5::${Plugin} PROPERTIES - \"IMPORTED_LOCATION_${Configuration}\" ${imported_location} -diff --git a/mkspecs/features/qml_module.prf b/mkspecs/features/qml_module.prf -index 47ebe78400..25aa2b93e7 100644 ---- a/mkspecs/features/qml_module.prf -+++ b/mkspecs/features/qml_module.prf -@@ -17,10 +17,7 @@ fq_qml_files = $$_PRO_FILE_PWD_/qmldir - - for(qmlf, QML_FILES): fq_qml_files += $$absolute_path($$qmlf, $$_PRO_FILE_PWD_) - --qml1_target: \ -- instbase = $$[QT_INSTALL_IMPORTS] --else: \ -- instbase = $$[QT_INSTALL_QML] -+instbase = $$NIX_OUTPUT_QML - - # Install rules - qmldir.base = $$_PRO_FILE_PWD_ -diff --git a/mkspecs/features/qml_plugin.prf b/mkspecs/features/qml_plugin.prf -index ebec1db8da..62ace84a6c 100644 ---- a/mkspecs/features/qml_plugin.prf -+++ b/mkspecs/features/qml_plugin.prf -@@ -46,13 +46,8 @@ exists($$QMLTYPEFILE): QML_FILES += $$QMLTYPEFILE - - load(qt_build_paths) - --qml1_target { -- DESTDIR = $$MODULE_BASE_OUTDIR/imports/$$TARGETPATH -- instbase = $$[QT_INSTALL_IMPORTS] --} else { -- DESTDIR = $$MODULE_BASE_OUTDIR/qml/$$TARGETPATH -- instbase = $$[QT_INSTALL_QML] --} -+DESTDIR = $$MODULE_BASE_OUTDIR/qml/$$TARGETPATH -+instbase = $$NIX_OUTPUT_QML - - target.path = $$instbase/$$TARGETPATH - INSTALLS += target -diff --git a/mkspecs/features/qt_app.prf b/mkspecs/features/qt_app.prf -index 46aca50cc2..4f4e634724 100644 ---- a/mkspecs/features/qt_app.prf -+++ b/mkspecs/features/qt_app.prf -@@ -29,7 +29,7 @@ host_build:force_bootstrap { - target.path = $$[QT_HOST_BINS] - } else { - !build_pass:contains(QT_CONFIG, debug_and_release): CONFIG += release -- target.path = $$[QT_INSTALL_BINS] -+ target.path = $$NIX_OUTPUT_BIN/bin - CONFIG += relative_qt_rpath # Qt's tools and apps should be relocatable - } - INSTALLS += target -diff --git a/mkspecs/features/qt_build_paths.prf b/mkspecs/features/qt_build_paths.prf -index 1848f00e90..2af93675c5 100644 ---- a/mkspecs/features/qt_build_paths.prf -+++ b/mkspecs/features/qt_build_paths.prf -@@ -23,6 +23,6 @@ exists($$MODULE_BASE_INDIR/.git): \ - !force_independent { - # If the module is not built independently, everything ends up in qtbase. - # This is the case in non-prefix builds, except for selected modules. -- MODULE_BASE_OUTDIR = $$[QT_HOST_PREFIX] -- MODULE_QMAKE_OUTDIR = $$[QT_HOST_PREFIX] -+ MODULE_BASE_OUTDIR = $$NIX_OUTPUT_OUT -+ MODULE_QMAKE_OUTDIR = $$NIX_OUTPUT_OUT - } -diff --git a/mkspecs/features/qt_common.prf b/mkspecs/features/qt_common.prf -index 08b3f3e5af..5ffeafd9d8 100644 ---- a/mkspecs/features/qt_common.prf -+++ b/mkspecs/features/qt_common.prf -@@ -30,8 +30,8 @@ contains(TEMPLATE, .*lib) { - qqt_libdir = \$\$\$\$[QT_HOST_LIBS] - qt_libdir = $$[QT_HOST_LIBS] - } else { -- qqt_libdir = \$\$\$\$[QT_INSTALL_LIBS] -- qt_libdir = $$[QT_INSTALL_LIBS] -+ qqt_libdir = \$\$\$\$NIX_OUTPUT_OUT/lib -+ qt_libdir = $$NIX_OUTPUT_OUT/lib - } - contains(QMAKE_DEFAULT_LIBDIRS, $$qt_libdir) { - lib_replace.match = "[^ ']*$$rplbase/lib" -diff --git a/mkspecs/features/qt_docs.prf b/mkspecs/features/qt_docs.prf -index 183d0c9502..17982b04ec 100644 ---- a/mkspecs/features/qt_docs.prf -+++ b/mkspecs/features/qt_docs.prf -@@ -41,7 +41,7 @@ QMAKE_DOCS_OUTPUTDIR = $$QMAKE_DOCS_BASE_OUTDIR/$$QMAKE_DOCS_TARGETDIR - - QDOC += -outputdir $$shell_quote($$QMAKE_DOCS_OUTPUTDIR) - !build_online_docs: \ -- QDOC += -installdir $$shell_quote($$[QT_INSTALL_DOCS]) -+ QDOC += -installdir $$shell_quote($$NIX_OUTPUT_DOC) - PREP_DOC_INDEXES = - DOC_INDEXES = - !isEmpty(QTREPOS) { -@@ -60,8 +60,8 @@ DOC_INDEXES = - DOC_INDEXES += -indexdir $$shell_quote($$qrep/doc) - } else { - prepare_docs: \ -- PREP_DOC_INDEXES += -indexdir $$shell_quote($$[QT_INSTALL_DOCS/get]) -- DOC_INDEXES += -indexdir $$shell_quote($$[QT_INSTALL_DOCS/get]) -+ PREP_DOC_INDEXES += -indexdir $$shell_quote($$NIX_OUTPUT_DOC) -+ DOC_INDEXES += -indexdir $$shell_quote($$NIX_OUTPUT_DOC) - } - doc_command = $$QDOC $$QMAKE_DOCS - prepare_docs { -@@ -75,12 +75,12 @@ prepare_docs { - qch_docs.commands = $$QHELPGENERATOR $$shell_quote($$QMAKE_DOCS_OUTPUTDIR/$${QMAKE_DOCS_TARGET}.qhp) -o $$shell_quote($$QMAKE_DOCS_BASE_OUTDIR/$${QMAKE_DOCS_TARGET}.qch) - - inst_html_docs.files = $$QMAKE_DOCS_OUTPUTDIR -- inst_html_docs.path = $$[QT_INSTALL_DOCS] -+ inst_html_docs.path = $$NIX_OUTPUT_DOC - inst_html_docs.CONFIG += no_check_exist directory no_default_install no_build - INSTALLS += inst_html_docs - - inst_qch_docs.files = $$QMAKE_DOCS_BASE_OUTDIR/$${QMAKE_DOCS_TARGET}.qch -- inst_qch_docs.path = $$[QT_INSTALL_DOCS] -+ inst_qch_docs.path = $$NIX_OUTPUT_DOC - inst_qch_docs.CONFIG += no_check_exist no_default_install no_build - INSTALLS += inst_qch_docs - -diff --git a/mkspecs/features/qt_example_installs.prf b/mkspecs/features/qt_example_installs.prf -index 4c68cfd72f..f422f18266 100644 ---- a/mkspecs/features/qt_example_installs.prf -+++ b/mkspecs/features/qt_example_installs.prf -@@ -70,7 +70,7 @@ probase = $$relative_path($$_PRO_FILE_PWD_, $$dirname(_QMAKE_CONF_)/examples) - $$SOURCES $$HEADERS $$FORMS $$RESOURCES $$TRANSLATIONS \ - $$DBUS_ADAPTORS $$DBUS_INTERFACES - addInstallFiles(sources.files, $$sourcefiles) -- sources.path = $$[QT_INSTALL_EXAMPLES]/$$probase -+ sources.path = $$NIX_OUTPUT_DEV/share/examples/$$probase - INSTALLS += sources - - check_examples { -diff --git a/mkspecs/features/qt_functions.prf b/mkspecs/features/qt_functions.prf -index 4a1d265a8b..d346424b5b 100644 ---- a/mkspecs/features/qt_functions.prf -+++ b/mkspecs/features/qt_functions.prf -@@ -70,7 +70,7 @@ defineTest(qtHaveModule) { - defineTest(qtPrepareTool) { - cmd = $$eval(QT_TOOL.$${2}.binary) - isEmpty(cmd) { -- cmd = $$[QT_HOST_BINS]/$$2 -+ cmd = $$system("command -v $$2") - exists($${cmd}.pl) { - cmd = perl -w $$system_path($${cmd}.pl) - } else: contains(QMAKE_HOST.os, Windows) { -diff --git a/mkspecs/features/qt_installs.prf b/mkspecs/features/qt_installs.prf -index 3a5dbb6274..24f321bd82 100644 ---- a/mkspecs/features/qt_installs.prf -+++ b/mkspecs/features/qt_installs.prf -@@ -12,16 +12,10 @@ - #library - !qt_no_install_library { - win32 { -- host_build: \ -- dlltarget.path = $$[QT_HOST_BINS] -- else: \ -- dlltarget.path = $$[QT_INSTALL_BINS] -+ dlltarget.path = $$NIX_OUTPUT_BIN/bin - INSTALLS += dlltarget - } -- host_build: \ -- target.path = $$[QT_HOST_LIBS] -- else: \ -- target.path = $$[QT_INSTALL_LIBS] -+ target.path = $$NIX_OUTPUT_OUT/lib - !static: target.CONFIG = no_dll - INSTALLS += target - } -@@ -29,33 +23,33 @@ - #headers - qt_install_headers { - class_headers.files = $$SYNCQT.HEADER_CLASSES -- class_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME -+ class_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME - INSTALLS += class_headers - - targ_headers.files = $$SYNCQT.HEADER_FILES -- targ_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME -+ targ_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME - INSTALLS += targ_headers - - private_headers.files = $$SYNCQT.PRIVATE_HEADER_FILES -- private_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/private -+ private_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/private - INSTALLS += private_headers - - qpa_headers.files = $$SYNCQT.QPA_HEADER_FILES -- qpa_headers.path = $$[QT_INSTALL_HEADERS]/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/qpa -+ qpa_headers.path = $$NIX_OUTPUT_DEV/include/$$MODULE_INCNAME/$$VERSION/$$MODULE_INCNAME/qpa - INSTALLS += qpa_headers - } - - #module - qt_install_module { - !isEmpty(MODULE_PRI) { -- pritarget.path = $$[QT_HOST_DATA]/mkspecs/modules -+ pritarget.path = $$NIX_OUTPUT_DEV/mkspecs/modules - pritarget.files = $$MODULE_PRI - INSTALLS += pritarget - } else: isEmpty(MODULE_PRIVATE_PRI) { - warning("Project $$basename(_PRO_FILE_) is a module, but has not defined MODULE_PRI, which is required for Qt to expose the module to other projects.") - } - !isEmpty(MODULE_PRIVATE_PRI) { -- privpritarget.path = $$[QT_HOST_DATA]/mkspecs/modules -+ privpritarget.path = $$NIX_OUTPUT_DEV/mkspecs/modules - privpritarget.files = $$MODULE_PRIVATE_PRI - INSTALLS += privpritarget - } -diff --git a/mkspecs/features/qt_plugin.prf b/mkspecs/features/qt_plugin.prf -index 3cf6c7349c..83e68025a5 100644 ---- a/mkspecs/features/qt_plugin.prf -+++ b/mkspecs/features/qt_plugin.prf -@@ -82,7 +82,7 @@ CONFIG(static, static|shared)|prefix_build { - } - } - --target.path = $$[QT_INSTALL_PLUGINS]/$$PLUGIN_TYPE -+target.path = $$NIX_OUTPUT_PLUGIN/$$PLUGIN_TYPE - INSTALLS += target - - TARGET = $$qt5LibraryTarget($$TARGET) -diff --git a/src/corelib/Qt5CoreConfigExtras.cmake.in b/src/corelib/Qt5CoreConfigExtras.cmake.in -index 91a4eb619a..08b533e69c 100644 ---- a/src/corelib/Qt5CoreConfigExtras.cmake.in -+++ b/src/corelib/Qt5CoreConfigExtras.cmake.in -@@ -3,7 +3,7 @@ if (NOT TARGET Qt5::qmake) - add_executable(Qt5::qmake IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_BIN_DIR}qmake$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}qmake$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}qmake$$CMAKE_BIN_SUFFIX\") - !!ENDIF -@@ -18,7 +18,7 @@ if (NOT TARGET Qt5::moc) - add_executable(Qt5::moc IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_BIN_DIR}moc$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}moc$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}moc$$CMAKE_BIN_SUFFIX\") - !!ENDIF -@@ -35,7 +35,7 @@ if (NOT TARGET Qt5::rcc) - add_executable(Qt5::rcc IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_BIN_DIR}rcc$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}rcc$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}rcc$$CMAKE_BIN_SUFFIX\") - !!ENDIF -@@ -131,7 +131,7 @@ if (NOT TARGET Qt5::WinMain) - !!IF !isEmpty(CMAKE_RELEASE_TYPE) - set_property(TARGET Qt5::WinMain APPEND PROPERTY IMPORTED_CONFIGURATIONS RELEASE) - !!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_RELEASE}\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_RELEASE}\") - !!ELSE - set(imported_location \"$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_RELEASE}\") - !!ENDIF -@@ -145,7 +145,7 @@ if (NOT TARGET Qt5::WinMain) - set_property(TARGET Qt5::WinMain APPEND PROPERTY IMPORTED_CONFIGURATIONS DEBUG) - - !!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Core_install_prefix}/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_DEBUG}\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_DEBUG}\") - !!ELSE - set(imported_location \"$${CMAKE_LIB_DIR}$${CMAKE_WINMAIN_FILE_LOCATION_DEBUG}\") - !!ENDIF -diff --git a/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in b/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in -index c357237d0e..6f0c75de3c 100644 ---- a/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in -+++ b/src/corelib/Qt5CoreConfigExtrasMkspecDir.cmake.in -@@ -1,6 +1,6 @@ - - !!IF isEmpty(CMAKE_HOST_DATA_DIR_IS_ABSOLUTE) --set(_qt5_corelib_extra_includes \"${_qt5Core_install_prefix}/$${CMAKE_HOST_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") -+set(_qt5_corelib_extra_includes \"$$NIX_OUTPUT_DEV/$${CMAKE_HOST_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") - !!ELSE - set(_qt5_corelib_extra_includes \"$${CMAKE_HOST_DATA_DIR}mkspecs/$${CMAKE_MKSPEC}\") - !!ENDIF -diff --git a/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in b/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in -index 706304cf34..546420f6ad 100644 ---- a/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in -+++ b/src/corelib/Qt5CoreConfigExtrasMkspecDirForInstall.cmake.in -@@ -1,6 +1,6 @@ - - !!IF isEmpty(CMAKE_INSTALL_DATA_DIR_IS_ABSOLUTE) --set(_qt5_corelib_extra_includes \"${_qt5Core_install_prefix}/$${CMAKE_INSTALL_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") -+set(_qt5_corelib_extra_includes \"$$NIX_OUTPUT_DEV/$${CMAKE_INSTALL_DATA_DIR}/mkspecs/$${CMAKE_MKSPEC}\") - !!ELSE - set(_qt5_corelib_extra_includes \"$${CMAKE_INSTALL_DATA_DIR}mkspecs/$${CMAKE_MKSPEC}\") - !!ENDIF -diff --git a/src/corelib/kernel/qcoreapplication.cpp b/src/corelib/kernel/qcoreapplication.cpp -index bd3c12ce97..a796775970 100644 ---- a/src/corelib/kernel/qcoreapplication.cpp -+++ b/src/corelib/kernel/qcoreapplication.cpp -@@ -2533,6 +2533,15 @@ QStringList QCoreApplication::libraryPaths() - QStringList *app_libpaths = new QStringList; - coreappdata()->app_libpaths.reset(app_libpaths); - -+ // Add library paths derived from PATH -+ const QStringList paths = QFile::decodeName(qgetenv("PATH")).split(':'); -+ const QString plugindir = QStringLiteral("../" NIXPKGS_QT_PLUGIN_PREFIX); -+ for (const QString &path: paths) { -+ if (!path.isEmpty()) { -+ app_libpaths->append(QDir::cleanPath(path + QDir::separator() + plugindir)); -+ } -+ } -+ - const QByteArray libPathEnv = qgetenv("QT_PLUGIN_PATH"); - if (!libPathEnv.isEmpty()) { - QStringList paths = QFile::decodeName(libPathEnv).split(QDir::listSeparator(), QString::SkipEmptyParts); -diff --git a/src/corelib/tools/qtimezoneprivate_tz.cpp b/src/corelib/tools/qtimezoneprivate_tz.cpp -index c13c9a5223..6936851511 100644 ---- a/src/corelib/tools/qtimezoneprivate_tz.cpp -+++ b/src/corelib/tools/qtimezoneprivate_tz.cpp -@@ -64,7 +64,11 @@ typedef QHash<QByteArray, QTzTimeZone> QTzTimeZoneHash; - // Parse zone.tab table, assume lists all installed zones, if not will need to read directories - static QTzTimeZoneHash loadTzTimeZones() - { -- QString path = QStringLiteral("/usr/share/zoneinfo/zone.tab"); -+ // Try TZDIR first, in case we're running on NixOS. -+ QString path = QFile::decodeName(qgetenv("TZDIR")) + QStringLiteral("/zone.tab"); -+ // Fallback to traditional paths in case we are not on NixOS. -+ if (!QFile::exists(path)) -+ path = QStringLiteral("/usr/share/zoneinfo/zone.tab"); - if (!QFile::exists(path)) - path = QStringLiteral("/usr/lib/zoneinfo/zone.tab"); - -@@ -636,12 +640,16 @@ void QTzTimeZonePrivate::init(const QByteArray &ianaId) - if (!tzif.open(QIODevice::ReadOnly)) - return; - } else { -- // Open named tz, try modern path first, if fails try legacy path -- tzif.setFileName(QLatin1String("/usr/share/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -+ // Try TZDIR first, in case we're running on NixOS -+ tzif.setFileName(QFile::decodeName(qgetenv("TZDIR")) + QStringLiteral("/") + QString::fromLocal8Bit(ianaId)); - if (!tzif.open(QIODevice::ReadOnly)) { -- tzif.setFileName(QLatin1String("/usr/lib/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -- if (!tzif.open(QIODevice::ReadOnly)) -- return; -+ // Open named tz, try modern path first, if fails try legacy path -+ tzif.setFileName(QLatin1String("/usr/share/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -+ if (!tzif.open(QIODevice::ReadOnly)) { -+ tzif.setFileName(QLatin1String("/usr/lib/zoneinfo/") + QString::fromLocal8Bit(ianaId)); -+ if (!tzif.open(QIODevice::ReadOnly)) -+ return; -+ } - } - } - -diff --git a/src/dbus/Qt5DBusConfigExtras.cmake.in b/src/dbus/Qt5DBusConfigExtras.cmake.in -index 1d947159e2..b36865fc48 100644 ---- a/src/dbus/Qt5DBusConfigExtras.cmake.in -+++ b/src/dbus/Qt5DBusConfigExtras.cmake.in -@@ -2,11 +2,7 @@ - if (NOT TARGET Qt5::qdbuscpp2xml) - add_executable(Qt5::qdbuscpp2xml IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5DBus_install_prefix}/$${CMAKE_BIN_DIR}qdbuscpp2xml$$CMAKE_BIN_SUFFIX\") --!!ELSE -- set(imported_location \"$${CMAKE_BIN_DIR}qdbuscpp2xml$$CMAKE_BIN_SUFFIX\") --!!ENDIF -+ set(imported_location \"$$NIX_OUTPUT_DEV/bin/qdbuscpp2xml$$CMAKE_BIN_SUFFIX\") - _qt5_DBus_check_file_exists(${imported_location}) - - set_target_properties(Qt5::qdbuscpp2xml PROPERTIES -@@ -17,11 +13,7 @@ endif() - if (NOT TARGET Qt5::qdbusxml2cpp) - add_executable(Qt5::qdbusxml2cpp IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5DBus_install_prefix}/$${CMAKE_BIN_DIR}qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") --!!ELSE -- set(imported_location \"$${CMAKE_BIN_DIR}qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") --!!ENDIF -+ set(imported_location \"$$NIX_OUTPUT_DEV/bin/qdbusxml2cpp$$CMAKE_BIN_SUFFIX\") - _qt5_DBus_check_file_exists(${imported_location}) - - set_target_properties(Qt5::qdbusxml2cpp PROPERTIES -diff --git a/src/gui/Qt5GuiConfigExtras.cmake.in b/src/gui/Qt5GuiConfigExtras.cmake.in -index 07869efd7d..fb4183bada 100644 ---- a/src/gui/Qt5GuiConfigExtras.cmake.in -+++ b/src/gui/Qt5GuiConfigExtras.cmake.in -@@ -2,7 +2,7 @@ - !!IF !isEmpty(CMAKE_ANGLE_EGL_DLL_RELEASE) - - !!IF isEmpty(CMAKE_INCLUDE_DIR_IS_ABSOLUTE) --set(Qt5Gui_EGL_INCLUDE_DIRS \"${_qt5$${CMAKE_MODULE_NAME}_install_prefix}/$$CMAKE_INCLUDE_DIR/QtANGLE\") -+set(Qt5Gui_EGL_INCLUDE_DIRS \"$$NIX_OUTPUT_DEV/$$CMAKE_INCLUDE_DIR/QtANGLE\") - !!ELSE - set(Qt5Gui_EGL_INCLUDE_DIRS \"$$CMAKE_INCLUDE_DIR/QtANGLE\") - !!ENDIF -@@ -17,13 +17,13 @@ macro(_populate_qt5gui_gl_target_properties TargetName Configuration LIB_LOCATIO - set_property(TARGET Qt5::${TargetName} APPEND PROPERTY IMPORTED_CONFIGURATIONS ${Configuration}) - - !!IF isEmpty(CMAKE_DLL_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Gui_install_prefix}/$${CMAKE_DLL_DIR}${LIB_LOCATION}\") -+ set(imported_location \"$$NIX_OUTPUT_OUT/$${CMAKE_DLL_DIR}${LIB_LOCATION}\") - !!ELSE - set(imported_location \"$${CMAKE_DLL_DIR}${LIB_LOCATION}\") - !!ENDIF - - !!IF isEmpty(CMAKE_LIB_DIR_IS_ABSOLUTE) -- set(imported_implib \"${_qt5Gui_install_prefix}/$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") -+ set(imported_implib \"$$NIX_OUTPUT_OUT/$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") - !!ELSE - set(imported_implib \"$${CMAKE_LIB_DIR}${IMPLIB_LOCATION}\") - !!ENDIF -diff --git a/src/network/kernel/qdnslookup_unix.cpp b/src/network/kernel/qdnslookup_unix.cpp -index 584f0b0f0e..24d80063f2 100644 ---- a/src/network/kernel/qdnslookup_unix.cpp -+++ b/src/network/kernel/qdnslookup_unix.cpp -@@ -83,7 +83,7 @@ static bool resolveLibraryInternal() - if (!lib.load()) - #endif - { -- lib.setFileName(QLatin1String("resolv")); -+ lib.setFileName(QLatin1String(NIXPKGS_LIBRESOLV)); - if (!lib.load()) - return false; - } -diff --git a/src/network/kernel/qhostinfo_unix.cpp b/src/network/kernel/qhostinfo_unix.cpp -index dabf1913cc..53bb867e07 100644 ---- a/src/network/kernel/qhostinfo_unix.cpp -+++ b/src/network/kernel/qhostinfo_unix.cpp -@@ -94,7 +94,7 @@ static bool resolveLibraryInternal() - if (!lib.load()) - #endif - { -- lib.setFileName(QLatin1String("resolv")); -+ lib.setFileName(QLatin1String(NIXPKGS_LIBRESOLV)); - if (!lib.load()) - return false; - } -diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp -index 68caaeb6dc..fef4a81474 100644 ---- a/src/network/ssl/qsslcontext_openssl.cpp -+++ b/src/network/ssl/qsslcontext_openssl.cpp -@@ -340,7 +340,7 @@ init_context: - - const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); - if (!qcurves.isEmpty()) { --#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - // Set the curves to be used - if (q_SSLeay() >= 0x10002000L) { - // SSL_CTX_ctrl wants a non-const pointer as last argument, -@@ -354,7 +354,7 @@ init_context: - return sslContext; - } - } else --#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - { - // specific curves requested, but not possible to set -> error - sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); -diff --git a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp -index 338c7ca3be..dd52114bac 100644 ---- a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp -+++ b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp -@@ -251,12 +251,9 @@ void TableGenerator::initPossibleLocations() - // the QTCOMPOSE environment variable - if (qEnvironmentVariableIsSet("QTCOMPOSE")) - m_possibleLocations.append(QString::fromLocal8Bit(qgetenv("QTCOMPOSE"))); -- m_possibleLocations.append(QStringLiteral("/usr/share/X11/locale")); -- m_possibleLocations.append(QStringLiteral("/usr/local/share/X11/locale")); -- m_possibleLocations.append(QStringLiteral("/usr/lib/X11/locale")); -- m_possibleLocations.append(QStringLiteral("/usr/local/lib/X11/locale")); - m_possibleLocations.append(QStringLiteral(X11_PREFIX "/share/X11/locale")); - m_possibleLocations.append(QStringLiteral(X11_PREFIX "/lib/X11/locale")); -+ m_possibleLocations.append(QLatin1String(NIXPKGS_QTCOMPOSE)); - } - - QString TableGenerator::findComposeFile() -diff --git a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -index c2b7a562a9..4fa5f6d6a5 100644 ---- a/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -+++ b/src/plugins/platforms/xcb/gl_integrations/xcb_glx/qglxintegration.cpp -@@ -570,7 +570,14 @@ void (*QGLXContext::getProcAddress(const QByteArray &procName)) () - #ifndef QT_NO_LIBRARY - extern const QString qt_gl_library_name(); - // QLibrary lib(qt_gl_library_name()); -+ // Check system library paths first - QLibrary lib(QLatin1String("GL")); -+#ifdef NIXPKGS_MESA_GL -+ if (!lib.load()) { -+ // Fallback to Mesa driver -+ lib.setFileName(QLatin1String(NIXPKGS_MESA_GL)); -+ } -+#endif // NIXPKGS_MESA_GL - glXGetProcAddressARB = (qt_glXGetProcAddressARB) lib.resolve("glXGetProcAddressARB"); - #endif - } -diff --git a/src/plugins/platforms/xcb/qxcbcursor.cpp b/src/plugins/platforms/xcb/qxcbcursor.cpp -index 4646ced954..ff3111f393 100644 ---- a/src/plugins/platforms/xcb/qxcbcursor.cpp -+++ b/src/plugins/platforms/xcb/qxcbcursor.cpp -@@ -303,10 +303,10 @@ QXcbCursor::QXcbCursor(QXcbConnection *conn, QXcbScreen *screen) - #if defined(XCB_USE_XLIB) && !defined(QT_NO_LIBRARY) - static bool function_ptrs_not_initialized = true; - if (function_ptrs_not_initialized) { -- QLibrary xcursorLib(QLatin1String("Xcursor"), 1); -+ QLibrary xcursorLib(QLatin1String(NIXPKGS_LIBXCURSOR), 1); - bool xcursorFound = xcursorLib.load(); - if (!xcursorFound) { // try without the version number -- xcursorLib.setFileName(QLatin1String("Xcursor")); -+ xcursorLib.setFileName(QLatin1String(NIXPKGS_LIBXCURSOR)); - xcursorFound = xcursorLib.load(); - } - if (xcursorFound) { -diff --git a/src/testlib/qtestassert.h b/src/testlib/qtestassert.h -index ca3e02ca06..28dd73d772 100644 ---- a/src/testlib/qtestassert.h -+++ b/src/testlib/qtestassert.h -@@ -38,10 +38,13 @@ - - QT_BEGIN_NAMESPACE - -- --#define QTEST_ASSERT(cond) do { if (!(cond)) qt_assert(#cond,__FILE__,__LINE__); } while (0) -- --#define QTEST_ASSERT_X(cond, where, what) do { if (!(cond)) qt_assert_x(where, what,__FILE__,__LINE__); } while (0) -+#if defined(QT_NO_DEBUG) && !defined(QT_FORCE_ASSERTS) -+#define QTEST_ASSERT(cond) do { } while ((false) && (cond)) -+#define QTEST_ASSERT_X(cond, where, what) do { } while ((false) && (cond)) -+#else -+#define QTEST_ASSERT(cond) do { if (!(cond)) qt_assert(#cond,__FILE__,__LINE__); } while (false) -+#define QTEST_ASSERT_X(cond, where, what) do { if (!(cond)) qt_assert_x(where, what,__FILE__,__LINE__); } while (false) -+#endif - - QT_END_NAMESPACE - -diff --git a/src/widgets/Qt5WidgetsConfigExtras.cmake.in b/src/widgets/Qt5WidgetsConfigExtras.cmake.in -index 99d87e2e46..a4eab2aa72 100644 ---- a/src/widgets/Qt5WidgetsConfigExtras.cmake.in -+++ b/src/widgets/Qt5WidgetsConfigExtras.cmake.in -@@ -3,7 +3,7 @@ if (NOT TARGET Qt5::uic) - add_executable(Qt5::uic IMPORTED) - - !!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Widgets_install_prefix}/$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") -+ set(imported_location \"$$NIX_OUTPUT_DEV/$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") - !!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}uic$$CMAKE_BIN_SUFFIX\") - !!ENDIF diff --git a/pkgs/development/libraries/qt-5/5.6/qtdeclarative.patch b/pkgs/development/libraries/qt-5/5.6/qtdeclarative.patch deleted file mode 100644 index dbddaa2a1d6..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qtdeclarative.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/src/qml/qml/qqmlimport.cpp b/src/qml/qml/qqmlimport.cpp -index dfdf2edbe..7ee96049d 100644 ---- a/src/qml/qml/qqmlimport.cpp -+++ b/src/qml/qml/qqmlimport.cpp -@@ -1568,6 +1568,15 @@ QQmlImportDatabase::QQmlImportDatabase(QQmlEngine *e) - QString installImportsPath = QLibraryInfo::location(QLibraryInfo::Qml2ImportsPath); - addImportPath(installImportsPath); - -+ // Add import paths derived from PATH -+ const QStringList paths = QFile::decodeName(qgetenv("PATH")).split(':'); -+ const QString qmldir = QStringLiteral("../" NIXPKGS_QML2_IMPORT_PREFIX); -+ for (const QString &path: paths) { -+ if (!path.isEmpty()) { -+ addImportPath(QDir::cleanPath(path + QDir::separator() + qmldir)); -+ } -+ } -+ - // env import paths - if (Q_UNLIKELY(!qEnvironmentVariableIsEmpty("QML2_IMPORT_PATH"))) { - const QByteArray envImportPath = qgetenv("QML2_IMPORT_PATH"); diff --git a/pkgs/development/libraries/qt-5/5.6/qtscript.patch b/pkgs/development/libraries/qt-5/5.6/qtscript.patch deleted file mode 100644 index 5508dec1280..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qtscript.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h -index 1f6d25e..087c3fb 100644 ---- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h -+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Threading.h -@@ -81,7 +81,7 @@ - #include <pthread.h> - #elif PLATFORM(GTK) - #include <wtf/gtk/GOwnPtr.h> --typedef struct _GMutex GMutex; -+typedef union _GMutex GMutex; - typedef struct _GCond GCond; - #endif - diff --git a/pkgs/development/libraries/qt-5/5.6/qtserialport.patch b/pkgs/development/libraries/qt-5/5.6/qtserialport.patch deleted file mode 100644 index b2cffbe4f39..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qtserialport.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/src/serialport/qtudev_p.h b/src/serialport/qtudev_p.h -index 6f2cabd..cd3c0ed 100644 ---- a/src/serialport/qtudev_p.h -+++ b/src/serialport/qtudev_p.h -@@ -105,9 +105,17 @@ inline QFunctionPointer resolveSymbol(QLibrary *udevLibrary, const char *symbolN - inline bool resolveSymbols(QLibrary *udevLibrary) - { - if (!udevLibrary->isLoaded()) { -+#ifdef NIXPKGS_LIBUDEV -+ udevLibrary->setFileNameAndVersion(QLatin1String(NIXPKGS_LIBUDEV), 1); -+#else - udevLibrary->setFileNameAndVersion(QStringLiteral("udev"), 1); -+#endif - if (!udevLibrary->load()) { -+#ifdef NIXPKGS_LIBUDEV -+ udevLibrary->setFileNameAndVersion(QLatin1String(NIXPKGS_LIBUDEV), 0); -+#else - udevLibrary->setFileNameAndVersion(QStringLiteral("udev"), 0); -+#endif - if (!udevLibrary->load()) { - qWarning("Failed to load the library: %s, supported version(s): %i and %i", qPrintable(udevLibrary->fileName()), 1, 0); - return false; diff --git a/pkgs/development/libraries/qt-5/5.6/qttools.patch b/pkgs/development/libraries/qt-5/5.6/qttools.patch deleted file mode 100644 index dcb15e0e55a..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qttools.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff --git a/src/assistant/help/Qt5HelpConfigExtras.cmake.in b/src/assistant/help/Qt5HelpConfigExtras.cmake.in -index 5a5bd5ce..1c6727d4 100644 ---- a/src/assistant/help/Qt5HelpConfigExtras.cmake.in -+++ b/src/assistant/help/Qt5HelpConfigExtras.cmake.in -@@ -2,14 +2,13 @@ - if (NOT TARGET Qt5::qcollectiongenerator) - add_executable(Qt5::qcollectiongenerator IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5Help_install_prefix}/$${CMAKE_BIN_DIR}qcollectiongenerator$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}qcollectiongenerator$$CMAKE_BIN_SUFFIX\") --!!ENDIF -+ if(NOT EXISTS \"${imported_location}\") -+ set(imported_location \"$${CMAKE_BIN_DIR}qcollectiongenerator$$CMAKE_BIN_SUFFIX\") -+ endif() - _qt5_Help_check_file_exists(${imported_location}) - - set_target_properties(Qt5::qcollectiongenerator PROPERTIES - IMPORTED_LOCATION ${imported_location} - ) --endif() -+endif() -\ No newline at end of file -diff --git a/src/linguist/Qt5LinguistToolsConfig.cmake.in b/src/linguist/Qt5LinguistToolsConfig.cmake.in -index 4318b16f..d60db4ff 100644 ---- a/src/linguist/Qt5LinguistToolsConfig.cmake.in -+++ b/src/linguist/Qt5LinguistToolsConfig.cmake.in -@@ -44,11 +44,7 @@ endmacro() - if (NOT TARGET Qt5::lrelease) - add_executable(Qt5::lrelease IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5_linguisttools_install_prefix}/$${CMAKE_BIN_DIR}lrelease$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}lrelease$$CMAKE_BIN_SUFFIX\") --!!ENDIF - _qt5_LinguistTools_check_file_exists(${imported_location}) - - set_target_properties(Qt5::lrelease PROPERTIES -@@ -59,11 +55,7 @@ endif() - if (NOT TARGET Qt5::lupdate) - add_executable(Qt5::lupdate IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5_linguisttools_install_prefix}/$${CMAKE_BIN_DIR}lupdate$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}lupdate$$CMAKE_BIN_SUFFIX\") --!!ENDIF - _qt5_LinguistTools_check_file_exists(${imported_location}) - - set_target_properties(Qt5::lupdate PROPERTIES -@@ -74,11 +66,7 @@ endif() - if (NOT TARGET Qt5::lconvert) - add_executable(Qt5::lconvert IMPORTED) - --!!IF isEmpty(CMAKE_BIN_DIR_IS_ABSOLUTE) -- set(imported_location \"${_qt5_linguisttools_install_prefix}/$${CMAKE_BIN_DIR}lconvert$$CMAKE_BIN_SUFFIX\") --!!ELSE - set(imported_location \"$${CMAKE_BIN_DIR}lconvert$$CMAKE_BIN_SUFFIX\") --!!ENDIF - _qt5_LinguistTools_check_file_exists(${imported_location}) - - set_target_properties(Qt5::lconvert PROPERTIES diff --git a/pkgs/development/libraries/qt-5/5.6/qtwebengine-seccomp.patch b/pkgs/development/libraries/qt-5/5.6/qtwebengine-seccomp.patch deleted file mode 100644 index bf6af805982..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qtwebengine-seccomp.patch +++ /dev/null @@ -1,24 +0,0 @@ -Backported to Qt 5.6 for epoll_pwait fix on newer glibc -Part of upstream Chromium's 4e8083b4ab953ba298aedfc4e79d464be15e4012 -Review URL: https://codereview.chromium.org/1613883002 ---- -diff --git a/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -index 10278dc5fc9b..b30b3e6acef6 100644 ---- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -@@ -414,6 +414,7 @@ bool SyscallSets::IsAllowedEpoll(int sysno) { - case __NR_epoll_create: - case __NR_epoll_wait: - #endif -+ case __NR_epoll_pwait: - case __NR_epoll_create1: - case __NR_epoll_ctl: - return true; -@@ -421,7 +422,6 @@ bool SyscallSets::IsAllowedEpoll(int sysno) { - #if defined(__x86_64__) - case __NR_epoll_ctl_old: - #endif -- case __NR_epoll_pwait: - #if defined(__x86_64__) - case __NR_epoll_wait_old: - #endif diff --git a/pkgs/development/libraries/qt-5/5.6/qtwebkit.patch b/pkgs/development/libraries/qt-5/5.6/qtwebkit.patch deleted file mode 100644 index da1658554e4..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/qtwebkit.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff --git a/Source/JavaScriptCore/API/JSStringRef.cpp b/Source/JavaScriptCore/API/JSStringRef.cpp -index 812f3d413..77a3fd0f4 100644 ---- a/Source/JavaScriptCore/API/JSStringRef.cpp -+++ b/Source/JavaScriptCore/API/JSStringRef.cpp -@@ -37,7 +37,7 @@ using namespace WTF::Unicode; - JSStringRef JSStringCreateWithCharacters(const JSChar* chars, size_t numChars) - { - initializeThreading(); -- return OpaqueJSString::create(chars, numChars).leakRef(); -+ return OpaqueJSString::create(reinterpret_cast<const UChar*>(chars), numChars).leakRef(); - } - - JSStringRef JSStringCreateWithUTF8CString(const char* string) -@@ -62,7 +62,7 @@ JSStringRef JSStringCreateWithUTF8CString(const char* string) - JSStringRef JSStringCreateWithCharactersNoCopy(const JSChar* chars, size_t numChars) - { - initializeThreading(); -- return OpaqueJSString::create(StringImpl::createWithoutCopying(chars, numChars, WTF::DoesNotHaveTerminatingNullCharacter)).leakRef(); -+ return OpaqueJSString::create(StringImpl::createWithoutCopying(reinterpret_cast<const UChar*>(chars), numChars, WTF::DoesNotHaveTerminatingNullCharacter)).leakRef(); - } - - JSStringRef JSStringRetain(JSStringRef string) -@@ -83,7 +83,7 @@ size_t JSStringGetLength(JSStringRef string) - - const JSChar* JSStringGetCharactersPtr(JSStringRef string) - { -- return string->characters(); -+ return reinterpret_cast<const JSChar*>(string->characters()); - } - - size_t JSStringGetMaximumUTF8CStringSize(JSStringRef string) -diff --git a/Source/JavaScriptCore/runtime/DateConversion.cpp b/Source/JavaScriptCore/runtime/DateConversion.cpp -index 0b57f012d..05e27338b 100644 ---- a/Source/JavaScriptCore/runtime/DateConversion.cpp -+++ b/Source/JavaScriptCore/runtime/DateConversion.cpp -@@ -107,7 +107,8 @@ String formatDateTime(const GregorianDateTime& t, DateTimeFormat format, bool as - #if OS(WINDOWS) - TIME_ZONE_INFORMATION timeZoneInformation; - GetTimeZoneInformation(&timeZoneInformation); -- const WCHAR* timeZoneName = t.isDST() ? timeZoneInformation.DaylightName : timeZoneInformation.StandardName; -+ const WCHAR* winTimeZoneName = t.isDST() ? timeZoneInformation.DaylightName : timeZoneInformation.StandardName; -+ String timeZoneName(reinterpret_cast<const UChar*>(winTimeZoneName)); - #else - struct tm gtm = t; - char timeZoneName[70]; -diff --git a/Source/WTF/WTF.pri b/Source/WTF/WTF.pri -index 1f4866d66..bb61e4ba3 100644 ---- a/Source/WTF/WTF.pri -+++ b/Source/WTF/WTF.pri -@@ -12,7 +12,7 @@ mac { - # Mac OS does ship libicu but not the associated header files. - # Therefore WebKit provides adequate header files. - INCLUDEPATH = $${ROOT_WEBKIT_DIR}/Source/WTF/icu $$INCLUDEPATH -- LIBS += -licucore -+ LIBS += /usr/lib/libicucore.dylib - } else:!use?(wchar_unicode): { - win32 { - CONFIG(static, static|shared) { -diff --git a/Source/WTF/wtf/TypeTraits.h b/Source/WTF/wtf/TypeTraits.h -index 9df2c95cf..f5d6121fd 100644 ---- a/Source/WTF/wtf/TypeTraits.h -+++ b/Source/WTF/wtf/TypeTraits.h -@@ -72,6 +72,9 @@ namespace WTF { - template<> struct IsInteger<unsigned long> { static const bool value = true; }; - template<> struct IsInteger<long long> { static const bool value = true; }; - template<> struct IsInteger<unsigned long long> { static const bool value = true; }; -+#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__) || (defined(_HAS_CHAR16_T_LANGUAGE_SUPPORT) && _HAS_CHAR16_T_LANGUAGE_SUPPORT) -+ template<> struct IsInteger<char16_t> { static const bool value = true; }; -+#endif - #if !COMPILER(MSVC) || defined(_NATIVE_WCHAR_T_DEFINED) - template<> struct IsInteger<wchar_t> { static const bool value = true; }; - #endif -diff --git a/Source/WebCore/plugins/qt/PluginPackageQt.cpp b/Source/WebCore/plugins/qt/PluginPackageQt.cpp -index a923d49aa..46772a4bb 100644 ---- a/Source/WebCore/plugins/qt/PluginPackageQt.cpp -+++ b/Source/WebCore/plugins/qt/PluginPackageQt.cpp -@@ -136,7 +136,11 @@ static void initializeGtk(QLibrary* module = 0) - } - } - -+#ifdef NIXPKGS_LIBGTK2 -+ QLibrary library(QLatin1String(NIXPKGS_LIBGTK2), 0); -+#else - QLibrary library(QLatin1String("libgtk-x11-2.0"), 0); -+#endif - if (library.load()) { - typedef void *(*gtk_init_check_ptr)(int*, char***); - gtk_init_check_ptr gtkInitCheck = (gtk_init_check_ptr)library.resolve("gtk_init_check"); -diff --git a/Source/WebCore/plugins/qt/PluginViewQt.cpp b/Source/WebCore/plugins/qt/PluginViewQt.cpp -index de06a2fea..86fe39ef1 100644 ---- a/Source/WebCore/plugins/qt/PluginViewQt.cpp -+++ b/Source/WebCore/plugins/qt/PluginViewQt.cpp -@@ -697,7 +697,11 @@ static Display *getPluginDisplay() - // support gdk based plugins (like flash) that use a different X connection. - // The code below has the same effect as this one: - // Display *gdkDisplay = gdk_x11_display_get_xdisplay(gdk_display_get_default()); -+#ifdef NIXPKGS_LIBGDK2 -+ QLibrary library(QLatin1String(NIXPKGS_LIBGDK2), 0); -+#else - QLibrary library(QLatin1String("libgdk-x11-2.0"), 0); -+#endif - if (!library.load()) - return 0; - -diff --git a/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp b/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp -index 8de65216b..38f5c05e5 100644 ---- a/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp -+++ b/Source/WebKit2/PluginProcess/qt/PluginProcessMainQt.cpp -@@ -53,7 +53,11 @@ static void messageHandler(QtMsgType type, const QMessageLogContext&, const QStr - - static bool initializeGtk() - { -+#ifdef NIXPKGS_LIBGTK2 -+ QLibrary gtkLibrary(QLatin1String(NIXPKGS_LIBGTK2), 0); -+#else - QLibrary gtkLibrary(QLatin1String("libgtk-x11-2.0"), 0); -+#endif - if (!gtkLibrary.load()) - return false; - typedef void* (*gtk_init_ptr)(void*, void*); -diff --git a/Source/WebKit2/Shared/API/c/WKString.cpp b/Source/WebKit2/Shared/API/c/WKString.cpp -index cbac67dd8..23400a64e 100644 ---- a/Source/WebKit2/Shared/API/c/WKString.cpp -+++ b/Source/WebKit2/Shared/API/c/WKString.cpp -@@ -55,7 +55,7 @@ size_t WKStringGetLength(WKStringRef stringRef) - size_t WKStringGetCharacters(WKStringRef stringRef, WKChar* buffer, size_t bufferLength) - { - COMPILE_ASSERT(sizeof(WKChar) == sizeof(UChar), WKStringGetCharacters_sizeof_WKChar_matches_UChar); -- return (toImpl(stringRef)->getCharacters(static_cast<UChar*>(buffer), bufferLength)); -+ return (toImpl(stringRef)->getCharacters(reinterpret_cast<UChar*>(buffer), bufferLength)); - } - - size_t WKStringGetMaximumUTF8CStringSize(WKStringRef stringRef) -diff --git a/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp b/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp -index d734ff684..0f6ff63d1 100644 ---- a/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp -+++ b/Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp -@@ -64,7 +64,11 @@ static Display* getPluginDisplay() - // The code below has the same effect as this one: - // Display *gdkDisplay = gdk_x11_display_get_xdisplay(gdk_display_get_default()); - -+#ifdef NIXPKGS_LIBGDK2 -+ QLibrary library(QLatin1String(NIXPKGS_LIBGDK2), 0); -+#else - QLibrary library(QLatin1String("libgdk-x11-2.0"), 0); -+#endif - if (!library.load()) - return 0; - diff --git a/pkgs/development/libraries/qt-5/5.6/srcs.nix b/pkgs/development/libraries/qt-5/5.6/srcs.nix deleted file mode 100644 index 87d35a43d86..00000000000 --- a/pkgs/development/libraries/qt-5/5.6/srcs.nix +++ /dev/null @@ -1,309 +0,0 @@ -# DO NOT EDIT! This file is generated automatically by fetch-kde-qt.sh -{ fetchurl, mirror }: - -{ - qt3d = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qt3d-opensource-src-5.6.3.tar.xz"; - sha256 = "1zkzc3wh2i89nacb55mbgl09zhrjbrxg9ir626bsvz15x4q5ml0h"; - name = "qt3d-opensource-src-5.6.3.tar.xz"; - }; - }; - qtactiveqt = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtactiveqt-opensource-src-5.6.3.tar.xz"; - sha256 = "00qscqjpkv5ssrjdwwcjp9q1rqgp8lsdjjksjpyyg4v6knd74s0i"; - name = "qtactiveqt-opensource-src-5.6.3.tar.xz"; - }; - }; - qtandroidextras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtandroidextras-opensource-src-5.6.3.tar.xz"; - sha256 = "1v19p1pqcdicylj3hd2lbm5swqddydlv9aqmws3qwsc2vwh15d4n"; - name = "qtandroidextras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtbase = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtbase-opensource-src-5.6.3.tar.xz"; - sha256 = "18ad7cxln61276cm8h8hzm0y6svw6b5m5nbm1niif9pwlqlqbx7y"; - name = "qtbase-opensource-src-5.6.3.tar.xz"; - }; - }; - qtcanvas3d = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtcanvas3d-opensource-src-5.6.3.tar.xz"; - sha256 = "1zsn3xbsqapivfg80cldjlh7z07nf88958a7g6dm7figkwahx7p9"; - name = "qtcanvas3d-opensource-src-5.6.3.tar.xz"; - }; - }; - qtcharts = { - version = "2.1.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtcharts-opensource-src-2.1.3.tar.xz"; - sha256 = "0bvxmqx7094mq1svrv1i1jp6vl87r2mp7k9n3gqpixjmqaqsjdpn"; - name = "qtcharts-opensource-src-2.1.3.tar.xz"; - }; - }; - qtconnectivity = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtconnectivity-opensource-src-5.6.3.tar.xz"; - sha256 = "1pnc0zmps5iw5yhn2w0wl8cnyxhcy88d3rnaiv62ljpsccynwh7s"; - name = "qtconnectivity-opensource-src-5.6.3.tar.xz"; - }; - }; - qtdatavis3d = { - version = "1.2.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdatavis3d-opensource-src-1.2.3.tar.xz"; - sha256 = "0rqhr6s3fic91r6r1g2ws57j6ixvkh4zhcwh7savs1risx374vya"; - name = "qtdatavis3d-opensource-src-1.2.3.tar.xz"; - }; - }; - qtdeclarative = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdeclarative-opensource-src-5.6.3.tar.xz"; - sha256 = "1z4ih5jbydnk5dz0arhvwc54fjw7fynqx3rhm6f8lsyis19w0gzn"; - name = "qtdeclarative-opensource-src-5.6.3.tar.xz"; - }; - }; - qtdeclarative-render2d = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdeclarative-render2d-opensource-src-5.6.3.tar.xz"; - sha256 = "0r2qn8l3wh73cj75rq34zmc6rgl7v11c31pjdcsybad76nw5wb2p"; - name = "qtdeclarative-render2d-opensource-src-5.6.3.tar.xz"; - }; - }; - qtdoc = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtdoc-opensource-src-5.6.3.tar.xz"; - sha256 = "11zhlry8hlql1q3pm4mf7qyky9i2irxqdrr9nr5m93wjyfsjbh7f"; - name = "qtdoc-opensource-src-5.6.3.tar.xz"; - }; - }; - qtenginio = { - version = "1.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtenginio-opensource-src-1.6.3.tar.xz"; - sha256 = "04ir5pa8wpkc7cq08s0b69a0vhkr7479ixn3m2vww4jm6l5hc1yr"; - name = "qtenginio-opensource-src-1.6.3.tar.xz"; - }; - }; - qtgraphicaleffects = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtgraphicaleffects-opensource-src-5.6.3.tar.xz"; - sha256 = "1vcrm4jfmxjlw23dnwf45mzq2z5s4fz6j2znknr25ca5bqnmjhn7"; - name = "qtgraphicaleffects-opensource-src-5.6.3.tar.xz"; - }; - }; - qtimageformats = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtimageformats-opensource-src-5.6.3.tar.xz"; - sha256 = "1hs8b258xsbc4xb4844mas9ka54f5cfhhszblawwjxn9j0ydmr7g"; - name = "qtimageformats-opensource-src-5.6.3.tar.xz"; - }; - }; - qtlocation = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtlocation-opensource-src-5.6.3.tar.xz"; - sha256 = "0rhlmyi5kkhl1bimaj1fmp36v7x5r79j3flgx9dv27rkric1ra5p"; - name = "qtlocation-opensource-src-5.6.3.tar.xz"; - }; - }; - qtmacextras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtmacextras-opensource-src-5.6.3.tar.xz"; - sha256 = "10v2a058yv6k76gg9dgpy4fc0xd652dknzsw5432gm8d9391382i"; - name = "qtmacextras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtmultimedia = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtmultimedia-opensource-src-5.6.3.tar.xz"; - sha256 = "0ihvbv0ldravbrx6406ps0z8y6521iz6h58n5ws44xq3m2g06dmf"; - name = "qtmultimedia-opensource-src-5.6.3.tar.xz"; - }; - }; - qtpurchasing = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtpurchasing-opensource-src-5.6.3.tar.xz"; - sha256 = "0lf269jzd6y4x5bxjwgz9dpw7hxmc6sp39qpxwlswd505cf0wgd7"; - name = "qtpurchasing-opensource-src-5.6.3.tar.xz"; - }; - }; - qtquickcontrols = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtquickcontrols-opensource-src-5.6.3.tar.xz"; - sha256 = "13nvn0d2i4lf4igc1xqf7m98n4j66az1bi02zzv5m18vyb40zfri"; - name = "qtquickcontrols-opensource-src-5.6.3.tar.xz"; - }; - }; - qtquickcontrols2 = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtquickcontrols2-opensource-src-5.6.3.tar.xz"; - sha256 = "1jw1zykrx8aa9p781hc74h9za7lnnm4ifpdyqa4ahbdy193phl7c"; - name = "qtquickcontrols2-opensource-src-5.6.3.tar.xz"; - }; - }; - qtscript = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtscript-opensource-src-5.6.3.tar.xz"; - sha256 = "12dkf2s1l9y9cwdyayg2mpnwvx14kq93pymp3iy3fw1s1vfj11zh"; - name = "qtscript-opensource-src-5.6.3.tar.xz"; - }; - }; - qtsensors = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtsensors-opensource-src-5.6.3.tar.xz"; - sha256 = "0ws96fmk5zz9szrw9x1dwa6gnv9rpv1q0h9ax9z5m1kiapfd80km"; - name = "qtsensors-opensource-src-5.6.3.tar.xz"; - }; - }; - qtserialbus = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtserialbus-opensource-src-5.6.3.tar.xz"; - sha256 = "17lskz4r549hc02riv0a3jdjbyaq4y4a94xd3jhy454lhzirpj3i"; - name = "qtserialbus-opensource-src-5.6.3.tar.xz"; - }; - }; - qtserialport = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtserialport-opensource-src-5.6.3.tar.xz"; - sha256 = "06mfkd88rcn4p8pfzsyqbfg956vwwcql0khchjgx3bh34zp1yb88"; - name = "qtserialport-opensource-src-5.6.3.tar.xz"; - }; - }; - qtsvg = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtsvg-opensource-src-5.6.3.tar.xz"; - sha256 = "1v6wz8fcgsh4lfv68bhavms0l1z3mcn8vggakc3m8rdl2wsih3qh"; - name = "qtsvg-opensource-src-5.6.3.tar.xz"; - }; - }; - qttools = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qttools-opensource-src-5.6.3.tar.xz"; - sha256 = "09krlrgcglylsv7xx4r681v7zmyy6nr8j18482skrmsqh21vlqqs"; - name = "qttools-opensource-src-5.6.3.tar.xz"; - }; - }; - qttranslations = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qttranslations-opensource-src-5.6.3.tar.xz"; - sha256 = "1avcfymi9bxk02i1rqh89c6hnvf4bg9qry94z29g1r62c80lxvbd"; - name = "qttranslations-opensource-src-5.6.3.tar.xz"; - }; - }; - qtvirtualkeyboard = { - version = "2.0"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtvirtualkeyboard-opensource-src-2.0.tar.xz"; - sha256 = "1v0saqz76h9gnb13b8mri4jq93i7f1gr7hj81zj3vz433s2klm0x"; - name = "qtvirtualkeyboard-opensource-src-2.0.tar.xz"; - }; - }; - qtwayland = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwayland-opensource-src-5.6.3.tar.xz"; - sha256 = "18ys14fzjybx02aj85vyqzsp89ypv2c6vfpklxzslwyvn9w54iss"; - name = "qtwayland-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebchannel = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebchannel-opensource-src-5.6.3.tar.xz"; - sha256 = "04q7wmdnv4pskah2s5nnrzbsb207fvkj333m69wkqrc64anb1ccf"; - name = "qtwebchannel-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebengine = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebengine-opensource-src-5.6.3.tar.xz"; - sha256 = "19xpvnjwrjpj6wx7sy1cs1r1ibnh5hqfk9w9rnqf5h7n77xnk780"; - name = "qtwebengine-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebkit = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/community_releases/5.6/5.6.3/qtwebkit-opensource-src-5.6.3.tar.xz"; - sha256 = "15iqgaw3jznfq1mdg1mmr7pn8w3qhw964h5m36vg3ywqayr6p309"; - name = "qtwebkit-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebkit-examples = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/community_releases/5.6/5.6.3/qtwebkit-examples-opensource-src-5.6.3.tar.xz"; - sha256 = "17hnls8j4wz0kyzzq7m3105lqz71zsxr0hya7i23pl4qc8affv1d"; - name = "qtwebkit-examples-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebsockets = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebsockets-opensource-src-5.6.3.tar.xz"; - sha256 = "1sr8q0wqw4xwcdl6nvnv04pcjxb0fbs4ywrkcghdz2bcc52r0hx2"; - name = "qtwebsockets-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwebview = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwebview-opensource-src-5.6.3.tar.xz"; - sha256 = "076q9g2ca41v8lyhn7354rs8w2ca0wp2hsxc76zprzghi5p4b2kn"; - name = "qtwebview-opensource-src-5.6.3.tar.xz"; - }; - }; - qtwinextras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtwinextras-opensource-src-5.6.3.tar.xz"; - sha256 = "0nmhvd1g18w12q6i8s87aq7rwikcn1m8m9m0a02l3p22xvimkxzf"; - name = "qtwinextras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtx11extras = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtx11extras-opensource-src-5.6.3.tar.xz"; - sha256 = "0zv70z5z48wlg0q2zd7nbp7i0wimdcalns6yg0mjp7v2w2b8wyhy"; - name = "qtx11extras-opensource-src-5.6.3.tar.xz"; - }; - }; - qtxmlpatterns = { - version = "5.6.3"; - src = fetchurl { - url = "${mirror}/official_releases/qt/5.6/5.6.3/submodules/qtxmlpatterns-opensource-src-5.6.3.tar.xz"; - sha256 = "1xjimf88j2s5jrqgr9ki82zmis8r979rrzq4k6dxw43k1ngzyqd4"; - name = "qtxmlpatterns-opensource-src-5.6.3.tar.xz"; - }; - }; -} diff --git a/pkgs/development/libraries/qt-5/5.9/default.nix b/pkgs/development/libraries/qt-5/5.9/default.nix index 52c763263b5..b27c5d3eb58 100644 --- a/pkgs/development/libraries/qt-5/5.9/default.nix +++ b/pkgs/development/libraries/qt-5/5.9/default.nix @@ -36,7 +36,11 @@ let srcs = import ./srcs.nix { inherit fetchurl; inherit mirror; }; patches = { - qtbase = [ ./qtbase.patch ./qtbase-fixguicmake.patch ]; + qtbase = [ + ./qtbase.patch + ./qtbase-fixguicmake.patch + ./qtbase-openssl_1_1.patch + ]; qtdeclarative = [ ./qtdeclarative.patch ]; qtscript = [ ./qtscript.patch ]; qtserialport = [ ./qtserialport.patch ]; diff --git a/pkgs/development/libraries/qt-5/5.9/qtbase-openssl_1_1.patch b/pkgs/development/libraries/qt-5/5.9/qtbase-openssl_1_1.patch new file mode 100644 index 00000000000..d5f4d7527cb --- /dev/null +++ b/pkgs/development/libraries/qt-5/5.9/qtbase-openssl_1_1.patch @@ -0,0 +1,3985 @@ +commit 2d88fc0ce4ac76924a65ffd797183de9422ba672 +Author: Andreas Rammhold <andreas@rammhold.de> +Date: Wed Mar 6 00:18:51 2019 +0100 + + openssl1.1 compat + +diff --git a/config.tests/openssl/openssl.cpp b/config.tests/openssl/openssl.cpp +index 6c8a9e8f19..d33b62389c 100644 +--- a/config.tests/openssl/openssl.cpp ++++ b/config.tests/openssl/openssl.cpp +@@ -39,8 +39,8 @@ + + #include <openssl/opensslv.h> + +-#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x0090700fL || OPENSSL_VERSION_NUMBER-0 >= 0x10100000L +-# error "OpenSSL >= 0.9.7, and < 1.1.0 is required" ++#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x0090700fL ++# error "OpenSSL >= 0.9.7 is required" + #endif + + #include <openssl/ssl.h> +diff --git a/config.tests/openssl11/openssl.cpp b/config.tests/openssl11/openssl.cpp +new file mode 100644 +index 0000000000..c20cc59deb +--- /dev/null ++++ b/config.tests/openssl11/openssl.cpp +@@ -0,0 +1,48 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the config.tests of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++#include <openssl/opensslv.h> ++ ++#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L ++# error "OpenSSL >= 1.1 is required" ++#endif ++ ++int main() ++{ ++} +diff --git a/config.tests/openssl11/openssl11.pro b/config.tests/openssl11/openssl11.pro +new file mode 100644 +index 0000000000..a023aee4aa +--- /dev/null ++++ b/config.tests/openssl11/openssl11.pro +@@ -0,0 +1,2 @@ ++SOURCES = openssl.cpp ++CONFIG -= x11 qt +diff --git a/src/network/configure.json b/src/network/configure.json +index 2cf90ed94b..a021c0734b 100644 +--- a/src/network/configure.json ++++ b/src/network/configure.json +@@ -77,6 +77,17 @@ + }, + { "libs": "-lssl -lcrypto", "condition": "!config.win32" } + ] ++ }, ++ "openssl11": { ++ "label": "OpenSSL v. 1.1 support", ++ "type": "compile", ++ "test": "openssl11", ++ "sources": [ ++ { ++ "comment": "placeholder for OPENSSL_PATH", ++ "libs": "" ++ } ++ ] + } + }, + +@@ -182,7 +193,7 @@ + "enable": "input.openssl == 'yes' || input.openssl == 'linked' || input.openssl == 'runtime'", + "disable": "input.openssl == 'no' || input.ssl == 'no'", + "autoDetect": "!config.winrt", +- "condition": "!features.securetransport && (features.openssl-linked || libs.openssl_headers)", ++ "condition": "!features.securetransport && (features.openssl-linked || libs.openssl_headers || feature.opensslv11)", + "output": [ + "privateFeature", + { "type": "publicQtConfig", "condition": "!features.openssl-linked" }, +@@ -193,7 +204,7 @@ + "label": " Qt directly linked to OpenSSL", + "enable": "input.openssl == 'linked'", + "disable": "input.openssl != 'linked'", +- "condition": "!features.securetransport && libs.openssl", ++ "condition": "!features.securetransport && (libs.openssl || feature.opensslv11)", + "output": [ + "privateFeature", + { "type": "define", "name": "QT_LINKED_OPENSSL" } +@@ -213,6 +224,11 @@ + "condition": "config.winrt || features.securetransport || features.openssl", + "output": [ "publicFeature", "feature" ] + }, ++ "opensslv11": { ++ "label": "OpenSSL v. 1.1", ++ "condition": "libs.openssl11", ++ "output": ["publicFeature", "feature"] ++ }, + "sctp": { + "label": "SCTP", + "autoDetect": false, +diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp +index 28b7eda54a..71e514a025 100644 +--- a/src/network/ssl/qsslcertificate_openssl.cpp ++++ b/src/network/ssl/qsslcertificate_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -64,12 +65,14 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const + uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW + { + if (X509 * const x509 = key.d->x509) { +- (void)q_X509_cmp(x509, x509); // populate x509->sha1_hash +- // (if someone knows a better way...) +- return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed); +- } else { +- return seed; ++ const EVP_MD *sha1 = q_EVP_sha1(); ++ unsigned int len = 0; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ q_X509_digest(x509, sha1, md, &len); ++ return qHashBits(md, len, seed); + } ++ ++ return seed; + } + + bool QSslCertificate::isNull() const +@@ -89,8 +92,7 @@ QByteArray QSslCertificate::version() const + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->versionString.isEmpty() && d->x509) +- d->versionString = +- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); ++ d->versionString = QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); + + return d->versionString; + } +@@ -99,7 +101,7 @@ QByteArray QSslCertificate::serialNumber() const + { + QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); + if (d->serialNumberString.isEmpty() && d->x509) { +- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; ++ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); + QByteArray hexString; + hexString.reserve(serialNumber->length * 3); + for (int a = 0; a < serialNumber->length; ++a) { +@@ -199,14 +201,15 @@ QMultiMap<QSsl::AlternativeNameEntryType, QString> QSslCertificate::subjectAlter + continue; + } + +- const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5)); ++ const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(genName->d.ia5)); + const QString altName = QString::fromLatin1(altNameStr, len); + if (genName->type == GEN_DNS) + result.insert(QSsl::DnsEntry, altName); + else if (genName->type == GEN_EMAIL) + result.insert(QSsl::EmailEntry, altName); + } +- q_sk_pop_free((STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_sk_free)); ++ ++ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_OPENSSL_sk_free)); + } + + return result; +@@ -235,25 +238,26 @@ QSslKey QSslCertificate::publicKey() const + QSslKey key; + + key.d->type = QSsl::PublicKey; +- X509_PUBKEY *xkey = d->x509->cert_info->key; +- EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); ++ ++ EVP_PKEY *pkey = q_X509_get_pubkey(d->x509); + Q_ASSERT(pkey); ++ const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); + +- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { ++ if (keyType == EVP_PKEY_RSA) { + key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); + key.d->algorithm = QSsl::Rsa; + key.d->isNull = false; +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { ++ } else if (keyType == EVP_PKEY_DSA) { + key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); + key.d->algorithm = QSsl::Dsa; + key.d->isNull = false; + #ifndef OPENSSL_NO_EC +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { ++ } else if (keyType == EVP_PKEY_EC) { + key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey); + key.d->algorithm = QSsl::Ec; + key.d->isNull = false; + #endif +- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { ++ } else if (keyType == EVP_PKEY_DH) { + // DH unsupported + } else { + // error? +@@ -275,7 +279,7 @@ static QVariant x509UnknownExtensionToValue(X509_EXTENSION *ext) + X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext)); + if (!meth) { + ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext); +- QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_data(value)), ++ QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(value)), + q_ASN1_STRING_length(value)); + return result; + } +@@ -371,7 +375,7 @@ static QVariant x509ExtensionToValue(X509_EXTENSION *ext) + continue; + } + +- const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(name->d.uniformResourceIdentifier)); ++ const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(name->d.uniformResourceIdentifier)); + const QString uri = QString::fromUtf8(uriStr, len); + + result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri; +@@ -380,11 +384,7 @@ static QVariant x509ExtensionToValue(X509_EXTENSION *ext) + } + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_pop_free((_STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free)); +-#else +- q_sk_pop_free((STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free)); +-#endif ++ q_OPENSSL_sk_pop_free((OPENSSL_STACK*)info, reinterpret_cast<void(*)(void *)>(q_OPENSSL_sk_free)); + return result; + } + break; +@@ -607,7 +607,11 @@ static QMap<QByteArray, QString> _q_mapFromX509Name(X509_NAME *name) + unsigned char *data = 0; + int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); + info.insertMulti(name, QString::fromUtf8((char*)data, size)); ++#if QT_CONFIG(opensslv11) ++ q_CRYPTO_free(data, 0, 0); ++#else + q_CRYPTO_free(data); ++#endif + } + + return info; +@@ -619,8 +623,9 @@ QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509) + if (!x509 || !QSslSocket::supportsSsl()) + return certificate; + +- ASN1_TIME *nbef = q_X509_get_notBefore(x509); +- ASN1_TIME *naft = q_X509_get_notAfter(x509); ++ ASN1_TIME *nbef = q_X509_getm_notBefore(x509); ++ ASN1_TIME *naft = q_X509_getm_notAfter(x509); ++ + certificate.d->notValidBefore = q_getTimeFromASN1(nbef); + certificate.d->notValidAfter = q_getTimeFromASN1(naft); + certificate.d->null = false; +diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp +index c92d8fc3f8..cef503710c 100644 +--- a/src/network/ssl/qsslcontext_openssl.cpp ++++ b/src/network/ssl/qsslcontext_openssl.cpp +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. + ** Copyright (C) 2014 Governikus GmbH & Co. KG. + ** Contact: https://www.qt.io/licensing/ +@@ -41,22 +41,14 @@ + + + #include <QtNetwork/qsslsocket.h> +-#include <QtNetwork/qssldiffiehellmanparameters.h> +-#include <QtCore/qmutex.h> + + #include "private/qssl_p.h" + #include "private/qsslcontext_openssl_p.h" +-#include "private/qsslsocket_p.h" + #include "private/qsslsocket_openssl_p.h" + #include "private/qsslsocket_openssl_symbols_p.h" +-#include "private/qssldiffiehellmanparameters_p.h" + + QT_BEGIN_NAMESPACE + +-// defined in qsslsocket_openssl.cpp: +-extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); +-extern QString getErrorsFromOpenSsl(); +- + QSslContext::QSslContext() + : ctx(0), + pkey(0), +@@ -78,301 +70,6 @@ QSslContext::~QSslContext() + q_SSL_SESSION_free(session); + } + +-static inline QString msgErrorSettingEllipticCurves(const QString &why) +-{ +- return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); +-} +- +-// static +-void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) +-{ +- sslContext->sslConfiguration = configuration; +- sslContext->errorCode = QSslError::NoError; +- +- bool client = (mode == QSslSocket::SslClientMode); +- +- bool reinitialized = false; +- bool unsupportedProtocol = false; +-init_context: +- switch (sslContext->sslConfiguration.protocol()) { +- case QSsl::SslV2: +-#ifndef OPENSSL_NO_SSL2 +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); +-#else +- // SSL 2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::SslV3: +-#ifndef OPENSSL_NO_SSL3_METHOD +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); +-#else +- // SSL 3 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::SecureProtocols: +- // SSLv2 and SSLv3 will be disabled by SSL options +- // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. +- case QSsl::TlsV1SslV3: +- // SSLv2 will will be disabled by SSL options +- case QSsl::AnyProtocol: +- default: +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +- break; +- case QSsl::TlsV1_0: +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); +- break; +- case QSsl::TlsV1_1: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); +-#else +- // TLS 1.1 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::TlsV1_2: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); +-#else +- // TLS 1.2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- case QSsl::TlsV1_0OrLater: +- // Specific protocols will be specified via SSL options. +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +- break; +- case QSsl::TlsV1_1OrLater: +- case QSsl::TlsV1_2OrLater: +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- // Specific protocols will be specified via SSL options. +- sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); +-#else +- // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error +- sslContext->ctx = 0; +- unsupportedProtocol = true; +-#endif +- break; +- } +- +- if (!sslContext->ctx) { +- // After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them +- // by re-initializing the library. +- if (!reinitialized) { +- reinitialized = true; +- if (q_SSL_library_init() == 1) +- goto init_context; +- } +- +- sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( +- unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() +- ); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // Enable bug workarounds. +- long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); +- q_SSL_CTX_set_options(sslContext->ctx, options); +- +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- // Tell OpenSSL to release memory early +- // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html +- if (q_SSLeay() >= 0x10000000L) +- q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); +-#endif +- +- // Initialize ciphers +- QByteArray cipherString; +- bool first = true; +- QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); +- if (ciphers.isEmpty()) +- ciphers = QSslSocketPrivate::defaultCiphers(); +- for (const QSslCipher &cipher : qAsConst(ciphers)) { +- if (first) +- first = false; +- else +- cipherString.append(':'); +- cipherString.append(cipher.name().toLatin1()); +- } +- +- if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { +- sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- const QDateTime now = QDateTime::currentDateTimeUtc(); +- +- // Add all our CAs to this store. +- const auto caCertificates = sslContext->sslConfiguration.caCertificates(); +- for (const QSslCertificate &caCertificate : caCertificates) { +- // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: +- // +- // If several CA certificates matching the name, key identifier, and +- // serial number condition are available, only the first one will be +- // examined. This may lead to unexpected results if the same CA +- // certificate is available with different expiration dates. If a +- // ``certificate expired'' verification error occurs, no other +- // certificate will be searched. Make sure to not have expired +- // certificates mixed with valid ones. +- // +- // See also: QSslSocketBackendPrivate::verify() +- if (caCertificate.expiryDate() >= now) { +- q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); +- } +- } +- +- if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { +- // tell OpenSSL the directories where to look up the root certs on demand +- const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); +- for (const QByteArray &unixDir : unixDirs) +- q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); +- } +- +- if (!sslContext->sslConfiguration.localCertificate().isNull()) { +- // Require a private key as well. +- if (sslContext->sslConfiguration.privateKey().isNull()) { +- sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // Load certificate +- if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { +- sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { +- sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); +- } else { +- // Load private key +- sslContext->pkey = q_EVP_PKEY_new(); +- // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. +- // this lead to a memory leak. Now we use the *_set1_* functions which do not +- // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. +- if (configuration.d->privateKey.algorithm() == QSsl::Rsa) +- q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); +- else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) +- q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); +-#ifndef OPENSSL_NO_EC +- else if (configuration.d->privateKey.algorithm() == QSsl::Ec) +- q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); +-#endif +- } +- +- if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { +- sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- if (configuration.d->privateKey.algorithm() == QSsl::Opaque) +- sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey +- +- // Check if the certificate matches the private key. +- if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { +- sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- // If we have any intermediate certificates then we need to add them to our chain +- bool first = true; +- for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { +- if (first) { +- first = false; +- continue; +- } +- q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, +- q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); +- } +- } +- +- // Initialize peer verification. +- if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { +- q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); +- } else { +- q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); +- } +- +- // Set verification depth. +- if (sslContext->sslConfiguration.peerVerifyDepth() != 0) +- q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); +- +- // set persisted session if the user set it +- if (!configuration.sessionTicket().isEmpty()) +- sslContext->setSessionASN1(configuration.sessionTicket()); +- +- // Set temp DH params +- QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); +- +- if (!dhparams.isValid()) { +- sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); +- sslContext->errorCode = QSslError::UnspecifiedError; +- return; +- } +- +- if (!dhparams.isEmpty()) { +- const QByteArray ¶ms = dhparams.d->derData; +- const char *ptr = params.constData(); +- DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); +- if (dh == NULL) +- qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); +- q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); +- q_DH_free(dh); +- } +- +-#ifndef OPENSSL_NO_EC +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { +- q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); +- } else +-#endif +- { +- // Set temp ECDH params +- EC_KEY *ecdh = 0; +- ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); +- q_EC_KEY_free(ecdh); +- } +-#endif // OPENSSL_NO_EC +- +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +- if (!client) +- q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); +-#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +- +- const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); +- if (!qcurves.isEmpty()) { +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) +- // Set the curves to be used +- if (q_SSLeay() >= 0x10002000L) { +- // SSL_CTX_ctrl wants a non-const pointer as last argument, +- // but let's avoid a copy into a temporary array +- if (!q_SSL_CTX_ctrl(sslContext->ctx, +- SSL_CTRL_SET_CURVES, +- qcurves.size(), +- const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { +- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); +- sslContext->errorCode = QSslError::UnspecifiedError; +- } +- } else +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) +- { +- // specific curves requested, but not possible to set -> error +- sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); +- sslContext->errorCode = QSslError::UnspecifiedError; +- } +- } +-} +- + QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) + { + QSslContext *sslContext = new QSslContext(); +@@ -463,7 +160,7 @@ SSL* QSslContext::createSsl() + m_npnContext.len = m_supportedNPNVersions.count(); + m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { + // Callback's type has a parameter 'const unsigned char ** out' + // since it was introduced in 1.0.2. Internally, OpenSSL's own code + // (tests/examples) cast it to unsigned char * (since it's 'out'). +@@ -508,7 +205,7 @@ bool QSslContext::cacheSession(SSL* ssl) + unsigned char *data = reinterpret_cast<unsigned char *>(m_sessionASN1.data()); + if (!q_i2d_SSL_SESSION(session, &data)) + qCWarning(lcSsl, "could not store persistent version of SSL session"); +- m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint; ++ m_sessionTicketLifeTimeHint = q_SSL_SESSION_get_ticket_lifetime_hint(session); + } + } + +diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp +new file mode 100644 +index 0000000000..787b6ae3f5 +--- /dev/null ++++ b/src/network/ssl/qsslcontext_openssl11.cpp +@@ -0,0 +1,277 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include <QtNetwork/qsslsocket.h> ++#include <QtNetwork/qssldiffiehellmanparameters.h> ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++#include <vector> ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ if (sslContext->sslConfiguration.protocol() == QSsl::SslV2) { ++ // SSL 2 is no longer supported, but chosen deliberately -> error ++ sslContext->ctx = nullptr; ++ unsupportedProtocol = true; ++ } else { ++ // The ssl options will actually control the supported methods ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method()); ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_OPENSSL_init_ssl(0, nullptr) == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, nullptr, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = nullptr; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_PSK ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // !OPENSSL_NO_PSK ++ ++ const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#ifdef OPENSSL_NO_EC ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version with disabled elliptic curves")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++#else ++ // Set the curves to be used. ++ std::vector<int> curves; ++ curves.reserve(qcurves.size()); ++ for (const auto &sslCurve : qcurves) ++ curves.push_back(sslCurve.id); ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_CURVES, long(curves.size()), &curves[0])) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++#endif ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qsslcontext_opensslpre11.cpp b/src/network/ssl/qsslcontext_opensslpre11.cpp +new file mode 100644 +index 0000000000..9c01c2f2dc +--- /dev/null ++++ b/src/network/ssl/qsslcontext_opensslpre11.cpp +@@ -0,0 +1,354 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++ ++#include <QtNetwork/qsslsocket.h> ++#include <QtNetwork/qssldiffiehellmanparameters.h> ++ ++#include "private/qssl_p.h" ++#include "private/qsslcontext_openssl_p.h" ++#include "private/qsslsocket_p.h" ++#include "private/qsslsocket_openssl_p.h" ++#include "private/qsslsocket_openssl_symbols_p.h" ++#include "private/qssldiffiehellmanparameters_p.h" ++ ++QT_BEGIN_NAMESPACE ++ ++// defined in qsslsocket_openssl.cpp: ++extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); ++extern QString getErrorsFromOpenSsl(); ++ ++static inline QString msgErrorSettingEllipticCurves(const QString &why) ++{ ++ return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); ++} ++ ++// static ++void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) ++{ ++ sslContext->sslConfiguration = configuration; ++ sslContext->errorCode = QSslError::NoError; ++ ++ bool client = (mode == QSslSocket::SslClientMode); ++ ++ bool reinitialized = false; ++ bool unsupportedProtocol = false; ++init_context: ++ switch (sslContext->sslConfiguration.protocol()) { ++ case QSsl::SslV2: ++#ifndef OPENSSL_NO_SSL2 ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); ++#else ++ // SSL 2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SslV3: ++#ifndef OPENSSL_NO_SSL3_METHOD ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); ++#else ++ // SSL 3 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::SecureProtocols: ++ // SSLv2 and SSLv3 will be disabled by SSL options ++ // But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. ++ case QSsl::TlsV1SslV3: ++ // SSLv2 will will be disabled by SSL options ++ case QSsl::AnyProtocol: ++ default: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_0: ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); ++ break; ++ case QSsl::TlsV1_1: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); ++#else ++ // TLS 1.1 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_2: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); ++#else ++ // TLS 1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ case QSsl::TlsV1_0OrLater: ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++ break; ++ case QSsl::TlsV1_1OrLater: ++ case QSsl::TlsV1_2OrLater: ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ // Specific protocols will be specified via SSL options. ++ sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); ++#else ++ // TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error ++ sslContext->ctx = 0; ++ unsupportedProtocol = true; ++#endif ++ break; ++ } ++ ++ if (!sslContext->ctx) { ++ // After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them ++ // by re-initializing the library. ++ if (!reinitialized) { ++ reinitialized = true; ++ if (q_SSL_library_init() == 1) ++ goto init_context; ++ } ++ ++ sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( ++ unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() ++ ); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Enable bug workarounds. ++ long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); ++ q_SSL_CTX_set_options(sslContext->ctx, options); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ // Tell OpenSSL to release memory early ++ // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html ++ if (q_SSLeay() >= 0x10000000L) ++ q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); ++#endif ++ ++ // Initialize ciphers ++ QByteArray cipherString; ++ bool first = true; ++ QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); ++ if (ciphers.isEmpty()) ++ ciphers = QSslSocketPrivate::defaultCiphers(); ++ for (const QSslCipher &cipher : qAsConst(ciphers)) { ++ if (first) ++ first = false; ++ else ++ cipherString.append(':'); ++ cipherString.append(cipher.name().toLatin1()); ++ } ++ ++ if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { ++ sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ const QDateTime now = QDateTime::currentDateTimeUtc(); ++ ++ // Add all our CAs to this store. ++ const auto caCertificates = sslContext->sslConfiguration.caCertificates(); ++ for (const QSslCertificate &caCertificate : caCertificates) { ++ // From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: ++ // ++ // If several CA certificates matching the name, key identifier, and ++ // serial number condition are available, only the first one will be ++ // examined. This may lead to unexpected results if the same CA ++ // certificate is available with different expiration dates. If a ++ // ``certificate expired'' verification error occurs, no other ++ // certificate will be searched. Make sure to not have expired ++ // certificates mixed with valid ones. ++ // ++ // See also: QSslSocketBackendPrivate::verify() ++ if (caCertificate.expiryDate() >= now) { ++ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); ++ } ++ } ++ ++ if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { ++ // tell OpenSSL the directories where to look up the root certs on demand ++ const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); ++ for (const QByteArray &unixDir : unixDirs) ++ q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); ++ } ++ ++ if (!sslContext->sslConfiguration.localCertificate().isNull()) { ++ // Require a private key as well. ++ if (sslContext->sslConfiguration.privateKey().isNull()) { ++ sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // Load certificate ++ if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { ++ sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { ++ sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); ++ } else { ++ // Load private key ++ sslContext->pkey = q_EVP_PKEY_new(); ++ // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. ++ // this lead to a memory leak. Now we use the *_set1_* functions which do not ++ // take ownership of the RSA/DSA key instance because the QSslKey already has ownership. ++ if (configuration.d->privateKey.algorithm() == QSsl::Rsa) ++ q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); ++ else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) ++ q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); ++#ifndef OPENSSL_NO_EC ++ else if (configuration.d->privateKey.algorithm() == QSsl::Ec) ++ q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); ++#endif ++ } ++ ++ if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { ++ sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ if (configuration.d->privateKey.algorithm() == QSsl::Opaque) ++ sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey ++ ++ // Check if the certificate matches the private key. ++ if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { ++ sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ // If we have any intermediate certificates then we need to add them to our chain ++ bool first = true; ++ for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { ++ if (first) { ++ first = false; ++ continue; ++ } ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, ++ q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); ++ } ++ } ++ ++ // Initialize peer verification. ++ if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); ++ } else { ++ q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); ++ } ++ ++ // Set verification depth. ++ if (sslContext->sslConfiguration.peerVerifyDepth() != 0) ++ q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); ++ ++ // set persisted session if the user set it ++ if (!configuration.sessionTicket().isEmpty()) ++ sslContext->setSessionASN1(configuration.sessionTicket()); ++ ++ // Set temp DH params ++ QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); ++ ++ if (!dhparams.isValid()) { ++ sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ return; ++ } ++ ++ if (!dhparams.isEmpty()) { ++ const QByteArray ¶ms = dhparams.d->derData; ++ const char *ptr = params.constData(); ++ DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); ++ if (dh == NULL) ++ qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); ++ q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); ++ q_DH_free(dh); ++ } ++ ++#ifndef OPENSSL_NO_EC ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); ++ } else ++#endif ++ { ++ // Set temp ECDH params ++ EC_KEY *ecdh = 0; ++ ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ++ q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); ++ q_EC_KEY_free(ecdh); ++ } ++#endif // OPENSSL_NO_EC ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ if (!client) ++ q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); ++#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) ++ ++ const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); ++ if (!qcurves.isEmpty()) { ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ // Set the curves to be used ++ if (q_SSLeay() >= 0x10002000L) { ++ // SSL_CTX_ctrl wants a non-const pointer as last argument, ++ // but let's avoid a copy into a temporary array ++ if (!q_SSL_CTX_ctrl(sslContext->ctx, ++ SSL_CTRL_SET_CURVES, ++ qcurves.size(), ++ const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } else ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++ { ++ // specific curves requested, but not possible to set -> error ++ sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); ++ sslContext->errorCode = QSslError::UnspecifiedError; ++ } ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +index 90687b05c5..5ebad822f1 100644 +--- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp ++++ b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -50,8 +51,8 @@ + #include <QtCore/qdebug.h> + #endif + +-// For q_BN_is_word. + #include <openssl/bn.h> ++#include <openssl/dh.h> + + QT_BEGIN_NAMESPACE + +@@ -62,13 +63,6 @@ static bool isSafeDH(DH *dh) + + QSslSocketPrivate::ensureInitialized(); + +- // Mark p < 1024 bits as unsafe. +- if (q_BN_num_bits(dh->p) < 1024) { +- return false; +- } +- +- if (q_DH_check(dh, &status) != 1) +- return false; + + // From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters: + // +@@ -81,11 +75,39 @@ static bool isSafeDH(DH *dh) + // Without the test, the IETF parameters would + // fail validation. For details, see Diffie-Hellman + // Parameter Check (when g = 2, must p mod 24 == 11?). ++#if QT_CONFIG(opensslv11) ++ // Mark p < 1024 bits as unsafe. ++ if (q_DH_bits(dh) < 1024) ++ return false; ++ ++ if (q_DH_check(dh, &status) != 1) ++ return false; ++ ++ const BIGNUM *p = nullptr; ++ const BIGNUM *q = nullptr; ++ const BIGNUM *g = nullptr; ++ q_DH_get0_pqg(dh, &p, &q, &g); ++ ++ if (q_BN_is_word(const_cast<BIGNUM *>(g), DH_GENERATOR_2)) { ++ long residue = q_BN_mod_word(p, 24); ++ if (residue == 11 || residue == 23) ++ status &= ~DH_NOT_SUITABLE_GENERATOR; ++ } ++ ++#else ++ // Mark p < 1024 bits as unsafe. ++ if (q_BN_num_bits(dh->p) < 1024) ++ return false; ++ ++ if (q_DH_check(dh, &status) != 1) ++ return false; ++ + if (q_BN_is_word(dh->g, DH_GENERATOR_2)) { + long residue = q_BN_mod_word(dh->p, 24); + if (residue == 11 || residue == 23) + status &= ~DH_NOT_SUITABLE_GENERATOR; + } ++#endif + + bad |= DH_CHECK_P_NOT_PRIME; + bad |= DH_CHECK_P_NOT_SAFE_PRIME; +diff --git a/src/network/ssl/qsslellipticcurve.h b/src/network/ssl/qsslellipticcurve.h +index 231566063e..57dda19bad 100644 +--- a/src/network/ssl/qsslellipticcurve.h ++++ b/src/network/ssl/qsslellipticcurve.h +@@ -80,6 +80,7 @@ private: + friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW; + friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW; + ++ friend class QSslContext; + friend class QSslSocketPrivate; + friend class QSslSocketBackendPrivate; + }; +diff --git a/src/network/ssl/qsslellipticcurve_openssl.cpp b/src/network/ssl/qsslellipticcurve_openssl.cpp +index e18197b703..8cd14837f0 100644 +--- a/src/network/ssl/qsslellipticcurve_openssl.cpp ++++ b/src/network/ssl/qsslellipticcurve_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** + ** Copyright (C) 2014 Governikus GmbH & Co. KG. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -78,17 +79,18 @@ QSslEllipticCurve QSslEllipticCurve::fromShortName(const QString &name) + QSslEllipticCurve result; + + #ifndef OPENSSL_NO_EC +- const QByteArray curveNameLatin1 = name.toLatin1(); + ++ const QByteArray curveNameLatin1 = name.toLatin1(); + int nid = q_OBJ_sn2nid(curveNameLatin1.data()); + + #if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (nid == 0 && q_SSLeay() >= 0x10002000L) ++ if (nid == 0 && QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) + nid = q_EC_curve_nist2nid(curveNameLatin1.data()); + #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + + result.id = nid; +-#endif ++ ++#endif // !OPENSSL_NO_EC + + return result; + } +diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp +index 26119023d1..2b03af9441 100644 +--- a/src/network/ssl/qsslkey_openssl.cpp ++++ b/src/network/ssl/qsslkey_openssl.cpp +@@ -1,6 +1,7 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -87,33 +88,32 @@ bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) + if (pkey == nullptr) + return false; + +- if (pkey->type == EVP_PKEY_RSA) { ++#if QT_CONFIG(opensslv11) ++ const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); ++#else ++ const int keyType = pkey->type; ++#endif ++ if (keyType == EVP_PKEY_RSA) { + isNull = false; + algorithm = QSsl::Rsa; + type = QSsl::PrivateKey; + +- rsa = q_RSA_new(); +- memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); +- ++ rsa = q_EVP_PKEY_get1_RSA(pkey); + return true; +- } +- else if (pkey->type == EVP_PKEY_DSA) { ++ } else if (keyType == EVP_PKEY_DSA) { + isNull = false; + algorithm = QSsl::Dsa; + type = QSsl::PrivateKey; + +- dsa = q_DSA_new(); +- memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA)); +- ++ dsa = q_EVP_PKEY_get1_DSA(pkey); + return true; + } + #ifndef OPENSSL_NO_EC +- else if (pkey->type == EVP_PKEY_EC) { ++ else if (keyType == EVP_PKEY_EC) { + isNull = false; + algorithm = QSsl::Ec; + type = QSsl::PrivateKey; +- ec = q_EC_KEY_dup(q_EVP_PKEY_get1_EC_KEY(pkey)); +- ++ ec = q_EVP_PKEY_get1_EC_KEY(pkey); + return true; + } + #endif +@@ -181,8 +181,8 @@ int QSslKeyPrivate::length() const + return -1; + + switch (algorithm) { +- case QSsl::Rsa: return q_BN_num_bits(rsa->n); +- case QSsl::Dsa: return q_BN_num_bits(dsa->p); ++ case QSsl::Rsa: return q_RSA_bits(rsa); ++ case QSsl::Dsa: return q_DSA_bits(dsa); + #ifndef OPENSSL_NO_EC + case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); + #endif +@@ -276,7 +276,13 @@ Qt::HANDLE QSslKeyPrivate::handle() const + + static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) + { +- EVP_CIPHER_CTX ctx; ++#if QT_CONFIG(opensslv11) ++ EVP_CIPHER_CTX *ctx = q_EVP_CIPHER_CTX_new(); ++#else ++ EVP_CIPHER_CTX evpCipherContext; ++ EVP_CIPHER_CTX *ctx = &evpCipherContext; ++#endif ++ + const EVP_CIPHER* type = 0; + int i = 0, len = 0; + +@@ -294,21 +300,44 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, + + QByteArray output; + output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); +- q_EVP_CIPHER_CTX_init(&ctx); +- q_EVP_CipherInit(&ctx, type, NULL, NULL, enc); +- q_EVP_CIPHER_CTX_set_key_length(&ctx, key.size()); ++ ++#if QT_CONFIG(opensslv11) ++ q_EVP_CIPHER_CTX_reset(ctx); ++#else ++ q_EVP_CIPHER_CTX_init(ctx); ++#endif ++ ++ q_EVP_CipherInit(ctx, type, NULL, NULL, enc); ++ q_EVP_CIPHER_CTX_set_key_length(ctx, key.size()); + if (cipher == QSslKeyPrivate::Rc2Cbc) +- q_EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); +- q_EVP_CipherInit(&ctx, NULL, ++ q_EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); ++ ++#if QT_CONFIG(opensslv11) ++ // EVP_CipherInit in 1.1 resets the context thus making the calls above useless. ++ // We call EVP_CipherInit_ex instead. ++ q_EVP_CipherInit_ex(ctx, nullptr, nullptr, ++ reinterpret_cast<const unsigned char *>(key.constData()), ++ reinterpret_cast<const unsigned char *>(iv.constData()), ++ enc); ++#else ++ q_EVP_CipherInit(ctx, NULL, + reinterpret_cast<const unsigned char *>(key.constData()), + reinterpret_cast<const unsigned char *>(iv.constData()), enc); +- q_EVP_CipherUpdate(&ctx, ++#endif // opensslv11 ++ ++ q_EVP_CipherUpdate(ctx, + reinterpret_cast<unsigned char *>(output.data()), &len, + reinterpret_cast<const unsigned char *>(data.constData()), data.size()); +- q_EVP_CipherFinal(&ctx, ++ q_EVP_CipherFinal(ctx, + reinterpret_cast<unsigned char *>(output.data()) + len, &i); + len += i; +- q_EVP_CIPHER_CTX_cleanup(&ctx); ++ ++#if QT_CONFIG(opensslv11) ++ q_EVP_CIPHER_CTX_reset(ctx); ++ q_EVP_CIPHER_CTX_free(ctx); ++#else ++ q_EVP_CIPHER_CTX_cleanup(ctx); ++#endif + + return output.left(len); + } +diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp +index f5b493897e..45cea490fc 100644 +--- a/src/network/ssl/qsslsocket_openssl.cpp ++++ b/src/network/ssl/qsslsocket_openssl.cpp +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 Governikus GmbH & Co. KG + ** Contact: https://www.qt.io/licensing/ + ** +@@ -97,70 +97,6 @@ bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; + int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; + #endif + +-/* \internal +- +- From OpenSSL's thread(3) manual page: +- +- OpenSSL can safely be used in multi-threaded applications provided that at +- least two callback functions are set. +- +- locking_function(int mode, int n, const char *file, int line) is needed to +- perform locking on shared data structures. (Note that OpenSSL uses a +- number of global data structures that will be implicitly shared +- whenever multiple threads use OpenSSL.) Multi-threaded +- applications will crash at random if it is not set. ... +- ... +- id_function(void) is a function that returns a thread ID. It is not +- needed on Windows nor on platforms where getpid() returns a different +- ID for each thread (most notably Linux) +-*/ +-class QOpenSslLocks +-{ +-public: +- inline QOpenSslLocks() +- : initLocker(QMutex::Recursive), +- locksLocker(QMutex::Recursive) +- { +- QMutexLocker locker(&locksLocker); +- int numLocks = q_CRYPTO_num_locks(); +- locks = new QMutex *[numLocks]; +- memset(locks, 0, numLocks * sizeof(QMutex *)); +- } +- inline ~QOpenSslLocks() +- { +- QMutexLocker locker(&locksLocker); +- for (int i = 0; i < q_CRYPTO_num_locks(); ++i) +- delete locks[i]; +- delete [] locks; +- +- QSslSocketPrivate::deinitialize(); +- } +- inline QMutex *lock(int num) +- { +- QMutexLocker locker(&locksLocker); +- QMutex *tmp = locks[num]; +- if (!tmp) +- tmp = locks[num] = new QMutex(QMutex::Recursive); +- return tmp; +- } +- +- QMutex *globalLock() +- { +- return &locksLocker; +- } +- +- QMutex *initLock() +- { +- return &initLocker; +- } +- +-private: +- QMutex initLocker; +- QMutex locksLocker; +- QMutex **locks; +-}; +-Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) +- + QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() + { + QString errorString; +@@ -175,20 +111,6 @@ QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() + } + + extern "C" { +-static void locking_function(int mode, int lockNumber, const char *, int) +-{ +- QMutex *mutex = openssl_locks()->lock(lockNumber); +- +- // Lock or unlock it +- if (mode & CRYPTO_LOCK) +- mutex->lock(); +- else +- mutex->unlock(); +-} +-static unsigned long id_function() +-{ +- return (quintptr)QThread::currentThreadId(); +-} + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) + static unsigned int q_ssl_psk_client_callback(SSL *ssl, +@@ -227,7 +149,7 @@ QSslSocketBackendPrivate::~QSslSocketBackendPrivate() + destroySslContext(); + } + +-QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) ++QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher) + { + QSslCipher ciph; + +@@ -283,6 +205,7 @@ struct QSslErrorList + QMutex mutex; + QVector<QSslErrorEntry> errors; + }; ++ + Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) + + int q_X509Callback(int ok, X509_STORE_CTX *ctx) +@@ -312,7 +235,7 @@ int q_X509Callback(int ok, X509_STORE_CTX *ctx) + } + #endif + } +- // Always return OK to allow verification to continue. We're handle the ++ // Always return OK to allow verification to continue. We handle the + // errors gracefully after collecting all errors, after verification has + // completed. + return 1; +@@ -397,7 +320,7 @@ bool QSslSocketBackendPrivate::initSslContext() + if (configuration.protocol != QSsl::SslV2 && + configuration.protocol != QSsl::SslV3 && + configuration.protocol != QSsl::UnknownProtocol && +- mode == QSslSocket::SslClientMode && q_SSLeay() >= 0x00090806fL) { ++ mode == QSslSocket::SslClientMode && QSslSocket::sslLibraryVersionNumber() >= 0x00090806fL) { + // Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. + QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; + if (tlsHostName.isEmpty()) +@@ -438,13 +361,13 @@ bool QSslSocketBackendPrivate::initSslContext() + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L + // Save a pointer to this object into the SSL structure. +- if (q_SSLeay() >= 0x10001000L) ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) + q_SSL_set_ex_data(ssl, s_indexForSSLExtraData, this); + #endif + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) + // Set the client callback for PSK +- if (q_SSLeay() >= 0x10001000L) { ++ if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) { + if (mode == QSslSocket::SslClientMode) + q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_client_callback); + else if (mode == QSslSocket::SslServerMode) +@@ -464,16 +387,6 @@ void QSslSocketBackendPrivate::destroySslContext() + sslContextPointer.clear(); + } + +-/*! +- \internal +-*/ +-void QSslSocketPrivate::deinitialize() +-{ +- q_CRYPTO_set_id_callback(0); +- q_CRYPTO_set_locking_callback(0); +- q_ERR_free_strings(); +-} +- + /*! + \internal + +@@ -486,91 +399,6 @@ bool QSslSocketPrivate::supportsSsl() + return ensureLibraryLoaded(); + } + +-bool QSslSocketPrivate::ensureLibraryLoaded() +-{ +- if (!q_resolveOpenSslSymbols()) +- return false; +- +- // Check if the library itself needs to be initialized. +- QMutexLocker locker(openssl_locks()->initLock()); +- +- if (!s_libraryLoaded) { +- s_libraryLoaded = true; +- +- // Initialize OpenSSL. +- q_CRYPTO_set_id_callback(id_function); +- q_CRYPTO_set_locking_callback(locking_function); +- if (q_SSL_library_init() != 1) +- return false; +- q_SSL_load_error_strings(); +- q_OpenSSL_add_all_algorithms(); +- +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- if (q_SSLeay() >= 0x10001000L) +- QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); +-#endif +- +- // Initialize OpenSSL's random seed. +- if (!q_RAND_status()) { +- qWarning("Random number generator not seeded, disabling SSL support"); +- return false; +- } +- } +- return true; +-} +- +-void QSslSocketPrivate::ensureCiphersAndCertsLoaded() +-{ +- QMutexLocker locker(openssl_locks()->initLock()); +- if (s_loadedCiphersAndCerts) +- return; +- s_loadedCiphersAndCerts = true; +- +- resetDefaultCiphers(); +- resetDefaultEllipticCurves(); +- +-#if QT_CONFIG(library) +- //load symbols needed to receive certificates from system store +-#if defined(Q_OS_WIN) +- HINSTANCE hLib = LoadLibraryW(L"Crypt32"); +- if (hLib) { +- ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); +- ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); +- ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); +- if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) +- qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen +- } else { +- qCWarning(lcSsl, "could not load crypt32 library"); // should never happen +- } +-#elif defined(Q_OS_QNX) +- s_loadRootCertsOnDemand = true; +-#elif defined(Q_OS_UNIX) && !defined(Q_OS_MAC) +- // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) +- QList<QByteArray> dirs = unixRootCertDirectories(); +- QStringList symLinkFilter; +- symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); +- for (int a = 0; a < dirs.count(); ++a) { +- QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); +- if (iterator.hasNext()) { +- s_loadRootCertsOnDemand = true; +- break; +- } +- } +-#endif +-#endif // QT_CONFIG(library) +- // if on-demand loading was not enabled, load the certs now +- if (!s_loadRootCertsOnDemand) +- setDefaultCaCertificates(systemCaCertificates()); +-#ifdef Q_OS_WIN +- //Enabled for fetching additional root certs from windows update on windows 6+ +- //This flag is set false by setDefaultCaCertificates() indicating the app uses +- //its own cert bundle rather than the system one. +- //Same logic that disables the unix on demand cert loading. +- //Unlike unix, we do preload the certificates from the cert store. +- if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) +- s_loadRootCertsOnDemand = true; +-#endif +-} + + /*! + \internal +@@ -587,26 +415,6 @@ void QSslSocketPrivate::ensureInitialized() + ensureCiphersAndCertsLoaded(); + } + +-long QSslSocketPrivate::sslLibraryVersionNumber() +-{ +- if (!supportsSsl()) +- return 0; +- +- return q_SSLeay(); +-} +- +-QString QSslSocketPrivate::sslLibraryVersionString() +-{ +- if (!supportsSsl()) +- return QString(); +- +- const char *versionString = q_SSLeay_version(SSLEAY_VERSION); +- if (!versionString) +- return QString(); +- +- return QString::fromLatin1(versionString); +-} +- + long QSslSocketPrivate::sslLibraryBuildVersionNumber() + { + return OPENSSL_VERSION_NUMBER; +@@ -628,7 +436,11 @@ QString QSslSocketPrivate::sslLibraryBuildVersionString() + */ + void QSslSocketPrivate::resetDefaultCiphers() + { ++#if QT_CONFIG(opensslv11) ++ SSL_CTX *myCtx = q_SSL_CTX_new(q_TLS_client_method()); ++#else + SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); ++#endif + SSL *mySsl = q_SSL_new(myCtx); + + QList<QSslCipher> ciphers; +@@ -664,7 +476,7 @@ void QSslSocketPrivate::resetDefaultEllipticCurves() + QVector<QSslEllipticCurve> curves; + + #ifndef OPENSSL_NO_EC +- const size_t curveCount = q_EC_get_builtin_curves(NULL, 0); ++ const size_t curveCount = q_EC_get_builtin_curves(nullptr, 0); + + QVarLengthArray<EC_builtin_curve> builtinCurves(static_cast<int>(curveCount)); + +@@ -698,13 +510,14 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() + if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { + HCERTSTORE hSystemStore; + hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); +- if(hSystemStore) { +- PCCERT_CONTEXT pc = NULL; +- while(1) { +- pc = ptrCertFindCertificateInStore( hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pc); +- if(!pc) ++ if (hSystemStore) { ++ PCCERT_CONTEXT pc = nullptr; ++ while (1) { ++ pc = ptrCertFindCertificateInStore(hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, pc); ++ if (!pc) + break; +- QByteArray der((const char *)(pc->pbCertEncoded), static_cast<int>(pc->cbCertEncoded)); ++ QByteArray der(reinterpret_cast<const char *>(pc->pbCertEncoded), ++ static_cast<int>(pc->cbCertEncoded)); + QSslCertificate cert(der, QSsl::Der); + systemCerts.append(cert); + } +@@ -1504,14 +1317,8 @@ QSslCipher QSslSocketBackendPrivate::sessionCipher() const + { + if (!ssl) + return QSslCipher(); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- // FIXME This is fairly evil, but needed to keep source level compatibility +- // with the OpenSSL 0.9.x implementation at maximum -- some other functions +- // don't take a const SSL_CIPHER* when they should +- SSL_CIPHER *sessionCipher = const_cast<SSL_CIPHER *>(q_SSL_get_current_cipher(ssl)); +-#else +- SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); +-#endif ++ ++ const SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); + return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); + } + +@@ -1537,112 +1344,6 @@ QSsl::SslProtocol QSslSocketBackendPrivate::sessionProtocol() const + return QSsl::UnknownProtocol; + } + +-void QSslSocketBackendPrivate::continueHandshake() +-{ +- Q_Q(QSslSocket); +- // if we have a max read buffer size, reset the plain socket's to match +- if (readBufferMaxSize) +- plainSocket->setReadBufferSize(readBufferMaxSize); +- +- if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) +- configuration.peerSessionShared = true; +- +-#ifdef QT_DECRYPT_SSL_TRAFFIC +- if (ssl->session && ssl->s3) { +- const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); +- QByteArray masterKey(mk, ssl->session->master_key_length); +- const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); +- QByteArray clientRandom(random, SSL3_RANDOM_SIZE); +- +- // different format, needed for e.g. older Wireshark versions: +-// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); +-// QByteArray sessionID(sid, ssl->session->session_id_length); +-// QByteArray debugLineRSA("RSA Session-ID:"); +-// debugLineRSA.append(sessionID.toHex().toUpper()); +-// debugLineRSA.append(" Master-Key:"); +-// debugLineRSA.append(masterKey.toHex().toUpper()); +-// debugLineRSA.append("\n"); +- +- QByteArray debugLineClientRandom("CLIENT_RANDOM "); +- debugLineClientRandom.append(clientRandom.toHex().toUpper()); +- debugLineClientRandom.append(" "); +- debugLineClientRandom.append(masterKey.toHex().toUpper()); +- debugLineClientRandom.append("\n"); +- +- QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); +- QFile file(sslKeyFile); +- if (!file.open(QIODevice::Append)) +- qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; +- if (!file.write(debugLineClientRandom)) +- qCWarning(lcSsl) << "could not write to file" << sslKeyFile; +- file.close(); +- } else { +- qCWarning(lcSsl, "could not decrypt SSL traffic"); +- } +-#endif +- +- // Cache this SSL session inside the QSslContext +- if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { +- if (!sslContextPointer->cacheSession(ssl)) { +- sslContextPointer.clear(); // we could not cache the session +- } else { +- // Cache the session for permanent usage as well +- if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { +- if (!sslContextPointer->sessionASN1().isEmpty()) +- configuration.sslSession = sslContextPointer->sessionASN1(); +- configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); +- } +- } +- } +- +-#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +- +- configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; +- if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { +- // we could not agree -> be conservative and use HTTP/1.1 +- configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); +- } else { +- const unsigned char *proto = 0; +- unsigned int proto_len = 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) { +- q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); +- if (proto_len && mode == QSslSocket::SslClientMode) { +- // Client does not have a callback that sets it ... +- configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; +- } +- } +- +- if (!proto_len) { // Test if NPN was more lucky ... +-#else +- { +-#endif +- q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); +- } +- +- if (proto_len) +- configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); +- else +- configuration.nextNegotiatedProtocol.clear(); +- } +-#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... +- +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { +- EVP_PKEY *key; +- if (q_SSL_get_server_tmp_key(ssl, &key)) +- configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); +- } +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... +- +- connectionEncrypted = true; +- emit q->encrypted(); +- if (autoStartHandshake && pendingClose) { +- pendingClose = false; +- q->disconnectFromHost(); +- } +-} +- + QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) + { + ensureInitialized(); +@@ -1696,12 +1397,12 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & + QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex); + + // Register a custom callback to get all verification errors. +- X509_STORE_set_verify_cb_func(certStore, q_X509Callback); ++ q_X509_STORE_set_verify_cb(certStore, q_X509Callback); + + // Build the chain of intermediate certificates + STACK_OF(X509) *intermediates = 0; + if (certificateChain.length() > 1) { +- intermediates = (STACK_OF(X509) *) q_sk_new_null(); ++ intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null(); + + if (!intermediates) { + q_X509_STORE_free(certStore); +@@ -1715,11 +1416,8 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & + first = false; + continue; + } +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_push( (_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); +-#else +- q_sk_push( (STACK *)intermediates, reinterpret_cast<char *>(cert.handle())); +-#endif ++ ++ q_OPENSSL_sk_push((OPENSSL_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); + } + } + +@@ -1743,11 +1441,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & + (void) q_X509_verify_cert(storeContext); + + q_X509_STORE_CTX_free(storeContext); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- q_sk_free( (_STACK *) intermediates); +-#else +- q_sk_free( (STACK *) intermediates); +-#endif ++ q_OPENSSL_sk_free((OPENSSL_STACK *)intermediates); + + // Now process the errors + const auto errorList = std::move(_q_sslErrorList()->errors); +@@ -1821,7 +1515,8 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device, + // Convert to Qt types + if (!key->d->fromEVP_PKEY(pkey)) { + qCWarning(lcSsl, "Unable to convert private key"); +- q_sk_pop_free(reinterpret_cast<STACK *>(ca), reinterpret_cast<void(*)(void*)>(q_sk_free)); ++ q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca), ++ reinterpret_cast<void (*)(void *)>(q_OPENSSL_sk_free)); + q_X509_free(x509); + q_EVP_PKEY_free(pkey); + q_PKCS12_free(p12); +@@ -1836,7 +1531,11 @@ bool QSslSocketBackendPrivate::importPkcs12(QIODevice *device, + *caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca); + + // Clean up +- q_sk_pop_free(reinterpret_cast<STACK *>(ca), reinterpret_cast<void(*)(void*)>(q_sk_free)); ++ // TODO: verify ASAP, in the past we had sk_pop_free with q_OPENSSL_sk_free ++ // which seems to be blatantly wrong and even crashes with 1.1. ++ q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca), ++ reinterpret_cast<void (*)(void *)>(q_X509_free)); ++ + q_X509_free(x509); + q_EVP_PKEY_free(pkey); + q_PKCS12_free(p12); +diff --git a/src/network/ssl/qsslsocket_openssl11.cpp b/src/network/ssl/qsslsocket_openssl11.cpp +new file mode 100644 +index 0000000000..b6d18943a5 +--- /dev/null ++++ b/src/network/ssl/qsslsocket_openssl11.cpp +@@ -0,0 +1,285 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include <QtCore/qdebug.h> ++#include <QtCore/qdir.h> ++#include <QtCore/qdiriterator.h> ++#include <QtCore/qfile.h> ++#include <QtCore/qmutex.h> ++#include <QtCore/qlibrary.h> ++ ++QT_BEGIN_NAMESPACE ++ ++Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_opensslInitMutex, (QMutex::Recursive)) ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ // This function exists only for compatibility with the pre-11 code, ++ // where deinitialize() actually does some cleanup. To be discarded ++ // once we retire < 1.1. ++} ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ if (q_OPENSSL_init_ssl(0, nullptr) != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms(); ++ ++ QSslSocketBackendPrivate::s_indexForSSLExtraData ++ = q_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0L, nullptr, nullptr, ++ nullptr, nullptr); ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ const QMutexLocker locker(qt_opensslInitMutex); ++ ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_DARWIN) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList<QByteArray> dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_OpenSSL_version_num(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_OpenSSL_version(OPENSSL_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_session_reused(ssl)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (q_SSL_get_session(ssl)) { ++ size_t master_key_len = q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), 0, 0); ++ size_t client_random_len = q_SSL_get_client_random(ssl, 0, 0); ++ QByteArray masterKey(int(master_key_len), 0); // Will not overflow ++ QByteArray clientRandom(int(client_random_len), 0); // Will not overflow ++ ++ q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), ++ reinterpret_cast<unsigned char*>(masterKey.data()), ++ masterKey.size()); ++ q_SSL_get_client_random(ssl, reinterpret_cast<unsigned char *>(clientRandom.data()), ++ clientRandom.size()); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++ ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ if (mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +new file mode 100644 +index 0000000000..2980b3d23e +--- /dev/null ++++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -0,0 +1,132 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++#ifndef QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++#define QSSLSOCKET_OPENSSL11_SYMBOLS_P_H ++ ++// ++// W A R N I N G ++// ------------- ++// ++// This file is not part of the Qt API. It exists purely as an ++// implementation detail. This header file may change from version to ++// version without notice, or even be removed. ++// ++// We mean it. ++// ++ ++// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done ++// in qsslsocket_openssl_symbols_p.h. ++ ++#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H ++#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" ++#endif ++ ++const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); ++ ++Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); ++Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); ++ ++int q_DSA_bits(DSA *a); ++int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); ++int q_EVP_PKEY_base_id(EVP_PKEY *a); ++int q_RSA_bits(RSA *a); ++int q_OPENSSL_sk_num(OPENSSL_STACK *a); ++void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ++OPENSSL_STACK *q_OPENSSL_sk_new_null(); ++void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); ++void q_OPENSSL_sk_free(OPENSSL_STACK *a); ++void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ++int q_SSL_session_reused(SSL *a); ++unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen); ++size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); ++int q_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++const SSL_METHOD *q_TLS_method(); ++const SSL_METHOD *q_TLS_client_method(); ++const SSL_METHOD *q_TLS_server_method(); ++ASN1_TIME *q_X509_getm_notBefore(X509 *a); ++ASN1_TIME *q_X509_getm_notAfter(X509 *a); ++ ++long q_X509_get_version(X509 *a); ++EVP_PKEY *q_X509_get_pubkey(X509 *a); ++void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); ++STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); ++void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ++int q_DH_bits(DH *dh); ++ ++# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ ++ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) ++ ++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) ++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) ++ ++#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS \ ++ | OPENSSL_INIT_LOAD_CONFIG, NULL) ++#define q_OPENSSL_add_all_algorithms_noconf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ ++ | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) ++ ++int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++void q_CRYPTO_free(void *str, const char *file, int line); ++ ++long q_OpenSSL_version_num(); ++const char *q_OpenSSL_version(int type); ++ ++unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); ++ ++#endif +diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h +index b2adb3e547..7f9e884045 100644 +--- a/src/network/ssl/qsslsocket_openssl_p.h ++++ b/src/network/ssl/qsslsocket_openssl_p.h +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -98,8 +98,8 @@ + #include <openssl/crypto.h> + #include <openssl/tls1.h> + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-typedef _STACK STACK; ++#if QT_CONFIG(opensslv11) ++#include <openssl/dh.h> + #endif + + QT_BEGIN_NAMESPACE +@@ -151,7 +151,7 @@ public: + #endif + + Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); +- static QSslCipher QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher); ++ static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); + static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); + static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName); + static QString getErrorsFromOpenSsl(); +diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp +index c344a94427..0ef8bf6b5e 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp ++++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -1,7 +1,8 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. ++** Copyright (C) 2016 Richard J. Moore <rich@kde.org> + ** Contact: https://www.qt.io/licensing/ + ** + ** This file is part of the QtNetwork module of the Qt Toolkit. +@@ -136,49 +137,195 @@ void qsslSocketCannotResolveSymbolWarning(const char *functionName) + + #endif // QT_LINKED_OPENSSL + ++#if QT_CONFIG(opensslv11) ++ ++// Below are the functions first introduced in version 1.1: ++ ++DEFINEFUNC(const unsigned char *, ASN1_STRING_get0_data, const ASN1_STRING *a, a, return 0, return) ++DEFINEFUNC2(int, OPENSSL_init_ssl, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) ++DEFINEFUNC2(int, OPENSSL_init_crypto, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) ++DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return) ++DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) ++DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) ++DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) ++DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) ++DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) ++DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) ++DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return 0, return) ++DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) ++DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) ++DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return) ++DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return) ++DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) ++ ++DEFINEFUNC(const SSL_METHOD *, TLS_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLS_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLS_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_getm_notBefore, X509 *a, a, return 0, return) ++DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *a, a, return 0, return) ++DEFINEFUNC(long, X509_get_version, X509 *a, a, return -1, return) ++DEFINEFUNC(EVP_PKEY *, X509_get_pubkey, X509 *a, a, return 0, return) ++DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_verify_cb verify_cb, verify_cb, return, DUMMYARG) ++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return 0, return) ++DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG) ++DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return) ++DEFINEFUNC(const char *, OpenSSL_version, int a, a, return 0, return) ++DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return) ++DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG) ++DEFINEFUNC(int, DH_bits, DH *dh, dh, return 0, return) ++ ++#else // QT_CONFIG(opensslv11) ++ ++// Functions below are either deprecated or removed in OpenSSL >= 1.1: ++ ++DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) ++ + #ifdef SSLEAY_MACROS + DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return 0, return) + #endif ++DEFINEFUNC2(BIO *, BIO_new_file, const char *filename, filename, const char *mode, mode, return 0, return) ++DEFINEFUNC(void, ERR_clear_error, DUMMYARG, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) ++DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) ++DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) ++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) ++DEFINEFUNC(unsigned long, ERR_peek_last_error, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++ ++#ifdef SSLEAY_MACROS ++DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) ++DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) ++#endif // SSLEAY_MACROS ++ ++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) ++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) ++#else ++DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L ++ ++DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) ++DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#else ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) ++#ifndef OPENSSL_NO_SSL2 ++DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) ++#endif ++ ++DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) ++ ++#ifdef SSLEAY_MACROS ++DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) ++DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) ++#ifndef OPENSSL_NO_EC ++DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) ++#endif ++DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) ++DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) ++#ifndef OPENSSL_NO_EC ++DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) ++#endif ++#endif ++DEFINEFUNC(char *, CONF_get1_default_config_file, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) ++DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) ++DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) ++ ++#endif // QT_CONFIG(opensslv11) ++ + DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return) +-DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) + DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return) +-DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); ++DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return) + DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) + DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) +-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) + DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) + DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) +-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) ++ + DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) + DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L +-DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) +-#endif + DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return) + #ifndef OPENSSL_NO_EC + DEFINEFUNC(const EC_GROUP*, EC_KEY_get0_group, const EC_KEY* k, k, return 0, return) + DEFINEFUNC(int, EC_GROUP_get_degree, const EC_GROUP* g, g, return 0, return) + #endif +-DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) +-DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) +-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) + DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) + DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return) + DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return 0, return) + DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) +-DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) +-DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) +-DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return); ++DEFINEFUNC(EVP_CIPHER_CTX *, EVP_CIPHER_CTX_new, void, DUMMYARG, return 0, return) ++DEFINEFUNC(void, EVP_CIPHER_CTX_free, EVP_CIPHER_CTX *a, a, return, DUMMYARG) ++DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return) + DEFINEFUNC2(int, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX *ctx, ctx, int keylen, keylen, return 0, return) +-DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return); +-DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return); +-DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return); ++DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return) ++DEFINEFUNC6(int, EVP_CipherInit_ex, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *cipher, cipher, ENGINE *impl, impl, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return) ++DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return) ++DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_des_cbc, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return 0, return) ++DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) + DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) + DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return) +@@ -202,10 +349,8 @@ DEFINEFUNC3(int, i2t_ASN1_OBJECT, char *a, a, int b, b, ASN1_OBJECT *c, c, retur + DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d, return -1, return) + + DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return) +-#ifdef SSLEAY_MACROS +-DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) +-DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) +-#else ++ ++#ifndef SSLEAY_MACROS + DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) +@@ -218,7 +363,7 @@ DEFINEFUNC7(int, PEM_write_bio_RSAPrivateKey, BIO *a, a, RSA *b, b, const EVP_CI + #ifndef OPENSSL_NO_EC + DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return) + #endif +-#endif ++#endif // !SSLEAY_MACROS + DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) + DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) +@@ -234,23 +379,10 @@ DEFINEFUNC2(void, RAND_seed, const void *a, a, int b, b, return, DUMMYARG) + DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return) + DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return 0, return) + DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG) +-DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) +-DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) +-DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) +-DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) +-#else +-DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) +-DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) +-DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) +-#endif + DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return) + DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return) +-DEFINEFUNC3(char *, SSL_CIPHER_description, SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) +-DEFINEFUNC2(int, SSL_CIPHER_get_bits, SSL_CIPHER *a, a, int *b, b, return 0, return) ++DEFINEFUNC3(char *, SSL_CIPHER_description, const SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) ++DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *a, a, int *b, b, return 0, return) + DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return) + DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return) + DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return) +@@ -287,8 +419,6 @@ DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return) + #else + DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, return -1, return) + #endif +-DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) +-DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) + DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return) + DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, void *parg, parg, return -1, return) + DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return) +@@ -301,7 +431,6 @@ DEFINEFUNC(void, SSL_SESSION_free, SSL_SESSION *ses, ses, return, DUMMYARG) + DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return 0, return) + DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return 0, return) + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) + DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return) + DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return NULL, return) + #endif +@@ -310,51 +439,9 @@ DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callb + DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG) + DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return) + #endif +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +-DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#else +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) +-#ifndef OPENSSL_NO_SSL2 +-DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif +-DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) +-DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) +-#endif + DEFINEFUNC3(int, SSL_write, SSL *a, a, const void *b, b, int c, c, return -1, return) + DEFINEFUNC2(int, X509_cmp, X509 *a, a, X509 *b, b, return -1, return) ++DEFINEFUNC4(int, X509_digest, const X509 *x509, x509, const EVP_MD *type, type, unsigned char *md, md, unsigned int *len, len, return -1, return) + #ifndef SSLEAY_MACROS + DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return 0, return) + #endif +@@ -378,6 +465,7 @@ DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, ASN1_STRING *b, b, return 0, retu + DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) + DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) + DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) ++DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *a, a, return 0, return) + DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return) + DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return) +@@ -393,25 +481,8 @@ DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, ret + DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return) + DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) +-DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) + DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return) +-#ifdef SSLEAY_MACROS +-DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) +-DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) +-#ifndef OPENSSL_NO_EC +-DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) +-#endif +-DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) +-DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) +-#ifndef OPENSSL_NO_EC +-DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) +-#endif +-#endif +-DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) +-DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) + DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) +-DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) +-DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) + DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return) + DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return 0, return) + #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +@@ -694,8 +765,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl() + #ifndef Q_OS_DARWIN + // second attempt: find the development files libssl.so and libcrypto.so + // +- // disabled on OS X/iOS: +- // OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third ++ // disabled on macOS/iOS: ++ // macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third + // attempt, _after_ <bundle>/Contents/Frameworks has been searched. + // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. + libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); +@@ -754,7 +825,11 @@ bool q_resolveOpenSslSymbols() + static bool symbolsResolved = false; + static bool triedToResolveSymbols = false; + #ifndef QT_NO_THREAD ++#if QT_CONFIG(opensslv11) ++ QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_OPENSSL_init_ssl)); ++#else + QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_SSL_library_init)); ++#endif + #endif + if (symbolsResolved) + return true; +@@ -771,11 +846,145 @@ bool q_resolveOpenSslSymbols() + // failed to load them + return false; + ++#if QT_CONFIG(opensslv11) ++ ++ RESOLVEFUNC(OPENSSL_init_ssl) ++ RESOLVEFUNC(OPENSSL_init_crypto) ++ RESOLVEFUNC(ASN1_STRING_get0_data) ++ RESOLVEFUNC(EVP_CIPHER_CTX_reset) ++ RESOLVEFUNC(EVP_PKEY_base_id) ++ RESOLVEFUNC(RSA_bits) ++ RESOLVEFUNC(OPENSSL_sk_new_null) ++ RESOLVEFUNC(OPENSSL_sk_push) ++ RESOLVEFUNC(OPENSSL_sk_free) ++ RESOLVEFUNC(OPENSSL_sk_num) ++ RESOLVEFUNC(OPENSSL_sk_pop_free) ++ RESOLVEFUNC(OPENSSL_sk_value) ++ RESOLVEFUNC(DH_get0_pqg) ++ RESOLVEFUNC(SSL_CTX_set_options) ++ RESOLVEFUNC(SSL_get_client_random) ++ RESOLVEFUNC(SSL_SESSION_get_master_key) ++ RESOLVEFUNC(SSL_session_reused) ++ RESOLVEFUNC(SSL_get_session) ++ RESOLVEFUNC(CRYPTO_get_ex_new_index) ++ RESOLVEFUNC(TLS_method) ++ RESOLVEFUNC(TLS_client_method) ++ RESOLVEFUNC(TLS_server_method) ++ RESOLVEFUNC(X509_STORE_CTX_get0_chain) ++ RESOLVEFUNC(X509_getm_notBefore) ++ RESOLVEFUNC(X509_getm_notAfter) ++ RESOLVEFUNC(X509_get_version) ++ RESOLVEFUNC(X509_get_pubkey) ++ RESOLVEFUNC(X509_STORE_set_verify_cb) ++ RESOLVEFUNC(CRYPTO_free) ++ RESOLVEFUNC(OpenSSL_version_num) ++ RESOLVEFUNC(OpenSSL_version) ++ if (!_q_OpenSSL_version) { ++ // Apparently, we were built with OpenSSL 1.1 enabled but are now using ++ // a wrong library. ++ delete libs.first; ++ delete libs.second; ++ qCWarning(lcSsl, "Incompatible version of OpenSSL"); ++ return false; ++ } ++ ++ RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) ++ RESOLVEFUNC(DH_bits) ++ RESOLVEFUNC(DSA_bits) ++ ++#else // !opensslv11 ++ ++ RESOLVEFUNC(ASN1_STRING_data) ++ + #ifdef SSLEAY_MACROS + RESOLVEFUNC(ASN1_dup) ++#endif // SSLEAY_MACROS ++ RESOLVEFUNC(BIO_new_file) ++ RESOLVEFUNC(ERR_clear_error) ++ RESOLVEFUNC(CRYPTO_free) ++ RESOLVEFUNC(CRYPTO_num_locks) ++ RESOLVEFUNC(CRYPTO_set_id_callback) ++ RESOLVEFUNC(CRYPTO_set_locking_callback) ++ RESOLVEFUNC(ERR_peek_last_error) ++ RESOLVEFUNC(ERR_free_strings) ++ RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) ++ RESOLVEFUNC(EVP_CIPHER_CTX_init) ++ ++#ifdef SSLEAY_MACROS // ### verify ++ RESOLVEFUNC(PEM_ASN1_read_bio) ++#endif // SSLEAY_MACROS ++ ++ RESOLVEFUNC(sk_new_null) ++ RESOLVEFUNC(sk_push) ++ RESOLVEFUNC(sk_free) ++ RESOLVEFUNC(sk_num) ++ RESOLVEFUNC(sk_pop_free) ++ RESOLVEFUNC(sk_value) ++ RESOLVEFUNC(SSL_library_init) ++ RESOLVEFUNC(SSL_load_error_strings) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(SSL_get_ex_new_index) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++ RESOLVEFUNC(SSLv2_client_method) + #endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++ RESOLVEFUNC(SSLv3_client_method) ++#endif ++ RESOLVEFUNC(SSLv23_client_method) ++ RESOLVEFUNC(TLSv1_client_method) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(TLSv1_1_client_method) ++ RESOLVEFUNC(TLSv1_2_client_method) ++#endif ++#ifndef OPENSSL_NO_SSL2 ++ RESOLVEFUNC(SSLv2_server_method) ++#endif ++#ifndef OPENSSL_NO_SSL3_METHOD ++ RESOLVEFUNC(SSLv3_server_method) ++#endif ++ RESOLVEFUNC(SSLv23_server_method) ++ RESOLVEFUNC(TLSv1_server_method) ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ RESOLVEFUNC(TLSv1_1_server_method) ++ RESOLVEFUNC(TLSv1_2_server_method) ++#endif ++ RESOLVEFUNC(X509_STORE_CTX_get_chain) ++#ifdef SSLEAY_MACROS ++ RESOLVEFUNC(i2d_DSAPrivateKey) ++ RESOLVEFUNC(i2d_RSAPrivateKey) ++ RESOLVEFUNC(d2i_DSAPrivateKey) ++ RESOLVEFUNC(d2i_RSAPrivateKey) ++#endif ++ RESOLVEFUNC(CONF_get1_default_config_file) ++ RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) ++ RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) ++ RESOLVEFUNC(SSLeay) ++ ++ if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { ++ // OpenSSL 1.1 has deprecated and removed SSLeay. We consider a failure to ++ // resolve this symbol as a failure to resolve symbols. ++ // The right operand of '||' above is ... a bit of paranoia. ++ delete libs.first; ++ delete libs.second; ++ qCWarning(lcSsl, "Incompatible version of OpenSSL"); ++ return false; ++ } ++ ++ ++ RESOLVEFUNC(SSLeay_version) ++ ++#ifndef OPENSSL_NO_EC ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) ++ RESOLVEFUNC(EC_curve_nist2nid) ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ++#endif // OPENSSL_NO_EC ++ ++ ++#endif // !opensslv11 ++ + RESOLVEFUNC(ASN1_INTEGER_get) +- RESOLVEFUNC(ASN1_STRING_data) + RESOLVEFUNC(ASN1_STRING_length) + RESOLVEFUNC(ASN1_STRING_to_UTF8) + RESOLVEFUNC(BIO_ctrl) +@@ -794,25 +1003,22 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(BN_is_word) + #endif + RESOLVEFUNC(BN_mod_word) +- RESOLVEFUNC(CRYPTO_free) +- RESOLVEFUNC(CRYPTO_num_locks) +- RESOLVEFUNC(CRYPTO_set_id_callback) +- RESOLVEFUNC(CRYPTO_set_locking_callback) + RESOLVEFUNC(DSA_new) + RESOLVEFUNC(DSA_free) + RESOLVEFUNC(ERR_error_string) + RESOLVEFUNC(ERR_get_error) +- RESOLVEFUNC(ERR_free_strings) +- RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) +- RESOLVEFUNC(EVP_CIPHER_CTX_init) ++ RESOLVEFUNC(EVP_CIPHER_CTX_new) ++ RESOLVEFUNC(EVP_CIPHER_CTX_free) + RESOLVEFUNC(EVP_CIPHER_CTX_ctrl) + RESOLVEFUNC(EVP_CIPHER_CTX_set_key_length) + RESOLVEFUNC(EVP_CipherInit) ++ RESOLVEFUNC(EVP_CipherInit_ex) + RESOLVEFUNC(EVP_CipherUpdate) + RESOLVEFUNC(EVP_CipherFinal) + RESOLVEFUNC(EVP_des_cbc) + RESOLVEFUNC(EVP_des_ede3_cbc) + RESOLVEFUNC(EVP_rc2_cbc) ++ RESOLVEFUNC(EVP_sha1) + RESOLVEFUNC(EVP_PKEY_assign) + RESOLVEFUNC(EVP_PKEY_set1_RSA) + RESOLVEFUNC(EVP_PKEY_set1_DSA) +@@ -834,9 +1040,8 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(i2t_ASN1_OBJECT) + RESOLVEFUNC(OBJ_obj2txt) + RESOLVEFUNC(OBJ_obj2nid) +-#ifdef SSLEAY_MACROS // ### verify +- RESOLVEFUNC(PEM_ASN1_read_bio) +-#else ++ ++#ifndef SSLEAY_MACROS + RESOLVEFUNC(PEM_read_bio_PrivateKey) + RESOLVEFUNC(PEM_read_bio_DSAPrivateKey) + RESOLVEFUNC(PEM_read_bio_RSAPrivateKey) +@@ -849,7 +1054,8 @@ bool q_resolveOpenSslSymbols() + #ifndef OPENSSL_NO_EC + RESOLVEFUNC(PEM_write_bio_ECPrivateKey) + #endif +-#endif ++#endif // !SSLEAY_MACROS ++ + RESOLVEFUNC(PEM_read_bio_PUBKEY) + RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY) + RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY) +@@ -865,12 +1071,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(RAND_status) + RESOLVEFUNC(RSA_new) + RESOLVEFUNC(RSA_free) +- RESOLVEFUNC(sk_new_null) +- RESOLVEFUNC(sk_push) +- RESOLVEFUNC(sk_free) +- RESOLVEFUNC(sk_num) +- RESOLVEFUNC(sk_pop_free) +- RESOLVEFUNC(sk_value) + RESOLVEFUNC(SSL_CIPHER_description) + RESOLVEFUNC(SSL_CIPHER_get_bits) + RESOLVEFUNC(SSL_CTX_check_private_key) +@@ -898,8 +1098,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_get_peer_cert_chain) + RESOLVEFUNC(SSL_get_peer_certificate) + RESOLVEFUNC(SSL_get_verify_result) +- RESOLVEFUNC(SSL_library_init) +- RESOLVEFUNC(SSL_load_error_strings) + RESOLVEFUNC(SSL_new) + RESOLVEFUNC(SSL_ctrl) + RESOLVEFUNC(SSL_read) +@@ -912,7 +1110,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_get1_session) + RESOLVEFUNC(SSL_get_session) + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(SSL_get_ex_new_index) + RESOLVEFUNC(SSL_set_ex_data) + RESOLVEFUNC(SSL_get_ex_data) + #endif +@@ -922,30 +1119,6 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_CTX_use_psk_identity_hint) + #endif + RESOLVEFUNC(SSL_write) +-#ifndef OPENSSL_NO_SSL2 +- RESOLVEFUNC(SSLv2_client_method) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +- RESOLVEFUNC(SSLv3_client_method) +-#endif +- RESOLVEFUNC(SSLv23_client_method) +- RESOLVEFUNC(TLSv1_client_method) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(TLSv1_1_client_method) +- RESOLVEFUNC(TLSv1_2_client_method) +-#endif +-#ifndef OPENSSL_NO_SSL2 +- RESOLVEFUNC(SSLv2_server_method) +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +- RESOLVEFUNC(SSLv3_server_method) +-#endif +- RESOLVEFUNC(SSLv23_server_method) +- RESOLVEFUNC(TLSv1_server_method) +-#if OPENSSL_VERSION_NUMBER >= 0x10001000L +- RESOLVEFUNC(TLSv1_1_server_method) +- RESOLVEFUNC(TLSv1_2_server_method) +-#endif + RESOLVEFUNC(X509_NAME_entry_count) + RESOLVEFUNC(X509_NAME_get_entry) + RESOLVEFUNC(X509_NAME_ENTRY_get_data) +@@ -961,12 +1134,12 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(X509_STORE_CTX_get_error) + RESOLVEFUNC(X509_STORE_CTX_get_error_depth) + RESOLVEFUNC(X509_STORE_CTX_get_current_cert) +- RESOLVEFUNC(X509_STORE_CTX_get_chain) + RESOLVEFUNC(X509_cmp) + #ifndef SSLEAY_MACROS + RESOLVEFUNC(X509_dup) + #endif + RESOLVEFUNC(X509_print) ++ RESOLVEFUNC(X509_digest) + RESOLVEFUNC(X509_EXTENSION_get_object) + RESOLVEFUNC(X509_free) + RESOLVEFUNC(X509_get_ext) +@@ -982,20 +1155,11 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(X509_check_issued) + RESOLVEFUNC(X509_get_issuer_name) + RESOLVEFUNC(X509_get_subject_name) ++ RESOLVEFUNC(X509_get_serialNumber) + RESOLVEFUNC(X509_verify_cert) + RESOLVEFUNC(d2i_X509) + RESOLVEFUNC(i2d_X509) +-#ifdef SSLEAY_MACROS +- RESOLVEFUNC(i2d_DSAPrivateKey) +- RESOLVEFUNC(i2d_RSAPrivateKey) +- RESOLVEFUNC(d2i_DSAPrivateKey) +- RESOLVEFUNC(d2i_RSAPrivateKey) +-#endif +- RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) +- RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) + RESOLVEFUNC(SSL_CTX_load_verify_locations) +- RESOLVEFUNC(SSLeay) +- RESOLVEFUNC(SSLeay_version) + RESOLVEFUNC(i2d_SSL_SESSION) + RESOLVEFUNC(d2i_SSL_SESSION) + #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) +@@ -1019,27 +1183,14 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(EC_KEY_new_by_curve_name) + RESOLVEFUNC(EC_KEY_free) + RESOLVEFUNC(EC_get_builtin_curves) +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (q_SSLeay() >= 0x10002000L) +- RESOLVEFUNC(EC_curve_nist2nid) +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L + #endif // OPENSSL_NO_EC + RESOLVEFUNC(PKCS12_parse) + RESOLVEFUNC(d2i_PKCS12_bio) + RESOLVEFUNC(PKCS12_free) + ++ symbolsResolved = true; + delete libs.first; + delete libs.second; +- if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { +- // OpenSSL 1.1 deprecated and removed SSLeay. We consider a failure to +- // resolve this symbol as a failure to resolve symbols. +- // The right operand of '||' above ... a bit of paranoia. +- qCWarning(lcSsl, "Incompatible version of OpenSSL"); +- return false; +- } +- +- symbolsResolved = true; +- + return true; + } + #endif // QT_CONFIG(library) +diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h +index b35a895d38..796bf2d4f5 100644 +--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h ++++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -1,6 +1,6 @@ + /**************************************************************************** + ** +-** Copyright (C) 2016 The Qt Company Ltd. ++** Copyright (C) 2017 The Qt Company Ltd. + ** Copyright (C) 2014 BlackBerry Limited. All rights reserved. + ** Contact: https://www.qt.io/licensing/ + ** +@@ -56,6 +56,7 @@ + #ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H + #define QSSLSOCKET_OPENSSL_SYMBOLS_P_H + ++ + // + // W A R N I N G + // ------------- +@@ -215,17 +216,20 @@ QT_BEGIN_NAMESPACE + + #endif // !defined QT_LINKED_OPENSSL + ++#if QT_CONFIG(opensslv11) ++#include "qsslsocket_openssl11_symbols_p.h" ++#else ++#include "qsslsocket_opensslpre11_symbols_p.h" ++#endif // QT_CONFIG ++ + bool q_resolveOpenSslSymbols(); + long q_ASN1_INTEGER_get(ASN1_INTEGER *a); +-unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); + int q_ASN1_STRING_length(ASN1_STRING *a); + int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); + long q_BIO_ctrl(BIO *a, int b, long c, void *d); + Q_AUTOTEST_EXPORT int q_BIO_free(BIO *a); +-Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a); + BIO *q_BIO_new_mem_buf(void *a, int b); + int q_BIO_read(BIO *a, void *b, int c); +-Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); + Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c); + int q_BN_num_bits(const BIGNUM *a); + #if OPENSSL_VERSION_NUMBER >= 0x10100000L +@@ -247,26 +251,23 @@ BN_ULONG q_BN_mod_word(const BIGNUM *a, BN_ULONG w); + const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k); + int q_EC_GROUP_get_degree(const EC_GROUP* g); + #endif +-int q_CRYPTO_num_locks(); +-void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); +-void q_CRYPTO_set_id_callback(unsigned long (*a)()); +-void q_CRYPTO_free(void *a); + DSA *q_DSA_new(); + void q_DSA_free(DSA *a); + X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); + char *q_ERR_error_string(unsigned long a, char *b); + unsigned long q_ERR_get_error(); +-void q_ERR_free_strings(); +-void q_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +-void q_EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); ++EVP_CIPHER_CTX *q_EVP_CIPHER_CTX_new(); ++void q_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); + int q_EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); + int q_EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); + int q_EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv, int enc); ++int q_EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); + int q_EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); + int q_EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + const EVP_CIPHER *q_EVP_des_cbc(); + const EVP_CIPHER *q_EVP_des_ede3_cbc(); + const EVP_CIPHER *q_EVP_rc2_cbc(); ++const EVP_MD *q_EVP_sha1(); + int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); + Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); + int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); +@@ -310,7 +311,7 @@ int q_PEM_write_bio_RSAPrivateKey(BIO *a, RSA *b, const EVP_CIPHER *c, unsigned + int q_PEM_write_bio_ECPrivateKey(BIO *a, EC_KEY *b, const EVP_CIPHER *c, unsigned char *d, + int e, pem_password_cb *f, void *g); + #endif +-#endif ++#endif // SSLEAY_MACROS + Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PUBKEY(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d); + DSA *q_PEM_read_bio_DSA_PUBKEY(BIO *a, DSA **b, pem_password_cb *c, void *d); + RSA *q_PEM_read_bio_RSA_PUBKEY(BIO *a, RSA **b, pem_password_cb *c, void *d); +@@ -326,23 +327,10 @@ void q_RAND_seed(const void *a, int b); + int q_RAND_status(); + RSA *q_RSA_new(); + void q_RSA_free(RSA *a); +-int q_sk_num(STACK *a); +-void q_sk_pop_free(STACK *a, void (*b)(void *)); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-_STACK *q_sk_new_null(); +-void q_sk_push(_STACK *st, void *data); +-void q_sk_free(_STACK *a); +-void * q_sk_value(STACK *a, int b); +-#else +-STACK *q_sk_new_null(); +-void q_sk_push(STACK *st, char *data); +-void q_sk_free(STACK *a); +-char * q_sk_value(STACK *a, int b); +-#endif + int q_SSL_accept(SSL *a); + int q_SSL_clear(SSL *a); +-char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c); +-int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b); ++char *q_SSL_CIPHER_description(const SSL_CIPHER *a, char *b, int c); ++int q_SSL_CIPHER_get_bits(const SSL_CIPHER *a, int *b); + int q_SSL_connect(SSL *a); + int q_SSL_CTX_check_private_key(const SSL_CTX *a); + long q_SSL_CTX_ctrl(SSL_CTX *a, int b, long c, void *d); +@@ -374,8 +362,6 @@ int q_SSL_get_error(SSL *a, int b); + STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); + X509 *q_SSL_get_peer_certificate(SSL *a); + long q_SSL_get_verify_result(const SSL *a); +-int q_SSL_library_init(); +-void q_SSL_load_error_strings(); + SSL *q_SSL_new(SSL_CTX *a); + long q_SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); + int q_SSL_read(SSL *a, void *b, int c); +@@ -388,7 +374,6 @@ void q_SSL_SESSION_free(SSL_SESSION *ses); + SSL_SESSION *q_SSL_get1_session(SSL *ssl); + SSL_SESSION *q_SSL_get_session(const SSL *ssl); + #if OPENSSL_VERSION_NUMBER >= 0x10001000L +-int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int q_SSL_set_ex_data(SSL *ssl, int idx, void *arg); + void *q_SSL_get_ex_data(const SSL *ssl, int idx); + #endif +@@ -399,49 +384,6 @@ typedef unsigned int (*q_psk_server_callback_t)(SSL *ssl, const char *identity, + void q_SSL_set_psk_server_callback(SSL *ssl, q_psk_server_callback_t callback); + int q_SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); + #endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +-#ifndef OPENSSL_NO_SSL2 +-const SSL_METHOD *q_SSLv2_client_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-const SSL_METHOD *q_SSLv3_client_method(); +-#endif +-const SSL_METHOD *q_SSLv23_client_method(); +-const SSL_METHOD *q_TLSv1_client_method(); +-const SSL_METHOD *q_TLSv1_1_client_method(); +-const SSL_METHOD *q_TLSv1_2_client_method(); +-#ifndef OPENSSL_NO_SSL2 +-const SSL_METHOD *q_SSLv2_server_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-const SSL_METHOD *q_SSLv3_server_method(); +-#endif +-const SSL_METHOD *q_SSLv23_server_method(); +-const SSL_METHOD *q_TLSv1_server_method(); +-const SSL_METHOD *q_TLSv1_1_server_method(); +-const SSL_METHOD *q_TLSv1_2_server_method(); +-#else +-#ifndef OPENSSL_NO_SSL2 +-SSL_METHOD *q_SSLv2_client_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-SSL_METHOD *q_SSLv3_client_method(); +-#endif +-SSL_METHOD *q_SSLv23_client_method(); +-SSL_METHOD *q_TLSv1_client_method(); +-SSL_METHOD *q_TLSv1_1_client_method(); +-SSL_METHOD *q_TLSv1_2_client_method(); +-#ifndef OPENSSL_NO_SSL2 +-SSL_METHOD *q_SSLv2_server_method(); +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-SSL_METHOD *q_SSLv3_server_method(); +-#endif +-SSL_METHOD *q_SSLv23_server_method(); +-SSL_METHOD *q_TLSv1_server_method(); +-SSL_METHOD *q_TLSv1_1_server_method(); +-SSL_METHOD *q_TLSv1_2_server_method(); +-#endif + int q_SSL_write(SSL *a, const void *b, int c); + int q_X509_cmp(X509 *a, X509 *b); + #ifdef SSLEAY_MACROS +@@ -452,6 +394,7 @@ void *q_ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); + X509 *q_X509_dup(X509 *a); + #endif + void q_X509_print(BIO *a, X509*b); ++int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len); + ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); + void q_X509_free(X509 *a); + X509_EXTENSION *q_X509_get_ext(X509 *a, int b); +@@ -471,6 +414,7 @@ int q_ASN1_STRING_print(BIO *a, ASN1_STRING *b); + int q_X509_check_issued(X509 *a, X509 *b); + X509_NAME *q_X509_get_issuer_name(X509 *a); + X509_NAME *q_X509_get_subject_name(X509 *a); ++ASN1_INTEGER *q_X509_get_serialNumber(X509 *a); + int q_X509_verify_cert(X509_STORE_CTX *ctx); + int q_X509_NAME_entry_count(X509_NAME *a); + X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); +@@ -488,7 +432,6 @@ int q_X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); + int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +-STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + + // Diffie-Hellman support + DH *q_DH_new(); +@@ -522,34 +465,9 @@ int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12); + void q_PKCS12_free(PKCS12 *pkcs12); + +- + #define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) + #define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +-#ifdef SSLEAY_MACROS +-int q_i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +-int q_i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); +-RSA *q_d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +-DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); +-#define q_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ +- (RSA *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_RSAPrivateKey, PEM_STRING_RSA, bp, (void **)x, cb, u) +-#define q_PEM_read_bio_DSAPrivateKey(bp, x, cb, u) \ +- (DSA *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_DSAPrivateKey, PEM_STRING_DSA, bp, (void **)x, cb, u) +-#define q_PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_RSAPrivateKey,PEM_STRING_RSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define q_PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define q_PEM_read_bio_DHparams(bp, dh, cb, u) \ +- (DH *)q_PEM_ASN1_read_bio( \ +- (void *(*)(void**, const unsigned char**, long int))q_d2i_DHparams, PEM_STRING_DHPARAMS, bp, (void **)x, cb, u) +-#endif +-#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) + #define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +-#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) +-#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) + #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) + #define q_sk_GENERAL_NAME_value(st, i) q_SKM_sk_value(GENERAL_NAME, (st), (i)) + #define q_sk_X509_num(st) q_SKM_sk_num(X509, (st)) +@@ -558,18 +476,12 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); + #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) + #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ + q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +-#define q_X509_get_notAfter(x) X509_get_notAfter(x) +-#define q_X509_get_notBefore(x) X509_get_notBefore(x) + #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) + #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) + #define q_OpenSSL_add_all_algorithms() q_OPENSSL_add_all_algorithms_conf() +-void q_OPENSSL_add_all_algorithms_noconf(); +-void q_OPENSSL_add_all_algorithms_conf(); + int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); +-long q_SSLeay(); +-const char *q_SSLeay_version(int type); + int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); + SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); + +diff --git a/src/network/ssl/qsslsocket_opensslpre11.cpp b/src/network/ssl/qsslsocket_opensslpre11.cpp +new file mode 100644 +index 0000000000..e51888c5f2 +--- /dev/null ++++ b/src/network/ssl/qsslsocket_opensslpre11.cpp +@@ -0,0 +1,424 @@ ++/**************************************************************************** ++** ++** Copyright (C) 2017 The Qt Company Ltd. ++** Copyright (C) 2014 Governikus GmbH & Co. KG ++** Contact: https://www.qt.io/licensing/ ++** ++** This file is part of the QtNetwork module of the Qt Toolkit. ++** ++** $QT_BEGIN_LICENSE:LGPL$ ++** Commercial License Usage ++** Licensees holding valid commercial Qt licenses may use this file in ++** accordance with the commercial license agreement provided with the ++** Software or, alternatively, in accordance with the terms contained in ++** a written agreement between you and The Qt Company. For licensing terms ++** and conditions see https://www.qt.io/terms-conditions. For further ++** information use the contact form at https://www.qt.io/contact-us. ++** ++** GNU Lesser General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU Lesser ++** General Public License version 3 as published by the Free Software ++** Foundation and appearing in the file LICENSE.LGPL3 included in the ++** packaging of this file. Please review the following information to ++** ensure the GNU Lesser General Public License version 3 requirements ++** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. ++** ++** GNU General Public License Usage ++** Alternatively, this file may be used under the terms of the GNU ++** General Public License version 2.0 or (at your option) the GNU General ++** Public license version 3 or any later version approved by the KDE Free ++** Qt Foundation. The licenses are as published by the Free Software ++** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 ++** included in the packaging of this file. Please review the following ++** information to ensure the GNU General Public License requirements will ++** be met: https://www.gnu.org/licenses/gpl-2.0.html and ++** https://www.gnu.org/licenses/gpl-3.0.html. ++** ++** $QT_END_LICENSE$ ++** ++****************************************************************************/ ++ ++/**************************************************************************** ++** ++** In addition, as a special exception, the copyright holders listed above give ++** permission to link the code of its release of Qt with the OpenSSL project's ++** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the ++** same license as the original version), and distribute the linked executables. ++** ++** You must comply with the GNU General Public License version 2 in all ++** respects for all of the code used other than the "OpenSSL" code. If you ++** modify this file, you may extend this exception to your version of the file, ++** but you are not obligated to do so. If you do not wish to do so, delete ++** this exception statement from your version of this file. ++** ++****************************************************************************/ ++ ++//#define QT_DECRYPT_SSL_TRAFFIC ++ ++#include "qssl_p.h" ++#include "qsslsocket_openssl_p.h" ++#include "qsslsocket_openssl_symbols_p.h" ++#include "qsslsocket.h" ++#include "qsslkey.h" ++ ++#include <QtCore/qdebug.h> ++#include <QtCore/qdir.h> ++#include <QtCore/qdiriterator.h> ++#include <QtCore/qthread.h> ++#include <QtCore/qfile.h> ++#include <QtCore/qmutex.h> ++#include <QtCore/qlibrary.h> ++ ++QT_BEGIN_NAMESPACE ++ ++/* \internal ++ ++ From OpenSSL's thread(3) manual page: ++ ++ OpenSSL can safely be used in multi-threaded applications provided that at ++ least two callback functions are set. ++ ++ locking_function(int mode, int n, const char *file, int line) is needed to ++ perform locking on shared data structures. (Note that OpenSSL uses a ++ number of global data structures that will be implicitly shared ++ whenever multiple threads use OpenSSL.) Multi-threaded ++ applications will crash at random if it is not set. ... ++ ... ++ id_function(void) is a function that returns a thread ID. It is not ++ needed on Windows nor on platforms where getpid() returns a different ++ ID for each thread (most notably Linux) ++*/ ++ ++class QOpenSslLocks ++{ ++public: ++ QOpenSslLocks() ++ : initLocker(QMutex::Recursive), ++ locksLocker(QMutex::Recursive) ++ { ++ QMutexLocker locker(&locksLocker); ++ int numLocks = q_CRYPTO_num_locks(); ++ locks = new QMutex *[numLocks]; ++ memset(locks, 0, numLocks * sizeof(QMutex *)); ++ } ++ ~QOpenSslLocks() ++ { ++ QMutexLocker locker(&locksLocker); ++ for (int i = 0; i < q_CRYPTO_num_locks(); ++i) ++ delete locks[i]; ++ delete [] locks; ++ ++ QSslSocketPrivate::deinitialize(); ++ } ++ QMutex *lock(int num) ++ { ++ QMutexLocker locker(&locksLocker); ++ QMutex *tmp = locks[num]; ++ if (!tmp) ++ tmp = locks[num] = new QMutex(QMutex::Recursive); ++ return tmp; ++ } ++ ++ QMutex *globalLock() ++ { ++ return &locksLocker; ++ } ++ ++ QMutex *initLock() ++ { ++ return &initLocker; ++ } ++ ++private: ++ QMutex initLocker; ++ QMutex locksLocker; ++ QMutex **locks; ++}; ++ ++Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) ++ ++extern "C" { ++static void locking_function(int mode, int lockNumber, const char *, int) ++{ ++ QMutex *mutex = openssl_locks()->lock(lockNumber); ++ ++ // Lock or unlock it ++ if (mode & CRYPTO_LOCK) ++ mutex->lock(); ++ else ++ mutex->unlock(); ++} ++static unsigned long id_function() ++{ ++ return (quintptr)QThread::currentThreadId(); ++} ++ ++} // extern "C" ++ ++static void q_OpenSSL_add_all_algorithms_safe() ++{ ++#ifdef Q_OS_WIN ++ // Prior to version 1.0.1m an attempt to call OpenSSL_add_all_algorithms on ++ // Windows could result in 'exit' call from OPENSSL_config (QTBUG-43843). ++ // We can predict this and avoid OPENSSL_add_all_algorithms call. ++ // From OpenSSL docs: ++ // "An application does not need to add algorithms to use them explicitly, ++ // for example by EVP_sha1(). It just needs to add them if it (or any of ++ // the functions it calls) needs to lookup algorithms. ++ // The cipher and digest lookup functions are used in many parts of the ++ // library. If the table is not initialized several functions will ++ // misbehave and complain they cannot find algorithms. This includes the ++ // PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in ++ // the OpenSSL mailing lists." ++ // ++ // Anyway, as a result, we chose not to call this function if it would exit. ++ ++ if (q_SSLeay() < 0x100010DFL) ++ { ++ // Now, before we try to call it, check if an attempt to open config file ++ // will result in exit: ++ if (char *confFileName = q_CONF_get1_default_config_file()) { ++ BIO *confFile = q_BIO_new_file(confFileName, "r"); ++ const auto lastError = q_ERR_peek_last_error(); ++ q_CRYPTO_free(confFileName); ++ if (confFile) { ++ q_BIO_free(confFile); ++ } else { ++ q_ERR_clear_error(); ++ if (ERR_GET_REASON(lastError) == ERR_R_SYS_LIB) { ++ qCWarning(lcSsl, "failed to open openssl.conf file"); ++ return; ++ } ++ } ++ } ++ } ++#endif // Q_OS_WIN ++ ++ q_OpenSSL_add_all_algorithms(); ++} ++ ++ ++/*! ++ \internal ++*/ ++void QSslSocketPrivate::deinitialize() ++{ ++ q_CRYPTO_set_id_callback(0); ++ q_CRYPTO_set_locking_callback(0); ++ q_ERR_free_strings(); ++} ++ ++ ++bool QSslSocketPrivate::ensureLibraryLoaded() ++{ ++ if (!q_resolveOpenSslSymbols()) ++ return false; ++ ++ // Check if the library itself needs to be initialized. ++ QMutexLocker locker(openssl_locks()->initLock()); ++ ++ if (!s_libraryLoaded) { ++ s_libraryLoaded = true; ++ ++ // Initialize OpenSSL. ++ q_CRYPTO_set_id_callback(id_function); ++ q_CRYPTO_set_locking_callback(locking_function); ++ if (q_SSL_library_init() != 1) ++ return false; ++ q_SSL_load_error_strings(); ++ q_OpenSSL_add_all_algorithms_safe(); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L ++ if (q_SSLeay() >= 0x10001000L) ++ QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); ++#endif ++ ++ // Initialize OpenSSL's random seed. ++ if (!q_RAND_status()) { ++ qWarning("Random number generator not seeded, disabling SSL support"); ++ return false; ++ } ++ } ++ return true; ++} ++ ++void QSslSocketPrivate::ensureCiphersAndCertsLoaded() ++{ ++ QMutexLocker locker(openssl_locks()->initLock()); ++ if (s_loadedCiphersAndCerts) ++ return; ++ s_loadedCiphersAndCerts = true; ++ ++ resetDefaultCiphers(); ++ resetDefaultEllipticCurves(); ++ ++#if QT_CONFIG(library) ++ //load symbols needed to receive certificates from system store ++#if defined(Q_OS_WIN) ++ HINSTANCE hLib = LoadLibraryW(L"Crypt32"); ++ if (hLib) { ++ ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); ++ ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); ++ ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); ++ if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) ++ qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen ++ } else { ++ qCWarning(lcSsl, "could not load crypt32 library"); // should never happen ++ } ++#elif defined(Q_OS_QNX) ++ s_loadRootCertsOnDemand = true; ++#elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS) ++ // check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) ++ QList<QByteArray> dirs = unixRootCertDirectories(); ++ QStringList symLinkFilter; ++ symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); ++ for (int a = 0; a < dirs.count(); ++a) { ++ QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); ++ if (iterator.hasNext()) { ++ s_loadRootCertsOnDemand = true; ++ break; ++ } ++ } ++#endif ++#endif // QT_CONFIG(library) ++ // if on-demand loading was not enabled, load the certs now ++ if (!s_loadRootCertsOnDemand) ++ setDefaultCaCertificates(systemCaCertificates()); ++#ifdef Q_OS_WIN ++ //Enabled for fetching additional root certs from windows update on windows 6+ ++ //This flag is set false by setDefaultCaCertificates() indicating the app uses ++ //its own cert bundle rather than the system one. ++ //Same logic that disables the unix on demand cert loading. ++ //Unlike unix, we do preload the certificates from the cert store. ++ if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) ++ s_loadRootCertsOnDemand = true; ++#endif ++} ++ ++long QSslSocketPrivate::sslLibraryVersionNumber() ++{ ++ if (!supportsSsl()) ++ return 0; ++ ++ return q_SSLeay(); ++} ++ ++QString QSslSocketPrivate::sslLibraryVersionString() ++{ ++ if (!supportsSsl()) ++ return QString(); ++ ++ const char *versionString = q_SSLeay_version(SSLEAY_VERSION); ++ if (!versionString) ++ return QString(); ++ ++ return QString::fromLatin1(versionString); ++} ++ ++void QSslSocketBackendPrivate::continueHandshake() ++{ ++ Q_Q(QSslSocket); ++ // if we have a max read buffer size, reset the plain socket's to match ++ if (readBufferMaxSize) ++ plainSocket->setReadBufferSize(readBufferMaxSize); ++ ++ if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) ++ configuration.peerSessionShared = true; ++ ++#ifdef QT_DECRYPT_SSL_TRAFFIC ++ if (ssl->session && ssl->s3) { ++ const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); ++ QByteArray masterKey(mk, ssl->session->master_key_length); ++ const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); ++ QByteArray clientRandom(random, SSL3_RANDOM_SIZE); ++ ++ // different format, needed for e.g. older Wireshark versions: ++// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); ++// QByteArray sessionID(sid, ssl->session->session_id_length); ++// QByteArray debugLineRSA("RSA Session-ID:"); ++// debugLineRSA.append(sessionID.toHex().toUpper()); ++// debugLineRSA.append(" Master-Key:"); ++// debugLineRSA.append(masterKey.toHex().toUpper()); ++// debugLineRSA.append("\n"); ++ ++ QByteArray debugLineClientRandom("CLIENT_RANDOM "); ++ debugLineClientRandom.append(clientRandom.toHex().toUpper()); ++ debugLineClientRandom.append(" "); ++ debugLineClientRandom.append(masterKey.toHex().toUpper()); ++ debugLineClientRandom.append("\n"); ++ ++ QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); ++ QFile file(sslKeyFile); ++ if (!file.open(QIODevice::Append)) ++ qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; ++ if (!file.write(debugLineClientRandom)) ++ qCWarning(lcSsl) << "could not write to file" << sslKeyFile; ++ file.close(); ++ } else { ++ qCWarning(lcSsl, "could not decrypt SSL traffic"); ++ } ++#endif ++ ++ // Cache this SSL session inside the QSslContext ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { ++ if (!sslContextPointer->cacheSession(ssl)) { ++ sslContextPointer.clear(); // we could not cache the session ++ } else { ++ // Cache the session for permanent usage as well ++ if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { ++ if (!sslContextPointer->sessionASN1().isEmpty()) ++ configuration.sslSession = sslContextPointer->sessionASN1(); ++ configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); ++ } ++ } ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) ++ ++ configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; ++ if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { ++ // we could not agree -> be conservative and use HTTP/1.1 ++ configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); ++ } else { ++ const unsigned char *proto = 0; ++ unsigned int proto_len = 0; ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L) { ++ q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); ++ if (proto_len && mode == QSslSocket::SslClientMode) { ++ // Client does not have a callback that sets it ... ++ configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; ++ } ++ } ++ ++ if (!proto_len) { // Test if NPN was more lucky ... ++#else ++ { ++#endif ++ q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); ++ } ++ ++ if (proto_len) ++ configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); ++ else ++ configuration.nextNegotiatedProtocol.clear(); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++ if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { ++ EVP_PKEY *key; ++ if (q_SSL_get_server_tmp_key(ssl, &key)) ++ configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); ++ } ++#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... ++ ++ connectionEncrypted = true; ++ emit q->encrypted(); ++ if (autoStartHandshake && pendingClose) { ++ pendingClose = false; ++ q->disconnectFromHost(); ++ } ++} ++ ++QT_END_NAMESPACE +diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri +index d2b0c2d60d..2783effaf1 100644 +--- a/src/network/ssl/ssl.pri ++++ b/src/network/ssl/ssl.pri +@@ -60,13 +60,25 @@ qtConfig(ssl) { + HEADERS += ssl/qsslcontext_openssl_p.h \ + ssl/qsslsocket_openssl_p.h \ + ssl/qsslsocket_openssl_symbols_p.h +- SOURCES += ssl/qsslcertificate_openssl.cpp \ +- ssl/qsslcontext_openssl.cpp \ ++ SOURCES += ssl/qsslsocket_openssl_symbols.cpp \ + ssl/qssldiffiehellmanparameters_openssl.cpp \ ++ ssl/qsslcertificate_openssl.cpp \ + ssl/qsslellipticcurve_openssl.cpp \ + ssl/qsslkey_openssl.cpp \ + ssl/qsslsocket_openssl.cpp \ +- ssl/qsslsocket_openssl_symbols.cpp ++ ssl/qsslcontext_openssl.cpp ++ ++ qtConfig(opensslv11) { ++ HEADERS += ssl/qsslsocket_openssl11_symbols_p.h ++ SOURCES += ssl/qsslsocket_openssl11.cpp \ ++ ssl/qsslcontext_openssl11.cpp ++ ++ QMAKE_CXXFLAGS += -DOPENSSL_API_COMPAT=0x10100000L ++ } else { ++ HEADERS += ssl/qsslsocket_opensslpre11_symbols_p.h ++ SOURCES += ssl/qsslsocket_opensslpre11.cpp \ ++ ssl/qsslcontext_opensslpre11.cpp ++ } + + darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp + diff --git a/pkgs/development/libraries/qt-5/5.9/qtbase.patch b/pkgs/development/libraries/qt-5/5.9/qtbase.patch index 086ddf4fe3e..f87c508a380 100644 --- a/pkgs/development/libraries/qt-5/5.9/qtbase.patch +++ b/pkgs/development/libraries/qt-5/5.9/qtbase.patch @@ -994,28 +994,6 @@ index 9a24938284..74962b4ae2 100644 if (!lib.load()) return false; } -diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp -index c92d8fc3f8..6008063bcf 100644 ---- a/src/network/ssl/qsslcontext_openssl.cpp -+++ b/src/network/ssl/qsslcontext_openssl.cpp -@@ -351,7 +351,7 @@ init_context: - - const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); - if (!qcurves.isEmpty()) { --#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - // Set the curves to be used - if (q_SSLeay() >= 0x10002000L) { - // SSL_CTX_ctrl wants a non-const pointer as last argument, -@@ -364,7 +364,7 @@ init_context: - sslContext->errorCode = QSslError::UnspecifiedError; - } - } else --#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) -+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && defined(SSL_CTRL_SET_CURVES) && !defined(OPENSSL_NO_EC) - { - // specific curves requested, but not possible to set -> error - sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); diff --git a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp b/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp index b5a0a5bbeb..6c20305f4d 100644 --- a/src/plugins/platforminputcontexts/compose/generator/qtablegenerator.cpp diff --git a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix index 07fd048d653..357c81fa4f6 100644 --- a/pkgs/development/libraries/qt-5/modules/qtwebengine.nix +++ b/pkgs/development/libraries/qt-5/modules/qtwebengine.nix @@ -20,8 +20,6 @@ with stdenv.lib; -let qt56 = qtCompatVersion == "5.6"; in - qtModule { name = "qtwebengine"; qtInputs = [ qtdeclarative qtquickcontrols qtlocation qtwebchannel ]; @@ -48,9 +46,9 @@ qtModule { # Patch Chromium build files + optionalString (lib.versionOlder qtCompatVersion "5.12") '' substituteInPlace ./src/3rdparty/chromium/build/common.gypi --replace /bin/echo ${coreutils}/bin/echo - substituteInPlace ./src/3rdparty/chromium/v8/${if qt56 then "build" else "gypfiles"}/toolchain.gypi \ + substituteInPlace ./src/3rdparty/chromium/v8/gypfiles/toolchain.gypi \ --replace /bin/echo ${coreutils}/bin/echo - substituteInPlace ./src/3rdparty/chromium/v8/${if qt56 then "build" else "gypfiles"}/standalone.gypi \ + substituteInPlace ./src/3rdparty/chromium/v8/gypfiles/standalone.gypi \ --replace /bin/echo ${coreutils}/bin/echo '' # Patch library paths in Qt sources @@ -219,7 +217,6 @@ EOF description = "A web engine based on the Chromium web browser"; maintainers = with maintainers; [ matthewbauer ]; platforms = platforms.unix; - broken = qt56; # 2018-09-13, no successful build since 2018-04-25 }; } diff --git a/pkgs/development/libraries/qtstyleplugins/default.nix b/pkgs/development/libraries/qtstyleplugins/default.nix index b94cdd22f7f..dd50e6ec039 100644 --- a/pkgs/development/libraries/qtstyleplugins/default.nix +++ b/pkgs/development/libraries/qtstyleplugins/default.nix @@ -1,6 +1,6 @@ -{ stdenv, fetchFromGitHub, qmake, pkgconfig, gtk2 }: +{ stdenv, mkDerivation, fetchFromGitHub, qmake, pkgconfig, gtk2 }: -stdenv.mkDerivation rec { +mkDerivation rec { name = "qtstyleplugins-2017-03-11"; src = fetchFromGitHub { diff --git a/pkgs/development/libraries/science/math/sympow/default.nix b/pkgs/development/libraries/science/math/sympow/default.nix index 15dd898c455..e67f61599b5 100644 --- a/pkgs/development/libraries/science/math/sympow/default.nix +++ b/pkgs/development/libraries/science/math/sympow/default.nix @@ -9,7 +9,7 @@ }: stdenv.mkDerivation rec { - version = "2.023.4"; + version = "2.023.5"; pname = "sympow"; src = fetchFromGitLab { @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { owner = "forks"; repo = "sympow"; rev = "v${version}"; - sha256 = "0j2qdw9csbr081h8arhlx1z7ibgi5am4ndmvyc8y4hccfa8n4w1y"; + sha256 = "1c5a2pizgqsf3pjkf7rfj20022ym4ixhrddp8ivs2nbzxwz6qvv9"; }; postUnpack = '' diff --git a/pkgs/development/libraries/serialdv/default.nix b/pkgs/development/libraries/serialdv/default.nix new file mode 100644 index 00000000000..11f9d301347 --- /dev/null +++ b/pkgs/development/libraries/serialdv/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, cmake }: + +stdenv.mkDerivation rec { + pname = "serialdv"; + version ="1.1.1"; + + src = fetchFromGitHub { + owner = "f4exb"; + repo = "serialdv"; + rev = "v${version}"; + sha256 = "0swalyp8cbs7if6gxbcl7wf83ml8ch3k7ww4hws89rzpjvf070fr"; + }; + + nativeBuildInputs = [ cmake ]; + + meta = with stdenv.lib; { + description = "C++ Minimal interface to encode and decode audio with AMBE3000 based devices in packet mode over a serial link."; + homepage = "https://github.com/f4exb/serialdv"; + platforms = platforms.linux; + maintainers = with maintainers; [ alkeryn ]; + }; +} + diff --git a/pkgs/development/libraries/shibboleth-sp/default.nix b/pkgs/development/libraries/shibboleth-sp/default.nix index da417c35a6c..77b9714066d 100644 --- a/pkgs/development/libraries/shibboleth-sp/default.nix +++ b/pkgs/development/libraries/shibboleth-sp/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { pname = "shibboleth-sp"; - version = "2.6.1"; + version = "3.0.4.1"; src = fetchgit { url = "https://git.shibboleth.net/git/cpp-sp.git"; rev = version; - sha256 = "01q13p7gc0janjfml6zs46na8qnval8hc833fk2wrnmi4w9xw4fd"; + sha256 = "1qb4dbz5gk10b9w1rf6f4vv7c2wb3a8bfzif6yiaq96ilqad7gdr"; }; nativeBuildInputs = [ autoreconfHook pkgconfig ]; diff --git a/pkgs/development/libraries/simpleitk/default.nix b/pkgs/development/libraries/simpleitk/default.nix index e35be7eda42..1cf40c92db6 100644 --- a/pkgs/development/libraries/simpleitk/default.nix +++ b/pkgs/development/libraries/simpleitk/default.nix @@ -1,12 +1,14 @@ -{ stdenv, fetchurl, cmake, git, swig, lua, itk }: +{ stdenv, fetchFromGitHub, cmake, git, swig, lua, itk, tcl, tk }: stdenv.mkDerivation rec { - pname = "simpleitk"; - version = "1.2.0"; + pname = "simpleitk"; + version = "1.2.2"; - src = fetchurl { - url = "https://sourceforge.net/projects/${pname}/files/SimpleITK/${version}/Source/SimpleITK-${version}.tar.gz"; - sha256 = "10lxsr0144li6bmfgs646cvczczqkgmvvs3ndds66q8lg9zwbnky"; + src = fetchFromGitHub { + owner = "SimpleITK"; + repo = "SimpleITK"; + rev = "v${version}"; + sha256 = "1cgq9cxxplv6bkm2zfvcc0lgyh5zw1hbry30k1429n9737wnadaw"; }; nativeBuildInputs = [ cmake git swig ]; @@ -20,7 +22,7 @@ stdenv.mkDerivation rec { homepage = http://www.simpleitk.org; description = "Simplified interface to ITK"; maintainers = with maintainers; [ bcdarwin ]; - platforms = platforms.unix; + platforms = platforms.linux; license = licenses.asl20; }; } diff --git a/pkgs/development/libraries/tracker-miners/default.nix b/pkgs/development/libraries/tracker-miners/default.nix new file mode 100644 index 00000000000..9f31e70ad53 --- /dev/null +++ b/pkgs/development/libraries/tracker-miners/default.nix @@ -0,0 +1,140 @@ +{ stdenv +, fetchurl +, substituteAll +, intltool +, itstool +, libxslt +, gexiv2 +, tracker +, meson +, ninja +, pkgconfig +, vala +, wrapGAppsHook +, bzip2 +, dbus +, evolution-data-server +, exempi +, flac +, giflib +, glib +, gnome3 +, gst_all_1 +, icu +, json-glib +, libcue +, libexif +, libgrss +, libgsf +, libgxps +, libiptcdata +, libjpeg +, libosinfo +, libpng +, libseccomp +, libsoup +, libtiff +, libuuid +, libvorbis +, libxml2 +, poppler +, taglib +, upower +, totem-pl-parser +}: + +stdenv.mkDerivation rec { + pname = "tracker-miners"; + version = "2.2.2"; + + src = fetchurl { + url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${pname}-${version}.tar.xz"; + sha256 = "0kk5xaajamb8jlm6cfdbc2m3axzr6bnph84m7697xmb0pkg8hdiw"; + }; + + nativeBuildInputs = [ + intltool + itstool + libxslt + meson + ninja + pkgconfig + vala + wrapGAppsHook + ]; + + # TODO: add libenca, libosinfo + buildInputs = [ + bzip2 + dbus + evolution-data-server + exempi + flac + giflib + glib + gexiv2 + totem-pl-parser + tracker + gst_all_1.gst-plugins-base + gst_all_1.gstreamer + icu + json-glib + libcue + libexif + libgrss + libgsf + libgxps + libiptcdata + libjpeg + libosinfo + libpng + libseccomp + libsoup + libtiff + libuuid + libvorbis + libxml2 + poppler + taglib + upower + ]; + + mesonFlags = [ + # TODO: tests do not like our sandbox + "-Dfunctional_tests=false" + "-Ddbus_services=${placeholder "out"}/share/dbus-1/services" + "-Dsystemd_user_services=${placeholder "out"}/lib/systemd/user" + ]; + + patches = [ + (substituteAll { + src = ./fix-paths.patch; + inherit tracker; + }) + # https://bugzilla.gnome.org/show_bug.cgi?id=795576 + (fetchurl { + url = https://bugzilla.gnome.org/attachment.cgi?id=371427; + sha256 = "187flswvzymjfxwfrrhizb1cvs780zm39aa3i2vwa5fbllr7kcpf"; + }) + ]; + + postInstall = '' + glib-compile-schemas "$out/share/glib-2.0/schemas" + ''; + + passthru = { + updateScript = gnome3.updateScript { + packageName = pname; + attrPath = "gnome3.${pname}"; + versionPolicy = "none"; + }; + }; + + meta = with stdenv.lib; { + homepage = https://wiki.gnome.org/Projects/Tracker; + description = "Desktop-neutral user information store, search tool and indexer"; + maintainers = gnome3.maintainers; + license = licenses.gpl2Plus; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/tracker-miners/fix-paths.patch b/pkgs/development/libraries/tracker-miners/fix-paths.patch new file mode 100644 index 00000000000..724c51cb56f --- /dev/null +++ b/pkgs/development/libraries/tracker-miners/fix-paths.patch @@ -0,0 +1,20 @@ +--- a/src/libtracker-miners-common/tracker-domain-ontology.c ++++ b/src/libtracker-miners-common/tracker-domain-ontology.c +@@ -323,7 +323,7 @@ + goto end; + } + } else { +- path = g_build_filename (SHAREDIR, "tracker", "domain-ontologies", ++ path = g_build_filename ("@tracker@", "share", "tracker", "domain-ontologies", + DEFAULT_RULE, NULL); + + if (!g_file_test (path, G_FILE_TEST_IS_REGULAR)) { +@@ -388,7 +388,7 @@ + if (!priv->ontology_location) { + gchar *ontology_path; + +- ontology_path = g_build_filename (SHAREDIR, "tracker", "ontologies", ++ ontology_path = g_build_filename ("@tracker@", "share", "tracker", "ontologies", + priv->ontology_name, NULL); + + if (!g_file_test (ontology_path, G_FILE_TEST_IS_DIR)) { diff --git a/pkgs/development/libraries/tracker/default.nix b/pkgs/development/libraries/tracker/default.nix new file mode 100644 index 00000000000..397184f798a --- /dev/null +++ b/pkgs/development/libraries/tracker/default.nix @@ -0,0 +1,71 @@ +{ stdenv, fetchurl, intltool, meson, ninja, pkgconfig, gobject-introspection, python3 +, gtk-doc, docbook_xsl, docbook_xml_dtd_412, docbook_xml_dtd_43, glibcLocales +, libxml2, upower, glib, wrapGAppsHook, vala, sqlite, libxslt, libstemmer +, gnome3, icu, libuuid, networkmanager, libsoup, json-glib +, substituteAll}: + +let + pname = "tracker"; + version = "2.2.2"; +in stdenv.mkDerivation rec { + name = "${pname}-${version}"; + + outputs = [ "out" "dev" "devdoc" ]; + + src = fetchurl { + url = "mirror://gnome/sources/${pname}/${stdenv.lib.versions.majorMinor version}/${name}.tar.xz"; + sha256 = "1rp2c6k7ajcm553p9kpni87zgi9aplm3s01rl7pk575az5i399y6"; + }; + + nativeBuildInputs = [ + meson ninja vala pkgconfig intltool libxslt wrapGAppsHook gobject-introspection + gtk-doc docbook_xsl docbook_xml_dtd_412 docbook_xml_dtd_43 glibcLocales + python3 # for data-generators + ]; + + buildInputs = [ + glib libxml2 sqlite upower icu networkmanager libsoup libuuid json-glib libstemmer + ]; + + LC_ALL = "en_US.UTF-8"; + + mesonFlags = [ + "-Ddbus_services=${placeholder ''out''}/share/dbus-1/services" + "-Dsystemd_user_services=${placeholder ''out''}/lib/systemd/user" + # TODO: figure out wrapping unit tests, some of them fail on missing gsettings-desktop-schemas + "-Dfunctional_tests=false" + "-Ddocs=true" + ]; + + patches = [ + (substituteAll { + src = ./fix-paths.patch; + gdbus = "${glib.bin}/bin/gdbus"; + }) + ]; + + postPatch = '' + patchShebangs utils/g-ir-merge/g-ir-merge + patchShebangs utils/data-generators/cc/generate + ''; + + postInstall = '' + glib-compile-schemas "$out/share/glib-2.0/schemas" + ''; + + passthru = { + updateScript = gnome3.updateScript { + packageName = pname; + attrPath = "gnome3.${pname}"; + versionPolicy = "none"; + }; + }; + + meta = with stdenv.lib; { + homepage = https://wiki.gnome.org/Projects/Tracker; + description = "Desktop-neutral user information store, search tool and indexer"; + maintainers = gnome3.maintainers; + license = licenses.gpl2; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/libraries/tracker/fix-paths.patch b/pkgs/development/libraries/tracker/fix-paths.patch new file mode 100644 index 00000000000..f5c13c3fcda --- /dev/null +++ b/pkgs/development/libraries/tracker/fix-paths.patch @@ -0,0 +1,12 @@ +--- a/src/tracker-store/tracker-store.desktop.in ++++ b/src/tracker-store/tracker-store.desktop.in +@@ -1,8 +1,8 @@ + [Desktop Entry] + Name=Tracker Store + Comment=Metadata database store and lookup manager +-Exec=gdbus call -e -d org.freedesktop.DBus -o /org/freedesktop/DBus -m org.freedesktop.DBus.StartServiceByName org.freedesktop.Tracker1 0 ++Exec=@gdbus@ call -e -d org.freedesktop.DBus -o /org/freedesktop/DBus -m org.freedesktop.DBus.StartServiceByName org.freedesktop.Tracker1 0 + Terminal=false + Type=Application + Categories=Utility; + X-GNOME-Autostart-enabled=true diff --git a/pkgs/development/libraries/umockdev/default.nix b/pkgs/development/libraries/umockdev/default.nix index 347efb4d3bd..e257088c41f 100644 --- a/pkgs/development/libraries/umockdev/default.nix +++ b/pkgs/development/libraries/umockdev/default.nix @@ -1,30 +1,48 @@ -{ stdenv, fetchFromGitHub, autoreconfHook, gobject-introspection -, pkgconfig, glib, systemd, libgudev, vala }: +{ stdenv, fetchurl, fetchpatch, pkgconfig +, gobject-introspection, glib, systemd, libgudev, vala +, usbutils, which, python3 }: stdenv.mkDerivation rec { pname = "umockdev"; - version = "0.12.1"; + version = "0.13.1"; outputs = [ "bin" "out" "dev" "doc" ]; - src = fetchFromGitHub { - owner = "martinpitt"; - repo = "umockdev"; - rev = version; - sha256 = "0wnmz4jh04mvqzjnqvxrah969gg4x4v8d6ip61zc7jpbwnqb2fpg"; + src = fetchurl { + url = "https://github.com/martinpitt/umockdev/releases/download/${version}/${pname}-${version}.tar.xz"; + sha256 = "197a169imiirgm73d9fn9234cx56agyw9d2f47h7f1d8s2d51lla"; }; + patches = [ + ./fix-test-paths.patch + # https://github.com/NixOS/nixpkgs/commit/9960a2be9b32a6d868046c5bfa188b9a0dd66682#commitcomment-34734461 + ./disable-failed-test.patch + # https://github.com/martinpitt/umockdev/pull/93 + (fetchpatch { + url = "https://github.com/abbradar/umockdev/commit/ce22f893bf50de0b32760238a3e2cfb194db89e9.patch"; + sha256 = "01q3qhs30x8hl23iigimsa2ikbiw8y8y0bpmh02mh1my87shpwnx"; + }) + ]; + # autoreconfHook complains if we try to build the documentation postPatch = '' echo 'EXTRA_DIST =' > docs/gtk-doc.make ''; + preCheck = '' + patchShebangs tests/test-static-code + ''; + buildInputs = [ glib systemd libgudev ]; - nativeBuildInputs = [ autoreconfHook pkgconfig vala gobject-introspection ]; + nativeBuildInputs = [ pkgconfig vala gobject-introspection ]; + + checkInputs = [ python3 which usbutils ]; enableParallelBuilding = true; + doCheck = true; + meta = with stdenv.lib; { description = "Mock hardware devices for creating unit tests"; license = licenses.lgpl2; diff --git a/pkgs/development/libraries/umockdev/disable-failed-test.patch b/pkgs/development/libraries/umockdev/disable-failed-test.patch new file mode 100644 index 00000000000..69e74dd38b8 --- /dev/null +++ b/pkgs/development/libraries/umockdev/disable-failed-test.patch @@ -0,0 +1,13 @@ +diff --git a/tests/test-umockdev-vala.vala b/tests/test-umockdev-vala.vala +index 8b104b2..d9889b8 100644 +--- a/tests/test-umockdev-vala.vala ++++ b/tests/test-umockdev-vala.vala +@@ -668,7 +668,7 @@ main (string[] args) + + /* tests for mocking ioctls */ + Test.add_func ("/umockdev-testbed-vala/usbfs_ioctl_static", t_usbfs_ioctl_static); +- Test.add_func ("/umockdev-testbed-vala/usbfs_ioctl_tree", t_usbfs_ioctl_tree); ++ /* Test.add_func ("/umockdev-testbed-vala/usbfs_ioctl_tree", t_usbfs_ioctl_tree); */ + Test.add_func ("/umockdev-testbed-vala/usbfs_ioctl_tree_with_default_device", t_usbfs_ioctl_tree_with_default_device); + Test.add_func ("/umockdev-testbed-vala/usbfs_ioctl_tree_override_default_device", t_usbfs_ioctl_tree_override_default_device); + Test.add_func ("/umockdev-testbed-vala/usbfs_ioctl_tree_xz", t_usbfs_ioctl_tree_xz); diff --git a/pkgs/development/libraries/umockdev/fix-test-paths.patch b/pkgs/development/libraries/umockdev/fix-test-paths.patch new file mode 100644 index 00000000000..53015d66268 --- /dev/null +++ b/pkgs/development/libraries/umockdev/fix-test-paths.patch @@ -0,0 +1,12 @@ +diff -ru3 umockdev-0.13.1/tests/test-umockdev.c umockdev-0.13.1-new/tests/test-umockdev.c +--- umockdev-0.13.1/tests/test-umockdev.c 2019-08-18 20:39:39.708262517 +0300 ++++ umockdev-0.13.1-new/tests/test-umockdev.c 2019-08-18 21:04:27.688761503 +0300 +@@ -1084,7 +1084,7 @@ + + /* sys/ in other dir should not be trapped */ + errno = 0; +- dirfd = open("/run", O_RDONLY | O_DIRECTORY); ++ dirfd = open("/tmp", O_RDONLY | O_DIRECTORY); + g_assert_cmpint(openat(dirfd, "sys", O_RDONLY), <, 0); + g_assert_cmpint(errno, ==, ENOENT); + g_assert_cmpint(openat64(dirfd, "sys", O_RDONLY), <, 0); diff --git a/pkgs/development/libraries/vapoursynth/default.nix b/pkgs/development/libraries/vapoursynth/default.nix index 65132806d88..53d70f4d369 100644 --- a/pkgs/development/libraries/vapoursynth/default.nix +++ b/pkgs/development/libraries/vapoursynth/default.nix @@ -12,13 +12,13 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "vapoursynth"; - version = "R46"; + version = "R47.2"; src = fetchFromGitHub { owner = "vapoursynth"; repo = "vapoursynth"; rev = version; - sha256 = "1xbwva12l68awplardf47ydlx904wifw468npaxa9cx9dvd5mv13"; + sha256 = "004h0vvih7dlhkcz6l2786pf7s04qhiv0bii4gjx23cxyklglh9i"; }; nativeBuildInputs = [ pkgconfig autoreconfHook nasm makeWrapper ]; diff --git a/pkgs/development/libraries/wcslib/default.nix b/pkgs/development/libraries/wcslib/default.nix index fbf0162eab3..b0c8c1edd66 100644 --- a/pkgs/development/libraries/wcslib/default.nix +++ b/pkgs/development/libraries/wcslib/default.nix @@ -1,14 +1,14 @@ { fetchurl, stdenv, flex }: stdenv.mkDerivation rec { - version = "6.3"; + version = "6.4"; pname = "wcslib"; buildInputs = [ flex ]; src = fetchurl { url = "ftp://ftp.atnf.csiro.au/pub/software/wcslib/${pname}-${version}.tar.bz2"; - sha256 ="1si272bms58yv1zmymx9ypx1ycka8bfqy8wk03rvl6nmciyz0dsc"; + sha256 ="003h23m6d5wcs29v2vbnl63f3z35k5x70lpsqlz5c9bp1bvizh8k"; }; prePatch = '' diff --git a/pkgs/development/libraries/wiredtiger/default.nix b/pkgs/development/libraries/wiredtiger/default.nix index e54e0d4b306..2ebad693de5 100644 --- a/pkgs/development/libraries/wiredtiger/default.nix +++ b/pkgs/development/libraries/wiredtiger/default.nix @@ -26,13 +26,13 @@ let in stdenv.mkDerivation rec { pname = "wiredtiger"; - version = "2.6.1"; + version = "3.2.0"; src = fetchFromGitHub { repo = "wiredtiger"; owner = "wiredtiger"; rev = version; - sha256 = "1nj319w3hvkq3za2dz9m0p1w683gycdb392v1jb910bhzpsq30pd"; + sha256 = "1s27l51p2p3kbdjmccvlg43i7zx84hhchs3779w9giab4nvd0y19"; }; nativeBuildInputs = [ automake autoconf libtool ]; @@ -58,17 +58,10 @@ stdenv.mkDerivation rec { ./autogen.sh ''; - prePatch = stdenv.lib.optionalString stdenv.isDarwin '' - substituteInPlace api/leveldb/leveldb_wt.h --replace \ - '#include "wiredtiger.h"' \ - ''$'#include "wiredtiger.h"\n#include "pthread.h"' - ''; - meta = { homepage = http://wiredtiger.com/; description = ""; license = licenses.gpl2; platforms = intersectLists platforms.unix platforms.x86_64; - broken = true; # Broken by f689a6d1c6796c4a4f116ffec6c4624379e04bc9. }; } diff --git a/pkgs/development/libraries/wlroots/default.nix b/pkgs/development/libraries/wlroots/default.nix index b85616842ea..4d820bd9519 100644 --- a/pkgs/development/libraries/wlroots/default.nix +++ b/pkgs/development/libraries/wlroots/default.nix @@ -6,18 +6,17 @@ stdenv.mkDerivation rec { pname = "wlroots"; - version = "0.6.0"; + version = "0.7.0"; src = fetchFromGitHub { owner = "swaywm"; repo = "wlroots"; rev = version; - sha256 = "1rdcmll5b8w242n6yfjpsaprq280ck2jmbz46dxndhignxgda7k4"; + sha256 = "0jzxa6psbc7ddxli7rbfqxmv1svxnis51l1vch4hb9fdixqm284a"; }; - # $out for the library, $bin for rootston, and $examples for the example - # programs (in examples) AND rootston - outputs = [ "out" "bin" "examples" ]; + # $out for the library and $examples for the example programs (in examples): + outputs = [ "out" "examples" ]; nativeBuildInputs = [ meson ninja pkgconfig ]; @@ -32,31 +31,13 @@ stdenv.mkDerivation rec { "-Dxcb-icccm=enabled" "-Dxcb-errors=enabled" ]; - postPatch = '' - # It happens from time to time that the version wasn't updated: - sed -iE "s/version: '[0-9]\.[0-9]\.[0-9]'/version: '${version}.0'/" meson.build - ''; - postInstall = '' - # Copy the library to $bin and $examples - for output in "$bin" "$examples"; do - mkdir -p $output/lib - cp -P libwlroots* $output/lib/ - done + # Copy the library to $examples + mkdir -p $examples/lib + cp -P libwlroots* $examples/lib/ ''; postFixup = '' - # Install rootston (the reference compositor) to $bin and $examples (this - # has to be done after the fixup phase to prevent broken binaries): - for output in "$bin" "$examples"; do - mkdir -p $output/bin - cp rootston/rootston $output/bin/ - patchelf \ - --set-rpath "$(patchelf --print-rpath $output/bin/rootston | sed s,$out,$output,g)" \ - $output/bin/rootston - mkdir $output/etc - cp ../rootston/rootston.ini.example $output/etc/rootston.ini - done # Install ALL example programs to $examples: # screencopy dmabuf-capture input-inhibitor layer-shell idle-inhibit idle # screenshot output-layout multi-pointer rotation tablet touch pointer @@ -65,9 +46,6 @@ stdenv.mkDerivation rec { cd ./examples for binary in $(find . -executable -type f -printf '%P\n' | grep -vE '\.so'); do cp "$binary" "$examples/bin/wlroots-$binary" - patchelf \ - --set-rpath "$(patchelf --print-rpath $output/bin/rootston | sed s,$out,$examples,g)" \ - "$examples/bin/wlroots-$binary" done ''; diff --git a/pkgs/development/libraries/wxSVG/default.nix b/pkgs/development/libraries/wxSVG/default.nix index bd893892d98..bdc8f8c3435 100644 --- a/pkgs/development/libraries/wxSVG/default.nix +++ b/pkgs/development/libraries/wxSVG/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { pname = "wxSVG"; srcName = "wxsvg-${version}"; - version = "1.5.19"; + version = "1.5.20"; src = fetchurl { url = "mirror://sourceforge/project/wxsvg/wxsvg/${version}/${srcName}.tar.bz2"; - sha256 = "17hgaqxf2y44j1d9z11p107sk7n7m1f9nkaz7z6450pan4zphy1z"; + sha256 = "17j5j61l5mv7x0ncsm1kv3k5mmjqyxfpddjn7j84wdgrj62xldhm"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/development/libraries/xml-security-c/cxx11.patch b/pkgs/development/libraries/xml-security-c/cxx11.patch deleted file mode 100644 index bc87d4c1411..00000000000 --- a/pkgs/development/libraries/xml-security-c/cxx11.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- xml-security-c-1.6.1/xsec/tools/checksig/InteropResolver.cpp.orig 2016-02-02 23:57:26.204655144 +0000 -+++ xml-security-c-1.6.1/xsec/tools/checksig/InteropResolver.cpp 2016-02-02 23:57:35.796692305 +0000 -@@ -645,7 +645,7 @@ - - } - -- return false; -+ return NULL; - - } - diff --git a/pkgs/development/libraries/xml-security-c/default.nix b/pkgs/development/libraries/xml-security-c/default.nix index 5d9e5c29f3c..e6ececf8513 100644 --- a/pkgs/development/libraries/xml-security-c/default.nix +++ b/pkgs/development/libraries/xml-security-c/default.nix @@ -2,20 +2,13 @@ stdenv.mkDerivation rec { pname = "xml-security-c"; - version = "1.7.3"; + version = "2.0.2"; src = fetchurl { url = "https://www.apache.org/dist/santuario/c-library/${pname}-${version}.tar.gz"; - sha256 = "e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583"; + sha256 = "1prh5sxzipkqglpsh53iblbr7rxi54wbijxdjiahzjmrijqa40y3"; }; - patches = [ ./cxx11.patch ]; - - postPatch = '' - mkdir -p xsec/yes/lib - sed -i -e 's/-O2 -DNDEBUG/-DNDEBUG/g' configure - ''; - configureFlags = [ "--with-openssl" "--with-xerces" diff --git a/pkgs/development/libraries/xml-tooling-c/default.nix b/pkgs/development/libraries/xml-tooling-c/default.nix index a1d9b60418c..d5e1eb08fa4 100644 --- a/pkgs/development/libraries/xml-tooling-c/default.nix +++ b/pkgs/development/libraries/xml-tooling-c/default.nix @@ -1,17 +1,19 @@ -{ stdenv, fetchgit, autoreconfHook, boost, curl, openssl, log4shib, xercesc, xml-security-c }: +{ stdenv, fetchgit, autoreconfHook, pkgconfig +, boost, curl, openssl, log4shib, xercesc, xml-security-c +}: stdenv.mkDerivation rec { pname = "xml-tooling-c"; - version = "1.6.3"; + version = "3.0.4"; src = fetchgit { url = "https://git.shibboleth.net/git/cpp-xmltooling.git"; rev = version; - sha256 = "09z2pp3yy3kqx22vwgxyi3s0vlpdv9camw8dpi3q8piff6zxak3q"; + sha256 = "0frj4w70l06nva6dvdcivgm1ax69rqbjdzzbgp0sxhiqhddslbas"; }; buildInputs = [ boost curl openssl log4shib xercesc xml-security-c ]; - nativeBuildInputs = [ autoreconfHook ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; enableParallelBuilding = true; diff --git a/pkgs/development/libraries/xxHash/default.nix b/pkgs/development/libraries/xxHash/default.nix index 39e9fc49382..51165f47a21 100644 --- a/pkgs/development/libraries/xxHash/default.nix +++ b/pkgs/development/libraries/xxHash/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "xxHash"; - version = "0.7.0"; + version = "0.7.1"; src = fetchFromGitHub { owner = "Cyan4973"; repo = "xxHash"; rev = "v${version}"; - sha256 = "19iyr7x0s7in9kp9wrj4iimdx58nv6jndz9x5ndnl07gd90y7jxb"; + sha256 = "0hh1ypwk86m3b0x4433k95f94b48kvl7s79dml0f3g0cv8jdvkgw"; }; outputs = [ "out" "dev" ]; |