cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bring in five patches from Gentoo Linux which fix some known bugs and

Browse Source 
add support for OpenSSL 1.1.x (the latter allows to unbreak the build
on recent FreeBSD versions).
This commit is contained in:
Alexey Dokuchaev 2019-11-15 13:31:14 +00:00
parent f701639dd8
commit ad3d1e1d6d
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=517674
6 changed files with 351 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
net-p2p/eiskaltdcpp-lib/Makefile
View File

@ -14,12 +14,16 @@ COMMENT= Direct Connect client shared library
LICENSE= GPLv3+
LICENSE_FILE= ${WRKSRC}/LICENSE
GENTOO_PATCHES_PREFIX= ${FILESDIR}/gentoo/${PORTNAME}-${PORTVERSION}
EXTRA_PATCHES= ${GENTOO_PATCHES_PREFIX}-ipv6_upnp.patch:-p1 \
${GENTOO_PATCHES_PREFIX}-miniupnpc1.patch:-p1 \
${GENTOO_PATCHES_PREFIX}-miniupnpc2.patch:-p1 \
${GENTOO_PATCHES_PREFIX}-openssl-1.1.patch:-p1 \
${GENTOO_PATCHES_PREFIX}-tray-close.patch:-p1
USE_GITHUB= yes
.if !defined (MASTERDIR)
BROKEN_FreeBSD_12= error: member access into incomplete type 'dh_st'
BROKEN_FreeBSD_13= error: member access into incomplete type 'dh_st'
LIB_DEPENDS= libboost_system.so:devel/boost-libs
USES= cmake gettext compiler:c++11-lib ssl

123
net-p2p/eiskaltdcpp-lib/files/gentoo/eiskaltdcpp-2.2.10-ipv6_upnp.patch Normal file
View File

@ -0,0 +1,123 @@
From 639b9f9aa286f10ce11f9fb28f0c83985f069a0d Mon Sep 17 00:00:00 2001
From: Sergey Farbotka <z8sergey8z@gmail.com>
Date: Mon, 31 Aug 2015 23:55:44 +0300
Subject: [PATCH] Core: send IPv4-only address in UPNP request
The app sends first available local IP address in UPNP request.
If first available address is IPv6, miniupnpd sends the following error:
"Failed to convert hostname '<my-ipv6-address>' to ip address"
As eiskaltdc++ does not support IPv6 yet, we can use IPv4 address only
in UPNP requests.
---
dcpp/ConnectivityManager.cpp | 2 +-
dcpp/Util.cpp | 17 ++++++++++++-----
dcpp/Util.h | 5 +++--
extra/upnpc.cpp | 2 +-
4 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/dcpp/ConnectivityManager.cpp b/dcpp/ConnectivityManager.cpp
index 3495a9a..acc0d68 100644
--- a/dcpp/ConnectivityManager.cpp
+++ b/dcpp/ConnectivityManager.cpp
@@ -90,7 +90,7 @@ void ConnectivityManager::detectConnection() {
autoDetected = true;
- if (!Util::isPrivateIp(Util::getLocalIp())) {
+ if (!Util::isPrivateIp(Util::getLocalIp(AF_INET))) {
SettingsManager::getInstance()->set(SettingsManager::INCOMING_CONNECTIONS, SettingsManager::INCOMING_DIRECT);
log(_("Public IP address detected, selecting active mode with direct connection"));
fire(ConnectivityManagerListener::Finished());
diff --git a/dcpp/Util.cpp b/dcpp/Util.cpp
index dc7e08e..9b5a2ca 100644
--- a/dcpp/Util.cpp
+++ b/dcpp/Util.cpp
@@ -704,7 +704,7 @@ string Util::formatExactSize(int64_t aBytes) {
#endif
}
-vector<string> Util::getLocalIPs() {
+vector<string> Util::getLocalIPs(unsigned short sa_family) {
vector<string> addresses;
#ifdef HAVE_IFADDRS_H
@@ -712,6 +712,9 @@ vector<string> Util::getLocalIPs() {
if (getifaddrs(&ifap) == 0)
{
+ bool ipv4 = (sa_family == AF_UNSPEC) || (sa_family == AF_INET);
+ bool ipv6 = (sa_family == AF_UNSPEC) || (sa_family == AF_INET6);
+
for (struct ifaddrs *i = ifap; i != NULL; i = i->ifa_next)
{
struct sockaddr *sa = i->ifa_addr;
@@ -723,14 +726,14 @@ vector<string> Util::getLocalIPs() {
socklen_t len;
// IPv4 address
- if (sa->sa_family == AF_INET)
+ if (ipv4 && (sa->sa_family == AF_INET))
{
struct sockaddr_in* sai = (struct sockaddr_in*)sa;
src = (void*) &(sai->sin_addr);
len = INET_ADDRSTRLEN;
}
// IPv6 address
- else if (sa->sa_family == AF_INET6)
+ else if (ipv6 && (sa->sa_family == AF_INET6))
{
struct sockaddr_in6* sai6 = (struct sockaddr_in6*)sa;
src = (void*) &(sai6->sin6_addr);
@@ -752,9 +755,13 @@ vector<string> Util::getLocalIPs() {
return addresses;
}
-string Util::getLocalIp() {
+string Util::getLocalIp(unsigned short as_family) {
#ifdef HAVE_IFADDRS_H
- return getLocalIPs().empty() ? "0.0.0.0" : getLocalIPs()[0];
+ vector<string> addresses = getLocalIPs(as_family);
+ if (addresses.empty())
+ return (((as_family == AF_UNSPEC) || (as_family == AF_INET)) ? "0.0.0.0" : "::");
+
+ return addresses[0];
#else
string tmp;
diff --git a/dcpp/Util.h b/dcpp/Util.h
index a489f70..f2842d3 100644
--- a/dcpp/Util.h
+++ b/dcpp/Util.h
@@ -28,6 +28,7 @@
#include <sys/stat.h>
#include <sys/types.h>
+#include <sys/socket.h>
#include <unistd.h>
#include <cstdlib>
#include <vector>
@@ -403,8 +404,8 @@ class Util
}
static string encodeURI(const string& /*aString*/, bool reverse = false);
- static string getLocalIp();
- static std::vector<string> getLocalIPs();
+ static string getLocalIp(unsigned short sa_family = AF_UNSPEC);
+ static std::vector<string> getLocalIPs(unsigned short sa_family = AF_UNSPEC);
static bool isPrivateIp(string const& ip);
static string formatAdditionalInfo(const std::string& aIp, bool sIp, bool sCC);
/**
diff --git a/extra/upnpc.cpp b/extra/upnpc.cpp
index fb61f14..63f6d34 100644
--- a/extra/upnpc.cpp
+++ b/extra/upnpc.cpp
@@ -63,7 +63,7 @@ bool UPnPc::add(const unsigned short port, const UPnP::Protocol protocol, const
const string port_ = Util::toString(port);
return UPNP_AddPortMapping(urls.controlURL, data.first.servicetype, port_.c_str(), port_.c_str(),
- Util::getLocalIp().c_str(), description.c_str(), protocols[protocol], NULL
+ Util::getLocalIp(AF_INET).c_str(), description.c_str(), protocols[protocol], NULL
#if (MINIUPNPC_API_VERSION == 8 || defined(MINIUPNPC16))
, 0) == UPNPCOMMAND_SUCCESS;
#else

31
net-p2p/eiskaltdcpp-lib/files/gentoo/eiskaltdcpp-2.2.10-miniupnpc1.patch Normal file
View File

@ -0,0 +1,31 @@
From 33bf1489e75d1b1cc834d6eb9629598cd77d6c58 Mon Sep 17 00:00:00 2001
From: Pavel Vatagin <pavelvat@gmail.com>
Date: Sun, 17 Jan 2016 03:00:36 +0300
Subject: [PATCH] extra: fix static build for windows with -DLOCAL_MINIUPNP=OFF
---
extra/upnpc.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/extra/upnpc.cpp b/extra/upnpc.cpp
index 63f6d34..40a011a 100644
--- a/extra/upnpc.cpp
+++ b/extra/upnpc.cpp
@@ -42,7 +42,7 @@ using namespace dcpp;
bool UPnPc::init()
{
UPNPDev *devices = upnpDiscover(5000, SettingsManager::getInstance()->isDefault(SettingsManager::BIND_ADDRESS) ? 0 : SETTING(BIND_ADDRESS).c_str(), 0, 0
-#if (MINIUPNPC_API_VERSION == 8 || defined(MINIUPNPC16))
+#if (MINIUPNPC_API_VERSION >= 8 || defined(MINIUPNPC16))
, 0, 0);
#else
);
@@ -64,7 +64,7 @@ bool UPnPc::add(const unsigned short port, const UPnP::Protocol protocol, const
return UPNP_AddPortMapping(urls.controlURL, data.first.servicetype, port_.c_str(), port_.c_str(),
Util::getLocalIp(AF_INET).c_str(), description.c_str(), protocols[protocol], NULL
-#if (MINIUPNPC_API_VERSION == 8 || defined(MINIUPNPC16))
+#if (MINIUPNPC_API_VERSION >= 8 || defined(MINIUPNPC16))
, 0) == UPNPCOMMAND_SUCCESS;
#else
) == UPNPCOMMAND_SUCCESS;

29
net-p2p/eiskaltdcpp-lib/files/gentoo/eiskaltdcpp-2.2.10-miniupnpc2.patch Normal file
View File

@ -0,0 +1,29 @@
From b88120830e974d843cbfec552b639fa72c64dcbd Mon Sep 17 00:00:00 2001
From: Pavel Vatagin <pavelvat@gmail.com>
Date: Fri, 5 Feb 2016 04:15:33 +0300
Subject: [PATCH] extra: fix #332
---
extra/upnpc.cpp | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/extra/upnpc.cpp b/extra/upnpc.cpp
index 40a011a..bbd7bbf 100644
--- a/extra/upnpc.cpp
+++ b/extra/upnpc.cpp
@@ -41,9 +41,13 @@ using namespace dcpp;
bool UPnPc::init()
{
- UPNPDev *devices = upnpDiscover(5000, SettingsManager::getInstance()->isDefault(SettingsManager::BIND_ADDRESS) ? 0 : SETTING(BIND_ADDRESS).c_str(), 0, 0
+ UPNPDev *devices = upnpDiscover(5000, SettingsManager::getInstance()->isDefault(SettingsManager::BIND_ADDRESS) ? 0 : SETTING(BIND_ADDRESS).c_str(), NULL, 0
#if (MINIUPNPC_API_VERSION >= 8 || defined(MINIUPNPC16))
- , 0, 0);
+ , 0
+#if (MINIUPNPC_API_VERSION >= 14)
+ , 2
+#endif
+ , NULL);
#else
);
#endif

138
net-p2p/eiskaltdcpp-lib/files/gentoo/eiskaltdcpp-2.2.10-openssl-1.1.patch Normal file
View File

@ -0,0 +1,138 @@
From 3b9c502ff5c98856d4f8fdb7ed3c6ef34448bfb7 Mon Sep 17 00:00:00 2001
From: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Date: Tue, 7 Feb 2017 09:19:18 +0100
Subject: [PATCH] crypto: add support for OpenSSL 1.1
In OpenSSL 1.1 BN and SSL are opaque structures.
* BN_set0_pqg() has been implemented in 1.1
* SSL_is_server() has been implemented in 1.0.2 and 1.1
Reported-by: Vasiliy Glazov <vascom2@gmail.com>
Closes: https://github.com/eiskaltdcpp/eiskaltdcpp/issues/356
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
---
dcpp/CryptoManager.cpp | 15 +++++++++++----
dcpp/SSLSocket.cpp | 11 +++++++++--
2 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/dcpp/CryptoManager.cpp b/dcpp/CryptoManager.cpp
index 08893a75c..b672d92f4 100644
--- a/dcpp/CryptoManager.cpp
+++ b/dcpp/CryptoManager.cpp
@@ -27,12 +27,20 @@
#include "version.h"
#include <openssl/bn.h>
-
+#include <openssl/rand.h>
#include <bzlib.h>
namespace dcpp {
-
+static const char ciphersuites[] =
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:"
+ "ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:"
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:"
+ "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:"
+ "ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:"
+ "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:"
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA"
+ "!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
CryptoManager::CryptoManager()
:
@@ -42,10 +50,10 @@
{
SSL_library_init();
- clientContext.reset(SSL_CTX_new(TLSv1_client_method()));
- clientVerContext.reset(SSL_CTX_new(TLSv1_client_method()));
- serverContext.reset(SSL_CTX_new(TLSv1_server_method()));
- serverVerContext.reset(SSL_CTX_new(TLSv1_server_method()));
+ clientContext.reset(SSL_CTX_new(SSLv23_client_method()));
+ clientVerContext.reset(SSL_CTX_new(SSLv23_client_method()));
+ serverContext.reset(SSL_CTX_new(SSLv23_server_method()));
+ serverVerContext.reset(SSL_CTX_new(SSLv23_server_method()));
if(clientContext && clientVerContext && serverContext && serverVerContext) {
dh.reset(DH_new());
@@ -101,10 +109,15 @@
};
if(dh) {
- dh->p = BN_bin2bn(dh4096_p, sizeof(dh4096_p), 0);
- dh->g = BN_bin2bn(dh4096_g, sizeof(dh4096_g), 0);
-
+ BIGNUM *p = BN_bin2bn(dh4096_p, sizeof(dh4096_p), 0);
+ BIGNUM *g = BN_bin2bn(dh4096_g, sizeof(dh4096_g), 0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ dh->p = p;
+ dh->g = g;
if (!dh->p || !dh->g) {
+#else
+ if (!DH_set0_pqg(dh, p, NULL, g)) {
+#endif
dh.reset();
} else {
SSL_CTX_set_options(serverContext, SSL_OP_SINGLE_DH_USE);
@@ -112,6 +125,28 @@
SSL_CTX_set_tmp_dh(serverContext, (DH*)dh);
SSL_CTX_set_tmp_dh(serverVerContext, (DH*)dh);
}
+ BN_free(p);
+ BN_free(g);
+ }
+
+ SSL_CTX_set_options(clientContext, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
+ SSL_CTX_set_cipher_list(clientContext, ciphersuites);
+ SSL_CTX_set_options(serverContext, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
+ SSL_CTX_set_cipher_list(serverContext, ciphersuites);
+ SSL_CTX_set_options(clientVerContext, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
+ SSL_CTX_set_cipher_list(clientVerContext, ciphersuites);
+ SSL_CTX_set_options(serverVerContext, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
+ SSL_CTX_set_cipher_list(serverVerContext, ciphersuites);
+
+ EC_KEY* tmp_ecdh;
+ /* NID_X9_62_prime256v1 is not secure, more secure is NID_secp384r1 or NID_secp521r1*/
+ if((tmp_ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) != NULL) {
+ SSL_CTX_set_options(serverContext, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_tmp_ecdh(serverContext, tmp_ecdh);
+ SSL_CTX_set_options(serverVerContext, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_tmp_ecdh(serverVerContext, tmp_ecdh);
+
+ EC_KEY_free(tmp_ecdh);
}
SSL_CTX_set_verify(serverContext, SSL_VERIFY_NONE, 0);
diff --git a/dcpp/SSLSocket.cpp b/dcpp/SSLSocket.cpp
index 1e283eec8..d4dc12388 100644
--- a/dcpp/SSLSocket.cpp
+++ b/dcpp/SSLSocket.cpp
@@ -37,6 +37,13 @@ void SSLSocket::connect(const string& aIp, uint16_t aPort) {
waitConnected(0);
}
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+static inline int SSL_is_server(SSL *s)
+{
+ return s->server;
+}
+#endif
+
bool SSLSocket::waitConnected(uint32_t millis) {
if(!ssl) {
if(!Socket::waitConnected(millis)) {
@@ -54,9 +61,9 @@ bool SSLSocket::waitConnected(uint32_t millis) {
}
while(true) {
- int ret = ssl->server?SSL_accept(ssl):SSL_connect(ssl);
+ int ret = SSL_is_server(ssl)?SSL_accept(ssl):SSL_connect(ssl);
if(ret == 1) {
- dcdebug("Connected to SSL server using %s as %s\n", SSL_get_cipher(ssl), ssl->server?"server":"client");
+ dcdebug("Connected to SSL server using %s as %s\n", SSL_get_cipher(ssl), SSL_is_server(ssl)?"server":"client");
return true;
}
if(!waitWant(ret, millis)) {

23
net-p2p/eiskaltdcpp-lib/files/gentoo/eiskaltdcpp-2.2.10-tray-close.patch Normal file
View File

@ -0,0 +1,23 @@
From 35edb67258747a4704bad0288d9d02d3486493d8 Mon Sep 17 00:00:00 2001
From: aneo78 <aneo78@yandex.ru>
Date: Fri, 11 Aug 2017 23:29:33 +0700
Subject: [PATCH] fix issue 363: eiskaltdcpp-qt don't close in Qt5
---
eiskaltdcpp-qt/src/MainWindow.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/eiskaltdcpp-qt/src/MainWindow.cpp b/eiskaltdcpp-qt/src/MainWindow.cpp
index a80c5e9c0..e8b49e4b6 100644
--- a/eiskaltdcpp-qt/src/MainWindow.cpp
+++ b/eiskaltdcpp-qt/src/MainWindow.cpp
@@ -390,6 +390,9 @@ void MainWindow::closeEvent(QCloseEvent *c_e){
if (ConnectionManager::getInstance())
ConnectionManager::getInstance()->disconnect();
+ if (Notification::getInstance())
+ Notify->enableTray(false);
+
d->arena->hide();
d->arena->setWidget(NULL);