Merge pull request #1994 from nextcloud/cleanup_stale_files

Remove now unused Qt patch files
This commit is contained in:
Michael Schuster 2020-05-19 20:45:05 +02:00 committed by GitHub
commit 1f402e3482
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 0 additions and 494 deletions

View file

@ -1,23 +0,0 @@
# This DockerFile is used to create the image used for Jenkins, the CI system (see Jenkinsfile)
# It is not meant to be used to create the production packages.
# Distro with Qt 5.6
FROM ubuntu:yakkety
RUN apt-get update -q && DEBIAN_FRONTEND=noninteractive apt-get install -q -y --no-install-recommends \
locales \
build-essential \
clang \
ninja-build \
cmake \
extra-cmake-modules \
libsqlite3-dev \
libssl-dev \
libcmocka-dev \
libcloudproviders-dev \
qt5-default \
qttools5-dev-tools \
libqt5webkit5-dev \
qt5keychain-dev \
kio-dev \
&& apt-get clean

View file

@ -1,20 +0,0 @@
## Patches used
There are our patches on top of Qt 5.6.2, which we are currently
using for our binary packages on Windows and macOS. Most of them
have been sent upstream and are part of newer Qt releases.
All changes are designed to be upstream, and all those that are
special hacks to Qt will bear a NOUPSTREAM in their name
You can apply those patches on a git clone using:
```
git am <client>/admin/qt/patches/qtbase/*.patch
```
You can update them using:
```
git format-patch -N --no-signature -o <client>/admin/qt/patches/qtbase/ <v5.x.y>
```

View file

@ -1,27 +0,0 @@
From 96c34ce85136cbdc16ef83effa8a13137f7ae4c5 Mon Sep 17 00:00:00 2001
From: Jocelyn Turcotte <jturcotte@woboq.com>
Date: Fri, 6 Mar 2015 16:12:37 +0100
Subject: [PATCH] [NOUPSTREAM] Fix -force-debug-info with macx-clang
---
mkspecs/common/clang.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/mkspecs/common/clang.conf b/mkspecs/common/clang.conf
index e003b94..e9b3291 100644
--- a/mkspecs/common/clang.conf
+++ b/mkspecs/common/clang.conf
@@ -21,11 +21,13 @@ QMAKE_CFLAGS_PRECOMPILE = -x c-header -c ${QMAKE_PCH_INPUT} -o ${QMAKE_
QMAKE_CFLAGS_USE_PRECOMPILE = -Xclang -include-pch -Xclang ${QMAKE_PCH_OUTPUT}
QMAKE_CFLAGS_LTCG = -flto
QMAKE_CFLAGS_DISABLE_LTCG = -fno-lto
+QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO = $$QMAKE_CFLAGS_OPTIMIZE -g
QMAKE_CXXFLAGS_PRECOMPILE = -x c++-header -c ${QMAKE_PCH_INPUT} -o ${QMAKE_PCH_OUTPUT}
QMAKE_CXXFLAGS_USE_PRECOMPILE = $$QMAKE_CFLAGS_USE_PRECOMPILE
QMAKE_CXXFLAGS_LTCG = $$QMAKE_CFLAGS_LTCG
QMAKE_CXXFLAGS_DISABLE_LTCG = $$QMAKE_CFLAGS_DISABLE_LTCG
+QMAKE_CXXFLAGS_RELEASE_WITH_DEBUGINFO = $$QMAKE_CFLAGS_RELEASE_WITH_DEBUGINFO
QMAKE_CXXFLAGS_CXX11 = -std=c++11
QMAKE_CXXFLAGS_CXX14 = -std=c++1y
QMAKE_CXXFLAGS_CXX1Z = -std=c++1z

View file

@ -1,148 +0,0 @@
From e6bccb1f0d8ca59acb1ffdac74a823c06346e7f3 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <daniel@molkentin.de>
Date: Mon, 16 Nov 2015 15:02:37 +0100
Subject: [PATCH] Remove legacy platform code in QSslSocket for OS X < 10.5
This avoids manual symbol lookups and makes the code more readable.
Mark identical code.
Also use smart pointers instead of manual memory management.
(Backport of d42d7781f1cd62c3c7c008859507f24a1ff5bb2a to Qt 5.4)
Change-Id: I62820313dce87de6623cdc87b6e1361200ed7822
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
Conflicts:
src/network/ssl/qsslsocket_openssl.cpp
---
src/network/ssl/qsslsocket_openssl.cpp | 81 +++++++++++-----------------------
src/network/ssl/qsslsocket_p.h | 6 +--
2 files changed, 26 insertions(+), 61 deletions(-)
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 82644c1..415f147 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -76,14 +76,17 @@
#include <string.h>
+#ifdef Q_OS_DARWIN
+# include <private/qcore_mac_p.h>
+#endif
+
+#ifdef Q_OS_OSX
+# include <Security/Security.h>
+#endif
+
QT_BEGIN_NAMESPACE
-#if defined(Q_OS_MACX)
-#define kSecTrustSettingsDomainSystem 2 // so we do not need to include the header file
- PtrSecCertificateCopyData QSslSocketPrivate::ptrSecCertificateCopyData = 0;
- PtrSecTrustSettingsCopyCertificates QSslSocketPrivate::ptrSecTrustSettingsCopyCertificates = 0;
- PtrSecTrustCopyAnchorCertificates QSslSocketPrivate::ptrSecTrustCopyAnchorCertificates = 0;
-#elif defined(Q_OS_WIN)
+#if defined(Q_OS_WIN)
PtrCertOpenSystemStoreW QSslSocketPrivate::ptrCertOpenSystemStoreW = 0;
PtrCertFindCertificateInStore QSslSocketPrivate::ptrCertFindCertificateInStore = 0;
PtrCertCloseStore QSslSocketPrivate::ptrCertCloseStore = 0;
@@ -509,23 +512,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
#ifndef QT_NO_LIBRARY
//load symbols needed to receive certificates from system store
-#if defined(Q_OS_MACX)
- QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security");
- if (securityLib.load()) {
- ptrSecCertificateCopyData = (PtrSecCertificateCopyData) securityLib.resolve("SecCertificateCopyData");
- if (!ptrSecCertificateCopyData)
- qCWarning(lcSsl, "could not resolve symbols in security library"); // should never happen
-
- ptrSecTrustSettingsCopyCertificates = (PtrSecTrustSettingsCopyCertificates) securityLib.resolve("SecTrustSettingsCopyCertificates");
- if (!ptrSecTrustSettingsCopyCertificates) { // method was introduced in Leopard, use legacy method if it's not there
- ptrSecTrustCopyAnchorCertificates = (PtrSecTrustCopyAnchorCertificates) securityLib.resolve("SecTrustCopyAnchorCertificates");
- if (!ptrSecTrustCopyAnchorCertificates)
- qCWarning(lcSsl, "could not resolve symbols in security library"); // should never happen
- }
- } else {
- qCWarning(lcSsl, "could not load security library");
- }
-#elif defined(Q_OS_WIN)
+#if defined(Q_OS_WIN)
HINSTANCE hLib = LoadLibraryW(L"Crypt32");
if (hLib) {
#if defined(Q_OS_WINCE)
@@ -693,40 +680,22 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
timer.start();
#endif
QList<QSslCertificate> systemCerts;
-#if defined(Q_OS_MACX)
- CFArrayRef cfCerts;
- OSStatus status = 1;
-
- CFDataRef SecCertificateCopyData (
- SecCertificateRef certificate
- );
-
- if (ptrSecCertificateCopyData) {
- if (ptrSecTrustSettingsCopyCertificates)
- status = ptrSecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
- else if (ptrSecTrustCopyAnchorCertificates)
- status = ptrSecTrustCopyAnchorCertificates(&cfCerts);
- if (!status) {
- CFIndex size = CFArrayGetCount(cfCerts);
- for (CFIndex i = 0; i < size; ++i) {
- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
- CFDataRef data;
-
- data = ptrSecCertificateCopyData(cfCert);
-
- if (data == NULL) {
- qCWarning(lcSsl, "error retrieving a CA certificate from the system store");
- } else {
- QByteArray rawCert = QByteArray::fromRawData((const char *)CFDataGetBytePtr(data), CFDataGetLength(data));
- systemCerts.append(QSslCertificate::fromData(rawCert, QSsl::Der));
- CFRelease(data);
- }
+ // note: also check implementation in openssl_mac.cpp
+#if defined(Q_OS_OSX)
+ // SecTrustSettingsCopyCertificates is not defined on iOS.
+ QCFType<CFArrayRef> cfCerts;
+
+ OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
+ if (status == noErr ) {
+ const CFIndex size = CFArrayGetCount(cfCerts);
+ for (CFIndex i = 0; i < size; ++i) {
+ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
+ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
+ if (derData == NULL) {
+ qWarning("error retrieving a CA certificate from the system store");
+ } else {
+ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
}
- CFRelease(cfCerts);
- }
- else {
- // no detailed error handling here
- qCWarning(lcSsl, "could not retrieve system CA certificates");
}
}
#elif defined(Q_OS_WIN)
diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h
index d651971..17cc7b4 100644
--- a/src/network/ssl/qsslsocket_p.h
+++ b/src/network/ssl/qsslsocket_p.h
@@ -151,11 +151,7 @@ public:
static bool isMatchingHostname(const QSslCertificate &cert, const QString &peerName);
Q_AUTOTEST_EXPORT static bool isMatchingHostname(const QString &cn, const QString &hostname);
-#if defined(Q_OS_MACX)
- static PtrSecCertificateCopyData ptrSecCertificateCopyData;
- static PtrSecTrustSettingsCopyCertificates ptrSecTrustSettingsCopyCertificates;
- static PtrSecTrustCopyAnchorCertificates ptrSecTrustCopyAnchorCertificates;
-#elif defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
+#if defined(Q_OS_WIN) && !defined(Q_OS_WINRT)
static PtrCertOpenSystemStoreW ptrCertOpenSystemStoreW;
static PtrCertFindCertificateInStore ptrCertFindCertificateInStore;
static PtrCertCloseStore ptrCertCloseStore;

View file

@ -1,276 +0,0 @@
From 9d1120db0973ea7741b13a6555b20ae61f6d037e Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <danimo@owncloud.com>
Date: Wed, 25 Nov 2015 12:37:27 +0100
Subject: [PATCH] QSslSocket: evaluate CAs in all keychain categories
This will make sure that certs in the domainUser (login),
and domainAdmin (per machine) keychain are being picked up
in systemCaCertificates() in addition to the (usually immutable)
DomainSystem keychain.
Also consider the trust settings on OS X: If a certificate
is either fully trusted or trusted for the purpose of SSL,
it will be accepted.
[ChangeLog][Platform Specific Changes] OS X now accepts trusted
certificates from the login and system keychains.
(Backport of fe3a84138e266c425f11353f7d8dc28a588af89e)
Task-number: QTBUG-32898
Change-Id: Ia23083d5af74388eeee31ba07239735cbbe64368
Reviewed-by: Markus Goetz (Woboq GmbH) <markus@woboq.com>
---
src/network/ssl/qsslsocket.cpp | 4 +
src/network/ssl/qsslsocket_mac_shared.cpp | 148 ++++++++++++++++++++++++++++++
src/network/ssl/qsslsocket_openssl.cpp | 30 +-----
src/network/ssl/ssl.pri | 4 +-
4 files changed, 158 insertions(+), 28 deletions(-)
create mode 100644 src/network/ssl/qsslsocket_mac_shared.cpp
diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp
index 549906a..7b202b0 100644
--- a/src/network/ssl/qsslsocket.cpp
+++ b/src/network/ssl/qsslsocket.cpp
@@ -1508,6 +1508,10 @@ QList<QSslCertificate> QSslSocket::defaultCaCertificates()
returned by defaultCaCertificates(). You can replace that database
with your own with setDefaultCaCertificates().
+ \note: On OS X, only certificates that are either trusted for all
+ purposes or trusted for the purpose of SSL in the keychain will be
+ returned.
+
\sa caCertificates(), defaultCaCertificates(), setDefaultCaCertificates()
*/
QList<QSslCertificate> QSslSocket::systemCaCertificates()
diff --git a/src/network/ssl/qsslsocket_mac_shared.cpp b/src/network/ssl/qsslsocket_mac_shared.cpp
new file mode 100644
index 0000000..60fea4c
--- /dev/null
+++ b/src/network/ssl/qsslsocket_mac_shared.cpp
@@ -0,0 +1,148 @@
+/****************************************************************************
+**
+** Copyright (C) 2015 The Qt Company Ltd.
+** Copyright (C) 2015 ownCloud Inc
+** Contact: http://www.qt.io/licensing/
+**
+** This file is part of the QtNetwork module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL21$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see http://www.qt.io/terms-conditions. For further
+** information use the contact form at http://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 2.1 or version 3 as published by the Free
+** Software Foundation and appearing in the file LICENSE.LGPLv21 and
+** LICENSE.LGPLv3 included in the packaging of this file. Please review the
+** following information to ensure the GNU Lesser General Public License
+** requirements will be met: https://www.gnu.org/licenses/lgpl.html and
+** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
+**
+** As a special exception, The Qt Company gives you certain additional
+** rights. These rights are described in The Qt Company LGPL Exception
+** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+//#define QSSLSOCKET_DEBUG
+//#define QT_DECRYPT_SSL_TRAFFIC
+
+#include "qsslsocket.h"
+
+#ifndef QT_NO_OPENSSL
+# include "qsslsocket_openssl_p.h"
+# include "qsslsocket_openssl_symbols_p.h"
+#endif
+
+#include "qsslcertificate_p.h"
+
+#ifdef Q_OS_DARWIN
+# include <private/qcore_mac_p.h>
+#endif
+
+#include <QtCore/qdebug.h>
+
+#ifdef Q_OS_OSX
+# include <Security/Security.h>
+#endif
+
+
+QT_BEGIN_NAMESPACE
+
+#ifdef Q_OS_OSX
+namespace {
+
+bool hasTrustedSslServerPolicy(SecPolicyRef policy, CFDictionaryRef props) {
+ QCFType<CFDictionaryRef> policyProps = SecPolicyCopyProperties(policy);
+ // only accept certificates with policies for SSL server validation for now
+ if (CFEqual(CFDictionaryGetValue(policyProps, kSecPolicyOid), kSecPolicyAppleSSL)) {
+ CFBooleanRef policyClient;
+ if (CFDictionaryGetValueIfPresent(policyProps, kSecPolicyClient, reinterpret_cast<const void**>(&policyClient)) &&
+ CFEqual(policyClient, kCFBooleanTrue)) {
+ return false; // no client certs
+ }
+ if (!CFDictionaryContainsKey(props, kSecTrustSettingsResult)) {
+ // as per the docs, no trust settings result implies full trust
+ return true;
+ }
+ CFNumberRef number = static_cast<CFNumberRef>(CFDictionaryGetValue(props, kSecTrustSettingsResult));
+ SecTrustSettingsResult settingsResult;
+ CFNumberGetValue(number, kCFNumberSInt32Type, &settingsResult);
+ switch (settingsResult) {
+ case kSecTrustSettingsResultTrustRoot:
+ case kSecTrustSettingsResultTrustAsRoot:
+ return true;
+ default:
+ return false;
+ }
+ }
+ return false;
+}
+
+bool isCaCertificateTrusted(SecCertificateRef cfCert, int domain)
+{
+ QCFType<CFArrayRef> cfTrustSettings;
+ OSStatus status = SecTrustSettingsCopyTrustSettings(cfCert, domain, &cfTrustSettings);
+ if (status == noErr) {
+ CFIndex size = CFArrayGetCount(cfTrustSettings);
+ // if empty, trust for everything (as per the Security Framework documentation)
+ if (size == 0) {
+ return true;
+ } else {
+ for (CFIndex i = 0; i < size; ++i) {
+ CFDictionaryRef props = static_cast<CFDictionaryRef>(CFArrayGetValueAtIndex(cfTrustSettings, i));
+ if (CFDictionaryContainsKey(props, kSecTrustSettingsPolicy)) {
+ if (hasTrustedSslServerPolicy((SecPolicyRef)CFDictionaryGetValue(props, kSecTrustSettingsPolicy), props))
+ return true;
+ }
+ }
+ }
+ } else {
+ qWarning("Error receiving trust for a CA certificate");
+ }
+ return false;
+}
+
+} // anon namespace
+#endif // Q_OS_OSX
+
+QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
+{
+ ensureInitialized();
+
+ QList<QSslCertificate> systemCerts;
+ // SecTrustSettingsCopyCertificates is not defined on iOS.
+#ifdef Q_OS_OSX
+ QCFType<CFArrayRef> cfCerts;
+ // iterate through all enum members, order:
+ // kSecTrustSettingsDomainUser, kSecTrustSettingsDomainAdmin, kSecTrustSettingsDomainSystem
+ for (int dom = kSecTrustSettingsDomainUser; dom <= kSecTrustSettingsDomainSystem; dom++) {
+ OSStatus status = SecTrustSettingsCopyCertificates(dom, &cfCerts);
+ if (status == noErr) {
+ const CFIndex size = CFArrayGetCount(cfCerts);
+ for (CFIndex i = 0; i < size; ++i) {
+ SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
+ QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
+ if (::isCaCertificateTrusted(cfCert, dom)) {
+ if (derData == NULL) {
+ qWarning("Error retrieving a CA certificate from the system store");
+ } else {
+ systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
+ }
+ }
+ }
+ }
+ }
+#endif
+ return systemCerts;
+}
+
+QT_END_NAMESPACE
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index 415f147..7a3cb42 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -76,14 +76,6 @@
#include <string.h>
-#ifdef Q_OS_DARWIN
-# include <private/qcore_mac_p.h>
-#endif
-
-#ifdef Q_OS_OSX
-# include <Security/Security.h>
-#endif
-
QT_BEGIN_NAMESPACE
#if defined(Q_OS_WIN)
@@ -672,6 +664,7 @@ void QSslSocketPrivate::resetDefaultEllipticCurves()
setDefaultSupportedEllipticCurves(curves);
}
+#ifndef Q_OS_DARWIN // Apple implementation in qsslsocket_mac_shared.cpp
QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
{
ensureInitialized();
@@ -680,25 +673,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
timer.start();
#endif
QList<QSslCertificate> systemCerts;
- // note: also check implementation in openssl_mac.cpp
-#if defined(Q_OS_OSX)
- // SecTrustSettingsCopyCertificates is not defined on iOS.
- QCFType<CFArrayRef> cfCerts;
-
- OSStatus status = SecTrustSettingsCopyCertificates(kSecTrustSettingsDomainSystem, &cfCerts);
- if (status == noErr ) {
- const CFIndex size = CFArrayGetCount(cfCerts);
- for (CFIndex i = 0; i < size; ++i) {
- SecCertificateRef cfCert = (SecCertificateRef)CFArrayGetValueAtIndex(cfCerts, i);
- QCFType<CFDataRef> derData = SecCertificateCopyData(cfCert);
- if (derData == NULL) {
- qWarning("error retrieving a CA certificate from the system store");
- } else {
- systemCerts << QSslCertificate(QByteArray::fromCFData(derData), QSsl::Der);
- }
- }
- }
-#elif defined(Q_OS_WIN)
+#if defined(Q_OS_WIN)
if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) {
HCERTSTORE hSystemStore;
#if defined(Q_OS_WINCE)
@@ -775,6 +750,7 @@ QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates()
return systemCerts;
}
+#endif // Q_OS_DARWIN
void QSslSocketBackendPrivate::startClientEncryption()
{
diff --git a/src/network/ssl/ssl.pri b/src/network/ssl/ssl.pri
index 29c47cd..8eb605b 100644
--- a/src/network/ssl/ssl.pri
+++ b/src/network/ssl/ssl.pri
@@ -62,7 +62,9 @@ contains(QT_CONFIG, openssl) | contains(QT_CONFIG, openssl-linked) {
ssl/qsslsocket_openssl.cpp \
ssl/qsslsocket_openssl_symbols.cpp
-android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
+ darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp
+
+ android:!android-no-sdk: SOURCES += ssl/qsslsocket_openssl_android.cpp
# Add optional SSL libs
# Static linking of OpenSSL with msvc: