qt5: patch for nss

2016-06-03 18:33:32 +10:00 · 2016-06-03 18:33:32 +10:00 · b3a5efef94
commit b3a5efef94
parent 22b805d63e
3 changed files with 58 additions and 2 deletions
--- a/qt5/.md5sum
+++ b/qt5/.md5sum
@ -1,5 +1,6 @@
 47763c168f58b1196271b231f03c8bae  qt-everywhere-opensource-src-5.6.0.tar.xz
 5e96b5cfa248b8b071919adb27abc715  qt5-alsa1.11.patch
+26f5e1e96be524ccad564dc2fdb9766c  qt5-webengine-nss.patch
 28cddedf6c15751d08c1382bf1074fa7  qtbug-44964.patch
 7f152c40947027acba56023e9d693260  qtbug-45812.patch
 b09aa4f5763f013b06153fbdbc844404  qtbug-51648.patch
--- a/qt5/Pkgfile
+++ b/qt5/Pkgfile
@ -6,7 +6,7 @@

 name=qt5
 version=5.6.0
-release=2
+release=3
 source=(http://download.qt.io/official_releases/qt/${version%.*}/$version/single/qt-everywhere-opensource-src-$version.tar.xz
 	qt5-alsa1.11.patch
 	qtbug-51648.patch
@ -15,7 +15,8 @@ source=(http://download.qt.io/official_releases/qt/${version%.*}/$version/single
 	qtbug-45812.patch
 	qtbug-44964.patch
 	qtbug-53071.patch
-	qtbug-53071b.patch)
+	qtbug-53071b.patch
+	qt5-webengine-nss.patch)

 build() {
 	cd qt-everywhere-opensource-src-$version
@ -35,6 +36,10 @@ build() {
 	# Don't compress tablet motion events
 	patch -p1 -d qtbase -i $SRC/qtbug-44964.patch

+	# Broken SSL for some sites #1870
+	# https://github.com/QupZilla/qupzilla/issues/1870
+	patch -p1 -d qtwebengine -i $SRC/qt5-webengine-nss.patch
+
 	# Respect system CXX
 	[ "$CXX" ] || CXX=g++
 	sed -i "/^QMAKE_CXX\s/s|=.*|= $CXX|"  qtbase/mkspecs/common/g++-base.conf
--- a/qt5/qt5-webengine-nss.patch
+++ b/qt5/qt5-webengine-nss.patch
@ -0,0 +1,50 @@
+diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc 
+qtwebengine-opensource-src-5.6.0-beta-chimera-nss-init/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc
+--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc	2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-chimera-nss-init/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc	2016-01-14 
+17:11:38.432633534 +0100
+@@ -57,6 +57,10 @@
+ #include "net/ssl/ssl_platform_key.h"
+ #endif
+ 
+#if defined(USE_NSS_CERTS) || defined(OS_IOS)
+#include "net/cert_net/nss_ocsp.h"
+#endif
+
+ namespace net {
+ 
+ namespace {
+@@ -795,6 +799,14 @@
+   DCHECK(!ssl_);
+   DCHECK(!transport_bio_);
+ 
+#if defined(USE_NSS_CERTS) || defined(OS_IOS)
+  if (ssl_config_.cert_io_enabled) {
+    // TODO(davidben): Move this out of SSLClientSocket. See
+    // https://crbug.com/539520.
+    EnsureNSSHttpIOInit();
+  }
+#endif
+
+   SSLContext* context = SSLContext::GetInstance();
+   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+   
+diff -ur qtwebengine-opensource-src-5.6.0-beta/src/core/config/linux.pri qtwebengine-opensource-src-5.6.0-beta-linux-pri/src/core/config/linux.pri
+--- qtwebengine-opensource-src-5.6.0-beta/src/core/config/linux.pri	2015-12-14 16:27:24.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-linux-pri/src/core/config/linux.pri	2016-01-14 17:31:05.765975551 +0100
+@@ -18,7 +18,13 @@
+     use_kerberos=0 \
+     use_pango=0
+ 
+-!use?(nss) {
+use?(nss) {
+# do a "chimera build" (BoringSSL code, NSS certs): This is the default in
+# Chromium 47+, and it is the only variant that works with NSS 3.21.
+    GYP_CONFIG += use_nss_certs=1 \
+        use_openssl=1 \
+        use_openssl_certs=0
+} else {
+     GYP_CONFIG += use_nss_certs=0 \
+         use_openssl=1 \
+         use_openssl_certs=1
+