From: chaoskagami Date: Thu, 29 Oct 2015 20:38:32 +0000 (-0400) Subject: Add some patches X-Git-Url: https://chaos.moe/g/?a=commitdiff_plain;h=4cca2b650789a3cb36f4c376d78a41d6884a0d81;p=misc%2Fpatchrepo.git Add some patches --- diff --git a/README.md b/README.md index a9ed0bc..cb19930 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,8 @@ Everything in here is a patch meant to be applied to code. Some of these might b They either fix a bug, fix a build, or change functionality. Point is, I have a lot of them. +I make every effort to slap documentation at the head of every patch, so read it. + * aria2/ * aria2-1.19.0-leech.patch * Adds a --disable-seed option. Does what you expect. @@ -20,3 +22,6 @@ They either fix a bug, fix a build, or change functionality. Point is, I have a * sdl/ * sdl-xdata.patch * Fixes 'Undefined symbol _XData32' which occurs in some circumstances. +* nss/ + * nss-3.20.1-tls_ecdhe_camellia_gcm.patch + * Adds ECDHE-Camellia-GCM cipher suites to nss. diff --git a/aria2/aria2-1.19.0-leech.patch b/aria2/aria2-1.19.0-leech.patch index ec410ab..d6a2f15 100644 --- a/aria2/aria2-1.19.0-leech.patch +++ b/aria2/aria2-1.19.0-leech.patch @@ -28,10 +28,14 @@ The default behavior is still to seed like it was before. If like me, you have an ISP who has 1/20th the upload speed of download speed, it may actually speed up downloads. It also means said ISP can't actually say you -uploaded an ounce of data - you didn't. On the downside; +uploaded an ounce of data - you didn't. On the downside; you're not obeying torrent etiquette, so don't try this on a private tracker. +This only disables seeding. It still will ask trackers +and peers for data, and will still verify with peers. +Data is still uploaded, just not any of the file itself. + This patch is relatively uninvasive. I don't expect it to be upstreamed, though. =========================================================== diff --git a/libvpx/libvpx-1.4.0_1.3.0backcompat.patch b/libvpx/libvpx-1.4.0_1.3.0backcompat.patch index ff4dd2e..4839d1e 100644 --- a/libvpx/libvpx-1.4.0_1.3.0backcompat.patch +++ b/libvpx/libvpx-1.4.0_1.3.0backcompat.patch @@ -1,12 +1,15 @@ Backwards compatibility patch for libvpx 1.3.0. -Why they broke it - dunno. This resolves palemoon builds -against a system libvpx 1.4.0. + +Why they broke it - dunno. This resolves Pale Moon builds +against system libvpx 1.4.0, and allows things reliant +on older definitions to still build. Also, remember to specify --size-limit=16384x16384 when configuring to avoid CVE-2015-1258. This can actually be applied to the system header without -breaking compatibility ABI or API, if you care. +breaking compatibility ABI or API, if you care. Viva la +#defines. --- a/vpx/vpx_image.h 2015-09-10 18:56:56.745789978 -0400 +++ b/vpx/vpx_image.h 2015-06-25 15:04:01.033448569 -0400 diff --git a/nss/nss-3.20.1-tls_ecdhe_camelia_gcm.patch b/nss/nss-3.20.1-tls_ecdhe_camelia_gcm.patch new file mode 100644 index 0000000..4203415 --- /dev/null +++ b/nss/nss-3.20.1-tls_ecdhe_camelia_gcm.patch @@ -0,0 +1,492 @@ +This adds support for the Camellia cipher suites in nss. + +Camellia is a strong cipher with strength comparative to AES. + +For more information on this patch, see: + https://bugzil.la/940119 + +For more information about usage of Camellia in TLS connections: + https://tools.ietf.org/html/rfc6367 + +This is a forward port of said patch to the newest nss at time of writing. +I'll be maintianing this so it still functions unless mozilla upstreams it. + +This is now required to build Pale Moon against system nss. It may break +ABI or API compatibility. + +I've taken the liberty of cleaning some alignment and whitespacing. + +diff -urN a/nss/lib/pk11wrap/debug_module.c b/nss/lib/pk11wrap/debug_module.c +--- a/nss/lib/pk11wrap/debug_module.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/pk11wrap/debug_module.c 2015-10-29 16:01:18.752293205 -0400 +@@ -370,6 +370,7 @@ + CASE(CKM_CAMELLIA_KEY_GEN); + CASE(CKM_CAMELLIA_MAC); + CASE(CKM_CAMELLIA_MAC_GENERAL); ++ CASE(CKM_CAMELLIA_GCM); + CASE(CKM_CDMF_CBC); + CASE(CKM_CDMF_CBC_PAD); + CASE(CKM_CDMF_ECB); +diff -urN a/nss/lib/pk11wrap/pk11mech.c b/nss/lib/pk11wrap/pk11mech.c +--- a/nss/lib/pk11wrap/pk11mech.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/pk11wrap/pk11mech.c 2015-10-29 16:01:18.753293205 -0400 +@@ -218,6 +218,7 @@ + case CKM_CAMELLIA_MAC_GENERAL: + case CKM_CAMELLIA_CBC_PAD: + case CKM_CAMELLIA_KEY_GEN: ++ case CKM_CAMELLIA_GCM: + return CKK_CAMELLIA; + case CKM_AES_ECB: + case CKM_AES_CBC: +@@ -428,6 +429,7 @@ + case CKM_CAMELLIA_MAC_GENERAL: + case CKM_CAMELLIA_CBC_PAD: + case CKM_CAMELLIA_KEY_GEN: ++ case CKM_CAMELLIA_GCM: + return CKM_CAMELLIA_KEY_GEN; + case CKM_AES_ECB: + case CKM_AES_CBC: +diff -urN a/nss/lib/pk11wrap/pk11slot.c b/nss/lib/pk11wrap/pk11slot.c +--- a/nss/lib/pk11wrap/pk11slot.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/pk11wrap/pk11slot.c 2015-10-29 16:01:18.753293205 -0400 +@@ -832,6 +832,7 @@ + return &pk11_seedSlotList; + case CKM_CAMELLIA_CBC: + case CKM_CAMELLIA_ECB: ++ case CKM_CAMELLIA_GCM: + return &pk11_camelliaSlotList; + case CKM_AES_CBC: + case CKM_AES_CCM: +diff -urN a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c +--- a/nss/lib/softoken/pkcs11.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/softoken/pkcs11.c 2015-10-29 16:01:18.754293205 -0400 +@@ -363,6 +363,7 @@ + {CKM_CAMELLIA_MAC, {16, 32, CKF_SN_VR}, PR_TRUE}, + {CKM_CAMELLIA_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE}, + {CKM_CAMELLIA_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, ++ {CKM_CAMELLIA_GCM, {16, 32, CKF_EN_DE}, PR_TRUE}, + /* ------------------------- SEED Operations --------------------------- */ + {CKM_SEED_KEY_GEN, {16, 16, CKF_GENERATE}, PR_TRUE}, + {CKM_SEED_ECB, {16, 16, CKF_EN_DE_WR_UN}, PR_TRUE}, +diff -urN a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c +--- a/nss/lib/ssl/ssl3con.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/ssl/ssl3con.c 2015-10-29 16:06:44.015286568 -0400 +@@ -68,11 +68,11 @@ + int maxOutputLen, const unsigned char *input, + int inputLen); + #ifndef NO_PKCS11_BYPASS +-static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, ++static SECStatus ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, + unsigned char *out, int *outlen, int maxout, + const unsigned char *in, int inlen, + const unsigned char *additionalData, +- int additionalDataLen); ++ int additionalDataLen, SSLCipherAlgorithm calg); + #endif + + #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */ +@@ -92,6 +92,8 @@ + #ifndef NSS_DISABLE_ECC + { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around + * bug 946147. + */ +@@ -262,29 +264,30 @@ + /* indexed by SSL3BulkCipher */ + static const ssl3BulkCipherDef bulk_cipher_defs[] = { + /* |--------- Lengths --------| */ +- /* cipher calg k s type i b t n */ +- /* e e v l a o */ +- /* y c | o g n */ +- /* | r | c | c */ +- /* | e | k | e */ +- /* | t | | | | */ +- {cipher_null, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, +- {cipher_rc4, calg_rc4, 16,16, type_stream, 0, 0, 0, 0}, +- {cipher_rc4_40, calg_rc4, 16, 5, type_stream, 0, 0, 0, 0}, +- {cipher_rc4_56, calg_rc4, 16, 7, type_stream, 0, 0, 0, 0}, +- {cipher_rc2, calg_rc2, 16,16, type_block, 8, 8, 0, 0}, +- {cipher_rc2_40, calg_rc2, 16, 5, type_block, 8, 8, 0, 0}, +- {cipher_des, calg_des, 8, 8, type_block, 8, 8, 0, 0}, +- {cipher_3des, calg_3des, 24,24, type_block, 8, 8, 0, 0}, +- {cipher_des40, calg_des, 8, 5, type_block, 8, 8, 0, 0}, +- {cipher_idea, calg_idea, 16,16, type_block, 8, 8, 0, 0}, +- {cipher_aes_128, calg_aes, 16,16, type_block, 16,16, 0, 0}, +- {cipher_aes_256, calg_aes, 32,32, type_block, 16,16, 0, 0}, +- {cipher_camellia_128, calg_camellia, 16,16, type_block, 16,16, 0, 0}, +- {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, +- {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, +- {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, +- {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, ++ /* cipher calg k s type i b t n */ ++ /* e e v l a o */ ++ /* y c | o g n */ ++ /* | r | c | c */ ++ /* | e | k | e */ ++ /* | t | | | | */ ++ {cipher_null, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, ++ {cipher_rc4, calg_rc4, 16,16, type_stream, 0, 0, 0, 0}, ++ {cipher_rc4_40, calg_rc4, 16, 5, type_stream, 0, 0, 0, 0}, ++ {cipher_rc4_56, calg_rc4, 16, 7, type_stream, 0, 0, 0, 0}, ++ {cipher_rc2, calg_rc2, 16,16, type_block, 8, 8, 0, 0}, ++ {cipher_rc2_40, calg_rc2, 16, 5, type_block, 8, 8, 0, 0}, ++ {cipher_des, calg_des, 8, 8, type_block, 8, 8, 0, 0}, ++ {cipher_3des, calg_3des, 24,24, type_block, 8, 8, 0, 0}, ++ {cipher_des40, calg_des, 8, 5, type_block, 8, 8, 0, 0}, ++ {cipher_idea, calg_idea, 16,16, type_block, 8, 8, 0, 0}, ++ {cipher_aes_128, calg_aes, 16,16, type_block, 16,16, 0, 0}, ++ {cipher_aes_256, calg_aes, 32,32, type_block, 16,16, 0, 0}, ++ {cipher_camellia_128, calg_camellia, 16,16, type_block, 16,16, 0, 0}, ++ {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0}, ++ {cipher_seed, calg_seed, 16,16, type_block, 16,16, 0, 0}, ++ {cipher_aes_128_gcm, calg_aes_gcm, 16,16, type_aead, 4, 0,16, 8}, ++ {cipher_camellia_128_gcm, calg_camellia_gcm, 16,16, type_aead, 4, 0,16, 8}, ++ {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, + }; + + static const ssl3KEADef kea_defs[] = +@@ -415,6 +418,8 @@ + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss}, + ++ {TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_rsa}, ++ {TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_ecdsa}, + #ifndef NSS_DISABLE_ECC + {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, + {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, +@@ -479,6 +484,7 @@ + { calg_camellia , CKM_CAMELLIA_CBC }, + { calg_seed , CKM_SEED_CBC }, + { calg_aes_gcm , CKM_AES_GCM }, ++ { calg_camellia_gcm , CKM_CAMELLIA_GCM }, + /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ + }; + +@@ -519,6 +525,7 @@ + "Camellia-256", + "SEED-CBC", + "AES-128-GCM", ++ "Camellia-128-GCM", + "missing" + }; + +@@ -649,8 +656,10 @@ + case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: + case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: ++ case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256: + case TLS_RSA_WITH_AES_128_CBC_SHA256: + case TLS_RSA_WITH_AES_128_GCM_SHA256: ++ case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256: + case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: + case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: + case TLS_RSA_WITH_NULL_SHA256: +@@ -1661,13 +1670,13 @@ + + calg = cipher_def->calg; + +- if (calg == ssl_calg_aes_gcm) { ++ if ( cipher_def == type_aead ) { + pwSpec->encode = NULL; + pwSpec->decode = NULL; + pwSpec->destroy = NULL; + pwSpec->encodeContext = NULL; + pwSpec->decodeContext = NULL; +- pwSpec->aead = ssl3_AESGCMBypass; ++ pwSpec->aead = ssl3_CipherGCMBypass; + ssl3_InitCompressionContext(pwSpec); + return SECSuccess; + } +@@ -1882,7 +1891,7 @@ + } + + static SECStatus +-ssl3_AESGCM(ssl3KeyMaterial *keys, ++ssl3_CipherGCM(ssl3KeyMaterial *keys, + PRBool doDecrypt, + unsigned char *out, + int *outlen, +@@ -1890,7 +1899,8 @@ + const unsigned char *in, + int inlen, + const unsigned char *additionalData, +- int additionalDataLen) ++ int additionalDataLen, ++ SSLCipherAlgorithm calg) + { + SECItem param; + SECStatus rv = SECFailure; +@@ -1931,11 +1941,21 @@ + gcmParams.ulAADLen = additionalDataLen; + gcmParams.ulTagBits = tagSize * 8; + ++ CK_MECHANISM_TYPE mechanism; ++ switch (calg) { ++ case calg_aes_gcm: ++ mechanism = CKM_AES_GCM; ++ break; ++ case calg_camellia_gcm: ++ mechanism = CKM_CAMELLIA_GCM; ++ break; ++ } ++ + if (doDecrypt) { +- rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, ++ rv = PK11_Decrypt(keys->write_key, mechanism, ¶m, out, &uOutLen, + maxout, in, inlen); + } else { +- rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, ¶m, out, &uOutLen, ++ rv = PK11_Encrypt(keys->write_key, mechanism, ¶m, out, &uOutLen, + maxout, in, inlen); + } + *outlen += (int) uOutLen; +@@ -1945,7 +1965,7 @@ + + #ifndef NO_PKCS11_BYPASS + static SECStatus +-ssl3_AESGCMBypass(ssl3KeyMaterial *keys, ++ssl3_CipherGCMBypass(ssl3KeyMaterial *keys, + PRBool doDecrypt, + unsigned char *out, + int *outlen, +@@ -1953,12 +1973,12 @@ + const unsigned char *in, + int inlen, + const unsigned char *additionalData, +- int additionalDataLen) ++ int additionalDataLen, ++ SSLCipherAlgorithm calg) + { + SECStatus rv = SECFailure; + unsigned char nonce[12]; + unsigned int uOutLen; +- AESContext *cx; + CK_GCM_PARAMS gcmParams; + + static const int tagSize = 16; +@@ -1996,8 +2016,28 @@ + gcmParams.ulAADLen = additionalDataLen; + gcmParams.ulTagBits = tagSize * 8; + +- cx = (AESContext *)keys->cipher_context; +- rv = AES_InitContext(cx, keys->write_key_item.data, ++ void *cx = keys->cipher_context; ++ BLapiInitContextFunc initFn = (BLapiInitContextFunc)NULL; ++ SSLCipher encode = (SSLCipher)NULL; ++ SSLCipher decode = (SSLCipher)NULL; ++ SSLDestroy destroy = (SSLDestroy)NULL; ++ ++ switch (calg) { ++ case calg_aes_gcm: ++ initFn = (BLapiInitContextFunc)AES_InitContext; ++ encode = (SSLCipher) AES_Encrypt; ++ decode = (SSLCipher) AES_Decrypt; ++ destroy = (SSLDestroy) AES_DestroyContext; ++ break; ++ case calg_camellia_gcm: ++ initFn = (BLapiInitContextFunc)Camellia_InitContext; ++ encode = (SSLCipher) Camellia_Encrypt; ++ decode = (SSLCipher) Camellia_Decrypt; ++ destroy = (SSLDestroy) Camellia_DestroyContext; ++ break; ++ } ++ ++ rv = (*initFn)(cx, keys->write_key_item.data, + keys->write_key_item.len, + (unsigned char *)&gcmParams, NSS_AES_GCM, !doDecrypt, + AES_BLOCK_SIZE); +@@ -2005,11 +2045,11 @@ + return rv; + } + if (doDecrypt) { +- rv = AES_Decrypt(cx, out, &uOutLen, maxout, in, inlen); ++ rv = (*decode)(cx, out, &uOutLen, maxout, in, inlen); + } else { +- rv = AES_Encrypt(cx, out, &uOutLen, maxout, in, inlen); ++ rv = (*encode)(cx, out, &uOutLen, maxout, in, inlen); + } +- AES_DestroyContext(cx, PR_FALSE); ++ (*destroy)(cx, PR_FALSE); + *outlen += (int) uOutLen; + + return rv; +@@ -2049,13 +2089,13 @@ + pwSpec->client.write_mac_context = NULL; + pwSpec->server.write_mac_context = NULL; + +- if (calg == calg_aes_gcm) { ++ if ( cipher_def == type_aead) { + pwSpec->encode = NULL; + pwSpec->decode = NULL; + pwSpec->destroy = NULL; + pwSpec->encodeContext = NULL; + pwSpec->decodeContext = NULL; +- pwSpec->aead = ssl3_AESGCM; ++ pwSpec->aead = ssl3_CipherGCM; + return SECSuccess; + } + +@@ -2629,7 +2669,7 @@ + &cipherBytes, /* out len */ + wrBuf->space - headerLen, /* max out */ + pIn, contentLen, /* input */ +- pseudoHeader, pseudoHeaderLen); ++ pseudoHeader, pseudoHeaderLen, cipher_def->calg); + if (rv != SECSuccess) { + PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE); + return SECFailure; +@@ -11763,7 +11803,7 @@ + plaintext->space, /* maxout */ + cText->buf->buf, /* in */ + cText->buf->len, /* inlen */ +- header, headerLen); ++ header, headerLen, cipher_def->calg); + if (rv != SECSuccess) { + good = 0; + } +diff -urN a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c +--- a/nss/lib/ssl/ssl3ecc.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/ssl/ssl3ecc.c 2015-10-29 16:01:18.759293205 -0400 +@@ -914,6 +914,7 @@ + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ++ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_NULL_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, +@@ -925,6 +926,7 @@ + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ++ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_NULL_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, +@@ -937,6 +939,7 @@ + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ++ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_NULL_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, +@@ -944,6 +947,7 @@ + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ++ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_NULL_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, +diff -urN a/nss/lib/ssl/sslenum.c b/nss/lib/ssl/sslenum.c +--- a/nss/lib/ssl/sslenum.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/ssl/sslenum.c 2015-10-29 16:01:18.759293205 -0400 +@@ -50,6 +50,8 @@ + #ifndef NSS_DISABLE_ECC + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ++ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, ++ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. + */ +diff -urN a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h +--- a/nss/lib/ssl/sslimpl.h 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/ssl/sslimpl.h 2015-10-29 16:01:18.760293205 -0400 +@@ -55,6 +55,7 @@ + #define calg_camellia ssl_calg_camellia + #define calg_seed ssl_calg_seed + #define calg_aes_gcm ssl_calg_aes_gcm ++#define calg_camellia_gcm ssl_calg_camellia_gcm + + #define mac_null ssl_mac_null + #define mac_md5 ssl_mac_md5 +@@ -478,6 +479,7 @@ + cipher_camellia_256, + cipher_seed, + cipher_aes_128_gcm, ++ cipher_camellia_128_gcm, + cipher_missing /* reserved for no such supported cipher */ + /* This enum must match ssl3_cipherName[] in ssl3con.c. */ + } SSL3BulkCipher; +@@ -539,7 +541,8 @@ + const unsigned char *in, + int inlen, + const unsigned char *additionalData, +- int additionalDataLen); ++ int additionalDataLen, ++ SSLCipherAlgorithm calg); + typedef SECStatus (*SSLCompressor)(void * context, + unsigned char * out, + int * outlen, +diff -urN a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c +--- a/nss/lib/ssl/sslinfo.c 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/ssl/sslinfo.c 2015-10-29 16:01:18.760293205 -0400 +@@ -110,6 +110,7 @@ + #define C_NULL "NULL", calg_null + #define C_SJ "SKIPJACK", calg_sj + #define C_AESGCM "AES-GCM", calg_aes_gcm ++#define C_CAMELLIAGCM "CAMELLIA-GCM", calg_camellia_gcm + + #define B_256 256, 256, 256 + #define B_128 128, 128, 128 +@@ -177,7 +178,9 @@ + #ifndef NSS_DISABLE_ECC + /* ECC cipher suites */ + {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, ++{0,CS(TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, + {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, ++{0,CS(TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, + + {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, }, + {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, }, +diff -urN a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h +--- a/nss/lib/ssl/sslproto.h 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/ssl/sslproto.h 2015-10-29 16:07:58.383285050 -0400 +@@ -208,6 +208,9 @@ + #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E + #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2 + ++#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 ++#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A ++ + /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client. + * Must NEVER be chosen by server. SSL 3.0 server acknowledges by sending + * back an empty Renegotiation Info (RI) server hello extension. +diff -urN a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h +--- a/nss/lib/ssl/sslt.h 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/ssl/sslt.h 2015-10-29 16:01:18.761293205 -0400 +@@ -81,7 +81,8 @@ + ssl_calg_aes = 7, + ssl_calg_camellia = 8, + ssl_calg_seed = 9, +- ssl_calg_aes_gcm = 10 ++ ssl_calg_aes_gcm = 10, ++ ssl_calg_camellia_gcm = 11 + } SSLCipherAlgorithm; + + typedef enum { +diff -urN a/nss/lib/util/pkcs11t.h b/nss/lib/util/pkcs11t.h +--- a/nss/lib/util/pkcs11t.h 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/lib/util/pkcs11t.h 2015-10-29 16:01:18.761293205 -0400 +@@ -907,6 +907,7 @@ + #define CKM_CAMELLIA_CBC_PAD 0x00000555 + #define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 + #define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 ++#define CKM_CAMELLIA_GCM 0x00000558 + + #define CKM_SEED_KEY_GEN 0x00000650 + #define CKM_SEED_ECB 0x00000651 +diff -urN a/nss/tests/ssl/sslcov.txt b/nss/tests/ssl/sslcov.txt +--- a/nss/tests/ssl/sslcov.txt 2015-10-15 15:51:18.000000000 -0400 ++++ b/nss/tests/ssl/sslcov.txt 2015-10-29 16:01:18.761293205 -0400 +@@ -170,3 +170,5 @@ + ECC TLS12 :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + ECC TLS12 :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + ECC TLS12 :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ++ ECC TLS12 :C086 TLS12_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 ++ ECC TLS12 :C08A TLS12_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 diff --git a/qt/qt-5.5.0-miscfix.patch b/qt/qt-5.5.0-miscfix.patch new file mode 100644 index 0000000..3f6431d --- /dev/null +++ b/qt/qt-5.5.0-miscfix.patch @@ -0,0 +1,84 @@ +When building qt with unsupported configs, a lot goes wrong. +This corrects a few issues with compilations; ABI is obviously +incompatible after doing all this. + +1) LibreSSL fixes. +2) Building without Accessibility support - not well tested, fixes. +3) Building without dbus causes code to go missing. Corrected refs. +4) Still can't build QtWebCore, so you'll need to skip it. +===================================================================== +diff -ur qt-everywhere-opensource-src-5.5.0/qtbase/src/network/ssl/qsslcontext_openssl.cpp qt-everywhere-opensource-src-5.5.0-b/qtbase/src/network/ssl/qsslcontext_openssl.cpp +--- qt-everywhere-opensource-src-5.5.0/qtbase/src/network/ssl/qsslcontext_openssl.cpp 2015-06-29 16:04:46.000000000 -0400 ++++ qt-everywhere-opensource-src-5.5.0-b/qtbase/src/network/ssl/qsslcontext_openssl.cpp 2015-09-23 05:05:57.807355278 -0400 +@@ -338,7 +338,7 @@ + + const QVector qcurves = sslContext->sslConfiguration.ellipticCurves(); + if (!qcurves.isEmpty()) { +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) && defined(SSL_CTRL_SET_CURVES) + // Set the curves to be used + if (q_SSLeay() >= 0x10002000L) { + // SSL_CTX_ctrl wants a non-const pointer as last argument, +diff -ur qt-everywhere-opensource-src-5.5.0/qtbase/src/network/ssl/qsslellipticcurve_openssl.cpp qt-everywhere-opensource-src-5.5.0-b/qtbase/src/network/ssl/qsslellipticcurve_openssl.cpp +--- qt-everywhere-opensource-src-5.5.0/qtbase/src/network/ssl/qsslellipticcurve_openssl.cpp 2015-06-29 16:04:46.000000000 -0400 ++++ qt-everywhere-opensource-src-5.5.0-b/qtbase/src/network/ssl/qsslellipticcurve_openssl.cpp 2015-09-23 05:09:12.446360079 -0400 +@@ -76,10 +76,9 @@ + + int nid = q_OBJ_sn2nid(curveNameLatin1.data()); + +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L +- if (nid == 0 && q_SSLeay() >= 0x10002000L) ++ if (q_EC_curve_nist2nid && nid == 0) { + nid = q_EC_curve_nist2nid(curveNameLatin1.data()); +-#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ++ } + + result.id = nid; + #endif +diff -ur qt-everywhere-opensource-src-5.5.0/qtbase/src/widgets/styles/qgtkstyle.cpp qt-everywhere-opensource-src-5.5.0-b/qtbase/src/widgets/styles/qgtkstyle.cpp +--- qt-everywhere-opensource-src-5.5.0/qtbase/src/widgets/styles/qgtkstyle.cpp 2015-06-29 16:04:06.000000000 -0400 ++++ qt-everywhere-opensource-src-5.5.0-b/qtbase/src/widgets/styles/qgtkstyle.cpp 2015-09-23 05:27:51.010387674 -0400 +@@ -3633,13 +3633,6 @@ + QFont font = widget->font(); + font.setBold(true); + fontMetrics = QFontMetrics(font); +- } else if (QStyleHelper::isInstanceOf(groupBox->styleObject, QAccessible::Grouping)) { +- QVariant var = groupBox->styleObject->property("font"); +- if (var.isValid() && var.canConvert()) { +- QFont font = var.value(); +- font.setBold(true); +- fontMetrics = QFontMetrics(font); +- } + } + + QSize textRect = fontMetrics.boundingRect(groupBox->text).size() + QSize(4, 4); +diff -ur qt-everywhere-opensource-src-5.5.0/qttools/src/assistant/assistant/helpviewer.h qt-everywhere-opensource-src-5.5.0-b/qttools/src/assistant/assistant/helpviewer.h +--- qt-everywhere-opensource-src-5.5.0/qttools/src/assistant/assistant/helpviewer.h 2015-06-29 16:13:42.000000000 -0400 ++++ qt-everywhere-opensource-src-5.5.0-b/qttools/src/assistant/assistant/helpviewer.h 2015-09-23 14:47:06.486215480 -0400 +@@ -142,7 +142,7 @@ + private: + bool eventFilter(QObject *obj, QEvent *event); + void contextMenuEvent(QContextMenuEvent *event); +- QVariant loadResource(int type, const QUrl &name); ++// QVariant loadResource(int type, const QUrl &name); + bool handleForwardBackwardMouseButtons(QMouseEvent *e); + + private: +diff -ur qt-everywhere-opensource-src-5.5.0/qttools/src/assistant/assistant/helpviewer_qwv.cpp qt-everywhere-opensource-src-5.5.0-b/qttools/src/assistant/assistant/helpviewer_qwv.cpp +--- qt-everywhere-opensource-src-5.5.0/qttools/src/assistant/assistant/helpviewer_qwv.cpp 2015-06-29 16:13:42.000000000 -0400 ++++ qt-everywhere-opensource-src-5.5.0-b/qttools/src/assistant/assistant/helpviewer_qwv.cpp 2015-09-23 14:40:41.575205984 -0400 +@@ -370,13 +370,7 @@ + void HelpViewer::actionChanged() + { + TRACE_OBJ +- QAction *a = qobject_cast(sender()); +- if (a == pageAction(QWebPage::Copy)) +- emit copyAvailable(a->isEnabled()); +- else if (a == pageAction(QWebPage::Back)) +- emit backwardAvailable(a->isEnabled()); +- else if (a == pageAction(QWebPage::Forward)) +- emit forwardAvailable(a->isEnabled()); ++ return; + } + + // -- private