From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-877031-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 5DE9559CB2
	for <garchives@archives.gentoo.org>; Tue, 19 Apr 2016 01:21:40 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DAEB121C0A9;
	Tue, 19 Apr 2016 01:21:36 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 5A76B21C0A3
	for <gentoo-commits@lists.gentoo.org>; Tue, 19 Apr 2016 01:21:36 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 8876D3408A6
	for <gentoo-commits@lists.gentoo.org>; Tue, 19 Apr 2016 01:21:34 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 0087C13FE
	for <gentoo-commits@lists.gentoo.org>; Tue, 19 Apr 2016 01:21:30 +0000 (UTC)
From: "Davide Pesavento" <pesa@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Davide Pesavento" <pesa@gentoo.org>
Message-ID: <1460994927.ce4f746b119b08789e7e52e7758a6a3ee599b970.pesa@gentoo>
Subject: [gentoo-commits] proj/qt:master commit in: dev-qt/qtwebengine/files/, dev-qt/qtwebengine/
X-VCS-Repository: proj/qt
X-VCS-Files: dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild
X-VCS-Directories: dev-qt/qtwebengine/files/ dev-qt/qtwebengine/
X-VCS-Committer: pesa
X-VCS-Committer-Name: Davide Pesavento
X-VCS-Revision: ce4f746b119b08789e7e52e7758a6a3ee599b970
X-VCS-Branch: master
Date: Tue, 19 Apr 2016 01:21:30 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 4f799472-ce14-44b8-a90b-33a588b4abf4
X-Archives-Hash: 0d11ed577afaea2119f35075f4ee346e

commit:     ce4f746b119b08789e7e52e7758a6a3ee599b970
Author:     Andreas Sturmlechner <andreas.sturmlechner <AT> gmail <DOT> com>
AuthorDate: Mon Apr 18 15:26:56 2016 +0000
Commit:     Davide Pesavento <pesa <AT> gentoo <DOT> org>
CommitDate: Mon Apr 18 15:55:27 2016 +0000
URL:        https://gitweb.gentoo.org/proj/qt.git/commit/?id=ce4f746b

dev-qt/qtwebengine: Fix 5.6.0 build with system-nss

Gentoo-bug: 577676

Both patches taken from upstream 5.6 branch

Package-Manager: portage-2.2.28

 .../files/qtwebengine-5.6.0-nss-3.23-01.patch      | 59 ++++++++++++++++++
 .../files/qtwebengine-5.6.0-nss-3.23-02.patch      | 69 ++++++++++++++++++++++
 dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild        |  6 +-
 3 files changed, 133 insertions(+), 1 deletion(-)

diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch
new file mode 100644
index 0000000..8d192b6
--- /dev/null
+++ b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-01.patch
@@ -0,0 +1,59 @@
+From 0a385bb01d9cf060fae4c9d350ee98561654df96 Mon Sep 17 00:00:00 2001
+From: Kai Koehne <kai.koehne@theqtcompany.com>
+Date: Thu, 24 Mar 2016 12:34:25 +0100
+Subject: [PATCH] [backport] Call EnsureNSSHttpIOInit in the chimera build.
+
+Otherwise we end up using the default NSS client and not
+SystemURLRequestContext.
+
+This is a minimal fix to be merged onto release branches.
+A follow-up will revise this to be somewhat less error-prone.
+
+BUG=539520
+TEST=Open about:net-internals on Linux or Chrome OS
+     Visit https://incomplete-chain.badssl.com/ in a new tab
+     The Events tab of about:net-internals should show a fetch for http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
+
+Review URL: https://codereview.chromium.org/1384343002
+
+Task-number: QTBUG-51890
+Task-number: QTBUG-52068
+Change-Id: I567d5cd5e6d4e53b833699e67c45f3bdfc52953d
+Reviewed-by: Joerg Bornemann <joerg.bornemann@theqtcompany.com>
+Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
+---
+ chromium/net/socket/ssl_client_socket_openssl.cc | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc b/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc
+index 5489ead..dc9b3ff 100644
+--- a/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc
++++ b/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc
+@@ -57,6 +57,10 @@
+ #include "net/ssl/ssl_platform_key.h"
+ #endif
+ 
++#if defined(USE_NSS_CERTS) || defined(OS_IOS)
++#include "net/cert_net/nss_ocsp.h"
++#endif
++
+ namespace net {
+ 
+ namespace {
+@@ -795,6 +799,14 @@ int SSLClientSocketOpenSSL::Init() {
+   DCHECK(!ssl_);
+   DCHECK(!transport_bio_);
+ 
++#if defined(USE_NSS_CERTS) || defined(OS_IOS)
++  if (ssl_config_.cert_io_enabled) {
++    // TODO(davidben): Move this out of SSLClientSocket. See
++    // https://crbug.com/539520.
++    EnsureNSSHttpIOInit();
++  }
++#endif
++
+   SSLContext* context = SSLContext::GetInstance();
+   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+ 
+-- 
+2.7.4

diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch
new file mode 100644
index 0000000..a194650
--- /dev/null
+++ b/dev-qt/qtwebengine/files/qtwebengine-5.6.0-nss-3.23-02.patch
@@ -0,0 +1,69 @@
+From 82900c7b96b2a6fb42fe3841df7685b820edd588 Mon Sep 17 00:00:00 2001
+From: Kai Koehne <kai.koehne@theqtcompany.com>
+Date: Thu, 24 Mar 2016 13:55:28 +0100
+Subject: [PATCH] Use system NSS only for certificate handling
+
+Compiling against NSS 3.23 fails with current Chromium. Also, with NSS
+3.21 there are failures connecting to e.g. google.com.
+
+Fix this by adapting the setup endorsed by upstream Chromium: BoringSSL
+is always used for cryptography, and NSS only for certificate handlng.
+
+Patches included in 3rdparty update:
+
+0a385bb [backport] Call EnsureNSSHttpIOInit in the chimera build.
+0472123 Fix build against newer NSS
+90c62c4 <third_party/libpng> [Backport] update to libpng 1.2.56
+34857b8 <third_party/libpng> [Backport] Stop large iCCP chunks causing delays and "Aw Snap!"
+
+Task-number: QTBUG-52193
+Task-number: QTBUG-51890
+Task-number: QTBUG-52068
+Change-Id: If8aaed9b9a09475c5ed0dfec64d31f45ce9670f5
+Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
+---
+ src/core/config/linux.pri                  | 9 ++++++---
+ tools/qmake/mkspecs/features/configure.prf | 4 ++--
+ 3 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/config/linux.pri b/src/core/config/linux.pri
+index 88c1a41..39eeb2a 100644
+--- a/src/core/config/linux.pri
++++ b/src/core/config/linux.pri
+@@ -18,11 +18,14 @@ GYP_CONFIG += \
+     use_gio=0 \
+     use_gnome_keyring=0 \
+     use_kerberos=0 \
+-    use_pango=0
++    use_pango=0 \
++    use_openssl=1
+ 
+-!use?(nss) {
++use?(nss) {
++    GYP_CONFIG += use_nss_certs=1 \
++        use_openssl_certs=0
++} else {
+     GYP_CONFIG += use_nss_certs=0 \
+-        use_openssl=1 \
+         use_openssl_certs=1
+ }
+ 
+diff --git a/tools/qmake/mkspecs/features/configure.prf b/tools/qmake/mkspecs/features/configure.prf
+index 4cb4600..953572d 100644
+--- a/tools/qmake/mkspecs/features/configure.prf
++++ b/tools/qmake/mkspecs/features/configure.prf
+@@ -72,9 +72,9 @@ defineTest(runConfigure) {
+ defineTest(finalizeConfigure) {
+     linux {
+         use?(nss) {
+-            log("SSL............................... Using system NSS$${EOL}")
++            log("Certificate handling.............. Using system NSS$${EOL}")
+         } else {
+-            log("SSL............................... Using bundled BoringSSL$${EOL}")
++            log("Certificate handling.............. Using bundled BoringSSL$${EOL}")
+         }
+         use?(system_icu) {
+             packagesExist("icu-uc icu-i18n") {
+-- 
+2.7.4
+

diff --git a/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild b/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild
index 34ca7d3..0edd6dd 100644
--- a/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild
+++ b/dev-qt/qtwebengine/qtwebengine-5.6.0.ebuild
@@ -68,7 +68,11 @@ DEPEND="${RDEPEND}
 	sys-devel/bison
 "
 
-PATCHES=( "${FILESDIR}/${PN}-5.6.0-icu.patch" )
+PATCHES=(
+	"${FILESDIR}/${PN}-5.6.0-icu.patch"
+	"${FILESDIR}/${PN}-5.6.0-nss-3.23-01.patch"
+	"${FILESDIR}/${PN}-5.6.0-nss-3.23-02.patch"
+)
 
 src_prepare() {
 	qt_use_disable_mod geolocation positioning \