[libpq, openssl, librtmp] libpq 12 and others with openssl 1.1.1d (#8566)

* [ports] Update openssl-unix to 1.1.1c

* [ports] Update openssl-unix to 1.1.1d

* [ports] openssl-unix platform 'AMD64' is called 'x86_64' on Linux

* [ports] fix openssl platform

* [ports] openssl-windows update openssl to 1.1.1d

* [ports] Fix openssl post build

* [ports] openssl add EnableUWPSupport.patch

Reference:
https://github.com/openssl/openssl/pull/8917
https://github.com/openssl/openssl/pull/9440

* [ports] openssl-uwp update openssl to 1.1.1d

* Updated support for OpenSSL v1.1

With OpenSSL v1.1 we need an additional flag for ACE

* update to 12.0 and change to vcpkg_configure_make

* remove msys line

* remove custom cmakelists

* use --without-readline on linux

* Update CONTROL

Fix version

* fix portfile

* add all possible libpq features

* create vcpkg_get_build_depends

* create vcpkg_read_dependent_port_info

* add vcpkg_write_port_info

* fix a few bugs

* libpq first succesful x86 build with core features.
(files still must be moved)

* always write the variable

* Fix separate make and install execution error issue.

* trigger CI system.

* add openssl and win_bison win_flex patch

* add configuration dependent patches

* add bonjour as a dependency on macosx

* apply patches and configure features

* more patches to fix the windows build

* more install fixes

* remove unnecessary code

* bit of code cleanup

* remove unrelated files

* remove unrelated function call. function was removed with last commit

* removed hardcoded platform

* fix patch

* build only the interface libraries and nothing more

* forgot to remove tool ecpg from install

* seperate minimal install patch from normal install patch and introduce client feature

* fix x86 Platform variable being x86 and not Win32 as required by the generated project

* make linux build work

* make more linux work

* openssl return version number directly without calling openssl
(should probably be done differently)

* fix some more path and platform identification

* comments to reduce install. currently libpq installs static and shared libraries and some tools on linux

* patch arm

* fix platform detection logic

* make libpq osx buildable

* Rename debug import library after build.
(So that we don't affect external CMake users.)

* revert debug naming and install a wrapper instead.

* fix gdal regression due to name change

* fix cutelyst regression due to qt5-base wrapper
(why was it not using the target in the first place?)

* correct wrapper install path

* correct the arm patch.

* trying to fix static gdal build

* gdal still needs more work

* update version of openssl in libpq openssl patch

* nmap fix openssl

* qt5 fix openssl

* gdal fix openssl

* librtmp migrate to openssl 1.1.1

* fail in patch since what is intended is not going to work in openssl 1.1.1

* fix static yara build

* freedtds deactivate openssl feature until freetds decides to upgrade to 1.1

* fix libwebsockets cmakelists

* fix the patch so that the generated targets also include crypt32

* xmlsec add threads dependency

* bump control since I am unable to reproduce the regression

* add pthread to openssl detection logic

* fix freetds linkage missing crypt32 and fix the cmake checks.

* fix the openssl wrapper to add the threads library

* fix libmysql regression

* add threads to openssl libraries.

* upgrade libssh to 0.9

* fix nmap regression

* fix mosquitto regression

* fix openssl wrapper to make libarchive work

* fix quickfix

* changed patch a bit

* improve freetds patch

* fix case in librtmp

* update control

* bump control

* fix case

* make jasper a dependency of qt5-imageformats to fix flaky CI build.

* add jasper libraries explicitly

* jasper depends on freeglut so add it as a dependency. turbo_jpeg is also a dependency but that should already be handled in qt5-base

* more glut names

* bump control for macosx ci retry

* fix slikenet regression

* fix linebreak in qt5-base

* update baseline

* Update ci.baseline.txt

those ports are not supported on UWP

* [libevent] add dependency on libevent[threads] to openssl feature

* [pdal,freerdp] Update CI baseline to fail

* fix static pdal build

* fix freerdp on linux

* trying to revert some changes

* revert changes in build make

* revert x264 version bump

Co-authored-by: Force Charlie <6904176+fcharlie@users.noreply.github.com>
Co-authored-by: Johnny Willemsen <jwillemsen@remedy.nl>
Co-authored-by: Lennart Trunk <lennart.trunk@outlook.de>
Co-authored-by: Jack·Boos·Yu <47264268+JackBoosY@users.noreply.github.com>
Co-authored-by: Victor Romero <romerosanchezv@gmail.com>

1 files changed, 136 insertions, 0 deletions

diff --git a/ports/librtmp/dh.patch b/ports/librtmp/dh.patch
new file mode 100644
index 000000000..4b0345354
--- /dev/null
+++ b/ports/librtmp/dh.patch
@@ -0,0 +1,136 @@
+diff --git a/librtmp/dh.h b/librtmp/dh.h
+index 8e285a60c..ea562d200 100644
+--- a/librtmp/dh.h	
++++ b/librtmp/dh.h
+@@ -139,11 +139,14 @@ typedef BIGNUM * MP_t;
+ #define MP_setbin(u,buf,len)	BN_bn2bin(u,buf)
+ #define MP_getbin(u,buf,len)	u = BN_bin2bn(buf,len,0)
+ 
++
+ #define MDH	DH
+ #define MDH_new()	DH_new()
+ #define MDH_free(dh)	DH_free(dh)
+ #define MDH_generate_key(dh)	DH_generate_key(dh)
+ #define MDH_compute_key(secret, seclen, pub, dh)	DH_compute_key(secret, pub, dh)
++#define MPH_set_pqg(dh, p, q, g, res)  res = DH_set0_pqg(dh, p, q, g)
++#define MPH_set_length(dh, len, res)  res = DH_set_length(dh,len)
+ 
+ #endif
+ 
+@@ -152,7 +155,7 @@ typedef BIGNUM * MP_t;
+ 
+ /* RFC 2631, Section 2.1.5, http://www.ietf.org/rfc/rfc2631.txt */
+ static int
+-isValidPublicKey(MP_t y, MP_t p, MP_t q)
++isValidPublicKey(const MP_t y,const MP_t p, MP_t q)
+ {
+   int ret = TRUE;
+   MP_t bn;
+@@ -211,20 +214,33 @@ DHInit(int nKeyBits)
+   if (!dh)
+     goto failed;
+ 
+-  MP_new(dh->g);
++  MP_t g,p;
++  MP_new(g);
+ 
+-  if (!dh->g)
++  if (!g) 
++  {
+     goto failed;
++  }
+ 
+-  MP_gethex(dh->p, P1024, res);	/* prime P1024, see dhgroups.h */
++  DH_get0_pqg(dh, (BIGNUM const**)&p, NULL, NULL);
++  MP_gethex(p, P1024, res);	/* prime P1024, see dhgroups.h */
+   if (!res)
+     {
+       goto failed;
+     }
+ 
+-  MP_set_w(dh->g, 2);	/* base 2 */
+-
+-  dh->length = nKeyBits;
++  MP_set_w(g, 2);	/* base 2 */
++  MPH_set_pqg(dh,p,NULL,g, res);
++  if (!res)
++  {
++    MP_free(g);
++    goto failed;
++  }
++  MPH_set_length(dh,nKeyBits, res);
++  if (!res)
++  {
++    goto failed;
++  }
+   return dh;
+ 
+ failed:
+@@ -250,14 +267,11 @@ DHGenerateKey(MDH *dh)
+ 
+       MP_gethex(q1, Q1024, res);
+       assert(res);
+-
+-      res = isValidPublicKey(dh->pub_key, dh->p, q1);
++      res = isValidPublicKey(DH_get0_pub_key(dh), DH_get0_p(dh), q1);
+       if (!res)
+-	{
+-	  MP_free(dh->pub_key);
+-	  MP_free(dh->priv_key);
+-	  dh->pub_key = dh->priv_key = 0;
+-	}
++        {
++              MDH_free(dh); // Cannot set priv_key to nullptr so there is no way to generate a new pub/priv key pair in openssl 1.1.1.
++        }
+ 
+       MP_free(q1);
+     }
+@@ -272,15 +286,16 @@ static int
+ DHGetPublicKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen)
+ {
+   int len;
+-  if (!dh || !dh->pub_key)
++  MP_t pub = DH_get0_pub_key(dh);
++  if (!dh || !pub)
+     return 0;
+ 
+-  len = MP_bytes(dh->pub_key);
++  len = MP_bytes(pub);
+   if (len <= 0 || len > (int) nPubkeyLen)
+     return 0;
+ 
+   memset(pubkey, 0, nPubkeyLen);
+-  MP_setbin(dh->pub_key, pubkey + (nPubkeyLen - len), len);
++  MP_setbin(pub, pubkey + (nPubkeyLen - len), len);
+   return 1;
+ }
+ 
+@@ -288,15 +303,16 @@ DHGetPublicKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen)
+ static int
+ DHGetPrivateKey(MDH *dh, uint8_t *privkey, size_t nPrivkeyLen)
+ {
+-  if (!dh || !dh->priv_key)
++  MP_t priv = DH_get0_priv_key(dh);
++  if (!dh || !priv)
+     return 0;
+ 
+-  int len = MP_bytes(dh->priv_key);
++  int len = MP_bytes(priv);
+   if (len <= 0 || len > (int) nPrivkeyLen)
+     return 0;
+ 
+   memset(privkey, 0, nPrivkeyLen);
+-  MP_setbin(dh->priv_key, privkey + (nPrivkeyLen - len), len);
++  MP_setbin(priv, privkey + (nPrivkeyLen - len), len);
+   return 1;
+ }
+ #endif
+@@ -322,7 +338,7 @@ DHComputeSharedSecretKey(MDH *dh, uint8_t *pubkey, size_t nPubkeyLen,
+   MP_gethex(q1, Q1024, len);
+   assert(len);
+ 
+-  if (isValidPublicKey(pubkeyBn, dh->p, q1))
++  if (isValidPublicKey(pubkeyBn, DH_get0_p(dh), q1))
+     res = MDH_compute_key(secret, nPubkeyLen, pubkeyBn, dh);
+   else
+     res = -1;