[pkg-bacula-commits] [bacula] 01/02: Updated OpenSSL 1.1 patches

Carsten Leonhardt leo at moszumanska.debian.org
Wed Nov 15 23:35:38 UTC 2017 

This is an automated email from the git hooks/post-receive script.

leo pushed a commit to branch openssl1.1
in repository bacula.

commit c51d13140aefd0bfcb69f51fe059f07b2c446fa7
Author: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Date:   Thu Nov 16 00:32:40 2017 +0100

    Updated OpenSSL 1.1 patches
---
 ...crypto-remove-support-for-ancient-openssl.patch |  4 +-
 ...02-crypto-Add-a-tiny-OpenSSL-compat-level.patch | 50 +++++++++++-----------
 ...penssl1.1_0003-crypto-Use-DEFINE_STACK_OF.patch |  4 +-
 ...ert-EVP_MD_CTX-EVP_CIPHER_CTX-to-OpenSSL-.patch | 10 ++---
 ...rt-EVP_PKEY-access-and-remainings-bits-f.patch} | 10 ++---
 ...ve-most-of-OpenSSL-initcallbacks-for-1.1.patch} |  6 +--
 debian/patches/series                              |  4 +-
 7 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/debian/patches/openssl1.1_0001-crypto-remove-support-for-ancient-openssl.patch b/debian/patches/openssl1.1_0001-crypto-remove-support-for-ancient-openssl.patch
index 2e79249..85e0ae2 100644
--- a/debian/patches/openssl1.1_0001-crypto-remove-support-for-ancient-openssl.patch
+++ b/debian/patches/openssl1.1_0001-crypto-remove-support-for-ancient-openssl.patch
@@ -1,7 +1,7 @@
-From 2da5f9b134943f62fb7c22e6d5e64599b43011cc Mon Sep 17 00:00:00 2001
+From c2c5d2d2f9e675c0d74480856e494b23a5475108 Mon Sep 17 00:00:00 2001
 From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 Date: Wed, 8 Nov 2017 14:37:31 +0100
-Subject: [PATCH 1/5] crypto: remove support for ancient openssl
+Subject: [PATCH 1/6] crypto: remove support for ancient openssl
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
diff --git a/debian/patches/openssl1.1_0002-crypto-Add-a-tiny-OpenSSL-compat-level.patch b/debian/patches/openssl1.1_0002-crypto-Add-a-tiny-OpenSSL-compat-level.patch
index f8fec7a..c4b7925 100644
--- a/debian/patches/openssl1.1_0002-crypto-Add-a-tiny-OpenSSL-compat-level.patch
+++ b/debian/patches/openssl1.1_0002-crypto-Add-a-tiny-OpenSSL-compat-level.patch
@@ -1,7 +1,7 @@
-From bdcf77673aeac0cb1de81f4148c23328cae0f4f7 Mon Sep 17 00:00:00 2001
+From 80bb91779b7566c5655b9afca3c35e716bb4888c Mon Sep 17 00:00:00 2001
 From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 Date: Wed, 8 Nov 2017 14:40:12 +0100
-Subject: [PATCH 2/5] crypto: Add a tiny OpenSSL compat level
+Subject: [PATCH 2/6] crypto: Add a tiny OpenSSL compat level
 
 This header file provides a few OpenSSL 1.1 functions which are not
 available in OpenSSL 1.0.2 and earlier. The body of the function
@@ -9,9 +9,9 @@ implements the pre-1.1 version of the function provided in 1.1.
 
 Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 ---
- src/lib/crypto.c         |  2 ++
+ src/lib/crypto.c  |  2 ++
+ src/lib/tls.c     |  2 ++
  src/lib/openssl-compat.h | 43 +++++++++++++++++++++++++++++++++++++++++++
- src/lib/tls.c            |  2 ++
  3 files changed, 47 insertions(+)
  create mode 100644 src/lib/openssl-compat.h
 
@@ -28,9 +28,22 @@ index b4403eb45618..c172efb2b5d9 100644
  /* ASN.1 Declarations */
  #define BACULA_ASN1_VERSION 0
  
+diff --git a/src/lib/tls.c b/src/lib/tls.c
+index 992265b38ad2..c71a4ad525fe 100644
+--- a/src/lib/tls.c
++++ b/src/lib/tls.c
+@@ -45,6 +45,8 @@
+ 
+ #ifdef HAVE_OPENSSL /* How about OpenSSL? */
+ 
++#include "openssl-compat.h"
++
+ /* No anonymous ciphers, no <128 bit ciphers, no export ciphers, no MD5 ciphers */
+ #define TLS_DEFAULT_CIPHERS "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
+ 
 diff --git a/src/lib/openssl-compat.h b/src/lib/openssl-compat.h
 new file mode 100644
-index 000000000000..2effcb6bc9bb
+index 000000000000..e811a4b976e7
 --- /dev/null
 +++ b/src/lib/openssl-compat.h
 @@ -0,0 +1,43 @@
@@ -38,23 +51,23 @@ index 000000000000..2effcb6bc9bb
 +#define __OPENSSL_COPMAT__H__
 +
 +#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+static int EVP_PKEY_up_ref(EVP_PKEY *pkey)
++static inline int EVP_PKEY_up_ref(EVP_PKEY *pkey)
 +{
 +	CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-+	return 0;
++	return 1;
 +}
 +
-+static void EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
++static inline void EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 +{
 +	EVP_CIPHER_CTX_init(ctx);
 +}
 +
-+static void EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
++static inline void EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
 +{
 +	EVP_MD_CTX_init(ctx);
 +}
 +
-+static EVP_MD_CTX *EVP_MD_CTX_new(void)
++static inline EVP_MD_CTX *EVP_MD_CTX_new(void)
 +{
 +	EVP_MD_CTX *ctx;
 +
@@ -64,32 +77,19 @@ index 000000000000..2effcb6bc9bb
 +	return ctx;
 +}
 +
-+static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++static inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
 +{
 +	EVP_MD_CTX_reset(ctx);
 +	OPENSSL_free(ctx);
 +}
 +
-+static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1)
++static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1)
 +{
 +	return asn1->data;
 +}
 +#endif
 +
 +#endif
-diff --git a/src/lib/tls.c b/src/lib/tls.c
-index 992265b38ad2..c71a4ad525fe 100644
---- a/src/lib/tls.c
-+++ b/src/lib/tls.c
-@@ -45,6 +45,8 @@
- 
- #ifdef HAVE_OPENSSL /* How about OpenSSL? */
- 
-+#include "openssl-compat.h"
-+
- /* No anonymous ciphers, no <128 bit ciphers, no export ciphers, no MD5 ciphers */
- #define TLS_DEFAULT_CIPHERS "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
- 
 -- 
 2.15.0
 
diff --git a/debian/patches/openssl1.1_0003-crypto-Use-DEFINE_STACK_OF.patch b/debian/patches/openssl1.1_0003-crypto-Use-DEFINE_STACK_OF.patch
index 2a8cef1..098189c 100644
--- a/debian/patches/openssl1.1_0003-crypto-Use-DEFINE_STACK_OF.patch
+++ b/debian/patches/openssl1.1_0003-crypto-Use-DEFINE_STACK_OF.patch
@@ -1,7 +1,7 @@
-From e8186c36805dcec1c9f4333a294288200a3ab9f1 Mon Sep 17 00:00:00 2001
+From b8117ac4c2c8362c7ff51758f7a7bfb702f303e8 Mon Sep 17 00:00:00 2001
 From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 Date: Wed, 8 Nov 2017 14:42:22 +0100
-Subject: [PATCH 3/5] crypto: Use DEFINE_STACK_OF()
+Subject: [PATCH 3/6] crypto: Use DEFINE_STACK_OF()
 
 OpenSSL 1.1 makes it possible to use DEFINE_STACK_OF() instead of
 IMPLEMENT_STACK_OF() + mkstack.pl's output.
diff --git a/debian/patches/openssl1.1_0004-crypto-convert-EVP_MD_CTX-EVP_CIPHER_CTX-to-OpenSSL-.patch b/debian/patches/openssl1.1_0004-crypto-convert-EVP_MD_CTX-EVP_CIPHER_CTX-to-OpenSSL-.patch
index f6fae82..9a1e6b2 100644
--- a/debian/patches/openssl1.1_0004-crypto-convert-EVP_MD_CTX-EVP_CIPHER_CTX-to-OpenSSL-.patch
+++ b/debian/patches/openssl1.1_0004-crypto-convert-EVP_MD_CTX-EVP_CIPHER_CTX-to-OpenSSL-.patch
@@ -1,7 +1,7 @@
-From 44a8f9083ac6e5ecc9ea199074695b425ab2b050 Mon Sep 17 00:00:00 2001
+From 63f762615855a153feac994f4887169d1d201e6c Mon Sep 17 00:00:00 2001
 From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 Date: Wed, 8 Nov 2017 21:01:45 +0100
-Subject: [PATCH 4/5] crypto: convert EVP_MD_CTX + EVP_CIPHER_CTX to OpenSSL
+Subject: [PATCH 4/6] crypto: convert EVP_MD_CTX + EVP_CIPHER_CTX to OpenSSL
  1.1
 
 Those digest structs became opaque and now they need to be allocated
@@ -9,11 +9,11 @@ and for access we need to use accessor functions.
 
 Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 ---
- src/lib/crypto.c | 51 +++++++++++++++++++++++++++++----------------------
+ src/lib/crypto.c | 51 ++++++++++++++++++++++++++++---------------------
  1 file changed, 29 insertions(+), 22 deletions(-)
 
 diff --git a/src/lib/crypto.c b/src/lib/crypto.c
-index 4b9f0f2a2f3a..1dae063697c7 100644
+index 4b9f0f2a2f3a..e035de78ac21 100644
 --- a/src/lib/crypto.c
 +++ b/src/lib/crypto.c
 @@ -275,7 +275,7 @@ struct X509_Keypair {
@@ -114,7 +114,7 @@ index 4b9f0f2a2f3a..1dae063697c7 100644
 +	   return NULL;
 +
 +   cipher_ctx->ctx = EVP_CIPHER_CTX_new();
-+   if (cipher_ctx->ctx)
++   if (!cipher_ctx->ctx)
 +	   goto err;
  
     /*
diff --git a/debian/patches/openssl1.1_0005-crypto_-convert-EVP_PKEY-access-and-remainings-bits-.patch b/debian/patches/openssl1.1_0005-crypto-convert-EVP_PKEY-access-and-remainings-bits-f.patch
similarity index 97%
rename from debian/patches/openssl1.1_0005-crypto_-convert-EVP_PKEY-access-and-remainings-bits-.patch
rename to debian/patches/openssl1.1_0005-crypto-convert-EVP_PKEY-access-and-remainings-bits-f.patch
index 54bc5f6..52f9ef3 100644
--- a/debian/patches/openssl1.1_0005-crypto_-convert-EVP_PKEY-access-and-remainings-bits-.patch
+++ b/debian/patches/openssl1.1_0005-crypto-convert-EVP_PKEY-access-and-remainings-bits-f.patch
@@ -1,7 +1,7 @@
-From 8e5336b18826a9057912d55f5aafb3d1e392d195 Mon Sep 17 00:00:00 2001
+From e9c96a105b36f5426aad9daf73f5d562524bfa0b Mon Sep 17 00:00:00 2001
 From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 Date: Wed, 8 Nov 2017 21:08:10 +0100
-Subject: [PATCH 5/5] crypto_: convert EVP_PKEY access and remainings bits for
+Subject: [PATCH 5/6] crypto: convert EVP_PKEY access and remainings bits for
  OpenSSL 1.1
 
 EVP_PKEY became opaque and can not be dereferences in OpenSSL 1.1 and
@@ -10,12 +10,12 @@ relevant access.
 
 Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 ---
- src/lib/crypto.c | 72 +++++++++++++++++++++++++++++++-------------------------
- src/lib/tls.c    |  8 ++++---
+ src/lib/crypto.c | 72 +++++++++++++++++++++++++++----------------------
+ src/lib/tls.c    |  8 +++---
  2 files changed, 45 insertions(+), 35 deletions(-)
 
 diff --git a/src/lib/crypto.c b/src/lib/crypto.c
-index 1dae063697c7..3657c06aa8b0 100644
+index e035de78ac21..0cb4f9feef60 100644
 --- a/src/lib/crypto.c
 +++ b/src/lib/crypto.c
 @@ -304,7 +304,7 @@ typedef struct PEM_CB_Context {
diff --git a/debian/patches/openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch b/debian/patches/openssl1.1_0006-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
similarity index 97%
rename from debian/patches/openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
rename to debian/patches/openssl1.1_0006-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
index c0987ad..e0e1552 100644
--- a/debian/patches/openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
+++ b/debian/patches/openssl1.1_0006-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
@@ -1,7 +1,7 @@
-From b24350f437064af4564d7b07263eb88b2de82a44 Mon Sep 17 00:00:00 2001
+From f4a0cd7ac2487bbd8ab4e5bfdd92be161887012a Mon Sep 17 00:00:00 2001
 From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
 Date: Thu, 9 Nov 2017 21:55:20 +0100
-Subject: [PATCH] crypto: remove most of OpenSSL initcallbacks for 1.1
+Subject: [PATCH 6/6] crypto: remove most of OpenSSL initcallbacks for 1.1
 
 In OpenSSL 1.1 the thread model atomically initialized the library so
 there is no need to invoke the init calls, like it was needed for 1.0.2
@@ -170,5 +170,5 @@ index 597517a4fd68..9374a581c735 100644
  
  #endif /* __OPENSSL_H_ */
 -- 
-2.15.0.rc0
+2.15.0
 
diff --git a/debian/patches/series b/debian/patches/series
index eadd623..54f4913 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,5 +16,5 @@ openssl1.1_0001-crypto-remove-support-for-ancient-openssl.patch
 openssl1.1_0002-crypto-Add-a-tiny-OpenSSL-compat-level.patch
 openssl1.1_0003-crypto-Use-DEFINE_STACK_OF.patch
 openssl1.1_0004-crypto-convert-EVP_MD_CTX-EVP_CIPHER_CTX-to-OpenSSL-.patch
-openssl1.1_0005-crypto_-convert-EVP_PKEY-access-and-remainings-bits-.patch
-openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
+openssl1.1_0005-crypto-convert-EVP_PKEY-access-and-remainings-bits-f.patch
+openssl1.1_0006-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git

More information about the pkg-bacula-commits mailing list