From 26a26de5f7b1acf1caa174a0e4b3a8fc12d1d9e97df5783e8c5a1dcc936d5936 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Fri, 18 May 2018 13:17:37 +0000 Subject: [PATCH] Accepting request 610348 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) * add curl-use_OPENSSL_config.patch - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) * add curl-use_OPENSSL_config.patch OBS-URL: https://build.opensuse.org/request/show/610348 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=225 --- curl-mini.changes | 7 +++++++ curl-use_OPENSSL_config.patch | 36 +++++++++++++++++++++++++++++++++++ curl.changes | 7 +++++++ curl.spec | 2 ++ 4 files changed, 52 insertions(+) create mode 100644 curl-use_OPENSSL_config.patch diff --git a/curl-mini.changes b/curl-mini.changes index 08e6e05..49a50fd 100644 --- a/curl-mini.changes +++ b/curl-mini.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri May 18 11:47:00 UTC 2018 - vcizek@suse.com + +- Use OPENSSL_config instead of CONF_modules_load_file() to avoid + crashes due to openssl engines conflicts (bsc#1086367) + * add curl-use_OPENSSL_config.patch + ------------------------------------------------------------------- Wed May 16 08:41:48 UTC 2018 - pmonrealgonzalez@suse.com diff --git a/curl-use_OPENSSL_config.patch b/curl-use_OPENSSL_config.patch new file mode 100644 index 0000000..a1350ec --- /dev/null +++ b/curl-use_OPENSSL_config.patch @@ -0,0 +1,36 @@ +This basically reverts https://github.com/curl/curl/commit/7d2f61f66ab4e047fc9aefc2effc1ac6d340a66a + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 80e9bf940..ba227891f 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -925,26 +925,12 @@ static int Curl_ossl_init(void) + ENGINE_load_builtin_engines(); + #endif + +- /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately +- that function makes an exit() call on wrongly formatted config files +- which makes it hard to use in some situations. OPENSSL_config() itself +- calls CONF_modules_load_file() and we use that instead and we ignore +- its return code! */ +- +- /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and +- 0.9.8e */ +-#ifndef CONF_MFLAGS_DEFAULT_SECTION +-#define CONF_MFLAGS_DEFAULT_SECTION 0x0 +-#endif +- +- CONF_modules_load_file(NULL, NULL, +- CONF_MFLAGS_DEFAULT_SECTION| +- CONF_MFLAGS_IGNORE_MISSING_FILE); +- + #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ + !defined(LIBRESSL_VERSION_NUMBER) +- /* OpenSSL 1.1.0+ takes care of initialization itself */ ++ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + #else ++ OPENSSL_config(NULL); ++ + /* Lets get nice error messages */ + SSL_load_error_strings(); + diff --git a/curl.changes b/curl.changes index 08e6e05..49a50fd 100644 --- a/curl.changes +++ b/curl.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri May 18 11:47:00 UTC 2018 - vcizek@suse.com + +- Use OPENSSL_config instead of CONF_modules_load_file() to avoid + crashes due to openssl engines conflicts (bsc#1086367) + * add curl-use_OPENSSL_config.patch + ------------------------------------------------------------------- Wed May 16 08:41:48 UTC 2018 - pmonrealgonzalez@suse.com diff --git a/curl.spec b/curl.spec index 01a5ae6..9c82963 100644 --- a/curl.spec +++ b/curl.spec @@ -43,6 +43,7 @@ Patch2: curl-secure-getenv.patch Patch3: ignore_runtests_failure.patch # PATCH-FIX-OPENSUSE bsc#1076446 protocol redirection not supported or disabled Patch4: curl-disabled-redirect-protocol-message.patch +Patch5: curl-use_OPENSSL_config.patch BuildRequires: libtool BuildRequires: pkgconfig Requires: libcurl4%{?mini} = %{version} @@ -122,6 +123,7 @@ user interaction or any kind of interactivity. %patch3 -p1 %endif %patch4 -p1 +%patch5 -p1 %build # curl complains if macro definition is contained in CFLAGS