Accepting request 503777 from home:dmolkentin:branches:Archiving

- Compile with OpenSSL 1.1 (bsc#1042637) - add patches: * dump-0.4b46-openssl-1.1.patch OBS-URL: https://build.opensuse.org/request/show/503777 OBS-URL: https://build.opensuse.org/package/show/Archiving/dump?expand=0&rev=21
2017-06-15 09:47:13 +00:00 · 2017-06-15 09:47:13 +00:00 · 91a220157c
commit 91a220157c
parent a7b44b498a
3 changed files with 101 additions and 0 deletions
--- a/dump-0.4b46-openssl-1.1.patch
+++ b/dump-0.4b46-openssl-1.1.patch
@ -0,0 +1,91 @@
+Index: dump-0.4b46/common/transformation_ssl.c
+===================================================================
+--- dump-0.4b46.orig/common/transformation_ssl.c
+++ dump-0.4b46/common/transformation_ssl.c
+@@ -215,7 +215,10 @@ generateIV(Transformation *xform, unsign
+ 	/* to be exposed to any attacker anyway. */
+ 	*saltlen = 16;
+ 	if (xform->enc == 1) {
+-		RAND_pseudo_bytes(salt, *saltlen);
+		if (!RAND_bytes(salt, *saltlen) != 1) {
+			/* PRNG not sufficiently seeded */
+			return -1;
+		}
+ 	}
+ 	memcpy(ivbuffer, salt, 16);
+ 
+@@ -274,7 +277,7 @@ ssl_compress(Transformation *xform, stru
+ 	digestlen = sizeof(digest);
+ 
+ 	/* generate salt, put it in header */
+-	generateIV(xform, salt, &saltlen, iv, &ivlen);
+	generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
+ 	memcpy(tpbin->buf, salt, saltlen);
+ 
+ 	/* compress the buffer first - increase the entropy */
+@@ -351,7 +354,7 @@ ssl_decompress(Transformation *xform, st
+ 
+ 	// how to know salt length?
+ 	memcpy(salt, src, saltlen);
+-	generateIV(xform, salt, &saltlen, iv, &ivlen);
+	generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
+ 
+ 	EVP_DecryptInit_ex(xform->state.ssl.dataCtx, xform->state.ssl.cipher,  xform->state.ssl.engine, NULL, NULL);
+ 	//EVP_CIPHER_CTX_set_key_length(&ctx, 8);
+@@ -515,7 +518,7 @@ Transformation
+ 		//EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
+ 		//EVP_CIPHER_CTX_cleanup(ctx);
+ 		//EVP_CIPHER_CTX_free(ctx);
+-		RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
+		RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
+ 	} else {
+ 		// how do we get keys?
+ 	}
+Index: dump-0.4b46/rmt/cipher.c
+===================================================================
+--- dump-0.4b46.orig/rmt/cipher.c
+++ dump-0.4b46/rmt/cipher.c
+@@ -23,7 +23,7 @@
+ char *
+ cipher(char *buf, int buflen, int do_encrypt)
+ {
+-	static EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ 	static char *out = NULL;	/* return value, grown as necessary */
+ 	static int outlen = 0;
+ 	static int init = 0, which, blocksize;
+@@ -71,13 +71,13 @@ cipher(char *buf, int buflen, int do_enc
+ 		}
+ 		EVP_BytesToKey(cipher, EVP_md5(), NULL,
+ 			buf, strlen(buf), 1, key, iv);
+-		EVP_CIPHER_CTX_init(&ctx);
+-		EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
+-		EVP_CIPHER_CTX_set_padding(&ctx, 0);	// -nopad
+		EVP_CIPHER_CTX_init(ctx);
+		EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
+		EVP_CIPHER_CTX_set_padding(ctx, 0);	// -nopad
+ 		OPENSSL_cleanse(buf, sizeof buf);
+ 		OPENSSL_cleanse(key, sizeof key);
+ 		OPENSSL_cleanse(iv, sizeof iv);
+-		blocksize = EVP_CIPHER_CTX_block_size(&ctx);
+		blocksize = EVP_CIPHER_CTX_block_size(ctx);
+ 		which = do_encrypt;
+ 		init = 1;
+ 	}
+@@ -95,7 +95,7 @@ cipher(char *buf, int buflen, int do_enc
+ 		outlen = (buflen+blocksize) * 2;
+ 		out = realloc(out, outlen);
+ 	}
+-	if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
+	if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
+ 		syslog(LOG_ERR, "EVP_CipherUpdate failed");
+ 		errno = EINVAL;
+ 		return NULL;
+@@ -106,6 +106,7 @@ cipher(char *buf, int buflen, int do_enc
+ 		return NULL;
+ 	}
+ 	// assert(ctx->buf_len == 0);
+	EVP_CIPHER_CTX_free(ctx);
+ 	return out;
+ }
+ 
--- a/dump.changes
+++ b/dump.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jun 15 09:12:51 UTC 2017 - daniel.molkentin@suse.com
+
+- Compile with OpenSSL 1.1 (bsc#1042637)
+- add patches:
+  * dump-0.4b46-openssl-1.1.patch
+
 -------------------------------------------------------------------
 Mon Mar 27 11:43:24 UTC 2017 - mpluskal@suse.com

--- a/dump.spec
+++ b/dump.spec
@ -36,6 +36,8 @@ Patch4:         %{name}-0.4b43-fix-bashisms.patch
 # PATCH-FIX-UPSTREAM dump-0.4b46-lzo-no-return.patch svalx@svalx.net -- fixing rpmlint
 # no-return-in-nonvoid-function error in dump
 Patch5:         %{name}-0.4b46-lzo-no-return.patch
+# PATCH-FIX-SUSE dump-0.4b46-pathnames.patch daniel.molkentin@suse.com -- openssl 1.1 support
+Patch6:         %{name}-0.4b46-openssl-1.1.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  e2fsprogs-devel
@ -76,6 +78,7 @@ cp %{SOURCE1} rmt/
 %patch3
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1

 %build
 autoreconf -fiv