Bug#854311: unblock: lcmaps-plugins-jobrep/1.5.3-4
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package lcmaps-plugins-jobrep
Package no longer FTBFS with the introduction of OpenSSL 1.1.
diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/changelog lcmaps-plugins-jobrep-1.5.3/debian/changelog
--- lcmaps-plugins-jobrep-1.5.3/debian/changelog 2016-12-19 12:12:50.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/changelog 2017-01-27 12:33:38.000000000 +0100
@@ -1,3 +1,9 @@
+lcmaps-plugins-jobrep (1.5.3-4) unstable; urgency=medium
+
+ * Update to build against OpenSSL 1.1
+
+ -- Dennis van Dok <dennisvd@nikhef.nl> Fri, 27 Jan 2017 12:33:38 +0100
+
lcmaps-plugins-jobrep (1.5.3-3) unstable; urgency=medium
* Update dependency of lcmaps-plugins-jobrep-admin to
diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/control lcmaps-plugins-jobrep-1.5.3/debian/control
--- lcmaps-plugins-jobrep-1.5.3/debian/control 2016-12-19 12:11:24.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/control 2017-01-27 12:33:38.000000000 +0100
@@ -5,7 +5,7 @@
Uploaders: Mischa Salle <msalle@nikhef.nl>
Build-Depends: cdbs, debhelper (>= 7.0.50~), dh-autoreconf, autotools-dev,
lcmaps-basic-interface, unixodbc-dev, libssl-dev, pkg-config
-Standards-Version: 3.9.5
+Standards-Version: 3.9.8
Homepage: https://wiki.nikhef.nl/grid/LCMAPS
Vcs-Svn: https://ndpfsvn.nikhef.nl/repos/mwsec/packaging/debian/trunk/lcmaps-plugins-jobrep
Vcs-Browser: http://ndpfsvn.nikhef.nl/viewvc/mwsec/packaging/debian/trunk/lcmaps-plugins-jobrep
diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch
--- lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch 1970-01-01 01:00:00.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch 2017-01-27 12:33:38.000000000 +0100
@@ -0,0 +1,111 @@
+From: Micha Sallé <msalle@nikhef.nl>
+Subject: Fixes for compatibility with OpenSSL 1.1
+
+--- a/src/jobrep/jobrep_data_handling.c
++++ b/src/jobrep/jobrep_data_handling.c
+@@ -1134,7 +1134,7 @@
+ char *subject_DN = NULL, *issuer_DN = NULL, *not_before_str = NULL, *not_after_str = NULL;
+ time_t not_before = 0, not_after = 0;
+ X509 *cert = NULL;
+- unsigned char *serialnr = NULL;
++ char *serialnr = NULL;
+
+ if ((db_handle == NULL) || (px509_chain == NULL)) {
+ return -1;
+@@ -1231,27 +1231,25 @@
+ return -1;
+ }
+
+-unsigned char *
++char *
+ jobrep_get_serialnumber_as_string(X509 *cert) {
+- ASN1_INTEGER *cert_Serial = NULL;
+- unsigned char *serialNumberDER = NULL, *temp = NULL, *serialStr = NULL;
++ ASN1_INTEGER *serial = NULL;
+ char *subject_DN = NULL;
+- size_t len;
+- int j,serialLen;
++ BIGNUM *bn_serial;
++ char *serialStr = NULL;
+
+ if (cert == NULL)
+ return NULL;
+
+- cert_Serial = X509_get_serialNumber(cert);
+- if (cert_Serial == NULL) {
++ if ( (serial = X509_get_serialNumber(cert)) == NULL) {
+ /* For debugging purposes extract the Subject DN */
+ subject_DN = X509_NAME_oneline(X509_get_subject_name(cert),NULL,0);
+ if (subject_DN) {
+- lcmaps_log(LOG_DEBUG, "%s: certificate passed with subject DN \"%s\" didn't contain a serial number.\n",
++ lcmaps_log(LOG_WARNING, "%s: certificate passed with subject DN \"%s\" didn't contain a serial number.\n",
+ __func__, subject_DN);
+ free(subject_DN);
+ } else {
+- lcmaps_log(LOG_DEBUG, "%s: certificate passed doesn't have a serialnumber and also lacks a subject DN. " \
++ lcmaps_log(LOG_WARNING, "%s: certificate passed doesn't have a serialnumber and also lacks a subject DN. " \
+ "This is completely weird and doesn't even look like a certificate. " \
+ "Are you a waiter because you seem to be feeding me soup?\n",
+ __func__);
+@@ -1259,44 +1257,15 @@
+ return NULL;
+ }
+
+- serialLen = i2c_ASN1_INTEGER(cert_Serial, NULL);
+- if (serialLen <= 0) {
+- lcmaps_log(LOG_INFO, "%s: Conversion of a certificate serial number from ASN1_INTEGER to DER failed\n",
+- __func__);
+- return NULL;
+- }
+-
+- /* Note: serialLen is int and >0 */
+- temp = serialNumberDER = malloc((size_t)serialLen);
+- if (serialNumberDER == NULL) {
+- lcmaps_log(LOG_DEBUG, "%s: Could not allocate %d bytes\n", serialLen);
+- return NULL;
+- }
+- /* Warning, the temp variable will be displaced, use the serialNumberDER instead. */
+- serialLen = i2c_ASN1_INTEGER(cert_Serial, &temp);
+-
+- /* Allocate as a Hex decimal + null-terminator */
+- len = (size_t)serialLen * 2 + 1;
+- serialStr = malloc(len);
+- if (serialStr == NULL) {
+- lcmaps_log(LOG_DEBUG, "%s: Could not allocate %d bytes\n", len);
+- goto cleanup;
+- }
+-
+- /* Write the DER encoded serial code in Hex to the serialStr */
+- temp = serialStr;
+- for (j = 0; j < serialLen; j++) {
+- snprintf((char *)temp, len, "%02X", serialNumberDER[j] );
+- temp = &(temp[2]);
++ if ( (bn_serial = ASN1_INTEGER_to_BN(serial, NULL)) == NULL ||
++ (serialStr = BN_bn2hex(bn_serial)) == NULL )
++ {
++ lcmaps_log(LOG_WARNING, "%s: Cannot convert ASN1_INTEGER serial to char *", __func__);
++ return NULL;
+ }
+
+- /* Done */
+- free(serialNumberDER);
++ BN_clear_free(bn_serial);
+ return serialStr;
+-cleanup:
+- if (serialNumberDER) free(serialNumberDER);
+- if (serialStr) free(serialStr);
+- return NULL;
+ }
+
+
+--- a/src/jobrep/jobrep_data_handling.h
++++ b/src/jobrep/jobrep_data_handling.h
+@@ -55,7 +55,7 @@
+ long jobrep_push_unix_cred(struct jr_db_handle_s *db_handle);
+ int jobrep_push_certificates(struct jr_db_handle_s *db_handle, STACK_OF(X509) *px509_chain);
+
+-unsigned char *jobrep_get_serialnumber_as_string(X509 *cert);
++char *jobrep_get_serialnumber_as_string(X509 *cert);
+ char *jobrep_time_to_string(time_t some_time);
+ time_t jobrep_asn1TimeToTimeT(unsigned char *asn1time, size_t len);
+
diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/patches/series lcmaps-plugins-jobrep-1.5.3/debian/patches/series
--- lcmaps-plugins-jobrep-1.5.3/debian/patches/series 2014-01-14 13:39:46.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/patches/series 2017-01-27 12:33:38.000000000 +0100
@@ -1 +1 @@
-
+openssl1.1.patch
unblock lcmaps-plugins-jobrep/1.5.3-4
-- System Information:
Debian Release: 8.7
APT prefers stable
APT policy: (990, 'stable'), (50, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-dvdrt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=nl_NL.utf8, LC_CTYPE=nl_NL.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: