Bug#854311: unblock: lcmaps-plugins-jobrep/1.5.3-4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#854311: unblock: lcmaps-plugins-jobrep/1.5.3-4
From: Dennis van Dok <dennisvd@nikhef.nl>
Date: Sun, 05 Feb 2017 23:03:54 +0100
Message-id: <[🔎] 20170205220354.12726.68243.reportbug@rowlf>
Reply-to: Dennis van Dok <dennisvd@nikhef.nl>, 854311@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package lcmaps-plugins-jobrep

Package no longer FTBFS with the introduction of OpenSSL 1.1.


diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/changelog lcmaps-plugins-jobrep-1.5.3/debian/changelog
--- lcmaps-plugins-jobrep-1.5.3/debian/changelog	2016-12-19 12:12:50.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/changelog	2017-01-27 12:33:38.000000000 +0100
@@ -1,3 +1,9 @@
+lcmaps-plugins-jobrep (1.5.3-4) unstable; urgency=medium
+
+  * Update to build against OpenSSL 1.1
+
+ -- Dennis van Dok <dennisvd@nikhef.nl>  Fri, 27 Jan 2017 12:33:38 +0100
+
 lcmaps-plugins-jobrep (1.5.3-3) unstable; urgency=medium
 
   * Update dependency of lcmaps-plugins-jobrep-admin to
diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/control lcmaps-plugins-jobrep-1.5.3/debian/control
--- lcmaps-plugins-jobrep-1.5.3/debian/control	2016-12-19 12:11:24.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/control	2017-01-27 12:33:38.000000000 +0100
@@ -5,7 +5,7 @@
 Uploaders: Mischa Salle <msalle@nikhef.nl>
 Build-Depends: cdbs, debhelper (>= 7.0.50~), dh-autoreconf, autotools-dev,
  lcmaps-basic-interface, unixodbc-dev, libssl-dev, pkg-config
-Standards-Version: 3.9.5
+Standards-Version: 3.9.8
 Homepage: https://wiki.nikhef.nl/grid/LCMAPS
 Vcs-Svn: https://ndpfsvn.nikhef.nl/repos/mwsec/packaging/debian/trunk/lcmaps-plugins-jobrep
 Vcs-Browser: http://ndpfsvn.nikhef.nl/viewvc/mwsec/packaging/debian/trunk/lcmaps-plugins-jobrep
diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch
--- lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch	1970-01-01 01:00:00.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/patches/openssl1.1.patch	2017-01-27 12:33:38.000000000 +0100
@@ -0,0 +1,111 @@
+From: Micha Sallé <msalle@nikhef.nl>
+Subject: Fixes for compatibility with OpenSSL 1.1
+
+--- a/src/jobrep/jobrep_data_handling.c
++++ b/src/jobrep/jobrep_data_handling.c
+@@ -1134,7 +1134,7 @@
+     char    *subject_DN = NULL, *issuer_DN = NULL, *not_before_str = NULL, *not_after_str = NULL;
+     time_t   not_before = 0, not_after = 0;
+     X509    *cert = NULL;
+-    unsigned char *serialnr = NULL;
++    char *serialnr = NULL;
+ 
+     if ((db_handle == NULL) || (px509_chain == NULL)) {
+         return -1;
+@@ -1231,27 +1231,25 @@
+     return -1;
+ }
+ 
+-unsigned char *
++char *
+ jobrep_get_serialnumber_as_string(X509 *cert) {
+-    ASN1_INTEGER   *cert_Serial = NULL;
+-    unsigned char  *serialNumberDER = NULL, *temp = NULL, *serialStr = NULL;
++    ASN1_INTEGER   *serial = NULL;
+     char           *subject_DN = NULL;
+-    size_t          len;
+-    int             j,serialLen;
++    BIGNUM         *bn_serial;
++    char           *serialStr = NULL;
+ 
+     if (cert == NULL)
+         return NULL;
+ 
+-    cert_Serial = X509_get_serialNumber(cert);
+-    if (cert_Serial == NULL) {
++    if ( (serial = X509_get_serialNumber(cert)) == NULL) {
+         /* For debugging purposes extract the Subject DN */
+         subject_DN = X509_NAME_oneline(X509_get_subject_name(cert),NULL,0);
+         if (subject_DN) {
+-            lcmaps_log(LOG_DEBUG, "%s: certificate passed with subject DN \"%s\" didn't contain a serial number.\n",
++            lcmaps_log(LOG_WARNING, "%s: certificate passed with subject DN \"%s\" didn't contain a serial number.\n",
+                        __func__, subject_DN);
+             free(subject_DN);
+         } else {
+-            lcmaps_log(LOG_DEBUG, "%s: certificate passed doesn't have a serialnumber and also lacks a subject DN. " \
++            lcmaps_log(LOG_WARNING, "%s: certificate passed doesn't have a serialnumber and also lacks a subject DN. " \
+                                   "This is completely weird and doesn't even look like a certificate. " \
+                                   "Are you a waiter because you seem to be feeding me soup?\n",
+                                   __func__);
+@@ -1259,44 +1257,15 @@
+         return NULL;
+     }
+ 
+-    serialLen = i2c_ASN1_INTEGER(cert_Serial, NULL);
+-    if (serialLen <= 0) {
+-        lcmaps_log(LOG_INFO, "%s: Conversion of a certificate serial number from ASN1_INTEGER to DER failed\n",
+-                             __func__);
+-        return NULL;
+-    }
+-
+-    /* Note: serialLen is int and >0 */
+-    temp = serialNumberDER = malloc((size_t)serialLen);
+-    if (serialNumberDER == NULL) {
+-        lcmaps_log(LOG_DEBUG, "%s: Could not allocate %d bytes\n", serialLen);
+-        return NULL;
+-    }
+-    /* Warning, the temp variable will be displaced, use the serialNumberDER instead. */
+-    serialLen = i2c_ASN1_INTEGER(cert_Serial, &temp);
+-
+-    /* Allocate as a Hex decimal + null-terminator */
+-    len = (size_t)serialLen * 2 + 1;
+-    serialStr = malloc(len);
+-    if (serialStr == NULL) {
+-        lcmaps_log(LOG_DEBUG, "%s: Could not allocate %d bytes\n", len);
+-        goto cleanup;
+-    }
+-
+-    /* Write the DER encoded serial code in Hex to the serialStr */
+-    temp = serialStr;
+-    for (j = 0; j < serialLen; j++) {
+-        snprintf((char *)temp, len, "%02X", serialNumberDER[j] );
+-        temp = &(temp[2]);
++    if ( (bn_serial = ASN1_INTEGER_to_BN(serial, NULL)) == NULL ||
++	 (serialStr = BN_bn2hex(bn_serial)) == NULL )
++    {
++	lcmaps_log(LOG_WARNING, "%s: Cannot convert ASN1_INTEGER serial to char *", __func__);
++	return NULL;
+     }
+ 
+-    /* Done */
+-    free(serialNumberDER);
++    BN_clear_free(bn_serial);
+     return serialStr;
+-cleanup:
+-    if (serialNumberDER) free(serialNumberDER);
+-    if (serialStr) free(serialStr);
+-    return NULL;
+ }
+ 
+ 
+--- a/src/jobrep/jobrep_data_handling.h
++++ b/src/jobrep/jobrep_data_handling.h
+@@ -55,7 +55,7 @@
+ long jobrep_push_unix_cred(struct jr_db_handle_s *db_handle);
+ int jobrep_push_certificates(struct jr_db_handle_s *db_handle, STACK_OF(X509) *px509_chain);
+ 
+-unsigned char *jobrep_get_serialnumber_as_string(X509 *cert);
++char *jobrep_get_serialnumber_as_string(X509 *cert);
+ char *jobrep_time_to_string(time_t some_time);
+ time_t jobrep_asn1TimeToTimeT(unsigned char *asn1time, size_t len);
+ 
diff -Nru lcmaps-plugins-jobrep-1.5.3/debian/patches/series lcmaps-plugins-jobrep-1.5.3/debian/patches/series
--- lcmaps-plugins-jobrep-1.5.3/debian/patches/series	2014-01-14 13:39:46.000000000 +0100
+++ lcmaps-plugins-jobrep-1.5.3/debian/patches/series	2017-01-27 12:33:38.000000000 +0100
@@ -1 +1 @@
-
+openssl1.1.patch


unblock lcmaps-plugins-jobrep/1.5.3-4

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (990, 'stable'), (50, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-dvdrt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=nl_NL.utf8, LC_CTYPE=nl_NL.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Follow-Ups:
- Bug#854311: marked as done (unblock: lcmaps-plugins-jobrep/1.5.3-4)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#854309: unblock: lcas-lcmaps-gt4-interface/0.3.0-3
Next by Date: Bug#854309: marked as done (unblock: lcas-lcmaps-gt4-interface/0.3.0-3)
Previous by thread: Bug#854309: marked as done (unblock: lcas-lcmaps-gt4-interface/0.3.0-3)
Next by thread: Bug#854311: marked as done (unblock: lcmaps-plugins-jobrep/1.5.3-4)
Index(es):
- Date
- Thread