Bug#863472: unblock: openssl/1.1.0f-1
On Mon, Jun 05, 2017 at 11:33:57AM +0200, Cyril Brulebois wrote:
> Kurt Roeckx <kurt@roeckx.be> (2017-06-04):
> > So I've uploaded openssl 1.1.0f-2
>
> Source debdiff lgtm from -1, and installation over https works fine,
> ACK.
So I actually have a new version I want to upload:
Modified: openssl/branches/1.1.0/debian/changelog
===================================================================
--- openssl/branches/1.1.0/debian/changelog 2017-06-04 17:21:11 UTC (rev 903)
+++ openssl/branches/1.1.0/debian/changelog 2017-06-05 09:42:35 UTC (rev 904)
@@ -1,3 +1,9 @@
+openssl (1.1.0f-3) unstable; urgency=medium
+
+ * Don't cleanup a thread-local key we didn't create (Closes: #863707)
+
+ -- Kurt Roeckx <kurt@roeckx.be> Mon, 05 Jun 2017 11:40:42 +0200
+
openssl (1.1.0f-2) unstable; urgency=medium
* Make the udeb use a versioned depends (Closes: #864080)
Added: openssl/branches/1.1.0/debian/patches/0001-Only-release-thread-local-key-if-we-created-it.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/0001-Only-release-thread-local-key-if-we-created-it.patch (rev 0)
+++ openssl/branches/1.1.0/debian/patches/0001-Only-release-thread-local-key-if-we-created-it.patch 2017-06-05 09:42:35 UTC (rev 904)
@@ -0,0 +1,47 @@
+From 73bc53708c386c1ea85941d345721e23dc61c05c Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz@openssl.org>
+Date: Wed, 31 May 2017 12:14:55 -0400
+Subject: [PATCH] Only release thread-local key if we created it.
+
+Thanks to Jan Alexander Steffens for finding the bug and confirming the
+fix.
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/3592)
+---
+ crypto/err/err.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/err/err.c b/crypto/err/err.c
+index f866f2fdd0..c55f849590 100644
+--- a/crypto/err/err.c
++++ b/crypto/err/err.c
+@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
+ #endif
+
+ static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
++static int set_err_thread_local;
+ static CRYPTO_THREAD_LOCAL err_thread_local;
+
+ static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
+@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+
+ void err_cleanup(void)
+ {
+- CRYPTO_THREAD_cleanup_local(&err_thread_local);
++ if (set_err_thread_local != 0)
++ CRYPTO_THREAD_cleanup_local(&err_thread_local);
+ CRYPTO_THREAD_lock_free(err_string_lock);
+ err_string_lock = NULL;
+ }
+@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid)
+
+ DEFINE_RUN_ONCE_STATIC(err_do_init)
+ {
++ set_err_thread_local = 1;
+ return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+ }
+
+--
+2.11.0
+
Modified: openssl/branches/1.1.0/debian/patches/series
===================================================================
--- openssl/branches/1.1.0/debian/patches/series 2017-06-04 17:21:11 UTC (rev 903)
+++ openssl/branches/1.1.0/debian/patches/series 2017-06-05 09:42:35 UTC (rev 904)
@@ -4,3 +4,4 @@
pic.patch
c_rehash-compat.patch
#padlock_conf.patch
+0001-Only-release-thread-local-key-if-we-created-it.patch
Reply to: