Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: stretch Severity: normal Hello, I request an update to fix segfaults for sqlcipher, due to wrong/incomplete openssl patch summary of the changes is here (and debdiff attached) +sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium + + [ Philipp Berger ] + * Fixup previous patch, to avoid a crash when opening file + (Closes: #863530) + + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 02 Dec 2017 11:24:26 +0100 + thanks! Gianfranco
diff -Nru sqlcipher-3.2.0/debian/changelog sqlcipher-3.2.0/debian/changelog --- sqlcipher-3.2.0/debian/changelog 2016-12-23 11:00:19.000000000 +0100 +++ sqlcipher-3.2.0/debian/changelog 2017-12-02 11:24:26.000000000 +0100 @@ -1,3 +1,11 @@ +sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium + + [ Philipp Berger ] + * Fixup previous patch, to avoid a crash when opening file + (Closes: #863530) + + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 02 Dec 2017 11:24:26 +0100 + sqlcipher (3.2.0-2) unstable; urgency=medium * support building with openssl 1.1 (Closes: #828555) diff -Nru sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch --- sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch 2016-12-23 10:59:43.000000000 +0100 +++ sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch 2017-12-02 11:24:15.000000000 +0100 @@ -1,14 +1,23 @@ --- a/src/crypto_openssl.c +++ b/src/crypto_openssl.c -@@ -155,14 +155,24 @@ +@@ -109,6 +109,8 @@ + is called by SQLCipher internally. This should prevent SQLCipher from + "cleaning up" openssl when it was initialized externally by the program */ + EVP_cleanup(); ++ } else { ++ openssl_external_init = 0; + } + #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND + sqlite3_mutex_free(openssl_rand_mutex); +@@ -143,14 +145,24 @@ } static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { - HMAC_CTX hctx; unsigned int outlen; +#if OPENSSL_VERSION_NUMBER >= 0x10100001L -+ HMAC_CTX *hctx; -+ hctx = HMAC_CTX_new(); ++ HMAC_CTX* hctx = HMAC_CTX_new(); ++ if(hctx == NULL) return SQLITE_ERROR; + HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL); + HMAC_Update(hctx, in, in_sz); + HMAC_Update(hctx, in2, in2_sz); @@ -26,7 +35,7 @@ return SQLITE_OK; } -@@ -172,9 +182,23 @@ +@@ -160,9 +172,23 @@ } static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) { @@ -34,15 +43,15 @@ int tmp_csz, csz; +#if OPENSSL_VERSION_NUMBER >= 0x10100001L -+ EVP_CIPHER_CTX *ectx; -+ ectx = EVP_CIPHER_CTX_new(); -+ EVP_CipherInit(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode); ++ EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new(); ++ if(ectx == NULL) return SQLITE_ERROR; ++ EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode); + EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding -+ EVP_CipherInit(ectx, NULL, key, iv, mode); ++ EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode); + EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz); + csz = tmp_csz; + out += tmp_csz; -+ EVP_CipherFinal(ectx, out, &tmp_csz); ++ EVP_CipherFinal_ex(ectx, out, &tmp_csz); + csz += tmp_csz; + EVP_CIPHER_CTX_free(ectx); + @@ -51,7 +60,7 @@ EVP_CipherInit(&ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode); EVP_CIPHER_CTX_set_padding(&ectx, 0); // no padding EVP_CipherInit(&ectx, NULL, key, iv, mode); -@@ -184,7 +208,9 @@ +@@ -172,14 +198,19 @@ EVP_CipherFinal(&ectx, out, &tmp_csz); csz += tmp_csz; EVP_CIPHER_CTX_cleanup(&ectx); @@ -61,3 +70,15 @@ return SQLITE_OK; } + static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) { + openssl_ctx *o_ctx = (openssl_ctx *)ctx; +- o_ctx->evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name); +- return SQLITE_OK; ++ EVP_CIPHER* cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name); ++ if(cipher != NULL) { ++ o_ctx->evp_cipher = cipher; ++ } ++ return cipher != NULL ? SQLITE_OK : SQLITE_ERROR; + } + + static const char* sqlcipher_openssl_get_cipher(void *ctx) {
Attachment:
signature.asc
Description: OpenPGP digital signature