Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

To: submit@bugs.debian.org
Subject: Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1
From: Gianfranco Costamagna <locutusofborg@debian.org>
Date: Tue, 2 Jan 2018 17:59:07 +0100
Message-id: <[🔎] 4fad8fdc-ecdc-0679-6cdc-2149e111c771@debian.org>
Reply-to: Gianfranco Costamagna <locutusofborg@debian.org>, 886146@bugs.debian.org

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

Hello, I request an update to fix segfaults for sqlcipher, due to wrong/incomplete openssl patch

summary of the changes is here (and debdiff attached)


+sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
+
+  [ Philipp Berger ]
+  * Fixup previous patch, to avoid a crash when opening file
+    (Closes: #863530)
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 02 Dec 2017 11:24:26 +0100
+

thanks!

Gianfranco

diff -Nru sqlcipher-3.2.0/debian/changelog sqlcipher-3.2.0/debian/changelog
--- sqlcipher-3.2.0/debian/changelog	2016-12-23 11:00:19.000000000 +0100
+++ sqlcipher-3.2.0/debian/changelog	2017-12-02 11:24:26.000000000 +0100
@@ -1,3 +1,11 @@
+sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
+
+  [ Philipp Berger ]
+  * Fixup previous patch, to avoid a crash when opening file
+    (Closes: #863530)
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 02 Dec 2017 11:24:26 +0100
+
 sqlcipher (3.2.0-2) unstable; urgency=medium
 
   * support building with openssl 1.1 (Closes: #828555)
diff -Nru sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch
--- sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch	2016-12-23 10:59:43.000000000 +0100
+++ sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch	2017-12-02 11:24:15.000000000 +0100
@@ -1,14 +1,23 @@
 --- a/src/crypto_openssl.c
 +++ b/src/crypto_openssl.c
-@@ -155,14 +155,24 @@
+@@ -109,6 +109,8 @@
+        is called by SQLCipher internally. This should prevent SQLCipher from 
+        "cleaning up" openssl when it was initialized externally by the program */
+       EVP_cleanup();
++    } else {
++      openssl_external_init = 0;
+     }
+ #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
+     sqlite3_mutex_free(openssl_rand_mutex);
+@@ -143,14 +145,24 @@
  }
  
  static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
 -  HMAC_CTX hctx;
    unsigned int outlen;
 +#if OPENSSL_VERSION_NUMBER >= 0x10100001L
-+  HMAC_CTX *hctx;
-+  hctx = HMAC_CTX_new();
++  HMAC_CTX* hctx = HMAC_CTX_new();
++  if(hctx == NULL) return SQLITE_ERROR;
 +  HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL);
 +  HMAC_Update(hctx, in, in_sz);
 +  HMAC_Update(hctx, in2, in2_sz);
@@ -26,7 +35,7 @@
    return SQLITE_OK; 
  }
  
-@@ -172,9 +182,23 @@
+@@ -160,9 +172,23 @@
  }
  
  static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
@@ -34,15 +43,15 @@
    int tmp_csz, csz;
   
 +#if OPENSSL_VERSION_NUMBER >= 0x10100001L
-+  EVP_CIPHER_CTX *ectx;
-+  ectx = EVP_CIPHER_CTX_new();
-+  EVP_CipherInit(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
++  EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
++  if(ectx == NULL) return SQLITE_ERROR;
++  EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode);
 +  EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding
-+  EVP_CipherInit(ectx, NULL, key, iv, mode);
++  EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode);
 +  EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz);
 +  csz = tmp_csz;  
 +  out += tmp_csz;
-+  EVP_CipherFinal(ectx, out, &tmp_csz);
++  EVP_CipherFinal_ex(ectx, out, &tmp_csz);
 +  csz += tmp_csz;
 +  EVP_CIPHER_CTX_free(ectx);
 +
@@ -51,7 +60,7 @@
    EVP_CipherInit(&ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
    EVP_CIPHER_CTX_set_padding(&ectx, 0); // no padding
    EVP_CipherInit(&ectx, NULL, key, iv, mode);
-@@ -184,7 +208,9 @@
+@@ -172,14 +198,19 @@
    EVP_CipherFinal(&ectx, out, &tmp_csz);
    csz += tmp_csz;
    EVP_CIPHER_CTX_cleanup(&ectx);
@@ -61,3 +70,15 @@
    return SQLITE_OK; 
  }
  
+ static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) {
+   openssl_ctx *o_ctx = (openssl_ctx *)ctx;
+-  o_ctx->evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
+-  return SQLITE_OK;
++  EVP_CIPHER* cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
++  if(cipher != NULL) {
++    o_ctx->evp_cipher = cipher;
++  }
++  return cipher != NULL ? SQLITE_OK : SQLITE_ERROR;
+ }
+ 
+ static const char* sqlcipher_openssl_get_cipher(void *ctx) {

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Re: udeb uninstallability trend: worse (+20/-0)
Next by Date: Re: udeb uninstallability trend: worse (+20/-0)
Previous by thread: Processed: Re: Bug#886017: RM: seelablet/1.0.6-2
Next by thread: Bug#871469: marked as done (transition: ocaml)
Index(es):
- Date
- Thread