[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#919043: nmu: ckermit_302-5.3 (stretch)



On 2019-02-02 14:46:54 [+0100], Andreas Beckmann wrote:
> I'm not going to touch that package, please go ahead with preparing a
> NMU (or probably rather QA upload if it is gone from sid) to stretch,
> since you seem to know how to properly fix this bug once and for all :-)

I'm proposing this attached debdiff.
For testing I compiled it against libssl1.0-dev 1.0.2j-5 and then
upgraded to the version provided by the security repository. No error
message. I expect it work - it would be awesome if the reporter could
confirm this (I can provided the binary packages if required).

> Andreas

Sebastian
diff -Nru ckermit-302/debian/changelog ckermit-302/debian/changelog
--- ckermit-302/debian/changelog	2017-01-12 09:18:27.000000000 +0100
+++ ckermit-302/debian/changelog	2019-02-14 23:35:55.000000000 +0100
@@ -1,3 +1,11 @@
+ckermit (302-5.3+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop check openssl compile time version vs runtime version
+    (Closes: #917485).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Thu, 14 Feb 2019 23:35:55 +0100
+
 ckermit (302-5.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch
--- ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch	1970-01-01 01:00:00.000000000 +0100
+++ ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch	2019-02-14 23:31:55.000000000 +0100
@@ -0,0 +1,110 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Thu, 14 Feb 2019 22:13:40 +0100
+Subject: [PATCH] ckermit: drop the version for openssl
+
+ckermit checks at runtime the version of the libssl it was compiled
+against the libssl library it is running. The comment says that it is
+required because the ABI is not stable at the 1.0.0 version and may
+change so it is better to abort.
+Meanwhile, openssl has a stable ABI and if something changes in a
+non-compatible way then the so name changes.
+
+Remove the check if the version of libssl changed between compile time
+and run time because it is outdated / not required anymore.
+
+BTS: https://bugs.debian.org/917485
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ ck_ssl.c | 68 +-------------------------------------------------------
+ 1 file changed, 1 insertion(+), 67 deletions(-)
+
+diff --git a/ck_ssl.c b/ck_ssl.c
+index 3640d8f07fa86..75e2875c7fe91 100644
+--- a/ck_ssl.c
++++ b/ck_ssl.c
+@@ -1362,15 +1362,7 @@ ssl_once_init()
+ 
+     if ( !ck_ssleay_is_installed() )
+         return;
+-/*
+-  OpenSSL does not provide for ABI compatibility between releases prior
+-  to version 1.0.0.  If the version does not match, it is not safe to
+-  assume that any function you call takes the same parameters or does
+-  the same thing with them.  Removing this test prior to the OpenSSL 1.0.0
+-  release will result in an increase in unexplained or incorrect behaviors.
+-  The test should be revised once OpenSSL 1.0.0 is released and we see what
+-  its claims are as to ABI compatibility.
+-*/
++
+     debug(F111,"Kermit built for OpenSSL",OPENSSL_VERSION_TEXT,SSLEAY_VERSION_NUMBER);
+ #ifndef OS2ONLY
+     debug(F111,"OpenSSL Library",SSLeay_version(SSLEAY_VERSION),
+@@ -1380,64 +1372,6 @@ ssl_once_init()
+     debug(F110,"OpenSSL Library",SSLeay_version(SSLEAY_PLATFORM),0);
+ 
+     /* The following test is suggested by Richard Levitte */
+-    if (((OPENSSL_VERSION_NUMBER ^ SSLeay()) & 0xffffff0f) 
+-#ifdef OS2
+-         || ckstrcmp(OPENSSL_VERSION_TEXT,(char *)SSLeay_version(SSLEAY_VERSION),-1,1)
+-#endif /* OS2 */
+-         ) {
+-        ssl_installed = 0;
+-        debug(F111,"OpenSSL Version does not match.  Built with",
+-               SSLeay_version(SSLEAY_VERSION),SSLEAY_VERSION_NUMBER);
+-        printf("?OpenSSL libraries do not match required version:\r\n");
+-        printf("  . C-Kermit built with %s\r\n",OPENSSL_VERSION_TEXT);
+-        printf("  . Version found  %s\r\n",SSLeay_version(SSLEAY_VERSION));
+-        printf("  OpenSSL versions prior to 1.0.0 must be the same.\r\n");    
+-
+-	s = "R";
+-#ifdef SOLARIS
+-	printf("  Set CD_LIBRARY_PATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+-	s = " Or r";
+-#endif	/* SOLARIS */
+-
+-#ifdef HPUX
+-	printf("  Set SHLIB_PATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+-	s = " Or r";
+-#endif	/* HPUX */
+-
+-#ifdef AIX
+-	printf("  Set LIBPATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+-	s = " Or r";
+-#endif	/* AIX */
+-
+-#ifdef LINUX
+-	printf("  Set LD_LIBRARY_PATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+-	s = " Or r";
+-#endif	/* LINUX */
+-
+-        printf(" %sebuild C-Kermit from source on this computer to make \
+-versions agree.\r\n",s);
+-
+-#ifdef KTARGET
+-	{
+-	    char * s;
+-	    s = KTARGET;
+-	    if (!s) s = "";
+-	    if (!*s) s = "(unknown)";
+-	    printf("  C-Kermit makefile target: %s\r\n",s);
+-	}
+-#endif	/* KTARGET */
+-        printf("  Or if that is what you did then try to find out why\r\n");
+-        printf("  the program loader (image activator) is choosing a\r\n");
+-        printf("  different OpenSSL library than the one specified in \
+-the build.\r\n\r\n");
+-        printf("  All SSL/TLS features disabled.\r\n\r\n");
+-        bleep(BP_FAIL);
+-#ifdef SSLDLL
+-        ck_ssl_unloaddll();
+-        ck_crypto_unloaddll();
+-#endif /* SSLDLL */
+-        return;
+-    }
+ #endif /* OS2ONLY */
+ 
+     /* init things so we will get meaningful error messages
+-- 
+2.20.1
+
diff -Nru ckermit-302/debian/patches/series ckermit-302/debian/patches/series
--- ckermit-302/debian/patches/series	2016-04-19 23:15:56.000000000 +0200
+++ ckermit-302/debian/patches/series	2019-02-14 23:32:28.000000000 +0100
@@ -4,3 +4,4 @@
 040_fix_types.patch
 050-consider-OPENSSL_NO_SSL3.patch
 900_ck_patch.patch
+ckermit-drop-the-version-for-openssl.patch

Reply to: