Bug#919043: nmu: ckermit_302-5.3 (stretch)
On 2019-02-02 14:46:54 [+0100], Andreas Beckmann wrote:
> I'm not going to touch that package, please go ahead with preparing a
> NMU (or probably rather QA upload if it is gone from sid) to stretch,
> since you seem to know how to properly fix this bug once and for all :-)
I'm proposing this attached debdiff.
For testing I compiled it against libssl1.0-dev 1.0.2j-5 and then
upgraded to the version provided by the security repository. No error
message. I expect it work - it would be awesome if the reporter could
confirm this (I can provided the binary packages if required).
> Andreas
Sebastian
diff -Nru ckermit-302/debian/changelog ckermit-302/debian/changelog
--- ckermit-302/debian/changelog 2017-01-12 09:18:27.000000000 +0100
+++ ckermit-302/debian/changelog 2019-02-14 23:35:55.000000000 +0100
@@ -1,3 +1,11 @@
+ckermit (302-5.3+deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Drop check openssl compile time version vs runtime version
+ (Closes: #917485).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 14 Feb 2019 23:35:55 +0100
+
ckermit (302-5.3) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch
--- ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch 1970-01-01 01:00:00.000000000 +0100
+++ ckermit-302/debian/patches/ckermit-drop-the-version-for-openssl.patch 2019-02-14 23:31:55.000000000 +0100
@@ -0,0 +1,110 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Thu, 14 Feb 2019 22:13:40 +0100
+Subject: [PATCH] ckermit: drop the version for openssl
+
+ckermit checks at runtime the version of the libssl it was compiled
+against the libssl library it is running. The comment says that it is
+required because the ABI is not stable at the 1.0.0 version and may
+change so it is better to abort.
+Meanwhile, openssl has a stable ABI and if something changes in a
+non-compatible way then the so name changes.
+
+Remove the check if the version of libssl changed between compile time
+and run time because it is outdated / not required anymore.
+
+BTS: https://bugs.debian.org/917485
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ ck_ssl.c | 68 +-------------------------------------------------------
+ 1 file changed, 1 insertion(+), 67 deletions(-)
+
+diff --git a/ck_ssl.c b/ck_ssl.c
+index 3640d8f07fa86..75e2875c7fe91 100644
+--- a/ck_ssl.c
++++ b/ck_ssl.c
+@@ -1362,15 +1362,7 @@ ssl_once_init()
+
+ if ( !ck_ssleay_is_installed() )
+ return;
+-/*
+- OpenSSL does not provide for ABI compatibility between releases prior
+- to version 1.0.0. If the version does not match, it is not safe to
+- assume that any function you call takes the same parameters or does
+- the same thing with them. Removing this test prior to the OpenSSL 1.0.0
+- release will result in an increase in unexplained or incorrect behaviors.
+- The test should be revised once OpenSSL 1.0.0 is released and we see what
+- its claims are as to ABI compatibility.
+-*/
++
+ debug(F111,"Kermit built for OpenSSL",OPENSSL_VERSION_TEXT,SSLEAY_VERSION_NUMBER);
+ #ifndef OS2ONLY
+ debug(F111,"OpenSSL Library",SSLeay_version(SSLEAY_VERSION),
+@@ -1380,64 +1372,6 @@ ssl_once_init()
+ debug(F110,"OpenSSL Library",SSLeay_version(SSLEAY_PLATFORM),0);
+
+ /* The following test is suggested by Richard Levitte */
+- if (((OPENSSL_VERSION_NUMBER ^ SSLeay()) & 0xffffff0f)
+-#ifdef OS2
+- || ckstrcmp(OPENSSL_VERSION_TEXT,(char *)SSLeay_version(SSLEAY_VERSION),-1,1)
+-#endif /* OS2 */
+- ) {
+- ssl_installed = 0;
+- debug(F111,"OpenSSL Version does not match. Built with",
+- SSLeay_version(SSLEAY_VERSION),SSLEAY_VERSION_NUMBER);
+- printf("?OpenSSL libraries do not match required version:\r\n");
+- printf(" . C-Kermit built with %s\r\n",OPENSSL_VERSION_TEXT);
+- printf(" . Version found %s\r\n",SSLeay_version(SSLEAY_VERSION));
+- printf(" OpenSSL versions prior to 1.0.0 must be the same.\r\n");
+-
+- s = "R";
+-#ifdef SOLARIS
+- printf(" Set CD_LIBRARY_PATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+- s = " Or r";
+-#endif /* SOLARIS */
+-
+-#ifdef HPUX
+- printf(" Set SHLIB_PATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+- s = " Or r";
+-#endif /* HPUX */
+-
+-#ifdef AIX
+- printf(" Set LIBPATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+- s = " Or r";
+-#endif /* AIX */
+-
+-#ifdef LINUX
+- printf(" Set LD_LIBRARY_PATH for %s.\r\n",OPENSSL_VERSION_TEXT);
+- s = " Or r";
+-#endif /* LINUX */
+-
+- printf(" %sebuild C-Kermit from source on this computer to make \
+-versions agree.\r\n",s);
+-
+-#ifdef KTARGET
+- {
+- char * s;
+- s = KTARGET;
+- if (!s) s = "";
+- if (!*s) s = "(unknown)";
+- printf(" C-Kermit makefile target: %s\r\n",s);
+- }
+-#endif /* KTARGET */
+- printf(" Or if that is what you did then try to find out why\r\n");
+- printf(" the program loader (image activator) is choosing a\r\n");
+- printf(" different OpenSSL library than the one specified in \
+-the build.\r\n\r\n");
+- printf(" All SSL/TLS features disabled.\r\n\r\n");
+- bleep(BP_FAIL);
+-#ifdef SSLDLL
+- ck_ssl_unloaddll();
+- ck_crypto_unloaddll();
+-#endif /* SSLDLL */
+- return;
+- }
+ #endif /* OS2ONLY */
+
+ /* init things so we will get meaningful error messages
+--
+2.20.1
+
diff -Nru ckermit-302/debian/patches/series ckermit-302/debian/patches/series
--- ckermit-302/debian/patches/series 2016-04-19 23:15:56.000000000 +0200
+++ ckermit-302/debian/patches/series 2019-02-14 23:32:28.000000000 +0100
@@ -4,3 +4,4 @@
040_fix_types.patch
050-consider-OPENSSL_NO_SSL3.patch
900_ck_patch.patch
+ckermit-drop-the-version-for-openssl.patch
Reply to: