[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#927437: marked as done (unblock: openssl/1.1.1b-2)

Your message dated Sat, 20 Apr 2019 06:16:00 +0000
with message-id <eb1c455e-f6c8-2c72-ef8f-2621046ea398@thykier.net>
and subject line Re: Bug#927437: unblock: openssl/1.1.1b-2
has caused the Debian Bug report #927437,
regarding unblock: openssl/1.1.1b-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
927437: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927437
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

Can you please unblock openssl. It fixes 2 important bugs.
debdiff attached.


Kurt


diff -Nru openssl-1.1.1b/debian/changelog openssl-1.1.1b/debian/changelog
--- openssl-1.1.1b/debian/changelog	2019-02-26 19:52:12.000000000 +0100
+++ openssl-1.1.1b/debian/changelog	2019-04-16 21:31:11.000000000 +0200
@@ -1,3 +1,11 @@
+openssl (1.1.1b-2) unstable; urgency=medium
+
+  * Fix BUF_MEM regression (Closes: #923516)
+  * Fix error when config can't be opened (Closes: #926315)
+  * Ship an openssl.cnf in libssl1.1-udeb.dirs
+
+ -- Kurt Roeckx <kurt@roeckx.be>  Tue, 16 Apr 2019 21:31:11 +0200
+
 openssl (1.1.1b-1) unstable; urgency=medium
 
   [ Sebastian Andrzej Siewior ]
diff -Nru openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
--- openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs	2019-02-26 19:25:16.000000000 +0100
+++ openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs	2019-04-16 21:31:11.000000000 +0200
@@ -1 +1,2 @@
 usr/lib
+usr/lib/ssl
diff -Nru openssl-1.1.1b/debian/patches/0001-Fix-for-BIO_get_mem_ptr-and-related-regressions.patch openssl-1.1.1b/debian/patches/0001-Fix-for-BIO_get_mem_ptr-and-related-regressions.patch
--- openssl-1.1.1b/debian/patches/0001-Fix-for-BIO_get_mem_ptr-and-related-regressions.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.1.1b/debian/patches/0001-Fix-for-BIO_get_mem_ptr-and-related-regressions.patch	2019-04-16 21:23:57.000000000 +0200
@@ -0,0 +1,118 @@
+From 43bb4dec99f4bed1ec20836c79967ea790594fce Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Wed, 3 Apr 2019 12:31:32 +0200
+Subject: [PATCH 1/5] Fix for BIO_get_mem_ptr and related regressions
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8649)
+
+(cherry picked from commit b238fb79709a180ba9b4d837101c9f75e2978dc0)
+---
+ crypto/bio/bss_mem.c | 40 ++++++++++++++++++++++++++++------------
+ 1 file changed, 28 insertions(+), 12 deletions(-)
+
+diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
+index 10fcbf7a7c..abf0f04111 100644
+--- a/crypto/bio/bss_mem.c
++++ b/crypto/bio/bss_mem.c
+@@ -57,7 +57,12 @@ static const BIO_METHOD secmem_method = {
+     NULL,                      /* mem_callback_ctrl */
+ };
+ 
+-/* BIO memory stores buffer and read pointer  */
++/*
++ * BIO memory stores buffer and read pointer
++ * however the roles are different for read only BIOs.
++ * In that case the readp just stores the original state
++ * to be used for reset.
++ */
+ typedef struct bio_buf_mem_st {
+     struct buf_mem_st *buf;   /* allocated buffer */
+     struct buf_mem_st *readp; /* read pointer */
+@@ -192,6 +197,8 @@ static int mem_read(BIO *b, char *out, int outl)
+     BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+     BUF_MEM *bm = bbm->readp;
+ 
++    if (b->flags & BIO_FLAGS_MEM_RDONLY)
++        bm = bbm->buf;
+     BIO_clear_retry_flags(b);
+     ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl;
+     if ((out != NULL) && (ret > 0)) {
+@@ -241,29 +248,36 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+     BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+     BUF_MEM *bm;
+ 
++    if (b->flags & BIO_FLAGS_MEM_RDONLY)
++        bm = bbm->buf;
++    else
++        bm = bbm->readp;
++
+     switch (cmd) {
+     case BIO_CTRL_RESET:
+         bm = bbm->buf;
+         if (bm->data != NULL) {
+-            /* For read only case reset to the start again */
+-            if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) {
+-                bm->length = bm->max;
++            if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) {
++                if (b->flags & BIO_FLAGS_NONCLEAR_RST) {
++                    bm->length = bm->max;
++                } else {
++                    memset(bm->data, 0, bm->max);
++                    bm->length = 0;
++                }
++                *bbm->readp = *bbm->buf;
+             } else {
+-                memset(bm->data, 0, bm->max);
+-                bm->length = 0;
++                /* For read only case just reset to the start again */
++                *bbm->buf = *bbm->readp;
+             }
+-            *bbm->readp = *bbm->buf;
+         }
+         break;
+     case BIO_CTRL_EOF:
+-        bm = bbm->readp;
+         ret = (long)(bm->length == 0);
+         break;
+     case BIO_C_SET_BUF_MEM_EOF_RETURN:
+         b->num = (int)num;
+         break;
+     case BIO_CTRL_INFO:
+-        bm = bbm->readp;
+         ret = (long)bm->length;
+         if (ptr != NULL) {
+             pptr = (char **)ptr;
+@@ -278,8 +292,9 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+         break;
+     case BIO_C_GET_BUF_MEM_PTR:
+         if (ptr != NULL) {
+-            mem_buf_sync(b);
+-            bm = bbm->readp;
++            if (!(b->flags & BIO_FLAGS_MEM_RDONLY))
++                mem_buf_sync(b);
++            bm = bbm->buf;
+             pptr = (char **)ptr;
+             *pptr = (char *)bm;
+         }
+@@ -294,7 +309,6 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+         ret = 0L;
+         break;
+     case BIO_CTRL_PENDING:
+-        bm = bbm->readp;
+         ret = (long)bm->length;
+         break;
+     case BIO_CTRL_DUP:
+@@ -318,6 +332,8 @@ static int mem_gets(BIO *bp, char *buf, int size)
+     BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr;
+     BUF_MEM *bm = bbm->readp;
+ 
++    if (bp->flags & BIO_FLAGS_MEM_RDONLY)
++        bm = bbm->buf;
+     BIO_clear_retry_flags(bp);
+     j = bm->length;
+     if ((size - 1) < j)
+-- 
+2.20.1
+
diff -Nru openssl-1.1.1b/debian/patches/0001-OPENSSL_config-restore-error-agnosticism.patch openssl-1.1.1b/debian/patches/0001-OPENSSL_config-restore-error-agnosticism.patch
--- openssl-1.1.1b/debian/patches/0001-OPENSSL_config-restore-error-agnosticism.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.1.1b/debian/patches/0001-OPENSSL_config-restore-error-agnosticism.patch	2019-04-16 21:24:04.000000000 +0200
@@ -0,0 +1,37 @@
+From 9933d4a06bd0a0b5b757f072944e8cd54d4bddd3 Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Wed, 20 Mar 2019 10:18:13 +0100
+Subject: [PATCH] OPENSSL_config(): restore error agnosticism
+
+Great effort has been made to make initialization more configurable.
+However, the behavior of OPENSSL_config() was lost in the process,
+having it suddenly generate errors it didn't previously, which is not
+how it's documented to behave.
+
+A simple setting of default flags fixes this problem.
+
+Fixes #8528
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8533)
+
+(cherry picked from commit 905c9a72a708701597891527b422c7f374125c52)
+---
+ crypto/conf/conf_sap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
+index 2ce42f0c67..3805c426d8 100644
+--- a/crypto/conf/conf_sap.c
++++ b/crypto/conf/conf_sap.c
+@@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
+     memset(&settings, 0, sizeof(settings));
+     if (appname != NULL)
+         settings.appname = strdup(appname);
++    settings.flags = DEFAULT_CONF_MFLAGS;
+     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
+ }
+ #endif
+-- 
+2.20.1
+
diff -Nru openssl-1.1.1b/debian/patches/0002-Add-test-for-the-BIO_get_mem_ptr-regression.patch openssl-1.1.1b/debian/patches/0002-Add-test-for-the-BIO_get_mem_ptr-regression.patch
--- openssl-1.1.1b/debian/patches/0002-Add-test-for-the-BIO_get_mem_ptr-regression.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.1.1b/debian/patches/0002-Add-test-for-the-BIO_get_mem_ptr-regression.patch	2019-04-16 21:23:57.000000000 +0200
@@ -0,0 +1,87 @@
+From 27a11cd60270091f38e432aca5d46744ee66503d Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Fri, 1 Mar 2019 01:55:38 +0100
+Subject: [PATCH 2/5] Add test for the BIO_get_mem_ptr() regression
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8649)
+
+(cherry picked from commit c9dc22bc3d7f2df670dff66f04935e540e1b931a)
+---
+ test/bio_memleak_test.c | 41 +++++++++++++++++++++++++++++++++++------
+ 1 file changed, 35 insertions(+), 6 deletions(-)
+
+diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c
+index 21b46cbbd3..838cd35eb1 100644
+--- a/test/bio_memleak_test.c
++++ b/test/bio_memleak_test.c
+@@ -18,25 +18,53 @@ static int test_bio_memleak(void)
+     int ok = 0;
+     BIO *bio;
+     BUF_MEM bufmem;
+-    const char *str = "BIO test\n";
++    static const char str[] = "BIO test\n";
+     char buf[100];
+ 
+     bio = BIO_new(BIO_s_mem());
+-    if (bio == NULL)
++    if (!TEST_ptr(bio))
+         goto finish;
+-    bufmem.length = strlen(str) + 1;
++    bufmem.length = sizeof(str);
+     bufmem.data = (char *) str;
+     bufmem.max = bufmem.length;
+     BIO_set_mem_buf(bio, &bufmem, BIO_NOCLOSE);
+     BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY);
++    if (!TEST_int_eq(BIO_read(bio, buf, sizeof(buf)), sizeof(str)))
++        goto finish;
++    if (!TEST_mem_eq(buf, sizeof(str), str, sizeof(str)))
++        goto finish;
++    ok = 1;
++
++finish:
++    BIO_free(bio);
++    return ok;
++}
+ 
+-    if (BIO_read(bio, buf, sizeof(buf)) <= 0)
+-	goto finish;
++static int test_bio_get_mem(void)
++{
++    int ok = 0;
++    BIO *bio = NULL;
++    BUF_MEM *bufmem = NULL;
+ 
+-    ok = strcmp(buf, str) == 0;
++    bio = BIO_new(BIO_s_mem());
++    if (!TEST_ptr(bio))
++        goto finish;
++    if (!TEST_int_eq(BIO_puts(bio, "Hello World\n"), 12))
++        goto finish;
++    BIO_get_mem_ptr(bio, &bufmem);
++    if (!TEST_ptr(bufmem))
++        goto finish;
++    if (!TEST_int_gt(BIO_set_close(bio, BIO_NOCLOSE), 0))
++        goto finish;
++    BIO_free(bio);
++    bio = NULL;
++    if (!TEST_mem_eq(bufmem->data, bufmem->length, "Hello World\n", 12))
++        goto finish;
++    ok = 1;
+ 
+ finish:
+     BIO_free(bio);
++    BUF_MEM_free(bufmem);
+     return ok;
+ }
+ 
+@@ -50,5 +78,6 @@ int global_init(void)
+ int setup_tests(void)
+ {
+     ADD_TEST(test_bio_memleak);
++    ADD_TEST(test_bio_get_mem);
+     return 1;
+ }
+-- 
+2.20.1
+
diff -Nru openssl-1.1.1b/debian/patches/0003-Add-testing-of-RDONLY-memory-BIOs.patch openssl-1.1.1b/debian/patches/0003-Add-testing-of-RDONLY-memory-BIOs.patch
--- openssl-1.1.1b/debian/patches/0003-Add-testing-of-RDONLY-memory-BIOs.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.1.1b/debian/patches/0003-Add-testing-of-RDONLY-memory-BIOs.patch	2019-04-16 21:23:57.000000000 +0200
@@ -0,0 +1,126 @@
+From 4912bf74280caa7aec5b206e29b103d594075123 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Wed, 3 Apr 2019 19:07:00 +0200
+Subject: [PATCH 3/5] Add testing of RDONLY memory BIOs
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8649)
+
+(cherry picked from commit d34bce03acc53c583df954bbed65d4800751563a)
+---
+ crypto/bio/bss_mem.c    |  1 +
+ test/bio_memleak_test.c | 79 +++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 80 insertions(+)
+
+diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
+index abf0f04111..8c621d6c1e 100644
+--- a/crypto/bio/bss_mem.c
++++ b/crypto/bio/bss_mem.c
+@@ -204,6 +204,7 @@ static int mem_read(BIO *b, char *out, int outl)
+     if ((out != NULL) && (ret > 0)) {
+         memcpy(out, bm->data, ret);
+         bm->length -= ret;
++        bm->max -= ret;
+         bm->data += ret;
+     } else if (bm->length == 0) {
+         ret = b->num;
+diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c
+index 838cd35eb1..bde66e0812 100644
+--- a/test/bio_memleak_test.c
++++ b/test/bio_memleak_test.c
+@@ -68,6 +68,83 @@ finish:
+     return ok;
+ }
+ 
++static int test_bio_new_mem_buf(void)
++{
++    int ok = 0;
++    BIO *bio;
++    BUF_MEM *bufmem;
++    char data[16];
++
++    bio = BIO_new_mem_buf("Hello World\n", 12);
++    if (!TEST_ptr(bio))
++        goto finish;
++    if (!TEST_int_eq(BIO_read(bio, data, 5), 5))
++        goto finish;
++    if (!TEST_mem_eq(data, 5, "Hello", 5))
++        goto finish;
++    if (!TEST_int_gt(BIO_get_mem_ptr(bio, &bufmem), 0))
++        goto finish;
++    if (!TEST_int_lt(BIO_write(bio, "test", 4), 0))
++        goto finish;
++    if (!TEST_int_eq(BIO_read(bio, data, 16), 7))
++        goto finish;
++    if (!TEST_mem_eq(data, 7, " World\n", 7))
++        goto finish;
++    if (!TEST_int_gt(BIO_reset(bio), 0))
++        goto finish;
++    if (!TEST_int_eq(BIO_read(bio, data, 16), 12))
++        goto finish;
++    if (!TEST_mem_eq(data, 12, "Hello World\n", 12))
++        goto finish;
++    ok = 1;
++
++finish:
++    BIO_free(bio);
++    return ok;
++}
++
++static int test_bio_rdonly_mem_buf(void)
++{
++    int ok = 0;
++    BIO *bio, *bio2 = NULL;
++    BUF_MEM *bufmem;
++    char data[16];
++
++    bio = BIO_new_mem_buf("Hello World\n", 12);
++    if (!TEST_ptr(bio))
++        goto finish;
++    if (!TEST_int_eq(BIO_read(bio, data, 5), 5))
++        goto finish;
++    if (!TEST_mem_eq(data, 5, "Hello", 5))
++        goto finish;
++    if (!TEST_int_gt(BIO_get_mem_ptr(bio, &bufmem), 0))
++        goto finish;
++    (void)BIO_set_close(bio, BIO_NOCLOSE);
++
++    bio2 = BIO_new(BIO_s_mem());
++    if (!TEST_ptr(bio2))
++        goto finish;
++    BIO_set_mem_buf(bio2, bufmem, BIO_CLOSE);
++    BIO_set_flags(bio2, BIO_FLAGS_MEM_RDONLY);
++
++    if (!TEST_int_eq(BIO_read(bio2, data, 16), 7))
++        goto finish;
++    if (!TEST_mem_eq(data, 7, " World\n", 7))
++        goto finish;
++    if (!TEST_int_gt(BIO_reset(bio2), 0))
++        goto finish;
++    if (!TEST_int_eq(BIO_read(bio2, data, 16), 7))
++        goto finish;
++    if (!TEST_mem_eq(data, 7, " World\n", 7))
++        goto finish;
++    ok = 1;
++
++finish:
++    BIO_free(bio);
++    BIO_free(bio2);
++    return ok;
++}
++
+ int global_init(void)
+ {
+     CRYPTO_set_mem_debug(1);
+@@ -79,5 +156,7 @@ int setup_tests(void)
+ {
+     ADD_TEST(test_bio_memleak);
+     ADD_TEST(test_bio_get_mem);
++    ADD_TEST(test_bio_new_mem_buf);
++    ADD_TEST(test_bio_rdonly_mem_buf);
+     return 1;
+ }
+-- 
+2.20.1
+
diff -Nru openssl-1.1.1b/debian/patches/0004-Add-documentation-for-the-BIO_s_mem-pecularities.patch openssl-1.1.1b/debian/patches/0004-Add-documentation-for-the-BIO_s_mem-pecularities.patch
--- openssl-1.1.1b/debian/patches/0004-Add-documentation-for-the-BIO_s_mem-pecularities.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.1.1b/debian/patches/0004-Add-documentation-for-the-BIO_s_mem-pecularities.patch	2019-04-16 21:23:57.000000000 +0200
@@ -0,0 +1,44 @@
+From 693f98aae8a33f2e0f91264ca7383438bae93d47 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 4 Apr 2019 09:48:47 +0200
+Subject: [PATCH 4/5] Add documentation for the BIO_s_mem pecularities
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8649)
+
+(cherry picked from commit 3d42833d389134b7b05b655c264e4dba5a2179e9)
+---
+ doc/man3/BIO_s_mem.pod | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod
+index 050d7786a6..250d12cbae 100644
+--- a/doc/man3/BIO_s_mem.pod
++++ b/doc/man3/BIO_s_mem.pod
+@@ -88,6 +88,22 @@ a buffering BIO to the chain will speed up the process.
+ Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will
+ give undefined results, including perhaps a program crash.
+ 
++Switching the memory BIO from read write to read only is not supported and
++can give undefined results including a program crash. There are two notable
++exceptions to the rule. The first one is to assign a static memory buffer
++immediately after BIO creation and set the BIO as read only.
++
++The other supported sequence is to start with read write BIO then temporarily
++switch it to read only and call BIO_reset() on the read only BIO immediately
++before switching it back to read write. Before the BIO is freed it must be
++switched back to the read write mode.
++
++Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that
++contains only the remaining data to be read. If the close status of the
++BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer
++in it must be set to NULL as the data pointer does not point to an
++allocated memory.
++
+ =head1 BUGS
+ 
+ There should be an option to set the maximum size of a memory BIO.
+-- 
+2.20.1
+
diff -Nru openssl-1.1.1b/debian/patches/0005-Add-test-for-the-BIO_s_mem-rdwr-rdonly-rdwr-use-case.patch openssl-1.1.1b/debian/patches/0005-Add-test-for-the-BIO_s_mem-rdwr-rdonly-rdwr-use-case.patch
--- openssl-1.1.1b/debian/patches/0005-Add-test-for-the-BIO_s_mem-rdwr-rdonly-rdwr-use-case.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.1.1b/debian/patches/0005-Add-test-for-the-BIO_s_mem-rdwr-rdonly-rdwr-use-case.patch	2019-04-16 21:23:57.000000000 +0200
@@ -0,0 +1,72 @@
+From 2456ae5763dc4b036b3b4cdb9b98de5d46dd221f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 4 Apr 2019 09:49:36 +0200
+Subject: [PATCH 5/5] Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8649)
+
+(cherry picked from commit 06add280d90de9625e9c18985f376ef8d0419a46)
+---
+ test/bio_memleak_test.c | 38 ++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 38 insertions(+)
+
+diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c
+index bde66e0812..9724148fae 100644
+--- a/test/bio_memleak_test.c
++++ b/test/bio_memleak_test.c
+@@ -145,6 +145,43 @@ finish:
+     return ok;
+ }
+ 
++static int test_bio_rdwr_rdonly(void)
++{
++    int ok = 0;
++    BIO *bio = NULL;
++    char data[16];
++
++    bio = BIO_new(BIO_s_mem());
++    if (!TEST_ptr(bio))
++        goto finish;
++    if (!TEST_int_eq(BIO_puts(bio, "Hello World\n"), 12))
++        goto finish;
++
++    BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY);
++    if (!TEST_int_eq(BIO_read(bio, data, 16), 12))
++        goto finish;
++    if (!TEST_mem_eq(data, 12, "Hello World\n", 12))
++        goto finish;
++    if (!TEST_int_gt(BIO_reset(bio), 0))
++        goto finish;
++
++    BIO_clear_flags(bio, BIO_FLAGS_MEM_RDONLY);
++    if (!TEST_int_eq(BIO_puts(bio, "Hi!\n"), 4))
++        goto finish;
++    if (!TEST_int_eq(BIO_read(bio, data, 16), 16))
++        goto finish;
++
++    if (!TEST_mem_eq(data, 16, "Hello World\nHi!\n", 16))
++        goto finish;
++
++    ok = 1;
++
++finish:
++    BIO_free(bio);
++    return ok;
++}
++
++
+ int global_init(void)
+ {
+     CRYPTO_set_mem_debug(1);
+@@ -158,5 +195,6 @@ int setup_tests(void)
+     ADD_TEST(test_bio_get_mem);
+     ADD_TEST(test_bio_new_mem_buf);
+     ADD_TEST(test_bio_rdonly_mem_buf);
++    ADD_TEST(test_bio_rdwr_rdonly);
+     return 1;
+ }
+-- 
+2.20.1
+
diff -Nru openssl-1.1.1b/debian/patches/series openssl-1.1.1b/debian/patches/series
--- openssl-1.1.1b/debian/patches/series	2019-02-26 19:25:16.000000000 +0100
+++ openssl-1.1.1b/debian/patches/series	2019-04-16 21:24:16.000000000 +0200
@@ -4,3 +4,9 @@
 pic.patch
 c_rehash-compat.patch
 Set-systemwide-default-settings-for-libssl-users.patch
+0001-Fix-for-BIO_get_mem_ptr-and-related-regressions.patch
+0002-Add-test-for-the-BIO_get_mem_ptr-regression.patch
+0003-Add-testing-of-RDONLY-memory-BIOs.patch
+0004-Add-documentation-for-the-BIO_s_mem-pecularities.patch
+0005-Add-test-for-the-BIO_s_mem-rdwr-rdonly-rdwr-use-case.patch
+0001-OPENSSL_config-restore-error-agnosticism.patch
diff -Nru openssl-1.1.1b/debian/rules openssl-1.1.1b/debian/rules
--- openssl-1.1.1b/debian/rules	2019-02-26 19:25:16.000000000 +0100
+++ openssl-1.1.1b/debian/rules	2019-04-16 21:29:18.000000000 +0200
@@ -119,6 +119,7 @@
 	mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/
 	ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/
 	cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto1.1-udeb/usr/lib/
+	cp -pf debian/tmp/etc/ssl/openssl.cnf debian/libcrypto1.1-udeb/usr/lib/ssl/openssl.cnf
 	cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so.* debian/libssl1.1-udeb/usr/lib/
 	cp -auv build_shared/lib*.so* debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/
 	for opt in $(OPTS); \

--- End Message ---
--- Begin Message --- 
Cyril Brulebois:
> Hi Kurt,
> 
> Kurt Roeckx <kurt@roeckx.be> (2019-04-19):
>> Can you please unblock openssl. It fixes 2 important bugs.
>> debdiff attached.
> 
> (And thanks for the cc.)
> 
> I have been able to confirm during my work on haveged (#923675) that
> your upload indeed fixes the wget issues we had in d-i (#926315); so
> thanks also for that, and no objections on the d-i side regarding the
> unblock request.
> 
>> diff -Nru openssl-1.1.1b/debian/changelog openssl-1.1.1b/debian/changelog
>> --- openssl-1.1.1b/debian/changelog	2019-02-26 19:52:12.000000000 +0100
>> +++ openssl-1.1.1b/debian/changelog	2019-04-16 21:31:11.000000000 +0200
>> @@ -1,3 +1,11 @@
>> +openssl (1.1.1b-2) unstable; urgency=medium
>> +
>> +  * Fix BUF_MEM regression (Closes: #923516)
>> +  * Fix error when config can't be opened (Closes: #926315)
>> +  * Ship an openssl.cnf in libssl1.1-udeb.dirs
> 
> The last entry is slightly odd, as that's the parent directory
> (/usr/lib/ssl) for openssl.cnf that's being added to its fellow
> companion (libcrypto1.1-udeb.dirs), rather than libssl1.1-udeb.dirs
> itself? The changelog entry could be fixed in the next upload though,
> not a huge issue.
> 
> 
> Cheers,
> 

Unblocked, thanks.
~Niels

--- End Message ---
Reply to: