Hello community, here is the log from the commit of package dump for openSUSE:Factory checked in at 2017-06-20 10:59:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dump (Old) and /work/SRC/openSUSE:Factory/.dump.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dump" Tue Jun 20 10:59:10 2017 rev:23 rq:503946 version:0.4b46 Changes: -------- --- /work/SRC/openSUSE:Factory/dump/dump.changes 2017-05-20 14:30:32.642223130 +0200 +++ /work/SRC/openSUSE:Factory/.dump.new/dump.changes 2017-06-20 10:59:27.787433781 +0200 @@ -1,0 +2,12 @@ +Thu Jun 15 12:33:17 UTC 2017 - tchva...@suse.com + +- Add sqlite3 dependency and enable building with it + +------------------------------------------------------------------- +Thu Jun 15 09:12:51 UTC 2017 - daniel.molken...@suse.com + +- Compile with OpenSSL 1.1 (bsc#1042637) +- add patches: + * dump-0.4b46-openssl-1.1.patch + +------------------------------------------------------------------- New: ---- dump-0.4b46-openssl-1.1.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dump.spec ++++++ --- /var/tmp/diff_new_pack.1YIfQ3/_old 2017-06-20 10:59:28.411345837 +0200 +++ /var/tmp/diff_new_pack.1YIfQ3/_new 2017-06-20 10:59:28.411345837 +0200 @@ -36,6 +36,8 @@ # PATCH-FIX-UPSTREAM dump-0.4b46-lzo-no-return.patch sv...@svalx.net -- fixing rpmlint # no-return-in-nonvoid-function error in dump Patch5: %{name}-0.4b46-lzo-no-return.patch +# PATCH-FIX-SUSE dump-0.4b46-pathnames.patch daniel.molken...@suse.com -- openssl 1.1 support +Patch6: %{name}-0.4b46-openssl-1.1.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: e2fsprogs-devel @@ -45,6 +47,7 @@ BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: readline-devel +BuildRequires: sqlite3-devel BuildRequires: zlib-devel Recommends: %{name}-rmt = %{version} Recommends: mt @@ -76,14 +79,17 @@ %patch3 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build autoreconf -fiv %configure \ + --disable-silent-rules \ + --enable-sqlite \ --enable-ermt \ --enable-rmt=no \ --with-rmtpath=%{_bindir} -make %{?_smp_mflags} V=1 +make %{?_smp_mflags} %install %make_install ++++++ dump-0.4b46-openssl-1.1.patch ++++++ Index: dump-0.4b46/common/transformation_ssl.c =================================================================== --- dump-0.4b46.orig/common/transformation_ssl.c +++ dump-0.4b46/common/transformation_ssl.c @@ -215,7 +215,10 @@ generateIV(Transformation *xform, unsign /* to be exposed to any attacker anyway. */ *saltlen = 16; if (xform->enc == 1) { - RAND_pseudo_bytes(salt, *saltlen); + if (!RAND_bytes(salt, *saltlen) != 1) { + /* PRNG not sufficiently seeded */ + return -1; + } } memcpy(ivbuffer, salt, 16); @@ -274,7 +277,7 @@ ssl_compress(Transformation *xform, stru digestlen = sizeof(digest); /* generate salt, put it in header */ - generateIV(xform, salt, &saltlen, iv, &ivlen); + generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */ memcpy(tpbin->buf, salt, saltlen); /* compress the buffer first - increase the entropy */ @@ -351,7 +354,7 @@ ssl_decompress(Transformation *xform, st // how to know salt length? memcpy(salt, src, saltlen); - generateIV(xform, salt, &saltlen, iv, &ivlen); + generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */ EVP_DecryptInit_ex(xform->state.ssl.dataCtx, xform->state.ssl.cipher, xform->state.ssl.engine, NULL, NULL); //EVP_CIPHER_CTX_set_key_length(&ctx, 8); @@ -515,7 +518,7 @@ Transformation //EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key); //EVP_CIPHER_CTX_cleanup(ctx); //EVP_CIPHER_CTX_free(ctx); - RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len); + RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher)); } else { // how do we get keys? } Index: dump-0.4b46/rmt/cipher.c =================================================================== --- dump-0.4b46.orig/rmt/cipher.c +++ dump-0.4b46/rmt/cipher.c @@ -23,7 +23,7 @@ char * cipher(char *buf, int buflen, int do_encrypt) { - static EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); static char *out = NULL; /* return value, grown as necessary */ static int outlen = 0; static int init = 0, which, blocksize; @@ -71,13 +71,13 @@ cipher(char *buf, int buflen, int do_enc } EVP_BytesToKey(cipher, EVP_md5(), NULL, buf, strlen(buf), 1, key, iv); - EVP_CIPHER_CTX_init(&ctx); - EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt); - EVP_CIPHER_CTX_set_padding(&ctx, 0); // -nopad + EVP_CIPHER_CTX_init(ctx); + EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt); + EVP_CIPHER_CTX_set_padding(ctx, 0); // -nopad OPENSSL_cleanse(buf, sizeof buf); OPENSSL_cleanse(key, sizeof key); OPENSSL_cleanse(iv, sizeof iv); - blocksize = EVP_CIPHER_CTX_block_size(&ctx); + blocksize = EVP_CIPHER_CTX_block_size(ctx); which = do_encrypt; init = 1; } @@ -95,7 +95,7 @@ cipher(char *buf, int buflen, int do_enc outlen = (buflen+blocksize) * 2; out = realloc(out, outlen); } - if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) { + if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) { syslog(LOG_ERR, "EVP_CipherUpdate failed"); errno = EINVAL; return NULL; @@ -106,6 +106,7 @@ cipher(char *buf, int buflen, int do_enc return NULL; } // assert(ctx->buf_len == 0); + EVP_CIPHER_CTX_free(ctx); return out; }