commit ecryptfs-utils for openSUSE:Factory

Wed, 15 Nov 2017 07:59:31 -0800 

Hello community,

here is the log from the commit of package ecryptfs-utils for openSUSE:Factory 
checked in at 2017-11-15 16:59:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ecryptfs-utils (Old)
 and      /work/SRC/openSUSE:Factory/.ecryptfs-utils.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ecryptfs-utils"

Wed Nov 15 16:59:05 2017 rev:49 rq:541775 version:111

Changes:
--------
--- /work/SRC/openSUSE:Factory/ecryptfs-utils/ecryptfs-utils.changes    
2017-03-12 20:04:55.733870513 +0100
+++ /work/SRC/openSUSE:Factory/.ecryptfs-utils.new/ecryptfs-utils.changes       
2017-11-15 16:59:09.901033809 +0100
@@ -1,0 +2,18 @@
+Tue Nov 14 10:25:45 UTC 2017 - [email protected]
+
+- The license is GPL-2.0 (without + / or later)
+
+-------------------------------------------------------------------
+Tue Nov  7 14:27:25 UTC 2017 - [email protected]
+
+- Update to 111
+  * upstream provides no changelog
+- add ecryptfs-utils-openssl11.patch to support build with
+  OpenSSL 1.1 (bsc#1066937)
+
+-------------------------------------------------------------------
+Tue Nov  7 14:18:15 UTC 2017 - [email protected]
+
+- drop validate-mount-destination-fs-type.patch (upstream)
+
+-------------------------------------------------------------------

Old:
----
  ecryptfs-utils_108.orig.tar.gz
  validate-mount-destination-fs-type.patch

New:
----
  ecryptfs-utils-openssl11.patch
  ecryptfs-utils_111.orig.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ecryptfs-utils.spec ++++++
--- /var/tmp/diff_new_pack.cpPZha/_old  2017-11-15 16:59:12.768928801 +0100
+++ /var/tmp/diff_new_pack.cpPZha/_new  2017-11-15 16:59:12.772928654 +0100
@@ -18,10 +18,10 @@
 
 %define lname   libecryptfs1
 Name:           ecryptfs-utils
-Version:        108
+Version:        111
 Release:        0
 Summary:        Userspace Utilities for ecryptfs
-License:        GPL-2.0+
+License:        GPL-2.0
 Group:          Productivity/Security
 Url:            http://ecryptfs.org/
 Source0:        
http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz
@@ -31,7 +31,7 @@
 Patch0:         ecryptfs-setup-swap-SuSE.patch
 # PATCH-FIX-OPENSUSE build with -fpie/-pie
 Patch1:         ecryptfs-utils-src-utils-Makefile.patch
-Patch2:         validate-mount-destination-fs-type.patch
+Patch2:         ecryptfs-utils-openssl11.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -77,7 +77,7 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
+%patch2 -p0
 
 %build
 export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing"


++++++ ecryptfs-utils-openssl11.patch ++++++
=== modified file 'src/key_mod/ecryptfs_key_mod_openssl.c'
--- src/key_mod/ecryptfs_key_mod_openssl.c      2013-10-25 19:45:09 +0000
+++ src/key_mod/ecryptfs_key_mod_openssl.c      2017-06-02 18:27:28 +0000
@@ -41,6 +41,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <libgen.h>
+#include <openssl/bn.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/err.h>
@@ -55,6 +56,19 @@
        char *passphrase;
 };
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static void RSA_get0_key(const RSA *r,
+                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+   if (n != NULL)
+       *n = r->n;
+   if (e != NULL)
+       *e = r->e;
+   if (d != NULL)
+       *d = r->d;
+}
+#endif
+
 static void
 ecryptfs_openssl_destroy_openssl_data(struct openssl_data *openssl_data)
 {
@@ -142,6 +156,7 @@
 {
        int len, nbits, ebits, i;
        int nbytes, ebytes;
+       const BIGNUM *key_n, *key_e;
        unsigned char *hash;
        unsigned char *data = NULL;
        int rc = 0;
@@ -152,11 +167,13 @@
                rc = -ENOMEM;
                goto out;
        }
-       nbits = BN_num_bits(key->n);
+       RSA_get0_key(key, &key_n, NULL, NULL);
+       nbits = BN_num_bits(key_n);
        nbytes = nbits / 8;
        if (nbits % 8)
                nbytes++;
-       ebits = BN_num_bits(key->e);
+       RSA_get0_key(key, NULL, &key_e, NULL);
+       ebits = BN_num_bits(key_e);
        ebytes = ebits / 8;
        if (ebits % 8)
                ebytes++;
@@ -179,11 +196,13 @@
        data[i++] = '\02';
        data[i++] = (nbits >> 8);
        data[i++] = nbits;
-       BN_bn2bin(key->n, &(data[i]));
+       RSA_get0_key(key, &key_n, NULL, NULL);
+       BN_bn2bin(key_n, &(data[i]));
        i += nbytes;
        data[i++] = (ebits >> 8);
        data[i++] = ebits;
-       BN_bn2bin(key->e, &(data[i]));
+       RSA_get0_key(key, NULL, &key_e, NULL);
+       BN_bn2bin(key_e, &(data[i]));
        i += ebytes;
        SHA1(data, len + 3, hash);
        to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE);
@@ -278,7 +297,9 @@
        BIO *in = NULL;
        int rc;
 
+       #if OPENSSL_VERSION_NUMBER < 0x10100000L
        CRYPTO_malloc_init();
+       #endif
        ERR_load_crypto_strings();
        OpenSSL_add_all_algorithms();
        ENGINE_load_builtin_engines();

=== modified file 'src/key_mod/ecryptfs_key_mod_pkcs11_helper.c'
--- src/key_mod/ecryptfs_key_mod_pkcs11_helper.c        2013-10-25 19:45:09 
+0000
+++ src/key_mod/ecryptfs_key_mod_pkcs11_helper.c        2017-06-02 18:27:28 
+0000
@@ -41,6 +41,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/x509.h>
@@ -77,6 +78,19 @@
 typedef const unsigned char *__pkcs11_openssl_d2i_t;
 #endif
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static void RSA_get0_key(const RSA *r,
+                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+   if (n != NULL)
+       *n = r->n;
+   if (e != NULL)
+       *e = r->e;
+   if (d != NULL)
+       *d = r->d;
+}
+#endif
+
 /**
  * ecryptfs_pkcs11h_deserialize
  * @pkcs11h_data: The deserialized version of the key module data;
@@ -282,7 +296,11 @@
                goto out;
        }
        
+       #if OPENSSL_VERSION_NUMBER < 0x10100000L
        if (pubkey->type != EVP_PKEY_RSA) {
+       #else
+       if (EVP_PKEY_base_id(pubkey) != EVP_PKEY_RSA) {
+       #endif
                syslog(LOG_ERR, "PKCS#11: Invalid public key algorithm");
                rc = -EIO;
                goto out;
@@ -318,6 +336,7 @@
        int nbytes, ebytes;
        char *hash = NULL;
        char *data = NULL;
+       const BIGNUM *rsa_n, *rsa_e;
        int rc;
 
        if ((rc = ecryptfs_pkcs11h_get_public_key(&rsa, blob))) {
@@ -331,11 +350,13 @@
                rc = -ENOMEM;
                goto out;
        }
-       nbits = BN_num_bits(rsa->n);
+       RSA_get0_key(rsa, &rsa_n, NULL, NULL);
+       nbits = BN_num_bits(rsa_n);
        nbytes = nbits / 8;
        if (nbits % 8)
                nbytes++;
-       ebits = BN_num_bits(rsa->e);
+       RSA_get0_key(rsa, NULL, &rsa_e, NULL);
+       ebits = BN_num_bits(rsa_e);
        ebytes = ebits / 8;
        if (ebits % 8)
                ebytes++;
@@ -358,11 +379,13 @@
        data[i++] = '\02';
        data[i++] = (char)(nbits >> 8);
        data[i++] = (char)nbits;
-       BN_bn2bin(rsa->n, &(data[i]));
+       RSA_get0_key(rsa, &rsa_n, NULL, NULL);
+       BN_bn2bin(rsa_n, &(data[i]));
        i += nbytes;
        data[i++] = (char)(ebits >> 8);
        data[i++] = (char)ebits;
-       BN_bn2bin(rsa->e, &(data[i]));
+       RSA_get0_key(rsa, NULL, &rsa_e, NULL);
+       BN_bn2bin(rsa_e, &(data[i]));
        i += ebytes;
        SHA1(data, len + 3, hash);
        to_hex(sig, hash, ECRYPTFS_SIG_SIZE);

++++++ ecryptfs-utils_108.orig.tar.gz -> ecryptfs-utils_111.orig.tar.gz ++++++
++++ 23106 lines of diff (skipped)

Reply via email to