Control: tags -1 +pending As Philip Chung's patch sits here rotting, I prepared a NMU with it. Will upload to DELAYED/7 shortly, here's the debdiff. Please scream if anything is wrong.
-- ⢀⣴⠾⠻⢶⣦⠀ Mozilla's Hippocritical Oath: "Keep trackers off your trail" ⣾⠁⢰⠒⠀⣿⡁ blah blah evading "tracking technology" blah blah ⢿⡄⠘⠷⠚⠋⠀ "https://click.e.mozilla.org/?qs=e7bb0dcf14b1013fca3820..."; ⠈⠳⣄⠀⠀⠀⠀ (same for all links)
diff -Nru crtmpserver-1.0~dfsg/debian/changelog crtmpserver-1.0~dfsg/debian/changelog --- crtmpserver-1.0~dfsg/debian/changelog 2016-12-30 17:40:06.000000000 +0100 +++ crtmpserver-1.0~dfsg/debian/changelog 2017-11-25 16:06:37.000000000 +0100 @@ -1,3 +1,10 @@ +crtmpserver (1.0~dfsg-5.4) unstable; urgency=medium + + * Non-maintainer upload. + * SSL1.1, patch by Philip Chung (Closes: #851084). + + -- Adam Borowski <kilob...@angband.pl> Sat, 25 Nov 2017 16:06:37 +0100 + crtmpserver (1.0~dfsg-5.3) unstable; urgency=medium * Non-maintainer upload. diff -Nru crtmpserver-1.0~dfsg/debian/control crtmpserver-1.0~dfsg/debian/control --- crtmpserver-1.0~dfsg/debian/control 2016-12-30 17:40:03.000000000 +0100 +++ crtmpserver-1.0~dfsg/debian/control 2017-11-25 16:06:37.000000000 +0100 @@ -9,7 +9,7 @@ cmake, debhelper (>= 9), liblua5.1-0-dev, - libssl1.0-dev, + libssl-dev, libtinyxml-dev, pkg-config Standards-Version: 3.9.3 diff -Nru crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff --- crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff 1970-01-01 01:00:00.000000000 +0100 +++ crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff 2017-11-25 16:06:37.000000000 +0100 @@ -0,0 +1,277 @@ +Description: allow the package to build against OpenSSL 1.1 + Notice, however, that I inelegantly replace BaseSSLProtocol::DumpBIO() + in thelib/src/protocols/ssl/basesslprotocol.cpp with a stub function, + because I can't seem to find any way to access the data. + . + Actually, removing the method entirely still allows the package to + build, as no other part of the code actually uses it. Would it be safe + to do so? +Author: Philip Chung <philipchung1...@yahoo.com> +Bug-Debian: https://bugs.debian.org/851084 + +--- crtmpserver-1.0~dfsg.orig/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h ++++ crtmpserver-1.0~dfsg/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h +@@ -30,7 +30,7 @@ namespace app_applestreamingclient { + private: + IOBuffer _tempBuffer; + IOBuffer _inputBuffer; +- EVP_CIPHER_CTX _decContex; ++ EVP_CIPHER_CTX *_decContex; + bool _lastChunk; + uint8_t *_pIV; + uint8_t *_pKey; +--- crtmpserver-1.0~dfsg.orig/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp ++++ crtmpserver-1.0~dfsg/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp +@@ -31,13 +31,12 @@ InboundAESProtocol::InboundAESProtocol() + memset(_pIV, 0, 16); + _pKey = new uint8_t[16]; + memset(_pKey, 0, 16); +- memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX)); ++ _decContex = EVP_CIPHER_CTX_new(); + _totalDecrypted = 0; + } + + InboundAESProtocol::~InboundAESProtocol() { +- EVP_CIPHER_CTX_cleanup(&_decContex); +- memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX)); ++ EVP_CIPHER_CTX_free(_decContex); + delete[] _pIV; + delete[] _pKey; + } +@@ -60,11 +59,9 @@ bool InboundAESProtocol::Initialize(Vari + _inputBuffer.IgnoreAll(); + _tempBuffer.IgnoreAll(); + +- EVP_CIPHER_CTX_cleanup(&_decContex); +- memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX)); +- EVP_CIPHER_CTX_init(&_decContex); +- EVP_DecryptInit_ex(&_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV); +- EVP_CIPHER_CTX_set_padding(&_decContex, 0); ++ EVP_CIPHER_CTX_init(_decContex); ++ EVP_DecryptInit_ex(_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV); ++ EVP_CIPHER_CTX_set_padding(_decContex, 0); + + return true; + } +@@ -105,14 +102,14 @@ bool InboundAESProtocol::SignalInputData + int decryptedFinalSize = 0; + uint32_t padding = 0; + +- EVP_DecryptUpdate(&_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize); ++ EVP_DecryptUpdate(_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize); + _totalDecrypted += decryptedSize; + + //6. Decrypt leftovers + bool transferCompleted = false; + if (((HTTPBufferProtocol *) GetFarProtocol())->TransferCompleted()) { + transferCompleted = true; +- EVP_DecryptFinal_ex(&_decContex, ++ EVP_DecryptFinal_ex(_decContex, + pTempData + decryptedSize, + &decryptedFinalSize); + _totalDecrypted += decryptedFinalSize; +--- crtmpserver-1.0~dfsg.orig/common/include/utils/misc/crypto.h ++++ crtmpserver-1.0~dfsg/common/include/utils/misc/crypto.h +@@ -83,7 +83,7 @@ public: + bool CopySharedKey(uint8_t *pDst, int32_t dstLength); + private: + void Cleanup(); +- bool CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength); ++ bool CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength); + }; + + DLLEXP void InitRC4Encryption(uint8_t *secretKey, uint8_t *pubKeyIn, uint8_t *pubKeyOut, +--- crtmpserver-1.0~dfsg.orig/common/src/utils/misc/crypto.cpp ++++ crtmpserver-1.0~dfsg/common/src/utils/misc/crypto.cpp +@@ -46,35 +46,46 @@ bool DHWrapper::Initialize() { + } + + //2. Create his internal p and g +- _pDH->p = BN_new(); +- if (_pDH->p == NULL) { ++ BIGNUM *p = BN_new(); ++ if (p == NULL) { + FATAL("Unable to create p"); + Cleanup(); + return false; + } +- _pDH->g = BN_new(); +- if (_pDH->g == NULL) { ++ BIGNUM *g = BN_new(); ++ if (g == NULL) { + FATAL("Unable to create g"); + Cleanup(); + return false; + } + + //3. initialize p, g and key length +- if (BN_hex2bn(&_pDH->p, P1024) == 0) { ++ if (BN_hex2bn(&p, P1024) == 0) { + FATAL("Unable to parse P1024"); + Cleanup(); + return false; + } +- if (BN_set_word(_pDH->g, 2) != 1) { ++ if (BN_set_word(g, 2) != 1) { + FATAL("Unable to set g"); + Cleanup(); + return false; + } + +- //4. Set the key length +- _pDH->length = _bitsCount; ++ //4. Set internal p and g ++ if (DH_set0_pqg(_pDH, p, NULL, g) != 1) { ++ FATAL("Unable to set internal p and g"); ++ Cleanup(); ++ return false; ++ } + +- //5. Generate private and public key ++ //5. Set the key length ++ if (DH_set_length(_pDH, _bitsCount) != 1) { ++ FATAL("Unable to set length"); ++ Cleanup(); ++ return false; ++ } ++ ++ //6. Generate private and public key + if (DH_generate_key(_pDH) != 1) { + FATAL("Unable to generate DH public/private keys"); + Cleanup(); +@@ -90,7 +101,9 @@ bool DHWrapper::CopyPublicKey(uint8_t *p + return false; + } + +- return CopyKey(_pDH->pub_key, pDst, dstLength); ++ const BIGNUM *pub_key; ++ DH_get0_key(_pDH, &pub_key, NULL); ++ return CopyKey(pub_key, pDst, dstLength); + } + + bool DHWrapper::CopyPrivateKey(uint8_t *pDst, int32_t dstLength) { +@@ -99,7 +112,9 @@ bool DHWrapper::CopyPrivateKey(uint8_t * + return false; + } + +- return CopyKey(_pDH->priv_key, pDst, dstLength); ++ const BIGNUM *priv_key; ++ DH_get0_key(_pDH, NULL, &priv_key); ++ return CopyKey(priv_key, pDst, dstLength); + } + + bool DHWrapper::CreateSharedKey(uint8_t *pPeerPublicKey, int32_t length) { +@@ -153,14 +168,6 @@ bool DHWrapper::CopySharedKey(uint8_t *p + + void DHWrapper::Cleanup() { + if (_pDH != NULL) { +- if (_pDH->p != NULL) { +- BN_free(_pDH->p); +- _pDH->p = NULL; +- } +- if (_pDH->g != NULL) { +- BN_free(_pDH->g); +- _pDH->g = NULL; +- } + DH_free(_pDH); + _pDH = NULL; + } +@@ -177,7 +184,7 @@ void DHWrapper::Cleanup() { + } + } + +-bool DHWrapper::CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) { ++bool DHWrapper::CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) { + int32_t keySize = BN_num_bytes(pNum); + if ((keySize <= 0) || (dstLength <= 0) || (keySize > dstLength)) { + FATAL("CopyPublicKey failed due to either invalid DH state or invalid call"); +@@ -197,20 +204,19 @@ void InitRC4Encryption(uint8_t *secretKe + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int digestLen = 0; + +- HMAC_CTX ctx; +- HMAC_CTX_init(&ctx); +- HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0); +- HMAC_Update(&ctx, pubKeyIn, 128); +- HMAC_Final(&ctx, digest, &digestLen); +- HMAC_CTX_cleanup(&ctx); ++ HMAC_CTX *ctx; ++ ctx = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0); ++ HMAC_Update(ctx, pubKeyIn, 128); ++ HMAC_Final(ctx, digest, &digestLen); + + RC4_set_key(rc4keyOut, 16, digest); + +- HMAC_CTX_init(&ctx); +- HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0); +- HMAC_Update(&ctx, pubKeyOut, 128); +- HMAC_Final(&ctx, digest, &digestLen); +- HMAC_CTX_cleanup(&ctx); ++ HMAC_CTX_reset(ctx); ++ HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0); ++ HMAC_Update(ctx, pubKeyOut, 128); ++ HMAC_Final(ctx, digest, &digestLen); ++ HMAC_CTX_free(ctx); + + RC4_set_key(rc4keyIn, 16, digest); + } +@@ -220,14 +226,15 @@ string md5(string source, bool textResul + } + + string md5(uint8_t *pBuffer, uint32_t length, bool textResult) { +- EVP_MD_CTX mdctx; ++ EVP_MD_CTX *mdctx; + unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned int md_len; + +- EVP_DigestInit(&mdctx, EVP_md5()); +- EVP_DigestUpdate(&mdctx, pBuffer, length); +- EVP_DigestFinal_ex(&mdctx, md_value, &md_len); +- EVP_MD_CTX_cleanup(&mdctx); ++ mdctx = EVP_MD_CTX_new(); ++ EVP_DigestInit(mdctx, EVP_md5()); ++ EVP_DigestUpdate(mdctx, pBuffer, length); ++ EVP_DigestFinal_ex(mdctx, md_value, &md_len); ++ EVP_MD_CTX_free(mdctx); + + if (textResult) { + string result = ""; +@@ -244,12 +251,12 @@ void HMACsha256(const void *pData, uint3 + const void *pKey, uint32_t keyLength, void *pResult) { + unsigned int digestLen; + +- HMAC_CTX ctx; +- HMAC_CTX_init(&ctx); +- HMAC_Init_ex(&ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL); +- HMAC_Update(&ctx, (unsigned char *) pData, dataLength); +- HMAC_Final(&ctx, (unsigned char *) pResult, &digestLen); +- HMAC_CTX_cleanup(&ctx); ++ HMAC_CTX *ctx; ++ ctx = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL); ++ HMAC_Update(ctx, (unsigned char *) pData, dataLength); ++ HMAC_Final(ctx, (unsigned char *) pResult, &digestLen); ++ HMAC_CTX_free(ctx); + + assert(digestLen == 32); + } +--- crtmpserver-1.0~dfsg.orig/thelib/src/protocols/ssl/basesslprotocol.cpp ++++ crtmpserver-1.0~dfsg/thelib/src/protocols/ssl/basesslprotocol.cpp +@@ -210,6 +210,7 @@ string BaseSSLProtocol::GetSSLErrors() { + } + + string BaseSSLProtocol::DumpBIO(BIO *pBIO) { ++ /* + string formatString; + formatString = "method: %p\n"; + formatString += "callback: %p\n"; +@@ -240,6 +241,8 @@ string BaseSSLProtocol::DumpBIO(BIO *pBI + pBIO->references, + (int64_t) pBIO->num_read, + (int64_t) pBIO->num_write); ++ */ ++ return "FIXME BaseSSLProtocol::DumpBIO"; + } + + void BaseSSLProtocol::InitRandGenerator() { diff -Nru crtmpserver-1.0~dfsg/debian/patches/series crtmpserver-1.0~dfsg/debian/patches/series --- crtmpserver-1.0~dfsg/debian/patches/series 2016-07-30 04:23:15.000000000 +0200 +++ crtmpserver-1.0~dfsg/debian/patches/series 2017-11-25 16:06:37.000000000 +0100 @@ -8,3 +8,4 @@ 20_use_pkgconfig_for_tinyxml.diff 21_fix_ftbfs_kfreebsd.diff 22_fix_ftbfs_gcc-6.diff +libssl_1_1_compatibility.diff
_______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
