This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch master
in repository libcrypt-openssl-x509-perl.

commit 5fde51ed9473454f3350b3d949600a6675773e8d
Author: gregor herrmann <gre...@debian.org>
Date:   Wed Nov 2 01:12:12 2016 +0100

    Cherry-pick two commits from upstream Git repo for OpenSSL 1.1.0
    
    compatibility (and 1.0.2 backwards compatibility).
    
    Closes: #828388
---
 ...enssl-x509-perl-compile-against-openssl-1.patch | 475 +++++++++++++++++++++
 ...F-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch |  44 ++
 debian/patches/series                              |   2 +
 3 files changed, 521 insertions(+)

diff --git 
a/debian/patches/0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch
 
b/debian/patches/0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch
new file mode 100644
index 0000000..d885aad
--- /dev/null
+++ 
b/debian/patches/0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch
@@ -0,0 +1,475 @@
+From 669bf5ce0ccdac2b5d121cf693f65c4b1db81862 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+Date: Sat, 8 Oct 2016 22:21:32 +0000
+Subject: [PATCH] libcrypt-openssl-x509-perl: compile against openssl 1.1.0
+
+and keep it working against openssl 1.0.2j
+
+Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+---
+ X509.pm |   6 +-
+ X509.xs | 238 +++++++++++++++++++++++++++++++++++++++++++++-------------------
+ 2 files changed, 172 insertions(+), 72 deletions(-)
+
+diff --git a/X509.pm b/X509.pm
+index 538679d..c8c17ad 100644
+--- a/X509.pm
++++ b/X509.pm
+@@ -8,7 +8,7 @@ use base qw(Exporter);
+ $VERSION = '1.807';
+ 
+ @EXPORT_OK = qw(
+-  FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM FORMAT_NETSCAPE
++  FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
+   FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC 
OPENSSL_VERSION_NUMBER
+ );
+ 
+@@ -161,7 +161,7 @@ None by default.
+ 
+ On request:
+ 
+-      FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM FORMAT_NETSCAPE
++      FORMAT_UNDEF FORMAT_ASN1 FORMAT_TEXT FORMAT_PEM
+       FORMAT_PKCS12 FORMAT_SMIME FORMAT_ENGINE FORMAT_IISSGC
+ 
+ 
+@@ -249,7 +249,7 @@ Return Boolean value if subject and issuer name are the 
same.
+ 
+ =item as_string ( [ FORMAT ] )
+ 
+-Return the certificate as a string in the specified format. C<FORMAT> can be 
one of C<FORMAT_PEM> (the default), C<FORMAT_ASN1>, or C<FORMAT_NETSCAPE>.
++Return the certificate as a string in the specified format. C<FORMAT> can be 
one of C<FORMAT_PEM> (the default) or C<FORMAT_ASN1>.
+ 
+ =item modulus ( )
+ 
+diff --git a/X509.xs b/X509.xs
+index 8380ff9..9d11f03 100644
+--- a/X509.xs
++++ b/X509.xs
+@@ -21,14 +21,11 @@
+ #define FORMAT_ASN1     1
+ #define FORMAT_TEXT     2
+ #define FORMAT_PEM      3
+-#define FORMAT_NETSCAPE 4
+ #define FORMAT_PKCS12   5
+ #define FORMAT_SMIME    6
+ #define FORMAT_ENGINE   7
+ #define FORMAT_IISSGC   8
+ 
+-#define NETSCAPE_CERT_HDR "certificate"
+-
+ /* fake our package name */
+ typedef X509*  Crypt__OpenSSL__X509;
+ typedef X509_EXTENSION* Crypt__OpenSSL__X509__Extension;
+@@ -46,6 +43,79 @@ typedef X509_CRL* Crypt__OpenSSL__X509__CRL;
+ #define sk_OPENSSL_STRING_value sk_value
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define const_ossl11
++
++static ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
++{
++  return a->cert_info->serialNumber;
++}
++
++static void RSA_get0_key(const RSA *r,
++                         const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++  if (n != NULL)
++    *n = r->n;
++  if (e != NULL)
++    *e = r->e;
++  if (d != NULL)
++    *d = r->d;
++}
++
++static RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
++{
++  if (pkey->type != EVP_PKEY_RSA)
++    return NULL;
++  return pkey->pkey.rsa;
++}
++
++static void X509_CRL_get0_signature(const X509_CRL *crl, const 
ASN1_BIT_STRING **psig,
++                                    X509_ALGOR **palg)
++{
++  if (psig != NULL)
++    *psig = crl->signature;
++  if (palg != NULL)
++    *palg = crl->sig_alg;
++}
++
++static void DSA_get0_pqg(const DSA *d,
++                         const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++  if (p != NULL)
++    *p = d->p;
++  if (q != NULL)
++    *q = d->q;
++  if (g != NULL)
++    *g = d->g;
++}
++
++static void DSA_get0_key(const DSA *d,
++                         const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++  if (pub_key != NULL)
++    *pub_key = d->pub_key;
++  if (priv_key != NULL)
++    *priv_key = d->priv_key;
++}
++
++static DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
++{
++  if (pkey->type != EVP_PKEY_DSA)
++    return NULL;
++  return pkey->pkey.dsa;
++}
++
++static EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
++{
++  if (pkey->type != EVP_PKEY_EC)
++    return NULL;
++  return pkey->pkey.ec;
++}
++
++#else
++#define const_ossl11 const
++#endif
++
+ /* Unicode 0xfffd */
+ static U8 utf8_substitute_char[3] = { 0xef, 0xbf, 0xbd };
+ 
+@@ -211,35 +281,6 @@ static HV* hv_exts(X509* x509, int no_name) {
+   return RETVAL;
+ }
+ 
+-void _decode_netscape(BIO *bio, X509 *x509) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+-
+-    NETSCAPE_X509 nx;
+-    ASN1_OCTET_STRING os;
+-
+-    os.data   = (unsigned char *)NETSCAPE_CERT_HDR;
+-    os.length = strlen(NETSCAPE_CERT_HDR);
+-    nx.header = &os;
+-    nx.cert   = x509;
+-
+-    ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), bio, &nx);
+-
+-#else
+-
+-    ASN1_HEADER ah;
+-    ASN1_OCTET_STRING os;
+-
+-    os.data   = (unsigned char *)NETSCAPE_CERT_HDR;
+-    os.length = strlen(NETSCAPE_CERT_HDR);
+-    ah.header = &os;
+-    ah.data   = (char *)x509;
+-    ah.meth   = X509_asn1_meth();
+-
+-    ASN1_i2d_bio((i2d_of_void *)i2d_ASN1_HEADER, bio, (unsigned char *)&ah);
+-
+-#endif
+-}
+-
+ MODULE = Crypt::OpenSSL::X509    PACKAGE = Crypt::OpenSSL::X509
+ 
+ PROTOTYPES: DISABLE
+@@ -255,7 +296,6 @@ BOOT:
+   {"FORMAT_ASN1", FORMAT_ASN1},
+   {"FORMAT_TEXT", FORMAT_TEXT},
+   {"FORMAT_PEM", FORMAT_PEM},
+-  {"FORMAT_NETSCAPE", FORMAT_NETSCAPE},
+   {"FORMAT_PKCS12", FORMAT_PKCS12},
+   {"FORMAT_SMIME", FORMAT_SMIME},
+   {"FORMAT_ENGINE", FORMAT_ENGINE},
+@@ -354,7 +394,9 @@ __X509_cleanup(void)
+ 
+   CRYPTO_cleanup_all_ex_data();
+   ERR_free_strings();
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+   ERR_remove_state(0);
++#endif
+   EVP_cleanup();
+ 
+ SV*
+@@ -398,7 +440,7 @@ accessor(x509)
+ 
+   } else if (ix == 3) {
+ 
+-    i2a_ASN1_INTEGER(bio, x509->cert_info->serialNumber);
++    i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(x509));
+ 
+   } else if (ix == 4) {
+ 
+@@ -425,14 +467,24 @@ accessor(x509)
+ 
+   } else if (ix == 8) {
+ 
+-    i2a_ASN1_INTEGER(bio, x509->cert_info->version);
++    BIO_printf(bio, "%02ld", X509_get_version(x509));
+ 
+   } else if (ix == 9) {
++    const_ossl11 X509_ALGOR *palg;
++    const_ossl11 ASN1_OBJECT *paobj;
+ 
+-    i2a_ASN1_OBJECT(bio, x509->sig_alg->algorithm);
++    X509_get0_signature(NULL, &palg, x509);
++    X509_ALGOR_get0(&paobj, NULL, NULL, palg);
++
++    i2a_ASN1_OBJECT(bio, paobj);
+   } else if ( ix == 10 ) {
++    X509_PUBKEY *pkey;
++    ASN1_OBJECT *ppkalg;
++
++    pkey = X509_get_X509_PUBKEY(x509);
++    X509_PUBKEY_get0_param(&ppkalg, NULL, NULL, NULL, pkey);
+ 
+-    i2a_ASN1_OBJECT(bio, x509->cert_info->key->algor->algorithm);
++    i2a_ASN1_OBJECT(bio, ppkalg);
+   }
+ 
+   RETVAL = sv_bio_final(bio);
+@@ -465,12 +517,14 @@ sig_print(x509)
+   PREINIT:
+   BIO *bio;
+   unsigned char *s;
++  const_ossl11 ASN1_BIT_STRING *psig;
+   int n,i;
+ 
+   CODE:
+ 
+-  n   = x509->signature->length;
+-  s   = x509->signature->data;
++  X509_get0_signature(&psig, NULL, x509);
++  n   = psig->length;
++  s   = psig->data;
+   bio = sv_bio_create();
+ 
+   for (i=0; i<n; i++) {
+@@ -503,9 +557,6 @@ as_string(x509, format = FORMAT_PEM)
+ 
+     i2d_X509_bio(bio, x509);
+ 
+-  } else if (format == FORMAT_NETSCAPE) {
+-
+-    _decode_netscape(bio, x509);
+   }
+ 
+   RETVAL = sv_bio_final(bio);
+@@ -519,6 +570,11 @@ bit_length(x509)
+ 
+   PREINIT:
+   EVP_PKEY *pkey;
++  DSA *dsa_pkey;
++  RSA *rsa_pkey;
++  EC_KEY *ec_pkey;
++  const BIGNUM *p;
++  const BIGNUM *n;
+   int length;
+ 
+   CODE:
+@@ -528,12 +584,16 @@ bit_length(x509)
+     croak("Public key is unavailable\n");
+   }
+ 
+-  switch(pkey->type) {
++  switch(EVP_PKEY_base_id(pkey)) {
+     case EVP_PKEY_RSA:
+-      length = BN_num_bits(pkey->pkey.rsa->n);
++      rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++      RSA_get0_key(rsa_pkey, &n, NULL, NULL);
++      length = BN_num_bits(n);
+       break;
+     case EVP_PKEY_DSA:
+-      length = BN_num_bits(pkey->pkey.dsa->p);
++      dsa_pkey = EVP_PKEY_get0_DSA(pkey);
++      DSA_get0_pqg(dsa_pkey, &p, NULL, NULL);
++      length = BN_num_bits(p);
+       break;
+ #ifndef OPENSSL_NO_EC
+     case EVP_PKEY_EC:
+@@ -545,8 +605,8 @@ bit_length(x509)
+         EVP_PKEY_free(pkey);
+         croak("Could not malloc bignum");
+       }
+-      //
+-      if ( (group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL) {
++      ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++      if ( (group = EC_KEY_get0_group(ec_pkey)) == NULL) {
+         EVP_PKEY_free(pkey);
+         croak("No EC group");
+       }
+@@ -590,10 +650,12 @@ curve(x509)
+     EVP_PKEY_free(pkey);
+     croak("Public key is unavailable\n");
+   }
+-  if ( pkey->type == EVP_PKEY_EC ) {
++  if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_EC ) {
+     const EC_GROUP *group;
++    EC_KEY *ec_pkey;
+     int nid;
+-    if ( (group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL) {
++    ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++    if ( (group = EC_KEY_get0_group(ec_pkey)) == NULL) {
+        EVP_PKEY_free(pkey);
+        croak("No EC group");
+     }
+@@ -621,6 +683,7 @@ modulus(x509)
+   PREINIT:
+   EVP_PKEY *pkey;
+   BIO *bio;
++  int pkey_id;
+ 
+   CODE:
+ 
+@@ -634,25 +697,38 @@ modulus(x509)
+     croak("Modulus is unavailable\n");
+   }
+ 
+-  if (pkey->type == EVP_PKEY_RSA) {
++  pkey_id = EVP_PKEY_base_id(pkey);
++  if (pkey_id == EVP_PKEY_RSA) {
++    RSA *rsa_pkey;
++    const BIGNUM *n;
+ 
+-    BN_print(bio, pkey->pkey.rsa->n);
++    rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++    RSA_get0_key(rsa_pkey, &n, NULL, NULL);
+ 
+-  } else if (pkey->type == EVP_PKEY_DSA) {
++    BN_print(bio, n);
+ 
+-    BN_print(bio, pkey->pkey.dsa->pub_key);
++  } else if (pkey_id == EVP_PKEY_DSA) {
++    DSA *dsa_pkey;
++    const BIGNUM *pub_key;
++
++    dsa_pkey = EVP_PKEY_get0_DSA(pkey);
++    DSA_get0_key(dsa_pkey, &pub_key, NULL);
++    BN_print(bio, pub_key);
+ #ifndef OPENSSL_NO_EC
+-  } else if ( pkey->type == EVP_PKEY_EC ) {
++  } else if ( pkey_id == EVP_PKEY_EC ) {
+     const EC_POINT *public_key;
+     const EC_GROUP *group;
++    EC_KEY *ec_pkey;
+     BIGNUM  *pub_key=NULL;
+-    if ( (group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL) {
++
++    ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++    if ( (group = EC_KEY_get0_group(ec_pkey)) == NULL) {
+        BIO_free_all(bio);
+        EVP_PKEY_free(pkey);
+        croak("No EC group");
+     }
+-    public_key = EC_KEY_get0_public_key(pkey->pkey.ec);
+-    if ((pub_key = EC_POINT_point2bn(group, public_key, 
EC_KEY_get_conv_form(pkey->pkey.ec), NULL, NULL)) == NULL) {
++    public_key = EC_KEY_get0_public_key(ec_pkey);
++    if ((pub_key = EC_POINT_point2bn(group, public_key, 
EC_KEY_get_conv_form(ec_pkey), NULL, NULL)) == NULL) {
+        BIO_free_all(bio);
+        EVP_PKEY_free(pkey);
+        croak("EC library error");
+@@ -697,8 +773,14 @@ exponent(x509)
+     croak("Exponent is unavailable\n");
+   }
+ 
+-  if (pkey->type == EVP_PKEY_RSA) {
+-    BN_print(bio, pkey->pkey.rsa->e);
++  if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
++    RSA *rsa_pkey;
++    const BIGNUM *e;
++
++    rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++    RSA_get0_key(rsa_pkey, NULL, &e, NULL);
++
++    BN_print(bio, e);
+   } else {
+     BIO_free_all(bio);
+     EVP_PKEY_free(pkey);
+@@ -780,6 +862,7 @@ pubkey(x509)
+   PREINIT:
+   EVP_PKEY *pkey;
+   BIO *bio;
++  int pkey_id;
+ 
+   CODE:
+ 
+@@ -793,16 +876,25 @@ pubkey(x509)
+     croak("Public Key is unavailable\n");
+   }
+ 
+-  if (pkey->type == EVP_PKEY_RSA) {
++  pkey_id = EVP_PKEY_base_id(pkey);
++  if (pkey_id == EVP_PKEY_RSA) {
++    RSA *rsa_pkey;
++
++    rsa_pkey = EVP_PKEY_get0_RSA(pkey);
++    PEM_write_bio_RSAPublicKey(bio, rsa_pkey);
+ 
+-    PEM_write_bio_RSAPublicKey(bio, pkey->pkey.rsa);
++  } else if (pkey_id == EVP_PKEY_DSA) {
++    DSA *dsa_pkey;
+ 
+-  } else if (pkey->type == EVP_PKEY_DSA) {
++    dsa_pkey = EVP_PKEY_get0_DSA(pkey);
+ 
+-    PEM_write_bio_DSA_PUBKEY(bio, pkey->pkey.dsa);
++    PEM_write_bio_DSA_PUBKEY(bio, dsa_pkey);
+ #ifndef OPENSSL_NO_EC
+-  } else if ( pkey->type == EVP_PKEY_EC ) {
+-    PEM_write_bio_EC_PUBKEY(bio, pkey->pkey.ec);
++  } else if (pkey_id == EVP_PKEY_EC ) {
++    EC_KEY *ec_pkey;
++
++    ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
++    PEM_write_bio_EC_PUBKEY(bio, ec_pkey);
+ #endif
+   } else {
+ 
+@@ -823,6 +915,7 @@ pubkey_type(x509)
+         Crypt::OpenSSL::X509 x509;
+     PREINIT:
+         EVP_PKEY *pkey;
++      int pkey_id;
+     CODE:
+         RETVAL=NULL;
+         pkey = X509_get_pubkey(x509);
+@@ -830,13 +923,14 @@ pubkey_type(x509)
+         if(!pkey)
+             XSRETURN_UNDEF;
+ 
+-        if (pkey->type == EVP_PKEY_DSA) {
++      pkey_id = EVP_PKEY_base_id(pkey);
++        if (pkey_id == EVP_PKEY_DSA) {
+             RETVAL="dsa";
+ 
+-        } else if (pkey->type == EVP_PKEY_RSA) {
++        } else if (pkey_id == EVP_PKEY_RSA) {
+             RETVAL="rsa";
+ #ifndef OPENSSL_NO_EC
+-        } else if ( pkey->type == EVP_PKEY_EC ) {
++        } else if (pkey_id == EVP_PKEY_EC ) {
+             RETVAL="ec";
+ #endif
+         }
+@@ -1479,7 +1573,13 @@ CRL_accessor(crl)
+     RETVAL = sv_bio_final(bio);
+ 
+   } else if (ix == 2) {
+-    i2a_ASN1_OBJECT(bio, crl->sig_alg->algorithm);
++    const_ossl11 X509_ALGOR *palg;
++    const_ossl11 ASN1_OBJECT *paobj;
++
++    X509_CRL_get0_signature(crl, NULL, &palg);
++    X509_ALGOR_get0(&paobj, NULL, NULL, palg);
++
++    i2a_ASN1_OBJECT(bio, paobj);
+   }
+ 
+   RETVAL = sv_bio_final(bio);
+-- 
+2.10.2
+
diff --git 
a/debian/patches/0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch
 
b/debian/patches/0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch
new file mode 100644
index 0000000..3e4f679
--- /dev/null
+++ 
b/debian/patches/0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch
@@ -0,0 +1,44 @@
+From 47a65ecd166526bbc43c86cb38c743e84b050eec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppi...@redhat.com>
+Date: Thu, 27 Oct 2016 12:16:29 +0200
+Subject: [PATCH] Fix STACK_OF(OPENSSL_STRING) conflicts with OpenSSL 1.1.0
+
+Since OpenSSL 1.1.0, STACK_OF(OPENSSL_STRING) defines
+sk_OPENSSL_STRING_num() and other accessors as a functions, not
+macros. Thus the #ifndef sk_OPENSSL_STRING_num incorrectly redefined
+them and caused fatal warnings about incompatible types.
+
+This patch redefines the accessors only with OpenSSL older than 1.1.0.
+
+<https://github.com/dsully/perl-crypt-openssl-x509/issues/53>
+---
+ X509.xs | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/X509.xs b/X509.xs
+index 9d11f03..a08ed81 100644
+--- a/X509.xs
++++ b/X509.xs
+@@ -35,6 +35,9 @@ typedef X509_NAME_ENTRY* Crypt__OpenSSL__X509__Name_Entry;
+ typedef X509_CRL* Crypt__OpenSSL__X509__CRL;
+ 
+ /* 1.0 backwards compat */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++#define const_ossl11
++
+ #ifndef sk_OPENSSL_STRING_num
+ #define sk_OPENSSL_STRING_num sk_num
+ #endif
+@@ -43,9 +46,6 @@ typedef X509_CRL* Crypt__OpenSSL__X509__CRL;
+ #define sk_OPENSSL_STRING_value sk_value
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-#define const_ossl11
+-
+ static ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+ {
+   return a->cert_info->serialNumber;
+-- 
+2.10.2
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d713b93
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+0001-libcrypt-openssl-x509-perl-compile-against-openssl-1.patch
+0002-Fix-STACK_OF-OPENSSL_STRING-conflicts-with-OpenSSL-1.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libcrypt-openssl-x509-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to