Bug#828566: Proposed NMU

2016-11-14 Thread Muammar El Khatib 
Dear Sergei,

On Mon, Nov 7, 2016 at 8:48 AM, Sergei Golovan  wrote:
> tags 828566 + patch
> thanks
>
> Hi, Muammar,
>
> I'd like to offer a patch which ports tcltls to the new Openssl 1.1.
> It's already forwarded upstream
> (https://sourceforge.net/p/tls/bugs/66/) though I don't know when it
> (or some other patch) will be accepted. The changes are mostly
> straightforward, the patch retains compatibility with OpenSSL 1.0, and
> the package passes regression tests.
>
> If you don't mind, I could do NMU for this bugfix.
>
> Cheers!

Please go ahead with the NMU. I am sorry for the delay, too much work
right now.

Thank you.

Regards,

-- 
Muammar El Khatib.
Linux user: 403107.
GPG Key = 71246E4A.
http://muammar.me | http://proyectociencia.org
  ,''`.
 : :' :
 `. `'
   `-

Bug#828566: Proposed NMU

2016-11-07 Thread Sergei Golovan 
tags 828566 + patch
thanks

Hi, Muammar,

I'd like to offer a patch which ports tcltls to the new Openssl 1.1.
It's already forwarded upstream
(https://sourceforge.net/p/tls/bugs/66/) though I don't know when it
(or some other patch) will be accepted. The changes are mostly
straightforward, the patch retains compatibility with OpenSSL 1.0, and
the package passes regression tests.

If you don't mind, I could do NMU for this bugfix.

Cheers!
-- 
Sergei Golovan
diff -Nru tcltls-1.6.7+dfsg/debian/changelog tcltls-1.6.7+dfsg/debian/changelog
--- tcltls-1.6.7+dfsg/debian/changelog  2016-05-29 14:54:10.0 +0300
+++ tcltls-1.6.7+dfsg/debian/changelog  2016-11-07 16:40:21.0 +0300
@@ -1,3 +1,10 @@
+tcltls (1.6.7+dfsg-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Added a patch which fixes FTBFS with OpenSSL 1.1 (closes: #828566).
+
+ -- Sergei Golovan   Mon, 07 Nov 2016 16:40:21 +0300
+
 tcltls (1.6.7+dfsg-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru tcltls-1.6.7+dfsg/debian/patches/openssl1.1 
tcltls-1.6.7+dfsg/debian/patches/openssl1.1
--- tcltls-1.6.7+dfsg/debian/patches/openssl1.1 1970-01-01 03:00:00.0 
+0300
+++ tcltls-1.6.7+dfsg/debian/patches/openssl1.1 2016-11-06 23:48:18.0 
+0300
@@ -0,0 +1,410 @@
+Author: Sergei Golovan 
+Description: Patch ports the tcltls to the new OpenSSL 1.1 API.
+Last-Modified: Sun, 30 Oct 2016 23:08:28 +0300
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828566
+Bug-Upstream: https://sourceforge.net/p/tls/bugs/66/
+Forwarded: yes
+
+--- a/tls.c
 b/tls.c
+@@ -115,15 +115,29 @@
+ static DH *get_dh2048()
+ {
+ DH *dh=NULL;
++BIGNUM *p=NULL, *g=NULL;
+ 
+-if ((dh=DH_new()) == NULL) return(NULL);
++p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++if (p == NULL) goto err;
+ 
+-dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+-dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++if (g == NULL) goto err;
+ 
+-if ((dh->p == NULL) || (dh->g == NULL))
+-  return(NULL);
++if ((dh=DH_new()) == NULL) goto err;
++
++#if OPENSSL_VERSION_NUMBER < 0x1010L
++dh->p=p;
++dh->g=g;
++#else
++if (!DH_set0_pqg(dh, p, NULL, g)) goto err;
++#endif
+ return(dh);
++
++err:
++if (p) BN_free(p);
++if (g) BN_free(g);
++if (dh) DH_free(dh);
++return(NULL);
+ }
+ #endif
+ 
+@@ -160,7 +174,10 @@
+ #define OPENSSL_THREAD_DEFINES
+ #include 
+ 
+-#ifdef OPENSSL_THREADS
++static Tcl_Mutex init_mx;
++static int initialized;
++
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x1010L
+ #include 
+ 
+ /*
+@@ -169,8 +186,6 @@
+  */
+ 
+ static Tcl_Mutex locks[CRYPTO_NUM_LOCKS];
+-static Tcl_Mutex init_mx;
+-static int initialized;
+ 
+ static void  CryptoThreadLockCallback (int mode, int n, const char 
*file, int line);
+ static unsigned long CryptoThreadIdCallback   (void);
+@@ -310,7 +325,7 @@
+ Tcl_Obj *cmdPtr, *result;
+ char *errStr, *string;
+ int length;
+-SSL   *ssl= (SSL*)X509_STORE_CTX_get_app_data(ctx);
++SSL   *ssl= (SSL*)X509_STORE_CTX_get_ex_data(ctx, 
SSL_get_ex_data_X509_STORE_CTX_idx());
+ X509  *cert   = X509_STORE_CTX_get_current_cert(ctx);
+ State *statePtr   = (State*)SSL_get_app_data(ssl);
+ int depth = X509_STORE_CTX_get_error_depth(ctx);
+@@ -554,14 +569,14 @@
+ }
+ switch ((enum protocol)index) {
+ case TLS_SSL2:
+-#if defined(NO_SSL2)
++#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x1010L
+   Tcl_AppendResult(interp, "protocol not supported", NULL);
+   return TCL_ERROR;
+ #else
+   ctx = SSL_CTX_new(SSLv2_method()); break;
+ #endif
+ case TLS_SSL3:
+-#if defined(NO_SSL3)
++#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x1010L
+   Tcl_AppendResult(interp, "protocol not supported", NULL);
+   return TCL_ERROR;
+ #else
+@@ -754,12 +769,12 @@
+ #ifndef OPENSSL_NO_TLSEXT
+ char *servername  = NULL; /* hostname for Server Name Indication */
+ #endif
+-#if defined(NO_SSL2)
++#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ int ssl2 = 0;
+ #else
+ int ssl2 = 1;
+ #endif
+-#if defined(NO_SSL3)
++#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ int ssl3 = 0;
+ #else
+ int ssl3 = 1;
+@@ -1069,13 +1084,13 @@
+ }
+ 
+ /* create SSL context */
+-#if defined(NO_SSL2)
++#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ if (ENABLED(proto, TLS_PROTO_SSL2)) {
+   Tcl_AppendResult(interp, "protocol not supported", NULL);
+   return (SSL_CTX *)0;
+ }
+ #endif
+-#if defined(NO_SSL3)
++#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ if (ENABLED(proto, TLS_PROTO_SSL3)) {
+   Tcl_AppendResult(interp, "protocol not supported", NULL);
+   return (SSL_CTX