tags 828566 + patch
thanks
Hi, Muammar,
I'd like to offer a patch which ports tcltls to the new Openssl 1.1.
It's already forwarded upstream
(https://sourceforge.net/p/tls/bugs/66/) though I don't know when it
(or some other patch) will be accepted. The changes are mostly
straightforward, the patch retains compatibility with OpenSSL 1.0, and
the package passes regression tests.
If you don't mind, I could do NMU for this bugfix.
Cheers!
--
Sergei Golovan
diff -Nru tcltls-1.6.7+dfsg/debian/changelog tcltls-1.6.7+dfsg/debian/changelog
--- tcltls-1.6.7+dfsg/debian/changelog 2016-05-29 14:54:10.0 +0300
+++ tcltls-1.6.7+dfsg/debian/changelog 2016-11-07 16:40:21.0 +0300
@@ -1,3 +1,10 @@
+tcltls (1.6.7+dfsg-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Added a patch which fixes FTBFS with OpenSSL 1.1 (closes: #828566).
+
+ -- Sergei Golovan Mon, 07 Nov 2016 16:40:21 +0300
+
tcltls (1.6.7+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru tcltls-1.6.7+dfsg/debian/patches/openssl1.1
tcltls-1.6.7+dfsg/debian/patches/openssl1.1
--- tcltls-1.6.7+dfsg/debian/patches/openssl1.1 1970-01-01 03:00:00.0
+0300
+++ tcltls-1.6.7+dfsg/debian/patches/openssl1.1 2016-11-06 23:48:18.0
+0300
@@ -0,0 +1,410 @@
+Author: Sergei Golovan
+Description: Patch ports the tcltls to the new OpenSSL 1.1 API.
+Last-Modified: Sun, 30 Oct 2016 23:08:28 +0300
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828566
+Bug-Upstream: https://sourceforge.net/p/tls/bugs/66/
+Forwarded: yes
+
+--- a/tls.c
b/tls.c
+@@ -115,15 +115,29 @@
+ static DH *get_dh2048()
+ {
+ DH *dh=NULL;
++BIGNUM *p=NULL, *g=NULL;
+
+-if ((dh=DH_new()) == NULL) return(NULL);
++p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++if (p == NULL) goto err;
+
+-dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+-dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++if (g == NULL) goto err;
+
+-if ((dh->p == NULL) || (dh->g == NULL))
+- return(NULL);
++if ((dh=DH_new()) == NULL) goto err;
++
++#if OPENSSL_VERSION_NUMBER < 0x1010L
++dh->p=p;
++dh->g=g;
++#else
++if (!DH_set0_pqg(dh, p, NULL, g)) goto err;
++#endif
+ return(dh);
++
++err:
++if (p) BN_free(p);
++if (g) BN_free(g);
++if (dh) DH_free(dh);
++return(NULL);
+ }
+ #endif
+
+@@ -160,7 +174,10 @@
+ #define OPENSSL_THREAD_DEFINES
+ #include
+
+-#ifdef OPENSSL_THREADS
++static Tcl_Mutex init_mx;
++static int initialized;
++
++#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x1010L
+ #include
+
+ /*
+@@ -169,8 +186,6 @@
+ */
+
+ static Tcl_Mutex locks[CRYPTO_NUM_LOCKS];
+-static Tcl_Mutex init_mx;
+-static int initialized;
+
+ static void CryptoThreadLockCallback (int mode, int n, const char
*file, int line);
+ static unsigned long CryptoThreadIdCallback (void);
+@@ -310,7 +325,7 @@
+ Tcl_Obj *cmdPtr, *result;
+ char *errStr, *string;
+ int length;
+-SSL *ssl= (SSL*)X509_STORE_CTX_get_app_data(ctx);
++SSL *ssl= (SSL*)X509_STORE_CTX_get_ex_data(ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
+ X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+ State *statePtr = (State*)SSL_get_app_data(ssl);
+ int depth = X509_STORE_CTX_get_error_depth(ctx);
+@@ -554,14 +569,14 @@
+ }
+ switch ((enum protocol)index) {
+ case TLS_SSL2:
+-#if defined(NO_SSL2)
++#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ Tcl_AppendResult(interp, "protocol not supported", NULL);
+ return TCL_ERROR;
+ #else
+ ctx = SSL_CTX_new(SSLv2_method()); break;
+ #endif
+ case TLS_SSL3:
+-#if defined(NO_SSL3)
++#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ Tcl_AppendResult(interp, "protocol not supported", NULL);
+ return TCL_ERROR;
+ #else
+@@ -754,12 +769,12 @@
+ #ifndef OPENSSL_NO_TLSEXT
+ char *servername = NULL; /* hostname for Server Name Indication */
+ #endif
+-#if defined(NO_SSL2)
++#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ int ssl2 = 0;
+ #else
+ int ssl2 = 1;
+ #endif
+-#if defined(NO_SSL3)
++#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ int ssl3 = 0;
+ #else
+ int ssl3 = 1;
+@@ -1069,13 +1084,13 @@
+ }
+
+ /* create SSL context */
+-#if defined(NO_SSL2)
++#if defined(NO_SSL2) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ if (ENABLED(proto, TLS_PROTO_SSL2)) {
+ Tcl_AppendResult(interp, "protocol not supported", NULL);
+ return (SSL_CTX *)0;
+ }
+ #endif
+-#if defined(NO_SSL3)
++#if defined(NO_SSL3) || OPENSSL_VERSION_NUMBER >= 0x1010L
+ if (ENABLED(proto, TLS_PROTO_SSL3)) {
+ Tcl_AppendResult(interp, "protocol not supported", NULL);
+ return (SSL_CTX