Bug#852674: cfengine3: diff for NMU version 3.15.2-3.1

[Sebastian Ramacher]

Control: tags 852674 + patch
Control: tags 995642 + patch

Dear maintainer,

I've prepared an NMU for cfengine3 (versioned as 3.15.2-3.1). The diff
is attached to this message.

Cheers
-- 
Sebastian Ramacher

diff -Nru cfengine3-3.15.2/debian/changelog cfengine3-3.15.2/debian/changelog
--- cfengine3-3.15.2/debian/changelog	2020-09-14 09:00:24.000000000 +0200
+++ cfengine3-3.15.2/debian/changelog	2022-05-21 18:25:35.000000000 +0200
@@ -1,3 +1,12 @@
+cfengine3 (3.15.2-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/control: Make cfengine3 depend on exact version of libpromises3
+    (Closes: #852674)
+  * debian/patches/openssl3.patch: Fix FTBFS with OpenSSL 3 (Closes: #995642)
+
+ -- Sebastian Ramacher <sramac...@debian.org>  Sat, 21 May 2022 18:25:35 +0200
+
 cfengine3 (3.15.2-3) unstable; urgency=medium
 
   [ Antonio Radici ]
diff -Nru cfengine3-3.15.2/debian/control cfengine3-3.15.2/debian/control
--- cfengine3-3.15.2/debian/control	2020-09-14 09:00:24.000000000 +0200
+++ cfengine3-3.15.2/debian/control	2022-05-21 18:13:41.000000000 +0200
@@ -20,7 +20,7 @@
 
 Package: cfengine3
 Architecture: any
-Depends: lsb-base (>= 3.0-6), e2fsprogs, ${shlibs:Depends}, ${misc:Depends}
+Depends: lsb-base (>= 3.0-6), e2fsprogs, ${shlibs:Depends}, ${misc:Depends}, libpromises3 (= ${binary:Version})
 Recommends: python
 Description: tool for configuring and maintaining network machines
  Cfengine is a suite of programs for integrated autonomic management
diff -Nru cfengine3-3.15.2/debian/patches/openssl3.patch cfengine3-3.15.2/debian/patches/openssl3.patch
--- cfengine3-3.15.2/debian/patches/openssl3.patch	1970-01-01 01:00:00.000000000 +0100
+++ cfengine3-3.15.2/debian/patches/openssl3.patch	2022-05-21 18:25:35.000000000 +0200
@@ -0,0 +1,70 @@
+Description: Allow the use of deprected OpenSSL functions
+ Also load legacy provider for blowfish.
+Author: Sebastian Ramacher <sramac...@debian.org>
+Last-Update: 2022-05-21
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -462,10 +462,6 @@
+    #endif
+    ]])],[AC_MSG_RESULT(OK)],[AC_MSG_ERROR(This release of CFEngine requires OpenSSL >= 0.9.7)])
+ 
+-   if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xyes" ; then
+-      AC_DEFINE(OPENSSL_NO_DEPRECATED, 1, [Define if non deprecated API is available.])
+-   fi
+-
+    if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xno" && \
+       test "x$ac_cv_lib_crypto_RSA_generate_key" = "xno" ; then
+       AC_MSG_ERROR(Cannot find OpenSSL)
+--- a/libntech/configure.ac
++++ b/libntech/configure.ac
+@@ -431,10 +431,6 @@
+     #endif
+     ]])],[AC_MSG_RESULT(OK)],[AC_MSG_ERROR(This release of CFEngine requires OpenSSL >= 0.9.7)])
+ 
+-    if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xyes" ; then
+-       AC_DEFINE(OPENSSL_NO_DEPRECATED, 1, [Define if non deprecated API is available.])
+-    fi
+-
+     if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xno" && \
+        test "x$ac_cv_lib_crypto_RSA_generate_key" = "xno" ; then
+        AC_MSG_ERROR(Cannot find OpenSSL)
+--- a/libpromises/crypto.c
++++ b/libpromises/crypto.c
+@@ -27,6 +27,7 @@
+ #include <openssl/err.h>                                        /* ERR_* */
+ #include <openssl/rand.h>                                       /* RAND_* */
+ #include <openssl/bn.h>                                         /* BN_* */
++#include <openssl/provider.h>
+ #include <libcrypto-compat.h>
+ 
+ #include <cf3.defs.h>
+@@ -60,6 +61,8 @@
+ /* TODO move crypto.[ch] to libutils. Will need to remove all manipulation of
+  * lastseen db. */
+ 
++static OSSL_PROVIDER* legacy_provider = NULL;
++static OSSL_PROVIDER* default_provider = NULL;
+ static bool crypto_initialized = false; /* GLOBAL_X */
+ 
+ const char *CryptoLastErrorString()
+@@ -75,6 +78,8 @@
+         SetupOpenSSLThreadLocks();
+         OpenSSL_add_all_algorithms();
+         OpenSSL_add_all_digests();
++        legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
++        default_provider = OSSL_PROVIDER_load(NULL, "default");
+         ERR_load_crypto_strings();
+ 
+         RandomSeed();
+@@ -103,6 +108,10 @@
+         }
+ 
+         chmod(randfile, 0600);
++
++        OSSL_PROVIDER_unload(legacy_provider);
++        OSSL_PROVIDER_unload(default_provider);
++
+         EVP_cleanup();
+         CleanupOpenSSLThreadLocks();
+         ERR_free_strings();
diff -Nru cfengine3-3.15.2/debian/patches/series cfengine3-3.15.2/debian/patches/series
--- cfengine3-3.15.2/debian/patches/series	2020-09-14 09:00:24.000000000 +0200
+++ cfengine3-3.15.2/debian/patches/series	2022-05-21 18:19:58.000000000 +0200
@@ -9,3 +9,4 @@
 0011-fix_interpreters.patch
 0012-CFE-3401-remove_unused_buffer.patch
 0013-rename_package_to_cfengine3.patch
+openssl3.patch