Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-10-06 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Wed, 2018-04-18 at 14:29 +0200, Gianfranco Costamagna wrote:
> > Can you please also describe what if any testing was done on the
> > proposed update, and why this breakage wasn't caught before
> > release?
> 
> this has been explained in this bug, message 29, do you think it is
> enough or
> do you want any more testing? (also testing has been performed in
> 863530#25 )

Well, it's not exactly extensive testing for regressions, which is what
we're more interested in for cases such as this.

On the presumption that no issues have been reported since the relevant
unstable upload, please go ahead.

Regards,

Adam

Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-09-01 Thread Philipp Berger 
It now has been more than four months since the last reply by anyone.

PLEASE, is there anything I can to to push this through? It can not be
that hard!


Problem: The package is completely broken and unusable.

History:

  * 2017/11/15: First mention of this issue in my post to
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863530
  * 2017/12/01: I submitted a patch for the problem to #863530
  * 2018/01/02: This issue was opened to fix the problem against
    release.debian.org

It now has been EIGHT months since the patch was initially submitted.

Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-06-19 Thread Philipp Berger 
It now has been more than two months since the last reply by anyone.

PLEASE, is there anything I can to to push this through? It can not be
that hard!


Problem: The package is completely broken and unusable.

History:

  * 2017/11/15: First mention of this issue in my post to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863530
  * 2017/12/01: I submitted a patch for the problem to #863530
  * 2018/01/02: This issue was opened to fix the problem against
release.debian.org

It now has been 6 and 1/2 months since the patch was initially submitted.

Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-04-18 Thread Gianfranco Costamagna 

> It'd be better for it to be fixed with a version, rather than imply it's
> invalid.

Changed that to reflect that the version that fixed it is: 3.4.1-1
> 
> Can you please also describe what if any testing was done on the
> proposed update, and why this breakage wasn't caught before release?

this has been explained in this bug, message 29, do you think it is enough or
do you want any more testing? (also testing has been performed in 863530#25 )

maybe the bug hasn't been caught before release because people using sql stuff 
prefer
to use stable and not testing? :)

thanks!

Gianfranco

Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-03-30 Thread Julien Cristau 
On Thu, Mar 15, 2018 at 16:01:49 +0100, Gianfranco Costamagna wrote:

> Control: tag -1 - moreinfo
> On Sat, 10 Feb 2018 11:48:12 +0100 Julien Cristau  wrote:
> > Control: tag -1 moreinfo
> > 
> > On Tue, Jan  2, 2018 at 17:59:07 +0100, Gianfranco Costamagna wrote:
> > 
> > > +sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
> > > +
> > > +  [ Philipp Berger ]
> > > +  * Fixup previous patch, to avoid a crash when opening file
> > > +(Closes: #863530)
> > > +
> > 
> > That bug is still open, implying it still affects sid?
> > 
> 
> I closed it, that patch comes from the new release, actually part of 
> sid/buster
> 
> sorry for not closing it in advance
> 
It'd be better for it to be fixed with a version, rather than imply it's
invalid.

Can you please also describe what if any testing was done on the
proposed update, and why this breakage wasn't caught before release?

Cheers,
Julien

Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-03-15 Thread Gianfranco Costamagna 
Control: tag -1 - moreinfo
On Sat, 10 Feb 2018 11:48:12 +0100 Julien Cristau  wrote:
> Control: tag -1 moreinfo
> 
> On Tue, Jan  2, 2018 at 17:59:07 +0100, Gianfranco Costamagna wrote:
> 
> > +sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
> > +
> > +  [ Philipp Berger ]
> > +  * Fixup previous patch, to avoid a crash when opening file
> > +(Closes: #863530)
> > +
> 
> That bug is still open, implying it still affects sid?
> 

I closed it, that patch comes from the new release, actually part of sid/buster

sorry for not closing it in advance

G.



signature.asc
Description: OpenPGP digital signature

Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-02-10 Thread Julien Cristau 
Control: tag -1 moreinfo

On Tue, Jan  2, 2018 at 17:59:07 +0100, Gianfranco Costamagna wrote:

> +sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
> +
> +  [ Philipp Berger ]
> +  * Fixup previous patch, to avoid a crash when opening file
> +(Closes: #863530)
> +

That bug is still open, implying it still affects sid?

Cheers,
Julien

Bug#886146: stretch-pu: package sqlcipher/3.2.0-2+deb9u1

2018-01-02 Thread Gianfranco Costamagna 
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

Hello, I request an update to fix segfaults for sqlcipher, due to 
wrong/incomplete openssl patch

summary of the changes is here (and debdiff attached)


+sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
+
+  [ Philipp Berger ]
+  * Fixup previous patch, to avoid a crash when opening file
+(Closes: #863530)
+
+ -- Gianfranco Costamagna   Sat, 02 Dec 2017 
11:24:26 +0100
+

thanks!

Gianfranco
diff -Nru sqlcipher-3.2.0/debian/changelog sqlcipher-3.2.0/debian/changelog
--- sqlcipher-3.2.0/debian/changelog2016-12-23 11:00:19.0 +0100
+++ sqlcipher-3.2.0/debian/changelog2017-12-02 11:24:26.0 +0100
@@ -1,3 +1,11 @@
+sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
+
+  [ Philipp Berger ]
+  * Fixup previous patch, to avoid a crash when opening file
+(Closes: #863530)
+
+ -- Gianfranco Costamagna   Sat, 02 Dec 2017 
11:24:26 +0100
+
 sqlcipher (3.2.0-2) unstable; urgency=medium
 
   * support building with openssl 1.1 (Closes: #828555)
diff -Nru sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch 
sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch
--- sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch 2016-12-23 
10:59:43.0 +0100
+++ sqlcipher-3.2.0/debian/patches/33-openssl_1.1.patch 2017-12-02 
11:24:15.0 +0100
@@ -1,14 +1,23 @@
 --- a/src/crypto_openssl.c
 +++ b/src/crypto_openssl.c
-@@ -155,14 +155,24 @@
+@@ -109,6 +109,8 @@
+is called by SQLCipher internally. This should prevent SQLCipher from 
+"cleaning up" openssl when it was initialized externally by the 
program */
+   EVP_cleanup();
++} else {
++  openssl_external_init = 0;
+ }
+ #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
+ sqlite3_mutex_free(openssl_rand_mutex);
+@@ -143,14 +145,24 @@
  }
  
  static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int 
key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned 
char *out) {
 -  HMAC_CTX hctx;
unsigned int outlen;
 +#if OPENSSL_VERSION_NUMBER >= 0x1011L
-+  HMAC_CTX *hctx;
-+  hctx = HMAC_CTX_new();
++  HMAC_CTX* hctx = HMAC_CTX_new();
++  if(hctx == NULL) return SQLITE_ERROR;
 +  HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL);
 +  HMAC_Update(hctx, in, in_sz);
 +  HMAC_Update(hctx, in2, in2_sz);
@@ -26,7 +35,7 @@
return SQLITE_OK; 
  }
  
-@@ -172,9 +182,23 @@
+@@ -160,9 +172,23 @@
  }
  
  static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, 
int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char 
*out) {
@@ -34,15 +43,15 @@
int tmp_csz, csz;
   
 +#if OPENSSL_VERSION_NUMBER >= 0x1011L
-+  EVP_CIPHER_CTX *ectx;
-+  ectx = EVP_CIPHER_CTX_new();
-+  EVP_CipherInit(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
++  EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
++  if(ectx == NULL) return SQLITE_ERROR;
++  EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, 
mode);
 +  EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding
-+  EVP_CipherInit(ectx, NULL, key, iv, mode);
++  EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode);
 +  EVP_CipherUpdate(ectx, out, _csz, in, in_sz);
 +  csz = tmp_csz;  
 +  out += tmp_csz;
-+  EVP_CipherFinal(ectx, out, _csz);
++  EVP_CipherFinal_ex(ectx, out, _csz);
 +  csz += tmp_csz;
 +  EVP_CIPHER_CTX_free(ectx);
 +
@@ -51,7 +60,7 @@
EVP_CipherInit(, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
EVP_CIPHER_CTX_set_padding(, 0); // no padding
EVP_CipherInit(, NULL, key, iv, mode);
-@@ -184,7 +208,9 @@
+@@ -172,14 +198,19 @@
EVP_CipherFinal(, out, _csz);
csz += tmp_csz;
EVP_CIPHER_CTX_cleanup();
@@ -61,3 +70,15 @@
return SQLITE_OK; 
  }
  
+ static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) {
+   openssl_ctx *o_ctx = (openssl_ctx *)ctx;
+-  o_ctx->evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
+-  return SQLITE_OK;
++  EVP_CIPHER* cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
++  if(cipher != NULL) {
++o_ctx->evp_cipher = cipher;
++  }
++  return cipher != NULL ? SQLITE_OK : SQLITE_ERROR;
+ }
+ 
+ static const char* sqlcipher_openssl_get_cipher(void *ctx) {


signature.asc
Description: OpenPGP digital signature