[Pkg-openssl-changes] r886 - openssl/branches/1.1.0/debian/patches
Sebastian Andrzej Siewior
bigeasy at moszumanska.debian.org
Thu Jan 26 20:06:06 UTC 2017
Author: bigeasy
Date: 2017-01-26 20:06:06 +0000 (Thu, 26 Jan 2017)
New Revision: 886
Removed:
openssl/branches/1.1.0/debian/patches/0001-Add-missing-zdelete-for-some-linux-arches.patch
openssl/branches/1.1.0/debian/patches/revert_ssl_read.patch
Log:
those two were actually removed
Deleted: openssl/branches/1.1.0/debian/patches/0001-Add-missing-zdelete-for-some-linux-arches.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/0001-Add-missing-zdelete-for-some-linux-arches.patch 2017-01-26 15:39:39 UTC (rev 885)
+++ openssl/branches/1.1.0/debian/patches/0001-Add-missing-zdelete-for-some-linux-arches.patch 2017-01-26 20:06:06 UTC (rev 886)
@@ -1,33 +0,0 @@
-From: Kurt Roeckx <kurt at roeckx.be>
-Date: Mon, 21 Nov 2016 22:15:11 +0100
-Subject: Add missing -zdelete for some linux arches
-
-Bug-Debian: https://bugs.debian.org/844715
-Applied-Upstream: https://github.com/openssl/openssl/commit/e9a86d6b4951a1c536d5536d1217e6be6455858a
-Description: Upstream commit b6d5ba1a9f00 ("Link using -znodelete") forgot to
- update some linux arches.
-
----
- Configurations/10-main.conf | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/Configurations/10-main.conf
-+++ b/Configurations/10-main.conf
-@@ -702,7 +702,7 @@ sub vms_info {
- cflags => add("-mabi=ilp32"),
- bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
- perlasm_scheme => "linux64",
-- shared_ldflag => "-mabi=ilp32",
-+ shared_ldflag => add("-mabi=ilp32"),
- },
-
- "linux-mips32" => {
-@@ -767,7 +767,7 @@ sub vms_info {
- cflags => add("-mx32 -DL_ENDIAN"),
- bn_ops => "SIXTY_FOUR_BIT",
- perlasm_scheme => "elf32",
-- shared_ldflag => "-mx32",
-+ shared_ldflag => add("-mx32"),
- multilib => "x32",
- },
-
Deleted: openssl/branches/1.1.0/debian/patches/revert_ssl_read.patch
===================================================================
--- openssl/branches/1.1.0/debian/patches/revert_ssl_read.patch 2017-01-26 15:39:39 UTC (rev 885)
+++ openssl/branches/1.1.0/debian/patches/revert_ssl_read.patch 2017-01-26 20:06:06 UTC (rev 886)
@@ -1,271 +0,0 @@
-Subject: Revert behaviour of SSL_read() and SSL_write(), and update documentation.
-
-Author: Kurt Roeckx <kurt at roeckx.be>
-Bug: https://github.com/openssl/openssl/issues/1903
-Bug-Debian: https://bugs.debian.org/844234
-Forwarded: no
-Description: This is a revert of upstream commit 4880672a9b41 ("A zero return
- from BIO_read()/BIO_write() could be retryable").
----
- doc/ssl/SSL_get_error.pod | 22 +++++++---------
- doc/ssl/SSL_read.pod | 31 +++++++++--------------
- doc/ssl/SSL_write.pod | 21 ++++++---------
- ssl/record/rec_layer_s3.c | 14 +++-------
- test/asynciotest.c | 61 +++++++++++++++++++++++++++++++++-------------
- 5 files changed, 79 insertions(+), 70 deletions(-)
-
---- a/doc/ssl/SSL_get_error.pod
-+++ b/doc/ssl/SSL_get_error.pod
-@@ -38,12 +38,13 @@ if and only if B<ret E<gt> 0>.
-
- =item SSL_ERROR_ZERO_RETURN
-
--The TLS/SSL connection has been closed. If the protocol version is SSL 3.0
--or TLS 1.0, this result code is returned only if a closure
--alert has occurred in the protocol, i.e. if the connection has been
--closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
--does not necessarily indicate that the underlying transport
--has been closed.
-+The TLS/SSL connection has been closed.
-+If the protocol version is SSL 3.0 or higher, this result code is returned only
-+if a closure alert has occurred in the protocol, i.e. if the connection has been
-+closed cleanly.
-+Note that in this case B<SSL_ERROR_ZERO_RETURN> does not necessarily
-+indicate that the underlying transport has been closed.
-+
-
- =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
-
-@@ -111,12 +112,9 @@ thread has completed.
-
- =item SSL_ERROR_SYSCALL
-
--Some I/O error occurred. The OpenSSL error queue may contain more
--information on the error. If the error queue is empty
--(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
--about the error: If B<ret == 0>, an EOF was observed that violates
--the protocol. If B<ret == -1>, the underlying B<BIO> reported an
--I/O error (for socket I/O on Unix systems, consult B<errno> for details).
-+Some non-recoverable I/O error occurred.
-+The OpenSSL error queue may contain more information on the error.
-+For socket I/O on Unix systems, consult B<errno> for details.
-
- =item SSL_ERROR_SSL
-
---- a/doc/ssl/SSL_read.pod
-+++ b/doc/ssl/SSL_read.pod
-@@ -81,28 +81,21 @@ with the same arguments.
-
- =over 4
-
--=item E<gt>0
-+=item E<gt> 0
-
--The read operation was successful; the return value is the number of
--bytes actually read from the TLS/SSL connection.
-+The read operation was successful.
-+The return value is the number of bytes actually read from the TLS/SSL
-+connection.
-
--=item Z<>0
-+=item Z<><= 0
-
--The read operation was not successful. The reason may either be a clean
--shutdown due to a "close notify" alert sent by the peer (in which case
--the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
--(see L<SSL_shutdown(3)>,
--L<SSL_set_shutdown(3)>). It is also possible, that
--the peer simply shut down the underlying transport and the shutdown is
--incomplete. Call SSL_get_error() with the return value B<ret> to find out,
--whether an error occurred or the connection was shut down cleanly
--(SSL_ERROR_ZERO_RETURN).
--
--=item E<lt>0
--
--The read operation was not successful, because either an error occurred
--or action must be taken by the calling process. Call SSL_get_error() with the
--return value B<ret> to find out the reason.
-+The read operation was not successful, because either the connection was closed,
-+an error occurred or action must be taken by the calling process.
-+Call L<SSL_get_error(3)> with the return value B<ret> to find out the reason.
-+
-+Old documentation indicated a difference between 0 and -1, and that -1 was
-+retryable.
-+You should instead call SSL_get_error() to find out if it's retryable.
-
- =back
-
---- a/doc/ssl/SSL_write.pod
-+++ b/doc/ssl/SSL_write.pod
-@@ -74,23 +74,20 @@ undefined.
-
- =over 4
-
--=item E<gt>0
-+=item E<gt> 0
-
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
-
--=item Z<>0
-+=item Z<><= 0
-
--The write operation was not successful. Probably the underlying connection
--was closed. Call SSL_get_error() with the return value B<ret> to find out,
--whether an error occurred or the connection was shut down cleanly
--(SSL_ERROR_ZERO_RETURN).
--
--=item E<lt>0
--
--The write operation was not successful, because either an error occurred
--or action must be taken by the calling process. Call SSL_get_error() with the
--return value B<ret> to find out the reason.
-+The write operation was not successful, because either the connection was
-+closed, an error occurred or action must be taken by the calling process.
-+Call SSL_get_error() with the return value B<ret> to find out the reason.
-+
-+Old documentation indicated a difference between 0 and -1, and that -1 was
-+retryable.
-+You should instead call SSL_get_error() to find out if it's retryable.
-
- =back
-
---- a/ssl/record/rec_layer_s3.c
-+++ b/ssl/record/rec_layer_s3.c
-@@ -178,10 +178,7 @@ const char *SSL_rstate_string(const SSL
- }
-
- /*
-- * Return values are as per SSL_read(), i.e.
-- * >0 The number of read bytes
-- * 0 Failure (not retryable)
-- * <0 Failure (may be retryable)
-+ * Return values are as per SSL_read()
- */
- int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold)
- {
-@@ -312,7 +309,7 @@ int ssl3_read_n(SSL *s, int n, int max,
- if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
- if (len + left == 0)
- ssl3_release_read_buffer(s);
-- return -1;
-+ return i;
- }
- left += i;
- /*
-@@ -882,10 +879,7 @@ int do_ssl3_write(SSL *s, int type, cons
-
- /* if s->s3->wbuf.left != 0, we need to call this
- *
-- * Return values are as per SSL_read(), i.e.
-- * >0 The number of read bytes
-- * 0 Failure (not retryable)
-- * <0 Failure (may be retryable)
-+ * Return values are as per SSL_write()
- */
- int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len)
-@@ -936,7 +930,7 @@ int ssl3_write_pending(SSL *s, int type,
- */
- SSL3_BUFFER_set_left(&wb[currbuf], 0);
- }
-- return -1;
-+ return i;
- }
- SSL3_BUFFER_add_offset(&wb[currbuf], i);
- SSL3_BUFFER_add_left(&wb[currbuf], -i);
---- a/test/asynciotest.c
-+++ b/test/asynciotest.c
-@@ -85,7 +85,7 @@ static int async_free(BIO *bio)
- static int async_read(BIO *bio, char *out, int outl)
- {
- struct async_ctrs *ctrs;
-- int ret = 0;
-+ int ret = -1;
- BIO *next = BIO_next(bio);
-
- if (outl <= 0)
-@@ -120,7 +120,7 @@ static int async_read(BIO *bio, char *ou
- static int async_write(BIO *bio, const char *in, int inl)
- {
- struct async_ctrs *ctrs;
-- int ret = 0;
-+ int ret = -1;
- size_t written = 0;
- BIO *next = BIO_next(bio);
-
-@@ -297,32 +297,59 @@ int main(int argc, char *argv[])
- * we hit at least one async event in both reading and writing
- */
- for (j = 0; j < 2; j++) {
-+ int len;
-+
- /*
- * Write some test data. It should never take more than 2 attempts
-- * (the first one might be a retryable fail). A zero return from
-- * SSL_write() is a non-retryable failure, so fail immediately if
-- * we get that.
-+ * (the first one might be a retryable fail).
- */
-- for (ret = -1, i = 0; ret < 0 && i < 2 * sizeof(testdata); i++)
-- ret = SSL_write(clientssl, testdata, sizeof(testdata));
-- if (ret <= 0) {
-- printf("Test %d failed: Failed to write app data\n", test);
-+ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2;
-+ i++) {
-+ ret = SSL_write(clientssl, testdata + len,
-+ sizeof(testdata) - len);
-+ if (ret > 0) {
-+ len += ret;
-+ } else {
-+ int ssl_error = SSL_get_error(clientssl, ret);
-+
-+ if (ssl_error == SSL_ERROR_SYSCALL ||
-+ ssl_error == SSL_ERROR_SSL) {
-+ printf("Test %d failed: Failed to write app data\n", test);
-+ err = -1;
-+ goto end;
-+ }
-+ }
-+ }
-+ if (len != sizeof(testdata)) {
-+ err = -1;
-+ printf("Test %d failed: Failed to write all app data\n", test);
- goto end;
- }
- /*
- * Now read the test data. It may take more attemps here because
- * it could fail once for each byte read, including all overhead
-- * bytes from the record header/padding etc. Fail immediately if we
-- * get a zero return from SSL_read().
-+ * bytes from the record header/padding etc.
- */
-- for (ret = -1, i = 0; ret < 0 && i < MAX_ATTEMPTS; i++)
-- ret = SSL_read(serverssl, buf, sizeof(buf));
-- if (ret <= 0) {
-- printf("Test %d failed: Failed to read app data\n", test);
-- goto end;
-+ for (ret = -1, i = 0, len = 0; len != sizeof(testdata) &&
-+ i < MAX_ATTEMPTS; i++)
-+ {
-+ ret = SSL_read(serverssl, buf + len, sizeof(buf) - len);
-+ if (ret > 0) {
-+ len += ret;
-+ } else {
-+ int ssl_error = SSL_get_error(serverssl, ret);
-+
-+ if (ssl_error == SSL_ERROR_SYSCALL ||
-+ ssl_error == SSL_ERROR_SSL) {
-+ printf("Test %d failed: Failed to read app data\n", test);
-+ err = -1;
-+ goto end;
-+ }
-+ }
- }
-- if (ret != sizeof(testdata)
-+ if (len != sizeof(testdata)
- || memcmp(buf, testdata, sizeof(testdata)) != 0) {
-+ err = -1;
- printf("Test %d failed: Unexpected app data received\n", test);
- goto end;
- }
More information about the Pkg-openssl-changes
mailing list