Bug#851084: let's NMU this then

Adam Borowski kilobyte at angband.pl
Sat Nov 25 20:13:49 UTC 2017 

Control: tags -1 +pending

As Philip Chung's patch sits here rotting, I prepared a NMU with it.
Will upload to DELAYED/7 shortly, here's the debdiff.
Please scream if anything is wrong.

-- 
⢀⣴⠾⠻⢶⣦⠀ Mozilla's Hippocritical Oath: "Keep trackers off your trail"
⣾⠁⢰⠒⠀⣿⡁ blah blah evading "tracking technology" blah blah
⢿⡄⠘⠷⠚⠋⠀ "https://click.e.mozilla.org/?qs=e7bb0dcf14b1013fca3820..."
⠈⠳⣄⠀⠀⠀⠀ (same for all links)
-------------- next part --------------
diff -Nru crtmpserver-1.0~dfsg/debian/changelog crtmpserver-1.0~dfsg/debian/changelog
--- crtmpserver-1.0~dfsg/debian/changelog	2016-12-30 17:40:06.000000000 +0100
+++ crtmpserver-1.0~dfsg/debian/changelog	2017-11-25 16:06:37.000000000 +0100
@@ -1,3 +1,10 @@
+crtmpserver (1.0~dfsg-5.4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * SSL1.1, patch by Philip Chung (Closes: #851084).
+
+ -- Adam Borowski <kilobyte at angband.pl>  Sat, 25 Nov 2017 16:06:37 +0100
+
 crtmpserver (1.0~dfsg-5.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru crtmpserver-1.0~dfsg/debian/control crtmpserver-1.0~dfsg/debian/control
--- crtmpserver-1.0~dfsg/debian/control	2016-12-30 17:40:03.000000000 +0100
+++ crtmpserver-1.0~dfsg/debian/control	2017-11-25 16:06:37.000000000 +0100
@@ -9,7 +9,7 @@
  cmake,
  debhelper (>= 9),
  liblua5.1-0-dev,
- libssl1.0-dev,
+ libssl-dev,
  libtinyxml-dev,
  pkg-config
 Standards-Version: 3.9.3
diff -Nru crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff
--- crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff	1970-01-01 01:00:00.000000000 +0100
+++ crtmpserver-1.0~dfsg/debian/patches/libssl_1_1_compatibility.diff	2017-11-25 16:06:37.000000000 +0100
@@ -0,0 +1,277 @@
+Description: allow the package to build against OpenSSL 1.1
+ Notice, however, that I inelegantly replace BaseSSLProtocol::DumpBIO()
+ in thelib/src/protocols/ssl/basesslprotocol.cpp with a stub function,
+ because I can't seem to find any way to access the data.
+ .
+ Actually, removing the method entirely still allows the package to
+ build, as no other part of the code actually uses it. Would it be safe
+ to do so?
+Author: Philip Chung <philipchung1995 at yahoo.com>
+Bug-Debian: https://bugs.debian.org/851084
+
+--- crtmpserver-1.0~dfsg.orig/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h
++++ crtmpserver-1.0~dfsg/applications/applestreamingclient/include/protocols/aes/inboundaesprotocol.h
+@@ -30,7 +30,7 @@ namespace app_applestreamingclient {
+ 	private:
+ 		IOBuffer _tempBuffer;
+ 		IOBuffer _inputBuffer;
+-		EVP_CIPHER_CTX _decContex;
++		EVP_CIPHER_CTX *_decContex;
+ 		bool _lastChunk;
+ 		uint8_t *_pIV;
+ 		uint8_t *_pKey;
+--- crtmpserver-1.0~dfsg.orig/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp
++++ crtmpserver-1.0~dfsg/applications/applestreamingclient/src/protocols/aes/inboundaesprotocol.cpp
+@@ -31,13 +31,12 @@ InboundAESProtocol::InboundAESProtocol()
+ 	memset(_pIV, 0, 16);
+ 	_pKey = new uint8_t[16];
+ 	memset(_pKey, 0, 16);
+-	memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));
++	_decContex = EVP_CIPHER_CTX_new();
+ 	_totalDecrypted = 0;
+ }
+ 
+ InboundAESProtocol::~InboundAESProtocol() {
+-	EVP_CIPHER_CTX_cleanup(&_decContex);
+-	memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));
++	EVP_CIPHER_CTX_free(_decContex);
+ 	delete[] _pIV;
+ 	delete[] _pKey;
+ }
+@@ -60,11 +59,9 @@ bool InboundAESProtocol::Initialize(Vari
+ 	_inputBuffer.IgnoreAll();
+ 	_tempBuffer.IgnoreAll();
+ 
+-	EVP_CIPHER_CTX_cleanup(&_decContex);
+-	memset(&_decContex, 0, sizeof (EVP_CIPHER_CTX));
+-	EVP_CIPHER_CTX_init(&_decContex);
+-	EVP_DecryptInit_ex(&_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV);
+-	EVP_CIPHER_CTX_set_padding(&_decContex, 0);
++	EVP_CIPHER_CTX_init(_decContex);
++	EVP_DecryptInit_ex(_decContex, EVP_aes_128_cbc(), NULL, _pKey, _pIV);
++	EVP_CIPHER_CTX_set_padding(_decContex, 0);
+ 
+ 	return true;
+ }
+@@ -105,14 +102,14 @@ bool InboundAESProtocol::SignalInputData
+ 	int decryptedFinalSize = 0;
+ 	uint32_t padding = 0;
+ 
+-	EVP_DecryptUpdate(&_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize);
++	EVP_DecryptUpdate(_decContex, pTempData, &decryptedSize, GETIBPOINTER(buffer), safeSize);
+ 	_totalDecrypted += decryptedSize;
+ 
+ 	//6. Decrypt leftovers
+ 	bool transferCompleted = false;
+ 	if (((HTTPBufferProtocol *) GetFarProtocol())->TransferCompleted()) {
+ 		transferCompleted = true;
+-		EVP_DecryptFinal_ex(&_decContex,
++		EVP_DecryptFinal_ex(_decContex,
+ 				pTempData + decryptedSize,
+ 				&decryptedFinalSize);
+ 		_totalDecrypted += decryptedFinalSize;
+--- crtmpserver-1.0~dfsg.orig/common/include/utils/misc/crypto.h
++++ crtmpserver-1.0~dfsg/common/include/utils/misc/crypto.h
+@@ -83,7 +83,7 @@ public:
+ 	bool CopySharedKey(uint8_t *pDst, int32_t dstLength);
+ private:
+ 	void Cleanup();
+-	bool CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength);
++	bool CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength);
+ };
+ 
+ DLLEXP void InitRC4Encryption(uint8_t *secretKey, uint8_t *pubKeyIn, uint8_t *pubKeyOut,
+--- crtmpserver-1.0~dfsg.orig/common/src/utils/misc/crypto.cpp
++++ crtmpserver-1.0~dfsg/common/src/utils/misc/crypto.cpp
+@@ -46,35 +46,46 @@ bool DHWrapper::Initialize() {
+ 	}
+ 
+ 	//2. Create his internal p and g
+-	_pDH->p = BN_new();
+-	if (_pDH->p == NULL) {
++	BIGNUM *p = BN_new();
++	if (p == NULL) {
+ 		FATAL("Unable to create p");
+ 		Cleanup();
+ 		return false;
+ 	}
+-	_pDH->g = BN_new();
+-	if (_pDH->g == NULL) {
++	BIGNUM *g = BN_new();
++	if (g == NULL) {
+ 		FATAL("Unable to create g");
+ 		Cleanup();
+ 		return false;
+ 	}
+ 
+ 	//3. initialize p, g and key length
+-	if (BN_hex2bn(&_pDH->p, P1024) == 0) {
++	if (BN_hex2bn(&p, P1024) == 0) {
+ 		FATAL("Unable to parse P1024");
+ 		Cleanup();
+ 		return false;
+ 	}
+-	if (BN_set_word(_pDH->g, 2) != 1) {
++	if (BN_set_word(g, 2) != 1) {
+ 		FATAL("Unable to set g");
+ 		Cleanup();
+ 		return false;
+ 	}
+ 
+-	//4. Set the key length
+-	_pDH->length = _bitsCount;
++	//4. Set internal p and g
++	if (DH_set0_pqg(_pDH, p, NULL, g) != 1) {
++		FATAL("Unable to set internal p and g");
++		Cleanup();
++		return false;
++	}
+ 
+-	//5. Generate private and public key
++	//5. Set the key length
++	if (DH_set_length(_pDH, _bitsCount) != 1) {
++		FATAL("Unable to set length");
++		Cleanup();
++		return false;
++	}
++
++	//6. Generate private and public key
+ 	if (DH_generate_key(_pDH) != 1) {
+ 		FATAL("Unable to generate DH public/private keys");
+ 		Cleanup();
+@@ -90,7 +101,9 @@ bool DHWrapper::CopyPublicKey(uint8_t *p
+ 		return false;
+ 	}
+ 
+-	return CopyKey(_pDH->pub_key, pDst, dstLength);
++	const BIGNUM *pub_key;
++	DH_get0_key(_pDH, &pub_key, NULL);
++	return CopyKey(pub_key, pDst, dstLength);
+ }
+ 
+ bool DHWrapper::CopyPrivateKey(uint8_t *pDst, int32_t dstLength) {
+@@ -99,7 +112,9 @@ bool DHWrapper::CopyPrivateKey(uint8_t *
+ 		return false;
+ 	}
+ 
+-	return CopyKey(_pDH->priv_key, pDst, dstLength);
++	const BIGNUM *priv_key;
++	DH_get0_key(_pDH, NULL, &priv_key);
++	return CopyKey(priv_key, pDst, dstLength);
+ }
+ 
+ bool DHWrapper::CreateSharedKey(uint8_t *pPeerPublicKey, int32_t length) {
+@@ -153,14 +168,6 @@ bool DHWrapper::CopySharedKey(uint8_t *p
+ 
+ void DHWrapper::Cleanup() {
+ 	if (_pDH != NULL) {
+-		if (_pDH->p != NULL) {
+-			BN_free(_pDH->p);
+-			_pDH->p = NULL;
+-		}
+-		if (_pDH->g != NULL) {
+-			BN_free(_pDH->g);
+-			_pDH->g = NULL;
+-		}
+ 		DH_free(_pDH);
+ 		_pDH = NULL;
+ 	}
+@@ -177,7 +184,7 @@ void DHWrapper::Cleanup() {
+ 	}
+ }
+ 
+-bool DHWrapper::CopyKey(BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) {
++bool DHWrapper::CopyKey(const BIGNUM *pNum, uint8_t *pDst, int32_t dstLength) {
+ 	int32_t keySize = BN_num_bytes(pNum);
+ 	if ((keySize <= 0) || (dstLength <= 0) || (keySize > dstLength)) {
+ 		FATAL("CopyPublicKey failed due to either invalid DH state or invalid call");
+@@ -197,20 +204,19 @@ void InitRC4Encryption(uint8_t *secretKe
+ 	uint8_t digest[SHA256_DIGEST_LENGTH];
+ 	unsigned int digestLen = 0;
+ 
+-	HMAC_CTX ctx;
+-	HMAC_CTX_init(&ctx);
+-	HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);
+-	HMAC_Update(&ctx, pubKeyIn, 128);
+-	HMAC_Final(&ctx, digest, &digestLen);
+-	HMAC_CTX_cleanup(&ctx);
++	HMAC_CTX *ctx;
++	ctx = HMAC_CTX_new();
++	HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0);
++	HMAC_Update(ctx, pubKeyIn, 128);
++	HMAC_Final(ctx, digest, &digestLen);
+ 
+ 	RC4_set_key(rc4keyOut, 16, digest);
+ 
+-	HMAC_CTX_init(&ctx);
+-	HMAC_Init_ex(&ctx, secretKey, 128, EVP_sha256(), 0);
+-	HMAC_Update(&ctx, pubKeyOut, 128);
+-	HMAC_Final(&ctx, digest, &digestLen);
+-	HMAC_CTX_cleanup(&ctx);
++	HMAC_CTX_reset(ctx);
++	HMAC_Init_ex(ctx, secretKey, 128, EVP_sha256(), 0);
++	HMAC_Update(ctx, pubKeyOut, 128);
++	HMAC_Final(ctx, digest, &digestLen);
++	HMAC_CTX_free(ctx);
+ 
+ 	RC4_set_key(rc4keyIn, 16, digest);
+ }
+@@ -220,14 +226,15 @@ string md5(string source, bool textResul
+ }
+ 
+ string md5(uint8_t *pBuffer, uint32_t length, bool textResult) {
+-	EVP_MD_CTX mdctx;
++	EVP_MD_CTX *mdctx;
+ 	unsigned char md_value[EVP_MAX_MD_SIZE];
+ 	unsigned int md_len;
+ 
+-	EVP_DigestInit(&mdctx, EVP_md5());
+-	EVP_DigestUpdate(&mdctx, pBuffer, length);
+-	EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+-	EVP_MD_CTX_cleanup(&mdctx);
++	mdctx = EVP_MD_CTX_new();
++	EVP_DigestInit(mdctx, EVP_md5());
++	EVP_DigestUpdate(mdctx, pBuffer, length);
++	EVP_DigestFinal_ex(mdctx, md_value, &md_len);
++	EVP_MD_CTX_free(mdctx);
+ 
+ 	if (textResult) {
+ 		string result = "";
+@@ -244,12 +251,12 @@ void HMACsha256(const void *pData, uint3
+ 		const void *pKey, uint32_t keyLength, void *pResult) {
+ 	unsigned int digestLen;
+ 
+-	HMAC_CTX ctx;
+-	HMAC_CTX_init(&ctx);
+-	HMAC_Init_ex(&ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL);
+-	HMAC_Update(&ctx, (unsigned char *) pData, dataLength);
+-	HMAC_Final(&ctx, (unsigned char *) pResult, &digestLen);
+-	HMAC_CTX_cleanup(&ctx);
++	HMAC_CTX *ctx;
++	ctx = HMAC_CTX_new();
++	HMAC_Init_ex(ctx, (unsigned char*) pKey, keyLength, EVP_sha256(), NULL);
++	HMAC_Update(ctx, (unsigned char *) pData, dataLength);
++	HMAC_Final(ctx, (unsigned char *) pResult, &digestLen);
++	HMAC_CTX_free(ctx);
+ 
+ 	assert(digestLen == 32);
+ }
+--- crtmpserver-1.0~dfsg.orig/thelib/src/protocols/ssl/basesslprotocol.cpp
++++ crtmpserver-1.0~dfsg/thelib/src/protocols/ssl/basesslprotocol.cpp
+@@ -210,6 +210,7 @@ string BaseSSLProtocol::GetSSLErrors() {
+ }
+ 
+ string BaseSSLProtocol::DumpBIO(BIO *pBIO) {
++	/*
+ 	string formatString;
+ 	formatString = "method: %p\n";
+ 	formatString += "callback: %p\n";
+@@ -240,6 +241,8 @@ string BaseSSLProtocol::DumpBIO(BIO *pBI
+ 			pBIO->references,
+ 			(int64_t) pBIO->num_read,
+ 			(int64_t) pBIO->num_write);
++	*/
++	return "FIXME BaseSSLProtocol::DumpBIO";
+ }
+ 
+ void BaseSSLProtocol::InitRandGenerator() {
diff -Nru crtmpserver-1.0~dfsg/debian/patches/series crtmpserver-1.0~dfsg/debian/patches/series
--- crtmpserver-1.0~dfsg/debian/patches/series	2016-07-30 04:23:15.000000000 +0200
+++ crtmpserver-1.0~dfsg/debian/patches/series	2017-11-25 16:06:37.000000000 +0100
@@ -8,3 +8,4 @@
 20_use_pkgconfig_for_tinyxml.diff
 21_fix_ftbfs_kfreebsd.diff
 22_fix_ftbfs_gcc-6.diff
+libssl_1_1_compatibility.diff

More information about the pkg-multimedia-maintainers mailing list