[Pkg-remote-team] [guacamole-server] 01/01: Fixes for OpenSSL 1.1.0.

Dominik George natureshadow-guest at moszumanska.debian.org
Sat Nov 26 13:13:15 UTC 2016 

This is an automated email from the git hooks/post-receive script.

natureshadow-guest pushed a commit to branch master
in repository guacamole-server.

commit 9d1e86ed6ec4156e9dd611a06e0bc0cfe84a6522
Author: Dominik George <nik at naturalnet.de>
Date:   Sat Nov 26 13:25:40 2016 +0100

    Fixes for OpenSSL 1.1.0.
---
 debian/changelog                 |  3 +-
 debian/patches/openssl-1.1.patch | 91 ++++++++++++++++++++++++++++++++++++++++
 debian/patches/series            |  1 +
 3 files changed, 94 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 5aa10a9..f132730 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ guacamole-server (0.9.9-1) UNRELEASED; urgency=medium
     + Moves to libssh2.
   * Add shlib symbols files.
   * Add systemd support.
+  * Fix build with OpenSSL 1.1.
   * Update homepage and VCS fields.
   * Reformat control file.
   * Update watch file to point to SF.net.
@@ -20,7 +21,7 @@ guacamole-server (0.9.9-1) UNRELEASED; urgency=medium
   * Move to Debian Remote Maintainers team.
      + Move git to pkg-remote.
 
- -- Dominik George <nik at naturalnet.de>  Mon, 21 Nov 2016 21:41:33 +0100
+ -- Dominik George <nik at naturalnet.de>  Sat, 26 Nov 2016 14:10:46 +0100
 
 guacamole-server (0.8.3-2) unstable; urgency=medium
 
diff --git a/debian/patches/openssl-1.1.patch b/debian/patches/openssl-1.1.patch
new file mode 100644
index 0000000..450ab31
--- /dev/null
+++ b/debian/patches/openssl-1.1.patch
@@ -0,0 +1,91 @@
+From: Dominik George <nik at naturalnet.de>
+Subject: Fix build with OpenSSL 1.1.
+--- a/src/common-ssh/guac_ssh_key.c
++++ b/src/common-ssh/guac_ssh_key.c
+@@ -73,9 +73,12 @@ guac_common_ssh_key* guac_common_ssh_key
+         pos = public_key;
+ 
+         /* Derive public key */
++        const BIGNUM *n;
++        const BIGNUM *e;
++        RSA_get0_key(rsa_key, &n, &e, NULL); 
+         guac_common_ssh_buffer_write_string(&pos, "ssh-rsa", sizeof("ssh-rsa")-1);
+-        guac_common_ssh_buffer_write_bignum(&pos, rsa_key->e);
+-        guac_common_ssh_buffer_write_bignum(&pos, rsa_key->n);
++        guac_common_ssh_buffer_write_bignum(&pos, e);
++        guac_common_ssh_buffer_write_bignum(&pos, n);
+ 
+         /* Save public key to structure */
+         key->public_key = public_key;
+@@ -107,11 +110,17 @@ guac_common_ssh_key* guac_common_ssh_key
+         pos = public_key;
+ 
+         /* Derive public key */
++        const BIGNUM *p;
++        const BIGNUM *q;
++        const BIGNUM *g;
++        const BIGNUM *pub_key;
++        DSA_get0_pqg(dsa_key, &p, &q, &g);
++        DSA_get0_key(dsa_key, &pub_key, NULL);
+         guac_common_ssh_buffer_write_string(&pos, "ssh-dss", sizeof("ssh-dss")-1);
+-        guac_common_ssh_buffer_write_bignum(&pos, dsa_key->p);
+-        guac_common_ssh_buffer_write_bignum(&pos, dsa_key->q);
+-        guac_common_ssh_buffer_write_bignum(&pos, dsa_key->g);
+-        guac_common_ssh_buffer_write_bignum(&pos, dsa_key->pub_key);
++        guac_common_ssh_buffer_write_bignum(&pos, &p);
++        guac_common_ssh_buffer_write_bignum(&pos, &q);
++        guac_common_ssh_buffer_write_bignum(&pos, &g);
++        guac_common_ssh_buffer_write_bignum(&pos, &pub_key);
+ 
+         /* Save public key to structure */
+         key->public_key = public_key;
+@@ -158,7 +167,7 @@ int guac_common_ssh_key_sign(guac_common
+         int length, unsigned char* sig) {
+ 
+     const EVP_MD* md;
+-    EVP_MD_CTX md_ctx;
++    EVP_MD_CTX *md_ctx;
+ 
+     unsigned char digest[EVP_MAX_MD_SIZE];
+     unsigned int dlen, len;
+@@ -168,9 +177,9 @@ int guac_common_ssh_key_sign(guac_common
+         return -1;
+ 
+     /* Digest data */
+-    EVP_DigestInit(&md_ctx, md);
+-    EVP_DigestUpdate(&md_ctx, data, length);
+-    EVP_DigestFinal(&md_ctx, digest, &dlen);
++    EVP_DigestInit(md_ctx, md);
++    EVP_DigestUpdate(md_ctx, data, length);
++    EVP_DigestFinal(md_ctx, digest, &dlen);
+ 
+     /* Sign with key */
+     switch (key->type) {
+@@ -186,8 +195,11 @@ int guac_common_ssh_key_sign(guac_common
+             if (dsa_sig != NULL) {
+ 
+                 /* Compute size of each half of signature */
+-                int rlen = BN_num_bytes(dsa_sig->r);
+-                int slen = BN_num_bytes(dsa_sig->s);
++                const BIGNUM *r;
++                const BIGNUM *s;
++                DSA_SIG_get0(dsa_sig, &r, &s);
++                int rlen = BN_num_bytes(r);
++                int slen = BN_num_bytes(s);
+ 
+                 /* Ensure each number is within the required size */
+                 if (rlen > DSA_SIG_NUMBER_SIZE || slen > DSA_SIG_NUMBER_SIZE)
+@@ -197,11 +209,11 @@ int guac_common_ssh_key_sign(guac_common
+                 memset(sig, 0, DSA_SIG_SIZE);
+ 
+                 /* Add R at the end of the first block of the signature */
+-                BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE
++                BN_bn2bin(r, sig + DSA_SIG_SIZE
+                                           - DSA_SIG_NUMBER_SIZE - rlen);
+ 
+                 /* Add S at the end of the second block of the signature */
+-                BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen);
++                BN_bn2bin(s, sig + DSA_SIG_SIZE - slen);
+ 
+                 /* Done */
+                 DSA_SIG_free(dsa_sig);
diff --git a/debian/patches/series b/debian/patches/series
index 32c5c20..461bb9b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
+openssl-1.1.patch
 fix-buildsystem.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/packages/guacamole-server.git

More information about the Pkg-remote-team mailing list