Bug#995659: NMU: coturn: FTBFS with OpenSSL 3.0

Bastian Germann bage at debian.org
Thu Jun 2 15:32:09 BST 2022 

On Thu, 02 Jun 2022 13:10:27 +0300 Nicholas Guriev <nicholas at guriev.su> wrote:
> Please consider to apply my patch fixing build against newest OpenSSL. 
> The patch refers to the OPENSSL_FIPS macro that used to be in ancient 
> OpenSSL source code. This fix does not change behaviour because 
> the FIPS_mode() function always returned zero.

I am sponsoring this. Please find the debdiff attached.
-------------- next part --------------
diff -Nru coturn-4.5.2/debian/changelog coturn-4.5.2/debian/changelog
--- coturn-4.5.2/debian/changelog	2021-03-24 20:30:23.000000000 +0100
+++ coturn-4.5.2/debian/changelog	2022-06-02 12:36:34.000000000 +0200
@@ -1,3 +1,11 @@
+coturn (4.5.2-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * [518094e] New No-FIPS-140-mode.patch fixes build against OpenSSL 3.0
+    (Closes: #995659, LP: #1967018)
+
+ -- Nicholas Guriev <guriev-ns at ya.ru>  Thu, 02 Jun 2022 13:36:34 +0300
+
 coturn (4.5.2-3) unstable; urgency=medium
 
   [ Ferenc Wágner ]
diff -Nru coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch
--- coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch	1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.2/debian/patches/No-FIPS-140-mode.patch	2022-06-02 12:36:34.000000000 +0200
@@ -0,0 +1,31 @@
+From: Nicholas Guriev <guriev-ns at ya.ru>
+Date: Thu, 02 Jun 2022 12:34:17 +0300
+Subject: Do not check FIPS 140 mode
+ It is not available in OpenSSL as packaged in Debian. The OPENSSL_FIPS macro
+ appeared in ancient OpenSSL sources but was never defined.
+ https://sources.debian.org/src/openssl/1.1.1n-0%2Bdeb11u2/crypto/o_fips.c/
+
+---
+ src/client/ns_turn_msg.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/client/ns_turn_msg.c
++++ b/src/client/ns_turn_msg.c
+@@ -244,7 +244,7 @@ int stun_produce_integrity_key_str(const
+ 		unsigned int keylen = 0;
+ 		EVP_MD_CTX ctx;
+ 		EVP_MD_CTX_init(&ctx);
+-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
++#ifdef OPENSSL_FIPS
+ 		if (FIPS_mode()) {
+ 			EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 		}
+@@ -256,7 +256,7 @@ int stun_produce_integrity_key_str(const
+ #else
+ 		unsigned int keylen = 0;
+ 		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+-#if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER)
++#ifdef OPENSSL_FIPS
+ 		if (FIPS_mode()) {
+ 			EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 		}
diff -Nru coturn-4.5.2/debian/patches/series coturn-4.5.2/debian/patches/series
--- coturn-4.5.2/debian/patches/series	2021-02-10 20:05:50.000000000 +0100
+++ coturn-4.5.2/debian/patches/series	2022-06-02 12:36:34.000000000 +0200
@@ -1,2 +1,3 @@
 Set-logging-to-syslog.patch
 Fix-undefinded-OPENSSL_VERSION_1_1_1.patch
+No-FIPS-140-mode.patch

More information about the Pkg-voip-maintainers mailing list