summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2017-08-13 09:24:48 +0200
committerJörg Frings-Fürst <debian@jff-webhosting.net>2017-08-13 09:24:48 +0200
commit3fd025eb973a9c6f83db5b1a3aa77d2dc088a428 (patch)
tree89e73b2251879611ed4fbc60cbed2c4eaec22c88
parent320f24e58fbe40519cd0965bef347806511f9d6b (diff)
Migrate to openssl1.1; Declare compliance with Debian Policy 4.0.0
-rw-r--r--debian/changelog12
-rw-r--r--debian/control4
-rw-r--r--debian/files1
-rw-r--r--debian/patches/0120-openssl1.1.patch150
-rw-r--r--debian/patches/series1
5 files changed, 165 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog
index 229a8c2..e9b1ddb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+ipmitool (1.8.18-4) UNRELEASED; urgency=medium
+
+ * Migrate to openssl1.1 (Closes_# 853782):
+ - New debina/patches/0120-openssl1.1.patch:
+ + Cherry-picked from upstream.
+ - debian/control:
+ + Switch Build-Depeds from libssl1.0-dev to libssl-dev
+ to use libssl 1.1.
+ * Declare compliance with Debian Policy 4.0.0. (No changes needed).
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 13 Aug 2017 08:07:37 +0200
+
ipmitool (1.8.18-3) unstable; urgency=medium
* debian/rules:
diff --git a/debian/control b/debian/control
index 82207f9..a5b3b1b 100644
--- a/debian/control
+++ b/debian/control
@@ -7,8 +7,8 @@ Build-Depends:
libncurses-dev,
libfreeipmi-dev [!hurd-i386],
libreadline-dev,
- libssl1.0-dev
-Standards-Version: 3.9.8
+ libssl-dev
+Standards-Version: 4.0.0
Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/ipmitool.git
Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/ipmitool.git
Homepage: https://sourceforge.net/projects/ipmitool/
diff --git a/debian/files b/debian/files
deleted file mode 100644
index 58d13ec..0000000
--- a/debian/files
+++ /dev/null
@@ -1 +0,0 @@
-ipmitool_1.8.18-3_source.buildinfo utils optional
diff --git a/debian/patches/0120-openssl1.1.patch b/debian/patches/0120-openssl1.1.patch
new file mode 100644
index 0000000..a7523fd
--- /dev/null
+++ b/debian/patches/0120-openssl1.1.patch
@@ -0,0 +1,150 @@
+Description: Migrate to openssl 1.1
+ Cherry-picked from upstream
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Origin: upstream https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/
+Bug: https://sourceforge.net/p/ipmitool/bugs/461/
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853782
+Forwarded: not-needed
+Last-Update: 2017-08-13 <YYYY-MM-DD, last update of the meta-information, optional>
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/src/plugins/lanplus/lanplus_crypt_impl.c
+===================================================================
+--- trunk.orig/src/plugins/lanplus/lanplus_crypt_impl.c
++++ trunk/src/plugins/lanplus/lanplus_crypt_impl.c
+@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
++ EVP_CIPHER_CTX *ctx = NULL;
+
+ *bytes_written = 0;
+
+@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ printbuf(input, input_length, "encrypting this data");
+ }
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++ return;
++ }
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ /*
+ * The default implementation adds a whole block of padding if the input
+@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+ uint32_t tmplen;
+
+- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+ }
+
+
+@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ uint8_t * output,
+ uint32_t * bytes_written)
+ {
+- EVP_CIPHER_CTX ctx;
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+-
++ EVP_CIPHER_CTX *ctx = NULL;
+
+ if (verbose >= 5)
+ {
+@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ printbuf(input, input_length, "decrypting this data");
+ }
+
+-
+ *bytes_written = 0;
+
+ if (input_length == 0)
+ return;
+
++ ctx = EVP_CIPHER_CTX_new();
++ if (ctx == NULL) {
++ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
++ return;
++ }
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
++
+ /*
+ * The default implementation adds a whole block of padding if the input
+ * data is perfectly aligned. We would like to keep that from happening.
+@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_
+ assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
+
+
+- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length))
++ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length))
+ {
+ /* Error */
+ lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
+ *bytes_written = 0;
+- return;
+ }
+ else
+ {
+ uint32_t tmplen;
+
+- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen))
++ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
+ {
++ /* Error */
+ char buffer[1000];
+ ERR_error_string(ERR_get_error(), buffer);
+ lprintf(LOG_DEBUG, "the ERR error %s", buffer);
+ lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
+ *bytes_written = 0;
+- return; /* Error */
+ }
+ else
+ {
+ /* Success */
+ *bytes_written += tmplen;
+- EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ }
++ /* performs cleanup and free */
++ EVP_CIPHER_CTX_free(ctx);
+
+ if (verbose >= 5)
+ {
diff --git a/debian/patches/series b/debian/patches/series
index d3b8208..197df06 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,6 @@
#0605-manpage_typo.patch
#0105-typo.patch
+0120-openssl1.1.patch
0100-fix_buf_overflow.patch
0500-fix_CVE-2011-4339.patch
#0610-readme_typo.patch