On Thu, Dec 22, 2016 at 01:26:50AM +0200, Peter Pentchev wrote: > On Tue, Dec 20, 2016 at 03:14:49PM +0100, Markus Koschany wrote: > > On Mon, 28 Nov 2016 13:45:38 +0200 Peter Pentchev <r...@ringlet.net> wrote: > > [...] > > > So, what do you think about the attached series of patches? > > > - the first three are actually meant to bring the Git repository in line > > > with what was uploaded as libtorrent-0.13.6-1 > > > - the next one starts a changelog entry just to have one, I'm not trying > > > to take over libtorrent or to force myself into any kind of maintainer > > > team or anything > > > - then there are a couple of fixes, with the changelog entries split out > > > into separate commits so that you can pick and choose as you wish > > > > > > Hello Peter, > > > > thanks for your patches. I am willing to sponsor your fixes for > > libtorrent. [snip] > > I would like you to ask to get in contact with libtorrent's upstream > > first. Since this is a security sensitive patch, getting their approval > > is preferable. Unera filed issue 517 a while ago but it got almost > > immediately closed. > > > > https://github.com/rakshasa/rtorrent/issues/517 > > > > Please reopen it or file a new issue. As soon as upstream confirms that > > your patch is correct, please ping me again for the upload. > > I've decided to file a new issue against libtorrent itself, and marked > the patch as forwarded to https://github.com/rakshasa/libtorrent/pull/143 > I'll get back to you when the upstream author responds.
Right, and now the upstream author kindly pointed out that a quite similar version of this patch has already been applied to a different branch in the upstream Git repository. Here's an updated debdiff with his patch and an updated changelog entry. Again, if this is uploaded, I can commit it (and the catch-up commits before that) to collab-maint. Oh, and, of course, if people feel that a collab-maint commit does not really count as a team upload (but isn't this the purpose of collab-maint?), I can send another debdiff, formatted as a real NMU, and then commit that. Thanks again for your interest in this! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
diff -Nru libtorrent-0.13.6/debian/changelog libtorrent-0.13.6/debian/changelog --- libtorrent-0.13.6/debian/changelog 2015-09-30 07:03:36.000000000 +0300 +++ libtorrent-0.13.6/debian/changelog 2016-12-22 08:32:11.000000000 +0200 @@ -1,3 +1,14 @@ +libtorrent (0.13.6-2) unstable; urgency=medium + + * Team upload. + * Explicitly add zlib to the build dependencies now that OpenSSL + no longer depends on it. + * Import the dh-openssl-1.1 upstream patch to fix the compilation with + OpenSSL 1.1 by using an accessor function to store the generated + DH parameters. Closes: #828414 + + -- Peter Pentchev <r...@ringlet.net> Thu, 22 Dec 2016 08:32:11 +0200 + libtorrent (0.13.6-1) unstable; urgency=medium [ Jonathan McDowell ] diff -Nru libtorrent-0.13.6/debian/control libtorrent-0.13.6/debian/control --- libtorrent-0.13.6/debian/control 2015-09-30 07:03:36.000000000 +0300 +++ libtorrent-0.13.6/debian/control 2016-12-21 22:41:22.000000000 +0200 @@ -12,7 +12,8 @@ libcppunit-dev, libcurl4-openssl-dev, libsigc++-2.0-dev, - libssl-dev + libssl-dev, + zlib1g-dev Standards-Version: 3.9.6 Vcs-git: git://git.debian.org/git/collab-maint/libtorrent.git Vcs-browser: http://git.debian.org/?p=collab-maint/libtorrent.git;a=summary diff -Nru libtorrent-0.13.6/debian/patches/dh-openssl-1.1.patch libtorrent-0.13.6/debian/patches/dh-openssl-1.1.patch --- libtorrent-0.13.6/debian/patches/dh-openssl-1.1.patch 1970-01-01 02:00:00.000000000 +0200 +++ libtorrent-0.13.6/debian/patches/dh-openssl-1.1.patch 2016-12-22 08:31:54.000000000 +0200 @@ -0,0 +1,99 @@ +Description: Fix the DH parameters generation with OpenSSL 1.1. + The DH structure is now opaque, so the parameters must be stored there + through an accessor function. +Origin: upstream; https://github.com/rakshasa/libtorrent/commit/4607bbf78040789dee29266878ce109136b984ef +Bug-Debian: https://bugs.debian.org/828414 +Author: rakshasa <sundell.softw...@gmail.com> +Last-Update: 2016-12-22 + +--- a/src/utils/diffie_hellman.cc ++++ b/src/utils/diffie_hellman.cc +@@ -53,11 +53,23 @@ + m_secret(NULL), m_size(0) { + + #ifdef USE_OPENSSL ++ + m_dh = DH_new(); ++ ++#ifdef USE_OPENSSL_1_1 ++ BIGNUM * const dh_p = BN_bin2bn(prime, primeLength, NULL); ++ BIGNUM * const dh_g = BN_bin2bn(generator, generatorLength, NULL); ++ ++ if (dh_p == NULL || dh_g == NULL || ++ !DH_set0_pqg(m_dh, dh_p, NULL, dh_g)) ++ throw internal_error("Could not generate Diffie-Hellman parameters"); ++#else + m_dh->p = BN_bin2bn(prime, primeLength, NULL); + m_dh->g = BN_bin2bn(generator, generatorLength, NULL); ++#endif + + DH_generate_key(m_dh); ++ + #else + throw internal_error("Compiled without encryption support."); + #endif +@@ -73,7 +85,19 @@ + bool + DiffieHellman::is_valid() const { + #ifdef USE_OPENSSL ++ if (m_dh == NULL) ++ return false; ++ ++#ifdef USE_OPENSSL_1_1 ++ const BIGNUM *pub_key; ++ ++ DH_get0_key(m_dh, &pub_key, NULL); ++ ++ return pub_key != NULL; ++#else + return m_dh != NULL && m_dh->pub_key != NULL; ++#endif ++ + #else + return false; + #endif +@@ -102,8 +126,16 @@ + #ifdef USE_OPENSSL + std::memset(dest, 0, length); + +- if ((int)length >= BN_num_bytes(m_dh->pub_key)) +- BN_bn2bin(m_dh->pub_key, dest + length - BN_num_bytes(m_dh->pub_key)); ++ const BIGNUM *pub_key; ++ ++#ifdef USE_OPENSSL_1_1 ++ DH_get0_key(m_dh, &pub_key, NULL); ++#else ++ pub_key = m_dh->pub_key; ++#endif ++ ++ if ((int)length >= BN_num_bytes(pub_key)) ++ BN_bn2bin(pub_key, dest + length - BN_num_bytes(pub_key)); + #endif + } + +--- a/configure.ac ++++ b/configure.ac +@@ -66,12 +66,15 @@ + [ --disable-openssl Don't use OpenSSL's SHA1 implementation.], + [ + if test "$enableval" = "yes"; then ++dnl move to scripts. + PKG_CHECK_MODULES(OPENSSL, libcrypto, + CXXFLAGS="$CXXFLAGS $OPENSSL_CFLAGS"; + LIBS="$LIBS $OPENSSL_LIBS") + + AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.) + AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.) ++ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)]) ++ + else + AC_DEFINE(USE_NSS_SHA, 1, Using Mozilla's SHA1 implementation.) + fi +@@ -82,6 +85,7 @@ + + AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.) + AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.) ++ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)]) + ] + ) + diff -Nru libtorrent-0.13.6/debian/patches/series libtorrent-0.13.6/debian/patches/series --- libtorrent-0.13.6/debian/patches/series 1970-01-01 02:00:00.000000000 +0200 +++ libtorrent-0.13.6/debian/patches/series 2016-12-21 22:41:22.000000000 +0200 @@ -0,0 +1 @@ +dh-openssl-1.1.patch
signature.asc
Description: PGP signature
