Bug#940985: dnsmasq WFTBFS: Accesses ECC curves directly

Sun, 27 Oct 2019 10:54:27 -0700 

Control: tags -1 + patch fixed-upstream

On 2019-09-23 Magnus Holmgren <holmg...@debian.org> wrote:
> Package: dnsmasq
> Version: 2.80-1
> Tags: upstream
> Severity: serious

> dnsmasq_ecdsa_verify() (in crypto.c) uses the addresses of nettle_secp_256r1 
> and nettle_secp_384r1 directly. As the comment in ecc-curve.h explains, "Due 
> to ABI subtleties, applications should not refer to these directly, but use 
> the below accessor functions." (nettle_get_secp_256r1() and 
> nettle_get_secp_384r1().) Indeed, dnsmasq will fail to build with nettle 
> 3.5.1.

This should be fixed in upstream GIT by commit
ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e.

cu Andreas

diff -u dnsmasq-2.80/debian/changelog dnsmasq-2.80/debian/changelog
--- dnsmasq-2.80/debian/changelog
+++ dnsmasq-2.80/debian/changelog
@@ -1,3 +1,11 @@
+dnsmasq (2.80-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply ab73a746a0d6fcac2e682c5548eeb87fb9c9c82e from upstream GIT to fix
+    build error against nettle 3.5. Closes: #940985
+
+ -- Andreas Metzler <ametz...@debian.org>  Sun, 27 Oct 2019 18:40:21 +0100
+
 dnsmasq (2.80-1) unstable; urgency=low
 
    * New upstream. (closes: #837602) (closes: #794640) (closes: #794636)
only in patch2:
unchanged:
--- dnsmasq-2.80.orig/src/crypto.c
+++ dnsmasq-2.80/src/crypto.c
@@ -275,6 +275,10 @@
   static struct ecc_point *key_256 = NULL, *key_384 = NULL;
   static mpz_t x, y;
   static struct dsa_signature *sig_struct;
+#if NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR < 4
+#define nettle_get_secp_256r1() (&nettle_secp_256r1)
+#define nettle_get_secp_384r1() (&nettle_secp_384r1)
+#endif
   
   if (!sig_struct)
     {
@@ -294,7 +298,7 @@
 	  if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
 	    return 0;
 	  
-	  nettle_ecc_point_init(key_256, &nettle_secp_256r1);
+	  nettle_ecc_point_init(key_256, nettle_get_secp_256r1());
 	}
       
       key = key_256;
@@ -307,7 +311,7 @@
 	  if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
 	    return 0;
 	  
-	  nettle_ecc_point_init(key_384, &nettle_secp_384r1);
+	  nettle_ecc_point_init(key_384, nettle_get_secp_384r1());
 	}
       
       key = key_384;

Reply via email to