Date: Mon, 12 Sep 2022 08:00:43 +0700 X-NMUDIFF-Version: 2.22.2 Control: tags 1005719 + pending
Dear maintainer, I've prepared an NMU for mumble (versioned as 1.3.4-1.1) and it was uploaded to DELAYED/3. Please feel free to tell me if it should be delayed longer. Regards.
diff -Nru mumble-1.3.4/debian/changelog mumble-1.3.4/debian/changelog --- mumble-1.3.4/debian/changelog 2021-03-01 16:29:33.000000000 +0700 +++ mumble-1.3.4/debian/changelog 2022-09-12 00:37:43.000000000 +0700 @@ -1,3 +1,12 @@ +mumble (1.3.4-1.1) unstable; urgency=medium + + [ Steve Langasek ] + * Non-maintainer upload. + * debian/patches/openssl-3.0-compat.patch: port upstream patch for building against + openssl 3.0. Closes: #1005719. + + -- Judit Foglszinger <ur...@debian.org> Mon, 12 Sep 2022 00:37:43 +0700 + mumble (1.3.4-1) unstable; urgency=medium * New upstream bugfix release from 2021-02-10 diff -Nru mumble-1.3.4/debian/patches/55-openssl-3.0-compat.patch mumble-1.3.4/debian/patches/55-openssl-3.0-compat.patch --- mumble-1.3.4/debian/patches/55-openssl-3.0-compat.patch 1970-01-01 07:00:00.000000000 +0700 +++ mumble-1.3.4/debian/patches/55-openssl-3.0-compat.patch 2022-09-11 23:34:00.000000000 +0700 @@ -0,0 +1,351 @@ +Description: support building against openssl 3.0 + Based on upstream commit 02ddcf8c5dbd71e6e72c7ad81a6b66e62ea0fa6f +Author: Terry Geng <te...@terriex.com>, + Steve Langasek <steve.langa...@ubuntu.com> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1962721 +Last-Update: 2022-03-09 +Forwarded: not-needed + +Index: mumble-1.3.4/src/SelfSignedCertificate.cpp +=================================================================== +--- mumble-1.3.4.orig/src/SelfSignedCertificate.cpp ++++ mumble-1.3.4/src/SelfSignedCertificate.cpp +@@ -32,107 +32,85 @@ + return 1; + } + +-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail, QSslCertificate &qscCert, QSslKey &qskKey) { +- bool ok = true; +- X509 *x509 = NULL; +- EVP_PKEY *pkey = NULL; +- RSA *rsa = NULL; +- BIGNUM *e = NULL; +- X509_NAME *name = NULL; +- ASN1_INTEGER *serialNumber = NULL; +- ASN1_TIME *notBefore = NULL; +- ASN1_TIME *notAfter = NULL; +- QString commonName; +- bool isServerCert = certificateType == CertificateTypeServerCertificate; +- +- if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) { +- ok = false; +- goto out; ++EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() { ++ EVP_PKEY *pkey = EVP_PKEY_new(); ++ if (!pkey) { ++ return nullptr; ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr); ++ if (!ctx) { ++ return nullptr; ++ } ++ if (EVP_PKEY_keygen_init(ctx) <= 0) { ++ return nullptr; ++ } ++ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) { ++ return nullptr; ++ } ++ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) { ++ return nullptr; ++ } ++ EVP_PKEY_CTX_free(ctx); ++#else ++ RSA *rsa = RSA_new(); ++ BIGNUM *e = BN_new(); ++ if (!rsa) { ++ return nullptr; + } +- +- x509 = X509_new(); +- if (x509 == NULL) { +- ok = false; +- goto out; +- } +- +- pkey = EVP_PKEY_new(); +- if (pkey == NULL) { +- ok = false; +- goto out; +- } +- +- rsa = RSA_new(); +- if (rsa == NULL) { +- ok = false; +- goto out; +- } +- +- e = BN_new(); +- if (e == NULL) { +- ok = false; +- goto out; ++ if (!e) { ++ return nullptr; + } + if (BN_set_word(e, 65537) == 0) { +- ok = false; +- goto out; ++ return nullptr; + } +- +- if (RSA_generate_key_ex(rsa, 2048, e, NULL) == 0) { +- ok = false; +- goto out; ++ if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) { ++ return nullptr; + } +- + if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) { +- ok = false; +- goto out; +- } +- +- if (X509_set_version(x509, 2) == 0) { +- ok = false; +- goto out; +- } +- +- serialNumber = X509_get_serialNumber(x509); +- if (serialNumber == NULL) { +- ok = false; +- goto out; +- } +- if (ASN1_INTEGER_set(serialNumber, 1) == 0) { +- ok = false; +- goto out; +- } ++ return nullptr; ++ } ++ BN_free(e); ++ RSA_free(rsa); ++#endif ++ return pkey; ++} + +- notBefore = X509_get_notBefore(x509); +- if (notBefore == NULL) { +- ok = false; +- goto out; +- } +- if (X509_gmtime_adj(notBefore, 0) == NULL) { +- ok = false; +- goto out; ++#define CHECK(statement) \ ++ if (!(statement)) { \ ++ ok = false; \ ++ goto out; \ + } + +- notAfter = X509_get_notAfter(x509); +- if (notAfter == NULL) { +- ok = false; +- goto out; +- } +- if (X509_gmtime_adj(notAfter, 60*60*24*365*20) == NULL) { +- ok = false; +- goto out; +- } +- +- if (X509_set_pubkey(x509, pkey) == 0) { +- ok = false; +- goto out; +- } ++bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail, ++ QSslCertificate &qscCert, QSslKey &qskKey) { ++ bool ok = true; ++ EVP_PKEY *pkey = nullptr; ++ X509 *x509 = nullptr; ++ X509_NAME *name = nullptr; ++ ASN1_INTEGER *serialNumber = nullptr; ++ ASN1_TIME *notBefore = nullptr; ++ ASN1_TIME *notAfter = nullptr; ++ QString commonName; ++ bool isServerCert = certificateType == CertificateTypeServerCertificate; + +- name = X509_get_subject_name(x509); +- if (name == NULL) { +- ok = false; +- goto out; +- } ++ // In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate. ++ // See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html. ++ // We should consider migrating to this class after switching to Qt 5.15. ++ ++ CHECK(pkey = generate_rsa_keypair()); ++ ++ CHECK(x509 = X509_new()); ++ CHECK(X509_set_version(x509, 2)); ++ CHECK(serialNumber = X509_get_serialNumber(x509)); ++ CHECK(ASN1_INTEGER_set(serialNumber, 1)); ++ CHECK(notBefore = X509_get_notBefore(x509)); ++ CHECK(X509_gmtime_adj(notBefore, 0)); ++ CHECK(notAfter = X509_get_notAfter(x509)); ++ CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) ++ CHECK(X509_set_pubkey(x509, pkey)); ++ CHECK(name = X509_get_subject_name(x509)); + + if (isServerCert) { + commonName = QLatin1String("Murmur Autogenerated Certificate v2"); +@@ -144,116 +122,63 @@ + } + } + +- if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, reinterpret_cast<unsigned char *>(commonName.toUtf8().data()), -1, -1, 0) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8, ++ reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)); + +- if (X509_set_issuer_name(x509, name) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(X509_set_issuer_name(x509, name)); + +- if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE"))); + + if (isServerCert) { +- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth"))) + } else { +- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth"))); + } + +- if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash"))); + + if (isServerCert) { +- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur"))); + } else { +- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble"))); + } + + if (!isServerCert) { + if (!clientCertEmail.trimmed().isEmpty()) { +- if (add_ext(x509, NID_subject_alt_name, QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(add_ext(x509, NID_subject_alt_name, ++ QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())); + } + } + +- if (X509_sign(x509, pkey, EVP_sha1()) == 0) { +- ok = false; +- goto out; +- } ++ CHECK(X509_sign(x509, pkey, EVP_sha1())); + + { + QByteArray crt; +- int len = i2d_X509(x509, NULL); +- if (len <= 0) { +- ok = false; +- goto out; +- } ++ int len = i2d_X509(x509, nullptr); ++ CHECK(len > 0); + crt.resize(len); + +- unsigned char *dptr = reinterpret_cast<unsigned char *>(crt.data()); +- if (i2d_X509(x509, &dptr) != len) { +- ok = false; +- goto out; +- } ++ unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data()); ++ CHECK(i2d_X509(x509, &dptr) == len); + + qscCert = QSslCertificate(crt, QSsl::Der); +- if (qscCert.isNull()) { +- ok = false; +- goto out; +- } ++ CHECK(!qscCert.isNull()); + } + + { + QByteArray key; +- int len = i2d_PrivateKey(pkey, NULL); +- if (len <= 0) { +- ok = false; +- goto out; +- } ++ int len = i2d_PrivateKey(pkey, nullptr); ++ CHECK(len > 0); + key.resize(len); + +- unsigned char *dptr = reinterpret_cast<unsigned char *>(key.data()); +- if (i2d_PrivateKey(pkey, &dptr) != len) { +- ok = false; +- goto out; +- } ++ unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data()); ++ CHECK(i2d_PrivateKey(pkey, &dptr) == len); + + qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der); +- if (qskKey.isNull()) { +- ok = false; +- goto out; +- } ++ CHECK(!qskKey.isNull()); + } + + out: +- if (e) { +- BN_free(e); +- } +- // We only need to free the pkey pointer, +- // not the RSA pointer. We have assigned +- // our RSA key to pkey, and it will be freed +- // once we free pkey. + if (pkey) { + EVP_PKEY_free(pkey); + } +Index: mumble-1.3.4/src/SelfSignedCertificate.h +=================================================================== +--- mumble-1.3.4.orig/src/SelfSignedCertificate.h ++++ mumble-1.3.4/src/SelfSignedCertificate.h +@@ -6,6 +6,10 @@ + #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_ + #define MUMBLE_SELFSIGNEDCERTIFICATE_H_ + ++#include <openssl/evp.h> ++#include <openssl/rsa.h> ++#include <openssl/x509v3.h> ++ + #include <QtCore/QString> + #include <QtNetwork/QSslCertificate> + #include <QtNetwork/QSslKey> +@@ -15,6 +19,7 @@ + class SelfSignedCertificate { + private: + static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail, QSslCertificate &qscCert, QSslKey &qskKey); ++ static EVP_PKEY *generate_rsa_keypair(); + + public: + static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey); diff -Nru mumble-1.3.4/debian/patches/series mumble-1.3.4/debian/patches/series --- mumble-1.3.4/debian/patches/series 2021-03-01 15:08:41.000000000 +0700 +++ mumble-1.3.4/debian/patches/series 2022-09-12 00:37:43.000000000 +0700 @@ -7,3 +7,4 @@ 46-var-run-to-run.diff 52-use-update-rc.d-for-disable.diff 54-fix-mysql-start.diff +55-openssl-3.0-compat.patch
signature.asc
Description: This is a digitally signed message part.
