On Mon, Jun 05, 2017 at 11:33:57AM +0200, Cyril Brulebois wrote: > Kurt Roeckx <k...@roeckx.be> (2017-06-04): > > So I've uploaded openssl 1.1.0f-2 > > Source debdiff lgtm from -1, and installation over https works fine, > ACK.
So I actually have a new version I want to upload: Modified: openssl/branches/1.1.0/debian/changelog =================================================================== --- openssl/branches/1.1.0/debian/changelog 2017-06-04 17:21:11 UTC (rev 903) +++ openssl/branches/1.1.0/debian/changelog 2017-06-05 09:42:35 UTC (rev 904) @@ -1,3 +1,9 @@ +openssl (1.1.0f-3) unstable; urgency=medium + + * Don't cleanup a thread-local key we didn't create (Closes: #863707) + + -- Kurt Roeckx <k...@roeckx.be> Mon, 05 Jun 2017 11:40:42 +0200 + openssl (1.1.0f-2) unstable; urgency=medium * Make the udeb use a versioned depends (Closes: #864080) Added: openssl/branches/1.1.0/debian/patches/0001-Only-release-thread-local-key-if-we-created-it.patch =================================================================== --- openssl/branches/1.1.0/debian/patches/0001-Only-release-thread-local-key-if-we-created-it.patch (rev 0) +++ openssl/branches/1.1.0/debian/patches/0001-Only-release-thread-local-key-if-we-created-it.patch 2017-06-05 09:42:35 UTC (rev 904) @@ -0,0 +1,47 @@ +From 73bc53708c386c1ea85941d345721e23dc61c05c Mon Sep 17 00:00:00 2001 +From: Rich Salz <rs...@openssl.org> +Date: Wed, 31 May 2017 12:14:55 -0400 +Subject: [PATCH] Only release thread-local key if we created it. + +Thanks to Jan Alexander Steffens for finding the bug and confirming the +fix. + +Reviewed-by: Richard Levitte <levi...@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/3592) +--- + crypto/err/err.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/crypto/err/err.c b/crypto/err/err.c +index f866f2fdd0..c55f849590 100644 +--- a/crypto/err/err.c ++++ b/crypto/err/err.c +@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { + #endif + + static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT; ++static int set_err_thread_local; + static CRYPTO_THREAD_LOCAL err_thread_local; + + static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; +@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init) + + void err_cleanup(void) + { +- CRYPTO_THREAD_cleanup_local(&err_thread_local); ++ if (set_err_thread_local != 0) ++ CRYPTO_THREAD_cleanup_local(&err_thread_local); + CRYPTO_THREAD_lock_free(err_string_lock); + err_string_lock = NULL; + } +@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid) + + DEFINE_RUN_ONCE_STATIC(err_do_init) + { ++ set_err_thread_local = 1; + return CRYPTO_THREAD_init_local(&err_thread_local, NULL); + } + +-- +2.11.0 + Modified: openssl/branches/1.1.0/debian/patches/series =================================================================== --- openssl/branches/1.1.0/debian/patches/series 2017-06-04 17:21:11 UTC (rev 903) +++ openssl/branches/1.1.0/debian/patches/series 2017-06-05 09:42:35 UTC (rev 904) @@ -4,3 +4,4 @@ pic.patch c_rehash-compat.patch #padlock_conf.patch +0001-Only-release-thread-local-key-if-we-created-it.patch