Bug#828554: spice-gtk: FTBFS with openssl 1.1.0
control: tags -1 patch On 2016-09-21 22:59:56 [+0200], Sebastian Andrzej Siewior wrote: > The patch attached has been sent upstream. It is untested and I kindly > asked them to test it. I don't tag it patched until someone confirms > that this works. the patch attached was tested with remote-viewer + qemu. > Kurt Sebastian >From 2e5a3f72b86a008758ca01bef1d2fc95c3168afd Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej SiewiorDate: Fri, 30 Sep 2016 22:22:58 +0200 Subject: [PATCH] spice-gtk: get it compiled against openssl 1.1.0 and also 1.0.2h Signed-off-by: Sebastian Andrzej Siewior --- spice-common/common/ssl_verify.c | 20 -- src/bio-gio.c| 143 ++- src/spice-channel.c | 24 --- 3 files changed, 138 insertions(+), 49 deletions(-) diff --git a/spice-common/common/ssl_verify.c b/spice-common/common/ssl_verify.c index 601252e..b544aad 100644 --- a/spice-common/common/ssl_verify.c +++ b/spice-common/common/ssl_verify.c @@ -33,6 +33,14 @@ #include #include +#if OPENSSL_VERSION_NUMBER < 0x1010 + +static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) +{ + return x->data; +} +#endif + static int verify_pubkey(X509* cert, const char *key, size_t key_size) { EVP_PKEY* cert_pubkey = NULL; @@ -182,10 +190,10 @@ static int verify_hostname(X509* cert, const char *hostname) const GENERAL_NAME* name = sk_GENERAL_NAME_value(subject_alt_names, i); if (name->type == GEN_DNS) { found_dns_name = 1; -if (_gnutls_hostname_compare((char *)ASN1_STRING_data(name->d.dNSName), +if (_gnutls_hostname_compare((char *)ASN1_STRING_get0_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName), hostname)) { -spice_debug("alt name match=%s", ASN1_STRING_data(name->d.dNSName)); +spice_debug("alt name match=%s", ASN1_STRING_get0_data(name->d.dNSName)); GENERAL_NAMES_free(subject_alt_names); return 1; } @@ -208,11 +216,11 @@ static int verify_hostname(X509* cert, const char *hostname) alt_ip_len = ASN1_STRING_length(name->d.iPAddress); if ((ip_len == alt_ip_len) && - (memcmp(ASN1_STRING_data(name->d.iPAddress), ip_binary, ip_len)) == 0) { + (memcmp(ASN1_STRING_get0_data(name->d.iPAddress), ip_binary, ip_len)) == 0) { GInetAddress * alt_ip = NULL; gchar * alt_ip_string = NULL; -alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_data(name->d.iPAddress), +alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_get0_data(name->d.iPAddress), g_inet_address_get_family(ip)); alt_ip_string = g_inet_address_to_string(alt_ip); spice_debug("alt name IP match=%s", alt_ip_string); @@ -253,10 +261,10 @@ static int verify_hostname(X509* cert, const char *hostname) continue; } -if (_gnutls_hostname_compare((char*)ASN1_STRING_data(cn_asn1), +if (_gnutls_hostname_compare((char*)ASN1_STRING_get0_data(cn_asn1), ASN1_STRING_length(cn_asn1), hostname)) { -spice_debug("common name match=%s", (char*)ASN1_STRING_data(cn_asn1)); +spice_debug("common name match=%s", (char*)ASN1_STRING_get0_data(cn_asn1)); cn_match = 1; break; } diff --git a/src/bio-gio.c b/src/bio-gio.c index b310c97..701df93 100644 --- a/src/bio-gio.c +++ b/src/bio-gio.c @@ -23,21 +23,95 @@ #include "spice-util.h" #include "bio-gio.h" -typedef struct bio_gsocket_method { -BIO_METHOD method; -GIOStream *stream; -} bio_gsocket_method; +#if OPENSSL_VERSION_NUMBER < 0x1010 +static BIO_METHOD one_static_bio; -#define BIO_GET_GSOCKET(bio) (((bio_gsocket_method*)bio->method)->gsocket) -#define BIO_GET_ISTREAM(bio) (g_io_stream_get_input_stream(((bio_gsocket_method*)bio->method)->stream)) -#define BIO_GET_OSTREAM(bio) (g_io_stream_get_output_stream(((bio_gsocket_method*)bio->method)->stream)) +static int BIO_meth_set_read(BIO_METHOD *biom, + int (*bread) (BIO *, char *, int)) +{ +biom->bread = bread; +return 1; +} + +static int BIO_meth_set_write(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, int)) +{ +biom->bwrite = bwrite; +return 1; +} + +static int BIO_meth_set_puts(BIO_METHOD *biom, + int (*bputs) (BIO *, const char *)) +{ +biom->bputs = bputs; +return 1; +} + +static
Bug#828554: spice-gtk: FTBFS with openssl 1.1.0
On 2016-06-26 12:24:11 [+0200], Kurt Roeckx wrote: > https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/spice-gtk_0.30-1_amd64-20160529-1539 The patch attached has been sent upstream. It is untested and I kindly asked them to test it. I don't tag it patched until someone confirms that this works. > Kurt Sebastian >From 0bd3b308f964f52db02b20b5db3a6f9a45c35072 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej SiewiorDate: Wed, 21 Sep 2016 19:54:04 + Subject: [PATCH] spice-gtk: get it compiled against openssl 1.1.0 and also 1.0.2h Signed-off-by: Sebastian Andrzej Siewior --- src/bio-gio.c | 114 src/spice-channel.c | 24 ++- 2 files changed, 103 insertions(+), 35 deletions(-) diff --git a/src/bio-gio.c b/src/bio-gio.c index b310c97..aa8ddac 100644 --- a/src/bio-gio.c +++ b/src/bio-gio.c @@ -23,21 +23,74 @@ #include "spice-util.h" #include "bio-gio.h" -typedef struct bio_gsocket_method { -BIO_METHOD method; -GIOStream *stream; -} bio_gsocket_method; +#if OPENSSL_VERSION_NUMBER < 0x1010 +static BIO_METHOD one_static_bio; -#define BIO_GET_GSOCKET(bio) (((bio_gsocket_method*)bio->method)->gsocket) -#define BIO_GET_ISTREAM(bio) (g_io_stream_get_input_stream(((bio_gsocket_method*)bio->method)->stream)) -#define BIO_GET_OSTREAM(bio) (g_io_stream_get_output_stream(((bio_gsocket_method*)bio->method)->stream)) +static int BIO_meth_set_read(BIO_METHOD *biom, + int (*bread) (BIO *, char *, int)) +{ +biom->bread = bread; +return 1; +} + +static int BIO_meth_set_write(BIO_METHOD *biom, + int (*bwrite) (BIO *, const char *, int)) +{ +biom->bwrite = bwrite; +return 1; +} + +static int BIO_meth_set_puts(BIO_METHOD *biom, + int (*bputs) (BIO *, const char *)) +{ +biom->bputs = bputs; +return 1; +} + +static int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) +{ +biom->destroy = destroy; +return 1; +} + +static int BIO_get_new_index() +{ +return 128; +} + +static void BIO_set_data(BIO *a, void *ptr) +{ +a->ptr = ptr; +} + +static void *BIO_get_data(BIO *a) +{ +return a->ptr; +} + +static BIO_METHOD *BIO_meth_new(int type, const char *name) +{ +BIO_METHOD *biom = _static_bio; + +biom->type = type; +biom->name = name; +return biom; +} + +void BIO_meth_free(BIO_METHOD *biom) +{ +} + +#endif static int bio_gio_write(BIO *bio, const char *in, int inl) { +GIOStream *stream; gssize ret; GError *error = NULL; -ret = g_pollable_output_stream_write_nonblocking(G_POLLABLE_OUTPUT_STREAM(BIO_GET_OSTREAM(bio)), +stream = BIO_get_data(bio); +ret = g_pollable_output_stream_write_nonblocking(G_POLLABLE_OUTPUT_STREAM(stream), in, inl, NULL, ); BIO_clear_retry_flags(bio); @@ -53,10 +106,12 @@ static int bio_gio_write(BIO *bio, const char *in, int inl) static int bio_gio_read(BIO *bio, char *out, int outl) { +GIOStream *stream; gssize ret; GError *error = NULL; -ret = g_pollable_input_stream_read_nonblocking(G_POLLABLE_INPUT_STREAM(BIO_GET_ISTREAM(bio)), +stream = BIO_get_data(bio); +ret = g_pollable_input_stream_read_nonblocking(G_POLLABLE_INPUT_STREAM(stream), out, outl, NULL, ); BIO_clear_retry_flags(bio); @@ -72,12 +127,14 @@ static int bio_gio_read(BIO *bio, char *out, int outl) static int bio_gio_destroy(BIO *bio) { -if (bio == NULL || bio->method == NULL) +if (bio == NULL ) return 0; SPICE_DEBUG("bio gsocket destroy"); -g_clear_pointer(>method, g_free); +/* XXX DO WE NEED to free GIOStream *stream ? */ + +BIO_set_data(bio, NULL); return 1; } @@ -91,23 +148,30 @@ static int bio_gio_puts(BIO *bio, const char *str) return ret; } +static BIO_METHOD *bio_gio_method; + G_GNUC_INTERNAL BIO* bio_new_giostream(GIOStream *stream) { -// TODO: make an actual new BIO type, or just switch to GTls already... -BIO *bio = BIO_new_socket(-1, BIO_NOCLOSE); - -bio_gsocket_method *bio_method = g_new(bio_gsocket_method, 1); -bio_method->method = *bio->method; -bio_method->stream = stream; - -bio->method->destroy(bio); -bio->method = (BIO_METHOD*)bio_method; - -bio->method->bwrite = bio_gio_write; -bio->method->bread = bio_gio_read; -bio->method->bputs = bio_gio_puts; -bio->method->destroy = bio_gio_destroy; +BIO *bio; + +if (!bio_gio_method) { +bio_gio_method = BIO_meth_new(BIO_get_new_index(), "gio stream"); +if (!bio_gio_method) +return NULL; +if (!BIO_meth_set_write(bio_gio_method, bio_gio_write) +|| !BIO_meth_set_read(bio_gio_method, bio_gio_read) +|| !BIO_meth_set_puts(bio_gio_method,
Bug#828554: spice-gtk: FTBFS with openssl 1.1.0
Source: spice-gtk Version: 0.30-1 Severity: important Control: block 827061 by -1 Hi, OpenSSL 1.1.0 is about to released. During a rebuild of all packages using OpenSSL this package fail to build. A log of that build can be found at: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/spice-gtk_0.30-1_amd64-20160529-1539 On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the reasons why it might fail. There are also updated man pages at https://www.openssl.org/docs/manmaster/ that should contain useful information. There is a libssl-dev package available in experimental that contains a recent snapshot, I suggest you try building against that to see if everything works. If you have problems making things work, feel free to contact us. Kurt