Control: tags 852674 + patch Control: tags 995642 + patch Dear maintainer,
I've prepared an NMU for cfengine3 (versioned as 3.15.2-3.1). The diff is attached to this message. Cheers -- Sebastian Ramacher
diff -Nru cfengine3-3.15.2/debian/changelog cfengine3-3.15.2/debian/changelog --- cfengine3-3.15.2/debian/changelog 2020-09-14 09:00:24.000000000 +0200 +++ cfengine3-3.15.2/debian/changelog 2022-05-21 18:25:35.000000000 +0200 @@ -1,3 +1,12 @@ +cfengine3 (3.15.2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/control: Make cfengine3 depend on exact version of libpromises3 + (Closes: #852674) + * debian/patches/openssl3.patch: Fix FTBFS with OpenSSL 3 (Closes: #995642) + + -- Sebastian Ramacher <sramac...@debian.org> Sat, 21 May 2022 18:25:35 +0200 + cfengine3 (3.15.2-3) unstable; urgency=medium [ Antonio Radici ] diff -Nru cfengine3-3.15.2/debian/control cfengine3-3.15.2/debian/control --- cfengine3-3.15.2/debian/control 2020-09-14 09:00:24.000000000 +0200 +++ cfengine3-3.15.2/debian/control 2022-05-21 18:13:41.000000000 +0200 @@ -20,7 +20,7 @@ Package: cfengine3 Architecture: any -Depends: lsb-base (>= 3.0-6), e2fsprogs, ${shlibs:Depends}, ${misc:Depends} +Depends: lsb-base (>= 3.0-6), e2fsprogs, ${shlibs:Depends}, ${misc:Depends}, libpromises3 (= ${binary:Version}) Recommends: python Description: tool for configuring and maintaining network machines Cfengine is a suite of programs for integrated autonomic management diff -Nru cfengine3-3.15.2/debian/patches/openssl3.patch cfengine3-3.15.2/debian/patches/openssl3.patch --- cfengine3-3.15.2/debian/patches/openssl3.patch 1970-01-01 01:00:00.000000000 +0100 +++ cfengine3-3.15.2/debian/patches/openssl3.patch 2022-05-21 18:25:35.000000000 +0200 @@ -0,0 +1,70 @@ +Description: Allow the use of deprected OpenSSL functions + Also load legacy provider for blowfish. +Author: Sebastian Ramacher <sramac...@debian.org> +Last-Update: 2022-05-21 + +--- a/configure.ac ++++ b/configure.ac +@@ -462,10 +462,6 @@ + #endif + ]])],[AC_MSG_RESULT(OK)],[AC_MSG_ERROR(This release of CFEngine requires OpenSSL >= 0.9.7)]) + +- if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xyes" ; then +- AC_DEFINE(OPENSSL_NO_DEPRECATED, 1, [Define if non deprecated API is available.]) +- fi +- + if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xno" && \ + test "x$ac_cv_lib_crypto_RSA_generate_key" = "xno" ; then + AC_MSG_ERROR(Cannot find OpenSSL) +--- a/libntech/configure.ac ++++ b/libntech/configure.ac +@@ -431,10 +431,6 @@ + #endif + ]])],[AC_MSG_RESULT(OK)],[AC_MSG_ERROR(This release of CFEngine requires OpenSSL >= 0.9.7)]) + +- if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xyes" ; then +- AC_DEFINE(OPENSSL_NO_DEPRECATED, 1, [Define if non deprecated API is available.]) +- fi +- + if test "x$ac_cv_lib_crypto_RSA_generate_key_ex" = "xno" && \ + test "x$ac_cv_lib_crypto_RSA_generate_key" = "xno" ; then + AC_MSG_ERROR(Cannot find OpenSSL) +--- a/libpromises/crypto.c ++++ b/libpromises/crypto.c +@@ -27,6 +27,7 @@ + #include <openssl/err.h> /* ERR_* */ + #include <openssl/rand.h> /* RAND_* */ + #include <openssl/bn.h> /* BN_* */ ++#include <openssl/provider.h> + #include <libcrypto-compat.h> + + #include <cf3.defs.h> +@@ -60,6 +61,8 @@ + /* TODO move crypto.[ch] to libutils. Will need to remove all manipulation of + * lastseen db. */ + ++static OSSL_PROVIDER* legacy_provider = NULL; ++static OSSL_PROVIDER* default_provider = NULL; + static bool crypto_initialized = false; /* GLOBAL_X */ + + const char *CryptoLastErrorString() +@@ -75,6 +78,8 @@ + SetupOpenSSLThreadLocks(); + OpenSSL_add_all_algorithms(); + OpenSSL_add_all_digests(); ++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy"); ++ default_provider = OSSL_PROVIDER_load(NULL, "default"); + ERR_load_crypto_strings(); + + RandomSeed(); +@@ -103,6 +108,10 @@ + } + + chmod(randfile, 0600); ++ ++ OSSL_PROVIDER_unload(legacy_provider); ++ OSSL_PROVIDER_unload(default_provider); ++ + EVP_cleanup(); + CleanupOpenSSLThreadLocks(); + ERR_free_strings(); diff -Nru cfengine3-3.15.2/debian/patches/series cfengine3-3.15.2/debian/patches/series --- cfengine3-3.15.2/debian/patches/series 2020-09-14 09:00:24.000000000 +0200 +++ cfengine3-3.15.2/debian/patches/series 2022-05-21 18:19:58.000000000 +0200 @@ -9,3 +9,4 @@ 0011-fix_interpreters.patch 0012-CFE-3401-remove_unused_buffer.patch 0013-rename_package_to_cfengine3.patch +openssl3.patch