On Wed, 2016-11-09 at 15:53 -0500, Hon Ching Lo wrote:
>
> ---------- Forwarded message ----------
> From: Thomas Habets <[email protected]>
> Date: Fri, Nov 4, 2016 at 7:13 AM
> Subject: [TrouSerS-tech] Trousers getting kicked out of debian, it
> seems
> To: [email protected]
>
>
> Forwarded from trousers-users@ since it didn't get any replies there.
>
> tl;dr:
> 1) Debian wants to kick out trousers because it doesn't build with
> OpenSSL 1.1
> 2) There are patches to fix this (one from me, one from the Fedora
> bug)
> 3) I'm willing to fix up the patch if you don't want to accept it in
> its current form.
First, thank you for submitting the patch!
Yes, [2] as mentioned below is still the main repo. I have access to
that.
In fact, I've just merged a patch that replaced stack allocation of
EVP_MD_CTX structures. Instead of EVP_MD_CTX_{new,free}(),
EVP_MD_CTX_{create,destroy} are used to avoid breaking the OpenSSL 1.0.
Another reason for not using EVP_MD_CTX_{new,free}() is that OpenSSL 1.0
will be in a long term support, which may well be as long as TrouSers
will be supported.
Patches for TrouSers that support OpenSSL1.1 are welcomed! However,
1) they need to be tested.
2) they need to be backward-compatible.
Since your patch doesn't work with OpenSSL1.0, would it be possible that
if you "#ifdef" your code?
Best Regards,
Vicky
> ---------- Forwarded message ----------
> From: Thomas Habets <[email protected]>
> Date: 1 November 2016 at 10:41
> Subject: Re: Trousers getting kicked out of debian, it seems
> To: trousers-users <[email protected]>, Pierre
> Chifflier <[email protected]>
>
>
> Oh. Apparently Fedora has a patch too:
> https://bugzilla.redhat.com/show_bug.cgi?id=1388518
>
> On 1 November 2016 at 10:39, Thomas Habets <[email protected]> wrote:
> > [Adding Debian maintainer for this package to recipient list]
> >
> > Since I've not seen any response to this, here's a patch that at
> least
> > makes it *build* with OpenSSL.
> >
> > Two caveats:
> > * It's untested. I just know that it builds.
> > * It does *NOT* work with OpenSSL 1.0. For that to work it needs
> some
> > trivial functions like in [1] and EVP_MD_CTX_{new,free}().
> >
> > Who has commit access to this? Is [2] still the main repo?
> >
> >
> > [1]
> https://github.com/ThomasHabets/simple-tpm-pk11/commit/354f0cf3a193dbe8b1151059a08b0598531b645c
> > [2] https://sourceforge.net/p/trousers/trousers/ci/master/tree/
> >
> > On 27 October 2016 at 10:53, Thomas Habets <[email protected]> wrote:
> >> Because it doesn't support openssl 1.1.
> >> http://bugs.debian.org/828579
> >>
> >> Is anyone working on this?
> >>
> >> I made similar fixes for my tool here:
> >>
> https://github.com/ThomasHabets/simple-tpm-pk11/commit/354f0cf3a193dbe8b1151059a08b0598531b645c
> >>
> >> The changes in trousers seem to be of the same type: Direct access
> to
> >> struct members should be replaced with method accessors.
> >>
> >> --
> >> typedef struct me_s {
> >> char name[] = { "Thomas Habets" };
> >> char email[] = { "[email protected]" };
> >> char kernel[] = { "Linux" };
> >> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
> >> char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A
> 0169" };
> >> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
> >> } me_t;
> >
> >
> >
> > --
> > typedef struct me_s {
> > char name[] = { "Thomas Habets" };
> > char email[] = { "[email protected]" };
> > char kernel[] = { "Linux" };
> > char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
> > char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A
> 0169" };
> > char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
> > } me_t;
>
>
>
> --
> typedef struct me_s {
> char name[] = { "Thomas Habets" };
> char email[] = { "[email protected]" };
> char kernel[] = { "Linux" };
> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
> char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A
> 0169" };
> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
> } me_t;
>
>
> --
> typedef struct me_s {
> char name[] = { "Thomas Habets" };
> char email[] = { "[email protected]" };
> char kernel[] = { "Linux" };
> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
> char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A
> 0169" };
> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
> } me_t;
>
> ------------------------------------------------------------------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today. http://sdm.link/xeonphi
> _______________________________________________
> TrouSerS-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-tech
>
>
>
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
