From: Gert Wollny Date: Sun, 26 Jun 2016 17:11:49 +0000 (+0000) Subject: update patch descriptions X-Git-Tag: archive/raspbian/3.6.9-4+rpi1^2~274 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=aea8b90a1d279b5a2fc6bd2ebd56a22da7a962c0;p=dcmtk.git update patch descriptions --- diff --git a/debian/patches/08_remove_system_processor.patch b/debian/patches/08_remove_system_processor.patch index 49c2892c..c519c82c 100644 --- a/debian/patches/08_remove_system_processor.patch +++ b/debian/patches/08_remove_system_processor.patch @@ -1,3 +1,7 @@ +Description: Remove the systemprocessor name in the compilate + Required for reproducible builds, and it is also not reliable +Author: Gert Wollny + --- a/CMake/GenerateDCMTKConfigure.cmake +++ b/CMake/GenerateDCMTKConfigure.cmake @@ -64,15 +64,6 @@ diff --git a/debian/patches/09_openssl-1.1.patch b/debian/patches/09_openssl-1.1.patch new file mode 100644 index 00000000..e04c4982 --- /dev/null +++ b/debian/patches/09_openssl-1.1.patch @@ -0,0 +1,198 @@ +Description: Compile with openssl-1.1 +Author: Gert Wollny +Bug-Debian: http://bugs.debian.org/828281 + +--- a/dcmtls/libsrc/tlslayer.cc ++++ b/dcmtls/libsrc/tlslayer.cc +@@ -48,6 +48,11 @@ + #define DCMTK_SSL_CTX_get0_param(A) A->param; + #endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define SSL_CTX_get_cert_store(ctx) ctx->cert_store ++#define EVP_PKEY_id(key) key->type; ++#endif ++ + extern "C" int DcmTLSTransportLayer_certificateValidationCallback(int ok, X509_STORE_CTX *storeContext); + + OFLogger DCM_dcmtlsLogger = OFLog::getLogger("dcmtk.dcmtls"); +@@ -114,18 +119,21 @@ + {"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", SSL3_TXT_ADH_DES_40_CBC_SHA}, + {"TLS_DH_anon_WITH_DES_CBC_SHA", SSL3_TXT_ADH_DES_64_CBC_SHA}, + {"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", SSL3_TXT_ADH_DES_192_CBC_SHA}, ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + {"TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA}, + {"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA}, + {"TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA}, + {"TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA}, ++#endif + {"TLS_DHE_DSS_WITH_RC4_128_SHA", TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA} + + #if OPENSSL_VERSION_NUMBER >= 0x0090700fL +- // cipersuites added in OpenSSL 0.9.7 + , ++ // cipersuites added in OpenSSL 0.9.7 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + {"TLS_RSA_EXPORT_WITH_RC4_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5}, + {"TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5}, +- ++#endif + /* AES ciphersuites from RFC3268 */ + {"TLS_RSA_WITH_AES_128_CBC_SHA", TLS1_TXT_RSA_WITH_AES_128_SHA}, + {"TLS_DH_DSS_WITH_AES_128_CBC_SHA", TLS1_TXT_DH_DSS_WITH_AES_128_SHA}, +@@ -184,7 +192,9 @@ + // but the API has been available at least since 0.9.5. + SSL_library_init(); + SSL_load_error_strings(); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSLeay_add_all_algorithms(); ++#endif + seedPRNG(randFile); + } + +@@ -330,7 +340,7 @@ + /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */ + if (transportLayerContext) + { +- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_file()); ++ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_file()); + if (x509_lookup == NULL) return TCS_tlsError; + if (! X509_LOOKUP_load_file(x509_lookup, fileName, fileType)) return TCS_tlsError; + } else return TCS_illegalCall; +@@ -342,7 +352,7 @@ + /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */ + if (transportLayerContext) + { +- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_hash_dir()); ++ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_hash_dir()); + if (x509_lookup == NULL) return TCS_tlsError; + if (! X509_LOOKUP_add_dir(x509_lookup, pathName, fileType)) return TCS_tlsError; + } else return TCS_illegalCall; +@@ -464,7 +474,7 @@ + EVP_PKEY *pubkey = X509_get_pubkey(peerCertificate); // creates copy of public key + if (pubkey) + { +- switch (EVP_PKEY_type(pubkey->type)) ++ switch (EVP_PKEY_id(pubkey)) + { + case EVP_PKEY_RSA: + certPubKeyType = "RSA"; +--- a/dcmsign/libsrc/sicert.cc ++++ b/dcmsign/libsrc/sicert.cc +@@ -39,6 +39,10 @@ + #include + END_EXTERN_C + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EVP_PKEY_id(key) key->type; ++#endif ++ + SiCertificate::SiCertificate() + : x509(NULL) + { +@@ -57,7 +61,7 @@ + EVP_PKEY *pkey = X509_extract_key(x509); + if (pkey) + { +- switch(pkey->type) ++ switch(EVP_PKEY_id(pkey)) + { + case EVP_PKEY_RSA: + result = EKT_RSA; +@@ -85,7 +89,7 @@ + EVP_PKEY *pkey = X509_extract_key(x509); + if (pkey) + { +- switch(pkey->type) ++ switch(EVP_PKEY_id(pkey)) + { + case EVP_PKEY_RSA: + return new SiRSA(EVP_PKEY_get1_RSA(pkey)); +@@ -111,7 +115,7 @@ + x509 = NULL; + if (filename) + { +- BIO *in = BIO_new(BIO_s_file_internal()); ++ BIO *in = BIO_new(BIO_s_file()); + if (in) + { + if (BIO_read_filename(in, filename) > 0) +--- a/dcmsign/libsrc/sicertvf.cc ++++ b/dcmsign/libsrc/sicertvf.cc +@@ -72,7 +72,7 @@ + X509_CRL *x509crl = NULL; + if (fileName) + { +- BIO *in = BIO_new(BIO_s_file_internal()); ++ BIO *in = BIO_new(BIO_s_file()); + if (in) + { + if (BIO_read_filename(in, fileName) > 0) +@@ -107,11 +107,12 @@ + X509 *rawcert = certificate.getRawCertificate(); + if (rawcert == NULL) return SI_EC_VerificationFailed_NoCertificate; + +- X509_STORE_CTX ctx; +- X509_STORE_CTX_init(&ctx, x509store, rawcert, NULL); +- int ok = X509_verify_cert(&ctx); /* returns nonzero if successful */ +- errorCode = X509_STORE_CTX_get_error(&ctx); +- X509_STORE_CTX_cleanup(&ctx); ++ X509_STORE_CTX *ctx = NULL; ++ ctx = X509_STORE_CTX_new(); ++ int ok = X509_STORE_CTX_init(ctx, x509store, rawcert, NULL); ++ errorCode = X509_STORE_CTX_get_error(ctx); ++ X509_STORE_CTX_cleanup(ctx); ++ X509_STORE_CTX_free(ctx); + if (ok) return EC_Normal; else return SI_EC_VerificationFailed_NoTrust; + } + +--- a/dcmsign/libsrc/siprivat.cc ++++ b/dcmsign/libsrc/siprivat.cc +@@ -38,6 +38,9 @@ + #include + END_EXTERN_C + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EVP_PKEY_id(key) key->type; ++#endif + + /* buf : buffer to write password into + * size : length of buffer in bytes +@@ -96,7 +99,7 @@ + pkey = NULL; + if (filename) + { +- BIO *in = BIO_new(BIO_s_file_internal()); ++ BIO *in = BIO_new(BIO_s_file()); + if (in) + { + if (BIO_read_filename(in, filename) > 0) +@@ -125,7 +128,7 @@ + E_KeyType result = EKT_none; + if (pkey) + { +- switch(pkey->type) ++ switch(EVP_PKEY_id(pkey)) + { + case EVP_PKEY_RSA: + result = EKT_RSA; +@@ -149,7 +152,7 @@ + { + if (pkey) + { +- switch(pkey->type) ++ switch(EVP_PKEY_id(pkey)) + { + case EVP_PKEY_RSA: + return new SiRSA(EVP_PKEY_get1_RSA(pkey)); +--- a/dcmpstat/libsrc/dviface.cc ++++ b/dcmpstat/libsrc/dviface.cc +@@ -4080,7 +4080,7 @@ + + /* attempt to load the private key with the given password*/ + EVP_PKEY *pkey = NULL; +- BIO *in = BIO_new(BIO_s_file_internal()); ++ BIO *in = BIO_new(BIO_s_file()); + if (in) + { + if (BIO_read_filename(in, filename.c_str()) > 0) diff --git a/debian/patches/dcmtk-361-20160216-ssl-1.1.patch b/debian/patches/dcmtk-361-20160216-ssl-1.1.patch deleted file mode 100644 index d05adaa7..00000000 --- a/debian/patches/dcmtk-361-20160216-ssl-1.1.patch +++ /dev/null @@ -1,194 +0,0 @@ ---- a/dcmtls/libsrc/tlslayer.cc -+++ b/dcmtls/libsrc/tlslayer.cc -@@ -48,6 +48,11 @@ - #define DCMTK_SSL_CTX_get0_param(A) A->param; - #endif - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define SSL_CTX_get_cert_store(ctx) ctx->cert_store -+#define EVP_PKEY_id(key) key->type; -+#endif -+ - extern "C" int DcmTLSTransportLayer_certificateValidationCallback(int ok, X509_STORE_CTX *storeContext); - - OFLogger DCM_dcmtlsLogger = OFLog::getLogger("dcmtk.dcmtls"); -@@ -114,18 +119,21 @@ - {"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", SSL3_TXT_ADH_DES_40_CBC_SHA}, - {"TLS_DH_anon_WITH_DES_CBC_SHA", SSL3_TXT_ADH_DES_64_CBC_SHA}, - {"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", SSL3_TXT_ADH_DES_192_CBC_SHA}, -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - {"TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA}, - {"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA}, - {"TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA}, - {"TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA}, -+#endif - {"TLS_DHE_DSS_WITH_RC4_128_SHA", TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA} - - #if OPENSSL_VERSION_NUMBER >= 0x0090700fL -- // cipersuites added in OpenSSL 0.9.7 - , -+ // cipersuites added in OpenSSL 0.9.7 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - {"TLS_RSA_EXPORT_WITH_RC4_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5}, - {"TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5}, -- -+#endif - /* AES ciphersuites from RFC3268 */ - {"TLS_RSA_WITH_AES_128_CBC_SHA", TLS1_TXT_RSA_WITH_AES_128_SHA}, - {"TLS_DH_DSS_WITH_AES_128_CBC_SHA", TLS1_TXT_DH_DSS_WITH_AES_128_SHA}, -@@ -184,7 +192,9 @@ - // but the API has been available at least since 0.9.5. - SSL_library_init(); - SSL_load_error_strings(); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSLeay_add_all_algorithms(); -+#endif - seedPRNG(randFile); - } - -@@ -330,7 +340,7 @@ - /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */ - if (transportLayerContext) - { -- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_file()); -+ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_file()); - if (x509_lookup == NULL) return TCS_tlsError; - if (! X509_LOOKUP_load_file(x509_lookup, fileName, fileType)) return TCS_tlsError; - } else return TCS_illegalCall; -@@ -342,7 +352,7 @@ - /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */ - if (transportLayerContext) - { -- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_hash_dir()); -+ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_hash_dir()); - if (x509_lookup == NULL) return TCS_tlsError; - if (! X509_LOOKUP_add_dir(x509_lookup, pathName, fileType)) return TCS_tlsError; - } else return TCS_illegalCall; -@@ -464,7 +474,7 @@ - EVP_PKEY *pubkey = X509_get_pubkey(peerCertificate); // creates copy of public key - if (pubkey) - { -- switch (EVP_PKEY_type(pubkey->type)) -+ switch (EVP_PKEY_id(pubkey)) - { - case EVP_PKEY_RSA: - certPubKeyType = "RSA"; ---- a/dcmsign/libsrc/sicert.cc -+++ b/dcmsign/libsrc/sicert.cc -@@ -39,6 +39,10 @@ - #include - END_EXTERN_C - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define EVP_PKEY_id(key) key->type; -+#endif -+ - SiCertificate::SiCertificate() - : x509(NULL) - { -@@ -57,7 +61,7 @@ - EVP_PKEY *pkey = X509_extract_key(x509); - if (pkey) - { -- switch(pkey->type) -+ switch(EVP_PKEY_id(pkey)) - { - case EVP_PKEY_RSA: - result = EKT_RSA; -@@ -85,7 +89,7 @@ - EVP_PKEY *pkey = X509_extract_key(x509); - if (pkey) - { -- switch(pkey->type) -+ switch(EVP_PKEY_id(pkey)) - { - case EVP_PKEY_RSA: - return new SiRSA(EVP_PKEY_get1_RSA(pkey)); -@@ -111,7 +115,7 @@ - x509 = NULL; - if (filename) - { -- BIO *in = BIO_new(BIO_s_file_internal()); -+ BIO *in = BIO_new(BIO_s_file()); - if (in) - { - if (BIO_read_filename(in, filename) > 0) ---- a/dcmsign/libsrc/sicertvf.cc -+++ b/dcmsign/libsrc/sicertvf.cc -@@ -72,7 +72,7 @@ - X509_CRL *x509crl = NULL; - if (fileName) - { -- BIO *in = BIO_new(BIO_s_file_internal()); -+ BIO *in = BIO_new(BIO_s_file()); - if (in) - { - if (BIO_read_filename(in, fileName) > 0) -@@ -107,11 +107,12 @@ - X509 *rawcert = certificate.getRawCertificate(); - if (rawcert == NULL) return SI_EC_VerificationFailed_NoCertificate; - -- X509_STORE_CTX ctx; -- X509_STORE_CTX_init(&ctx, x509store, rawcert, NULL); -- int ok = X509_verify_cert(&ctx); /* returns nonzero if successful */ -- errorCode = X509_STORE_CTX_get_error(&ctx); -- X509_STORE_CTX_cleanup(&ctx); -+ X509_STORE_CTX *ctx = NULL; -+ ctx = X509_STORE_CTX_new(); -+ int ok = X509_STORE_CTX_init(ctx, x509store, rawcert, NULL); -+ errorCode = X509_STORE_CTX_get_error(ctx); -+ X509_STORE_CTX_cleanup(ctx); -+ X509_STORE_CTX_free(ctx); - if (ok) return EC_Normal; else return SI_EC_VerificationFailed_NoTrust; - } - ---- a/dcmsign/libsrc/siprivat.cc -+++ b/dcmsign/libsrc/siprivat.cc -@@ -38,6 +38,9 @@ - #include - END_EXTERN_C - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define EVP_PKEY_id(key) key->type; -+#endif - - /* buf : buffer to write password into - * size : length of buffer in bytes -@@ -96,7 +99,7 @@ - pkey = NULL; - if (filename) - { -- BIO *in = BIO_new(BIO_s_file_internal()); -+ BIO *in = BIO_new(BIO_s_file()); - if (in) - { - if (BIO_read_filename(in, filename) > 0) -@@ -125,7 +128,7 @@ - E_KeyType result = EKT_none; - if (pkey) - { -- switch(pkey->type) -+ switch(EVP_PKEY_id(pkey)) - { - case EVP_PKEY_RSA: - result = EKT_RSA; -@@ -149,7 +152,7 @@ - { - if (pkey) - { -- switch(pkey->type) -+ switch(EVP_PKEY_id(pkey)) - { - case EVP_PKEY_RSA: - return new SiRSA(EVP_PKEY_get1_RSA(pkey)); ---- a/dcmpstat/libsrc/dviface.cc -+++ b/dcmpstat/libsrc/dviface.cc -@@ -4080,7 +4080,7 @@ - - /* attempt to load the private key with the given password*/ - EVP_PKEY *pkey = NULL; -- BIO *in = BIO_new(BIO_s_file_internal()); -+ BIO *in = BIO_new(BIO_s_file()); - if (in) - { - if (BIO_read_filename(in, filename.c_str()) > 0) diff --git a/debian/patches/series b/debian/patches/series index 63a3a859..839fbd53 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,4 +6,4 @@ 06_soversion_abi.patch 07_dont_export_all_executables.patch 08_remove_system_processor.patch -dcmtk-361-20160216-ssl-1.1.patch +09_openssl-1.1.patch