From patchwork Sun Feb 3 15:06:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 157365 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2889779jaa; Sun, 3 Feb 2019 07:06:32 -0800 (PST) X-Google-Smtp-Source: AHgI3IbMeTFMHenBsgNTm5F5KJcxaLSmpYylbpJA3cR3zfN218aTKx3ZfnlqKnOwcuLomdFkbsc9 X-Received: by 2002:a63:fc4d:: with SMTP id r13mr9100215pgk.242.1549206392250; Sun, 03 Feb 2019 07:06:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549206392; cv=none; d=google.com; s=arc-20160816; b=xTda5W0i6Tnd6yMtcTLZbThZTNkTL3MoAYSUIgft8xO0Sto6u5b/wZtSaiGSOKlXjq PqqyIhqVg9BBbfTwBSRbLe3uxdneQtlFGTRAS+2vUgM5PbEXG+Dr062SJlcJtC3o6f9Q 5ga9J/rYRCCVZTNrx81UFsDB+LFrdBP2EKR4ij1zdKJhd0lct/SWtS8xz+QiRn0D2VD5 bDyu12r7A9Nuhjxkvc3O3hOlD89pD0+yjlukgVX45k6PQgc69pvUbQS3D+psgUWH95NC bkej6TimiGhHQQ3rIxF/GzNOVWTO1S0/YffTbLo83MVhDX2SWev8qUXjwcCV4WlEUYUO 2XUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:delivered-to; bh=jKwuVaPwvzMW+wUTHlREdcAVzERE7UnjzU3pv+GqpQ4=; b=TGlyjMcNAVV8ZrhuLj4S9HtlYm1+QrrxsBGta7mp5acQ3d5hzAX0mta/Kxv6TqndpW mrJh8MhdwhMjj624CZu9lk+JnwG8O60gqK82n7PpBwyc9OVTL9y8scRVb5c2q9fgwZKA IQagql5zEi1La6IX+ZT1vQTgC1BE9QGCmziMSnbLuys240iozv18WsXj2dO0hxTHlSEK ygk5Yw7+HRtnBuX71uMl45L3mX/tD1bISUFdTvuiMf33tpRjplguWTIfhZ7TaJidVAQ1 gf7ziga/W4m3UXswRBd1/6gK6N0K4opNq50X2S+c6hVz/eTwz+zJEJChE/lGFNnFAJsQ riOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=szkYOFeL; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id k62si13060552pfc.208.2019.02.03.07.06.30; Sun, 03 Feb 2019 07:06:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=szkYOFeL; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 6122E79CCB; Sun, 3 Feb 2019 15:06:26 +0000 (UTC) X-Original-To: openembedded-devel@lists.openembedded.org Delivered-To: openembedded-devel@lists.openembedded.org Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mail.openembedded.org (Postfix) with ESMTP id 9CFEB79CCB for ; Sun, 3 Feb 2019 15:06:23 +0000 (UTC) Received: by mail-pl1-f173.google.com with SMTP id 101so5611333pld.6 for ; Sun, 03 Feb 2019 07:06:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=dF/aAH3dakJAgzWxTeZdxz8Uvh6zdqf7Cf0r4lRI5JA=; b=szkYOFeLLBnwUZCFD98aHx2JckLFdomC32HKEDj1b/bCGeg8vX9JFek2OkJ2wo9G/2 qEMeEISRf1Dgdrby2oJtmNkHDbg3F8o8CV+Cou0wHgzcHOYE81CVhq+/2KRqRdaGS3E4 ckEHyQr/5Q7oe+SPO1FdOyBsqjWnPxSjfcr0h3teDF+LmX1O8X7uU//QaxHYPM1niC9Z 1ifnJKKL964elIwj6W0yGwBNdMXg0xbWYezP9V3KbcuzRGz7KUyHs/QmUfY1Ea5YTEN0 jkMzieDLQHqzn6Jn9f/Oz5EeJn1PmG43JR9w+m8iDuRYN5KmtuAlOtLb+fWwR3rL5PjG M00A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=dF/aAH3dakJAgzWxTeZdxz8Uvh6zdqf7Cf0r4lRI5JA=; b=nDGQMMm6M1+shcAaCyOGIlYJCoBQWQzs1KNkxP7hEUE0D8UdmyMKGvrABMExFtmN8z et7IDIb5Y5mmGuSne4NmNNDMAmUvZvjaZXfA8pCoDIQ6c7AG7VK+XIcJ6WMoh0SeYzBq tHrvJqxZLsiunVOcqcZYGkeVjFcgy7zHMl/kUdUa1/b49jmWnoK5CgfUz+kmcDNirKCH kMKfz5JrL0Lun32Wr0iSeZ4iCU/Gi42G/qLEaudyw3RhQQiuKnEvf8f/TWNeSY3AF8Pg g1KIypWFZtRsX5vRuKy2pWf6zU7Z/PFLSQNLzWDaIp+FTgWSlFOyeNwBbbaliVekdYEN XZbw== X-Gm-Message-State: AJcUukcILTedWBpwWoY3OC0YwBUgvD0gUJ1sqznToVwptC5422YFjsTb 6tSHpy92a06l/h6hje9JnLkTRV0O X-Received: by 2002:a17:902:b20e:: with SMTP id t14mr48102110plr.128.1549206383470; Sun, 03 Feb 2019 07:06:23 -0800 (PST) Received: from apollo.hsd1.ca.comcast.net ([2601:646:8500:6bc6::1609]) by smtp.gmail.com with ESMTPSA id a90sm24349645pfj.109.2019.02.03.07.06.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 03 Feb 2019 07:06:22 -0800 (PST) From: Khem Raj To: openembedded-devel@lists.openembedded.org Date: Sun, 3 Feb 2019 07:06:03 -0800 Message-Id: <20190203150606.2484-1-raj.khem@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [oe] [meta-oe][PATCH 1/4] pam-ssh-agent-auth: Port to work with openssl 1.1.x X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-devel-bounces@lists.openembedded.org Errors-To: openembedded-devel-bounces@lists.openembedded.org Signed-off-by: Khem Raj --- .../0001-Adapt-to-OpenSSL-1.1.1.patch | 879 ++++++++++++++++++ ...t-the-correct-OPENSSL_VERSION_NUMBER.patch | 365 ++++++++ .../pam/pam-ssh-agent-auth_0.10.3.bb | 7 +- 3 files changed, 1249 insertions(+), 2 deletions(-) create mode 100644 meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch create mode 100644 meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch -- 2.20.1 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel diff --git a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch new file mode 100644 index 0000000000..2d75a18f15 --- /dev/null +++ b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch @@ -0,0 +1,879 @@ +From 37e233307a79a9250962dcf77b7c7e27a02a1a35 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 1 Feb 2019 22:44:10 -0800 +Subject: [PATCH] Adapt to OpenSSL 1.1.1 + +From: Guido Falsi +https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch/ + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + authfd.c | 50 ++++++++++++++++++++ + bufbn.c | 4 ++ + cipher.h | 6 ++- + kex.h | 9 +++- + key.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++-- + ssh-dss.c | 51 ++++++++++++++++---- + ssh-ecdsa.c | 40 ++++++++++++---- + ssh-rsa.c | 22 +++++++-- + 8 files changed, 287 insertions(+), 28 deletions(-) + +diff --git a/authfd.c b/authfd.c +index 212e06b..f91514d 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -367,6 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -374,6 +375,15 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + if (keybits < 0 || bits != (u_int)keybits) + pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", + BN_num_bits(key->rsa->n), bits); ++#else ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_n(key->rsa)); ++ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); ++ keybits = BN_num_bits(RSA_get0_n(key->rsa)); ++ if (keybits < 0 || bits != (u_int)keybits) ++ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", ++ BN_num_bits(RSA_get0_n(key->rsa)), bits); ++#endif + break; + case 2: + blob = pamsshagentauth_buffer_get_string(&auth->identities, &blen); +@@ -417,9 +427,15 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_n(key->rsa)); ++#endif + pamsshagentauth_buffer_put_bignum(&buffer, challenge); + pamsshagentauth_buffer_append(&buffer, session_id, 16); + pamsshagentauth_buffer_put_int(&buffer, response_type); +@@ -496,6 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -504,6 +521,16 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + pamsshagentauth_buffer_put_bignum(b, key->iqmp); /* ssh key->u */ + pamsshagentauth_buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ + pamsshagentauth_buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ ++#else ++ pamsshagentauth_buffer_put_int(b, BN_num_bits(RSA_get0_n(key))); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_n(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_e(key)); ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_d(key)); ++ /* To keep within the protocol: p < q for ssh. in SSL p > q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_iqmp(key)); /* ssh key->u */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_q(key)); /* ssh key->p, SSL key->q */ ++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_p(key)); /* ssh key->q, SSL key->p */ ++#endif + pamsshagentauth_buffer_put_cstring(b, comment); + } + +@@ -513,19 +540,36 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->iqmp); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->q); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_n(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_d(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_iqmp(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_p(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_q(key->rsa)); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->pub_key); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->priv_key); ++#else ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_pub_key(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_priv_key(key->dsa)); ++#endif + break; + } + pamsshagentauth_buffer_put_cstring(b, comment); +@@ -605,9 +649,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); ++#else ++ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(RSA_get0_n(key->rsa))); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_n(key->rsa)); ++#endif + } else if (key->type == KEY_DSA || key->type == KEY_RSA) { + pamsshagentauth_key_to_blob(key, &blob, &blen); + pamsshagentauth_buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); +diff --git a/bufbn.c b/bufbn.c +index 6a49c73..4ecedc1 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,11 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (value->neg) { ++#else ++ if (BN_is_negative(value)) { ++#endif + pamsshagentauth_logerror("buffer_put_bignum2_ret: negative numbers not supported"); + return (-1); + } +diff --git a/cipher.h b/cipher.h +index 49bbc16..64f59ca 100644 +--- a/cipher.h ++++ b/cipher.h +@@ -59,15 +59,18 @@ + #define CIPHER_DECRYPT 0 + + typedef struct Cipher Cipher; +-typedef struct CipherContext CipherContext; ++// typedef struct CipherContext CipherContext; + + struct Cipher; ++/* + struct CipherContext { + int plaintext; + EVP_CIPHER_CTX evp; + Cipher *cipher; + }; ++*/ + ++/* + u_int cipher_mask_ssh1(int); + Cipher *cipher_by_name(const char *); + Cipher *cipher_by_number(int); +@@ -88,4 +91,5 @@ void cipher_set_keyiv(CipherContext *, u_char *); + int cipher_get_keyiv_len(const CipherContext *); + int cipher_get_keycontext(const CipherContext *, u_char *); + void cipher_set_keycontext(CipherContext *, u_char *); ++*/ + #endif /* CIPHER_H */ +diff --git a/kex.h b/kex.h +index 8e29c90..81ca57d 100644 +--- a/kex.h ++++ b/kex.h +@@ -70,7 +70,7 @@ enum kex_exchange { + #define KEX_INIT_SENT 0x0001 + + typedef struct Kex Kex; +-typedef struct Mac Mac; ++// typedef struct Mac Mac; + typedef struct Comp Comp; + typedef struct Enc Enc; + typedef struct Newkeys Newkeys; +@@ -84,6 +84,7 @@ struct Enc { + u_char *key; + u_char *iv; + }; ++/* + struct Mac { + char *name; + int enabled; +@@ -95,11 +96,13 @@ struct Mac { + HMAC_CTX evp_ctx; + struct umac_ctx *umac_ctx; + }; ++*/ + struct Comp { + int type; + int enabled; + char *name; + }; ++/* + struct Newkeys { + Enc enc; + Mac mac; +@@ -126,7 +129,9 @@ struct Kex { + int (*host_key_index)(Key *); + void (*kex[KEX_MAX])(Kex *); + }; ++*/ + ++/* + Kex *kex_setup(char *[PROPOSAL_MAX]); + void kex_finish(Kex *); + +@@ -152,6 +157,8 @@ kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, + void + derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); + ++*/ ++ + #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) + void dump_digest(char *, u_char *, int); + #endif +diff --git a/key.c b/key.c +index 107a442..aedbbb5 100644 +--- a/key.c ++++ b/key.c +@@ -77,15 +77,21 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (RSA_set0_key(rsa, BN_new(), BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++#endif + k->rsa = rsa; + break; + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -94,6 +100,12 @@ pamsshagentauth_key_new(int type) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->pub_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); ++#else ++ if (DSA_set0_pqg(dsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_pqg failed"); ++ if (DSA_set0_key(dsa, BN_new(), NULL) != 1) ++ pamsshagentauth_fatal("key_new: DSA_set0_key failed"); ++#endif + k->dsa = dsa; + break; + case KEY_ECDSA: +@@ -118,6 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -130,14 +143,30 @@ pamsshagentauth_key_new_private(int type) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->dmp1 = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); ++ if (RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_crt_params failed"); ++ if (RSA_set0_factors(k->rsa, BN_new(), BN_new()) != 1) ++ pamsshagentauth_fatal("key_new: RSA_set0_factors failed"); ++#endif + break; + case KEY_DSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); ++#else ++ if (DSA_set0_key(k->dsa, NULL, BN_new()) != 1) ++ pamsshagentauth_fatal("key_new_private: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); ++#else ++#endif + break; + case KEY_ED25519: + RAND_bytes(k->ed25519->sk, sizeof(k->ed25519->sk)); +@@ -195,14 +224,26 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; ++#else ++ BN_cmp(RSA_get0_e(a->rsa), RSA_get0_e(b->rsa)) == 0 && ++ BN_cmp(RSA_get0_n(a->rsa), RSA_get0_n(b->rsa)) == 0; ++#endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && + BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; ++#else ++ BN_cmp(DSA_get0_p(a->dsa), DSA_get0_p(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_q(a->dsa), DSA_get0_q(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_g(a->dsa), DSA_get0_g(b->dsa)) == 0 && ++ BN_cmp(DSA_get0_pub_key(a->dsa), DSA_get0_pub_key(b->dsa)) == 0; ++#endif + case KEY_ECDSA: + return a->ecdsa != NULL && b->ecdsa != NULL && + EC_KEY_check_key(a->ecdsa) == 1 && +@@ -231,7 +272,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + u_int *dgst_raw_length) + { + const EVP_MD *md = NULL; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + u_char *blob = NULL; + u_char *retval = NULL; + u_int len = 0; +@@ -252,12 +293,21 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; + blob = pamsshagentauth_xmalloc(len); + BN_bn2bin(k->rsa->n, blob); + BN_bn2bin(k->rsa->e, blob + nlen); ++#else ++ nlen = BN_num_bytes(RSA_get0_n(k->rsa)); ++ elen = BN_num_bytes(RSA_get0_e(k->rsa)); ++ len = nlen + elen; ++ blob = pamsshagentauth_xmalloc(len); ++ BN_bn2bin(RSA_get0_n(k->rsa), blob); ++ BN_bn2bin(RSA_get0_e(k->rsa), blob + nlen); ++#endif + break; + case KEY_DSA: + case KEY_ECDSA: +@@ -273,11 +323,14 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + if (blob != NULL) { + retval = pamsshagentauth_xmalloc(EVP_MAX_MD_SIZE); +- EVP_DigestInit(&ctx, md); +- EVP_DigestUpdate(&ctx, blob, len); +- EVP_DigestFinal(&ctx, retval, dgst_raw_length); ++ /* XXX Errors from EVP_* functions are not hadled */ ++ ctx = EVP_MD_CTX_create(); ++ EVP_DigestInit(ctx, md); ++ EVP_DigestUpdate(ctx, blob, len); ++ EVP_DigestFinal(ctx, retval, dgst_raw_length); + memset(blob, 0, len); + pamsshagentauth_xfree(blob); ++ EVP_MD_CTX_destroy(ctx); + } else { + pamsshagentauth_fatal("key_fingerprint_raw: blob is null"); + } +@@ -457,10 +510,17 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) + return -1; ++#else ++ if (!read_bignum(cpp, RSA_get0_e(ret->rsa))) ++ return -1; ++ if (!read_bignum(cpp, RSA_get0_n(ret->rsa))) ++ return -1; ++#endif + success = 1; + break; + case KEY_UNSPEC: +@@ -583,10 +643,17 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && + write_bignum(f, key->rsa->n)) { ++#else ++ bits = BN_num_bits(RSA_get0_n(key->rsa)); ++ fprintf(f, "%u", bits); ++ if (write_bignum(f, RSA_get0_e(key->rsa)) && ++ write_bignum(f, RSA_get0_n(key->rsa))) { ++#endif + success = 1; + } else { + pamsshagentauth_logerror("key_write: failed for RSA key"); +@@ -675,10 +742,17 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: + return BN_num_bits(k->dsa->p); ++#else ++ case KEY_RSA: ++ return BN_num_bits(RSA_get0_n(k->rsa)); ++ case KEY_DSA: ++ return BN_num_bits(DSA_get0_p(k->dsa)); ++#endif + case KEY_ECDSA: + { + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(k->ecdsa)); +@@ -769,17 +843,29 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || + (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) ++#else ++ if ((BN_copy(DSA_get0_p(n->dsa), DSA_get0_p(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_q(n->dsa), DSA_get0_q(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_g(n->dsa), DSA_get0_g(k->dsa)) == NULL) || ++ (BN_copy(DSA_get0_pub_key(n->dsa), DSA_get0_pub_key(k->dsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) ++#else ++ if ((BN_copy(RSA_get0_n(n->rsa), RSA_get0_n(k->rsa)) == NULL) || ++ (BN_copy(RSA_get0_e(n->rsa), RSA_get0_e(k->rsa)) == NULL)) ++#endif + pamsshagentauth_fatal("key_from_private: BN_copy failed"); + break; + case KEY_ECDSA: +@@ -881,8 +967,13 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_e(key->rsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_n(key->rsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read rsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -894,10 +985,17 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { ++#else ++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_p(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_q(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_g(key->dsa)) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_pub_key(key->dsa)) == -1) { ++#endif + pamsshagentauth_logerror("key_from_blob: can't read dsa key"); + pamsshagentauth_key_free(key); + key = NULL; +@@ -1015,6 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1027,6 +1126,20 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(&b, key->rsa->n); + break; ++#else ++ case KEY_DSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_p(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_q(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_g(key->dsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_pub_key(key->dsa)); ++ break; ++ case KEY_RSA: ++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_e(key->rsa)); ++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_n(key->rsa)); ++ break; ++#endif + case KEY_ECDSA: + { + size_t l = 0; +@@ -1138,14 +1251,20 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (RSA_set0_key(pk->rsa, BN_dup(RSA_get0_n(k->rsa)), BN_dup(RSA_get0_e(k->rsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: RSA_set0_key failed"); ++#endif + break; + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +@@ -1154,6 +1273,12 @@ pamsshagentauth_key_demote(const Key *k) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); ++#else ++ if (DSA_set0_pqg(pk->dsa, BN_dup(DSA_get0_p(k->dsa)), BN_dup(DSA_get0_q(k->dsa)), BN_dup(DSA_get0_g(k->dsa))) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_pqg failed"); ++ if (DSA_set0_key(pk->dsa, BN_dup(DSA_get0_pub_key(k->dsa)), NULL) != 1) ++ pamsshagentauth_fatal("key_demote: DSA_set0_key failed"); ++#endif + break; + case KEY_ECDSA: + pamsshagentauth_fatal("key_demote: implement me"); +diff --git a/ssh-dss.c b/ssh-dss.c +index 9fdaa5d..1051ae2 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -48,37 +48,53 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: no DSA key"); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = DSA_do_sign(digest, dlen, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_dss_sign: sign failed"); + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); ++#else ++ DSA_SIG_get0((const DSA_SIG *)sig, (const BIGNUM **)r, (const BIGNUM **)s); ++ rlen = BN_num_bytes(r); ++ slen = BN_num_bytes(s); ++#endif + if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { + pamsshagentauth_logerror("bad sig size %u %u", rlen, slen); + DSA_SIG_free(sig); + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); ++#else ++ BN_bn2bin(r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); ++ BN_bn2bin(s, sigblob+ SIGBLOB_LEN - slen); ++#endif + DSA_SIG_free(sig); + + if (datafellows & SSH_BUG_SIGBLOB) { +@@ -110,11 +126,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + DSA_SIG *sig; + const EVP_MD *evp_md = EVP_sha1(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { + pamsshagentauth_logerror("ssh_dss_verify: no DSA key"); +@@ -157,6 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +@@ -164,18 +184,33 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || + (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) + pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++#else ++ if ((r = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if ((s = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || ++ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) ++ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); ++ if (DSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len); + pamsshagentauth_xfree(sigblob); + + /* sha1 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = DSA_do_verify(digest, dlen, sig, key->dsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + DSA_SIG_free(sig); + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index efa0f3d..c213959 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -41,22 +41,27 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); + return -1; + } + +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + sig = ECDSA_do_sign(digest, dlen, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (sig == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: sign failed"); +@@ -64,8 +69,14 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, r) == -1 || ++ pamsshagentauth_buffer_get_bignum2_ret(&bb, s) == -1) { ++#endif + pamsshagentauth_logerror("couldn't serialize signature"); + ECDSA_SIG_free(sig); + return -1; +@@ -94,11 +105,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + ECDSA_SIG *sig; + const EVP_MD *evp_md = evp_from_key(key); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen; + int rlen, ret; + Buffer b; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *r, *s; ++#endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { + pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); +@@ -127,8 +141,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) ++#else ++ DSA_SIG_get0(sig, &r, &s); ++ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || ++ (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) ++#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); + +@@ -137,16 +157,18 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + + /* sha256 the data */ +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + ECDSA_SIG_free(sig); + + pamsshagentauth_verbose("ssh_ecdsa_verify: signature %s", + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + return ret; +-} +\ No newline at end of file ++} +diff --git a/ssh-rsa.c b/ssh-rsa.c +index d05844b..9d74eb6 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -40,7 +40,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) + { + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + u_char digest[EVP_MAX_MD_SIZE], *sig; + u_int slen, dlen, len; + int ok, nid; +@@ -55,6 +55,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + pamsshagentauth_logerror("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); + return -1; + } ++ md = EVP_MD_CTX_create(); + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, data, datalen); + EVP_DigestFinal(&md, digest, &dlen); +@@ -64,6 +65,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + + ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + + if (ok != 1) { + int ecode = ERR_get_error(); +@@ -107,7 +109,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + { + Buffer b; + const EVP_MD *evp_md; +- EVP_MD_CTX md; ++ EVP_MD_CTX *md; + char *ktype; + u_char digest[EVP_MAX_MD_SIZE], *sigblob; + u_int len, dlen, modlen; +@@ -117,9 +119,17 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#else ++ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++#endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#else ++ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); ++#endif + return -1; + } + pamsshagentauth_buffer_init(&b); +@@ -161,12 +171,14 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_xfree(sigblob); + return -1; + } +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, data, datalen); +- EVP_DigestFinal(&md, digest, &dlen); ++ md = EVP_MD_CTX_create(); ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, data, datalen); ++ EVP_DigestFinal(md, digest, &dlen); + + ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); + memset(digest, 'd', sizeof(digest)); ++ EVP_MD_CTX_destroy(md); + memset(sigblob, 's', len); + pamsshagentauth_xfree(sigblob); + pamsshagentauth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); diff --git a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch new file mode 100644 index 0000000000..b03b43fb1d --- /dev/null +++ b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch @@ -0,0 +1,365 @@ +From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Fri, 1 Feb 2019 22:45:19 -0800 +Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER + +From: Guido Falsi +https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/ + +Upstream-Status: Pending +Signed-off-by: Khem Raj +--- + authfd.c | 12 ++++++------ + bufbn.c | 2 +- + key.c | 36 ++++++++++++++++++------------------ + ssh-dss.c | 10 +++++----- + ssh-ecdsa.c | 8 ++++---- + ssh-rsa.c | 4 ++-- + 6 files changed, 36 insertions(+), 36 deletions(-) + +diff --git a/authfd.c b/authfd.c +index f91514d..4c6cec8 100644 +--- a/authfd.c ++++ b/authfd.c +@@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio + case 1: + key = pamsshagentauth_key_new(KEY_RSA1); + bits = pamsshagentauth_buffer_get_int(&auth->identities); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); + pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); + *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); +@@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, + } + pamsshagentauth_buffer_init(&buffer); + pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); +@@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth, + static void + ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); + pamsshagentauth_buffer_put_bignum(b, key->n); + pamsshagentauth_buffer_put_bignum(b, key->e); +@@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); + switch (key->type) { + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); + pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); +@@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); + pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); +@@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) + + if (key->type == KEY_RSA1) { + pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); + pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); +diff --git a/bufbn.c b/bufbn.c +index 4ecedc1..b4754cc 100644 +--- a/bufbn.c ++++ b/bufbn.c +@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) + pamsshagentauth_buffer_put_int(buffer, 0); + return 0; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (value->neg) { + #else + if (BN_is_negative(value)) { +diff --git a/key.c b/key.c +index aedbbb5..dcc5fc8 100644 +--- a/key.c ++++ b/key.c +@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type) + case KEY_RSA: + if ((rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_new: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((rsa->n = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((rsa->e = BN_new()) == NULL) +@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type) + case KEY_DSA: + if ((dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_new: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((dsa->p = BN_new()) == NULL) + pamsshagentauth_fatal("key_new: BN_new failed"); + if ((dsa->q = BN_new()) == NULL) +@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type) + switch (k->type) { + case KEY_RSA1: + case KEY_RSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->rsa->d = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + if ((k->rsa->iqmp = BN_new()) == NULL) +@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_DSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((k->dsa->priv_key = BN_new()) == NULL) + pamsshagentauth_fatal("key_new_private: BN_new failed"); + #else +@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type) + #endif + break; + case KEY_ECDSA: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) + pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); + #else +@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + case KEY_RSA1: + case KEY_RSA: + return a->rsa != NULL && b->rsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->rsa->e, b->rsa->e) == 0 && + BN_cmp(a->rsa->n, b->rsa->n) == 0; + #else +@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) + #endif + case KEY_DSA: + return a->dsa != NULL && b->dsa != NULL && +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_cmp(a->dsa->p, b->dsa->p) == 0 && + BN_cmp(a->dsa->q, b->dsa->q) == 0 && + BN_cmp(a->dsa->g, b->dsa->g) == 0 && +@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + } + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + nlen = BN_num_bytes(k->rsa->n); + elen = BN_num_bytes(k->rsa->e); + len = nlen + elen; +@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp) + return -1; + *cpp = cp; + /* Get public exponent, public modulus. */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (!read_bignum(cpp, ret->rsa->e)) + return -1; + if (!read_bignum(cpp, ret->rsa->n)) +@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f) + + if (key->type == KEY_RSA1 && key->rsa != NULL) { + /* size of modulus 'n' */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + bits = BN_num_bits(key->rsa->n); + fprintf(f, "%u", bits); + if (write_bignum(f, key->rsa->e) && +@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k) + { + switch (k->type) { + case KEY_RSA1: +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_RSA: + return BN_num_bits(k->rsa->n); + case KEY_DSA: +@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k) + switch (k->type) { + case KEY_DSA: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || +@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k) + case KEY_RSA: + case KEY_RSA1: + n = pamsshagentauth_key_new(k->type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + #else +@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + switch (type) { + case KEY_RSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { + #else +@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) + break; + case KEY_DSA: + key = pamsshagentauth_key_new(type); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || +@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) + } + pamsshagentauth_buffer_init(&b); + switch (key->type) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + case KEY_DSA: + pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); + pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); +@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_RSA: + if ((pk->rsa = RSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: RSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) +@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k) + case KEY_DSA: + if ((pk->dsa = DSA_new()) == NULL) + pamsshagentauth_fatal("key_demote: DSA_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) + pamsshagentauth_fatal("key_demote: BN_dup failed"); + if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) +diff --git a/ssh-dss.c b/ssh-dss.c +index 1051ae2..9b96274 100644 +--- a/ssh-dss.c ++++ b/ssh-dss.c +@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + const BIGNUM *r, *s; + #endif + +@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + rlen = BN_num_bytes(sig->r); + slen = BN_num_bytes(sig->s); + #else +@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + return -1; + } + memset(sigblob, 0, SIGBLOB_LEN); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); + #else +@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + /* parse signature */ + if ((sig = DSA_SIG_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((sig->r = BN_new()) == NULL) + pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); + if ((sig->s = BN_new()) == NULL) +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index c213959..5b13b30 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + u_char digest[EVP_MAX_MD_SIZE]; + u_int len, dlen; + Buffer b, bb; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + } + + pamsshagentauth_buffer_init(&bb); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || + pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { + #else +@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + u_int len, dlen; + int rlen, ret; + Buffer b; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L + BIGNUM *r, *s; + #endif + +@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) + #else +diff --git a/ssh-rsa.c b/ssh-rsa.c +index 9d74eb6..35f2e36 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); + return -1; + } +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #else + if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + #endif + pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); + #else + BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); diff --git a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb index 2a461fc11a..ac7fa4bbf7 100644 --- a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb +++ b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb @@ -7,11 +7,14 @@ LIC_FILES_CHKSUM = "file://LICENSE.OpenSSL;md5=8ab01146141ded59b75f8ba7811ed05a file://OPENSSH_LICENSE;md5=7ae09218173be1643c998a4b71027f9b \ " -SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2" +SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2 \ + file://0001-Adapt-to-OpenSSL-1.1.1.patch \ + file://0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch \ + " SRC_URI[md5sum] = "8dbe90ab3625e545036333e6f51ccf1d" SRC_URI[sha256sum] = "3c53d358d6eaed1b211239df017c27c6f9970995d14102ae67bae16d4f47a763" -DEPENDS += "libpam openssl10" +DEPENDS += "libpam openssl" inherit distro_features_check REQUIRED_DISTRO_FEATURES = "pam" From patchwork Sun Feb 3 15:06:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 157366 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2890196jaa; Sun, 3 Feb 2019 07:06:57 -0800 (PST) X-Google-Smtp-Source: ALg8bN49zem44SkzV8g3djzkNP+Lu5nF65FwbPY+TY0c+emZoIhbMwJqQ/mcIDc1vsfQw/IfQTEr X-Received: by 2002:a17:902:d891:: with SMTP id b17mr48711126plz.80.1549206417360; Sun, 03 Feb 2019 07:06:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549206417; cv=none; d=google.com; s=arc-20160816; b=hsWrwwaskvkNKEPaUMiZMZVwzX3p3/syTRGevtHEHkmrU1WxjWB+G13sL8h/F0NPD1 J57eRkiCiV3rYpLFX9toZYoILQQSutB9/1UHSjBCWD2Mo/N8MYuH3CMxbiTVDrP0R27X rP1YuQZrfU3xIJN/4pf8UAcqbhcBq219fsxkZchJVyP9daKXx6oEqqiRNy+lqi1c8KNu q3OhshKdsg7E2dh9ofM2ySlj7ynGXUpB+0V5ZDF0riygdiDmaQdAvd0dgSjBVk5WPwYC GPF4/w3nH/EhY1sBmNJoEtPbJqJL2JmJgF0Omsqa4LedSYg1Td59qTkKVQTIYggccVHD 9tQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=a5AqxfiWVdLS6mZQ/t7836E5dcd64rXz4fAl4yXc6t8=; b=rY94UyVf63Yi2EFnX0gBWePr1tQrxztzJBf+/QELf+bt6/6z//illiNwJER56zJyxx NEYOLx5qWZKy9d3gt+f5NHKcBA+FoRVvtaw0WwZfqz5evM+AKkVG/aASvI047P+mqD8y jqH25XnSZFNP9yQv9/ezjIJwB3f8pEl+yATCgVxP1cX0XsIOZ2oFngWfvhSTFs4FIMsB JfiIh2aXgHgvTE/4vHdZcoB6jQc/AzzBaKT6t3db2Y2Zcb/2jrx5fY+UixRJ23pZBp5f IPmCkz21aZHeqJNRxBxKDJESHVWYgfrjQFnkgn9YcN8zSO8FZIwvZMxtPTWzwXCEtCNz CWsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=t8WSsVkW; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id c191si13389999pfg.72.2019.02.03.07.06.57; Sun, 03 Feb 2019 07:06:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=t8WSsVkW; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id CD6D67C34E; Sun, 3 Feb 2019 15:06:53 +0000 (UTC) X-Original-To: openembedded-devel@lists.openembedded.org Delivered-To: openembedded-devel@lists.openembedded.org Received: from mail-pl1-f196.google.com (mail-pl1-f196.google.com [209.85.214.196]) by mail.openembedded.org (Postfix) with ESMTP id AC8E07C323 for ; Sun, 3 Feb 2019 15:06:23 +0000 (UTC) Received: by mail-pl1-f196.google.com with SMTP id e5so5609819plb.5 for ; Sun, 03 Feb 2019 07:06:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vzcdQosakZkUbZ88sflNpCMSruLC3VeOOlv4T+OvCQE=; b=t8WSsVkWKdSMTpWJCoscGuBYFnBcvjm1FhQE58Zv2yH3qmJ6afiUxLRiBZbx+R1Q3N ZlH3z68rn5O3lFsXT9iGZb4LPlv677vWNr7f2QkPYTzf9LHgapoUv4zM6S7aRcIK6V6u JHasr77a2q3i/6knfVWBjakkri+kX5q0scJzw4HbV1DEqN6EnFvPf7md6WY4A6DU+u7p PRizvgAVMCyWqaQ0j0Q3amA60x3Ir3F8TUlXE3xJ6wbJNeF5uKlIl4RX4Cxv+nilt0+K BUL9LN0p5pUwujpZCGQcuY8eugm4Q0c5J7o1Yn0dqOkKJGSAYPLmLT24R03sbfxWRyL8 7a9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vzcdQosakZkUbZ88sflNpCMSruLC3VeOOlv4T+OvCQE=; b=taZ/hBmf1HuMJXnyGMPXeXZps+U1h3U41lp0RXTBCzNFLnMQE9WOUp+5TnFFFKU1gq EX/IEdsELatVlbGsJByP6ItqSkn1+MLyUPJbCXUVvREpjk9KW0dsIg1LiZyNcmuHx/YA nd+ggj8QSzLaoGu/6kVrZFqhDnzt8jEvH0QOpIoA4jhA2Jypq2gd7f3l8MhCIYMaWK3q DEEIUCRqg2aloY7Oo9XKkMUK7q8DBwjRcsssbvbgPLeqGGNJC3pyN3CbE5cGH42yE4nB 8xd/XFIn4dU2h0VlWw53Gn9FX9VsZb2jvUdRZza8ZrIxLsFYvWl4lXyNNJyrWAPnyjRT lnog== X-Gm-Message-State: AJcUukf2exHcnDs7CVklZ+v8fh82oO2kGgpD4DwUNG++iPeBq9ysyB/U IphSiYrLnfnBzhB/wEExvQsuTxPk X-Received: by 2002:a17:902:128c:: with SMTP id g12mr45976474pla.146.1549206384232; Sun, 03 Feb 2019 07:06:24 -0800 (PST) Received: from apollo.hsd1.ca.comcast.net ([2601:646:8500:6bc6::1609]) by smtp.gmail.com with ESMTPSA id a90sm24349645pfj.109.2019.02.03.07.06.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 03 Feb 2019 07:06:23 -0800 (PST) From: Khem Raj To: openembedded-devel@lists.openembedded.org Date: Sun, 3 Feb 2019 07:06:04 -0800 Message-Id: <20190203150606.2484-2-raj.khem@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190203150606.2484-1-raj.khem@gmail.com> References: <20190203150606.2484-1-raj.khem@gmail.com> MIME-Version: 1.0 Subject: [oe] [meta-multimedia][PATCH 2/4] rtmpdump: Switch to using GNU TLS instead of openssl10 X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-devel-bounces@lists.openembedded.org Errors-To: openembedded-devel-bounces@lists.openembedded.org Signed-off-by: Khem Raj --- meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.20.1 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel diff --git a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb index a72b0d651e..5f78be4f51 100644 --- a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb +++ b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb @@ -5,7 +5,7 @@ HOMEPAGE = "http://rtmpdump.mplayerhq.hu/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" -DEPENDS = "openssl10 zlib" +DEPENDS = "gnutls zlib" SRCREV = "fa8646daeb19dfd12c181f7d19de708d623704c0" SRC_URI = " \ @@ -18,5 +18,5 @@ inherit autotools-brokensep EXTRA_OEMAKE = " \ CC='${CC}' LD='${LD} ${STAGING_LIBDIR}' XCFLAGS='${CFLAGS}' XLDFLAGS='${LDFLAGS}' \ - SYS=posix INC=-I=/usr/include DESTDIR=${D} \ + SYS=posix INC=-I=/usr/include DESTDIR=${D} CRYPTO=GNUTLS \ prefix=${prefix} libdir=${libdir} incdir=${includedir}/librtmp bindir=${bindir} mandir=${mandir}" From patchwork Sun Feb 3 15:06:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 157367 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2890323jaa; Sun, 3 Feb 2019 07:07:04 -0800 (PST) X-Google-Smtp-Source: ALg8bN5EbN0pskG/wZWDP7Gocd9J/MR4l6poxJEq2MLrzYT5TukLuz2J825emnkJKZZdWuqAoUzO X-Received: by 2002:a17:902:bd0a:: with SMTP id p10mr46427619pls.322.1549206424891; Sun, 03 Feb 2019 07:07:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549206424; cv=none; d=google.com; s=arc-20160816; b=hf45HJ8+wWldzapCb8SLB18iEh1qEDC12F0zDI86Tse8v44ITYlyz8iYzVuDWclIIL fhHKEW+pQRdekzxdSx9ZX/L2Am12kXgh9r11IfS6ERqVZBDronvTBPYbbB50r6w428QO sYRQ7iY7obuOPcx0R5OY3OAR7Ogcv8MBTIlOGsAkPdlWV1Yh53IqNHRbXaWDeYbKVlhg EuMGJtVrnOA81rhOQ/lCJUL3ExAFf/l88cJjPKU3GPS4Smr0K+QnlJciQfhfZjQ10/vs vlVY+Ou3FeWuDRBtZ3gOdP8MQ6D18XQ9qP1rNsxDnmMntiEbeLGbWyTHgFsanlc2n0lD jkDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=S8nDoSi2KK3fOyVjJ616K3U2FUSmM/H2312QFW4iOro=; b=paMLyfpQGIu7OOyyDfZRT0uk0nGhGGYTIhYshpNXbMLkluUpKgXl0hOx1ferNxGV7K a+rTl78/SNUnav0XW01sVJaBz2asxxi4MXWpmrJj5UaVBB9dVgtp15bjam6+MvFbD3iE w9pVcYv+7ac7qP07Qk2rV8UNy8sl+9KngHXqU/yewZP/EcWr2CTVfNfcZ2sizRs7fQGa FAy4b7aVIeI5VgjI51Dk6JtfO+dp+l4RW4TZzCPSQein0qCCUWoUcRBtiuvRBXhqU4gV 08/qERxIHHKXqoswoGVrJf6DQh/2uCp9XMkZlluJIyfKquXdeQ0ag416u0HVXQCV1mI9 /z7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=hUc373j2; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id d22si4310867plr.340.2019.02.03.07.07.04; Sun, 03 Feb 2019 07:07:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=hUc373j2; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 949A67C34D; Sun, 3 Feb 2019 15:06:59 +0000 (UTC) X-Original-To: openembedded-devel@lists.openembedded.org Delivered-To: openembedded-devel@lists.openembedded.org Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mail.openembedded.org (Postfix) with ESMTP id 5D7097C2F6 for ; Sun, 3 Feb 2019 15:06:25 +0000 (UTC) Received: by mail-pf1-f174.google.com with SMTP id b7so5577871pfi.8 for ; Sun, 03 Feb 2019 07:06:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JhYFSbE+oEMz69jC2FB8adwBJFP1T/YWtTLxKRKSQPc=; b=hUc373j2XbwuMUdt1mfNPzJ/bu9WZZCo9HE3xNDeHTVlld/hc2o5H3i+R+HPUldONe yzXE+xulGDsNO32QW+Mfk52rGNzU7d7goF9GA/upKw19fFoftWP/334BlnkfYegi13Om t/3Rw8r/ZR5oCcRWEmwyVP+cOPP9tGFFnEy2454U9gDFs9RBaPP0yX/kIG1bwaIYrqNj 0+CWo8n1Q3ybn+PryRUgAJz0JEJtRl6VTnus9s+05bPTt6IwKIr/3OswDfGhc6CuqYrP mkfmWy6Inr5Fdtjmh/2Zdxu0LE3QeF/plbn/HicXovgVSdX7CKKN3duZBUCLyVaLhgZI fpZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JhYFSbE+oEMz69jC2FB8adwBJFP1T/YWtTLxKRKSQPc=; b=qmYPid/76G+I84ErLfhTA4xZywxEKCecLB6zqKQtlPTfrwbE7DDeLoHecW096F1R/h DT/vhPpXaklyvC7gWksHR8niyswYv6B4Te7fSPq5U4tRUQWPYgwkzPAgLHHkNaNnbrGy obPfiwCrDfj5IDfMM7szZ73CtV25RRrYYMutJ8mWG0OVJiPY+ESB9JqLko467hAUFOEh NxM5ideiCrRvzhWDVKv6fN0joYUvpVosgdPVx8v98d879gNSGONv2DENPYJSvD4S9U/2 eNwqrBdDc2ufk04TIQluREzZa61Q2h+X1wjqtp8AXK6TtKRa87C1MoFR6ehcR5WyfeTI /Dzg== X-Gm-Message-State: AHQUAuZF8kYBkzI593R+wOx6cCPUJugk3DQrWmyy/obdUxmpxnr8sPwj WMPeLMmA79OkqYu+z8Kf2/SSKItB X-Received: by 2002:a63:f515:: with SMTP id w21mr9665473pgh.220.1549206385810; Sun, 03 Feb 2019 07:06:25 -0800 (PST) Received: from apollo.hsd1.ca.comcast.net ([2601:646:8500:6bc6::1609]) by smtp.gmail.com with ESMTPSA id a90sm24349645pfj.109.2019.02.03.07.06.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 03 Feb 2019 07:06:24 -0800 (PST) From: Khem Raj To: openembedded-devel@lists.openembedded.org Date: Sun, 3 Feb 2019 07:06:05 -0800 Message-Id: <20190203150606.2484-3-raj.khem@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190203150606.2484-1-raj.khem@gmail.com> References: <20190203150606.2484-1-raj.khem@gmail.com> MIME-Version: 1.0 Subject: [oe] [meta-filesystems][PATCH 3/4] owfs: Inherit systemd X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-devel-bounces@lists.openembedded.org Errors-To: openembedded-devel-bounces@lists.openembedded.org Fix ERROR: QA Issue: owfs: Files/directories were installed but not shipped in any package: /lib /lib/systemd /lib/systemd/system /lib/systemd/system/owfs.service /lib/systemd/system/owftpd.service /lib/systemd/system/owhttpd.service /lib/systemd/system/owserver.service /lib/systemd/system/owserver.socket Signed-off-by: Khem Raj --- meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.20.1 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel diff --git a/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb b/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb index 50865cccda..326ce0aea8 100644 --- a/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb +++ b/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb @@ -18,7 +18,7 @@ SRC_URI = "git://github.com/owfs/owfs \ S = "${WORKDIR}/git" -inherit autotools-brokensep update-rc.d pkgconfig +inherit autotools-brokensep update-rc.d pkgconfig systemd EXTRA_OECONF = " \ --with-fuseinclude=${STAGING_INCDIR} \ From patchwork Sun Feb 3 15:06:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 157368 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp2890438jaa; Sun, 3 Feb 2019 07:07:12 -0800 (PST) X-Google-Smtp-Source: AHgI3Ia0C0n4XykI9bsdckJc2n6vQ9ayDNMgrBhB326+Lj1PLzVwfm0kqdwexlb7T+i2DOjUxUxf X-Received: by 2002:a65:63d3:: with SMTP id n19mr9884846pgv.179.1549206432055; Sun, 03 Feb 2019 07:07:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549206432; cv=none; d=google.com; s=arc-20160816; b=JD8rbCzvh7fRxkIq9ZngtlVIOquimZuL4plinkvYzmLMnzI048/n6RPXqD6lidfizC xgLT/z/qO4d7xdmtLCfdoHxG7sFPcbQq4bS1k+vxvxgTzMPTXd7Lr9Nu6sA1HjOieQKS QTpWkp4j/JG3vO9E0dNt5oPZ9MgLN1mUsUcrIAlTcjA7w02U9LJsEbrRq4wk2LIXCSQv p8tBp82dhSVh6IbmAPGsP1xfM32sLKIgDM94lMkROi2YGwTdLCRmEejNTaOYwabz5/lJ m5fkkYnTyNrdxXmvdZB8cIRkjE5KpryEXOwFVcrEd2FYu8l43q5dFHOY2kqORgkrKPvi H2Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=mCm9KObc1UrKB0Yxotzic4oy7O82ZDf5D5kE8BrupII=; b=TbLHrK99fnXljqxcujD6mOrzsLeO51XCu1P7kuWOHI0BTEf8oCqAFE3db8PnUxWECF KYEXq6SLTsvQam5gTvBnnmwaV0M8Ut20U/SIuwsw/MGuYPCxPfrArCGLD1TPDvXnmn6o BWAZz1bheHFWzzZo9djNLdcRBV3vfNmdOzG7d0WyIr9ElH8K+Rkoa3zJsYTsRfcu1eEV 02uyXw7WnHCb5lLbK4XO9TzpXqZOnIZUa65RD+2XSLZWcyHEoBPhpOJPXx/BSJ2OAxbU AQn64lwRleOOGtvsQQeVsP3kP08NluOOsFpITi/n237EltOs5kdHSaD6JYLWZ6a5pkr2 N2Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=O3tusN00; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id n125si12242544pga.179.2019.02.03.07.07.11; Sun, 03 Feb 2019 07:07:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=O3tusN00; spf=pass (google.com: best guess record for domain of openembedded-devel-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-devel-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id BA38A7C38A; Sun, 3 Feb 2019 15:07:00 +0000 (UTC) X-Original-To: openembedded-devel@lists.openembedded.org Delivered-To: openembedded-devel@lists.openembedded.org Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by mail.openembedded.org (Postfix) with ESMTP id F039079CCB for ; Sun, 3 Feb 2019 15:06:25 +0000 (UTC) Received: by mail-pg1-f193.google.com with SMTP id z11so5175804pgu.0 for ; Sun, 03 Feb 2019 07:06:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wL1XKtp3mrtbuAcuIlStw3sW6VpbIs0HPEscNmkQ648=; b=O3tusN00NCbmBAcavX3H4aJfBhqjRLzHcMNyVm2F6xQ7QT42+1qPk9Amt9uSnYXPKi eKFV2XZcEoKJaMMNRgeLRtDt48RaEirVIoTkfzxMnKMXs/Lhn/MSZ8kJbCqK5ZiBWXq0 3cuo8QYQPDpxVAJTS1ffMR1gp2Xhtlo65IhXVwvuCyT55PxTfz0GFg7Gbjg8M4uQrOZj r5KyD2oeObw7LX33v9LDQxtw83qS83vnUT7GEeVoGkb3AglXNPs2AiMmHPyTnFi+cPGn k/OrxLnpxNGnBM55U9GHGjmMIqq/0CFBxqpFTZj3rx5gFHRZcQzaiGeWYVmsVWp3ndyD qC7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wL1XKtp3mrtbuAcuIlStw3sW6VpbIs0HPEscNmkQ648=; b=tOMRWY/1OEX8JU9CJpyc8a4YUOhpHEgqqRx6bNjvbIfjigsqX6S3ZkfTWaC2NMPdPh uw0HHKHbGPri4CzpR5ZlzUiJtJbVxPKjr7N1HbE1GiIgwbCA9tLgMyQSD2meu09rgqIO ge4cbTtqSJmZWhLEi5nMUNkZ17DDj4kkWGr8S7wgz9SYV1FiulH5qZicoT4efV2hjM5I 5KHHLb9Y4FWSI91NRqB2JDhPKQqdwJMC2fkqDbORfYrHLmYnOLjfMxxTZFrejtD6iMwE lNgXb64UiJLRmS0l04SdW9Cp+qWcpkjKahMkE3hmgRf6NAQZ4PaMAWb2DQHSpWClH1a7 Iakg== X-Gm-Message-State: AJcUukd654/2t8ybMQl2NoQ4Bf9PBoiUdyjOfgD0sV8mSurMYsJE2pRc 3MhF/ME6Ps51BQmwGqI7PhM0DDjr X-Received: by 2002:a62:b24a:: with SMTP id x71mr48627514pfe.148.1549206386611; Sun, 03 Feb 2019 07:06:26 -0800 (PST) Received: from apollo.hsd1.ca.comcast.net ([2601:646:8500:6bc6::1609]) by smtp.gmail.com with ESMTPSA id a90sm24349645pfj.109.2019.02.03.07.06.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 03 Feb 2019 07:06:26 -0800 (PST) From: Khem Raj To: openembedded-devel@lists.openembedded.org Date: Sun, 3 Feb 2019 07:06:06 -0800 Message-Id: <20190203150606.2484-4-raj.khem@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190203150606.2484-1-raj.khem@gmail.com> References: <20190203150606.2484-1-raj.khem@gmail.com> MIME-Version: 1.0 Subject: [oe] [meta-multimedia][PATCH 4/4] oscam: Update to latest svn revision 11491 X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-devel-bounces@lists.openembedded.org Errors-To: openembedded-devel-bounces@lists.openembedded.org Supports openssl 1.1.x Drop upstreamed patch Signed-off-by: Khem Raj --- ...macros.h-for-major-minor-definitions.patch | 26 ------------------- .../recipes-dvb/oscam/oscam_svn.bb | 5 ++-- 2 files changed, 2 insertions(+), 29 deletions(-) delete mode 100644 meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch -- 2.20.1 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel diff --git a/meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch b/meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch deleted file mode 100644 index d3d89e333b..0000000000 --- a/meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a372fe467495a674ad6244b67e83dfbfa8455f51 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sat, 11 Aug 2018 13:54:32 -0700 -Subject: [PATCH] include sys/sysmacros.h for major/minor definitions - -csctapi/ifd_db2com.c:27: undefined reference to `minor' -collect2: error: ld returned 1 exit status - -Upstream-Status: Pending -Signed-off-by: Khem Raj ---- - globals.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/globals.h b/globals.h -index bd12244..9e10225 100644 ---- a/globals.h -+++ b/globals.h -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - - /* - * The following hack is taken from Linux: include/linux/kconfig.h diff --git a/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb b/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb index a8aec113cd..5acdd7ebc7 100644 --- a/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb +++ b/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb @@ -4,12 +4,11 @@ HOMEPAGE = "http://www.streamboard.tv/oscam/" LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -DEPENDS = "libusb1 openssl10 pcsc-lite" +DEPENDS = "libusb1 openssl pcsc-lite" SRC_URI = "svn://www.streamboard.tv/svn/oscam;module=trunk;protocol=http \ - file://0001-include-sys-sysmacros.h-for-major-minor-definitions.patch \ " -SRCREV = "11431" +SRCREV = "11491" PV = "1.10+${SRCPV}" S = "${WORKDIR}/trunk"