spice: Fix compilation without deprecated OpenSSL APIs

Fixes openwrt/packages#10451 Supersedes openwrt/packages#10461 Signed-off-by: Rosen Penev <rosenp@gmail.com> (use separate upstreamed patches) Ref: https://github.com/openwrt/packages/pull/10461 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-10 04:46:09 +00:00 · 2019-11-10 04:46:09 +00:00 · c0d5c29a24
commit c0d5c29a24
parent 753f378ac0
3 changed files with 128 additions and 1 deletions
--- a/libs/spice/Makefile
+++ b/libs/spice/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=spice
 PKG_VERSION:=0.14.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.spice-space.org/download/releases/spice-server
 PKG_HASH:=b203b3882e06f4c7249a3150d90c84e1a90490d41ead255a3d2cede46f4a29a7
@ -18,6 +18,7 @@ PKG_LICENSE_FILES:=COPYING
 PKG_INSTALL:=1
 PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>

+PKG_FIXUP:=autoreconf
 PKG_BUILD_DEPENDS+=spice-protocol

 include $(INCLUDE_DIR)/package.mk
--- a/libs/spice/patches/0001-reds-Fix-SSL_CTX_set_ecdh_auto-call-for-some-old-Ope.patch
+++ b/libs/spice/patches/0001-reds-Fix-SSL_CTX_set_ecdh_auto-call-for-some-old-Ope.patch
@ -0,0 +1,48 @@
+From 214736dce643ce3ee257da017373e88cc19d2d3b Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Thu, 20 Jun 2019 13:26:11 +0100
+Subject: [PATCH] reds: Fix SSL_CTX_set_ecdh_auto call for some old OpenSSL
+
+SSL_CTX_set_ecdh_auto is not defined in some old versions of OpenSSL
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Jeremy White <jwhite@codeweavers.com>
+---
+ configure.ac  | 9 +++++++++
+ server/reds.c | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index e12d7e85..49c009d4 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -209,6 +209,15 @@ AC_SUBST(SSL_CFLAGS)
+ AC_SUBST(SSL_LIBS)
+ AS_VAR_APPEND([SPICE_REQUIRES], [" openssl"])
+ 
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $SSL_CFLAGS"
+AC_CHECK_DECLS([SSL_CTX_set_ecdh_auto], [], [], [
+AC_INCLUDES_DEFAULT
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+])
+CFLAGS="$save_CFLAGS"
+
+ AC_CHECK_LIB(jpeg, jpeg_destroy_decompress,
+     AC_MSG_CHECKING([for jpeglib.h])
+     AC_TRY_CPP(
+diff --git a/server/reds.c b/server/reds.c
+index 792e9838..b4061fbc 100644
+--- a/server/reds.c
+++ b/server/reds.c
+@@ -2937,7 +2937,9 @@ static int reds_init_ssl(RedsState *reds)
+     }
+ 
+     SSL_CTX_set_options(reds->ctx, ssl_options);
+#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO || defined(SSL_CTX_set_ecdh_auto)
+     SSL_CTX_set_ecdh_auto(reds->ctx, 1);
+#endif
+ 
+     /* Load our keys and certificates*/
+     return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->config->ssl_parameters.certs_file);
--- a/libs/spice/patches/0002-reds-Fix-compilation-without-deprecated-OpenSSL-1.1-.patch
+++ b/libs/spice/patches/0002-reds-Fix-compilation-without-deprecated-OpenSSL-1.1-.patch
@ -0,0 +1,78 @@
+From 5bc932f7a71ede7d8ecd9d88804af95a2eb955c0 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sun, 3 Nov 2019 15:34:33 -0800
+Subject: [PATCH] reds: Fix compilation without deprecated OpenSSL 1.1 APIs
+
+Missing headers for BN_ and RSA_ functions.
+
+Initialization is deprecated with 1.1.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+Acked-by: Frediano Ziglio <fziglio@redhat.com>
+---
+AUTHORS hunk removed as it does not apply (with 0.14.2 at least)
+
+ AUTHORS       |  1 +
+ server/reds.c | 24 ++++++++++++++++--------
+ 2 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index c55aa3f8..dc03ef3a 100644
+--- a/server/reds.c
+++ b/server/reds.c
+@@ -36,7 +36,9 @@
+ #include <ws2tcpip.h>
+ #endif
+ 
+#include <openssl/bn.h>
+ #include <openssl/err.h>
+#include <openssl/rsa.h>
+ 
+ #if HAVE_SASL
+ #include <sasl/sasl.h>
+@@ -2838,13 +2840,8 @@ static void openssl_thread_setup(void)
+     CRYPTO_set_id_callback(pthreads_thread_id);
+     CRYPTO_set_locking_callback(pthreads_locking_callback);
+ }
+-#else
+-static inline void openssl_thread_setup(void)
+-{
+-}
+-#endif
+ 
+-static gpointer openssl_global_init(gpointer arg)
+static gpointer openssl_global_init_once(gpointer arg)
+ {
+     SSL_library_init();
+     SSL_load_error_strings();
+@@ -2854,9 +2851,20 @@ static gpointer openssl_global_init(gpointer arg)
+     return NULL;
+ }
+ 
+-static int reds_init_ssl(RedsState *reds)
+static inline void openssl_global_init(void)
+ {
+     static GOnce openssl_once = G_ONCE_INIT;
+    g_once(&openssl_once, openssl_global_init_once, NULL);
+}
+
+#else
+static inline void openssl_global_init(void)
+{
+}
+#endif
+
+static int reds_init_ssl(RedsState *reds)
+{
+     const SSL_METHOD *ssl_method;
+     int return_code;
+     /* Limit connection to TLSv1.1 or newer.
+@@ -2865,7 +2873,7 @@ static int reds_init_ssl(RedsState *reds)
+     long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
+ 
+     /* Global system initialization*/
+-    g_once(&openssl_once, openssl_global_init, NULL);
+    openssl_global_init();
+ 
+     /* Create our context*/
+     /* SSLv23_method() handles TLSv1.x in addition to SSLv2/v3 */