From fc2c62114c17aab79f690348c57f7dd86fc16eee Mon Sep 17 00:00:00 2001 From: Jan Vermaete Date: Sun, 21 Apr 2024 19:47:31 +0200 Subject: [PATCH] Added the patch from the OpenDDS git repo to fix the OpenSSL issue in 3.28.0 Could be removed in the next release of OpenDDS. This patch do make the ptests about security passing. Signed-off-by: Jan Vermaete --- ...gov-gen-uses-openssl-API-incorrectly.patch | 58 +++++++++++++++++++ .../opendds/opendds_3.28.0.bb | 1 + 2 files changed, 59 insertions(+) create mode 100644 recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch diff --git a/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch b/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch new file mode 100644 index 0000000..387027f --- /dev/null +++ b/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch @@ -0,0 +1,58 @@ +From 5a9bc8545f771742e48d31e1635e15f156cc9c17 Mon Sep 17 00:00:00 2001 +From: "Justin R. Wilson" +Date: Wed, 17 Apr 2024 12:59:03 -0500 +Subject: [PATCH] `gov_gen` uses openssl API incorrectly + +Problem +------- + +The `gov_gen` application generates governance files for testing and +signs them with openssl. `gov_gen` has a bug on Debian +12.5 (openssl 3.0.11) where a null argument is passed. + +Solution +-------- + +Pass `mem` as the "in"" parameter and use `PKCS7_STREAM`. + +Upstream-Status: Backport [https://github.com/OpenDDS/OpenDDS/commit/270cae56421462db367cbe8d89cccd752108dd20] + +--- + docs/news.d/gov-gen.rst | 5 +++++ + tests/security/attributes/gov_gen.cpp | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + create mode 100644 docs/news.d/gov-gen.rst + +diff --git a/docs/news.d/gov-gen.rst b/docs/news.d/gov-gen.rst +new file mode 100644 +index 0000000000..4a628c1659 +--- /dev/null ++++ b/docs/news.d/gov-gen.rst +@@ -0,0 +1,5 @@ ++.. news-prs: 4591 ++ ++.. news-start-section: Fixes ++- Fixed incorrect usage of OpenSSL in ``gov_gen`` application. ++.. news-end-section +diff --git a/tests/security/attributes/gov_gen.cpp b/tests/security/attributes/gov_gen.cpp +index ee1adbdf44..b35dd89ed4 100644 +--- a/tests/security/attributes/gov_gen.cpp ++++ b/tests/security/attributes/gov_gen.cpp +@@ -403,7 +403,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[]) + return EXIT_FAILURE; + } + +- PKCS7* p7 = PKCS7_sign(cert, key, NULL, NULL, PKCS7_TEXT | PKCS7_DETACHED); ++ PKCS7* p7 = PKCS7_sign(cert, key, NULL, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM); + if (!p7) { + std::cerr << "ERROR: could not sign" << std::endl; + print_ssl_error(); +@@ -418,7 +418,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[]) + + } + +- if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED)) { ++ if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM)) { + std::cerr << "ERROR: could not write " << outpath << std::endl; + print_ssl_error(); + return EXIT_FAILURE; diff --git a/recipes-connectivity/opendds/opendds_3.28.0.bb b/recipes-connectivity/opendds/opendds_3.28.0.bb index 9e72ff8..dea7ddf 100644 --- a/recipes-connectivity/opendds/opendds_3.28.0.bb +++ b/recipes-connectivity/opendds/opendds_3.28.0.bb @@ -12,6 +12,7 @@ SRC_URI = "\ git://github.com/OpenDDS/OpenDDS.git;protocol=https;branch=${DDS_SRC_BRANCH};name=opendds \ ${@bb.utils.contains('PACKAGECONFIG', 'doc-group3', '${DOC_TAO3_URI};name=ace_tao;unpack=0;subdir=git', '${DOC_TAO2_URI};name=ace_tao;unpack=0;subdir=git', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'ishapes', 'file://0001-adding-the-ishapes-demo.patch', '', d)} \ + file://0002-gov-gen-uses-openssl-API-incorrectly.patch \ " require opendds.inc