spice: Fix compilation without deprecated OpenSSL APIs

Fixes openwrt#10451 Supersedes openwrt#10461 Signed-off-by: Rosen Penev <[email protected]> (use separate upstreamed patches) Ref: openwrt#10461 Signed-off-by: Yousong Zhou <[email protected]>
vido89 · Nov 10, 2019 · c0d5c29 · c0d5c29
1 parent 753f378
commit c0d5c29
Show file tree

Hide file tree

Showing 3 changed files with 128 additions and 1 deletion.
diff --git a/libs/spice/Makefile b/libs/spice/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=spice
 PKG_VERSION:=0.14.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.spice-space.org/download/releases/spice-server
 PKG_HASH:=b203b3882e06f4c7249a3150d90c84e1a90490d41ead255a3d2cede46f4a29a7
@@ -18,6 +18,7 @@ PKG_LICENSE_FILES:=COPYING
 PKG_INSTALL:=1
 PKG_MAINTAINER:=Yousong Zhou <[email protected]>
 
+PKG_FIXUP:=autoreconf
 PKG_BUILD_DEPENDS+=spice-protocol
 
 include $(INCLUDE_DIR)/package.mk

diff --git a/libs/spice/patches/0001-reds-Fix-SSL_CTX_set_ecdh_auto-call-for-some-old-Ope.patch b/libs/spice/patches/0001-reds-Fix-SSL_CTX_set_ecdh_auto-call-for-some-old-Ope.patch
@@ -0,0 +1,48 @@
+From 214736dce643ce3ee257da017373e88cc19d2d3b Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <[email protected]>
+Date: Thu, 20 Jun 2019 13:26:11 +0100
+Subject: [PATCH] reds: Fix SSL_CTX_set_ecdh_auto call for some old OpenSSL
+
+SSL_CTX_set_ecdh_auto is not defined in some old versions of OpenSSL
+
+Signed-off-by: Frediano Ziglio <[email protected]>
+Acked-by: Jeremy White <[email protected]>
+---
+ configure.ac  | 9 +++++++++
+ server/reds.c | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index e12d7e85..49c009d4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -209,6 +209,15 @@ AC_SUBST(SSL_CFLAGS)
+ AC_SUBST(SSL_LIBS)
+ AS_VAR_APPEND([SPICE_REQUIRES], [" openssl"])
+
++save_CFLAGS="$CFLAGS"
++CFLAGS="$CFLAGS $SSL_CFLAGS"
++AC_CHECK_DECLS([SSL_CTX_set_ecdh_auto], [], [], [
++AC_INCLUDES_DEFAULT
++#include <openssl/err.h>
++#include <openssl/ssl.h>
++])
++CFLAGS="$save_CFLAGS"
++
+ AC_CHECK_LIB(jpeg, jpeg_destroy_decompress,
+     AC_MSG_CHECKING([for jpeglib.h])
+     AC_TRY_CPP(
+diff --git a/server/reds.c b/server/reds.c
+index 792e9838..b4061fbc 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2937,7 +2937,9 @@ static int reds_init_ssl(RedsState *reds)
+     }
+
+     SSL_CTX_set_options(reds->ctx, ssl_options);
++#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO || defined(SSL_CTX_set_ecdh_auto)
+     SSL_CTX_set_ecdh_auto(reds->ctx, 1);
++#endif
+
+     /* Load our keys and certificates*/
+     return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->config->ssl_parameters.certs_file);
diff --git a/libs/spice/patches/0002-reds-Fix-compilation-without-deprecated-OpenSSL-1.1-.patch b/libs/spice/patches/0002-reds-Fix-compilation-without-deprecated-OpenSSL-1.1-.patch
@@ -0,0 +1,78 @@
+From 5bc932f7a71ede7d8ecd9d88804af95a2eb955c0 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <[email protected]>
+Date: Sun, 3 Nov 2019 15:34:33 -0800
+Subject: [PATCH] reds: Fix compilation without deprecated OpenSSL 1.1 APIs
+
+Missing headers for BN_ and RSA_ functions.
+
+Initialization is deprecated with 1.1.
+
+Signed-off-by: Rosen Penev <[email protected]>
+Acked-by: Frediano Ziglio <[email protected]>
+---
+AUTHORS hunk removed as it does not apply (with 0.14.2 at least)
+
+ AUTHORS       |  1 +
+ server/reds.c | 24 ++++++++++++++++--------
+ 2 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index c55aa3f8..dc03ef3a 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -36,7 +36,9 @@
+ #include <ws2tcpip.h>
+ #endif
+
++#include <openssl/bn.h>
+ #include <openssl/err.h>
++#include <openssl/rsa.h>
+
+ #if HAVE_SASL
+ #include <sasl/sasl.h>
+@@ -2838,13 +2840,8 @@ static void openssl_thread_setup(void)
+     CRYPTO_set_id_callback(pthreads_thread_id);
+     CRYPTO_set_locking_callback(pthreads_locking_callback);
+ }
+-#else
+-static inline void openssl_thread_setup(void)
+-{
+-}
+-#endif
+
+-static gpointer openssl_global_init(gpointer arg)
++static gpointer openssl_global_init_once(gpointer arg)
+ {
+     SSL_library_init();
+     SSL_load_error_strings();
+@@ -2854,9 +2851,20 @@ static gpointer openssl_global_init(gpointer arg)
+     return NULL;
+ }
+
+-static int reds_init_ssl(RedsState *reds)
++static inline void openssl_global_init(void)
+ {
+     static GOnce openssl_once = G_ONCE_INIT;
++    g_once(&openssl_once, openssl_global_init_once, NULL);
++}
++
++#else
++static inline void openssl_global_init(void)
++{
++}
++#endif
++
++static int reds_init_ssl(RedsState *reds)
++{
+     const SSL_METHOD *ssl_method;
+     int return_code;
+     /* Limit connection to TLSv1.1 or newer.
+@@ -2865,7 +2873,7 @@ static int reds_init_ssl(RedsState *reds)
+     long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
+
+     /* Global system initialization*/
+-    g_once(&openssl_once, openssl_global_init, NULL);
++    openssl_global_init();
+
+     /* Create our context*/
+     /* SSLv23_method() handles TLSv1.x in addition to SSLv2/v3 */