As specified under the Debian bug, when compiled against >=dev-libs/openssl-1.1.1b all versions of net-vpn/tinc error out with the following: Error while decrypting: error:060A7094:digital envelope routines:EVP_EncryptUpdate:invalid operation due to an incorrect usage of EVP_EncryptUpdate in a decryption context. Patch is available here: https://git.tinc-vpn.org/git/browse?p=tinc;a=patch;h=2b0aeec02d64bb4724da9ff1dbc19b7d35d7c904;hp=017a7fb57655d9b1d706ee78f7e3d0000411b883 Reproducible: Always
Created attachment 567738 [details, diff] patch from upstream
Should this patch be applied unconditionally, or only when using >=dev-libs/openssl-1.1.1b ?
(In reply to Anthony Basile from comment #2) > Should this patch be applied unconditionally, or only when using > >=dev-libs/openssl-1.1.1b ? The usage was always incorrect, openssl just decided to make it breaking as of 1.1.1b. So it would not hurt to apply it unconditionally.
(In reply to matoro from comment #3) > (In reply to Anthony Basile from comment #2) > > Should this patch be applied unconditionally, or only when using > > >=dev-libs/openssl-1.1.1b ? > > The usage was always incorrect, openssl just decided to make it breaking as > of 1.1.1b. So it would not hurt to apply it unconditionally. I suspected as much but I wasn't sure. Thanks for bringing this to my attention.
(In reply to Anthony Basile from comment #4) > (In reply to matoro from comment #3) > > (In reply to Anthony Basile from comment #2) > > > Should this patch be applied unconditionally, or only when using > > > >=dev-libs/openssl-1.1.1b ? > > > > The usage was always incorrect, openssl just decided to make it breaking as > > of 1.1.1b. So it would not hurt to apply it unconditionally. > > I suspected as much but I wasn't sure. Thanks for bringing this to my > attention. Hmm ... it doesn't seem to apply cleanly to tinc-1.0.35. Should it? @dlan, do you want to add that to your patchset at https://dev.gentoo.org/~dlan/distfiles/${PN}-1.1-upstream-patches-${UPSTREAM_VER}.tar.xz This will keep thing cleaner.
(In reply to Anthony Basile from comment #5) > @dlan, do you want to add that to your patchset at > > https://dev.gentoo.org/~dlan/distfiles/${PN}-1.1-upstream-patches- > ${UPSTREAM_VER}.tar.xz > > This will keep thing cleaner. sure, I can do this
it seems that openssl-1.1.1 is masked for now see /usr/portage/profiles/package.mask :152 # Lars Wendler <polynomial-c@gentoo.org> (28 Dec 2018) # Masked while being tested and reverse deps aren't fully compatible =dev-libs/openssl-1.1.1* anyway, I just give it a shoot and do a version bump for tinc-1.0.35-r1 and tinc-1.1_pre17, just notice I pull in a few upstream patches which fix various bugs (including patch for this bug), feel free to test and hope you enjoy it ;-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=758130a8a9bad5a076fbd68d2be9a860d9b19509 commit 758130a8a9bad5a076fbd68d2be9a860d9b19509 Author: Yixun Lan <dlan@gentoo.org> AuthorDate: 2019-03-08 03:21:03 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2019-03-08 03:31:48 +0000 net-vpn/tinc: fix >=dev-libs/openssl-1.1.1b bump upstream patches to fix openssl build issue Closes: https://bugs.gentoo.org/679402 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Yixun Lan <dlan@gentoo.org> net-vpn/tinc/Manifest | 1 + net-vpn/tinc/tinc-1.0.35-r1.ebuild | 54 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05608a3ec85f66190a172e0dd126ff3cd91cff3d commit 05608a3ec85f66190a172e0dd126ff3cd91cff3d Author: Yixun Lan <dlan@gentoo.org> AuthorDate: 2019-03-08 02:43:12 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2019-03-08 03:31:23 +0000 net-vpn/tinc: version bump 1.1pre17 fix build err when >=dev-libs/openssl-1.1.1b also fix a bash_completion issue due to upstream packaging problem, I hope it will be fixed in upstream's next release. Closes: https://bugs.gentoo.org/679402 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Yixun Lan <dlan@gentoo.org> net-vpn/tinc/Manifest | 2 + net-vpn/tinc/tinc-1.1_pre17.ebuild | 96 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+)