Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 886613 - net-misc/sstp-client-1.0.12-r1 compliance issues with recent openssl API
Summary: net-misc/sstp-client-1.0.12-r1 compliance issues with recent openssl API
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords: PATCH
Depends on: 886617
Blocks: openssl-3.0
  Show dependency tree
 
Reported: 2022-12-18 10:19 UTC by Jocelyn Mayer
Modified: 2023-01-23 02:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
output from emerge --info =net-misc/sstp-client-1.0.12-r1 (emerge-infos-sstp-client-1.0.12-r1,23.62 KB, text/plain)
2022-12-18 10:20 UTC, Jocelyn Mayer 		Details
Patch proposal for recent openssl API compliance (sstp-client-1.0.10-openssl.patch,2.90 KB, patch)
2022-12-18 10:21 UTC, Jocelyn Mayer 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jocelyn Mayer 2022-12-18 10:19:41 UTC 
sstp-client 1.0.12-r1 is not compliant with EVP and HMAC recent openssl API versions.
A quite small patch can solve the issue.
Note that trunk seems to have been updated 9 months ago as far as I can see

Reproducible: Always

Steps to Reproduce:
Try to build sstp-client with a recent openssl library installed
 

Actual Results:  
Build fails while compiling src/sstp-http.c and src/sstp-cmac.c

Expected Results:  
Build to succeed
Comment 1 Jocelyn Mayer 2022-12-18 10:20:54 UTC 
Created attachment 843367 [details]
output from emerge --info =net-misc/sstp-client-1.0.12-r1
Comment 2 Jocelyn Mayer 2022-12-18 10:21:33 UTC 
Created attachment 843369 [details, diff]
Patch proposal for recent openssl API compliance
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-18 10:26:13 UTC 
Which OpenSSL version? I assume 3.x? If so, I'd generally advise to be using ~arch for packages for now, as we only just unmasked 3.x.

Is sstp-client-1.0.17 fine? I see:
- https://gitlab.com/eivnaes/sstp-client/-/commit/1ba4a45133eb1c8757457c3d7ddf33bda2506ea1
- https://gitlab.com/eivnaes/sstp-client/-/commit/4c56206e1f7d97c254463614f0d14353d90e307e

I've filed bug 886617 for stabilisation anyway.
Comment 4 Jocelyn Mayer 2022-12-18 13:01:17 UTC 
# equery list openssl
 * Searching for openssl ...
[IP-] [  ] dev-libs/openssl-1.1.1q:0/1.1

I can confirm that version 1.0.17 compiles fine.
Just checked using ebuild ... clean compile test because I don't want to merge this version for now on this machine which is an hardened net server.

I have to admit the patch in the trunk is much better than mine as it checks for openssl version to implement the correct API (3 versions, from what I've seen).
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-18 13:02:13 UTC 
Ah, thanks. It's frustrating there's still packages out there broken with 1.1.x!
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-01-23 02:31:10 UTC 
Fixed in 1.0.17. Thanks!