Re: Suggested roadmap for updating OpenSSL on Fremantle
 

Hi there,

I've managed to download debian's sid latest openssl (1.0.2e) and have backported its debian/ directory so this package now builds on scratchbox. I've succesfully installed generated libssl1.0.2 .deb package on N900 and it passes the tests openssl includes. Note that these tests result in a segmentation fault when run on scratchbox, it's probably a fault of qemu.

So we've got now a really good start.

Changes I've made are available on https://github.com/agamez/maemo-openssl-1.0.2 This work is not finished but it's a start.

I've found original openssl 0.9.8n-1 source used by debian on top of which maemo built its own library here https://launchpad.net/debian/+source/openssl/0.9.8n-1 so we can check which differences are between what is on maemo and upstream.

Best regards!

EDIT: I can't see any relevant difference between debian's original source code and that on maemo (apt-get source openssl=different_versions_on_repos...). I am almost completely sure that the only differences are in packaging, but there are no new patches. For a library like openssl that would be, in fact, a very very bad idea, so even if there are some differences, changes are they are for bad instead of for benefit of the security of the system.

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

I have taken Debian OpenSSL 0.9.8n-1 source from http://snapshot.debian.org/package/openssl/0.9.8n-1/ and Maemo OpenSSL 0.9.8n-1+maemo4+0m5 source from http://repository.maemo.org/pool/mae...ree/o/openssl/. I have renamed the patches in the Debian source to match the names in the Maemo source.

The diff of the resulting folders is attached to this post:

The following changes exist in the Maemo tree vs the Debian tree:
1.Change PERL path in Configure
2.Remove Makefile (its automatically generated from Makefile.org)
3.Change PERL path in a bunch of PERL scripts
4.Remove apps/CA.pl (its automatically generated from apps/CA.pl.in)
5.Add a commented out #ifdef to crypto/ec/ectest.c
6.Comment out an #ifdef in crypto/o_init.c
7.Remove crypto/opensslconf.h and its symlink include/openssl/opensslconf.h (its automatically generated from crypto/opensslconf.h.in)
8.Added various entries to debian/changelog
9.Changed debian/compat from 3 to 5
10.Added a debian/debian.tar.gz file containing an unknown changelog/compat/rules file
11.Change debian/libssl0.9.8.postinst to use sh instead of bash
12.Add headers to various patches
13.Rename the patches (and add an 00list file instead of the series file)
14.Add a new patch 20_load-cert.dpatch
15.Add a new patch 21_configure-cflags.dpatch
16.Add a new patch 22_openssl-psk-0.9.8n-lib.dpatch
17.Add a new patch 23_openssl-psk-0.9.8n-test.dpatch
18.Add a new patch 24_openssl-psk-0.9.8n-doc.dpatch
20.Remove patch kfreebsd-pipe.patch
21.Remove patch rc4-amd64.patch
22.Add lines to debian/rules for include /usr/share/dpatch/dpatch.make, build: patch-stamp build-stamp and clean: unpatch
23.Add include/openssl/cms.h symlink to crypto/cms/cms.h
24.Add include/openssl/jpake.h symlink to crypto/jpake/jpake.h
25.Add a commented out #ifdef to test/ectest.c
26.Make a bunch of changes to test/jpaketest.c
27.Remove tools/c_rehash (its automatically generated from tools/c_rehash.in)

Now we need to figure out the following:
1.Whether any of the above changes (the 5 Nokia patches or the changes made directly to the source code) are still necessary for our OpenSSL 1.0.2e port
2.Whether there is anything removed from OpenSSL (stock or Debian) between 0.9.8n and 1.0.2e that we need on Maemo
and 3.Whether there is anything added to OpenSSL (stock or Debian) between 0.9.8n and 1.0.2e that we dont need on Maemo (i.e. that we need to remove for Maemo)

I suspect there is likely to be nothing satisfying #2 and #3 above (and that its not even worth looking)

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

Is this of any use to you: http://abi-laboratory.pro/tracker/timeline/openssl/

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

This looks like Nokia forked at Debian version 0.9.8g-10 and then merged at 0.9.8g-13, 0.9.8g-15 and 0.9.8n-1.

Are there older Nokia versions available anywhere?
(Edit: I see openssl_0.9.8g-15maemo4 in the maemo5.0 pool, it might be worth examining a diff there too)

Could be a mistake in the Debian packaging. I think this should have been bumped when converting to source format 3.0 (quilt).

Could be a mistake in the Nokia packaging.

This looks like Debian converted to source format 3.0 (quilt) after the fork and then Nokia reverted to source format 1.0 for the merge.

The Maemo builders have been able to cope with source format 3.0 (quilt) for some years now.

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

Debian converted to source format 3.0 (quilt) in 0.9.8m-1:
I can't see any explicit mention of bumping the compat level to 5, only a bump to level 9 in 2013:

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

This one really seems to be maemo specific, but I'm not even sure it's relevant in Maemo5, since I can't find libcst on my device (or in SDK).
See http://maemo-developers.maemo.narkiv...libcst-sources for more info on libcst.

If it tries to dlopen (!) a library that is no longer available, I think we can safely drop it...

Those have been upstreamed.
See openssl commit ddac1974 and openssl-1.0.0 release changelog.

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

libcst was renamed to libmaemosec, see:

https://github.com/community-ssu/mae...ddc9521c847ced

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

Ah, thanks.
Looks like they didn't bother updating the openssl package though... and I don't see how this dlopen() could work the way it is :)

Re: Suggested roadmap for updating OpenSSL on Fremantle
 

Looks like that function is not in fremantle version. Something from diablo or bora. I suggest to drop that patch.