Resolves: #1958073 - disable DES and port for OpenSSL 3.0

net-snmp-5.9-openssl-3.0.patch

@@ -0,0 +1,52 @@
+diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
+--- a/snmplib/transports/snmpTLSBaseDomain.c	2021-05-18 11:15:09.247472175 +0200
++++ b/snmplib/transports/snmpTLSBaseDomain.c	2021-05-24 09:39:29.297494727 +0200
+@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
+ 
+ int openssl_local_index;
+ 
+-#ifndef HAVE_ERR_GET_ERROR_ALL
+-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
+-static unsigned long ERR_get_error_all(const char **file, int *line,
+-                                       const char **func,
+-                                       const char **data, int *flags)
+-{
+-    *func = NULL;
+-    return ERR_get_error_line_data(file, line, data, flags);
+-}
+-#endif
+-
+ /* this is called during negotiation */
+ int verify_callback(int ok, X509_STORE_CTX *ctx) {
+     int err, depth;
+@@ -1218,14 +1207,14 @@ void _openssl_log_error(int rc, SSL *con
+     }
+ 
+     /* other errors */
+-    while ((numerical_reason =
++/*    while ((numerical_reason =
+             ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
+         snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
+-                 ERR_error_string(numerical_reason, NULL), file, func, line);
++                 ERR_error_string(numerical_reason, NULL), file, func, line);*/
+ 
+         /* if we have a text translation: */
+-        if (data && (flags & ERR_TXT_STRING)) {
+-            snmp_log(LOG_ERR, "  Textual Error: %s\n", data);
++/*        if (data && (flags & ERR_TXT_STRING)) {
++            snmp_log(LOG_ERR, "  Textual Error: %s\n", data);*/
+             /*
+              * per openssl man page: If it has been allocated by
+              * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
+@@ -1234,9 +1223,9 @@ void _openssl_log_error(int rc, SSL *con
+              * wants a const char **, but returns something that we might
+              * need to free??
+              */
+-            if (flags & ERR_TXT_MALLOCED)
++/*            if (flags & ERR_TXT_MALLOCED)
+                 OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data));        }
+-    }
++    }*/
+     
+     snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
+ }

net-snmp.spec

@@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.9
-Release:    10%{?dist}
+Release:    11%{?dist}
 Epoch:      1
 
 License:    BSD
@@ -57,6 +57,7 @@ Patch27:    net-snmp-5.9-ECC-cert.patch
 Patch28:    net-snmp-5.9-intermediate-certs.patch
 Patch29:    net-snmp-5.9-ssl-buffer-size.patch
 Patch30:    net-snmp-5.9-twice-IP-parsing.patch
+Patch31:    net-snmp-5.9-openssl-3.0.patch
 
 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@@ -238,6 +239,7 @@ cp %{SOURCE10} .
 %patch28 -p1 -b .intermediate-certs
 %patch29 -p1 -b .ssl-buffer-size
 %patch30 -p1 -b .twice-IP-parsing
+%patch31 -p1 -b .openssl-3-0
 
 %patch101 -p1 -b .modern-rpm-api
 %patch102 -p1
@@ -272,6 +274,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
     --enable-local-smux \
     --enable-mfd-rewrites \
     --enable-ucd-snmp-compatibility \
+    --disable-des \
     --sysconfdir=%{_sysconfdir} \
     --with-cflags="$RPM_OPT_FLAGS -fPIE" \
     --with-ldflags="$RPM_LD_FLAGS -lm" \
@@ -505,6 +508,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*
 
 %changelog
+* Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11
+- disable DES and port for OpenSSL 3.0 (#1958073)
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937