From 38d4ad14a585c463c0eedd03929ce0800c2575d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= Date: Wed, 26 May 2021 14:06:53 +0200 Subject: [PATCH] Resolves: #1958073 - disable DES and port for OpenSSL 3.0 --- net-snmp-5.9-openssl-3.0.patch | 52 ++++++++++++++++++++++++++++++++++ net-snmp.spec | 8 +++++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 net-snmp-5.9-openssl-3.0.patch diff --git a/net-snmp-5.9-openssl-3.0.patch b/net-snmp-5.9-openssl-3.0.patch new file mode 100644 index 0000000..bb34114 --- /dev/null +++ b/net-snmp-5.9-openssl-3.0.patch @@ -0,0 +1,52 @@ +diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c +--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200 ++++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200 +@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util); + + int openssl_local_index; + +-#ifndef HAVE_ERR_GET_ERROR_ALL +-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */ +-static unsigned long ERR_get_error_all(const char **file, int *line, +- const char **func, +- const char **data, int *flags) +-{ +- *func = NULL; +- return ERR_get_error_line_data(file, line, data, flags); +-} +-#endif +- + /* this is called during negotiation */ + int verify_callback(int ok, X509_STORE_CTX *ctx) { + int err, depth; +@@ -1218,14 +1207,14 @@ void _openssl_log_error(int rc, SSL *con + } + + /* other errors */ +- while ((numerical_reason = ++/* while ((numerical_reason = + ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { + snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n", +- ERR_error_string(numerical_reason, NULL), file, func, line); ++ ERR_error_string(numerical_reason, NULL), file, func, line);*/ + + /* if we have a text translation: */ +- if (data && (flags & ERR_TXT_STRING)) { +- snmp_log(LOG_ERR, " Textual Error: %s\n", data); ++/* if (data && (flags & ERR_TXT_STRING)) { ++ snmp_log(LOG_ERR, " Textual Error: %s\n", data);*/ + /* + * per openssl man page: If it has been allocated by + * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true. +@@ -1234,9 +1223,9 @@ void _openssl_log_error(int rc, SSL *con + * wants a const char **, but returns something that we might + * need to free?? + */ +- if (flags & ERR_TXT_MALLOCED) ++/* if (flags & ERR_TXT_MALLOCED) + OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); } +- } ++ }*/ + + snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n"); + } diff --git a/net-snmp.spec b/net-snmp.spec index 5f729ad..2def0a2 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -10,7 +10,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.9 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 1 License: BSD @@ -57,6 +57,7 @@ Patch27: net-snmp-5.9-ECC-cert.patch Patch28: net-snmp-5.9-intermediate-certs.patch Patch29: net-snmp-5.9-ssl-buffer-size.patch Patch30: net-snmp-5.9-twice-IP-parsing.patch +Patch31: net-snmp-5.9-openssl-3.0.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -238,6 +239,7 @@ cp %{SOURCE10} . %patch28 -p1 -b .intermediate-certs %patch29 -p1 -b .ssl-buffer-size %patch30 -p1 -b .twice-IP-parsing +%patch31 -p1 -b .openssl-3-0 %patch101 -p1 -b .modern-rpm-api %patch102 -p1 @@ -272,6 +274,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" --enable-local-smux \ --enable-mfd-rewrites \ --enable-ucd-snmp-compatibility \ + --disable-des \ --sysconfdir=%{_sysconfdir} \ --with-cflags="$RPM_OPT_FLAGS -fPIE" \ --with-ldflags="$RPM_LD_FLAGS -lm" \ @@ -505,6 +508,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_libdir}/libnetsnmptrapd*.so.%{soname}* %changelog +* Wed May 26 2021 Josef Ridky 1:5.9-11 +- disable DES and port for OpenSSL 3.0 (#1958073) + * Fri Apr 16 2021 Mohan Boddu - 1:5.9-10 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937