Resolves: #1958073 - disable DES and port for OpenSSL 3.0

2021-05-26 14:06:53 +02:00 · 2021-05-26 14:06:53 +02:00 · 38d4ad14a5
commit 38d4ad14a5
parent 9ccd9075b7
2 changed files with 59 additions and 1 deletions
--- a/net-snmp-5.9-openssl-3.0.patch
+++ b/net-snmp-5.9-openssl-3.0.patch
@ -0,0 +1,52 @@
 diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
 --- a/snmplib/transports/snmpTLSBaseDomain.c	2021-05-18 11:15:09.247472175 +0200
 +++ b/snmplib/transports/snmpTLSBaseDomain.c	2021-05-24 09:39:29.297494727 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
 int openssl_local_index;
 -#ifndef HAVE_ERR_GET_ERROR_ALL
 -/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
 -static unsigned long ERR_get_error_all(const char **file, int *line,
 -                                       const char **func,
 -                                       const char **data, int *flags)
 -{
 -    *func = NULL;
 -    return ERR_get_error_line_data(file, line, data, flags);
 -}
 -#endif
 -
 /* this is called during negotiation */
 int verify_callback(int ok, X509_STORE_CTX *ctx) {
     int err, depth;
@@ -1218,14 +1207,14 @@ void _openssl_log_error(int rc, SSL *con
     }
     /* other errors */
 -    while ((numerical_reason =
 +/*    while ((numerical_reason =
             ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
         snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
 -                 ERR_error_string(numerical_reason, NULL), file, func, line);
 +                 ERR_error_string(numerical_reason, NULL), file, func, line);*/
         /* if we have a text translation: */
 -        if (data && (flags & ERR_TXT_STRING)) {
 -            snmp_log(LOG_ERR, "  Textual Error: %s\n", data);
 +/*        if (data && (flags & ERR_TXT_STRING)) {
 +            snmp_log(LOG_ERR, "  Textual Error: %s\n", data);*/
             /*
              * per openssl man page: If it has been allocated by
              * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
@@ -1234,9 +1223,9 @@ void _openssl_log_error(int rc, SSL *con
              * wants a const char **, but returns something that we might
              * need to free??
              */
 -            if (flags & ERR_TXT_MALLOCED)
 +/*            if (flags & ERR_TXT_MALLOCED)
                 OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data));        }
 -    }
 +    }*/
     snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
 }
--- a/net-snmp.spec
+++ b/net-snmp.spec
@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.9
-Release:    10%{?dist}
+Release:    11%{?dist}
 Epoch:      1
 License:    BSD
@ -57,6 +57,7 @@ Patch27:    net-snmp-5.9-ECC-cert.patch
 Patch28:    net-snmp-5.9-intermediate-certs.patch
 Patch29:    net-snmp-5.9-ssl-buffer-size.patch
 Patch30:    net-snmp-5.9-twice-IP-parsing.patch
 Patch31:    net-snmp-5.9-openssl-3.0.patch
 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@ -238,6 +239,7 @@ cp %{SOURCE10} .
 %patch28 -p1 -b .intermediate-certs
 %patch29 -p1 -b .ssl-buffer-size
 %patch30 -p1 -b .twice-IP-parsing
 %patch31 -p1 -b .openssl-3-0
 %patch101 -p1 -b .modern-rpm-api
 %patch102 -p1
@ -272,6 +274,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
    --enable-local-smux \
    --enable-mfd-rewrites \
    --enable-ucd-snmp-compatibility \
    --disable-des \
    --sysconfdir=%{_sysconfdir} \
    --with-cflags="$RPM_OPT_FLAGS -fPIE" \
    --with-ldflags="$RPM_LD_FLAGS -lm" \
@ -505,6 +508,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*
 %changelog
 * Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11
 - disable DES and port for OpenSSL 3.0 (#1958073)
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937