Resolves: #1958073 - disable DES and port for OpenSSL 3.0

This commit is contained in:
Josef Řídký 2021-05-26 14:06:53 +02:00
parent 9ccd9075b7
commit 38d4ad14a5
2 changed files with 59 additions and 1 deletions

View File

@ -0,0 +1,52 @@
diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
--- a/snmplib/transports/snmpTLSBaseDomain.c 2021-05-18 11:15:09.247472175 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c 2021-05-24 09:39:29.297494727 +0200
@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
int openssl_local_index;
-#ifndef HAVE_ERR_GET_ERROR_ALL
-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
-static unsigned long ERR_get_error_all(const char **file, int *line,
- const char **func,
- const char **data, int *flags)
-{
- *func = NULL;
- return ERR_get_error_line_data(file, line, data, flags);
-}
-#endif
-
/* this is called during negotiation */
int verify_callback(int ok, X509_STORE_CTX *ctx) {
int err, depth;
@@ -1218,14 +1207,14 @@ void _openssl_log_error(int rc, SSL *con
}
/* other errors */
- while ((numerical_reason =
+/* while ((numerical_reason =
ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
- ERR_error_string(numerical_reason, NULL), file, func, line);
+ ERR_error_string(numerical_reason, NULL), file, func, line);*/
/* if we have a text translation: */
- if (data && (flags & ERR_TXT_STRING)) {
- snmp_log(LOG_ERR, " Textual Error: %s\n", data);
+/* if (data && (flags & ERR_TXT_STRING)) {
+ snmp_log(LOG_ERR, " Textual Error: %s\n", data);*/
/*
* per openssl man page: If it has been allocated by
* OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
@@ -1234,9 +1223,9 @@ void _openssl_log_error(int rc, SSL *con
* wants a const char **, but returns something that we might
* need to free??
*/
- if (flags & ERR_TXT_MALLOCED)
+/* if (flags & ERR_TXT_MALLOCED)
OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data)); }
- }
+ }*/
snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
}

View File

@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp Name: net-snmp
Version: 5.9 Version: 5.9
Release: 10%{?dist} Release: 11%{?dist}
Epoch: 1 Epoch: 1
License: BSD License: BSD
@ -57,6 +57,7 @@ Patch27: net-snmp-5.9-ECC-cert.patch
Patch28: net-snmp-5.9-intermediate-certs.patch Patch28: net-snmp-5.9-intermediate-certs.patch
Patch29: net-snmp-5.9-ssl-buffer-size.patch Patch29: net-snmp-5.9-ssl-buffer-size.patch
Patch30: net-snmp-5.9-twice-IP-parsing.patch Patch30: net-snmp-5.9-twice-IP-parsing.patch
Patch31: net-snmp-5.9-openssl-3.0.patch
# Modern RPM API means at least EL6 # Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -238,6 +239,7 @@ cp %{SOURCE10} .
%patch28 -p1 -b .intermediate-certs %patch28 -p1 -b .intermediate-certs
%patch29 -p1 -b .ssl-buffer-size %patch29 -p1 -b .ssl-buffer-size
%patch30 -p1 -b .twice-IP-parsing %patch30 -p1 -b .twice-IP-parsing
%patch31 -p1 -b .openssl-3-0
%patch101 -p1 -b .modern-rpm-api %patch101 -p1 -b .modern-rpm-api
%patch102 -p1 %patch102 -p1
@ -272,6 +274,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--enable-local-smux \ --enable-local-smux \
--enable-mfd-rewrites \ --enable-mfd-rewrites \
--enable-ucd-snmp-compatibility \ --enable-ucd-snmp-compatibility \
--disable-des \
--sysconfdir=%{_sysconfdir} \ --sysconfdir=%{_sysconfdir} \
--with-cflags="$RPM_OPT_FLAGS -fPIE" \ --with-cflags="$RPM_OPT_FLAGS -fPIE" \
--with-ldflags="$RPM_LD_FLAGS -lm" \ --with-ldflags="$RPM_LD_FLAGS -lm" \
@ -505,6 +508,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}* %{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog %changelog
* Wed May 26 2021 Josef Ridky <jridky@redhat.com> 1:5.9-11
- disable DES and port for OpenSSL 3.0 (#1958073)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:5.9-10
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937