network-ups-tools: rebuild against OpenSSL

common/shlibs

@@ -1685,9 +1685,9 @@ libgdkglext-x11-1.0.so.0 gtkglext-1.2.0_4
 libXaw3d.so.8 libXaw3d-1.6.2_1
 libshiboken2.so.5.15 libshiboken2-5.15.0_1
 libpyside2.so.5.15 libpyside2-python3-5.15.0_1
-libupsclient.so.4 libnetwork-ups-tools-2.7.2_1
-libnutclient.so.0 libnetwork-ups-tools-2.7.2_1
-libnutscan.so.1 libnetwork-ups-tools-2.7.3_3
+libupsclient.so.4 libnetwork-ups-tools-2.7.4_12
+libnutclient.so.0 libnetwork-ups-tools-2.7.4_12
+libnutscan.so.1 libnetwork-ups-tools-2.7.4_12
 libsphinxad.so.0 sphinxbase-0.8_1
 libsphinxbase.so.1 sphinxbase-0.8_1
 libpocketsphinx.so.1 libpocketsphinx-0.8_3

srcpkgs/network-ups-tools/patches/openssl-1.1.patch

@@ -0,0 +1,181 @@
+From da1f5aa699f54e0f6977ab64a3bc2f90a51c3104 Mon Sep 17 00:00:00 2001
+From: Arjen de Korte <build+lede@de-korte.org>
+Date: Mon, 27 Nov 2017 21:10:13 +0100
+Subject: [PATCH] Add support for openssl-1.1.0
+
+--- clients/upsclient.c
++++ clients/upsclient.c
+@@ -299,11 +299,6 @@
+ {
+ #ifdef WITH_OPENSSL
+ 	int ret, ssl_mode = SSL_VERIFY_NONE;
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+-	const SSL_METHOD	*ssl_method;
+-#else
+-	SSL_METHOD	*ssl_method;
+-#endif
+ #elif defined(WITH_NSS) /* WITH_OPENSSL */
+ 	SECStatus	status;
+ #endif /* WITH_OPENSSL | WITH_NSS */
+@@ -315,22 +310,32 @@
+ 	}
+ 	
+ #ifdef WITH_OPENSSL
+-	
+-	SSL_library_init();
+-	SSL_load_error_strings();
+ 
+-	ssl_method = TLSv1_client_method();
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++	SSL_load_error_strings();
++	SSL_library_init();
+ 
+-	if (!ssl_method) {
+-		return 0;
+-	}
++	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
++#else
++	ssl_ctx = SSL_CTX_new(TLS_client_method());
++#endif
+ 
+-	ssl_ctx = SSL_CTX_new(ssl_method);
+ 	if (!ssl_ctx) {
+ 		upslogx(LOG_ERR, "Can not initialize SSL context");
+ 		return -1;
+ 	}
+ 	
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++	/* set minimum protocol TLSv1 */
++	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
++#else
++	ret = SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
++	if (ret != 1) {
++		upslogx(LOG_ERR, "Can not set minimum protocol to TLSv1");
++		return -1;
++	}
++#endif
++
+ 	if (!certpath) {
+ 		if (certverify == 1) {
+ 			upslogx(LOG_ERR, "Can not verify certificate if any is specified");
+@@ -737,7 +742,7 @@
+ 	switch(res)
+ 	{
+ 	case 1:
+-		upsdebugx(3, "SSL connected");
++		upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl));
+ 		break;
+ 	case 0:
+ 		upslog_with_errno(1, "SSL_connect do not accept handshake.");
+--- clients/upssched.c
++++ clients/upssched.c
+@@ -794,7 +794,7 @@
+ 	}
+ 
+ 	if (!strcmp(cmd, "EXECUTE")) {
+-		if (ca1 == '\0') {
++		if (ca1[0] == '\0') {
+ 			upslogx(LOG_ERR, "Empty EXECUTE command argument");
+ 			return;
+ 		}
+--- m4/nut_check_libopenssl.m4
++++ m4/nut_check_libopenssl.m4
+@@ -58,7 +58,7 @@
+ 
+ 	dnl check if openssl is usable
+ 	AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
+-	AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no])
++	AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no])
+ 
+ 	if test "${nut_have_openssl}" = "yes"; then
+ 		nut_with_ssl="yes"
+--- server/netssl.c
++++ server/netssl.c
+@@ -274,7 +274,7 @@
+ 	{
+ 	case 1:
+ 		client->ssl_connected = 1;
+-		upsdebugx(3, "SSL connected");
++		upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl));
+ 		break;
+ 		
+ 	case 0:
+@@ -370,13 +370,7 @@
+ {
+ #ifdef WITH_NSS
+ 	SECStatus status;
+-#elif defined(WITH_OPENSSL)
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+-	const SSL_METHOD	*ssl_method;
+-#else
+-	SSL_METHOD	*ssl_method;
+-#endif
+-#endif /* WITH_NSS|WITH_OPENSSL */
++#endif /* WITH_NSS */
+ 
+ 	if (!certfile) {
+ 		return;
+@@ -386,18 +380,29 @@
+ 
+ #ifdef WITH_OPENSSL
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	SSL_load_error_strings();
+ 	SSL_library_init();
+ 
+-	if ((ssl_method = TLSv1_server_method()) == NULL) {
++	ssl_ctx = SSL_CTX_new(SSLv23_server_method());
++#else
++	ssl_ctx = SSL_CTX_new(TLS_server_method());
++#endif
++
++	if (!ssl_ctx) {
+ 		ssl_debug();
+-		fatalx(EXIT_FAILURE, "TLSv1_server_method failed");
++		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
+ 	}
+ 
+-	if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++	/* set minimum protocol TLSv1 */
++	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
++#else
++	if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION) != 1) {
+ 		ssl_debug();
+-		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
++		fatalx(EXIT_FAILURE, "SSL_CTX_set_min_proto_version(TLS1_VERSION)");
+ 	}
++#endif
+ 
+ 	if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
+ 		ssl_debug();
+--- configure	2021-02-13 22:54:47.106372805 +0100
++++ -	2021-02-13 22:58:18.010481917 +0100
+@@ -10399,10 +10399,10 @@
+ 
+ done
+ 
+-	for ac_func in SSL_library_init
++	for ac_func in SSL_CTX_new
+ do :
+-  ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init"
+-if test "x$ac_cv_func_SSL_library_init" = xyes; then :
++  ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new"
++if test "x$ac_cv_func_SSL_CTX_new" = xyes; then :
+   cat >>confdefs.h <<_ACEOF
+ #define HAVE_SSL_LIBRARY_INIT 1
+ _ACEOF
+@@ -10510,10 +10510,10 @@
+ 
+ done
+ 
+-	for ac_func in SSL_library_init
++	for ac_func in SSL_CTX_new
+ do :
+-  ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init"
+-if test "x$ac_cv_func_SSL_library_init" = xyes; then :
++  ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new"
++if test "x$ac_cv_func_SSL_CTX_new" = xyes; then :
+   cat >>confdefs.h <<_ACEOF
+ #define HAVE_SSL_LIBRARY_INIT 1
+ _ACEOF

srcpkgs/network-ups-tools/template

@@ -1,7 +1,7 @@
 # Template file for 'network-ups-tools'
 pkgname=network-ups-tools
 version=2.7.4
-revision=11
+revision=12
 wrksrc="nut-${version}"
 build_style=gnu-configure
 configure_args="
@@ -11,7 +11,7 @@ configure_args="
  --with-libltdl --without-ipmi --without-freeipmi --without-systemdsystemunitdir
  --with-snmp --with-drvpath=/usr/libexec/nut $(vopt_with cgi) --with-statepath=/run/ups"
 hostmakedepends="pkg-config"
-makedepends="avahi-libs-devel libressl-devel libusb-compat-devel neon-devel
+makedepends="avahi-libs-devel openssl-devel libusb-compat-devel neon-devel
  net-snmp-devel $(vopt_if cgi gd-devel) libltdl-devel"
 conf_files="
 	/etc/ups/ups.conf