From 8ecf1ee7f9bd43a2322b0f4241747854e294f1e2 Mon Sep 17 00:00:00 2001 From: John Date: Wed, 6 Jan 2021 18:18:25 +0100 Subject: [PATCH] network-ups-tools: rebuild against OpenSSL --- common/shlibs | 6 +- .../patches/openssl-1.1.patch | 181 ++++++++++++++++++ srcpkgs/network-ups-tools/template | 4 +- 3 files changed, 186 insertions(+), 5 deletions(-) create mode 100644 srcpkgs/network-ups-tools/patches/openssl-1.1.patch diff --git a/common/shlibs b/common/shlibs index 2f864128b5..0bdb90c5cf 100644 --- a/common/shlibs +++ b/common/shlibs @@ -1685,9 +1685,9 @@ libgdkglext-x11-1.0.so.0 gtkglext-1.2.0_4 libXaw3d.so.8 libXaw3d-1.6.2_1 libshiboken2.so.5.15 libshiboken2-5.15.0_1 libpyside2.so.5.15 libpyside2-python3-5.15.0_1 -libupsclient.so.4 libnetwork-ups-tools-2.7.2_1 -libnutclient.so.0 libnetwork-ups-tools-2.7.2_1 -libnutscan.so.1 libnetwork-ups-tools-2.7.3_3 +libupsclient.so.4 libnetwork-ups-tools-2.7.4_12 +libnutclient.so.0 libnetwork-ups-tools-2.7.4_12 +libnutscan.so.1 libnetwork-ups-tools-2.7.4_12 libsphinxad.so.0 sphinxbase-0.8_1 libsphinxbase.so.1 sphinxbase-0.8_1 libpocketsphinx.so.1 libpocketsphinx-0.8_3 diff --git a/srcpkgs/network-ups-tools/patches/openssl-1.1.patch b/srcpkgs/network-ups-tools/patches/openssl-1.1.patch new file mode 100644 index 0000000000..a83f1ca7b3 --- /dev/null +++ b/srcpkgs/network-ups-tools/patches/openssl-1.1.patch @@ -0,0 +1,181 @@ +From da1f5aa699f54e0f6977ab64a3bc2f90a51c3104 Mon Sep 17 00:00:00 2001 +From: Arjen de Korte +Date: Mon, 27 Nov 2017 21:10:13 +0100 +Subject: [PATCH] Add support for openssl-1.1.0 + +--- clients/upsclient.c ++++ clients/upsclient.c +@@ -299,11 +299,6 @@ + { + #ifdef WITH_OPENSSL + int ret, ssl_mode = SSL_VERIFY_NONE; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- const SSL_METHOD *ssl_method; +-#else +- SSL_METHOD *ssl_method; +-#endif + #elif defined(WITH_NSS) /* WITH_OPENSSL */ + SECStatus status; + #endif /* WITH_OPENSSL | WITH_NSS */ +@@ -315,22 +310,32 @@ + } + + #ifdef WITH_OPENSSL +- +- SSL_library_init(); +- SSL_load_error_strings(); + +- ssl_method = TLSv1_client_method(); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ SSL_load_error_strings(); ++ SSL_library_init(); + +- if (!ssl_method) { +- return 0; +- } ++ ssl_ctx = SSL_CTX_new(SSLv23_client_method()); ++#else ++ ssl_ctx = SSL_CTX_new(TLS_client_method()); ++#endif + +- ssl_ctx = SSL_CTX_new(ssl_method); + if (!ssl_ctx) { + upslogx(LOG_ERR, "Can not initialize SSL context"); + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ /* set minimum protocol TLSv1 */ ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ++#else ++ ret = SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION); ++ if (ret != 1) { ++ upslogx(LOG_ERR, "Can not set minimum protocol to TLSv1"); ++ return -1; ++ } ++#endif ++ + if (!certpath) { + if (certverify == 1) { + upslogx(LOG_ERR, "Can not verify certificate if any is specified"); +@@ -737,7 +742,7 @@ + switch(res) + { + case 1: +- upsdebugx(3, "SSL connected"); ++ upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl)); + break; + case 0: + upslog_with_errno(1, "SSL_connect do not accept handshake."); +--- clients/upssched.c ++++ clients/upssched.c +@@ -794,7 +794,7 @@ + } + + if (!strcmp(cmd, "EXECUTE")) { +- if (ca1 == '\0') { ++ if (ca1[0] == '\0') { + upslogx(LOG_ERR, "Empty EXECUTE command argument"); + return; + } +--- m4/nut_check_libopenssl.m4 ++++ m4/nut_check_libopenssl.m4 +@@ -58,7 +58,7 @@ + + dnl check if openssl is usable + AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT]) +- AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no]) ++ AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no]) + + if test "${nut_have_openssl}" = "yes"; then + nut_with_ssl="yes" +--- server/netssl.c ++++ server/netssl.c +@@ -274,7 +274,7 @@ + { + case 1: + client->ssl_connected = 1; +- upsdebugx(3, "SSL connected"); ++ upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl)); + break; + + case 0: +@@ -370,13 +370,7 @@ + { + #ifdef WITH_NSS + SECStatus status; +-#elif defined(WITH_OPENSSL) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L +- const SSL_METHOD *ssl_method; +-#else +- SSL_METHOD *ssl_method; +-#endif +-#endif /* WITH_NSS|WITH_OPENSSL */ ++#endif /* WITH_NSS */ + + if (!certfile) { + return; +@@ -386,18 +380,29 @@ + + #ifdef WITH_OPENSSL + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + SSL_load_error_strings(); + SSL_library_init(); + +- if ((ssl_method = TLSv1_server_method()) == NULL) { ++ ssl_ctx = SSL_CTX_new(SSLv23_server_method()); ++#else ++ ssl_ctx = SSL_CTX_new(TLS_server_method()); ++#endif ++ ++ if (!ssl_ctx) { + ssl_debug(); +- fatalx(EXIT_FAILURE, "TLSv1_server_method failed"); ++ fatalx(EXIT_FAILURE, "SSL_CTX_new failed"); + } + +- if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ /* set minimum protocol TLSv1 */ ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ++#else ++ if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION) != 1) { + ssl_debug(); +- fatalx(EXIT_FAILURE, "SSL_CTX_new failed"); ++ fatalx(EXIT_FAILURE, "SSL_CTX_set_min_proto_version(TLS1_VERSION)"); + } ++#endif + + if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) { + ssl_debug(); +--- configure 2021-02-13 22:54:47.106372805 +0100 ++++ - 2021-02-13 22:58:18.010481917 +0100 +@@ -10399,10 +10399,10 @@ + + done + +- for ac_func in SSL_library_init ++ for ac_func in SSL_CTX_new + do : +- ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init" +-if test "x$ac_cv_func_SSL_library_init" = xyes; then : ++ ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new" ++if test "x$ac_cv_func_SSL_CTX_new" = xyes; then : + cat >>confdefs.h <<_ACEOF + #define HAVE_SSL_LIBRARY_INIT 1 + _ACEOF +@@ -10510,10 +10510,10 @@ + + done + +- for ac_func in SSL_library_init ++ for ac_func in SSL_CTX_new + do : +- ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init" +-if test "x$ac_cv_func_SSL_library_init" = xyes; then : ++ ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new" ++if test "x$ac_cv_func_SSL_CTX_new" = xyes; then : + cat >>confdefs.h <<_ACEOF + #define HAVE_SSL_LIBRARY_INIT 1 + _ACEOF diff --git a/srcpkgs/network-ups-tools/template b/srcpkgs/network-ups-tools/template index bf2e50a540..0f4f1ce5a3 100644 --- a/srcpkgs/network-ups-tools/template +++ b/srcpkgs/network-ups-tools/template @@ -1,7 +1,7 @@ # Template file for 'network-ups-tools' pkgname=network-ups-tools version=2.7.4 -revision=11 +revision=12 wrksrc="nut-${version}" build_style=gnu-configure configure_args=" @@ -11,7 +11,7 @@ configure_args=" --with-libltdl --without-ipmi --without-freeipmi --without-systemdsystemunitdir --with-snmp --with-drvpath=/usr/libexec/nut $(vopt_with cgi) --with-statepath=/run/ups" hostmakedepends="pkg-config" -makedepends="avahi-libs-devel libressl-devel libusb-compat-devel neon-devel +makedepends="avahi-libs-devel openssl-devel libusb-compat-devel neon-devel net-snmp-devel $(vopt_if cgi gd-devel) libltdl-devel" conf_files=" /etc/ups/ups.conf