network-ups-tools: rebuild against OpenSSL

2021-01-06 18:18:25 +01:00 · 2021-01-06 18:18:25 +01:00 · 8ecf1ee7f9
commit 8ecf1ee7f9
parent 7011461805
3 changed files with 186 additions and 5 deletions
--- a/common/shlibs
+++ b/common/shlibs
@ -1685,9 +1685,9 @@ libgdkglext-x11-1.0.so.0 gtkglext-1.2.0_4
 libXaw3d.so.8 libXaw3d-1.6.2_1
 libshiboken2.so.5.15 libshiboken2-5.15.0_1
 libpyside2.so.5.15 libpyside2-python3-5.15.0_1
-libupsclient.so.4 libnetwork-ups-tools-2.7.2_1
+libupsclient.so.4 libnetwork-ups-tools-2.7.4_12
-libnutclient.so.0 libnetwork-ups-tools-2.7.2_1
+libnutclient.so.0 libnetwork-ups-tools-2.7.4_12
-libnutscan.so.1 libnetwork-ups-tools-2.7.3_3
+libnutscan.so.1 libnetwork-ups-tools-2.7.4_12
 libsphinxad.so.0 sphinxbase-0.8_1
 libsphinxbase.so.1 sphinxbase-0.8_1
 libpocketsphinx.so.1 libpocketsphinx-0.8_3
--- a/srcpkgs/network-ups-tools/patches/openssl-1.1.patch
+++ b/srcpkgs/network-ups-tools/patches/openssl-1.1.patch
@ -0,0 +1,181 @@
 From da1f5aa699f54e0f6977ab64a3bc2f90a51c3104 Mon Sep 17 00:00:00 2001
 From: Arjen de Korte <build+lede@de-korte.org>
 Date: Mon, 27 Nov 2017 21:10:13 +0100
 Subject: [PATCH] Add support for openssl-1.1.0
 --- clients/upsclient.c
 +++ clients/upsclient.c
@@ -299,11 +299,6 @@
 {
 #ifdef WITH_OPENSSL
 	int ret, ssl_mode = SSL_VERIFY_NONE;
 -#if OPENSSL_VERSION_NUMBER >= 0x10000000L
 -	const SSL_METHOD	*ssl_method;
 -#else
 -	SSL_METHOD	*ssl_method;
 -#endif
 #elif defined(WITH_NSS) /* WITH_OPENSSL */
 	SECStatus	status;
 #endif /* WITH_OPENSSL | WITH_NSS */
@@ -315,22 +310,32 @@
 	}
 #ifdef WITH_OPENSSL
 -	
 -	SSL_library_init();
 -	SSL_load_error_strings();
 -	ssl_method = TLSv1_client_method();
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +	SSL_load_error_strings();
 +	SSL_library_init();
 -	if (!ssl_method) {
 -		return 0;
 -	}
 +	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
 +#else
 +	ssl_ctx = SSL_CTX_new(TLS_client_method());
 +#endif
 -	ssl_ctx = SSL_CTX_new(ssl_method);
 	if (!ssl_ctx) {
 		upslogx(LOG_ERR, "Can not initialize SSL context");
 		return -1;
 	}
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +	/* set minimum protocol TLSv1 */
 +	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 +#else
 +	ret = SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
 +	if (ret != 1) {
 +		upslogx(LOG_ERR, "Can not set minimum protocol to TLSv1");
 +		return -1;
 +	}
 +#endif
 +
 	if (!certpath) {
 		if (certverify == 1) {
 			upslogx(LOG_ERR, "Can not verify certificate if any is specified");
@@ -737,7 +742,7 @@
 	switch(res)
 	{
 	case 1:
 -		upsdebugx(3, "SSL connected");
 +		upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl));
 		break;
 	case 0:
 		upslog_with_errno(1, "SSL_connect do not accept handshake.");
 --- clients/upssched.c
 +++ clients/upssched.c
@@ -794,7 +794,7 @@
 	}
 	if (!strcmp(cmd, "EXECUTE")) {
 -		if (ca1 == '\0') {
 +		if (ca1[0] == '\0') {
 			upslogx(LOG_ERR, "Empty EXECUTE command argument");
 			return;
 		}
 --- m4/nut_check_libopenssl.m4
 +++ m4/nut_check_libopenssl.m4
@@ -58,7 +58,7 @@
 	dnl check if openssl is usable
 	AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
 -	AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no])
 +	AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no])
 	if test "${nut_have_openssl}" = "yes"; then
 		nut_with_ssl="yes"
 --- server/netssl.c
 +++ server/netssl.c
@@ -274,7 +274,7 @@
 	{
 	case 1:
 		client->ssl_connected = 1;
 -		upsdebugx(3, "SSL connected");
 +		upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl));
 		break;
 	case 0:
@@ -370,13 +370,7 @@
 {
 #ifdef WITH_NSS
 	SECStatus status;
 -#elif defined(WITH_OPENSSL)
 -#if OPENSSL_VERSION_NUMBER >= 0x10000000L
 -	const SSL_METHOD	*ssl_method;
 -#else
 -	SSL_METHOD	*ssl_method;
 -#endif
 -#endif /* WITH_NSS|WITH_OPENSSL */
 +#endif /* WITH_NSS */
 	if (!certfile) {
 		return;
@@ -386,18 +380,29 @@
 #ifdef WITH_OPENSSL
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_load_error_strings();
 	SSL_library_init();
 -	if ((ssl_method = TLSv1_server_method()) == NULL) {
 +	ssl_ctx = SSL_CTX_new(SSLv23_server_method());
 +#else
 +	ssl_ctx = SSL_CTX_new(TLS_server_method());
 +#endif
 +
 +	if (!ssl_ctx) {
 		ssl_debug();
 -		fatalx(EXIT_FAILURE, "TLSv1_server_method failed");
 +		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
 	}
 -	if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) {
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +	/* set minimum protocol TLSv1 */
 +	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 +#else
 +	if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION) != 1) {
 		ssl_debug();
 -		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
 +		fatalx(EXIT_FAILURE, "SSL_CTX_set_min_proto_version(TLS1_VERSION)");
 	}
 +#endif
 	if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
 		ssl_debug();
 --- configure	2021-02-13 22:54:47.106372805 +0100
 +++ -	2021-02-13 22:58:18.010481917 +0100
@@ -10399,10 +10399,10 @@
 done
 -	for ac_func in SSL_library_init
 +	for ac_func in SSL_CTX_new
 do :
 -  ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init"
 -if test "x$ac_cv_func_SSL_library_init" = xyes; then :
 +  ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new"
 +if test "x$ac_cv_func_SSL_CTX_new" = xyes; then :
   cat >>confdefs.h <<_ACEOF
 #define HAVE_SSL_LIBRARY_INIT 1
 _ACEOF
@@ -10510,10 +10510,10 @@
 done
 -	for ac_func in SSL_library_init
 +	for ac_func in SSL_CTX_new
 do :
 -  ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init"
 -if test "x$ac_cv_func_SSL_library_init" = xyes; then :
 +  ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new"
 +if test "x$ac_cv_func_SSL_CTX_new" = xyes; then :
   cat >>confdefs.h <<_ACEOF
 #define HAVE_SSL_LIBRARY_INIT 1
 _ACEOF
--- a/srcpkgs/network-ups-tools/template
+++ b/srcpkgs/network-ups-tools/template
@ -1,7 +1,7 @@
 # Template file for 'network-ups-tools'
 pkgname=network-ups-tools
 version=2.7.4
-revision=11
+revision=12
 wrksrc="nut-${version}"
 build_style=gnu-configure
 configure_args="
@ -11,7 +11,7 @@ configure_args="
 --with-libltdl --without-ipmi --without-freeipmi --without-systemdsystemunitdir
 --with-snmp --with-drvpath=/usr/libexec/nut $(vopt_with cgi) --with-statepath=/run/ups"
 hostmakedepends="pkg-config"
-makedepends="avahi-libs-devel libressl-devel libusb-compat-devel neon-devel
+makedepends="avahi-libs-devel openssl-devel libusb-compat-devel neon-devel
 net-snmp-devel $(vopt_if cgi gd-devel) libltdl-devel"
 conf_files="
 	/etc/ups/ups.conf