network-ups-tools: rebuild against OpenSSL
This commit is contained in:
parent
7011461805
commit
8ecf1ee7f9
3 changed files with 186 additions and 5 deletions
|
@ -1685,9 +1685,9 @@ libgdkglext-x11-1.0.so.0 gtkglext-1.2.0_4
|
|||
libXaw3d.so.8 libXaw3d-1.6.2_1
|
||||
libshiboken2.so.5.15 libshiboken2-5.15.0_1
|
||||
libpyside2.so.5.15 libpyside2-python3-5.15.0_1
|
||||
libupsclient.so.4 libnetwork-ups-tools-2.7.2_1
|
||||
libnutclient.so.0 libnetwork-ups-tools-2.7.2_1
|
||||
libnutscan.so.1 libnetwork-ups-tools-2.7.3_3
|
||||
libupsclient.so.4 libnetwork-ups-tools-2.7.4_12
|
||||
libnutclient.so.0 libnetwork-ups-tools-2.7.4_12
|
||||
libnutscan.so.1 libnetwork-ups-tools-2.7.4_12
|
||||
libsphinxad.so.0 sphinxbase-0.8_1
|
||||
libsphinxbase.so.1 sphinxbase-0.8_1
|
||||
libpocketsphinx.so.1 libpocketsphinx-0.8_3
|
||||
|
|
181
srcpkgs/network-ups-tools/patches/openssl-1.1.patch
Normal file
181
srcpkgs/network-ups-tools/patches/openssl-1.1.patch
Normal file
|
@ -0,0 +1,181 @@
|
|||
From da1f5aa699f54e0f6977ab64a3bc2f90a51c3104 Mon Sep 17 00:00:00 2001
|
||||
From: Arjen de Korte <build+lede@de-korte.org>
|
||||
Date: Mon, 27 Nov 2017 21:10:13 +0100
|
||||
Subject: [PATCH] Add support for openssl-1.1.0
|
||||
|
||||
--- clients/upsclient.c
|
||||
+++ clients/upsclient.c
|
||||
@@ -299,11 +299,6 @@
|
||||
{
|
||||
#ifdef WITH_OPENSSL
|
||||
int ret, ssl_mode = SSL_VERIFY_NONE;
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
- const SSL_METHOD *ssl_method;
|
||||
-#else
|
||||
- SSL_METHOD *ssl_method;
|
||||
-#endif
|
||||
#elif defined(WITH_NSS) /* WITH_OPENSSL */
|
||||
SECStatus status;
|
||||
#endif /* WITH_OPENSSL | WITH_NSS */
|
||||
@@ -315,22 +310,32 @@
|
||||
}
|
||||
|
||||
#ifdef WITH_OPENSSL
|
||||
-
|
||||
- SSL_library_init();
|
||||
- SSL_load_error_strings();
|
||||
|
||||
- ssl_method = TLSv1_client_method();
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+ SSL_load_error_strings();
|
||||
+ SSL_library_init();
|
||||
|
||||
- if (!ssl_method) {
|
||||
- return 0;
|
||||
- }
|
||||
+ ssl_ctx = SSL_CTX_new(SSLv23_client_method());
|
||||
+#else
|
||||
+ ssl_ctx = SSL_CTX_new(TLS_client_method());
|
||||
+#endif
|
||||
|
||||
- ssl_ctx = SSL_CTX_new(ssl_method);
|
||||
if (!ssl_ctx) {
|
||||
upslogx(LOG_ERR, "Can not initialize SSL context");
|
||||
return -1;
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+ /* set minimum protocol TLSv1 */
|
||||
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||
+#else
|
||||
+ ret = SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
|
||||
+ if (ret != 1) {
|
||||
+ upslogx(LOG_ERR, "Can not set minimum protocol to TLSv1");
|
||||
+ return -1;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (!certpath) {
|
||||
if (certverify == 1) {
|
||||
upslogx(LOG_ERR, "Can not verify certificate if any is specified");
|
||||
@@ -737,7 +742,7 @@
|
||||
switch(res)
|
||||
{
|
||||
case 1:
|
||||
- upsdebugx(3, "SSL connected");
|
||||
+ upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl));
|
||||
break;
|
||||
case 0:
|
||||
upslog_with_errno(1, "SSL_connect do not accept handshake.");
|
||||
--- clients/upssched.c
|
||||
+++ clients/upssched.c
|
||||
@@ -794,7 +794,7 @@
|
||||
}
|
||||
|
||||
if (!strcmp(cmd, "EXECUTE")) {
|
||||
- if (ca1 == '\0') {
|
||||
+ if (ca1[0] == '\0') {
|
||||
upslogx(LOG_ERR, "Empty EXECUTE command argument");
|
||||
return;
|
||||
}
|
||||
--- m4/nut_check_libopenssl.m4
|
||||
+++ m4/nut_check_libopenssl.m4
|
||||
@@ -58,7 +58,7 @@
|
||||
|
||||
dnl check if openssl is usable
|
||||
AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
|
||||
- AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no])
|
||||
+ AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no])
|
||||
|
||||
if test "${nut_have_openssl}" = "yes"; then
|
||||
nut_with_ssl="yes"
|
||||
--- server/netssl.c
|
||||
+++ server/netssl.c
|
||||
@@ -274,7 +274,7 @@
|
||||
{
|
||||
case 1:
|
||||
client->ssl_connected = 1;
|
||||
- upsdebugx(3, "SSL connected");
|
||||
+ upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl));
|
||||
break;
|
||||
|
||||
case 0:
|
||||
@@ -370,13 +370,7 @@
|
||||
{
|
||||
#ifdef WITH_NSS
|
||||
SECStatus status;
|
||||
-#elif defined(WITH_OPENSSL)
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
- const SSL_METHOD *ssl_method;
|
||||
-#else
|
||||
- SSL_METHOD *ssl_method;
|
||||
-#endif
|
||||
-#endif /* WITH_NSS|WITH_OPENSSL */
|
||||
+#endif /* WITH_NSS */
|
||||
|
||||
if (!certfile) {
|
||||
return;
|
||||
@@ -386,18 +380,29 @@
|
||||
|
||||
#ifdef WITH_OPENSSL
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
SSL_load_error_strings();
|
||||
SSL_library_init();
|
||||
|
||||
- if ((ssl_method = TLSv1_server_method()) == NULL) {
|
||||
+ ssl_ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
+#else
|
||||
+ ssl_ctx = SSL_CTX_new(TLS_server_method());
|
||||
+#endif
|
||||
+
|
||||
+ if (!ssl_ctx) {
|
||||
ssl_debug();
|
||||
- fatalx(EXIT_FAILURE, "TLSv1_server_method failed");
|
||||
+ fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
|
||||
}
|
||||
|
||||
- if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) {
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+ /* set minimum protocol TLSv1 */
|
||||
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||
+#else
|
||||
+ if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION) != 1) {
|
||||
ssl_debug();
|
||||
- fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
|
||||
+ fatalx(EXIT_FAILURE, "SSL_CTX_set_min_proto_version(TLS1_VERSION)");
|
||||
}
|
||||
+#endif
|
||||
|
||||
if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
|
||||
ssl_debug();
|
||||
--- configure 2021-02-13 22:54:47.106372805 +0100
|
||||
+++ - 2021-02-13 22:58:18.010481917 +0100
|
||||
@@ -10399,10 +10399,10 @@
|
||||
|
||||
done
|
||||
|
||||
- for ac_func in SSL_library_init
|
||||
+ for ac_func in SSL_CTX_new
|
||||
do :
|
||||
- ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init"
|
||||
-if test "x$ac_cv_func_SSL_library_init" = xyes; then :
|
||||
+ ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new"
|
||||
+if test "x$ac_cv_func_SSL_CTX_new" = xyes; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_SSL_LIBRARY_INIT 1
|
||||
_ACEOF
|
||||
@@ -10510,10 +10510,10 @@
|
||||
|
||||
done
|
||||
|
||||
- for ac_func in SSL_library_init
|
||||
+ for ac_func in SSL_CTX_new
|
||||
do :
|
||||
- ac_fn_c_check_func "$LINENO" "SSL_library_init" "ac_cv_func_SSL_library_init"
|
||||
-if test "x$ac_cv_func_SSL_library_init" = xyes; then :
|
||||
+ ac_fn_c_check_func "$LINENO" "SSL_CTX_new" "ac_cv_func_SSL_CTX_new"
|
||||
+if test "x$ac_cv_func_SSL_CTX_new" = xyes; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_SSL_LIBRARY_INIT 1
|
||||
_ACEOF
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'network-ups-tools'
|
||||
pkgname=network-ups-tools
|
||||
version=2.7.4
|
||||
revision=11
|
||||
revision=12
|
||||
wrksrc="nut-${version}"
|
||||
build_style=gnu-configure
|
||||
configure_args="
|
||||
|
@ -11,7 +11,7 @@ configure_args="
|
|||
--with-libltdl --without-ipmi --without-freeipmi --without-systemdsystemunitdir
|
||||
--with-snmp --with-drvpath=/usr/libexec/nut $(vopt_with cgi) --with-statepath=/run/ups"
|
||||
hostmakedepends="pkg-config"
|
||||
makedepends="avahi-libs-devel libressl-devel libusb-compat-devel neon-devel
|
||||
makedepends="avahi-libs-devel openssl-devel libusb-compat-devel neon-devel
|
||||
net-snmp-devel $(vopt_if cgi gd-devel) libltdl-devel"
|
||||
conf_files="
|
||||
/etc/ups/ups.conf
|
||||
|
|
Loading…
Reference in a new issue