[arch-commits] Commit in nrpe/trunk (3 files)

Jonathan Steel jsteel at archlinux.org
Wed Apr 26 19:01:58 UTC 2017 

    Date: Wednesday, April 26, 2017 @ 19:01:56
  Author: jsteel
Revision: 225714

upgpkg: nrpe 3.1.0-1

Modified:
  nrpe/trunk/PKGBUILD
Deleted:
  nrpe/trunk/nrpe-0010-opensslv110-strict.patch
  nrpe/trunk/nrpe-0011-opensslv110-nosslv2.patch

-------------------------------------+
 PKGBUILD                            |   18 +----
 nrpe-0010-opensslv110-strict.patch  |   54 ----------------
 nrpe-0011-opensslv110-nosslv2.patch |  113 ----------------------------------
 3 files changed, 4 insertions(+), 181 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-04-26 19:01:47 UTC (rev 225713)
+++ PKGBUILD	2017-04-26 19:01:56 UTC (rev 225714)
@@ -3,8 +3,8 @@
 # Contributor: Dale Blount <dale at archlinux.org>
 
 pkgname=nrpe
-pkgver=3.0.1
-pkgrel=4
+pkgver=3.1.0
+pkgrel=1
 pkgdesc="Nagios Remote Plugin Executor"
 arch=('i686' 'x86_64')
 license=('GPL')
@@ -13,19 +13,9 @@
 install=$pkgname.install
 backup=('etc/nrpe/nrpe.cfg' 'etc/xinetd.d/nrpe')
 url="https://github.com/NagiosEnterprises/nrpe"
-source=(https://github.com/NagiosEnterprises/nrpe/releases/download/$pkgver/$pkgname-$pkgver.tar.gz
-        nrpe-0010-opensslv110-strict.patch
-        nrpe-0011-opensslv110-nosslv2.patch)
-sha256sums=('8f56da2d74f6beca1a04fe04ead84427e582b9bb88611e04e290f59617ca3ea3'
-            '58ca691a11f5005631f4e940daa18c344b3d2f322184506d63cc1eb2633d30a3'
-            'e4383c8261b7097a46d8fe54c97391767a4ef0107d551f55d71940469f5e433f')
+source=(https://github.com/NagiosEnterprises/nrpe/releases/download/release-$pkgver/$pkgname-$pkgver.tar.gz)
+md5sums=('ad9208ef4938449986cb5c5ba094598e')
 
-prepare() {
-  cd $pkgname-$pkgver
-  patch -Np1 -i ../nrpe-0010-opensslv110-strict.patch
-  patch -Np1 -i ../nrpe-0011-opensslv110-nosslv2.patch
-}
-
 build() {
   cd $pkgname-$pkgver
 

Deleted: nrpe-0010-opensslv110-strict.patch
===================================================================
--- nrpe-0010-opensslv110-strict.patch	2017-04-26 19:01:47 UTC (rev 225713)
+++ nrpe-0010-opensslv110-strict.patch	2017-04-26 19:01:56 UTC (rev 225714)
@@ -1,54 +0,0 @@
-diff -up ./src/check_nrpe.c.opensslv110 ./src/check_nrpe.c
---- ./src/check_nrpe.c.opensslv110	2017-02-07 11:08:23.647733686 -0500
-+++ ./src/check_nrpe.c	2017-02-07 12:44:22.314160593 -0500
-@@ -980,9 +980,10 @@ int connect_to_remote()
- 			if (peer) {
- 				if (sslprm.log_opts & SSL_LogIfClientCert)
- 					syslog(LOG_NOTICE, "SSL %s has %s certificate",
--						   rem_host, peer->valid ? "a valid" : "an invalid");
-+					       rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
- 				if (sslprm.log_opts & SSL_LogCertDetails) {
--					syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
-+				        X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
-+					syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
- 					X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
- 					syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
- 				}
-@@ -1427,7 +1428,7 @@ int verify_callback(int preverify_ok, X5
- 	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
- 
- 	X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
--	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
-+	X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
- 
- 	if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
- 		&& (sslprm.log_opts & SSL_LogCertDetails)) {
-diff -up ./src/nrpe.c.opensslv110 ./src/nrpe.c
---- ./src/nrpe.c.opensslv110	2016-09-08 12:18:58.000000000 -0400
-+++ ./src/nrpe.c	2017-02-07 12:42:35.667799987 -0500
-@@ -614,7 +614,7 @@ int verify_callback(int preverify_ok, X5
- 	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
- 
- 	X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
--	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
-+	X509_NAME_oneline(err_cert, issuer, 256);
- 
- 	if (!preverify_ok && (sslprm.log_opts & SSL_LogCertDetails)) {
- 		syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
-@@ -1785,12 +1785,14 @@ int handle_conn_ssl(int sock, void *ssl_
- 		peer = SSL_get_peer_certificate(ssl);
- 
- 		if (peer) {
-+
- 			if (sslprm.log_opts & SSL_LogIfClientCert)
- 				syslog(LOG_NOTICE, "SSL Client %s has %svalid certificate",
--					   remote_host, peer->valid ? "a " : "an in");
-+				       remote_host, SSL_get_verify_result(ssl) ? "a " : "an in");
- 			if (sslprm.log_opts & SSL_LogCertDetails) {
-+				X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
- 				syslog(LOG_NOTICE, "SSL Client %s Cert Name: %s",
--					   remote_host, peer->name);
-+					   remote_host, buffer);
- 				X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
- 				syslog(LOG_NOTICE, "SSL Client %s Cert Issuer: %s",
- 					   remote_host, buffer);

Deleted: nrpe-0011-opensslv110-nosslv2.patch
===================================================================
--- nrpe-0011-opensslv110-nosslv2.patch	2017-04-26 19:01:47 UTC (rev 225713)
+++ nrpe-0011-opensslv110-nosslv2.patch	2017-04-26 19:01:56 UTC (rev 225714)
@@ -1,113 +0,0 @@
-diff -up ./src/check_nrpe.c.opensslv110_nossl2 ./src/check_nrpe.c
---- ./src/check_nrpe.c.opensslv110_nossl2	2017-02-07 13:51:02.848680596 -0500
-+++ ./src/check_nrpe.c	2017-02-07 13:56:14.134901320 -0500
-@@ -64,7 +64,7 @@ int use_ssl = FALSE;
- 
- /* SSL/TLS parameters */
- typedef enum _SSL_VER {
--	SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus,
-+	SSL_Ver_Invalid = 0, SSLv3=3, SSLv3_plus,
- 	TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
- } SslVer;
- 
-@@ -402,11 +402,7 @@ int process_arguments(int argc, char **a
- 								"overrides the config file option.");
- 				break;
- 			}
--			if (!strcmp(optarg, "SSLv2"))
--				sslprm.ssl_min_ver = SSLv2;
--			else if (!strcmp(optarg, "SSLv2+"))
--				sslprm.ssl_min_ver = SSLv2_plus;
--			else if (!strcmp(optarg, "SSLv3"))
-+			if (!strcmp(optarg, "SSLv3"))
- 				sslprm.ssl_min_ver = SSLv3;
- 			else if (!strcmp(optarg, "SSLv3+"))
- 				sslprm.ssl_min_ver = SSLv3_plus;
-@@ -665,8 +661,8 @@ void usage(int result)
- 		printf("                2 = Force Anonymous Diffie Hellman\n");
- 		printf(" <size>       = Specify non-default payload size for NSClient++\n");
- 		printf
--			(" <ssl ver>    = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
--		printf("                SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
-+			(" <ssl ver>    = The SSL/TLS version to use. Can be any one of: \n");
-+		printf("                SSLv3 (only), SSLv3+ (or above),\n");
- 		printf("                TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
- 		printf("                TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
- 		printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
-@@ -736,12 +732,6 @@ void setup_ssl()
- 			   sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
- 		syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
- 		switch (sslprm.ssl_min_ver) {
--		case SSLv2:
--			val = "SSLv2";
--			break;
--		case SSLv2_plus:
--			val = "SSLv2 And Above";
--			break;
- 		case SSLv3:
- 			val = "SSLv3";
- 			break;
-@@ -779,10 +769,6 @@ void setup_ssl()
- 		SSL_library_init();
- 		meth = SSLv23_client_method();
- 
--# ifndef OPENSSL_NO_SSL2
--		if (sslprm.ssl_min_ver == SSLv2)
--			meth = SSLv2_client_method();
--# endif
- # ifndef OPENSSL_NO_SSL3
- 		if (sslprm.ssl_min_ver == SSLv3)
- 			meth = SSLv3_client_method();
-diff -up ./src/nrpe.c.opensslv110_nossl2 ./src/nrpe.c
---- ./src/nrpe.c.opensslv110_nossl2	2017-02-07 13:51:02.849680580 -0500
-+++ ./src/nrpe.c	2017-02-07 13:51:02.851680549 -0500
-@@ -109,7 +109,7 @@ int       listen_queue_size = DEFAULT_LI
- 
- /* SSL/TLS parameters */
- typedef enum _SSL_VER {
--	SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1,
-+	SSLv3=3, SSLv3_plus, TLSv1,
- 	TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus
- } SslVer;
- 
-@@ -278,10 +278,10 @@ void init_ssl(void)
- 			}
- 		}
- 	}
--# ifndef OPENSSL_NO_SSL2
--	if (sslprm.ssl_min_ver == SSLv2)
--		meth = SSLv2_server_method();
--# endif
-+
-+
-+
-+
- # ifndef OPENSSL_NO_SSL3
- 	if (sslprm.ssl_min_ver == SSLv3)
- 		meth = SSLv3_server_method();
-@@ -385,12 +385,6 @@ void log_ssl_startup(void)
- 													 1 ? "Accept" : "Require"));
- 	syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
- 	switch (sslprm.ssl_min_ver) {
--	case SSLv2:
--		vers = "SSLv2";
--		break;
--	case SSLv2_plus:
--		vers = "SSLv2 And Above";
--		break;
- 	case SSLv3:
- 		vers = "SSLv3";
- 		break;
-@@ -796,11 +790,7 @@ int read_config_file(char *filename)
- 			}
- 
- 		} else if (!strcmp(varname, "ssl_version")) {
--			if (!strcmp(varvalue, "SSLv2"))
--				sslprm.ssl_min_ver = SSLv2;
--			else if (!strcmp(varvalue, "SSLv2+"))
--				sslprm.ssl_min_ver = SSLv2_plus;
--			else if (!strcmp(varvalue, "SSLv3"))
-+		        if (!strcmp(varvalue, "SSLv3"))
- 				sslprm.ssl_min_ver = SSLv3;
- 			else if (!strcmp(varvalue, "SSLv3+"))
- 				sslprm.ssl_min_ver = SSLv3_plus;

More information about the arch-commits mailing list