[arch-commits] Commit in net-snmp/trunk (PKGBUILD fix-openssl-build-errors.patch)

Jelle van der Waa jelle at archlinux.org
Fri Mar 10 20:04:44 UTC 2017


    Date: Friday, March 10, 2017 @ 20:04:44
  Author: jelle
Revision: 290505

upgpkg: net-snmp 5.7.3-4

openssl 1.1.0 rebuild

Added:
  net-snmp/trunk/fix-openssl-build-errors.patch
Modified:
  net-snmp/trunk/PKGBUILD

--------------------------------+
 PKGBUILD                       |    9 +-
 fix-openssl-build-errors.patch |  171 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 177 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-03-10 15:42:47 UTC (rev 290504)
+++ PKGBUILD	2017-03-10 20:04:44 UTC (rev 290505)
@@ -4,7 +4,7 @@
 
 pkgname=net-snmp
 pkgver=5.7.3
-pkgrel=3
+pkgrel=4
 pkgdesc="A suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6"
 arch=('i686' 'x86_64')
 url="http://www.net-snmp.org/"
@@ -16,12 +16,13 @@
             'python2: for the python modules')
 options=('!emptydirs' '!makeflags')
 source=(http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz{,.asc}
-        snmpd.service snmptrapd.service net-snmp-5.7.3-perl-5.24.patch)
+        snmpd.service snmptrapd.service net-snmp-5.7.3-perl-5.24.patch fix-openssl-build-errors.patch)
 sha1sums=('97dc25077257680815de44e34128d365c76bd839'
           'SKIP'
           '84e32c54d32e6b608747054e04a3ddfe6d6638cc'
           '0244e91c7baa0abebfb5c0560e8ce04c966c5992'
-          '31beef2cb5ad9b4ac655f8ced53058ebf6e99ca9')
+          '31beef2cb5ad9b4ac655f8ced53058ebf6e99ca9'
+          'b329ff700a3e20cdfcab4643a573ef976f9182c0')
 validpgpkeys=('8AAA779B597B405BBC329B6376CF47B8A77C5329'
               '27CAA4A32E371383A33ED0587D5F9576E0F81533')  # Net-SNMP Administrators
 
@@ -28,6 +29,8 @@
 prepare() {
   cd ${pkgname}-${pkgver}
   patch -p1 -i ../net-snmp-5.7.3-perl-5.24.patch
+  patch -p1 -i ../fix-openssl-build-errors.patch
+  autoreconf -i
 }
 
 build() {

Added: fix-openssl-build-errors.patch
===================================================================
--- fix-openssl-build-errors.patch	                        (rev 0)
+++ fix-openssl-build-errors.patch	2017-03-10 20:04:44 UTC (rev 290505)
@@ -0,0 +1,171 @@
+net-snmp build fails on Debian 9 with OpenSSL 1.1.0
+
+With these changes, net-snmp builds with both
+OpenSSL 1.0.x and 1.1.x.
+
+Author: Sharmila Podury <sharmila.podury at brocade.com>
+
+--- a/apps/snmpusm.c
++++ b/apps/snmpusm.c
+@@ -125,6 +125,32 @@ char           *usmUserPublic_val = NULL
+ int             docreateandwait = 0;
+ 
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <string.h>
++#include <openssl/engine.h>
++
++void DH_get0_pqg(const DH *dh,
++                const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++   if (p != NULL)
++       *p = dh->p;
++   if (q != NULL)
++       *q = dh->q;
++   if (g != NULL)
++       *g = dh->g;
++}
++
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++   if (pub_key != NULL)
++       *pub_key = dh->pub_key;
++   if (priv_key != NULL)
++       *priv_key = dh->priv_key;
++}
++
++#endif
++
+ void
+ usage(void)
+ {
+@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
+                oid *keyoid, size_t keyoid_len) {
+     u_char *dhkeychange;
+     DH *dh;
+-    BIGNUM *other_pub;
++    BIGNUM *p, *g, *pub_key, *other_pub;
+     u_char *key;
+     size_t key_len;
+             
+@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
+         dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
+     }
+ 
+-    if (!dh || !dh->g || !dh->p) {
++    if (dh)
++        DH_get0_pqg(dh, &p, NULL, &g);
++
++    if (!dh || !g || !p) {
+         SNMP_FREE(dhkeychange);
+         return SNMPERR_GENERR;
+     }
+ 
+-    DH_generate_key(dh);
+-    if (!dh->pub_key) {
++    if (!DH_generate_key(dh)) {
+         SNMP_FREE(dhkeychange);
+         return SNMPERR_GENERR;
+     }
+             
+-    if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
++    DH_get0_key(dh, &pub_key, NULL);
++
++    if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
+         SNMP_FREE(dhkeychange);
+         fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
+-                (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
++                (unsigned long)vars->val_len, BN_num_bytes(pub_key));
+         return SNMPERR_GENERR;
+     }
+ 
+-    BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
++    BN_bn2bin(pub_key, dhkeychange + vars->val_len);
+ 
+     key_len = DH_size(dh);
+     if (!key_len) {
+--- a/configure.d/config_os_libs2
++++ b/configure.d/config_os_libs2
+@@ -327,10 +327,16 @@ if test "x$tryopenssl" != "xno" -a "x$tr
+              [[#include <openssl/evp.h>]])
+ 
+             AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
+-                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
++                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1],
+                     [Define to 1 if you have the `EVP_MD_CTX_create' function.])
+-                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
++                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1],
+                     [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
++
++            AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
++                AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
++                    [Define to 1 if you have the `EVP_MD_CTX_new' function.])
++                AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
++                    [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
+         fi
+         if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
+ 	    AC_CHECK_LIB(ssl, DTLSv1_method,
+--- a/include/net-snmp/net-snmp-config.h.in
++++ b/include/net-snmp/net-snmp-config.h.in
+@@ -164,6 +164,12 @@
+ /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
+ #undef HAVE_EVP_MD_CTX_DESTROY
+ 
++/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
++#undef HAVE_EVP_MD_CTX_FREE
++
++/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
++#undef HAVE_EVP_MD_CTX_NEW
++
+ /* Define if you have EVP_sha224/256 in openssl */
+ #undef HAVE_EVP_SHA224
+ 
+--- a/snmplib/keytools.c
++++ b/snmplib/keytools.c
+@@ -176,7 +176,9 @@ generate_Ku(const oid * hashtype, u_int
+         QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+     }
+ 
+-#ifdef HAVE_EVP_MD_CTX_CREATE
++#ifdef HAVE_EVP_MD_CTX_NEW
++    ctx = EVP_MD_CTX_new();
++#elif HAVE_EVP_MD_CTX_CREATE
+     ctx = EVP_MD_CTX_create();
+ #else
+     ctx = malloc(sizeof(*ctx));
+@@ -278,7 +280,9 @@ generate_Ku(const oid * hashtype, u_int
+     memset(buf, 0, sizeof(buf));
+ #ifdef NETSNMP_USE_OPENSSL
+     if (ctx) {
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
++#ifdef HAVE_EVP_MD_CTX_FREE
++        EVP_MD_CTX_free(ctx);
++#elif HAVE_EVP_MD_CTX_DESTROY
+         EVP_MD_CTX_destroy(ctx);
+ #else
+         EVP_MD_CTX_cleanup(ctx);
+--- a/snmplib/scapi.c
++++ b/snmplib/scapi.c
+@@ -627,7 +627,9 @@ sc_hash(const oid * hashtype, size_t has
+         return SNMPERR_GENERR;
+ 
+ /** initialize the pointer */
+-#ifdef HAVE_EVP_MD_CTX_CREATE
++#ifdef HAVE_EVP_MD_CTX_NEW
++    cptr = EVP_MD_CTX_new();
++#elif HAVE_EVP_MD_CTX_CREATE
+     cptr = EVP_MD_CTX_create();
+ #else
+     cptr = malloc(sizeof(*cptr));
+@@ -648,7 +650,9 @@ sc_hash(const oid * hashtype, size_t has
+ /** do the final pass */
+     EVP_DigestFinal(cptr, MAC, &tmp_len);
+     *MAC_len = tmp_len;
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
++#ifdef HAVE_EVP_MD_CTX_FREE
++    EVP_MD_CTX_free(cptr);
++#elif HAVE_EVP_MD_CTX_DESTROY
+     EVP_MD_CTX_destroy(cptr);
+ #else
+ #if !defined(OLD_DES)



More information about the arch-commits mailing list