[arch-commits] Commit in zabbix/trunk (2 files)
Florian Pritz
bluewind at archlinux.org
Wed Sep 19 18:06:03 UTC 2018
Date: Wednesday, September 19, 2018 @ 18:06:02
Author: bluewind
Revision: 335013
Fix compatibility with openssl 1.1.1
upgpkg: zabbix 3.4.14-2
Added:
zabbix/trunk/patch_set_max_version_tls12_for_30.patch
Modified:
zabbix/trunk/PKGBUILD
------------------------------------------+
PKGBUILD | 8 +++-
patch_set_max_version_tls12_for_30.patch | 51 +++++++++++++++++++++++++++++
2 files changed, 58 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-09-19 13:12:36 UTC (rev 335012)
+++ PKGBUILD 2018-09-19 18:06:02 UTC (rev 335013)
@@ -4,17 +4,19 @@
pkgbase=zabbix
pkgname=(zabbix-server zabbix-agent zabbix-proxy zabbix-frontend-php)
pkgver=3.4.14
-pkgrel=1
+pkgrel=2
arch=(x86_64)
url='http://www.zabbix.com/'
license=(GPL)
makedepends=(postgresql-libs libxml2 unixodbc net-snmp libmariadbclient libldap libevent)
source=(https://downloads.sourceforge.net/sourceforge/zabbix/zabbix-${pkgver}.tar.gz
+ patch_set_max_version_tls12_for_30.patch
zabbix-agent.{service,sysusers,tmpfiles}
zabbix-server{-mysql,-pgsql}.service zabbix-server.{sysusers,tmpfiles}
zabbix-proxy{-sqlite,-mysql,-pgsql}.service zabbix-proxy.{sysusers,tmpfiles})
sha256sums=('7443873cc970672d3c884230d3aeb082f2d8afcc2b757506c2d684ffdd12d77e'
+ '8e419efc3848b88bf9f05f957c8096af6f5ceb98e06253b1ca9c6993434b9b38'
'484fa9969eab61eaf20043ae08e2615c0569982dff869c985f2e2065da698c6a'
'ef23133aae2340945e621c9725094a3458d9089d3de15f641afcdabdf7c5a39c'
'c38a871d237b00dd6310dfb02e5a8e1b930e445204e73dde8305bed8baf380ec'
@@ -34,6 +36,10 @@
-e '/^LogFile=.*/d' \
-e 's/# LogType=file/LogType=system/' \
conf/zabbix_{agentd,proxy,server}.conf
+
+ # Temporary fix for compatibility with openssl 1.1.1 https://support.zabbix.com/browse/ZBX-14856
+ patch -p0 -i "$srcdir/patch_set_max_version_tls12_for_30.patch"
+
autoreconf -fi
}
Added: patch_set_max_version_tls12_for_30.patch
===================================================================
--- patch_set_max_version_tls12_for_30.patch (rev 0)
+++ patch_set_max_version_tls12_for_30.patch 2018-09-19 18:06:02 UTC (rev 335013)
@@ -0,0 +1,51 @@
+Index: src/libs/zbxcrypto/tls.c
+===================================================================
+--- src/libs/zbxcrypto/tls.c (revision 85017)
++++ src/libs/zbxcrypto/tls.c (working copy)
+@@ -127,6 +127,7 @@
+ #define TLS_client_method TLSv1_2_client_method
+ #define SSL_CTX_get_ciphers(ciphers) ((ciphers)->cipher_list)
+ #define SSL_CTX_set_min_proto_version(ctx, TLSv) 1
++#define SSL_CTX_set_max_proto_version(ctx, TLSv) 1
+
+ static int OPENSSL_init_ssl(int opts, void *settings)
+ {
+@@ -3131,8 +3132,11 @@
+ if (NULL == (ctx_cert = SSL_CTX_new(method)))
+ goto out_method;
+
+- if (1 != SSL_CTX_set_min_proto_version(ctx_cert, TLS1_2_VERSION))
++ if (1 != SSL_CTX_set_min_proto_version(ctx_cert, TLS1_2_VERSION) ||
++ 1 != SSL_CTX_set_max_proto_version(ctx_cert, TLS1_2_VERSION))
++ {
+ goto out_method;
++ }
+ }
+
+ /* Create context for PSK-only authentication. PSK can come from configuration file (in proxy, agentd) */
+@@ -3142,8 +3146,11 @@
+ if (NULL == (ctx_psk = SSL_CTX_new(method)))
+ goto out_method;
+
+- if (1 != SSL_CTX_set_min_proto_version(ctx_psk, TLS1_2_VERSION))
++ if (1 != SSL_CTX_set_min_proto_version(ctx_psk, TLS1_2_VERSION) ||
++ 1 != SSL_CTX_set_max_proto_version(ctx_psk, TLS1_2_VERSION))
++ {
+ goto out_method;
++ }
+ }
+
+ /* Sometimes we need to be ready for both certificate and PSK whichever comes in. Set up a universal context */
+@@ -3153,8 +3160,11 @@
+ if (NULL == (ctx_all = SSL_CTX_new(method)))
+ goto out_method;
+
+- if (1 != SSL_CTX_set_min_proto_version(ctx_all, TLS1_2_VERSION))
++ if (1 != SSL_CTX_set_min_proto_version(ctx_all, TLS1_2_VERSION) ||
++ 1 != SSL_CTX_set_max_proto_version(ctx_all, TLS1_2_VERSION))
++ {
+ goto out_method;
++ }
+ }
+
+ /* 'TLSCAFile' parameter (in zabbix_server.conf, zabbix_proxy.conf, zabbix_agentd.conf) */
More information about the arch-commits
mailing list