Date: Friday, March 10, 2017 @ 20:04:44 Author: jelle Revision: 290505
upgpkg: net-snmp 5.7.3-4 openssl 1.1.0 rebuild Added: net-snmp/trunk/fix-openssl-build-errors.patch Modified: net-snmp/trunk/PKGBUILD --------------------------------+ PKGBUILD | 9 +- fix-openssl-build-errors.patch | 171 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 177 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-03-10 15:42:47 UTC (rev 290504) +++ PKGBUILD 2017-03-10 20:04:44 UTC (rev 290505) @@ -4,7 +4,7 @@ pkgname=net-snmp pkgver=5.7.3 -pkgrel=3 +pkgrel=4 pkgdesc="A suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6" arch=('i686' 'x86_64') url="http://www.net-snmp.org/" @@ -16,12 +16,13 @@ 'python2: for the python modules') options=('!emptydirs' '!makeflags') source=(http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz{,.asc} - snmpd.service snmptrapd.service net-snmp-5.7.3-perl-5.24.patch) + snmpd.service snmptrapd.service net-snmp-5.7.3-perl-5.24.patch fix-openssl-build-errors.patch) sha1sums=('97dc25077257680815de44e34128d365c76bd839' 'SKIP' '84e32c54d32e6b608747054e04a3ddfe6d6638cc' '0244e91c7baa0abebfb5c0560e8ce04c966c5992' - '31beef2cb5ad9b4ac655f8ced53058ebf6e99ca9') + '31beef2cb5ad9b4ac655f8ced53058ebf6e99ca9' + 'b329ff700a3e20cdfcab4643a573ef976f9182c0') validpgpkeys=('8AAA779B597B405BBC329B6376CF47B8A77C5329' '27CAA4A32E371383A33ED0587D5F9576E0F81533') # Net-SNMP Administrators @@ -28,6 +29,8 @@ prepare() { cd ${pkgname}-${pkgver} patch -p1 -i ../net-snmp-5.7.3-perl-5.24.patch + patch -p1 -i ../fix-openssl-build-errors.patch + autoreconf -i } build() { Added: fix-openssl-build-errors.patch =================================================================== --- fix-openssl-build-errors.patch (rev 0) +++ fix-openssl-build-errors.patch 2017-03-10 20:04:44 UTC (rev 290505) @@ -0,0 +1,171 @@ +net-snmp build fails on Debian 9 with OpenSSL 1.1.0 + +With these changes, net-snmp builds with both +OpenSSL 1.0.x and 1.1.x. + +Author: Sharmila Podury <sharmila.pod...@brocade.com> + +--- a/apps/snmpusm.c ++++ b/apps/snmpusm.c +@@ -125,6 +125,32 @@ char *usmUserPublic_val = NULL + int docreateandwait = 0; + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include <string.h> ++#include <openssl/engine.h> ++ ++void DH_get0_pqg(const DH *dh, ++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) ++{ ++ if (p != NULL) ++ *p = dh->p; ++ if (q != NULL) ++ *q = dh->q; ++ if (g != NULL) ++ *g = dh->g; ++} ++ ++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) ++{ ++ if (pub_key != NULL) ++ *pub_key = dh->pub_key; ++ if (priv_key != NULL) ++ *priv_key = dh->priv_key; ++} ++ ++#endif ++ + void + usage(void) + { +@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va + oid *keyoid, size_t keyoid_len) { + u_char *dhkeychange; + DH *dh; +- BIGNUM *other_pub; ++ BIGNUM *p, *g, *pub_key, *other_pub; + u_char *key; + size_t key_len; + +@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va + dh = d2i_DHparams(NULL, &cp, dhvar->val_len); + } + +- if (!dh || !dh->g || !dh->p) { ++ if (dh) ++ DH_get0_pqg(dh, &p, NULL, &g); ++ ++ if (!dh || !g || !p) { + SNMP_FREE(dhkeychange); + return SNMPERR_GENERR; + } + +- DH_generate_key(dh); +- if (!dh->pub_key) { ++ if (!DH_generate_key(dh)) { + SNMP_FREE(dhkeychange); + return SNMPERR_GENERR; + } + +- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { ++ DH_get0_key(dh, &pub_key, NULL); ++ ++ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { + SNMP_FREE(dhkeychange); + fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", +- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); ++ (unsigned long)vars->val_len, BN_num_bytes(pub_key)); + return SNMPERR_GENERR; + } + +- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); ++ BN_bn2bin(pub_key, dhkeychange + vars->val_len); + + key_len = DH_size(dh); + if (!key_len) { +--- a/configure.d/config_os_libs2 ++++ b/configure.d/config_os_libs2 +@@ -327,10 +327,16 @@ if test "x$tryopenssl" != "xno" -a "x$tr + [[#include <openssl/evp.h>]]) + + AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, +- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], ++ AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1], + [Define to 1 if you have the `EVP_MD_CTX_create' function.]) +- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], ++ AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1], + [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) ++ ++ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, ++ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], ++ [Define to 1 if you have the `EVP_MD_CTX_new' function.]) ++ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], ++ [Define to 1 if you have the `EVP_MD_CTX_free' function.])) + fi + if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then + AC_CHECK_LIB(ssl, DTLSv1_method, +--- a/include/net-snmp/net-snmp-config.h.in ++++ b/include/net-snmp/net-snmp-config.h.in +@@ -164,6 +164,12 @@ + /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ + #undef HAVE_EVP_MD_CTX_DESTROY + ++/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ ++#undef HAVE_EVP_MD_CTX_FREE ++ ++/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ ++#undef HAVE_EVP_MD_CTX_NEW ++ + /* Define if you have EVP_sha224/256 in openssl */ + #undef HAVE_EVP_SHA224 + +--- a/snmplib/keytools.c ++++ b/snmplib/keytools.c +@@ -176,7 +176,9 @@ generate_Ku(const oid * hashtype, u_int + QUITFUN(SNMPERR_GENERR, generate_Ku_quit); + } + +-#ifdef HAVE_EVP_MD_CTX_CREATE ++#ifdef HAVE_EVP_MD_CTX_NEW ++ ctx = EVP_MD_CTX_new(); ++#elif HAVE_EVP_MD_CTX_CREATE + ctx = EVP_MD_CTX_create(); + #else + ctx = malloc(sizeof(*ctx)); +@@ -278,7 +280,9 @@ generate_Ku(const oid * hashtype, u_int + memset(buf, 0, sizeof(buf)); + #ifdef NETSNMP_USE_OPENSSL + if (ctx) { +-#ifdef HAVE_EVP_MD_CTX_DESTROY ++#ifdef HAVE_EVP_MD_CTX_FREE ++ EVP_MD_CTX_free(ctx); ++#elif HAVE_EVP_MD_CTX_DESTROY + EVP_MD_CTX_destroy(ctx); + #else + EVP_MD_CTX_cleanup(ctx); +--- a/snmplib/scapi.c ++++ b/snmplib/scapi.c +@@ -627,7 +627,9 @@ sc_hash(const oid * hashtype, size_t has + return SNMPERR_GENERR; + + /** initialize the pointer */ +-#ifdef HAVE_EVP_MD_CTX_CREATE ++#ifdef HAVE_EVP_MD_CTX_NEW ++ cptr = EVP_MD_CTX_new(); ++#elif HAVE_EVP_MD_CTX_CREATE + cptr = EVP_MD_CTX_create(); + #else + cptr = malloc(sizeof(*cptr)); +@@ -648,7 +650,9 @@ sc_hash(const oid * hashtype, size_t has + /** do the final pass */ + EVP_DigestFinal(cptr, MAC, &tmp_len); + *MAC_len = tmp_len; +-#ifdef HAVE_EVP_MD_CTX_DESTROY ++#ifdef HAVE_EVP_MD_CTX_FREE ++ EVP_MD_CTX_free(cptr); ++#elif HAVE_EVP_MD_CTX_DESTROY + EVP_MD_CTX_destroy(cptr); + #else + #if !defined(OLD_DES)