[arch-commits] Commit in zabbix/trunk (2 files)

Florian Pritz via arch-commits Wed, 19 Sep 2018 11:06:33 -0700

    Date: Wednesday, September 19, 2018 @ 18:06:02
  Author: bluewind
Revision: 335013


Fix compatibility with openssl 1.1.1

upgpkg: zabbix 3.4.14-2

Added:
  zabbix/trunk/patch_set_max_version_tls12_for_30.patch
Modified:
  zabbix/trunk/PKGBUILD

------------------------------------------+
 PKGBUILD                                 |    8 +++-
 patch_set_max_version_tls12_for_30.patch |   51 +++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2018-09-19 13:12:36 UTC (rev 335012)
+++ PKGBUILD    2018-09-19 18:06:02 UTC (rev 335013)
@@ -4,17 +4,19 @@
 pkgbase=zabbix
 pkgname=(zabbix-server zabbix-agent zabbix-proxy zabbix-frontend-php)
 pkgver=3.4.14
-pkgrel=1
+pkgrel=2
 arch=(x86_64)
 url='http://www.zabbix.com/'
 license=(GPL)
 makedepends=(postgresql-libs libxml2 unixodbc net-snmp libmariadbclient 
libldap libevent)
 
source=(https://downloads.sourceforge.net/sourceforge/zabbix/zabbix-${pkgver}.tar.gz
+       patch_set_max_version_tls12_for_30.patch
         zabbix-agent.{service,sysusers,tmpfiles}
        zabbix-server{-mysql,-pgsql}.service zabbix-server.{sysusers,tmpfiles}
        zabbix-proxy{-sqlite,-mysql,-pgsql}.service 
zabbix-proxy.{sysusers,tmpfiles})
 
 sha256sums=('7443873cc970672d3c884230d3aeb082f2d8afcc2b757506c2d684ffdd12d77e'
+            '8e419efc3848b88bf9f05f957c8096af6f5ceb98e06253b1ca9c6993434b9b38'
             '484fa9969eab61eaf20043ae08e2615c0569982dff869c985f2e2065da698c6a'
             'ef23133aae2340945e621c9725094a3458d9089d3de15f641afcdabdf7c5a39c'
             'c38a871d237b00dd6310dfb02e5a8e1b930e445204e73dde8305bed8baf380ec'
@@ -34,6 +36,10 @@
     -e '/^LogFile=.*/d' \
     -e 's/# LogType=file/LogType=system/' \
     conf/zabbix_{agentd,proxy,server}.conf
+
+  # Temporary fix for compatibility with openssl 1.1.1 
https://support.zabbix.com/browse/ZBX-14856
+  patch -p0 -i "$srcdir/patch_set_max_version_tls12_for_30.patch"
+
   autoreconf -fi
 }
 

Added: patch_set_max_version_tls12_for_30.patch
===================================================================
--- patch_set_max_version_tls12_for_30.patch                            (rev 0)
+++ patch_set_max_version_tls12_for_30.patch    2018-09-19 18:06:02 UTC (rev 
335013)
@@ -0,0 +1,51 @@
+Index: src/libs/zbxcrypto/tls.c
+===================================================================
+--- src/libs/zbxcrypto/tls.c   (revision 85017)
++++ src/libs/zbxcrypto/tls.c   (working copy)
+@@ -127,6 +127,7 @@
+ #define TLS_client_method                             TLSv1_2_client_method
+ #define SSL_CTX_get_ciphers(ciphers)                  ((ciphers)->cipher_list)
+ #define SSL_CTX_set_min_proto_version(ctx, TLSv)      1
++#define SSL_CTX_set_max_proto_version(ctx, TLSv)      1
+ 
+ static int    OPENSSL_init_ssl(int opts, void *settings)
+ {
+@@ -3131,8 +3132,11 @@
+               if (NULL == (ctx_cert = SSL_CTX_new(method)))
+                       goto out_method;
+ 
+-              if (1 != SSL_CTX_set_min_proto_version(ctx_cert, 
TLS1_2_VERSION))
++              if (1 != SSL_CTX_set_min_proto_version(ctx_cert, 
TLS1_2_VERSION) ||
++                              1 != SSL_CTX_set_max_proto_version(ctx_cert, 
TLS1_2_VERSION))
++              {
+                       goto out_method;
++              }
+       }
+ 
+       /* Create context for PSK-only authentication. PSK can come from 
configuration file (in proxy, agentd) */
+@@ -3142,8 +3146,11 @@
+               if (NULL == (ctx_psk = SSL_CTX_new(method)))
+                       goto out_method;
+ 
+-              if (1 != SSL_CTX_set_min_proto_version(ctx_psk, TLS1_2_VERSION))
++              if (1 != SSL_CTX_set_min_proto_version(ctx_psk, TLS1_2_VERSION) 
||
++                              1 != SSL_CTX_set_max_proto_version(ctx_psk, 
TLS1_2_VERSION))
++              {
+                       goto out_method;
++              }
+       }
+ 
+       /* Sometimes we need to be ready for both certificate and PSK whichever 
comes in. Set up a universal context */
+@@ -3153,8 +3160,11 @@
+               if (NULL == (ctx_all = SSL_CTX_new(method)))
+                       goto out_method;
+ 
+-              if (1 != SSL_CTX_set_min_proto_version(ctx_all, TLS1_2_VERSION))
++              if (1 != SSL_CTX_set_min_proto_version(ctx_all, TLS1_2_VERSION) 
||
++                              1 != SSL_CTX_set_max_proto_version(ctx_all, 
TLS1_2_VERSION))
++              {
+                       goto out_method;
++              }
+       }
+ 
+       /* 'TLSCAFile' parameter (in zabbix_server.conf, zabbix_proxy.conf, 
zabbix_agentd.conf) */

[arch-commits] Commit in zabbix/trunk (2 files)

Reply via email to