Module: check_mk
Branch: master
Commit: 2dc9c6a3b6c717acefb7f4b0a7794205d746df6b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2dc9c6a3b6c717…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Apr 23 13:24:19 2018 +0200
net-snmp: Fix compilation with OpenSSL 1.1 (for Ubuntu bionic)
Change-Id: Ic86d8b9bad293fbe0cd1f4da85de709e32adc432
---
...4-Port-OpenSSL-1.1.0-with-support-for-1.0.2.dif | 169 +++++++++++++++++++++
.../patches/0015-Another-OpenSSL-1.1.0-fix.dif | 34 +++++
2 files changed, 203 insertions(+)
diff --git
a/omd/packages/net-snmp/patches/0014-Port-OpenSSL-1.1.0-with-support-for-1.0.2.dif
b/omd/packages/net-snmp/patches/0014-Port-OpenSSL-1.1.0-with-support-for-1.0.2.dif
new file mode 100644
index 0000000..f8d42ee
--- /dev/null
+++ b/omd/packages/net-snmp/patches/0014-Port-OpenSSL-1.1.0-with-support-for-1.0.2.dif
@@ -0,0 +1,169 @@
+diff -Nur net-snmp-734f855.orig/apps/snmpusm.c net-snmp-734f855/apps/snmpusm.c
+--- net-snmp-734f855.orig/apps/snmpusm.c 2016-11-09 22:22:30.000000000 +0100
++++ net-snmp-734f855/apps/snmpusm.c 2018-04-23 12:44:30.975474955 +0200
+@@ -183,6 +183,31 @@
+ }
+
+ #if defined(HAVE_OPENSSL_DH_H) && defined(HAVE_LIBCRYPTO)
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
++
++static void DH_get0_pqg(const DH *dh,
++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++ if (p != NULL)
++ *p = dh->p;
++ if (q != NULL)
++ *q = dh->q;
++ if (g != NULL)
++ *g = dh->g;
++}
++
++static void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
++ const BIGNUM **priv_key)
++{
++ if (pub_key != NULL)
++ *pub_key = dh->pub_key;
++ if (priv_key != NULL)
++ *priv_key = dh->priv_key;
++}
++
++#endif
++
+ int
+ get_USM_DH_key(netsnmp_variable_list *vars, netsnmp_variable_list *dhvar,
+ size_t outkey_len,
+@@ -190,7 +215,7 @@
+ oid *keyoid, size_t keyoid_len) {
+ u_char *dhkeychange;
+ DH *dh;
+- BIGNUM *other_pub;
++ const BIGNUM *p, *g, *pub_key, *other_pub;
+ u_char *key;
+ size_t key_len;
+
+@@ -205,25 +230,29 @@
+ dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
+ }
+
+- if (!dh || !dh->g || !dh->p) {
++ if (dh)
++ DH_get0_pqg(dh, &p, NULL, &g);
++
++ if (!dh || !g || !p) {
+ SNMP_FREE(dhkeychange);
+ return SNMPERR_GENERR;
+ }
+
+- DH_generate_key(dh);
+- if (!dh->pub_key) {
++ if (!DH_generate_key(dh)) {
+ SNMP_FREE(dhkeychange);
+ return SNMPERR_GENERR;
+ }
+
+- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
++ DH_get0_key(dh, &pub_key, NULL);
++
++ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
+ SNMP_FREE(dhkeychange);
+ fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
+- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
++ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
+ return SNMPERR_GENERR;
+ }
+
+- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
++ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
+
+ key_len = DH_size(dh);
+ if (!key_len) {
+diff -Nur net-snmp-734f855.orig/configure.d/config_os_libs2
net-snmp-734f855/configure.d/config_os_libs2
+--- net-snmp-734f855.orig/configure.d/config_os_libs2 2016-11-09 22:22:30.000000000
+0100
++++ net-snmp-734f855/configure.d/config_os_libs2 2018-04-23 12:45:06.638357434 +0200
+@@ -325,12 +325,6 @@
+ AC_CHECK_DECL([EVP_sha384],
+ [AC_DEFINE([HAVE_EVP_SHA384], 1, [Define if you have EVP_sha384/512 in
openssl])],,
+ [[#include <openssl/evp.h>]])
+-
+- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
+- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
+- [Define to 1 if you have the `EVP_MD_CTX_create' function.])
+- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
+- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+ fi
+ if echo " $transport_result_list " | $GREP "DTLS" >
/dev/null; then
+ AC_CHECK_LIB(ssl, DTLSv1_method,
+diff -Nur net-snmp-734f855.orig/snmplib/keytools.c net-snmp-734f855/snmplib/keytools.c
+--- net-snmp-734f855.orig/snmplib/keytools.c 2016-11-09 22:22:30.000000000 +0100
++++ net-snmp-734f855/snmplib/keytools.c 2018-04-23 12:47:07.858563349 +0200
+@@ -176,13 +176,13 @@
+ QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+ }
+
+-#ifdef HAVE_EVP_MD_CTX_CREATE
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+ ctx = EVP_MD_CTX_create();
+ #else
+- ctx = malloc(sizeof(*ctx));
+- if (!EVP_MD_CTX_init(ctx))
+- return SNMPERR_GENERR;
++ ctx = EVP_MD_CTX_new();
+ #endif
++ if (!ctx)
++ return SNMPERR_GENERR;
+ if (!EVP_DigestInit(ctx, hashfn))
+ return SNMPERR_GENERR;
+
+@@ -278,11 +278,10 @@
+ memset(buf, 0, sizeof(buf));
+ #ifdef NETSNMP_USE_OPENSSL
+ if (ctx) {
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_MD_CTX_destroy(ctx);
+ #else
+- EVP_MD_CTX_cleanup(ctx);
+- free(ctx);
++ EVP_MD_CTX_free(ctx);
+ #endif
+ }
+ #endif
+diff -Nur net-snmp-734f855.orig/snmplib/scapi.c net-snmp-734f855/snmplib/scapi.c
+--- net-snmp-734f855.orig/snmplib/scapi.c 2016-11-09 22:22:30.000000000 +0100
++++ net-snmp-734f855/snmplib/scapi.c 2018-04-23 12:44:30.979474830 +0200
+@@ -627,15 +627,10 @@
+ return SNMPERR_GENERR;
+
+ /** initialize the pointer */
+-#ifdef HAVE_EVP_MD_CTX_CREATE
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+ cptr = EVP_MD_CTX_create();
+ #else
+- cptr = malloc(sizeof(*cptr));
+-#if defined(OLD_DES)
+- memset(cptr, 0, sizeof(*cptr));
+-#else
+- EVP_MD_CTX_init(cptr);
+-#endif
++ cptr = EVP_MD_CTX_new();
+ #endif
+ if (!EVP_DigestInit(cptr, hashfn)) {
+ /* requested hash function is not available */
+@@ -648,13 +643,11 @@
+ /** do the final pass */
+ EVP_DigestFinal(cptr, MAC, &tmp_len);
+ *MAC_len = tmp_len;
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_MD_CTX_destroy(cptr);
+ #else
+-#if !defined(OLD_DES)
+- EVP_MD_CTX_cleanup(cptr);
+-#endif
+- free(cptr);
++ EVP_MD_CTX_free(cptr);
+ #endif
+ return (rval);
+
diff --git a/omd/packages/net-snmp/patches/0015-Another-OpenSSL-1.1.0-fix.dif
b/omd/packages/net-snmp/patches/0015-Another-OpenSSL-1.1.0-fix.dif
new file mode 100644
index 0000000..9516215
--- /dev/null
+++ b/omd/packages/net-snmp/patches/0015-Another-OpenSSL-1.1.0-fix.dif
@@ -0,0 +1,34 @@
+commit ee4effd7d2cceb950629c0066c15257093ecbfe1
+Author: Bart Van Assche <bvanassche(a)acm.org>
+Date: Sat Nov 26 20:20:39 2016 -0800
+
+ Win32, snmp-lib: Fix sc_get_openssl_hashfn() declaration
+
+ On Unix systems EVP_MD is an alias for struct env_md_st. On Windows
+ systems EVP_MD is an alias for evp_md_st (Shining Light Productions
+ OpenSSL v1.1.0c). Hence use EVP_MD in the scapi.h header file.
+
+diff --git a/include/net-snmp/library/scapi.h b/include/net-snmp/library/scapi.h
+index 82cabcaab..8fb522ab2 100644
+--- a/include/net-snmp/library/scapi.h
++++ b/include/net-snmp/library/scapi.h
+@@ -10,6 +10,10 @@
+ #ifndef _SCAPI_H
+ #define _SCAPI_H
+
++#ifdef NETSNMP_USE_OPENSSL
++#include <openssl/ossl_typ.h> /* EVP_MD */
++#endif
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+@@ -50,7 +54,7 @@ extern "C" {
+ int sc_get_proper_priv_length(const oid * privtype,
+ u_int privtype_len);
+ #ifdef NETSNMP_USE_OPENSSL
+- const struct env_md_st *sc_get_openssl_hashfn(int auth_type);
++ const EVP_MD *sc_get_openssl_hashfn(int auth_type);
+ #endif
+
+ NETSNMP_IMPORT