fix build with openssl 3.0

2023-02-03 02:52:58 +00:00 · 2023-02-03 02:52:58 +00:00 · 0d150428fc
commit 0d150428fc
parent 9bd77649e3
4 changed files with 146 additions and 1 deletions
--- a/backport-Fix-the-build-against-OpenSSL-3.0.patch
+++ b/backport-Fix-the-build-against-OpenSSL-3.0.patch
@ -0,0 +1,34 @@
+From 19e75743173cb8d49d49fd685b8e0249e83cc820 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Wed, 8 Sep 2021 20:39:42 -0700
+Subject: [PATCH] libsnmp: Fix the build against OpenSSL 3.0
+
+Fixes: https://github.com/net-snmp/net-snmp/issues/343
+
+Origin: upstream, https://github.com/net-snmp/net-snmp/commit/19e75743173cb8d49d49fd685b8e0249e83cc820
+Bug: https://github.com/net-snmp/net-snmp/issues/343
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1945960
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006511
+---
+ snmplib/snmp_openssl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
+index c092a007a..eb4856c57 100644
+--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
+@@ -899,6 +899,11 @@ netsnmp_openssl_cert_issued_by(X509 *issuer, X509 *cert)
+ 
+ 
+ #ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
+#ifndef ERR_GET_FUNC
+/* removed in OpenSSL 3.0 */
+#define ERR_GET_FUNC(e) -1
+#endif
+
+ void
+ netsnmp_openssl_err_log(const char *prefix)
+ {
+
+-- 
+2.32.0
--- a/backport-libsnmp-Remove-netsnmp_openssl_err_log.patch
+++ b/backport-libsnmp-Remove-netsnmp_openssl_err_log.patch
@ -0,0 +1,53 @@
+From 8518bafe941eb6f9a1abe4d2d0a3ac18347074b4 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Wed, 8 Sep 2021 20:41:32 -0700
+Subject: [PATCH] CHANGES: libsnmp: Remove netsnmp_openssl_err_log()
+
+Remove this function since it is not used by the Net-SNMP project and
+since this function should not be used in MIB implementations either.
+---
+ include/net-snmp/library/snmp_openssl.h |  1 -
+ snmplib/snmp_openssl.c                  | 18 ------------------
+ 2 files changed, 19 deletions(-)
+
+diff --git a/include/net-snmp/library/snmp_openssl.h b/include/net-snmp/library/snmp_openssl.h
+index d4c8361cdd..a5054d9f13 100644
+--- a/include/net-snmp/library/snmp_openssl.h
+++ b/include/net-snmp/library/snmp_openssl.h
+@@ -44,7 +44,6 @@ extern          "C" {
+     /*
+      * misc
+      */
+-    void netsnmp_openssl_err_log(const char *prefix);
+     void netsnmp_openssl_null_checks(SSL *ssl, int *nullAuth, int *nullCipher);
+ 
+     /*
+diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
+index 501ada8ada..a4fd3e2b54 100644
+--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
+@@ -938,24 +938,6 @@ netsnmp_openssl_cert_issued_by(X509 *issuer, X509 *cert)
+ }
+ 
+ 
+-#ifndef NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG
+-#ifndef ERR_GET_FUNC
+-/* removed in OpenSSL 3.0 */
+-#define ERR_GET_FUNC(e) -1
+-#endif
+-
+-void
+-netsnmp_openssl_err_log(const char *prefix)
+-{
+-    unsigned long err;
+-    for (err = ERR_get_error(); err; err = ERR_get_error()) {
+-        snmp_log(LOG_ERR,"%s: %ld\n", prefix ? prefix: "openssl error", err);
+-        snmp_log(LOG_ERR, "library=%d, function=%d, reason=%d\n",
+-                 ERR_GET_LIB(err), ERR_GET_FUNC(err), ERR_GET_REASON(err));
+-    }
+-}
+-#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_ERR_LOG */
+-
+ void
+ netsnmp_openssl_null_checks(SSL *ssl, int *null_auth, int *null_cipher)
+ {
--- a/backport-net-snmp-5.9.1-remove-err-log.patch
+++ b/backport-net-snmp-5.9.1-remove-err-log.patch
@ -0,0 +1,49 @@
+diff -urNp a/snmplib/transports/snmpTLSBaseDomain.c b/snmplib/transports/snmpTLSBaseDomain.c
+--- a/snmplib/transports/snmpTLSBaseDomain.c	2021-09-15 07:55:39.784900445 +0200
+++ b/snmplib/transports/snmpTLSBaseDomain.c	2021-10-04 15:35:48.157385970 +0200
+@@ -54,17 +54,6 @@ netsnmp_feature_require(cert_util);
+ 
+ int openssl_local_index;
+ 
+-#ifndef HAVE_ERR_GET_ERROR_ALL
+-/* A backport of the OpenSSL 1.1.1e ERR_get_error_all() function. */
+-static unsigned long ERR_get_error_all(const char **file, int *line,
+-                                       const char **func,
+-                                       const char **data, int *flags)
+-{
+-    *func = NULL;
+-    return ERR_get_error_line_data(file, line, data, flags);
+-}
+-#endif
+-
+ /* this is called during negotiation */
+ int verify_callback(int ok, X509_STORE_CTX *ctx) {
+     int err, depth;
+@@ -1187,27 +1176,6 @@ void _openssl_log_error(int rc, SSL *con
+                  ERR_reason_error_string(ERR_get_error()));
+ 
+     }
+-
+-    /* other errors */
+-    while ((numerical_reason =
+-            ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) {
+-        snmp_log(LOG_ERR, "%s (file %s, func %s, line %d)\n",
+-                 ERR_error_string(numerical_reason, NULL), file, func, line);
+-
+-        /* if we have a text translation: */
+-        if (data && (flags & ERR_TXT_STRING)) {
+-            snmp_log(LOG_ERR, "  Textual Error: %s\n", data);
+-            /*
+-             * per openssl man page: If it has been allocated by
+-             * OPENSSL_malloc(), *flags&ERR_TXT_MALLOCED is true.
+-             *
+-             * arggh... stupid openssl prototype for ERR_get_error_line_data
+-             * wants a const char **, but returns something that we might
+-             * need to free??
+-             */
+-            if (flags & ERR_TXT_MALLOCED)
+-                OPENSSL_free(NETSNMP_REMOVE_CONST(void *, data));        }
+-    }
+     
+     snmp_log(LOG_ERR, "---- End of OpenSSL Errors ----\n");
+ }
--- a/net-snmp.spec
+++ b/net-snmp.spec
@ -3,7 +3,7 @@

 Name:            net-snmp
 Version:         5.9.1
-Release:         6
+Release:         7
 Epoch:           1
 Summary:         SNMP Daemon
 License:         BSD
@ -55,6 +55,9 @@ Patch38:         backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch
 Patch39:         backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch
 Patch40:         backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch
 Patch41:         backport-CVE-2022-44792_CVE-2022-44793.patch
+Patch42:         backport-Fix-the-build-against-OpenSSL-3.0.patch
+Patch43:         backport-libsnmp-Remove-netsnmp_openssl_err_log.patch
+Patch44:         backport-net-snmp-5.9.1-remove-err-log.patch

 %{?systemd_requires}
 BuildRequires:   systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel
@ -334,6 +337,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_mandir}/man1/fixproc*

 %changelog
+* Fri Feb 03 2023 gaihuiying <eaglegai@163.com> - 1:5.9.1-7
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix build with openssl 3.0
+
 * Fri Dec 30 2022 gaihuiying <eaglegai@163.com> - 1:5.9.1-6
 - Type:CVE
 - CVE:CVE-2022-44792 CVE-2022-44793