1 |
commit: 9b5f44ca83e451a48770f526097f201974db3c2c |
2 |
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at> |
3 |
AuthorDate: Tue Nov 8 06:23:01 2022 +0000 |
4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Nov 8 13:19:47 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b5f44ca |
7 |
|
8 |
net-analyzer/nagios-core: remove unused patch |
9 |
|
10 |
Closes: https://github.com/gentoo/gentoo/pull/28189 |
11 |
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at> |
12 |
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> |
13 |
|
14 |
.../files/nagios-core-4.4.7-upgrade-sslfix.patch | 120 --------------------- |
15 |
1 file changed, 120 deletions(-) |
16 |
|
17 |
diff --git a/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch b/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch |
18 |
deleted file mode 100644 |
19 |
index c89f096caaa5..000000000000 |
20 |
--- a/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch |
21 |
+++ /dev/null |
22 |
@@ -1,120 +0,0 @@ |
23 |
-From 5fd2e1541a873e87f689de601beb3bc35910740d Mon Sep 17 00:00:00 2001 |
24 |
-From: Doug Nazar <nazard@×××××.ca> |
25 |
-Date: Wed, 22 Jun 2022 15:07:03 -0400 |
26 |
-Subject: [PATCH 1/2] Fix SSL handling during upgrade check |
27 |
- |
28 |
-Only update counters if we've received data, not on error (-1) since |
29 |
-we can then overwrite the stack, causing fault. |
30 |
- |
31 |
-my_ssl_connect() can return before initializing ssl & ctx. Ensure NULL |
32 |
-initialization so *_free() are no-ops. |
33 |
- |
34 |
-Cleanly shutdown the channel after receiving all data. |
35 |
- |
36 |
-Use the client version of the TLS method to match the other options. |
37 |
---- |
38 |
- base/netutils.c | 22 ++++++++++++---------- |
39 |
- base/utils.c | 4 ++-- |
40 |
- 2 files changed, 14 insertions(+), 12 deletions(-) |
41 |
- |
42 |
-diff --git a/base/netutils.c b/base/netutils.c |
43 |
-index 08ee40dd7..689b56f9b 100644 |
44 |
---- a/base/netutils.c |
45 |
-+++ b/base/netutils.c |
46 |
-@@ -154,7 +154,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX |
47 |
- |
48 |
- #if OPENSSL_VERSION_NUMBER >= 0x10100000 |
49 |
- |
50 |
-- method = TLS_method(); |
51 |
-+ method = TLS_client_method(); |
52 |
- |
53 |
- #else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ |
54 |
- |
55 |
-@@ -268,11 +268,11 @@ int my_ssl_sendall(int s, SSL *ssl, const char *buf, int *len, int timeout) { |
56 |
- /* If we hit one of these two errors, we just want to select() the socket again */ |
57 |
- break; |
58 |
- } |
59 |
-+ } else { |
60 |
-+ total_sent += n; |
61 |
-+ bytes_left -= n; |
62 |
- } |
63 |
- |
64 |
-- total_sent += n; |
65 |
-- bytes_left -= n; |
66 |
-- |
67 |
- /* make sure we haven't overrun the timeout */ |
68 |
- time(¤t_time); |
69 |
- if(current_time - start_time > timeout) { |
70 |
-@@ -337,17 +337,19 @@ int my_ssl_recvall(int s, SSL *ssl, char *buf, int *len, int timeout) { |
71 |
- n = SSL_read(ssl, buf + total_received, bytes_left); |
72 |
- if(n <= 0) { |
73 |
- int error = SSL_get_error(ssl, n); |
74 |
-+ /* If we hit one of these two errors, we just want to select() the socket again */ |
75 |
- if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { |
76 |
-- /* An actual error happened */ |
77 |
-- /* If we hit one of these two errors, we just want to select() the socket again */ |
78 |
-+ /* EOF or an actual error happened */ |
79 |
-+ if (error == SSL_ERROR_ZERO_RETURN) |
80 |
-+ SSL_shutdown(ssl); |
81 |
- break; |
82 |
- } |
83 |
-+ } else { |
84 |
-+ /* apply bytes we received */ |
85 |
-+ total_received += n; |
86 |
-+ bytes_left -= n; |
87 |
- } |
88 |
- |
89 |
-- /* apply bytes we received */ |
90 |
-- total_received += n; |
91 |
-- bytes_left -= n; |
92 |
-- |
93 |
- /* make sure we haven't overrun the timeout */ |
94 |
- time(¤t_time); |
95 |
- if(current_time - start_time > timeout) { |
96 |
-diff --git a/base/utils.c b/base/utils.c |
97 |
-index 79c6efba6..e83f7176a 100644 |
98 |
---- a/base/utils.c |
99 |
-+++ b/base/utils.c |
100 |
-@@ -3379,8 +3379,8 @@ int query_update_api(void) { |
101 |
- } |
102 |
- |
103 |
- #ifdef HAVE_SSL |
104 |
-- SSL *ssl; |
105 |
-- SSL_CTX *ctx; |
106 |
-+ SSL *ssl = NULL; |
107 |
-+ SSL_CTX *ctx = NULL; |
108 |
- |
109 |
- int result = my_ssl_connect(api_server, 443, &sd, &ssl, &ctx, 2); |
110 |
- if(sd > 0 && result != ERROR) { |
111 |
- |
112 |
-From a2c1415f14db6bbce9ba3d1d5a0c8218dd8c4fb8 Mon Sep 17 00:00:00 2001 |
113 |
-From: Doug Nazar <nazard@×××××.ca> |
114 |
-Date: Wed, 22 Jun 2022 15:14:34 -0400 |
115 |
-Subject: [PATCH 2/2] Silence warning about port_str not large enough for port. |
116 |
- |
117 |
---- |
118 |
- base/netutils.c | 4 ++-- |
119 |
- 1 file changed, 2 insertions(+), 2 deletions(-) |
120 |
- |
121 |
-diff --git a/base/netutils.c b/base/netutils.c |
122 |
-index 689b56f9b..1fb1ec6a9 100644 |
123 |
---- a/base/netutils.c |
124 |
-+++ b/base/netutils.c |
125 |
-@@ -46,7 +46,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX |
126 |
- hints.ai_socktype = SOCK_STREAM; |
127 |
- |
128 |
- /* make sure our static port_str is long enough */ |
129 |
-- if(port > 65535) |
130 |
-+ if(port < 0 || port > 65535) |
131 |
- return ERROR; |
132 |
- |
133 |
- snprintf(port_str, sizeof(port_str), "%d", port); |
134 |
-@@ -385,7 +385,7 @@ int my_tcp_connect(const char *host_name, int port, int *sd, int timeout) { |
135 |
- hints.ai_socktype = SOCK_STREAM; |
136 |
- |
137 |
- /* make sure our static port_str is long enough */ |
138 |
-- if(port > 65535) |
139 |
-+ if(port < 0 || port > 65535) |
140 |
- return ERROR; |
141 |
- |
142 |
- snprintf(port_str, sizeof(port_str), "%d", port); |