| 1 |
commit: 9b5f44ca83e451a48770f526097f201974db3c2c |
| 2 |
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at> |
| 3 |
AuthorDate: Tue Nov 8 06:23:01 2022 +0000 |
| 4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Nov 8 13:19:47 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b5f44ca |
| 7 |
|
| 8 |
net-analyzer/nagios-core: remove unused patch |
| 9 |
|
| 10 |
Closes: https://github.com/gentoo/gentoo/pull/28189 |
| 11 |
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at> |
| 12 |
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> |
| 13 |
|
| 14 |
.../files/nagios-core-4.4.7-upgrade-sslfix.patch | 120 --------------------- |
| 15 |
1 file changed, 120 deletions(-) |
| 16 |
|
| 17 |
diff --git a/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch b/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch |
| 18 |
deleted file mode 100644 |
| 19 |
index c89f096caaa5..000000000000 |
| 20 |
--- a/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch |
| 21 |
+++ /dev/null |
| 22 |
@@ -1,120 +0,0 @@ |
| 23 |
-From 5fd2e1541a873e87f689de601beb3bc35910740d Mon Sep 17 00:00:00 2001 |
| 24 |
-From: Doug Nazar <nazard@×××××.ca> |
| 25 |
-Date: Wed, 22 Jun 2022 15:07:03 -0400 |
| 26 |
-Subject: [PATCH 1/2] Fix SSL handling during upgrade check |
| 27 |
- |
| 28 |
-Only update counters if we've received data, not on error (-1) since |
| 29 |
-we can then overwrite the stack, causing fault. |
| 30 |
- |
| 31 |
-my_ssl_connect() can return before initializing ssl & ctx. Ensure NULL |
| 32 |
-initialization so *_free() are no-ops. |
| 33 |
- |
| 34 |
-Cleanly shutdown the channel after receiving all data. |
| 35 |
- |
| 36 |
-Use the client version of the TLS method to match the other options. |
| 37 |
---- |
| 38 |
- base/netutils.c | 22 ++++++++++++---------- |
| 39 |
- base/utils.c | 4 ++-- |
| 40 |
- 2 files changed, 14 insertions(+), 12 deletions(-) |
| 41 |
- |
| 42 |
-diff --git a/base/netutils.c b/base/netutils.c |
| 43 |
-index 08ee40dd7..689b56f9b 100644 |
| 44 |
---- a/base/netutils.c |
| 45 |
-+++ b/base/netutils.c |
| 46 |
-@@ -154,7 +154,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX |
| 47 |
- |
| 48 |
- #if OPENSSL_VERSION_NUMBER >= 0x10100000 |
| 49 |
- |
| 50 |
-- method = TLS_method(); |
| 51 |
-+ method = TLS_client_method(); |
| 52 |
- |
| 53 |
- #else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ |
| 54 |
- |
| 55 |
-@@ -268,11 +268,11 @@ int my_ssl_sendall(int s, SSL *ssl, const char *buf, int *len, int timeout) { |
| 56 |
- /* If we hit one of these two errors, we just want to select() the socket again */ |
| 57 |
- break; |
| 58 |
- } |
| 59 |
-+ } else { |
| 60 |
-+ total_sent += n; |
| 61 |
-+ bytes_left -= n; |
| 62 |
- } |
| 63 |
- |
| 64 |
-- total_sent += n; |
| 65 |
-- bytes_left -= n; |
| 66 |
-- |
| 67 |
- /* make sure we haven't overrun the timeout */ |
| 68 |
- time(¤t_time); |
| 69 |
- if(current_time - start_time > timeout) { |
| 70 |
-@@ -337,17 +337,19 @@ int my_ssl_recvall(int s, SSL *ssl, char *buf, int *len, int timeout) { |
| 71 |
- n = SSL_read(ssl, buf + total_received, bytes_left); |
| 72 |
- if(n <= 0) { |
| 73 |
- int error = SSL_get_error(ssl, n); |
| 74 |
-+ /* If we hit one of these two errors, we just want to select() the socket again */ |
| 75 |
- if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { |
| 76 |
-- /* An actual error happened */ |
| 77 |
-- /* If we hit one of these two errors, we just want to select() the socket again */ |
| 78 |
-+ /* EOF or an actual error happened */ |
| 79 |
-+ if (error == SSL_ERROR_ZERO_RETURN) |
| 80 |
-+ SSL_shutdown(ssl); |
| 81 |
- break; |
| 82 |
- } |
| 83 |
-+ } else { |
| 84 |
-+ /* apply bytes we received */ |
| 85 |
-+ total_received += n; |
| 86 |
-+ bytes_left -= n; |
| 87 |
- } |
| 88 |
- |
| 89 |
-- /* apply bytes we received */ |
| 90 |
-- total_received += n; |
| 91 |
-- bytes_left -= n; |
| 92 |
-- |
| 93 |
- /* make sure we haven't overrun the timeout */ |
| 94 |
- time(¤t_time); |
| 95 |
- if(current_time - start_time > timeout) { |
| 96 |
-diff --git a/base/utils.c b/base/utils.c |
| 97 |
-index 79c6efba6..e83f7176a 100644 |
| 98 |
---- a/base/utils.c |
| 99 |
-+++ b/base/utils.c |
| 100 |
-@@ -3379,8 +3379,8 @@ int query_update_api(void) { |
| 101 |
- } |
| 102 |
- |
| 103 |
- #ifdef HAVE_SSL |
| 104 |
-- SSL *ssl; |
| 105 |
-- SSL_CTX *ctx; |
| 106 |
-+ SSL *ssl = NULL; |
| 107 |
-+ SSL_CTX *ctx = NULL; |
| 108 |
- |
| 109 |
- int result = my_ssl_connect(api_server, 443, &sd, &ssl, &ctx, 2); |
| 110 |
- if(sd > 0 && result != ERROR) { |
| 111 |
- |
| 112 |
-From a2c1415f14db6bbce9ba3d1d5a0c8218dd8c4fb8 Mon Sep 17 00:00:00 2001 |
| 113 |
-From: Doug Nazar <nazard@×××××.ca> |
| 114 |
-Date: Wed, 22 Jun 2022 15:14:34 -0400 |
| 115 |
-Subject: [PATCH 2/2] Silence warning about port_str not large enough for port. |
| 116 |
- |
| 117 |
---- |
| 118 |
- base/netutils.c | 4 ++-- |
| 119 |
- 1 file changed, 2 insertions(+), 2 deletions(-) |
| 120 |
- |
| 121 |
-diff --git a/base/netutils.c b/base/netutils.c |
| 122 |
-index 689b56f9b..1fb1ec6a9 100644 |
| 123 |
---- a/base/netutils.c |
| 124 |
-+++ b/base/netutils.c |
| 125 |
-@@ -46,7 +46,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX |
| 126 |
- hints.ai_socktype = SOCK_STREAM; |
| 127 |
- |
| 128 |
- /* make sure our static port_str is long enough */ |
| 129 |
-- if(port > 65535) |
| 130 |
-+ if(port < 0 || port > 65535) |
| 131 |
- return ERROR; |
| 132 |
- |
| 133 |
- snprintf(port_str, sizeof(port_str), "%d", port); |
| 134 |
-@@ -385,7 +385,7 @@ int my_tcp_connect(const char *host_name, int port, int *sd, int timeout) { |
| 135 |
- hints.ai_socktype = SOCK_STREAM; |
| 136 |
- |
| 137 |
- /* make sure our static port_str is long enough */ |
| 138 |
-- if(port > 65535) |
| 139 |
-+ if(port < 0 || port > 65535) |
| 140 |
- return ERROR; |
| 141 |
- |
| 142 |
- snprintf(port_str, sizeof(port_str), "%d", port); |
Archives