libnetconf2: Update to 0.12-r2

Cleaned up Makefile slightly. The removed CMAKE_OPTIONS are defaults from
cmake.mk

Removed Upstreamed patches.

Rebased and added .patch to the remaining one.

Added -Wformat-security patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

libs/libnetconf2/Makefile

@@ -8,19 +8,19 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libnetconf2
-PKG_VERSION:=0.12-r1
-PKG_RELEASE:=4
+PKG_VERSION:=0.12-r2
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libnetconf2/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=86269d3f1bc85bb17d8823d214f9a676ee3b14ee18a0b87a230380df8503e8f5
+PKG_HASH:=760061fb1c1fe87a2a068d5a9e5affcef280044c5940ef344854e9ea7ec26452
 
 PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 
-PKG_BUILD_PARALLEL:=1
 CMAKE_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
@@ -40,10 +40,6 @@ define Package/libnetconf2/description
  SSH, to send and receive NETCONF messages. NETCONF datastore implementation is not included.
 endef
 
-CMAKE_OPTIONS += \
-	-DCMAKE_INSTALL_PREFIX:PATH=/usr \
-	-DCMAKE_BUILD_TYPE:STRING=Release
-
 define Package/libnetconf2/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libnetconf2.so* $(1)/usr/lib/

libs/libnetconf2/patches/010-fix-format.patch

@@ -0,0 +1,11 @@
+--- a/src/io.c
++++ b/src/io.c
+@@ -62,7 +62,7 @@ nc_ssl_error_get_reasons(void)
+             ERRMEM;
+             return NULL;
+         }
+-        reason_len += sprintf(reasons + reason_len, ERR_reason_error_string(e));
++        reason_len += sprintf(reasons + reason_len, "%s", ERR_reason_error_string(e));
+     }
+ 
+     return reasons;

libs/libnetconf2/patches/010-remove-engine.patch

@@ -1,33 +0,0 @@
-From 5472ebd501c0558a9434a11b309f3b6a314c2168 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Wed, 7 Nov 2018 16:58:42 -0800
-Subject: [PATCH] session: Remove engine.h include
-
-OpenSSL's engine API is not used except for a cleanup call.
----
- src/session.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index edf1bb4..fe90fa9 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -36,7 +36,6 @@
- 
- #if defined(NC_ENABLED_SSH) || defined(NC_ENABLED_TLS)
- 
--#   include <openssl/engine.h>
- #   include <openssl/conf.h>
- #   include <openssl/err.h>
- 
-@@ -1296,7 +1295,6 @@ static void
- nc_ssh_destroy(void)
- {
-     FIPS_mode_set(0);
--    ENGINE_cleanup();
-     CONF_modules_unload(1);
-     nc_thread_destroy();
-     ssh_finalize();
--- 
-2.19.1
-

libs/libnetconf2/patches/020-openssl-deprecated.patch

@@ -1,160 +0,0 @@
---- a/src/session.c
-+++ b/src/session.c
-@@ -1372,11 +1372,11 @@ tls_thread_id_func(CRYPTO_THREADID *tid)
- static void
- nc_tls_init(void)
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     SSL_load_error_strings();
-     ERR_load_BIO_strings();
-     SSL_library_init();
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     int i;
- 
-     tls_locks = malloc(CRYPTO_num_locks() * sizeof *tls_locks);
-@@ -1400,6 +1400,7 @@ nc_tls_init(void)
- static void
- nc_tls_destroy(void)
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     FIPS_mode_set(0);
-     CRYPTO_cleanup_all_ex_data();
-     nc_thread_destroy();
-@@ -1411,7 +1412,6 @@ nc_tls_destroy(void)
-     SSL_COMP_free_compression_methods();
- #endif
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     int i;
- 
-     CRYPTO_THREADID_set_callback(NULL);
-@@ -1434,13 +1434,13 @@ nc_tls_destroy(void)
- static void
- nc_ssh_tls_init(void)
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     SSL_load_error_strings();
-     ERR_load_BIO_strings();
-     SSL_library_init();
- 
-     nc_ssh_init();
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     CRYPTO_set_dynlock_create_callback(tls_dyn_create_func);
-     CRYPTO_set_dynlock_lock_callback(tls_dyn_lock_func);
-     CRYPTO_set_dynlock_destroy_callback(tls_dyn_destroy_func);
-@@ -1450,6 +1450,7 @@ nc_ssh_tls_init(void)
- static void
- nc_ssh_tls_destroy(void)
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     ERR_free_strings();
- #if OPENSSL_VERSION_NUMBER < 0x10002000L // < 1.0.2
-     sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
-@@ -1459,7 +1460,6 @@ nc_ssh_tls_destroy(void)
- 
-     nc_ssh_destroy();
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
-     CRYPTO_set_dynlock_create_callback(NULL);
-     CRYPTO_set_dynlock_lock_callback(NULL);
-     CRYPTO_set_dynlock_destroy_callback(NULL);
---- a/src/session_client_tls.c
-+++ b/src/session_client_tls.c
-@@ -29,6 +29,10 @@
- #include "session_client_ch.h"
- #include "libnetconf.h"
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
-+#endif
-+
- struct nc_client_context *nc_client_context_location(void);
- int nc_session_new_ctx( struct nc_session *session, struct ly_ctx *ctx);
- 
-@@ -74,7 +78,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
-     store_ctx = X509_STORE_CTX_new();
-     obj = X509_OBJECT_new();
-     X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
--    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
-+    rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
-     X509_STORE_CTX_free(store_ctx);
-     crl = X509_OBJECT_get0_X509_CRL(obj);
-     if (rc > 0 && crl) {
-@@ -113,7 +117,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
-     store_ctx = X509_STORE_CTX_new();
-     obj = X509_OBJECT_new();
-     X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
--    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
-+    rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
-     X509_STORE_CTX_free(store_ctx);
-     crl = X509_OBJECT_get0_X509_CRL(obj);
-     if (rc > 0 && crl) {
-@@ -169,7 +173,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
-      * the current certificate in order to verify it's integrity */
-     memset((char *)&obj, 0, sizeof obj);
-     X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
--    rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
-+    rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
-     X509_STORE_CTX_cleanup(&store_ctx);
-     crl = obj.data.crl;
-     if (rc > 0 && crl) {
-@@ -207,7 +211,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
-      * the current certificate in order to check for revocation */
-     memset((char *)&obj, 0, sizeof obj);
-     X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
--    rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
-+    rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
-     X509_STORE_CTX_cleanup(&store_ctx);
-     crl = obj.data.crl;
-     if (rc > 0 && crl) {
---- a/src/session_server_tls.c
-+++ b/src/session_server_tls.c
-@@ -28,6 +28,10 @@
- #include "session_server_ch.h"
- #include "libnetconf.h"
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
-+#endif
-+
- struct nc_server_tls_opts tls_ch_opts;
- pthread_mutex_t tls_ch_opts_lock = PTHREAD_MUTEX_INITIALIZER;
- extern struct nc_server_opts server_opts;
-@@ -563,7 +567,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
-         store_ctx = X509_STORE_CTX_new();
-         obj = X509_OBJECT_new();
-         X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
--        rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
-+        rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
-         X509_STORE_CTX_free(store_ctx);
-         crl = X509_OBJECT_get0_X509_CRL(obj);
-         if (rc > 0 && crl) {
-@@ -616,7 +620,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
-         store_ctx = X509_STORE_CTX_new();
-         obj = X509_OBJECT_new();
-         X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
--        rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
-+        rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
-         X509_STORE_CTX_free(store_ctx);
-         crl = X509_OBJECT_get0_X509_CRL(obj);
-         if (rc > 0 && crl) {
-@@ -776,7 +780,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
-          * the current certificate in order to verify it's integrity */
-         memset((char *)&obj, 0, sizeof(obj));
-         X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
--        rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
-+        rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
-         X509_STORE_CTX_cleanup(&store_ctx);
-         crl = obj.data.crl;
-         if (rc > 0 && crl) {
-@@ -828,7 +832,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
-          * the current certificate in order to check for revocation */
-         memset((char *)&obj, 0, sizeof(obj));
-         X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
--        rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
-+        rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
-         X509_STORE_CTX_cleanup(&store_ctx);
-         crl = obj.data.crl;
-         if (rc > 0 && crl) {