From b5132ef7804f3f85b9956ae73e1ab4e15b4a98f5 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 15 Jul 2019 15:27:38 -0700 Subject: [PATCH] libnetconf2: Update to 0.12-r2 Cleaned up Makefile slightly. The removed CMAKE_OPTIONS are defaults from cmake.mk Removed Upstreamed patches. Rebased and added .patch to the remaining one. Added -Wformat-security patch. Signed-off-by: Rosen Penev --- libs/libnetconf2/Makefile | 12 +- ...read-error => 001-fix-pthread-error.patch} | 31 ++-- libs/libnetconf2/patches/010-fix-format.patch | 11 ++ .../patches/010-remove-engine.patch | 33 ---- .../patches/020-openssl-deprecated.patch | 160 ------------------ 5 files changed, 26 insertions(+), 221 deletions(-) rename libs/libnetconf2/patches/{001-fix-pthread-error => 001-fix-pthread-error.patch} (54%) create mode 100644 libs/libnetconf2/patches/010-fix-format.patch delete mode 100644 libs/libnetconf2/patches/010-remove-engine.patch delete mode 100644 libs/libnetconf2/patches/020-openssl-deprecated.patch diff --git a/libs/libnetconf2/Makefile b/libs/libnetconf2/Makefile index e6830314a..4005e60e6 100644 --- a/libs/libnetconf2/Makefile +++ b/libs/libnetconf2/Makefile @@ -8,19 +8,19 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libnetconf2 -PKG_VERSION:=0.12-r1 -PKG_RELEASE:=4 +PKG_VERSION:=0.12-r2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libnetconf2/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=86269d3f1bc85bb17d8823d214f9a676ee3b14ee18a0b87a230380df8503e8f5 +PKG_HASH:=760061fb1c1fe87a2a068d5a9e5affcef280044c5940ef344854e9ea7ec26452 PKG_MAINTAINER:=Mislav Novakovic PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE -PKG_BUILD_PARALLEL:=1 CMAKE_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk @@ -40,10 +40,6 @@ define Package/libnetconf2/description SSH, to send and receive NETCONF messages. NETCONF datastore implementation is not included. endef -CMAKE_OPTIONS += \ - -DCMAKE_INSTALL_PREFIX:PATH=/usr \ - -DCMAKE_BUILD_TYPE:STRING=Release - define Package/libnetconf2/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnetconf2.so* $(1)/usr/lib/ diff --git a/libs/libnetconf2/patches/001-fix-pthread-error b/libs/libnetconf2/patches/001-fix-pthread-error.patch similarity index 54% rename from libs/libnetconf2/patches/001-fix-pthread-error rename to libs/libnetconf2/patches/001-fix-pthread-error.patch index b15893e17..30faa03a9 100644 --- a/libs/libnetconf2/patches/001-fix-pthread-error +++ b/libs/libnetconf2/patches/001-fix-pthread-error.patch @@ -1,23 +1,16 @@ -Index: libnetconf2-0.12-r1/CMakeLists.txt -=================================================================== ---- libnetconf2-0.12-r1.orig/CMakeLists.txt -+++ libnetconf2-0.12-r1/CMakeLists.txt -@@ -172,8 +172,10 @@ target_link_libraries(netconf2 ${CMAKE_T - - # check availability for some pthread functions +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -176,6 +176,7 @@ target_link_libraries(netconf2 ${CMAKE_THREAD_LIBS_INIT}) set(CMAKE_REQUIRED_LIBRARIES pthread) -+include(CheckFunctionExists) - check_function_exists(pthread_spin_lock HAVE_SPINLOCK) + check_include_file(stdatomic.h HAVE_STDATOMIC) check_function_exists(pthread_mutex_timedlock HAVE_PTHREAD_MUTEX_TIMEDLOCK) +check_function_exists(pthread_rwlockattr_setkind_np HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP) # dependencies - openssl if(ENABLE_TLS OR ENABLE_DNSSEC OR ENABLE_SSH) -Index: libnetconf2-0.12-r1/src/config.h.in -=================================================================== ---- libnetconf2-0.12-r1.orig/src/config.h.in -+++ libnetconf2-0.12-r1/src/config.h.in -@@ -65,4 +65,7 @@ +--- a/src/config.h.in ++++ b/src/config.h.in +@@ -73,4 +73,7 @@ */ #define NC_PS_QUEUE_SIZE @MAX_PSPOLL_THREAD_COUNT@ @@ -25,11 +18,9 @@ Index: libnetconf2-0.12-r1/src/config.h.in +#cmakedefine HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP + #endif /* NC_CONFIG_H_ */ -Index: libnetconf2-0.12-r1/src/session_server.c -=================================================================== ---- libnetconf2-0.12-r1.orig/src/session_server.c -+++ libnetconf2-0.12-r1/src/session_server.c -@@ -520,6 +520,7 @@ nc_server_init(struct ly_ctx *ctx) +--- a/src/session_server.c ++++ b/src/session_server.c +@@ -560,6 +560,7 @@ nc_server_init(struct ly_ctx *ctx) errno=0; if (pthread_rwlockattr_init(&attr) == 0) { @@ -37,7 +28,7 @@ Index: libnetconf2-0.12-r1/src/session_server.c if (pthread_rwlockattr_setkind_np(&attr, PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP) == 0) { if (pthread_rwlock_init(&server_opts.endpt_lock, &attr) != 0) { ERR("%s: failed to init rwlock(%s).", __FUNCTION__, strerror(errno)); -@@ -530,6 +531,7 @@ nc_server_init(struct ly_ctx *ctx) +@@ -570,6 +571,7 @@ nc_server_init(struct ly_ctx *ctx) } else { ERR("%s: failed set attribute (%s).", __FUNCTION__, strerror(errno)); } diff --git a/libs/libnetconf2/patches/010-fix-format.patch b/libs/libnetconf2/patches/010-fix-format.patch new file mode 100644 index 000000000..1f6ce2c2d --- /dev/null +++ b/libs/libnetconf2/patches/010-fix-format.patch @@ -0,0 +1,11 @@ +--- a/src/io.c ++++ b/src/io.c +@@ -62,7 +62,7 @@ nc_ssl_error_get_reasons(void) + ERRMEM; + return NULL; + } +- reason_len += sprintf(reasons + reason_len, ERR_reason_error_string(e)); ++ reason_len += sprintf(reasons + reason_len, "%s", ERR_reason_error_string(e)); + } + + return reasons; diff --git a/libs/libnetconf2/patches/010-remove-engine.patch b/libs/libnetconf2/patches/010-remove-engine.patch deleted file mode 100644 index 8e49c144d..000000000 --- a/libs/libnetconf2/patches/010-remove-engine.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 5472ebd501c0558a9434a11b309f3b6a314c2168 Mon Sep 17 00:00:00 2001 -From: Rosen Penev -Date: Wed, 7 Nov 2018 16:58:42 -0800 -Subject: [PATCH] session: Remove engine.h include - -OpenSSL's engine API is not used except for a cleanup call. ---- - src/session.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/session.c b/src/session.c -index edf1bb4..fe90fa9 100644 ---- a/src/session.c -+++ b/src/session.c -@@ -36,7 +36,6 @@ - - #if defined(NC_ENABLED_SSH) || defined(NC_ENABLED_TLS) - --# include - # include - # include - -@@ -1296,7 +1295,6 @@ static void - nc_ssh_destroy(void) - { - FIPS_mode_set(0); -- ENGINE_cleanup(); - CONF_modules_unload(1); - nc_thread_destroy(); - ssh_finalize(); --- -2.19.1 - diff --git a/libs/libnetconf2/patches/020-openssl-deprecated.patch b/libs/libnetconf2/patches/020-openssl-deprecated.patch deleted file mode 100644 index a8234281c..000000000 --- a/libs/libnetconf2/patches/020-openssl-deprecated.patch +++ /dev/null @@ -1,160 +0,0 @@ ---- a/src/session.c -+++ b/src/session.c -@@ -1372,11 +1372,11 @@ tls_thread_id_func(CRYPTO_THREADID *tid) - static void - nc_tls_init(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - SSL_load_error_strings(); - ERR_load_BIO_strings(); - SSL_library_init(); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - int i; - - tls_locks = malloc(CRYPTO_num_locks() * sizeof *tls_locks); -@@ -1400,6 +1400,7 @@ nc_tls_init(void) - static void - nc_tls_destroy(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - FIPS_mode_set(0); - CRYPTO_cleanup_all_ex_data(); - nc_thread_destroy(); -@@ -1411,7 +1412,6 @@ nc_tls_destroy(void) - SSL_COMP_free_compression_methods(); - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - int i; - - CRYPTO_THREADID_set_callback(NULL); -@@ -1434,13 +1434,13 @@ nc_tls_destroy(void) - static void - nc_ssh_tls_init(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - SSL_load_error_strings(); - ERR_load_BIO_strings(); - SSL_library_init(); - - nc_ssh_init(); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - CRYPTO_set_dynlock_create_callback(tls_dyn_create_func); - CRYPTO_set_dynlock_lock_callback(tls_dyn_lock_func); - CRYPTO_set_dynlock_destroy_callback(tls_dyn_destroy_func); -@@ -1450,6 +1450,7 @@ nc_ssh_tls_init(void) - static void - nc_ssh_tls_destroy(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - ERR_free_strings(); - #if OPENSSL_VERSION_NUMBER < 0x10002000L // < 1.0.2 - sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); -@@ -1459,7 +1460,6 @@ nc_ssh_tls_destroy(void) - - nc_ssh_destroy(); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0 - CRYPTO_set_dynlock_create_callback(NULL); - CRYPTO_set_dynlock_lock_callback(NULL); - CRYPTO_set_dynlock_destroy_callback(NULL); ---- a/src/session_client_tls.c -+++ b/src/session_client_tls.c -@@ -29,6 +29,10 @@ - #include "session_client_ch.h" - #include "libnetconf.h" - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject -+#endif -+ - struct nc_client_context *nc_client_context_location(void); - int nc_session_new_ctx( struct nc_session *session, struct ly_ctx *ctx); - -@@ -74,7 +78,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) - store_ctx = X509_STORE_CTX_new(); - obj = X509_OBJECT_new(); - X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj); -+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj); - X509_STORE_CTX_free(store_ctx); - crl = X509_OBJECT_get0_X509_CRL(obj); - if (rc > 0 && crl) { -@@ -113,7 +117,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) - store_ctx = X509_STORE_CTX_new(); - obj = X509_OBJECT_new(); - X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj); -+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj); - X509_STORE_CTX_free(store_ctx); - crl = X509_OBJECT_get0_X509_CRL(obj); - if (rc > 0 && crl) { -@@ -169,7 +173,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) - * the current certificate in order to verify it's integrity */ - memset((char *)&obj, 0, sizeof obj); - X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj); -+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj); - X509_STORE_CTX_cleanup(&store_ctx); - crl = obj.data.crl; - if (rc > 0 && crl) { -@@ -207,7 +211,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) - * the current certificate in order to check for revocation */ - memset((char *)&obj, 0, sizeof obj); - X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj); -+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj); - X509_STORE_CTX_cleanup(&store_ctx); - crl = obj.data.crl; - if (rc > 0 && crl) { ---- a/src/session_server_tls.c -+++ b/src/session_server_tls.c -@@ -28,6 +28,10 @@ - #include "session_server_ch.h" - #include "libnetconf.h" - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject -+#endif -+ - struct nc_server_tls_opts tls_ch_opts; - pthread_mutex_t tls_ch_opts_lock = PTHREAD_MUTEX_INITIALIZER; - extern struct nc_server_opts server_opts; -@@ -563,7 +567,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx) - store_ctx = X509_STORE_CTX_new(); - obj = X509_OBJECT_new(); - X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj); -+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj); - X509_STORE_CTX_free(store_ctx); - crl = X509_OBJECT_get0_X509_CRL(obj); - if (rc > 0 && crl) { -@@ -616,7 +620,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx) - store_ctx = X509_STORE_CTX_new(); - obj = X509_OBJECT_new(); - X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj); -+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj); - X509_STORE_CTX_free(store_ctx); - crl = X509_OBJECT_get0_X509_CRL(obj); - if (rc > 0 && crl) { -@@ -776,7 +780,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx) - * the current certificate in order to verify it's integrity */ - memset((char *)&obj, 0, sizeof(obj)); - X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj); -+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj); - X509_STORE_CTX_cleanup(&store_ctx); - crl = obj.data.crl; - if (rc > 0 && crl) { -@@ -828,7 +832,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx) - * the current certificate in order to check for revocation */ - memset((char *)&obj, 0, sizeof(obj)); - X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); -- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj); -+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj); - X509_STORE_CTX_cleanup(&store_ctx); - crl = obj.data.crl; - if (rc > 0 && crl) {