From 867ef65cd897014478ed65034b1ac3f139289a77 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 8 Nov 2022 15:24:16 +0000 Subject: gentoo auto-resync : 08:11:2022 - 15:24:16 --- net-analyzer/nagios-core/Manifest | 1 - .../files/nagios-core-4.4.7-upgrade-sslfix.patch | 120 --------------------- 2 files changed, 121 deletions(-) delete mode 100644 net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch (limited to 'net-analyzer/nagios-core') diff --git a/net-analyzer/nagios-core/Manifest b/net-analyzer/nagios-core/Manifest index d2ddc1d7047f..486e062d4248 100644 --- a/net-analyzer/nagios-core/Manifest +++ b/net-analyzer/nagios-core/Manifest @@ -1,6 +1,5 @@ AUX 99_nagios4-r1.conf 309 BLAKE2B c539330d9f100045fc02d13061dd3b8e958370c8885ef8d28c38ee380b2043d86c9b0097c158dbc5d486f1c53e22ef6f52a96286d0c50d1d47d9eb025fb6b8a9 SHA512 cb93d6af5b6f43b172cec276f669ef786268c1ba51ffda994733c98a8ad5f625229aecaed68b5cb433a66257a8eb66ec16f9569aa87b6dcecf21d8339bd5fb8f AUX lighttpd_nagios4-r1.conf 297 BLAKE2B 8976123407c47be6023c5dae57c833f7e0b43ae2c70348dcd72b754453b5a84dd335daa222b4b75e5c19b3d5c18b64496739bdb61b8f2f67f5655b80a0ffb65f SHA512 2ef5268e9ba228d12e3dabb5a23ce73e49b7149a047acd4a2daac3cd3415b5233aaaf3b972c85780e71bd5fe3eefb6755a6222b40a509104fb318e219366867f -AUX nagios-core-4.4.7-upgrade-sslfix.patch 3818 BLAKE2B b6c8eff521ed909100a1469b01524e049082d5e4a7fef55b1743256cf67717985d2a2e80ff813b72eaf3014c7671225d40b646448915796766307846838e7692 SHA512 25df0d64ed03cdb122208a42daf0f1ddf5730f0a1a803f1821bfef431f7780486874a5e1a0bd6ef7361420dddde6b8bfc13210e18c48084c73ae74600d54a2de DIST nagios-4.4.7.tar.gz 11340759 BLAKE2B 4316e6cfc7f576d0fe5ba075aba2931dc850c97fe84b124eceeefaa6c01563c0639c8cecf751e086d5a6f9c0a1079f7e9bd013f961956d7d59536dea4516cf86 SHA512 92adc74e687bcbbd742075c8c7222d42c90795a4eb7582e3f1f492349db8200c61f390bf3c4cab4b023c5c111353a43f5dd687b0ee5ab6a8775444e06d42517b DIST nagios-4.4.8.tar.gz 11339420 BLAKE2B 785705824a5a47d5f20ac0f3d756d51d6362e230514e486e1dc1fa10488a9f7ca724cc96635f2965aac1bb9dc76dee3cf2ab4e2c1be77b239540b87d1a139a21 SHA512 56448628e54b9467d14978b039fc7b37f48be624757a1bd9fe16810101f3ce4a5d740e1c9c367d2b3a8bc408a56bdf295955d8b73d5d74ee92f4750b908e88a7 DIST nagios-core-gentoo-icons-20141125.tar 40960 BLAKE2B 31c1953e1160c7c7b89606b72b1a80407e4c1b7a7938b40bd1c577cd0c309dd88ca6b775d692a9b846dbf67736537fa9c91e56aa15fdd447769608ca525bff09 SHA512 bf109879cddd6136b76baba55d0b60b2596e37431dcf5ce0905d34a9fa292ebf7e4bde82d9a084362c486e8fac344c76d88f9298b1b85541ed70ffd608493766 diff --git a/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch b/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch deleted file mode 100644 index c89f096caaa5..000000000000 --- a/net-analyzer/nagios-core/files/nagios-core-4.4.7-upgrade-sslfix.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 5fd2e1541a873e87f689de601beb3bc35910740d Mon Sep 17 00:00:00 2001 -From: Doug Nazar -Date: Wed, 22 Jun 2022 15:07:03 -0400 -Subject: [PATCH 1/2] Fix SSL handling during upgrade check - -Only update counters if we've received data, not on error (-1) since -we can then overwrite the stack, causing fault. - -my_ssl_connect() can return before initializing ssl & ctx. Ensure NULL -initialization so *_free() are no-ops. - -Cleanly shutdown the channel after receiving all data. - -Use the client version of the TLS method to match the other options. ---- - base/netutils.c | 22 ++++++++++++---------- - base/utils.c | 4 ++-- - 2 files changed, 14 insertions(+), 12 deletions(-) - -diff --git a/base/netutils.c b/base/netutils.c -index 08ee40dd7..689b56f9b 100644 ---- a/base/netutils.c -+++ b/base/netutils.c -@@ -154,7 +154,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX - - #if OPENSSL_VERSION_NUMBER >= 0x10100000 - -- method = TLS_method(); -+ method = TLS_client_method(); - - #else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ - -@@ -268,11 +268,11 @@ int my_ssl_sendall(int s, SSL *ssl, const char *buf, int *len, int timeout) { - /* If we hit one of these two errors, we just want to select() the socket again */ - break; - } -+ } else { -+ total_sent += n; -+ bytes_left -= n; - } - -- total_sent += n; -- bytes_left -= n; -- - /* make sure we haven't overrun the timeout */ - time(¤t_time); - if(current_time - start_time > timeout) { -@@ -337,17 +337,19 @@ int my_ssl_recvall(int s, SSL *ssl, char *buf, int *len, int timeout) { - n = SSL_read(ssl, buf + total_received, bytes_left); - if(n <= 0) { - int error = SSL_get_error(ssl, n); -+ /* If we hit one of these two errors, we just want to select() the socket again */ - if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { -- /* An actual error happened */ -- /* If we hit one of these two errors, we just want to select() the socket again */ -+ /* EOF or an actual error happened */ -+ if (error == SSL_ERROR_ZERO_RETURN) -+ SSL_shutdown(ssl); - break; - } -+ } else { -+ /* apply bytes we received */ -+ total_received += n; -+ bytes_left -= n; - } - -- /* apply bytes we received */ -- total_received += n; -- bytes_left -= n; -- - /* make sure we haven't overrun the timeout */ - time(¤t_time); - if(current_time - start_time > timeout) { -diff --git a/base/utils.c b/base/utils.c -index 79c6efba6..e83f7176a 100644 ---- a/base/utils.c -+++ b/base/utils.c -@@ -3379,8 +3379,8 @@ int query_update_api(void) { - } - - #ifdef HAVE_SSL -- SSL *ssl; -- SSL_CTX *ctx; -+ SSL *ssl = NULL; -+ SSL_CTX *ctx = NULL; - - int result = my_ssl_connect(api_server, 443, &sd, &ssl, &ctx, 2); - if(sd > 0 && result != ERROR) { - -From a2c1415f14db6bbce9ba3d1d5a0c8218dd8c4fb8 Mon Sep 17 00:00:00 2001 -From: Doug Nazar -Date: Wed, 22 Jun 2022 15:14:34 -0400 -Subject: [PATCH 2/2] Silence warning about port_str not large enough for port. - ---- - base/netutils.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/base/netutils.c b/base/netutils.c -index 689b56f9b..1fb1ec6a9 100644 ---- a/base/netutils.c -+++ b/base/netutils.c -@@ -46,7 +46,7 @@ int my_ssl_connect(const char *host_name, int port, int *sd, SSL **ssl, SSL_CTX - hints.ai_socktype = SOCK_STREAM; - - /* make sure our static port_str is long enough */ -- if(port > 65535) -+ if(port < 0 || port > 65535) - return ERROR; - - snprintf(port_str, sizeof(port_str), "%d", port); -@@ -385,7 +385,7 @@ int my_tcp_connect(const char *host_name, int port, int *sd, int timeout) { - hints.ai_socktype = SOCK_STREAM; - - /* make sure our static port_str is long enough */ -- if(port > 65535) -+ if(port < 0 || port > 65535) - return ERROR; - - snprintf(port_str, sizeof(port_str), "%d", port); -- cgit v1.2.3