Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libnetconf2: Update to 0.12-r2

Browse source 
Cleaned up Makefile slightly. The removed CMAKE_OPTIONS are defaults from
cmake.mk

Removed Upstreamed patches.

Rebased and added .patch to the remaining one.

Added -Wformat-security patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit is contained in:
Rosen Penev 2019-07-15 15:27:38 -07:00
parent b7a82187c1
commit b5132ef780
5 changed files with 26 additions and 221 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
libs/libnetconf2/Makefile
View file

@ -8,19 +8,19 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libnetconf2
PKG_VERSION:=0.12-r1
PKG_RELEASE:=4
PKG_VERSION:=0.12-r2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libnetconf2/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=86269d3f1bc85bb17d8823d214f9a676ee3b14ee18a0b87a230380df8503e8f5
PKG_HASH:=760061fb1c1fe87a2a068d5a9e5affcef280044c5940ef344854e9ea7ec26452
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_PARALLEL:=1
CMAKE_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
@ -40,10 +40,6 @@ define Package/libnetconf2/description
SSH, to send and receive NETCONF messages. NETCONF datastore implementation is not included.
endef
CMAKE_OPTIONS += \
-DCMAKE_INSTALL_PREFIX:PATH=/usr \
-DCMAKE_BUILD_TYPE:STRING=Release
define Package/libnetconf2/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libnetconf2.so* $(1)/usr/lib/

31
libs/libnetconf2/patches/001-fix-pthread-error → libs/libnetconf2/patches/001-fix-pthread-error.patch
View file

@ -1,23 +1,16 @@
Index: libnetconf2-0.12-r1/CMakeLists.txt
===================================================================
--- libnetconf2-0.12-r1.orig/CMakeLists.txt
+++ libnetconf2-0.12-r1/CMakeLists.txt
@@ -172,8 +172,10 @@ target_link_libraries(netconf2 ${CMAKE_T
# check availability for some pthread functions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -176,6 +176,7 @@ target_link_libraries(netconf2 ${CMAKE_THREAD_LIBS_INIT})
set(CMAKE_REQUIRED_LIBRARIES pthread)
+include(CheckFunctionExists)
check_function_exists(pthread_spin_lock HAVE_SPINLOCK)
check_include_file(stdatomic.h HAVE_STDATOMIC)
check_function_exists(pthread_mutex_timedlock HAVE_PTHREAD_MUTEX_TIMEDLOCK)
+check_function_exists(pthread_rwlockattr_setkind_np HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP)
# dependencies - openssl
if(ENABLE_TLS OR ENABLE_DNSSEC OR ENABLE_SSH)
Index: libnetconf2-0.12-r1/src/config.h.in
===================================================================
--- libnetconf2-0.12-r1.orig/src/config.h.in
+++ libnetconf2-0.12-r1/src/config.h.in
@@ -65,4 +65,7 @@
--- a/src/config.h.in
+++ b/src/config.h.in
@@ -73,4 +73,7 @@
*/
#define NC_PS_QUEUE_SIZE @MAX_PSPOLL_THREAD_COUNT@
@ -25,11 +18,9 @@ Index: libnetconf2-0.12-r1/src/config.h.in
+#cmakedefine HAVE_PTHREAD_RWLOCKATTR_SETKIND_NP
+
#endif /* NC_CONFIG_H_ */
Index: libnetconf2-0.12-r1/src/session_server.c
===================================================================
--- libnetconf2-0.12-r1.orig/src/session_server.c
+++ libnetconf2-0.12-r1/src/session_server.c
@@ -520,6 +520,7 @@ nc_server_init(struct ly_ctx *ctx)
--- a/src/session_server.c
+++ b/src/session_server.c
@@ -560,6 +560,7 @@ nc_server_init(struct ly_ctx *ctx)
errno=0;
if (pthread_rwlockattr_init(&attr) == 0) {
@ -37,7 +28,7 @@ Index: libnetconf2-0.12-r1/src/session_server.c
if (pthread_rwlockattr_setkind_np(&attr, PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP) == 0) {
if (pthread_rwlock_init(&server_opts.endpt_lock, &attr) != 0) {
ERR("%s: failed to init rwlock(%s).", __FUNCTION__, strerror(errno));
@@ -530,6 +531,7 @@ nc_server_init(struct ly_ctx *ctx)
@@ -570,6 +571,7 @@ nc_server_init(struct ly_ctx *ctx)
} else {
ERR("%s: failed set attribute (%s).", __FUNCTION__, strerror(errno));
}

11
libs/libnetconf2/patches/010-fix-format.patch Normal file
View file

@ -0,0 +1,11 @@
--- a/src/io.c
+++ b/src/io.c
@@ -62,7 +62,7 @@ nc_ssl_error_get_reasons(void)
ERRMEM;
return NULL;
}
- reason_len += sprintf(reasons + reason_len, ERR_reason_error_string(e));
+ reason_len += sprintf(reasons + reason_len, "%s", ERR_reason_error_string(e));
}
return reasons;

33
libs/libnetconf2/patches/010-remove-engine.patch
View file

@ -1,33 +0,0 @@
From 5472ebd501c0558a9434a11b309f3b6a314c2168 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Wed, 7 Nov 2018 16:58:42 -0800
Subject: [PATCH] session: Remove engine.h include
OpenSSL's engine API is not used except for a cleanup call.
---
src/session.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/session.c b/src/session.c
index edf1bb4..fe90fa9 100644
--- a/src/session.c
+++ b/src/session.c
@@ -36,7 +36,6 @@
#if defined(NC_ENABLED_SSH) || defined(NC_ENABLED_TLS)
-# include <openssl/engine.h>
# include <openssl/conf.h>
# include <openssl/err.h>
@@ -1296,7 +1295,6 @@ static void
nc_ssh_destroy(void)
{
FIPS_mode_set(0);
- ENGINE_cleanup();
CONF_modules_unload(1);
nc_thread_destroy();
ssh_finalize();
--
2.19.1

160
libs/libnetconf2/patches/020-openssl-deprecated.patch
View file

@ -1,160 +0,0 @@
--- a/src/session.c
+++ b/src/session.c
@@ -1372,11 +1372,11 @@ tls_thread_id_func(CRYPTO_THREADID *tid)
static void
nc_tls_init(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
SSL_load_error_strings();
ERR_load_BIO_strings();
SSL_library_init();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
int i;
tls_locks = malloc(CRYPTO_num_locks() * sizeof *tls_locks);
@@ -1400,6 +1400,7 @@ nc_tls_init(void)
static void
nc_tls_destroy(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
FIPS_mode_set(0);
CRYPTO_cleanup_all_ex_data();
nc_thread_destroy();
@@ -1411,7 +1412,6 @@ nc_tls_destroy(void)
SSL_COMP_free_compression_methods();
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
int i;
CRYPTO_THREADID_set_callback(NULL);
@@ -1434,13 +1434,13 @@ nc_tls_destroy(void)
static void
nc_ssh_tls_init(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
SSL_load_error_strings();
ERR_load_BIO_strings();
SSL_library_init();
nc_ssh_init();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
CRYPTO_set_dynlock_create_callback(tls_dyn_create_func);
CRYPTO_set_dynlock_lock_callback(tls_dyn_lock_func);
CRYPTO_set_dynlock_destroy_callback(tls_dyn_destroy_func);
@@ -1450,6 +1450,7 @@ nc_ssh_tls_init(void)
static void
nc_ssh_tls_destroy(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
ERR_free_strings();
#if OPENSSL_VERSION_NUMBER < 0x10002000L // < 1.0.2
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
@@ -1459,7 +1460,6 @@ nc_ssh_tls_destroy(void)
nc_ssh_destroy();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
--- a/src/session_client_tls.c
+++ b/src/session_client_tls.c
@@ -29,6 +29,10 @@
#include "session_client_ch.h"
#include "libnetconf.h"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
+#endif
+
struct nc_client_context *nc_client_context_location(void);
int nc_session_new_ctx( struct nc_session *session, struct ly_ctx *ctx);
@@ -74,7 +78,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
store_ctx = X509_STORE_CTX_new();
obj = X509_OBJECT_new();
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
X509_STORE_CTX_free(store_ctx);
crl = X509_OBJECT_get0_X509_CRL(obj);
if (rc > 0 && crl) {
@@ -113,7 +117,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
store_ctx = X509_STORE_CTX_new();
obj = X509_OBJECT_new();
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
X509_STORE_CTX_free(store_ctx);
crl = X509_OBJECT_get0_X509_CRL(obj);
if (rc > 0 && crl) {
@@ -169,7 +173,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
* the current certificate in order to verify it's integrity */
memset((char *)&obj, 0, sizeof obj);
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
X509_STORE_CTX_cleanup(&store_ctx);
crl = obj.data.crl;
if (rc > 0 && crl) {
@@ -207,7 +211,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
* the current certificate in order to check for revocation */
memset((char *)&obj, 0, sizeof obj);
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
X509_STORE_CTX_cleanup(&store_ctx);
crl = obj.data.crl;
if (rc > 0 && crl) {
--- a/src/session_server_tls.c
+++ b/src/session_server_tls.c
@@ -28,6 +28,10 @@
#include "session_server_ch.h"
#include "libnetconf.h"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
+#endif
+
struct nc_server_tls_opts tls_ch_opts;
pthread_mutex_t tls_ch_opts_lock = PTHREAD_MUTEX_INITIALIZER;
extern struct nc_server_opts server_opts;
@@ -563,7 +567,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
store_ctx = X509_STORE_CTX_new();
obj = X509_OBJECT_new();
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
X509_STORE_CTX_free(store_ctx);
crl = X509_OBJECT_get0_X509_CRL(obj);
if (rc > 0 && crl) {
@@ -616,7 +620,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
store_ctx = X509_STORE_CTX_new();
obj = X509_OBJECT_new();
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
X509_STORE_CTX_free(store_ctx);
crl = X509_OBJECT_get0_X509_CRL(obj);
if (rc > 0 && crl) {
@@ -776,7 +780,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
* the current certificate in order to verify it's integrity */
memset((char *)&obj, 0, sizeof(obj));
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
X509_STORE_CTX_cleanup(&store_ctx);
crl = obj.data.crl;
if (rc > 0 && crl) {
@@ -828,7 +832,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
* the current certificate in order to check for revocation */
memset((char *)&obj, 0, sizeof(obj));
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
X509_STORE_CTX_cleanup(&store_ctx);
crl = obj.data.crl;
if (rc > 0 && crl) {