Date: Wednesday, April 26, 2017 @ 19:01:56 Author: jsteel Revision: 225714
upgpkg: nrpe 3.1.0-1 Modified: nrpe/trunk/PKGBUILD Deleted: nrpe/trunk/nrpe-0010-opensslv110-strict.patch nrpe/trunk/nrpe-0011-opensslv110-nosslv2.patch -------------------------------------+ PKGBUILD | 18 +---- nrpe-0010-opensslv110-strict.patch | 54 ---------------- nrpe-0011-opensslv110-nosslv2.patch | 113 ---------------------------------- 3 files changed, 4 insertions(+), 181 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-04-26 19:01:47 UTC (rev 225713) +++ PKGBUILD 2017-04-26 19:01:56 UTC (rev 225714) @@ -3,8 +3,8 @@ # Contributor: Dale Blount <[email protected]> pkgname=nrpe -pkgver=3.0.1 -pkgrel=4 +pkgver=3.1.0 +pkgrel=1 pkgdesc="Nagios Remote Plugin Executor" arch=('i686' 'x86_64') license=('GPL') @@ -13,19 +13,9 @@ install=$pkgname.install backup=('etc/nrpe/nrpe.cfg' 'etc/xinetd.d/nrpe') url="https://github.com/NagiosEnterprises/nrpe"; -source=(https://github.com/NagiosEnterprises/nrpe/releases/download/$pkgver/$pkgname-$pkgver.tar.gz - nrpe-0010-opensslv110-strict.patch - nrpe-0011-opensslv110-nosslv2.patch) -sha256sums=('8f56da2d74f6beca1a04fe04ead84427e582b9bb88611e04e290f59617ca3ea3' - '58ca691a11f5005631f4e940daa18c344b3d2f322184506d63cc1eb2633d30a3' - 'e4383c8261b7097a46d8fe54c97391767a4ef0107d551f55d71940469f5e433f') +source=(https://github.com/NagiosEnterprises/nrpe/releases/download/release-$pkgver/$pkgname-$pkgver.tar.gz) +md5sums=('ad9208ef4938449986cb5c5ba094598e') -prepare() { - cd $pkgname-$pkgver - patch -Np1 -i ../nrpe-0010-opensslv110-strict.patch - patch -Np1 -i ../nrpe-0011-opensslv110-nosslv2.patch -} - build() { cd $pkgname-$pkgver Deleted: nrpe-0010-opensslv110-strict.patch =================================================================== --- nrpe-0010-opensslv110-strict.patch 2017-04-26 19:01:47 UTC (rev 225713) +++ nrpe-0010-opensslv110-strict.patch 2017-04-26 19:01:56 UTC (rev 225714) @@ -1,54 +0,0 @@ -diff -up ./src/check_nrpe.c.opensslv110 ./src/check_nrpe.c ---- ./src/check_nrpe.c.opensslv110 2017-02-07 11:08:23.647733686 -0500 -+++ ./src/check_nrpe.c 2017-02-07 12:44:22.314160593 -0500 -@@ -980,9 +980,10 @@ int connect_to_remote() - if (peer) { - if (sslprm.log_opts & SSL_LogIfClientCert) - syslog(LOG_NOTICE, "SSL %s has %s certificate", -- rem_host, peer->valid ? "a valid" : "an invalid"); -+ rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid"); - if (sslprm.log_opts & SSL_LogCertDetails) { -- syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name); -+ X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer)); -+ syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer); - X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer)); - syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer); - } -@@ -1427,7 +1428,7 @@ int verify_callback(int preverify_ok, X5 - ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - - X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256); -- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256); -+ X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256); - - if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert - && (sslprm.log_opts & SSL_LogCertDetails)) { -diff -up ./src/nrpe.c.opensslv110 ./src/nrpe.c ---- ./src/nrpe.c.opensslv110 2016-09-08 12:18:58.000000000 -0400 -+++ ./src/nrpe.c 2017-02-07 12:42:35.667799987 -0500 -@@ -614,7 +614,7 @@ int verify_callback(int preverify_ok, X5 - ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - - X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256); -- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256); -+ X509_NAME_oneline(err_cert, issuer, 256); - - if (!preverify_ok && (sslprm.log_opts & SSL_LogCertDetails)) { - syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s", -@@ -1785,12 +1785,14 @@ int handle_conn_ssl(int sock, void *ssl_ - peer = SSL_get_peer_certificate(ssl); - - if (peer) { -+ - if (sslprm.log_opts & SSL_LogIfClientCert) - syslog(LOG_NOTICE, "SSL Client %s has %svalid certificate", -- remote_host, peer->valid ? "a " : "an in"); -+ remote_host, SSL_get_verify_result(ssl) ? "a " : "an in"); - if (sslprm.log_opts & SSL_LogCertDetails) { -+ X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer)); - syslog(LOG_NOTICE, "SSL Client %s Cert Name: %s", -- remote_host, peer->name); -+ remote_host, buffer); - X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer)); - syslog(LOG_NOTICE, "SSL Client %s Cert Issuer: %s", - remote_host, buffer); Deleted: nrpe-0011-opensslv110-nosslv2.patch =================================================================== --- nrpe-0011-opensslv110-nosslv2.patch 2017-04-26 19:01:47 UTC (rev 225713) +++ nrpe-0011-opensslv110-nosslv2.patch 2017-04-26 19:01:56 UTC (rev 225714) @@ -1,113 +0,0 @@ -diff -up ./src/check_nrpe.c.opensslv110_nossl2 ./src/check_nrpe.c ---- ./src/check_nrpe.c.opensslv110_nossl2 2017-02-07 13:51:02.848680596 -0500 -+++ ./src/check_nrpe.c 2017-02-07 13:56:14.134901320 -0500 -@@ -64,7 +64,7 @@ int use_ssl = FALSE; - - /* SSL/TLS parameters */ - typedef enum _SSL_VER { -- SSL_Ver_Invalid = 0, SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, -+ SSL_Ver_Invalid = 0, SSLv3=3, SSLv3_plus, - TLSv1, TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus - } SslVer; - -@@ -402,11 +402,7 @@ int process_arguments(int argc, char **a - "overrides the config file option."); - break; - } -- if (!strcmp(optarg, "SSLv2")) -- sslprm.ssl_min_ver = SSLv2; -- else if (!strcmp(optarg, "SSLv2+")) -- sslprm.ssl_min_ver = SSLv2_plus; -- else if (!strcmp(optarg, "SSLv3")) -+ if (!strcmp(optarg, "SSLv3")) - sslprm.ssl_min_ver = SSLv3; - else if (!strcmp(optarg, "SSLv3+")) - sslprm.ssl_min_ver = SSLv3_plus; -@@ -665,8 +661,8 @@ void usage(int result) - printf(" 2 = Force Anonymous Diffie Hellman\n"); - printf(" <size> = Specify non-default payload size for NSClient++\n"); - printf -- (" <ssl ver> = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n"); -- printf(" SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n"); -+ (" <ssl ver> = The SSL/TLS version to use. Can be any one of: \n"); -+ printf(" SSLv3 (only), SSLv3+ (or above),\n"); - printf(" TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n"); - printf(" TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n"); - printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n"); -@@ -736,12 +732,6 @@ void setup_ssl() - sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require")); - syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts); - switch (sslprm.ssl_min_ver) { -- case SSLv2: -- val = "SSLv2"; -- break; -- case SSLv2_plus: -- val = "SSLv2 And Above"; -- break; - case SSLv3: - val = "SSLv3"; - break; -@@ -779,10 +769,6 @@ void setup_ssl() - SSL_library_init(); - meth = SSLv23_client_method(); - --# ifndef OPENSSL_NO_SSL2 -- if (sslprm.ssl_min_ver == SSLv2) -- meth = SSLv2_client_method(); --# endif - # ifndef OPENSSL_NO_SSL3 - if (sslprm.ssl_min_ver == SSLv3) - meth = SSLv3_client_method(); -diff -up ./src/nrpe.c.opensslv110_nossl2 ./src/nrpe.c ---- ./src/nrpe.c.opensslv110_nossl2 2017-02-07 13:51:02.849680580 -0500 -+++ ./src/nrpe.c 2017-02-07 13:51:02.851680549 -0500 -@@ -109,7 +109,7 @@ int listen_queue_size = DEFAULT_LI - - /* SSL/TLS parameters */ - typedef enum _SSL_VER { -- SSLv2 = 1, SSLv2_plus, SSLv3, SSLv3_plus, TLSv1, -+ SSLv3=3, SSLv3_plus, TLSv1, - TLSv1_plus, TLSv1_1, TLSv1_1_plus, TLSv1_2, TLSv1_2_plus - } SslVer; - -@@ -278,10 +278,10 @@ void init_ssl(void) - } - } - } --# ifndef OPENSSL_NO_SSL2 -- if (sslprm.ssl_min_ver == SSLv2) -- meth = SSLv2_server_method(); --# endif -+ -+ -+ -+ - # ifndef OPENSSL_NO_SSL3 - if (sslprm.ssl_min_ver == SSLv3) - meth = SSLv3_server_method(); -@@ -385,12 +385,6 @@ void log_ssl_startup(void) - 1 ? "Accept" : "Require")); - syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts); - switch (sslprm.ssl_min_ver) { -- case SSLv2: -- vers = "SSLv2"; -- break; -- case SSLv2_plus: -- vers = "SSLv2 And Above"; -- break; - case SSLv3: - vers = "SSLv3"; - break; -@@ -796,11 +790,7 @@ int read_config_file(char *filename) - } - - } else if (!strcmp(varname, "ssl_version")) { -- if (!strcmp(varvalue, "SSLv2")) -- sslprm.ssl_min_ver = SSLv2; -- else if (!strcmp(varvalue, "SSLv2+")) -- sslprm.ssl_min_ver = SSLv2_plus; -- else if (!strcmp(varvalue, "SSLv3")) -+ if (!strcmp(varvalue, "SSLv3")) - sslprm.ssl_min_ver = SSLv3; - else if (!strcmp(varvalue, "SSLv3+")) - sslprm.ssl_min_ver = SSLv3_plus;
