From 79b42f53eafe0325122ac9b912e26744d9f986f4 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Wed, 30 Nov 2016 14:58:15 +0100 Subject: [PATCH] Drop patches integrated upstream --- debian/patches/15_check_smtp_expect | 28 -- debian/patches/16_check_smtp_quit | 31 -- debian/patches/17_check_smtp_forcetls_on_cert | 36 -- debian/patches/20_check_radius_radcli | 347 ------------------ debian/patches/21_openssl11 | 204 ---------- debian/patches/series | 10 - 6 files changed, 656 deletions(-) delete mode 100644 debian/patches/15_check_smtp_expect delete mode 100644 debian/patches/16_check_smtp_quit delete mode 100644 debian/patches/17_check_smtp_forcetls_on_cert delete mode 100644 debian/patches/20_check_radius_radcli delete mode 100644 debian/patches/21_openssl11 diff --git a/debian/patches/15_check_smtp_expect b/debian/patches/15_check_smtp_expect deleted file mode 100644 index 9d88acb..0000000 --- a/debian/patches/15_check_smtp_expect +++ /dev/null @@ -1,28 +0,0 @@ -From b6de2341f8683d51b8723b772e4753507b1607f5 Mon Sep 17 00:00:00 2001 -From: Oliver Skibbe -Date: Thu, 8 Oct 2015 09:04:29 +0200 -Subject: [PATCH] check_smtp.c: modified SSL check for use with -e - - - currently STARTTLS check does not work with -e if there's text - like '220 hostname ESMTP*'. This is caused by SMTP answer from - host. Postfix answer: 220 2.0.0 Ready to start TLS, Exchange - 2010: 220 2.0.0 SMTP server ready. This fix checks against 220 - - closes #1093 ---- - plugins/check_smtp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c -index 2e9b68b..1996c6d 100644 ---- a/plugins/check_smtp.c -+++ b/plugins/check_smtp.c -@@ -231,7 +231,7 @@ main (int argc, char **argv) - send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); - - recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ -- if (!strstr (buffer, server_expect)) { -+ if (!strstr (buffer, SMTP_EXPECT)) { - printf (_("Server does not support STARTTLS\n")); - smtp_quit(); - return STATE_UNKNOWN; diff --git a/debian/patches/16_check_smtp_quit b/debian/patches/16_check_smtp_quit deleted file mode 100644 index 729a0a4..0000000 --- a/debian/patches/16_check_smtp_quit +++ /dev/null @@ -1,31 +0,0 @@ -From b317aaf32a8a054f0274aef9137353bffef7a80c Mon Sep 17 00:00:00 2001 -From: Holger Weiss -Date: Tue, 6 Oct 2015 23:21:17 +0200 -Subject: [PATCH] check_smtp: QUIT SMTP connection when "-D" is used - -Don't forget to issue an SMTP QUIT command when the -D/--certificate -option is specified. This avoids undesired MTA log messages. ---- - plugins/check_smtp.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c -index 56040ff..753ea3e 100644 ---- a/plugins/check_smtp.c -+++ b/plugins/check_smtp.c -@@ -276,6 +276,7 @@ main (int argc, char **argv) - # ifdef USE_OPENSSL - if ( check_cert ) { - result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); -+ smtp_quit(); - my_close(); - return result; - } -@@ -607,6 +608,7 @@ process_arguments (int argc, char **argv) - days_till_exp_warn = atoi (optarg); - } - check_cert = TRUE; -+ ignore_send_quit_failure = TRUE; - #else - usage (_("SSL support not available - install OpenSSL and recompile")); - #endif diff --git a/debian/patches/17_check_smtp_forcetls_on_cert b/debian/patches/17_check_smtp_forcetls_on_cert deleted file mode 100644 index 0e92a1e..0000000 --- a/debian/patches/17_check_smtp_forcetls_on_cert +++ /dev/null @@ -1,36 +0,0 @@ -From dfe66c01c0b556dfbac9c1d901d3ba9ed6a1deac Mon Sep 17 00:00:00 2001 -From: Holger Weiss -Date: Tue, 6 Oct 2015 23:28:24 +0200 -Subject: [PATCH] check_smtp: Let "-D" option imply "-S" - ---- - plugins/check_smtp.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c -index 753ea3e..2e9b68b 100644 ---- a/plugins/check_smtp.c -+++ b/plugins/check_smtp.c -@@ -582,11 +582,6 @@ process_arguments (int argc, char **argv) - usage4 (_("Timeout interval must be a positive integer")); - } - break; -- case 'S': -- /* starttls */ -- use_ssl = TRUE; -- use_ehlo = TRUE; -- break; - case 'D': - /* Check SSL cert validity */ - #ifdef USE_OPENSSL -@@ -612,6 +607,10 @@ process_arguments (int argc, char **argv) - #else - usage (_("SSL support not available - install OpenSSL and recompile")); - #endif -+ case 'S': -+ /* starttls */ -+ use_ssl = TRUE; -+ use_ehlo = TRUE; - break; - case '4': - address_family = AF_INET; diff --git a/debian/patches/20_check_radius_radcli b/debian/patches/20_check_radius_radcli deleted file mode 100644 index 4aa32d1..0000000 --- a/debian/patches/20_check_radius_radcli +++ /dev/null @@ -1,347 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -273,26 +273,33 @@ - dnl Check for radius libraries - AS_IF([test "x$with_radius" != "xno"], [ - _SAVEDLIBS="$LIBS" -- AC_CHECK_LIB(freeradius-client,rc_read_config) -- if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then -+ AC_CHECK_LIB(radcli,rc_read_config) -+ if test "$ac_cv_lib_radcli_rc_read_config" = "yes"; then - EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -- RADIUSLIBS="-lfreeradius-client" -+ RADIUSLIBS="-lradcli" - AC_SUBST(RADIUSLIBS) - else -- AC_CHECK_LIB(radiusclient-ng,rc_read_config) -- if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then -+ AC_CHECK_LIB(freeradius-client,rc_read_config) -+ if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then - EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -- RADIUSLIBS="-lradiusclient-ng" -+ RADIUSLIBS="-lfreeradius-client" - AC_SUBST(RADIUSLIBS) - else -- AC_CHECK_LIB(radiusclient,rc_read_config) -- if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then -+ AC_CHECK_LIB(radiusclient-ng,rc_read_config) -+ if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then - EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -- RADIUSLIBS="-lradiusclient" -+ RADIUSLIBS="-lradiusclient-ng" - AC_SUBST(RADIUSLIBS) - else -- AC_MSG_WARN([Skipping radius plugin]) -- AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).]) -+ AC_CHECK_LIB(radiusclient,rc_read_config) -+ if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then -+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -+ RADIUSLIBS="-lradiusclient" -+ AC_SUBST(RADIUSLIBS) -+ else -+ AC_MSG_WARN([Skipping radius plugin]) -+ AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).]) -+ fi - fi - fi - fi ---- a/plugins/check_radius.c -+++ b/plugins/check_radius.c -@@ -36,7 +36,9 @@ - #include "utils.h" - #include "netutils.h" - --#if defined(HAVE_LIBFREERADIUS_CLIENT) -+#if defined(HAVE_LIBRADCLI) -+#include -+#elif defined(HAVE_LIBFREERADIUS_CLIENT) - #include - #elif defined(HAVE_LIBRADIUSCLIENT_NG) - #include -@@ -48,22 +50,24 @@ - void print_help (void); - void print_usage (void); - --#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) -+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) - #define my_rc_conf_str(a) rc_conf_str(rch,a) -+#if defined(HAVE_LIBRADCLI) -+#define my_rc_send_server(a,b) rc_send_server(rch,a,b,AUTH) -+#else - #define my_rc_send_server(a,b) rc_send_server(rch,a,b) --#ifdef HAVE_LIBFREERADIUS_CLIENT -+#endif -+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI) - #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f) - #else - #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f) - #endif --#define my_rc_own_ipaddress() rc_own_ipaddress(rch) - #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d) - #define my_rc_read_dictionary(a) rc_read_dictionary(rch, a) - #else - #define my_rc_conf_str(a) rc_conf_str(a) - #define my_rc_send_server(a,b) rc_send_server(a, b) - #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f) --#define my_rc_own_ipaddress() rc_own_ipaddress() - #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d) - #define my_rc_read_dictionary(a) rc_read_dictionary(a) - #endif -@@ -76,7 +80,7 @@ - - int my_rc_read_config(char *); - --#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) -+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) - rc_handle *rch = NULL; - #endif - -@@ -90,7 +94,6 @@ - unsigned short port = PW_AUTH_UDP_PORT; - int retries = 1; - int verbose = FALSE; --ENV *env = NULL; - - /****************************************************************************** - -@@ -150,6 +153,8 @@ - int - main (int argc, char **argv) - { -+ struct sockaddr_storage ss; -+ char name[HOST_NAME_MAX]; - char msg[BUFFER_LEN]; - SEND_DATA data; - int result = STATE_UNKNOWN; -@@ -185,15 +190,14 @@ - die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n")); - } - -- if (nasipaddress != NULL) { -- if (rc_good_ipaddr (nasipaddress)) -- die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); -- if ((client_id = rc_get_ipaddr(nasipaddress)) == 0) -- die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); -- } else { -- if ((client_id = my_rc_own_ipaddress ()) == 0) -- die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address\n")); -+ if (nasipaddress == NULL) { -+ if (gethostname (name, sizeof(name)) != 0) -+ die (STATE_UNKNOWN, _("gethostname() failed!\n")); -+ nasipaddress = name; - } -+ if (!dns_lookup (nasipaddress, &ss, AF_INET)) /* TODO: Support IPv6. */ -+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); -+ client_id = ntohl (((struct sockaddr_in *)&ss)->sin_addr.s_addr); - if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); - -@@ -399,7 +403,7 @@ - - int my_rc_read_config(char * a) - { --#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) -+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) - rch = rc_read_config(a); - return (rch == NULL) ? 1 : 0; - #else ---- a/config.h.in -+++ b/config.h.in -@@ -483,6 +483,9 @@ - /* Define to 1 if you have the `pthread' library (-lpthread). */ - #undef HAVE_LIBPTHREAD - -+/* Define to 1 if you have the `radcli' library (-lradcli). */ -+#undef HAVE_LIBRADCLI -+ - /* Define to 1 if you have the `radiusclient' library (-lradiusclient). */ - #undef HAVE_LIBRADIUSCLIENT - ---- a/configure -+++ b/configure -@@ -14963,7 +14963,57 @@ - if test "x$with_radius" != "xno"; then : - - _SAVEDLIBS="$LIBS" -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lfreeradius-client" >&5 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradcli" >&5 -+$as_echo_n "checking for rc_read_config in -lradcli... " >&6; } -+if ${ac_cv_lib_radcli_rc_read_config+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ ac_check_lib_save_LIBS=$LIBS -+LIBS="-lradcli $LIBS" -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+/* Override any GCC internal prototype to avoid an error. -+ Use char because int might match the return type of a GCC -+ builtin and then its argument prototype would still apply. */ -+#ifdef __cplusplus -+extern "C" -+#endif -+char rc_read_config (); -+int -+main () -+{ -+return rc_read_config (); -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ ac_cv_lib_radcli_rc_read_config=yes -+else -+ ac_cv_lib_radcli_rc_read_config=no -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+LIBS=$ac_check_lib_save_LIBS -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_radcli_rc_read_config" >&5 -+$as_echo "$ac_cv_lib_radcli_rc_read_config" >&6; } -+if test "x$ac_cv_lib_radcli_rc_read_config" = xyes; then : -+ cat >>confdefs.h <<_ACEOF -+#define HAVE_LIBRADCLI 1 -+_ACEOF -+ -+ LIBS="-lradcli $LIBS" -+ -+fi -+ -+ if test "$ac_cv_lib_radcli_rc_read_config" = "yes"; then -+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -+ RADIUSLIBS="-lradcli" -+ -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lfreeradius-client" >&5 - $as_echo_n "checking for rc_read_config in -lfreeradius-client... " >&6; } - if ${ac_cv_lib_freeradius_client_rc_read_config+:} false; then : - $as_echo_n "(cached) " >&6 -@@ -15008,12 +15058,12 @@ - - fi - -- if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then -- EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -- RADIUSLIBS="-lfreeradius-client" -+ if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then -+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -+ RADIUSLIBS="-lfreeradius-client" - -- else -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient-ng" >&5 -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient-ng" >&5 - $as_echo_n "checking for rc_read_config in -lradiusclient-ng... " >&6; } - if ${ac_cv_lib_radiusclient_ng_rc_read_config+:} false; then : - $as_echo_n "(cached) " >&6 -@@ -15058,12 +15108,12 @@ - - fi - -- if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then -- EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -- RADIUSLIBS="-lradiusclient-ng" -+ if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then -+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -+ RADIUSLIBS="-lradiusclient-ng" - -- else -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient" >&5 -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rc_read_config in -lradiusclient" >&5 - $as_echo_n "checking for rc_read_config in -lradiusclient... " >&6; } - if ${ac_cv_lib_radiusclient_rc_read_config+:} false; then : - $as_echo_n "(cached) " >&6 -@@ -15108,15 +15158,16 @@ - - fi - -- if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then -- EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -- RADIUSLIBS="-lradiusclient" -+ if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then -+ EXTRAS="$EXTRAS check_radius\$(EXEEXT)" -+ RADIUSLIBS="-lradiusclient" - -- else -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Skipping radius plugin" >&5 -+ else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Skipping radius plugin" >&5 - $as_echo "$as_me: WARNING: Skipping radius plugin" >&2;} -- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: install radius libs to compile this plugin (see REQUIREMENTS)." >&5 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: install radius libs to compile this plugin (see REQUIREMENTS)." >&5 - $as_echo "$as_me: WARNING: install radius libs to compile this plugin (see REQUIREMENTS)." >&2;} -+ fi - fi - fi - fi ---- a/plugins/netutils.c -+++ b/plugins/netutils.c -@@ -357,20 +357,21 @@ - } - - int --resolve_host_or_addr (const char *address, int family) -+dns_lookup (const char *in, struct sockaddr_storage *ss, int family) - { - struct addrinfo hints; - struct addrinfo *res; - int retval; - -- memset (&hints, 0, sizeof (hints)); -+ memset (&hints, 0, sizeof(struct addrinfo)); - hints.ai_family = family; -- retval = getaddrinfo (address, NULL, &hints, &res); - -+ retval = getaddrinfo (in, NULL, &hints, &res); - if (retval != 0) - return FALSE; -- else { -- freeaddrinfo (res); -- return TRUE; -- } -+ -+ if (ss != NULL) -+ memcpy (ss, res->ai_addr, res->ai_addrlen); -+ freeaddrinfo (res); -+ return TRUE; - } ---- a/plugins/netutils.h -+++ b/plugins/netutils.h -@@ -45,6 +45,10 @@ - # endif /* UNIX_PATH_MAX */ - #endif /* HAVE_SYS_UN_H */ - -+#ifndef HOST_MAX_BYTES -+# define HOST_MAX_BYTES 255 -+#endif -+ - /* process_request and wrapper macros */ - #define process_tcp_request(addr, port, sbuf, rbuf, rsize) \ - process_request(addr, port, IPPROTO_TCP, sbuf, rbuf, rsize) -@@ -71,8 +75,9 @@ - /* "is_*" wrapper macros and functions */ - int is_host (const char *); - int is_addr (const char *); --int resolve_host_or_addr (const char *, int); -+int dns_lookup (const char *, struct sockaddr_storage *, int); - void host_or_die(const char *str); -+#define resolve_host_or_addr(addr, family) dns_lookup(addr, NULL, family) - #define is_inet_addr(addr) resolve_host_or_addr(addr, AF_INET) - #ifdef USE_IPV6 - # define is_inet6_addr(addr) resolve_host_or_addr(addr, AF_INET6) ---- a/plugins/check_smtp.c -+++ b/plugins/check_smtp.c -@@ -59,10 +59,6 @@ - #define SMTP_STARTTLS "STARTTLS\r\n" - #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n" - --#ifndef HOST_MAX_BYTES --#define HOST_MAX_BYTES 255 --#endif -- - #define EHLO_SUPPORTS_STARTTLS 1 - - int process_arguments (int, char **); diff --git a/debian/patches/21_openssl11 b/debian/patches/21_openssl11 deleted file mode 100644 index 6f6609e..0000000 --- a/debian/patches/21_openssl11 +++ /dev/null @@ -1,204 +0,0 @@ -From fe1c4bb0e5ea3632d608a6b8b7e51d580856d833 Mon Sep 17 00:00:00 2001 -From: vagrant -Date: Sun, 13 Nov 2016 19:39:46 +0000 -Subject: [PATCH] add openssl 1.1 support - -changes: - - CRYPTO_lock detection replaced in configure.ac. We don't use that - function anywhere, so just replace it with the suggested one from - https://wiki.openssl.org/index.php/Library_Initialization#Autoconf - - OPENSSL_NO_SSL2 is no longer defined while ssl2 is not included. - Set it ourself using the suggested openssl 1.1 version check from - https://wiki.openssl.org/index.php/1.1_API_Changes#Backward_compatibility - - openssl 1.1 sends a sigpipe if the connection is still open when - calling SSL_shutdown(), so move the close before the shutdown. - -Signed-off-by: Sven Nierlein ---- - configure.ac | 6 +++--- - plugins/check_http.c | 4 ++-- - plugins/check_smtp.c | 8 +++++--- - plugins/check_tcp.c | 4 ++-- - plugins/common.h | 7 +++++++ - 5 files changed, 19 insertions(+), 10 deletions(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -493,15 +493,15 @@ - dnl Check for crypto lib - _SAVEDLIBS="$LIBS" - LIBS="-L${with_openssl}/lib" -- AC_CHECK_LIB(crypto,CRYPTO_lock) -- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then -+ AC_CHECK_LIB(crypto,CRYPTO_new_ex_data) -+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then - dnl Check for SSL lib - AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto) - fi - LIBS="$_SAVEDLIBS" - - dnl test headers and libs to decide whether check_http should use SSL -- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then -+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then - if test "$ac_cv_lib_ssl_main" = "yes"; then - if test "$FOUNDINCLUDE" = "yes"; then - FOUNDOPENSSL="yes" ---- a/plugins/check_http.c -+++ b/plugins/check_http.c -@@ -886,8 +886,8 @@ - elapsed_time_ssl = (double)microsec_ssl / 1.0e6; - if (check_cert == TRUE) { - result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); -- np_net_ssl_cleanup(); - if (sd) close(sd); -+ np_net_ssl_cleanup(); - return result; - } - } -@@ -1005,10 +1005,10 @@ - die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n")); - - /* close the connection */ -+ if (sd) close(sd); - #ifdef HAVE_SSL - np_net_ssl_cleanup(); - #endif -- if (sd) close(sd); - - /* Save check time */ - microsec = deltime (tv); ---- a/plugins/check_smtp.c -+++ b/plugins/check_smtp.c -@@ -239,8 +239,8 @@ - result = np_net_ssl_init(sd); - if(result != STATE_OK) { - printf (_("CRITICAL - Cannot create SSL context.\n")); -- np_net_ssl_cleanup(); - close(sd); -+ np_net_ssl_cleanup(); - return STATE_CRITICAL; - } else { - ssl_established = 1; -@@ -764,10 +764,12 @@ - int - my_close (void) - { -+ int result; -+ result = close(sd); - #ifdef HAVE_SSL -- np_net_ssl_cleanup(); -+ np_net_ssl_cleanup(); - #endif -- return close(sd); -+ return result; - } - - ---- a/plugins/check_tcp.c -+++ b/plugins/check_tcp.c -@@ -247,8 +247,8 @@ - } - } - if(result != STATE_OK){ -- np_net_ssl_cleanup(); - if(sd) close(sd); -+ np_net_ssl_cleanup(); - return result; - } - #endif /* HAVE_SSL */ -@@ -321,10 +321,10 @@ - if (server_quit != NULL) { - my_send(server_quit, strlen(server_quit)); - } -+ if (sd) close (sd); - #ifdef HAVE_SSL - np_net_ssl_cleanup(); - #endif -- if (sd) close (sd); - - microsec = deltime (tv); - elapsed_time = (double)microsec / 1.0e6; ---- a/plugins/common.h -+++ b/plugins/common.h -@@ -161,6 +161,13 @@ - # endif - #endif - -+/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */ -+#ifdef OPENSSL_VERSION_NUMBER -+# if OPENSSL_VERSION_NUMBER >= 0x10100000 -+# define OPENSSL_NO_SSL2 -+# endif -+#endif -+ - /* - * - * Standard Values ---- a/configure -+++ b/configure -@@ -15775,9 +15775,9 @@ - - _SAVEDLIBS="$LIBS" - LIBS="-L${with_openssl}/lib" -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_lock in -lcrypto" >&5 --$as_echo_n "checking for CRYPTO_lock in -lcrypto... " >&6; } --if ${ac_cv_lib_crypto_CRYPTO_lock+:} false; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO_new_ex_data in -lcrypto" >&5 -+$as_echo_n "checking for CRYPTO_new_ex_data in -lcrypto... " >&6; } -+if ${ac_cv_lib_crypto_CRYPTO_new_ex_data+:} false; then : - $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS -@@ -15791,27 +15791,27 @@ - #ifdef __cplusplus - extern "C" - #endif --char CRYPTO_lock (); -+char CRYPTO_new_ex_data (); - int - main () - { --return CRYPTO_lock (); -+return CRYPTO_new_ex_data (); - ; - return 0; - } - _ACEOF - if ac_fn_c_try_link "$LINENO"; then : -- ac_cv_lib_crypto_CRYPTO_lock=yes -+ ac_cv_lib_crypto_CRYPTO_new_ex_data=yes - else -- ac_cv_lib_crypto_CRYPTO_lock=no -+ ac_cv_lib_crypto_CRYPTO_new_ex_data=no - fi - rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS=$ac_check_lib_save_LIBS - fi --{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5 --$as_echo "$ac_cv_lib_crypto_CRYPTO_lock" >&6; } --if test "x$ac_cv_lib_crypto_CRYPTO_lock" = xyes; then : -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_CRYPTO_new_ex_data" >&5 -+$as_echo "$ac_cv_lib_crypto_CRYPTO_new_ex_data" >&6; } -+if test "x$ac_cv_lib_crypto_CRYPTO_new_ex_data" = xyes; then : - cat >>confdefs.h <<_ACEOF - #define HAVE_LIBCRYPTO 1 - _ACEOF -@@ -15820,7 +15820,7 @@ - - fi - -- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then -+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lssl" >&5 - $as_echo_n "checking for main in -lssl... " >&6; } - if ${ac_cv_lib_ssl_main+:} false; then : -@@ -15858,7 +15858,7 @@ - fi - LIBS="$_SAVEDLIBS" - -- if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then -+ if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then - if test "$ac_cv_lib_ssl_main" = "yes"; then - if test "$FOUNDINCLUDE" = "yes"; then - FOUNDOPENSSL="yes" diff --git a/debian/patches/series b/debian/patches/series index 9533258..de39cb6 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,12 +1,2 @@ 02_check_icmp_links # commited upstream -#10_sslutils_checksslv3 -#11_check_dhcp_parsing_option -#12_check_ups_perf_data_hresholds -#13_check_snmp_timeout -#14_sslutils_superfluous_parenthesis -15_check_smtp_expect -16_check_smtp_quit -17_check_smtp_forcetls_on_cert -20_check_radius_radcli -21_openssl11