[Pkg-net-snmp-devel] Bug#852479: net-snmp: diff for NMU version 5.7.3+dfsg-1.7
Niels Thykier
niels at thykier.net
Tue Jan 24 20:27:09 UTC 2017
Package: net-snmp
Version: 5.7.3+dfsg-1.6
Severity: normal
Tags: patch pending
Dear maintainer,
I've prepared an NMU for net-snmp (versioned as 5.7.3+dfsg-1.7). The diff
is attached to this message.
Regards.
diff -Nru net-snmp-5.7.3+dfsg/debian/changelog net-snmp-5.7.3+dfsg/debian/changelog
--- net-snmp-5.7.3+dfsg/debian/changelog 2017-01-14 08:40:05.000000000 +0000
+++ net-snmp-5.7.3+dfsg/debian/changelog 2017-01-24 20:16:23.000000000 +0000
@@ -1,3 +1,22 @@
+net-snmp (5.7.3+dfsg-1.7) unstable; urgency=medium
+
+ [ Niels Thykier ]
+ * Non-maintainer upload with the following changes from
+ other people.
+
+ [ Sebastian Andrzej Siewior ]
+ * drop dep on libssl1.0-dev in the dev package. (Closes: #851946)
+ * add a guard to catch users of the wrong library
+ * remove "-lcrypto" from the pkg-config when linking statically.
+ This is technical suboptimal and should ideally be reverted
+ for buster (when all packages migrate to the same ssl version).
+
+ [ Adrian Bunk ]
+ * Re-able "pie" hardening as its absence is causing issues for
+ reverse dependencies. (Closes: #852023)
+
+ -- Niels Thykier <niels at thykier.net> Tue, 24 Jan 2017 20:16:23 +0000
+
net-snmp (5.7.3+dfsg-1.6) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru net-snmp-5.7.3+dfsg/debian/control net-snmp-5.7.3+dfsg/debian/control
--- net-snmp-5.7.3+dfsg/debian/control 2017-01-14 08:18:58.000000000 +0000
+++ net-snmp-5.7.3+dfsg/debian/control 2017-01-24 19:53:24.000000000 +0000
@@ -120,7 +120,7 @@
Provides: libsnmp9-dev
Conflicts: libsnmp9-dev, libsnmp15-dev, snmp (<< 5.4~dfsg)
Breaks: libsnmp-base (<< 5.7.2~dfsg-8.1~)
-Depends: libc6-dev, libsnmp30 (=${binary:Version}), libwrap0-dev, libssl1.0-dev | libssl-dev (<< 1.1), procps,
+Depends: libc6-dev, libsnmp30 (=${binary:Version}), libwrap0-dev, procps,
libkvm-dev [kfreebsd-any], libsensors4-dev [linux-any], ${misc:Depends},
libpci-dev
Description: SNMP (Simple Network Management Protocol) development files
diff -Nru net-snmp-5.7.3+dfsg/debian/patches/drop_lcrypto_from_NSC_LNETSNMPLIBS.patch net-snmp-5.7.3+dfsg/debian/patches/drop_lcrypto_from_NSC_LNETSNMPLIBS.patch
--- net-snmp-5.7.3+dfsg/debian/patches/drop_lcrypto_from_NSC_LNETSNMPLIBS.patch 1970-01-01 00:00:00.000000000 +0000
+++ net-snmp-5.7.3+dfsg/debian/patches/drop_lcrypto_from_NSC_LNETSNMPLIBS.patch 2017-01-24 19:53:24.000000000 +0000
@@ -0,0 +1,22 @@
+Subject: drop lcrypto from NSC_LNETSNMPLIBS
+
+The -lcrypto in NSC_LNETSNMPLIBS shouldn't be required for most compiles. It
+will break static linking but usually don't do this.
+The main reason for this is to avoid pullin in libssl's dev package in.
+
+Signed-of-by: Sebastian Andrzej Siewior <sebastian at breakpoint.c>
+---
+ net-snmp-config.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net-snmp-config.in
++++ b/net-snmp-config.in
+@@ -49,7 +49,7 @@ datarootdir=@datarootdir@
+ NSC_LDFLAGS="@LDFLAGS@"
+
+ NSC_LIBS="@LIBS@"
+-NSC_LNETSNMPLIBS="@LNETSNMPLIBS@"
++NSC_LNETSNMPLIBS="" #"@LNETSNMPLIBS@"
+ NSC_LAGENTLIBS="@LAGENTLIBS@ @PERLLDOPTS_FOR_APPS@"
+ NSC_LMIBLIBS="@LMIBLIBS@"
+
diff -Nru net-snmp-5.7.3+dfsg/debian/patches/ensure_correct_openssl_version.patch net-snmp-5.7.3+dfsg/debian/patches/ensure_correct_openssl_version.patch
--- net-snmp-5.7.3+dfsg/debian/patches/ensure_correct_openssl_version.patch 1970-01-01 00:00:00.000000000 +0000
+++ net-snmp-5.7.3+dfsg/debian/patches/ensure_correct_openssl_version.patch 2017-01-24 19:53:24.000000000 +0000
@@ -0,0 +1,24 @@
+Subject: Ensure correct openssl version
+
+The dev package does not depend on openssl headers which means 1.0.2 and 1.1.0
+can be installed. If cert_util.h functionality is used by 3rd party then it
+should be ensured that it is linked and compiled against 1.0.2.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+---
+ include/net-snmp/library/cert_util.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/include/net-snmp/library/cert_util.h
++++ b/include/net-snmp/library/cert_util.h
+@@ -9,6 +9,10 @@
+ #error "must include <openssl/x509.h> before cert_util.h"
+ #endif
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#error This needs to be compiled against openssl 1.0.2.
++#endif
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
diff -Nru net-snmp-5.7.3+dfsg/debian/patches/series net-snmp-5.7.3+dfsg/debian/patches/series
--- net-snmp-5.7.3+dfsg/debian/patches/series 2016-09-02 14:26:20.000000000 +0000
+++ net-snmp-5.7.3+dfsg/debian/patches/series 2017-01-24 19:53:24.000000000 +0000
@@ -32,3 +32,5 @@
fix_engineid_reprobe.diff
0001-Remove-U64-typedef.patch
0001-CHANGES-BUG-2712-Fix-Perl-module-compilation.patch
+ensure_correct_openssl_version.patch
+drop_lcrypto_from_NSC_LNETSNMPLIBS.patch
diff -Nru net-snmp-5.7.3+dfsg/debian/rules net-snmp-5.7.3+dfsg/debian/rules
--- net-snmp-5.7.3+dfsg/debian/rules 2016-06-20 08:36:05.000000000 +0000
+++ net-snmp-5.7.3+dfsg/debian/rules 2017-01-24 20:03:32.000000000 +0000
@@ -1,9 +1,7 @@
#!/usr/bin/make -f
#export DH_VERBOSE=1
-# TODO
-# without -pie build fails during perl module build somehow...
-export DEB_BUILD_MAINT_OPTIONS := hardening=+all,-pie
+export DEB_BUILD_MAINT_OPTIONS := hardening=+all
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
LIB_VERSION = 30
More information about the Pkg-net-snmp-devel
mailing list