From a63d554d9a0b4acdba31ae932a465184a3d94b9e Mon Sep 17 00:00:00 2001 From: Jordan Williams Date: Sat, 19 Oct 2024 15:32:03 -0500 Subject: [PATCH] perlPackages.NetSNMP: add patch to support newer SHA algorithms The aged perlPackages.NetSNMP library does not support modern SHA algorithms for authentication. It's possible to enable support for these newer protocols with a patch. The patch is taken from the OpenBSD ports tree: https://github.com/openbsd/ports/blob/master/net/p5-Net-SNMP/patches/patch-lib_Net_SNMP_Security_USM_pm It enables support for SHA 224, 256, 384, and 512. --- .../net-snmp-fix-dependencies.patch | 65 +++++++++++++++++++ pkgs/top-level/perl-packages.nix | 13 ++++ 2 files changed, 78 insertions(+) create mode 100644 pkgs/development/perl-modules/net-snmp-fix-dependencies.patch diff --git a/pkgs/development/perl-modules/net-snmp-fix-dependencies.patch b/pkgs/development/perl-modules/net-snmp-fix-dependencies.patch new file mode 100644 index 00000000000000..b8e399acec99cf --- /dev/null +++ b/pkgs/development/perl-modules/net-snmp-fix-dependencies.patch @@ -0,0 +1,65 @@ +diff --git a/Build.PL b/Build.PL +index 71d216e..7667ac0 100644 +--- a/Build.PL ++++ b/Build.PL +@@ -37,10 +37,10 @@ Module::Build->new( + recommends => { + Crypt::DES => '2.03', # SNMPv3 + Digest::MD5 => '2.11', # SNMPv3 +- Digest::SHA1 => '1.02', # SNMPv3 +- Digest::HMAC => '1.00', # SNMPv3 +- Crypt::Rijndael => '1.02', # SNMPv3 - AES Cipher Algorithm +- Socket6 => '0.23', # UDP/IPv6 or TCP/IPv6 Transport Domain ++ Digest::SHA => 0, # SNMPv3 ++ Digest::HMAC_MD5 => '1.01', # SNMPv3 ++ Crypt::Rijndael => '1.02', # SNMPv3 - AES Cipher Algorithm ++ Socket6 => '0.23', # UDP/IPv6 or TCP/IPv6 Transport Domain + }, + meta_merge => { + resources => { +diff --git a/META.yml b/META.yml +index f260431..aaf6d4e 100644 +--- a/META.yml ++++ b/META.yml +@@ -61,9 +61,9 @@ provides: + recommends: + Crypt::DES: 2.03 + Crypt::Rijndael: 1.02 +- Digest::HMAC: 1.00 ++ Digest::HMAC_MD5: 1.01 + Digest::MD5: 2.11 +- Digest::SHA1: 1.02 ++ Digest::SHA: 0 + Socket6: 0.23 + requires: + Carp: 0 +diff --git a/Makefile.PL b/Makefile.PL +index 4678c32..8322589 100644 +--- a/Makefile.PL ++++ b/Makefile.PL +@@ -40,8 +40,8 @@ WriteMakefile( + Math::BigInt => 0, + Crypt::DES => '2.03', # SNMPv3 + Digest::MD5 => '2.11', # SNMPv3 +- Digest::SHA1 => '1.02', # SNMPv3 +- Digest::HMAC => '1.00', # SNMPv3 ++ Digest::SHA => 0, # SNMPv3 ++ Digest::HMAC_MD5 => '1.01', # SNMPv3 + }, + dist => { + CI => 'ci -u -sRel -m\"Changes for $(VERSION)\"', +diff --git a/lib/Net/SNMP.pm b/lib/Net/SNMP.pm +index b0dfe22..0db78b1 100644 +--- a/lib/Net/SNMP.pm ++++ b/lib/Net/SNMP.pm +@@ -3550,8 +3550,8 @@ earlier than v5.6.0. + + =item * + +-The non-core modules F, F, F, and +-F are required to support SNMPv3. ++The non-core modules F, F, and ++F are required to support SNMPv3. + + =item * + diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index f1d40ccc835b96..16d09eb89249b1 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -19213,6 +19213,19 @@ with self; { url = "mirror://cpan/authors/id/D/DT/DTOWN/Net-SNMP-v6.0.1.tar.gz"; hash = "sha256-FMN7wcuz883H1sE+DyeoWfFM3P1epUoEZ6iLwlmwt0E="; }; + patches = [ + (fetchpatch { + name = "enable-newer-sha-algorithms.patch"; + url = "https://raw.githubusercontent.com/openbsd/ports/ab6365da3ac861e1c56520acdf388d421b357c17/net/p5-Net-SNMP/patches/patch-lib_Net_SNMP_Security_USM_pm"; + hash = "sha256-eDfXyYFFvMDQk8xlE6/w3ZWht4E5oupAOpING8cOyRY="; + postFetch = '' + substituteInPlace $out \ + --replace-fail "--- lib/Net/SNMP/Security/USM.pm.orig" "--- a/lib/Net/SNMP/Security/USM.pm" \ + --replace-fail "+++ lib/Net/SNMP/Security/USM.pm" "+++ b/lib/Net/SNMP/Security/USM.pm" + ''; + }) + ../development/perl-modules/net-snmp-fix-dependencies.patch + ]; doCheck = false; # The test suite fails, see https://rt.cpan.org/Public/Bug/Display.html?id=85799 meta = { description = "Object oriented interface to SNMP";