pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/validns validns: fix building with openssl 1.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/89db54bce4ef
branches: trunk
changeset: 450044:89db54bce4ef
user: nia <nia%pkgsrc.org@localhost>
date: Sat Apr 10 08:16:09 2021 +0000
description:
validns: fix building with openssl 1.1
diffstat:
security/validns/Makefile | 4 +-
security/validns/distinfo | 7 +-
security/validns/patches/patch-Makefile | 10 +-
security/validns/patches/patch-dnskey.c | 26 ++++++++
security/validns/patches/patch-nsec3checks.c | 56 +++++++++++++++++
security/validns/patches/patch-rrsig.c | 89 ++++++++++++++++++++++++++++
6 files changed, 183 insertions(+), 9 deletions(-)
diffs (243 lines):
diff -r 35f93d215857 -r 89db54bce4ef security/validns/Makefile
--- a/security/validns/Makefile Sat Apr 10 00:40:25 2021 +0000
+++ b/security/validns/Makefile Sat Apr 10 08:16:09 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.18 2020/04/24 11:41:38 nia Exp $
+# $NetBSD: Makefile,v 1.19 2021/04/10 08:16:09 nia Exp $
#
DISTNAME= validns-0.8
@@ -11,8 +11,6 @@
COMMENT= Validns, a high performance DNS/DNSSEC zone validator
LICENSE= 2-clause-bsd
-BROKEN= "Fails to build with OpenSSL 1.1"
-
# Depends on perl for make tests
#BUILD_DEPENDS+= p5-Test-Command-Simple-[0-9]*:../../devel/p5-Test-Command-Simple
diff -r 35f93d215857 -r 89db54bce4ef security/validns/distinfo
--- a/security/validns/distinfo Sat Apr 10 00:40:25 2021 +0000
+++ b/security/validns/distinfo Sat Apr 10 08:16:09 2021 +0000
@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.8 2017/03/23 17:06:59 joerg Exp $
+$NetBSD: distinfo,v 1.9 2021/04/10 08:16:09 nia Exp $
SHA1 (validns-0.8.tar.gz) = 1d9a233a1111a983d44ff6ccfb93d9308f12e90c
RMD160 (validns-0.8.tar.gz) = 74204348e4478379f14eda129a8f045981e03829
SHA512 (validns-0.8.tar.gz) = 2443bb8a7373f27d41ab3be1a92b61696d05b74afa42c19db54f6e999e4a634499faa44a5feefd3bc515bc677a8ef0a076092cf13316eff6d1cc504ff9702038
Size (validns-0.8.tar.gz) = 190325 bytes
-SHA1 (patch-Makefile) = 638dc179f7f272873fabc7d7b46e2beb140e43bc
+SHA1 (patch-Makefile) = 7a83efee8f0771750aa2aac8f90bfafc8405cd2d
SHA1 (patch-carp.c) = bbb750d013b751ca7994e32244c8865f8687ff1b
+SHA1 (patch-dnskey.c) = 7fa29ab6d53342b4686ac9906ec0c2b452620577
+SHA1 (patch-nsec3checks.c) = 39269b8d86bca7ff7ed04e380fa1516f9937dbda
+SHA1 (patch-rrsig.c) = a4e4be3b08d1aa4040b2f76cc6746d3cb878e1f8
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-Makefile
--- a/security/validns/patches/patch-Makefile Sat Apr 10 00:40:25 2021 +0000
+++ b/security/validns/patches/patch-Makefile Sat Apr 10 08:16:09 2021 +0000
@@ -1,15 +1,17 @@
-$NetBSD: patch-Makefile,v 1.6 2014/02/17 08:18:08 pettai Exp $
+$NetBSD: patch-Makefile,v 1.7 2021/04/10 08:16:09 nia Exp $
-Add (PKG_)PREFIX support
+- Honor CFLAGS.
+- Add (PKG_)PREFIX support.
--- Makefile.orig 2014-02-11 20:08:39.000000000 +0000
+++ Makefile
@@ -1,7 +1,7 @@
# The following options seem to work fine on Linux, FreeBSD, and Darwin
- OPTIMIZE=-O2 -g
+-OPTIMIZE=-O2 -g
-CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing
-INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include
-+CFLAGS=-Wall -pthread -fno-strict-aliasing
++OPTIMIZE=
++CFLAGS+=-Wall -pthread -fno-strict-aliasing
+INCPATH=-I/usr/include -I${PREFIX}/include
CC?=cc
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-dnskey.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/validns/patches/patch-dnskey.c Sat Apr 10 08:16:09 2021 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-dnskey.c,v 1.1 2021/04/10 08:16:09 nia Exp $
+
+Fix building with OpenSSL 1.1. From FreeBSD Ports.
+
+--- dnskey.c.orig 2014-02-11 20:45:11.000000000 +0000
++++ dnskey.c
+@@ -165,11 +165,17 @@ int dnskey_build_pkey(struct rr_dnskey *
+ if (l < e_bytes) /* public key is too short */
+ goto done;
+
+- rsa->e = BN_bin2bn(pk, e_bytes, NULL);
++ BIGNUM *e = BN_bin2bn(pk, e_bytes, NULL);
+ pk += e_bytes;
+ l -= e_bytes;
++ BIGNUM *n = BN_bin2bn(pk, l, NULL);
+
+- rsa->n = BN_bin2bn(pk, l, NULL);
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
++ rsa->e = e;
++ rsa->n = n;
++#else
++ RSA_set0_key(rsa, n, e, NULL);
++#endif
+
+ pkey = EVP_PKEY_new();
+ if (!pkey)
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-nsec3checks.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/validns/patches/patch-nsec3checks.c Sat Apr 10 08:16:09 2021 +0000
@@ -0,0 +1,56 @@
+$NetBSD: patch-nsec3checks.c,v 1.1 2021/04/10 08:16:09 nia Exp $
+
+Fix building with OpenSSL 1.1. From FreeBSD Ports.
+
+--- nsec3checks.c.orig 2014-02-11 20:46:07.000000000 +0000
++++ nsec3checks.c
+@@ -28,7 +28,7 @@
+ static struct binary_data name2hash(char *name, struct rr *param)
+ {
+ struct rr_nsec3param *p = (struct rr_nsec3param *)param;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx;
+ unsigned char md0[EVP_MAX_MD_SIZE];
+ unsigned char md1[EVP_MAX_MD_SIZE];
+ unsigned char *md[2];
+@@ -45,26 +45,28 @@ static struct binary_data name2hash(char
+
+ /* XXX Maybe use Init_ex and Final_ex for speed? */
+
+- EVP_MD_CTX_init(&ctx);
+- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
+- return r;
+- digest_size = EVP_MD_CTX_size(&ctx);
+- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length);
+- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
+- EVP_DigestFinal(&ctx, md[mdi], NULL);
++ ctx = EVP_MD_CTX_create();
++ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
++ goto out;
++ digest_size = EVP_MD_CTX_size(ctx);
++ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length);
++ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
++ EVP_DigestFinal(ctx, md[mdi], NULL);
+
+ for (i = 0; i < p->iterations; i++) {
+- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
+- return r;
+- EVP_DigestUpdate(&ctx, md[mdi], digest_size);
++ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
++ goto out;
++ EVP_DigestUpdate(ctx, md[mdi], digest_size);
+ mdi = (mdi + 1) % 2;
+- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
+- EVP_DigestFinal(&ctx, md[mdi], NULL);
++ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
++ EVP_DigestFinal(ctx, md[mdi], NULL);
+ }
+
+ r.length = digest_size;
+ r.data = getmem(digest_size);
+ memcpy(r.data, md[mdi], digest_size);
++ out:
++ EVP_MD_CTX_destroy(ctx);
+ return r;
+ }
+
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-rrsig.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/validns/patches/patch-rrsig.c Sat Apr 10 08:16:09 2021 +0000
@@ -0,0 +1,89 @@
+$NetBSD: patch-rrsig.c,v 1.1 2021/04/10 08:16:09 nia Exp $
+
+Fix building with OpenSSL 1.1. From FreeBSD Ports.
+
+--- rrsig.c.orig 2014-02-11 20:45:39.000000000 +0000
++++ rrsig.c
+@@ -26,7 +26,7 @@
+ struct verification_data
+ {
+ struct verification_data *next;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx;
+ struct rr_dnskey *key;
+ struct rr_rrsig *rr;
+ int ok;
+@@ -180,7 +180,8 @@ void *verification_thread(void *dummy)
+ if (d) {
+ int r;
+ d->next = NULL;
+- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++ EVP_MD_CTX_destroy(d->ctx);
+ if (r == 1) {
+ d->ok = 1;
+ } else {
+@@ -232,7 +233,8 @@ static void schedule_verification(struct
+ } else {
+ int r;
+ G.stats.signatures_verified++;
+- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++ EVP_MD_CTX_destroy(d->ctx);
+ if (r == 1) {
+ d->ok = 1;
+ } else {
+@@ -250,21 +252,21 @@ static int verify_signature(struct verif
+ struct rr *signed_rr;
+ int i;
+
+- EVP_MD_CTX_init(&d->ctx);
++ d->ctx = EVP_MD_CTX_create();
+ switch (d->rr->algorithm) {
+ case ALG_DSA:
+ case ALG_RSASHA1:
+ case ALG_DSA_NSEC3_SHA1:
+ case ALG_RSASHA1_NSEC3_SHA1:
+- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
++ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
+ return 0;
+ break;
+ case ALG_RSASHA256:
+- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
++ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
+ return 0;
+ break;
+ case ALG_RSASHA512:
+- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
++ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
+ return 0;
+ break;
+ default:
+@@ -274,7 +276,7 @@ static int verify_signature(struct verif
+ chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
+ if (chunk.length < 0)
+ return 0;
+- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
++ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
+
+ set = getmem_temp(sizeof(*set) * signed_set->count);
+
+@@ -294,12 +296,12 @@ static int verify_signature(struct verif
+ chunk = name2wire_name(signed_set->named_rr->name);
+ if (chunk.length < 0)
+ return 0;
+- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
+- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2);
+- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2);
+- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4);
+- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2);
+- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length);
++ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
++ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2);
++ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2);
++ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4);
++ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2);
++ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length);
+ }
+
+ schedule_verification(d);
Home |
Main Index |
Thread Index |
Old Index