diff options
| author | Eric Luehrsen <ericluehrsen@gmail.com> | 2020-01-20 00:40:18 -0500 |
|---|---|---|
| committer | Eric Luehrsen <ericluehrsen@gmail.com> | 2020-01-20 12:28:10 -0500 |
| commit | d77a06a16990b192b8cd76914b290df743463c91 (patch) | |
| tree | cf9482ed1a259aeac9678955700e119b56415d0a /libs/ldns | |
| parent | 12dbedb9f85c37d5f74630c58d5b420e416e4e89 (diff) | |
ldns: update to 1.7.1
squash commits
- add Eric Luehrsen as maintainer
- add ldns-example programs as option
- add ECDSA to support DNSSEC zones with these keys
- remove patches included upstream
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Diffstat (limited to 'libs/ldns')
| -rw-r--r-- | libs/ldns/Makefile | 60 | ||||
| -rw-r--r-- | libs/ldns/patches/001-compile-for-darwin.patch | 13 | ||||
| -rw-r--r-- | libs/ldns/patches/001-fix-cross-compile-on-darwin.patch | 11 | ||||
| -rw-r--r-- | libs/ldns/patches/100-CVE-2017-1000231.patch | 28 | ||||
| -rw-r--r-- | libs/ldns/patches/101-CVE-2017-1000232.patch | 30 | ||||
| -rw-r--r-- | libs/ldns/patches/200-deprecated-openssl.patch | 78 | ||||
| -rw-r--r-- | libs/ldns/patches/300-openssl-engine.patch | 23 |
7 files changed, 65 insertions, 178 deletions
diff --git a/libs/ldns/Makefile b/libs/ldns/Makefile index 484e5c368..093e2be36 100644 --- a/libs/ldns/Makefile +++ b/libs/ldns/Makefile @@ -8,16 +8,16 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ldns -PKG_VERSION:=1.7.0 -PKG_RELEASE:=5 +PKG_VERSION:=1.7.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns -PKG_HASH:=c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc +PKG_HASH:=8ac84c16bdca60e710eea75782356f3ac3b55680d40e1530d7cea474ac208229 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE -PKG_MAINTAINER:= +PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com> PKG_CPE_ID:=cpe:/a:nlnetlabs:ldns PKG_FIXUP:=autoreconf @@ -55,15 +55,31 @@ define Package/drill endef define Package/drill/description - drill is a tool to designed to get all sorts of information out of the DNS. It - is specificly designed to be used with DNSSEC. + ldns includes the drill tool, which is much like dig from BIND. It was + designed with DNSSEC in mind and should be a useful debugging/query tool + for DNSSEC. +endef + +define Package/ldns-examples + $(call Package/libldns/Default) + SECTION:=net + CATEGORY:=Network + SUBMENU:=IP Addresses and Names + TITLE:=Example programs from NLNetLabs ldns library + DEPENDS+= +libldns +libpcap +drill +endef + +define Package/ldns-examples/description + A few example programs are included in the source of ldns. They include tools + which can create DNSSEC keys and DNSSEC zone files. endef CONFIGURE_ARGS += \ - --disable-dane-ta-usage \ - --disable-ecdsa \ + --disable-dsa \ --disable-gost \ + --enable-ecdsa \ --with-drill \ + --with-examples \ --with-ssl="$(STAGING_DIR)/usr" define Build/InstallDev @@ -85,5 +101,33 @@ define Package/drill/install $(CP) $(PKG_INSTALL_DIR)/usr/bin/drill $(1)/usr/bin/ endef +define Package/ldns-examples/install + $(INSTALL_DIR) $(1)/usr/bin + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-chaos $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-compare-zones $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dane $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dpa $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-gen-zone $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-key2ds $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keyfetcher $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keygen $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-mx $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-notify $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-nsec3-hash $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-read-zone $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-revoke $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-rrsig $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-signzone $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-test-edns $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-testns $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-update $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-verify-zone $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-version $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-walk $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zcat $(1)/usr/bin/ + $(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zsplit $(1)/usr/bin/ +endef + $(eval $(call BuildPackage,libldns)) $(eval $(call BuildPackage,drill)) +$(eval $(call BuildPackage,ldns-examples)) diff --git a/libs/ldns/patches/001-compile-for-darwin.patch b/libs/ldns/patches/001-compile-for-darwin.patch new file mode 100644 index 000000000..5ba0d57d4 --- /dev/null +++ b/libs/ldns/patches/001-compile-for-darwin.patch @@ -0,0 +1,13 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -859,10 +859,10 @@ + AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk], + [Set xcode SDK version. Default is autodetect]), + [],[with_xcode_sdk="yes"]) + if test "x_$with_xcode_sdk" != "x_no" ; then + # check OSX deployment target, if needed +- if echo $build_os | grep darwin > /dev/null; then ++ if echo $target_os | grep darwin > /dev/null; then + sdk_p=`xcode-select -print-path`; + if test "x_$with_xcode_sdk" = "x_yes" ; then + sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )" diff --git a/libs/ldns/patches/001-fix-cross-compile-on-darwin.patch b/libs/ldns/patches/001-fix-cross-compile-on-darwin.patch deleted file mode 100644 index ddc2691e8..000000000 --- a/libs/ldns/patches/001-fix-cross-compile-on-darwin.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -842,7 +842,7 @@ ACX_CHECK_FORMAT_ATTRIBUTE - ACX_CHECK_UNUSED_ATTRIBUTE - - # check OSX deployment target, if needed --if echo $build_os | grep darwin > /dev/null; then -+if echo $target_os | grep darwin > /dev/null; then - sdk_p=`xcode-select -print-path`; - sdk_v="$( /usr/bin/xcrun --show-sdk-version )"; - case $sdk_v in diff --git a/libs/ldns/patches/100-CVE-2017-1000231.patch b/libs/ldns/patches/100-CVE-2017-1000231.patch deleted file mode 100644 index 2c2abe8a4..000000000 --- a/libs/ldns/patches/100-CVE-2017-1000231.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001 -From: Willem Toorop <willem@nlnetlabs.nl> -Date: Thu, 27 Apr 2017 00:14:58 +0200 -Subject: [PATCH] Check parse limit before t increment - -Thanks Stephan Zeisberg ---- - parse.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/parse.c b/parse.c -index e68627c..947dbb8 100644 ---- a/parse.c -+++ b/parse.c -@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li - if (line_nr) { - *line_nr = *line_nr + 1; - } -+ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { -+ *t = '\0'; -+ return -1; -+ } - *t++ = ' '; - prev_c = c; - continue; --- -2.9.5 - diff --git a/libs/ldns/patches/101-CVE-2017-1000232.patch b/libs/ldns/patches/101-CVE-2017-1000232.patch deleted file mode 100644 index 25be44dc5..000000000 --- a/libs/ldns/patches/101-CVE-2017-1000232.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001 -From: Willem Toorop <willem@nlnetlabs.nl> -Date: Thu, 27 Apr 2017 00:25:20 +0200 -Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size - -Thanks Stephan Zeisberg ---- - str2host.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/str2host.c b/str2host.c -index b274b17..f2a317b 100644 ---- a/str2host.c -+++ b/str2host.c -@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) - if (! str) { - return LDNS_STATUS_SYNTAX_BAD_ESCAPE; - } -- length = (size_t)(dp - data); -- -+ if (!(length = (size_t)(dp - data))) { -+ LDNS_FREE(data); -+ return LDNS_STATUS_SYNTAX_EMPTY; -+ } - /* Lose the overmeasure */ - data = LDNS_XREALLOC(dp = data, uint8_t, length); - if (! data) { --- -2.9.5 - diff --git a/libs/ldns/patches/200-deprecated-openssl.patch b/libs/ldns/patches/200-deprecated-openssl.patch deleted file mode 100644 index cdeff84a7..000000000 --- a/libs/ldns/patches/200-deprecated-openssl.patch +++ /dev/null @@ -1,78 +0,0 @@ ---- a/dnssec.c -+++ b/dnssec.c -@@ -23,6 +23,9 @@ - #include <openssl/rand.h> - #include <openssl/err.h> - #include <openssl/md5.h> -+#include <openssl/bn.h> -+#include <openssl/rsa.h> -+#include <openssl/dsa.h> - #endif - - ldns_rr * ---- a/dnssec_sign.c -+++ b/dnssec_sign.c -@@ -17,6 +17,9 @@ - #include <openssl/rand.h> - #include <openssl/err.h> - #include <openssl/md5.h> -+#include <openssl/bn.h> -+#include <openssl/rsa.h> -+#include <openssl/dsa.h> - #endif /* HAVE_SSL */ - - ldns_rr * ---- a/dnssec_verify.c -+++ b/dnssec_verify.c -@@ -594,7 +594,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE - if (tree->parent_status[i] - == LDNS_STATUS_SSL_ERR) { - printf("; SSL Error: "); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_load_crypto_strings(); -+#endif - ERR_print_errors_fp(stdout); - printf("\n"); - } ---- a/drill/drill.c -+++ b/drill/drill.c -@@ -1013,7 +1013,7 @@ main(int argc, char *argv[]) - xfree(tsig_data); - xfree(tsig_algorithm); - --#ifdef HAVE_SSL -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - EVP_cleanup(); ---- a/host2str.c -+++ b/host2str.c -@@ -28,6 +28,12 @@ - #include <time.h> - #include <sys/time.h> - -+#ifdef HAVE_SSL -+#include <openssl/bn.h> -+#include <openssl/rsa.h> -+#include <openssl/dsa.h> -+#endif -+ - #ifndef INET_ADDRSTRLEN - #define INET_ADDRSTRLEN 16 - #endif ---- a/keys.c -+++ b/keys.c -@@ -16,8 +16,12 @@ - - #ifdef HAVE_SSL - #include <openssl/ssl.h> --#include <openssl/engine.h> - #include <openssl/rand.h> -+#include <openssl/bn.h> -+#include <openssl/rsa.h> -+#include <openssl/dsa.h> -+#include <openssl/engine.h> -+#include <openssl/ui.h> - #endif /* HAVE_SSL */ - - ldns_lookup_table ldns_signing_algorithms[] = { diff --git a/libs/ldns/patches/300-openssl-engine.patch b/libs/ldns/patches/300-openssl-engine.patch deleted file mode 100644 index 8f2be2367..000000000 --- a/libs/ldns/patches/300-openssl-engine.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- a/keys.c -+++ b/keys.c -@@ -20,8 +20,10 @@ - #include <openssl/bn.h> - #include <openssl/rsa.h> - #include <openssl/dsa.h> --#include <openssl/engine.h> - #include <openssl/ui.h> -+#ifndef OPENSSL_NO_ENGINE -+#include <openssl/engine.h> -+#endif - #endif /* HAVE_SSL */ - - ldns_lookup_table ldns_signing_algorithms[] = { -@@ -103,7 +105,7 @@ ldns_key_new_frm_fp(ldns_key **k, FILE *fp) - return ldns_key_new_frm_fp_l(k, fp, NULL); - } - --#ifdef HAVE_SSL -+#if defined(HAVE_SSL) && !defined(OPENSSL_NO_ENGINE) - ldns_status - ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg) - { |