From 7594e8581a200f6fd20fcba29672af54c4591111 Mon Sep 17 00:00:00 2001
From: Eric Luehrsen <ericluehrsen@gmail.com>
Date: Sun, 5 Dec 2021 22:24:34 -0500
Subject: [PATCH] ldns: update to 1.8.1

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
---
 libs/ldns/Makefile                            |   6 +-
 .../ldns/patches/001-compile-for-darwin.patch |  11 -
 .../ldns/patches/010-openssl-deprecated.patch |  48 ---
 libs/ldns/patches/020-openssl-dsa.patch       | 316 ------------------
 libs/ldns/patches/030-signzone.patch          |  18 -
 5 files changed, 3 insertions(+), 396 deletions(-)
 delete mode 100644 libs/ldns/patches/001-compile-for-darwin.patch
 delete mode 100644 libs/ldns/patches/010-openssl-deprecated.patch
 delete mode 100644 libs/ldns/patches/020-openssl-dsa.patch
 delete mode 100644 libs/ldns/patches/030-signzone.patch

diff --git a/libs/ldns/Makefile b/libs/ldns/Makefile
index c53567d93..d137fe78d 100644
--- a/libs/ldns/Makefile
+++ b/libs/ldns/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ldns
-PKG_VERSION:=1.7.1
-PKG_RELEASE:=3
+PKG_VERSION:=1.8.1
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns
-PKG_HASH:=8ac84c16bdca60e710eea75782356f3ac3b55680d40e1530d7cea474ac208229
+PKG_HASH:=958229abce4d3aaa19a75c0d127666564b17216902186e952ca4aef47c6d7fa3
 
 PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
diff --git a/libs/ldns/patches/001-compile-for-darwin.patch b/libs/ldns/patches/001-compile-for-darwin.patch
deleted file mode 100644
index 68c44dae5..000000000
--- a/libs/ldns/patches/001-compile-for-darwin.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -861,7 +861,7 @@ AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([-
-  [],[with_xcode_sdk="yes"])
- if test "x_$with_xcode_sdk" != "x_no" ; then
-    # check OSX deployment target, if needed
--   if echo $build_os | grep darwin > /dev/null; then
-+   if echo $target_os | grep darwin > /dev/null; then
-      sdk_p=`xcode-select -print-path`;
-      if test "x_$with_xcode_sdk" = "x_yes" ; then
-         sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )"
diff --git a/libs/ldns/patches/010-openssl-deprecated.patch b/libs/ldns/patches/010-openssl-deprecated.patch
deleted file mode 100644
index f5d92d2ce..000000000
--- a/libs/ldns/patches/010-openssl-deprecated.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From cee98e71bb3d69e41cd4d2c6e33c68639dd1eaf0 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 5 Dec 2019 12:13:44 -0800
-Subject: [PATCH] Fix compilation without deprecated APIs
-
----
- dnssec_verify.c | 2 ++
- drill/drill.c   | 2 ++
- keys.c          | 1 +
- 3 files changed, 5 insertions(+)
-
---- a/dnssec_verify.c
-+++ b/dnssec_verify.c
-@@ -597,7 +597,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE
- 						if (tree->parent_status[i]
- 						    == LDNS_STATUS_SSL_ERR) {
- 							printf("; SSL Error: ");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
- 							ERR_load_crypto_strings();
-+#endif
- 							ERR_print_errors_fp(stdout);
- 							printf("\n");
- 						}
---- a/drill/drill.c
-+++ b/drill/drill.c
-@@ -994,10 +994,12 @@ main(int argc, char *argv[])
- 	xfree(tsig_algorithm);
- 
- #ifdef HAVE_SSL
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
- 	CRYPTO_cleanup_all_ex_data();
- 	ERR_free_strings();
- 	EVP_cleanup();
- #endif
-+#endif
- #ifdef USE_WINSOCK
- 	WSACleanup();
- #endif
---- a/keys.c
-+++ b/keys.c
-@@ -15,6 +15,7 @@
- #include <ldns/ldns.h>
- 
- #ifdef HAVE_SSL
-+#include <openssl/ui.h>
- #include <openssl/ssl.h>
- #include <openssl/rand.h>
- #include <openssl/bn.h>
diff --git a/libs/ldns/patches/020-openssl-dsa.patch b/libs/ldns/patches/020-openssl-dsa.patch
deleted file mode 100644
index fc95e1a1a..000000000
--- a/libs/ldns/patches/020-openssl-dsa.patch
+++ /dev/null
@@ -1,316 +0,0 @@
-From 8a12d9183271b2b16f399c3fe867f149dbf753d7 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 20 Feb 2020 18:58:52 -0800
-Subject: [PATCH] Fix compilation without DSA and deprecated APIs
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- dnssec.c                    |  2 ++
- examples/ldns-dane.c        |  2 ++
- examples/ldns-keygen.c      |  2 ++
- examples/ldns-signzone.c    | 16 ++++++++++++++++
- examples/ldns-verify-zone.c |  2 ++
- host2str.c                  |  8 ++++++++
- keys.c                      | 10 +++++++---
- ldns/keys.h                 |  8 ++++++++
- rr_functions.c              |  4 ++++
- 9 files changed, 51 insertions(+), 3 deletions(-)
-
---- a/dnssec.c
-+++ b/dnssec.c
-@@ -332,6 +332,7 @@ uint16_t ldns_calc_keytag_raw(const uint
- }
- 
- #ifdef HAVE_SSL
-+#ifdef USE_DSA
- DSA *
- ldns_key_buf2dsa(const ldns_buffer *key)
- {
-@@ -407,6 +408,7 @@ ldns_key_buf2dsa_raw(const unsigned char
- #endif /* OPENSSL_VERSION_NUMBER */
- 	return dsa;
- }
-+#endif /* USE_DSA */
- 
- RSA *
- ldns_key_buf2rsa(const ldns_buffer *key)
---- a/examples/ldns-dane.c
-+++ b/examples/ldns-dane.c
-@@ -1680,9 +1680,11 @@ main(int argc, char* const* argv)
- 		assert(0);
- 	}
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
- 	/* ssl inititalize */
- 	SSL_load_error_strings();
- 	SSL_library_init();
-+#endif
- 
- 	/* ssl load validation store */
- 	if (! assume_pkix_validity || CAfile || CApath) {
---- a/examples/ldns-keygen.c
-+++ b/examples/ldns-keygen.c
-@@ -148,6 +148,7 @@ main(int argc, char *argv[])
- 			exit(1);
- 		}
- 		break;
-+#ifdef USE_DSA
- 	case LDNS_SIGN_DSA:
- 	case LDNS_SIGN_DSA_NSEC3:
- 		if (bits < 512 || bits > 1024) {
-@@ -156,6 +157,7 @@ main(int argc, char *argv[])
- 			exit(1);
- 		}
- 		break;
-+#endif /* USE_DSA */
- #ifdef USE_GOST
- 	case LDNS_SIGN_ECC_GOST:
- 		if(!ldns_key_EVP_load_gost_id()) {
---- a/examples/ldns-signzone.c
-+++ b/examples/ldns-signzone.c
-@@ -72,10 +72,14 @@ usage(FILE *fp, const char *prog) {
- 
- 	fprintf ( fp, "\n " );
- 	__LIST ( RSAMD5 );
-+#ifdef USE_DSA
- 	__LIST ( DSA );
-+#endif
- 	__LIST ( RSASHA1 );
- 	fprintf ( fp, "\n " );
-+#ifdef USE_DSA
- 	__LIST ( DSA_NSEC3 );
-+#endif
- 	__LIST ( RSASHA1_NSEC3 );
- 	__LIST ( RSASHA256 );
- 	fprintf ( fp, "\n " );
-@@ -350,11 +354,15 @@ parse_algspec ( const char * const p )
- 
- 	__MATCH ( RSAMD5 );
- 	__MATCH ( RSASHA1 );
-+#ifdef USE_DSA
- 	__MATCH ( DSA );
-+#endif
- 	__MATCH ( RSASHA1_NSEC3 );
- 	__MATCH ( RSASHA256 );
- 	__MATCH ( RSASHA512 );
-+#ifdef USE_DSA
- 	__MATCH ( DSA_NSEC3 );
-+#endif
- 	__MATCH ( ECC_GOST );
- 	__MATCH ( ECDSAP256SHA256 );
- 	__MATCH ( ECDSAP384SHA384 );
-@@ -419,8 +427,10 @@ load_key ( const char * const p, ENGINE
- 	case LDNS_SIGN_RSASHA1_NSEC3:
- 	case LDNS_SIGN_RSASHA256:
- 	case LDNS_SIGN_RSASHA512:
-+#ifdef USE_DSA
- 	case LDNS_SIGN_DSA:
- 	case LDNS_SIGN_DSA_NSEC3:
-+#endif
- 	case LDNS_SIGN_ECC_GOST:
- #ifdef USE_ECDSA
- 	case LDNS_SIGN_ECDSAP256SHA256:
-@@ -995,9 +1005,13 @@ main(int argc, char *argv[])
- 
- #ifdef HAVE_SSL
- 		if (ERR_peek_error()) {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
- 			ERR_load_crypto_strings();
-+#endif
- 			ERR_print_errors_fp(stderr);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
- 			ERR_free_strings();
-+#endif
- 		}
- #endif
- 		exit(EXIT_FAILURE);
-@@ -1018,8 +1032,10 @@ main(int argc, char *argv[])
- #ifndef OPENSSL_NO_ENGINE
- 	shutdown_openssl ( engine );
- #else
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
- 	CRYPTO_cleanup_all_ex_data();
- #endif
-+#endif
- 
- 	free(prog);
- 	exit(EXIT_SUCCESS);
---- a/examples/ldns-verify-zone.c
-+++ b/examples/ldns-verify-zone.c
-@@ -113,7 +113,9 @@ print_rr_status_error(FILE* stream, ldns
- 	if (status != LDNS_STATUS_OK) {
- 		print_rr_error(stream, rr, ldns_get_errorstr_by_id(status));
- 		if (verbosity > 0 && status == LDNS_STATUS_SSL_ERR) {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
- 			ERR_load_crypto_strings();
-+#endif
- 			ERR_print_errors_fp(stream);
- 		}
- 	}
---- a/host2str.c
-+++ b/host2str.c
-@@ -49,10 +49,14 @@
- ldns_lookup_table ldns_algorithms[] = {
-         { LDNS_RSAMD5, "RSAMD5" },
-         { LDNS_DH, "DH" },
-+#ifdef USE_DSA
-         { LDNS_DSA, "DSA" },
-+#endif /* USE_DSA */
-         { LDNS_ECC, "ECC" },
-         { LDNS_RSASHA1, "RSASHA1" },
-+#ifdef USE_DSA
-         { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" },
-+#endif /* USE_DSA */
-         { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
- #ifdef USE_SHA2
- 	{ LDNS_RSASHA256, "RSASHA256"},
-@@ -2133,7 +2137,9 @@ ldns_key2buffer_str(ldns_buffer *output,
- 	unsigned char  *bignum;
- #ifdef HAVE_SSL
- 	RSA *rsa;
-+#ifdef USE_DSA
- 	DSA *dsa;
-+#endif /* USE_DSA */
- #endif /* HAVE_SSL */
- 
- 	if (!k) {
-@@ -2243,6 +2249,7 @@ ldns_key2buffer_str(ldns_buffer *output,
- 
- 				RSA_free(rsa);
- 				break;
-+#ifdef USE_DSA
- 			case LDNS_SIGN_DSA:
- 			case LDNS_SIGN_DSA_NSEC3:
- 				dsa = ldns_key_dsa_key(k);
-@@ -2283,6 +2290,7 @@ ldns_key2buffer_str(ldns_buffer *output,
- 						goto error;
- 				}
- 				break;
-+#endif /* USE_DSA */
- 			case LDNS_SIGN_ECC_GOST:
- 				/* no format defined, use blob */
- #if defined(HAVE_SSL) && defined(USE_GOST)
---- a/keys.c
-+++ b/keys.c
-@@ -905,6 +905,7 @@ error:
- 	return NULL;
- }
- 
-+#ifdef USE_DSA
- DSA *
- ldns_key_new_frm_fp_dsa(FILE *f)
- {
-@@ -1015,6 +1016,7 @@ error:
- 	BN_free(pub_key);
- 	return NULL;
- }
-+#endif /* USE_DSA */
- 
- unsigned char *
- ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
-@@ -1149,9 +1151,9 @@ ldns_key_new_frm_algorithm(ldns_signing_
- #endif /* HAVE_EVP_PKEY_KEYGEN */
- #endif /* HAVE_SSL */
- 			break;
-+#ifdef USE_DSA
- 		case LDNS_SIGN_DSA:
- 		case LDNS_SIGN_DSA_NSEC3:
--#ifdef USE_DSA
- #ifdef HAVE_SSL
- # if OPENSSL_VERSION_NUMBER < 0x00908000L
- 			d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
-@@ -1878,10 +1880,10 @@ ldns_key2rr(const ldns_key *k)
- #endif
- 			size++;
- 			break;
-+#ifdef USE_DSA
- 		case LDNS_SIGN_DSA:
- 			ldns_rr_push_rdf(pubkey,
- 					ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
--#ifdef USE_DSA
- #ifdef HAVE_SSL
- 			dsa = ldns_key_dsa_key(k);
- 			if (dsa) {
-@@ -1901,10 +1903,10 @@ ldns_key2rr(const ldns_key *k)
- #endif /* HAVE_SSL */
- #endif /* USE_DSA */
- 			break;
-+#ifdef USE_DSA
- 		case LDNS_SIGN_DSA_NSEC3:
- 			ldns_rr_push_rdf(pubkey,
- 					ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
--#ifdef USE_DSA
- #ifdef HAVE_SSL
- 			dsa = ldns_key_dsa_key(k);
- 			if (dsa) {
-@@ -2165,7 +2167,9 @@ ldns_signing_algorithm ldns_get_signing_
-         ldns_lookup_table aliases[] = {
-                 /* from bind dnssec-keygen */
-                 {LDNS_SIGN_HMACMD5, "HMAC-MD5"},
-+#ifdef USE_DSA
-                 {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
-+#endif /* USE_DSA */
-                 {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
-                 /* old ldns usage, now RFC names */
- #ifdef USE_DSA
---- a/ldns/keys.h
-+++ b/ldns/keys.h
-@@ -45,10 +45,14 @@ enum ldns_enum_algorithm
- {
-         LDNS_RSAMD5             = 1,   /* RFC 4034,4035 */
-         LDNS_DH                 = 2,
-+#ifdef USE_DSA
-         LDNS_DSA                = 3,
-+#endif /* USE_DSA */
-         LDNS_ECC                = 4,
-         LDNS_RSASHA1            = 5,
-+#ifdef USE_DSA
-         LDNS_DSA_NSEC3          = 6,
-+#endif /* USE_DSA */
-         LDNS_RSASHA1_NSEC3      = 7,
-         LDNS_RSASHA256          = 8,   /* RFC 5702 */
-         LDNS_RSASHA512          = 10,  /* RFC 5702 */
-@@ -90,11 +94,15 @@ enum ldns_enum_signing_algorithm
- {
- 	LDNS_SIGN_RSAMD5	 = LDNS_RSAMD5,
- 	LDNS_SIGN_RSASHA1	 = LDNS_RSASHA1,
-+#ifdef USE_DSA
- 	LDNS_SIGN_DSA		 = LDNS_DSA,
-+#endif /* USE_DSA */
- 	LDNS_SIGN_RSASHA1_NSEC3  = LDNS_RSASHA1_NSEC3,
- 	LDNS_SIGN_RSASHA256	 = LDNS_RSASHA256,
- 	LDNS_SIGN_RSASHA512	 = LDNS_RSASHA512,
-+#ifdef USE_DSA
- 	LDNS_SIGN_DSA_NSEC3	 = LDNS_DSA_NSEC3,
-+#endif /* USE_DSA */
- 	LDNS_SIGN_ECC_GOST       = LDNS_ECC_GOST,
-         LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
-         LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
---- a/rr_functions.c
-+++ b/rr_functions.c
-@@ -269,14 +269,17 @@ ldns_rr_dnskey_key_size_raw(const unsign
-                             const size_t len,
-                             const ldns_algorithm alg)
- {
-+#ifdef USE_DSA
- 	/* for DSA keys */
- 	uint8_t t;
-+#endif /* USE_DSA */
- 	
- 	/* for RSA keys */
- 	uint16_t exp;
- 	uint16_t int16;
- 	
- 	switch ((ldns_signing_algorithm)alg) {
-+#ifdef USE_DSA
- 	case LDNS_SIGN_DSA:
- 	case LDNS_SIGN_DSA_NSEC3:
- 		if (len > 0) {
-@@ -286,6 +289,7 @@ ldns_rr_dnskey_key_size_raw(const unsign
- 			return 0;
- 		}
- 		break;
-+#endif /* USE_DSA */
- 	case LDNS_SIGN_RSAMD5:
- 	case LDNS_SIGN_RSASHA1:
- 	case LDNS_SIGN_RSASHA1_NSEC3:
diff --git a/libs/ldns/patches/030-signzone.patch b/libs/ldns/patches/030-signzone.patch
deleted file mode 100644
index b9ef8fe5f..000000000
--- a/libs/ldns/patches/030-signzone.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/examples/ldns-signzone.c
-+++ b/examples/ldns-signzone.c
-@@ -535,6 +535,7 @@ init_openssl_engine ( const char * const
- static void
- shutdown_openssl ( ENGINE * const e )
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
- 	if ( e != NULL ) {
- 		ENGINE_free ( e );
- 		ENGINE_cleanup ();
-@@ -544,6 +545,7 @@ shutdown_openssl ( ENGINE * const e )
- 	EVP_cleanup ();
- 	CRYPTO_cleanup_all_ex_data ();
- 	ERR_free_strings ();
-+#endif
- }
- #endif
-