Browse Source

ldns: update to 1.7.1

squash commits
- add Eric Luehrsen as maintainer
- add ldns-example programs as option
- add ECDSA to support DNSSEC zones with these keys
- remove patches included upstream

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
lilik-openwrt-22.03
Eric Luehrsen 5 years ago
parent
commit
d77a06a169
7 changed files with 65 additions and 178 deletions
  1. +52
    -8
      libs/ldns/Makefile
  2. +13
    -0
      libs/ldns/patches/001-compile-for-darwin.patch
  3. +0
    -11
      libs/ldns/patches/001-fix-cross-compile-on-darwin.patch
  4. +0
    -28
      libs/ldns/patches/100-CVE-2017-1000231.patch
  5. +0
    -30
      libs/ldns/patches/101-CVE-2017-1000232.patch
  6. +0
    -78
      libs/ldns/patches/200-deprecated-openssl.patch
  7. +0
    -23
      libs/ldns/patches/300-openssl-engine.patch

+ 52
- 8
libs/ldns/Makefile View File

@ -8,16 +8,16 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=ldns PKG_NAME:=ldns
PKG_VERSION:=1.7.0
PKG_RELEASE:=5
PKG_VERSION:=1.7.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns
PKG_HASH:=c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc
PKG_HASH:=8ac84c16bdca60e710eea75782356f3ac3b55680d40e1530d7cea474ac208229
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=
PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
PKG_CPE_ID:=cpe:/a:nlnetlabs:ldns PKG_CPE_ID:=cpe:/a:nlnetlabs:ldns
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
@ -55,15 +55,31 @@ define Package/drill
endef endef
define Package/drill/description define Package/drill/description
drill is a tool to designed to get all sorts of information out of the DNS. It
is specificly designed to be used with DNSSEC.
ldns includes the drill tool, which is much like dig from BIND. It was
designed with DNSSEC in mind and should be a useful debugging/query tool
for DNSSEC.
endef
define Package/ldns-examples
$(call Package/libldns/Default)
SECTION:=net
CATEGORY:=Network
SUBMENU:=IP Addresses and Names
TITLE:=Example programs from NLNetLabs ldns library
DEPENDS+= +libldns +libpcap +drill
endef
define Package/ldns-examples/description
A few example programs are included in the source of ldns. They include tools
which can create DNSSEC keys and DNSSEC zone files.
endef endef
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--disable-dane-ta-usage \
--disable-ecdsa \
--disable-dsa \
--disable-gost \ --disable-gost \
--enable-ecdsa \
--with-drill \ --with-drill \
--with-examples \
--with-ssl="$(STAGING_DIR)/usr" --with-ssl="$(STAGING_DIR)/usr"
define Build/InstallDev define Build/InstallDev
@ -85,5 +101,33 @@ define Package/drill/install
$(CP) $(PKG_INSTALL_DIR)/usr/bin/drill $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/drill $(1)/usr/bin/
endef endef
define Package/ldns-examples/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-chaos $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-compare-zones $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dane $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dpa $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-gen-zone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-key2ds $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keyfetcher $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keygen $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-mx $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-notify $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-nsec3-hash $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-read-zone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-revoke $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-rrsig $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-signzone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-test-edns $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-testns $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-update $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-verify-zone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-version $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-walk $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zcat $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zsplit $(1)/usr/bin/
endef
$(eval $(call BuildPackage,libldns)) $(eval $(call BuildPackage,libldns))
$(eval $(call BuildPackage,drill)) $(eval $(call BuildPackage,drill))
$(eval $(call BuildPackage,ldns-examples))

+ 13
- 0
libs/ldns/patches/001-compile-for-darwin.patch View File

@ -0,0 +1,13 @@
--- a/configure.ac
+++ b/configure.ac
@@ -859,10 +859,10 @@
AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk],
[Set xcode SDK version. Default is autodetect]),
[],[with_xcode_sdk="yes"])
if test "x_$with_xcode_sdk" != "x_no" ; then
# check OSX deployment target, if needed
- if echo $build_os | grep darwin > /dev/null; then
+ if echo $target_os | grep darwin > /dev/null; then
sdk_p=`xcode-select -print-path`;
if test "x_$with_xcode_sdk" = "x_yes" ; then
sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )"

+ 0
- 11
libs/ldns/patches/001-fix-cross-compile-on-darwin.patch View File

@ -1,11 +0,0 @@
--- a/configure.ac
+++ b/configure.ac
@@ -842,7 +842,7 @@ ACX_CHECK_FORMAT_ATTRIBUTE
ACX_CHECK_UNUSED_ATTRIBUTE
# check OSX deployment target, if needed
-if echo $build_os | grep darwin > /dev/null; then
+if echo $target_os | grep darwin > /dev/null; then
sdk_p=`xcode-select -print-path`;
sdk_v="$( /usr/bin/xcrun --show-sdk-version )";
case $sdk_v in

+ 0
- 28
libs/ldns/patches/100-CVE-2017-1000231.patch View File

@ -1,28 +0,0 @@
From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 27 Apr 2017 00:14:58 +0200
Subject: [PATCH] Check parse limit before t increment
Thanks Stephan Zeisberg
---
parse.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/parse.c b/parse.c
index e68627c..947dbb8 100644
--- a/parse.c
+++ b/parse.c
@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
if (line_nr) {
*line_nr = *line_nr + 1;
}
+ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+ *t = '\0';
+ return -1;
+ }
*t++ = ' ';
prev_c = c;
continue;
--
2.9.5

+ 0
- 30
libs/ldns/patches/101-CVE-2017-1000232.patch View File

@ -1,30 +0,0 @@
From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 27 Apr 2017 00:25:20 +0200
Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size
Thanks Stephan Zeisberg
---
str2host.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/str2host.c b/str2host.c
index b274b17..f2a317b 100644
--- a/str2host.c
+++ b/str2host.c
@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
if (! str) {
return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
}
- length = (size_t)(dp - data);
-
+ if (!(length = (size_t)(dp - data))) {
+ LDNS_FREE(data);
+ return LDNS_STATUS_SYNTAX_EMPTY;
+ }
/* Lose the overmeasure */
data = LDNS_XREALLOC(dp = data, uint8_t, length);
if (! data) {
--
2.9.5

+ 0
- 78
libs/ldns/patches/200-deprecated-openssl.patch View File

@ -1,78 +0,0 @@
--- a/dnssec.c
+++ b/dnssec.c
@@ -23,6 +23,9 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
#endif
ldns_rr *
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -17,6 +17,9 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
#endif /* HAVE_SSL */
ldns_rr *
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -594,7 +594,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE
if (tree->parent_status[i]
== LDNS_STATUS_SSL_ERR) {
printf("; SSL Error: ");
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_load_crypto_strings();
+#endif
ERR_print_errors_fp(stdout);
printf("\n");
}
--- a/drill/drill.c
+++ b/drill/drill.c
@@ -1013,7 +1013,7 @@ main(int argc, char *argv[])
xfree(tsig_data);
xfree(tsig_algorithm);
-#ifdef HAVE_SSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
EVP_cleanup();
--- a/host2str.c
+++ b/host2str.c
@@ -28,6 +28,12 @@
#include <time.h>
#include <sys/time.h>
+#ifdef HAVE_SSL
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#endif
+
#ifndef INET_ADDRSTRLEN
#define INET_ADDRSTRLEN 16
#endif
--- a/keys.c
+++ b/keys.c
@@ -16,8 +16,12 @@
#ifdef HAVE_SSL
#include <openssl/ssl.h>
-#include <openssl/engine.h>
#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/engine.h>
+#include <openssl/ui.h>
#endif /* HAVE_SSL */
ldns_lookup_table ldns_signing_algorithms[] = {

+ 0
- 23
libs/ldns/patches/300-openssl-engine.patch View File

@ -1,23 +0,0 @@
--- a/keys.c
+++ b/keys.c
@@ -20,8 +20,10 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
-#include <openssl/engine.h>
#include <openssl/ui.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
#endif /* HAVE_SSL */
ldns_lookup_table ldns_signing_algorithms[] = {
@@ -103,7 +105,7 @@ ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
return ldns_key_new_frm_fp_l(k, fp, NULL);
}
-#ifdef HAVE_SSL
+#if defined(HAVE_SSL) && !defined(OPENSSL_NO_ENGINE)
ldns_status
ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
{

Loading…
Cancel
Save