webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update nettle to version 3.0.

Browse Source 
Requires some fixes in dnsmasq which can be dropped
with the next release.
This commit is contained in:
Michael Tremer
2014-07-05 13:39:13 +02:00
parent 51f5ed7dec
commit b66edc18d7
5 changed files with 168 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
config/rootfiles/common/nettle
View File

@@ -1,5 +1,6 @@
#usr/bin/nettle-hash
#usr/bin/nettle-lfib-stream
#usr/bin/nettle-pbkdf2
#usr/bin/pkcs1-conv
#usr/bin/sexp-conv
#usr/include/nettle
@@ -15,10 +16,15 @@
#usr/include/nettle/camellia.h
#usr/include/nettle/cast128.h
#usr/include/nettle/cbc.h
#usr/include/nettle/ccm.h
#usr/include/nettle/chacha-poly1305.h
#usr/include/nettle/chacha.h
#usr/include/nettle/ctr.h
#usr/include/nettle/des-compat.h
#usr/include/nettle/des.h
#usr/include/nettle/dsa-compat.h
#usr/include/nettle/dsa.h
#usr/include/nettle/eax.h
#usr/include/nettle/ecc-curve.h
#usr/include/nettle/ecc.h
#usr/include/nettle/ecdsa.h
@@ -38,9 +44,9 @@
#usr/include/nettle/pbkdf2.h
#usr/include/nettle/pgp.h
#usr/include/nettle/pkcs1.h
#usr/include/nettle/poly1305.h
#usr/include/nettle/realloc.h
#usr/include/nettle/ripemd160.h
#usr/include/nettle/rsa-compat.h
#usr/include/nettle/rsa.h
#usr/include/nettle/salsa20.h
#usr/include/nettle/serpent.h
@@ -54,12 +60,12 @@
#usr/include/nettle/yarrow.h
#usr/lib/libhogweed.a
#usr/lib/libhogweed.so
usr/lib/libhogweed.so.2
usr/lib/libhogweed.so.2.5
#usr/lib/libhogweed.so.3
#usr/lib/libhogweed.so.3.0
#usr/lib/libnettle.a
#usr/lib/libnettle.so
usr/lib/libnettle.so.4
usr/lib/libnettle.so.4.7
#usr/lib/libnettle.so.5
#usr/lib/libnettle.so.5.0
#usr/lib/pkgconfig/hogweed.pc
#usr/lib/pkgconfig/nettle.pc
#usr/share/info/nettle.info

2
lfs/dnsmasq
View File

@@ -72,6 +72,8 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.70-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \

4
lfs/nettle
View File

@@ -24,7 +24,7 @@
include Config
VER = 2.7.1
VER = 3.0
THISAPP = nettle-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 003d5147911317931dd453520eb234a5
$(DL_FILE)_MD5 = f64b1bf1e774b7ae6e507318e340250e
install : $(TARGET)

65
src/patches/dnsmasq-2.71-support-nettle-3.0.patch Normal file
View File

@@ -0,0 +1,65 @@
From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 18 Jun 2014 20:52:53 +0100
Subject: [PATCH] Fix FTBFS with Nettle-3.0.
---
CHANGELOG | 3 +++
src/dnssec.c | 18 ++++++++++++------
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/src/dnssec.c b/src/dnssec.c
index 2ffb75d..69bfc29 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -28,6 +28,12 @@
#include <nettle/nettle-meta.h>
#include <nettle/bignum.h>
+/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
+ to detect Nettle-3, and invoke the backwards compatibility mode. */
+#ifdef dsa_params_init
+#include <nettle/dsa-compat.h>
+#endif
+
#define SERIAL_UNDEF -100
#define SERIAL_EQ 0
@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
return 1;
}
-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
- unsigned char *digest, int algo)
+static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+ unsigned char *digest, int algo)
{
unsigned char *p;
size_t exp_len;
@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
return 0;
}
-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
- unsigned char *digest, int algo)
+static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+ unsigned char *digest, int algo)
{
unsigned char *p;
unsigned int t;
@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
switch (algo)
{
case 1: case 5: case 7: case 8: case 10:
- return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+ return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
case 3: case 6:
- return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+ return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
#ifndef NO_NETTLE_ECC
case 13: case 14:
--
1.7.10.4

88
src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch Normal file
View File

@@ -0,0 +1,88 @@
From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 17 Jun 2014 19:49:31 +0100
Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp
---
Makefile | 2 +-
bld/pkg-wrapper | 9 +++++++--
src/config.h | 7 +++++++
src/dnssec.c | 3 ++-
4 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index c58b50b..17eeb27 100644
--- a/Makefile
+++ b/Makefile
@@ -61,7 +61,7 @@ lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON
lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1`
nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
-gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp`
+gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
index 9f9332d..0ddb678 100755
--- a/bld/pkg-wrapper
+++ b/bld/pkg-wrapper
@@ -11,9 +11,14 @@ in=`cat`
if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
echo $in | grep $search >/dev/null 2>&1; then
-
+# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP
if [ $op = "--copy" ]; then
- pkg="$*"
+ if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
+ echo $in | grep $pkg >/dev/null 2>&1; then
+ pkg=""
+ else
+ pkg="$*"
+ fi
elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
pkg=`$pkg --static $op $*`
diff --git a/src/config.h b/src/config.h
index 2155544..ee6d218 100644
--- a/src/config.h
+++ b/src/config.h
@@ -105,6 +105,8 @@ HAVE_AUTH
define this to include the facility to act as an authoritative DNS
server for one or more zones.
+HAVE_DNSSEC
+ include DNSSEC validator.
NO_IPV6
NO_TFTP
@@ -118,6 +120,11 @@ NO_AUTH
which are enabled by default in the distributed source tree. Building dnsmasq
with something like "make COPTS=-DNO_SCRIPT" will do the trick.
+NO_NETTLE_ECC
+ Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
+NO_GMP
+ Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
+
LEASEFILE
CONFFILE
RESOLVFILE
diff --git a/src/dnssec.c b/src/dnssec.c
index 44d626b..2ffb75d 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -26,7 +26,8 @@
# include <nettle/ecc-curve.h>
#endif
#include <nettle/nettle-meta.h>
-#include <gmp.h>
+#include <nettle/bignum.h>
+
#define SERIAL_UNDEF -100
#define SERIAL_EQ 0
--
1.7.10.4