OpenBSD Mail Box: UPDATE: ldns 1.7.0

Here's a slightly overdue update to ldns-utils 1.7.0.

I've tested the bits I use, is there anyone using dnssec who wants
to test those parts?

Index: Makefile.inc
===================================================================
RCS file: /cvs/ports/net/ldns/Makefile.inc,v
retrieving revision 1.30
diff -u -p -r1.30 Makefile.inc
--- Makefile.inc 15 Jun 2014 20:20:34 -0000 1.30
+++ Makefile.inc 5 Jun 2017 08:59:31 -0000
@@ -1,6 +1,6 @@
# $OpenBSD: Makefile.inc,v 1.30 2014/06/15 20:20:34 sthen Exp $

-VERSION= 1.6.17
+VERSION= 1.7.0

DISTNAME= ldns-${VERSION}

Index: distinfo
===================================================================
RCS file: /cvs/ports/net/ldns/distinfo,v
retrieving revision 1.7
diff -u -p -r1.7 distinfo
--- distinfo 22 Jan 2014 00:15:36 -0000 1.7
+++ distinfo 5 Jun 2017 08:59:31 -0000
@@ -1,2 +1,2 @@
-SHA256 (ldns-1.6.17.tar.gz) = i4jgWUUhGOiUmidSpVzlm8cfpbxBQQPhf1trBvm8yM0=
-SIZE (ldns-1.6.17.tar.gz) = 1315403
+SHA256 (ldns-1.7.0.tar.gz) = wZ9bG0+zdM/jT0hF6hGx4FUd3GeAO9bd1dKiDwmXpsw=
+SIZE (ldns-1.7.0.tar.gz) = 1304424
Index: libldns/Makefile
===================================================================
RCS file: /cvs/ports/net/ldns/libldns/Makefile,v
retrieving revision 1.30
diff -u -p -r1.30 Makefile
--- libldns/Makefile 11 May 2015 16:24:38 -0000 1.30
+++ libldns/Makefile 5 Jun 2017 08:59:31 -0000
@@ -3,11 +3,15 @@
COMMENT= DNS library modelled after Net::DNS

PKGNAME= libldns-${VERSION}
-REVISION= 1

-SHARED_LIBS += ldns 6.1
+SHARED_LIBS += ldns 7.0 # 2.0

# ssl included as ssl.h has been used.
WANTLIB= crypto ssl
+
+# "OpenSSL does not support offline DANE verification (Needed for the
+# DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun
+# with --disable-dane-verify or --disable-dane-ta-usage"
+CONFIGURE_ARGS= --disable-dane-ta-usage

.include <bsd.port.mk>
Index: libldns/patches/patch-Makefile_in
===================================================================
RCS file: /cvs/ports/net/ldns/libldns/patches/patch-Makefile_in,v
retrieving revision 1.15
diff -u -p -r1.15 patch-Makefile_in
--- libldns/patches/patch-Makefile_in 22 Jan 2014 00:15:36 -0000 1.15
+++ libldns/patches/patch-Makefile_in 5 Jun 2017 08:59:31 -0000
@@ -1,16 +1,17 @@
$OpenBSD: patch-Makefile_in,v 1.15 2014/01/22 00:15:36 brad Exp $
---- Makefile.in.orig Fri Jan 10 16:04:41 2014
-+++ Makefile.in Fri Jan 10 17:42:38 2014
-@@ -12,7 +12,7 @@ datarootdir = @datarootdir@
- datadir = @datadir@
+Index: Makefile.in
+--- Makefile.in.orig
++++ Makefile.in
+@@ -13,7 +13,7 @@ datadir = @datadir@
libdir = @libdir@
includedir = @includedir@
+ sysconfdir = @sysconfdir@
-doxygen = @doxygen@
+#doxygen = @doxygen@
pywrapdir = $(srcdir)/contrib/python
pyldnsxwrapdir = $(srcdir)/contrib/ldnsx
p5_dns_ldns_dir = $(srcdir)/contrib/DNS-LDNS
-@@ -320,7 +320,6 @@ uninstall-h:
+@@ -358,7 +358,6 @@ uninstall-h:
install-lib: lib
$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
$(LIBTOOL) --mode=install cp libldns.la $(DESTDIR)$(libdir)
Index: libldns/patches/patch-doc_doxyparse_pl
===================================================================
RCS file: libldns/patches/patch-doc_doxyparse_pl
diff -N libldns/patches/patch-doc_doxyparse_pl
--- libldns/patches/patch-doc_doxyparse_pl 14 Apr 2016 23:02:27 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
-$OpenBSD: patch-doc_doxyparse_pl,v 1.1 2016/04/14 23:02:27 sthen Exp $
---- doc/doxyparse.pl.orig Thu Apr 14 17:00:36 2016
-+++ doc/doxyparse.pl Thu Apr 14 17:00:51 2016
-@@ -273,7 +273,7 @@ foreach (keys %manpages) {
-
- print MAN $MAN_MIDDLE;
-
-- if (defined(@$also)) {
-+ if (@$also) {
- print MAN "\n.SH SEE ALSO\n\\fI";
- print MAN join "\\fR, \\fI", @$also;
- print MAN "\\fR.\nAnd ";
Index: libldns/pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/ldns/libldns/pkg/PLIST,v
retrieving revision 1.9
diff -u -p -r1.9 PLIST
--- libldns/pkg/PLIST 22 Jan 2014 00:15:36 -0000 1.9
+++ libldns/pkg/PLIST 5 Jun 2017 08:59:31 -0000
@@ -38,20 +38,34 @@ lib/libldns.a
lib/libldns.la
@lib lib/libldns.so.${LIBldns_VERSION}
@man man/man1/ldns-config.1
+@man man/man3/ldns_algorithm.3
+@man man/man3/ldns_axfr_abort.3
+@man man/man3/ldns_axfr_complete.3
+@man man/man3/ldns_axfr_last_pkt.3
+@man man/man3/ldns_axfr_next.3
+@man man/man3/ldns_axfr_start.3
+@man man/man3/ldns_b32_ntop_calculate_size.3
+@man man/man3/ldns_b32_pton_calculate_size.3
+@man man/man3/ldns_b64_ntop_calculate_size.3
+@man man/man3/ldns_b64_pton_calculate_size.3
@man man/man3/ldns_bget_token.3
@man man/man3/ldns_bgetc.3
@man man/man3/ldns_bskipcs.3
+@man man/man3/ldns_bubblebabble.3
@man man/man3/ldns_buffer.3
@man man/man3/ldns_buffer2pkt_wire.3
+@man man/man3/ldns_buffer2str.3
@man man/man3/ldns_buffer_at.3
@man man/man3/ldns_buffer_available.3
@man man/man3/ldns_buffer_available_at.3
@man man/man3/ldns_buffer_begin.3
@man man/man3/ldns_buffer_capacity.3
@man man/man3/ldns_buffer_clear.3
+@man man/man3/ldns_buffer_copy.3
@man man/man3/ldns_buffer_current.3
@man man/man3/ldns_buffer_end.3
@man man/man3/ldns_buffer_export.3
+@man man/man3/ldns_buffer_export2str.3
@man man/man3/ldns_buffer_flip.3
@man man/man3/ldns_buffer_free.3
@man man/man3/ldns_buffer_limit.3
@@ -83,9 +97,12 @@ lib/libldns.la
@man man/man3/ldns_buffer_write_string_at.3
@man man/man3/ldns_buffer_write_u16.3
@man man/man3/ldns_buffer_write_u16_at.3
+@man man/man3/ldns_buffer_write_u32.3
+@man man/man3/ldns_buffer_write_u32_at.3
@man man/man3/ldns_buffer_write_u8.3
@man man/man3/ldns_buffer_write_u8_at.3
@man man/man3/ldns_calc_keytag.3
+@man man/man3/ldns_calc_keytag_raw.3
@man man/man3/ldns_create_nsec.3
@man man/man3/ldns_dane_cert2rdf.3
@man man/man3/ldns_dane_create_tlsa_owner.3
@@ -93,7 +110,6 @@ lib/libldns.la
@man man/man3/ldns_dane_select_certificate.3
@man man/man3/ldns_dane_verify.3
@man man/man3/ldns_dane_verify_rr.3
-@man man/man3/ldns_dname.3
@man man/man3/ldns_dname2canonical.3
@man man/man3/ldns_dname_cat.3
@man man/man3/ldns_dname_cat_clone.3
@@ -167,6 +183,13 @@ lib/libldns.la
@man man/man3/ldns_dnssec_zone_print.3
@man man/man3/ldns_dnssec_zone_sign.3
@man man/man3/ldns_dnssec_zone_sign_nsec3.3
+@man man/man3/ldns_duration2string.3
+@man man/man3/ldns_duration2time.3
+@man man/man3/ldns_duration_cleanup.3
+@man man/man3/ldns_duration_compare.3
+@man man/man3/ldns_duration_create.3
+@man man/man3/ldns_duration_create_from_string.3
+@man man/man3/ldns_duration_type.3
@man man/man3/ldns_fget_token.3
@man man/man3/ldns_fskipcs.3
@man man/man3/ldns_get_errorstr_by_id.3
@@ -184,6 +207,7 @@ lib/libldns.la
@man man/man3/ldns_key2buffer_str.3
@man man/man3/ldns_key2rr.3
@man man/man3/ldns_key2str.3
+@man man/man3/ldns_key_algo_supported.3
@man man/man3/ldns_key_algorithm.3
@man man/man3/ldns_key_buf2dsa.3
@man man/man3/ldns_key_buf2rsa.3
@@ -350,7 +374,6 @@ lib/libldns.la
@man man/man3/ldns_rdf_set_type.3
@man man/man3/ldns_rdf_size.3
@man man/man3/ldns_rdf_type.3
-@man man/man3/ldns_resolver_print.3
@man man/man3/ldns_rr.3
@man man/man3/ldns_rr2buffer_str.3
@man man/man3/ldns_rr2buffer_wire.3
@@ -385,7 +408,6 @@ lib/libldns.la
@man man/man3/ldns_rr_list_free.3
@man man/man3/ldns_rr_list_new.3
@man man/man3/ldns_rr_list_pop_rr.3
-@man man/man3/ldns_rr_list_print.3
@man man/man3/ldns_rr_list_push_rr.3
@man man/man3/ldns_rr_list_rr_count.3
@man man/man3/ldns_rr_list_set_rr_count.3
@@ -441,7 +463,6 @@ lib/libldns.la
@man man/man3/ldns_sign_public_rsasha1.3
@man man/man3/ldns_status.3
@man man/man3/ldns_str2period.3
-@man man/man3/ldns_str_remove_comment.3
@man man/man3/ldns_tcp_connect.3
@man man/man3/ldns_tcp_read_wire.3
@man man/man3/ldns_tcp_send_query.3
@@ -463,22 +484,27 @@ lib/libldns.la
@man man/man3/ldns_verify_rrsig_keylist_notime.3
@man man/man3/ldns_verify_rrsig_rsamd5.3
@man man/man3/ldns_verify_rrsig_rsasha1.3
+@man man/man3/ldns_version.3
@man man/man3/ldns_wire2dname.3
@man man/man3/ldns_wire2pkt.3
@man man/man3/ldns_wire2rdf.3
@man man/man3/ldns_wire2rr.3
@man man/man3/ldns_zone.3
@man man/man3/ldns_zone_deep_free.3
+@man man/man3/ldns_zone_free.3
@man man/man3/ldns_zone_glue_rr_list.3
@man man/man3/ldns_zone_new.3
@man man/man3/ldns_zone_new_frm_fp.3
@man man/man3/ldns_zone_new_frm_fp_l.3
@man man/man3/ldns_zone_print.3
+@man man/man3/ldns_zone_print_fmt.3
@man man/man3/ldns_zone_push_rr.3
@man man/man3/ldns_zone_push_rr_list.3
@man man/man3/ldns_zone_rr_count.3
@man man/man3/ldns_zone_rrs.3
@man man/man3/ldns_zone_set_rrs.3
@man man/man3/ldns_zone_set_soa.3
+@man man/man3/ldns_zone_sign.3
+@man man/man3/ldns_zone_sign_nsec3.3
@man man/man3/ldns_zone_soa.3
@man man/man3/ldns_zone_sort.3
Index: utils/Makefile
===================================================================
RCS file: /cvs/ports/net/ldns/utils/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- utils/Makefile 16 Jan 2016 13:15:26 -0000 1.31
+++ utils/Makefile 5 Jun 2017 08:59:31 -0000
@@ -3,7 +3,6 @@
COMMENT= LDNS utilities

PKGNAME= ldns-utils-${VERSION}
-REVISION= 0

WANTLIB= c crypto ldns>=6.1 pcap ssl
LIB_DEPENDS+= net/ldns/libldns>=1.6.17
@@ -14,7 +13,10 @@ USE_GMAKE= Yes
CONFIGURE_ARGS+= --with-ldns=${LOCALBASE}
CONFIGURE_ENV+= libtool=${LIBTOOL}

+# uses ldns_key_EVP_load_gost_id which we don't have
+CONFIGURE_ARGS+= --disable-gost
+
CONFIGURE_STYLE= autoconf
-AUTOCONF_VERSION= 2.68
+AUTOCONF_VERSION= 2.69

.include <bsd.port.mk>
Index: utils/patches/patch-dnssec_c
===================================================================
RCS file: utils/patches/patch-dnssec_c
diff -N utils/patches/patch-dnssec_c
--- utils/patches/patch-dnssec_c 16 Jan 2016 13:15:26 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,46 +0,0 @@
-$OpenBSD: patch-dnssec_c,v 1.1 2016/01/16 13:15:26 sthen Exp $
-
-Fix ECDSA signature generation, do not omit leading zeroes.
-http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=1139fdc7f6d78cc9a93e46d3defcd05d15c45af0
-
---- dnssec.c.orig Fri Jan 10 16:04:41 2014
-+++ dnssec.c Fri Jan 15 23:06:29 2016
-@@ -1806,7 +1806,8 @@ ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_bu
- #ifdef USE_ECDSA
- #ifndef S_SPLINT_S
- ldns_rdf *
--ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
-+ldns_convert_ecdsa_rrsig_asn1len2rdf(const ldns_buffer *sig,
-+ const long sig_len, int num_bytes)
- {
- ECDSA_SIG* ecdsa_sig;
- unsigned char *data = (unsigned char*)ldns_buffer_begin(sig);
-@@ -1815,16 +1816,22 @@ ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *s
- if(!ecdsa_sig) return NULL;
-
- /* "r | s". */
-- data = LDNS_XMALLOC(unsigned char,
-- BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s));
-+ if(BN_num_bytes(ecdsa_sig->r) > num_bytes ||
-+ BN_num_bytes(ecdsa_sig->s) > num_bytes) {
-+ ECDSA_SIG_free(ecdsa_sig);
-+ return NULL; /* numbers too big for passed curve size */
-+ }
-+ data = LDNS_XMALLOC(unsigned char, num_bytes*2);
- if(!data) {
- ECDSA_SIG_free(ecdsa_sig);
- return NULL;
- }
-- BN_bn2bin(ecdsa_sig->r, data);
-- BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
-- rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(
-- BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data);
-+ /* write the bignums (in big-endian) a little offset if the BN code
-+ * wants to write a shorter number of bytes, with zeroes prefixed */
-+ memset(data, 0, num_bytes*2);
-+ BN_bn2bin(ecdsa_sig->r, data+num_bytes-BN_num_bytes(ecdsa_sig->r));
-+ BN_bn2bin(ecdsa_sig->s, data+num_bytes*2-BN_num_bytes(ecdsa_sig->s));
-+ rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(num_bytes*2), data);
- ECDSA_SIG_free(ecdsa_sig);
- return rdf;
- }
Index: utils/patches/patch-dnssec_sign_c
===================================================================
RCS file: utils/patches/patch-dnssec_sign_c
diff -N utils/patches/patch-dnssec_sign_c
--- utils/patches/patch-dnssec_sign_c 16 Jan 2016 13:15:26 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,43 +0,0 @@
-$OpenBSD: patch-dnssec_sign_c,v 1.1 2016/01/16 13:15:26 sthen Exp $
-
-Fix ECDSA signature generation, do not omit leading zeroes.
-http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=1139fdc7f6d78cc9a93e46d3defcd05d15c45af0
-
---- dnssec_sign.c.orig Fri Jan 10 16:04:41 2014
-+++ dnssec_sign.c Fri Jan 15 23:06:29 2016
-@@ -367,6 +367,7 @@ ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
-
- #ifdef USE_ECDSA
- #ifndef S_SPLINT_S
-+/** returns the number of bytes per signature-component (i.e. bits/8), or 0. */
- static int
- ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
- {
-@@ -380,11 +381,13 @@ ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
- EC_KEY_free(ec);
- return 0;
- }
-- if(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
-- EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
-- EC_GROUP_get_curve_name(g) == NID_secp384r1) {
-+ if(EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1) {
- EC_KEY_free(ec);
-- return 1;
-+ return 32; /* 256/8 */
-+ }
-+ if(EC_GROUP_get_curve_name(g) == NID_secp384r1) {
-+ EC_KEY_free(ec);
-+ return 48; /* 384/8 */
- }
- /* downref the eckey, the original is still inside the pkey */
- EC_KEY_free(ec);
-@@ -448,7 +451,8 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
- #ifdef USE_ECDSA
- } else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC &&
- ldns_pkey_is_ecdsa(key)) {
-- sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig, siglen);
-+ sigdata_rdf = ldns_convert_ecdsa_rrsig_asn1len2rdf(
-+ b64sig, siglen, ldns_pkey_is_ecdsa(key));
-

OpenBSD Mail Box

Monday, June 05, 2017

UPDATE: ldns 1.7.0

No comments:

Post a Comment