Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 414798 Details for
Bug 563362
net-dns/bind: add libressl support
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
0001-net-dns-bind-add-libressl-support.patch
0001-net-dns-bind-add-libressl-support.patch (text/plain), 17.92 KB, created by
Julian Ospald
on 2015-10-17 23:43:12 UTC
(
hide
)
Description:
0001-net-dns-bind-add-libressl-support.patch
Filename:
MIME Type:
Creator:
Julian Ospald
Created:
2015-10-17 23:43:12 UTC
Size:
17.92 KB
patch
obsolete
>From 556d90722f1ed91f64a12f84a567e224e798507b Mon Sep 17 00:00:00 2001 >From: Julian Ospald <hasufell@gentoo.org> >Date: Sun, 18 Oct 2015 01:39:23 +0200 >Subject: [PATCH] net-dns/bind: add libressl support > >--- > net-dns/bind/bind-9.10.3-r1.ebuild | 416 ++++++++++++++++++++++++++ > net-dns/bind/files/bind-9.10.3-libressl.patch | 110 +++++++ > 2 files changed, 526 insertions(+) > create mode 100644 net-dns/bind/bind-9.10.3-r1.ebuild > create mode 100644 net-dns/bind/files/bind-9.10.3-libressl.patch > >diff --git a/net-dns/bind/bind-9.10.3-r1.ebuild b/net-dns/bind/bind-9.10.3-r1.ebuild >new file mode 100644 >index 0000000..a8e08d2 >--- /dev/null >+++ b/net-dns/bind/bind-9.10.3-r1.ebuild >@@ -0,0 +1,416 @@ >+# Copyright 1999-2015 Gentoo Foundation >+# Distributed under the terms of the GNU General Public License v2 >+# $Id$ >+ >+# Re dlz/mysql and threads, needs to be verified.. >+# MySQL uses thread local storage in its C api. Thus MySQL >+# requires that each thread of an application execute a MySQL >+# thread initialization to setup the thread local storage. >+# This is impossible to do safely while staying within the DLZ >+# driver API. This is a limitation caused by MySQL, and not the DLZ API. >+# Because of this BIND MUST only run with a single thread when >+# using the MySQL driver. >+ >+EAPI="5" >+ >+PYTHON_COMPAT=( python2_7 python3_3 python3_4 ) >+ >+inherit python-r1 eutils autotools toolchain-funcs flag-o-matic multilib db-use user systemd >+ >+MY_PV="${PV/_p/-P}" >+MY_PV="${MY_PV/_rc/rc}" >+MY_P="${PN}-${MY_PV}" >+ >+SDB_LDAP_VER="1.1.0-fc14" >+ >+RRL_PV="${MY_PV}" >+ >+NSLINT_DIR="contrib/nslint-3.0a2/" >+ >+# SDB-LDAP: http://bind9-ldap.bayour.com/ >+ >+DESCRIPTION="BIND - Berkeley Internet Name Domain - Name Server" >+HOMEPAGE="http://www.isc.org/software/bind" >+SRC_URI="ftp://ftp.isc.org/isc/bind9/${MY_PV}/${MY_P}.tar.gz >+ doc? ( mirror://gentoo/dyndns-samples.tbz2 )" >+# sdb-ldap? ( >+# http://ftp.disconnected-by-peer.at/pub/bind-sdb-ldap-${SDB_LDAP_VER}.patch.bz2 >+# )" >+ >+LICENSE="GPL-2 ISC BSD BSD-2 HPND JNIC openssl" >+SLOT="0" >+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" >+IUSE="berkdb +caps dlz doc fetchlimit filter-aaaa fixed-rrset geoip gost gssapi idn ipv6 >+json ldap libressl mysql nslint odbc postgres python rpz seccomp selinux sit ssl static-libs >++threads urandom xml" >+# sdb-ldap - patch broken >+# no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687 >+ >+REQUIRED_USE="postgres? ( dlz ) >+ berkdb? ( dlz ) >+ mysql? ( dlz !threads ) >+ odbc? ( dlz ) >+ ldap? ( dlz ) >+ gost? ( !libressl ssl ) >+ threads? ( caps )" >+# sdb-ldap? ( dlz ) >+ >+DEPEND=" >+ ssl? ( >+ !libressl? ( dev-libs/openssl:0[-bindist] ) >+ libressl? ( dev-libs/libressl ) >+ ) >+ mysql? ( >=virtual/mysql-4.0 ) >+ odbc? ( >=dev-db/unixODBC-2.2.6 ) >+ ldap? ( net-nds/openldap ) >+ idn? ( net-dns/idnkit ) >+ postgres? ( dev-db/postgresql:= ) >+ caps? ( >=sys-libs/libcap-2.1.0 ) >+ xml? ( dev-libs/libxml2 ) >+ geoip? ( >=dev-libs/geoip-1.4.6 ) >+ gssapi? ( virtual/krb5 ) >+ gost? ( >=dev-libs/openssl-1.0.0:0[-bindist] ) >+ seccomp? ( sys-libs/libseccomp ) >+ json? ( dev-libs/json-c )" >+# sdb-ldap? ( net-nds/openldap ) >+ >+RDEPEND="${DEPEND} >+ selinux? ( sec-policy/selinux-bind ) >+ || ( sys-process/psmisc >=sys-freebsd/freebsd-ubin-9.0_rc sys-process/fuser-bsd )" >+ >+S="${WORKDIR}/${MY_P}" >+ >+# bug 479092, requires networking >+RESTRICT="test" >+ >+pkg_setup() { >+ ebegin "Creating named group and user" >+ enewgroup named 40 >+ enewuser named 40 -1 /etc/bind named >+ eend ${?} >+} >+ >+src_prepare() { >+ epatch "${FILESDIR}"/${P}-libressl.patch >+ >+ # Adjusting PATHs in manpages >+ for i in bin/{named/named.8,check/named-checkconf.8,rndc/rndc.8} ; do >+ sed -i \ >+ -e 's:/etc/named.conf:/etc/bind/named.conf:g' \ >+ -e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \ >+ -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ >+ "${i}" || die "sed failed, ${i} doesn't exist" >+ done >+ >+# if use dlz; then >+# # sdb-ldap patch as per bug #160567 >+# # Upstream URL: http://bind9-ldap.bayour.com/ >+# # New patch take from bug 302735 >+# if use sdb-ldap; then >+# epatch "${WORKDIR}"/${PN}-sdb-ldap-${SDB_LDAP_VER}.patch >+# cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named/ >+# cp -fp contrib/sdb/ldap/{ldap2zone.1,ldap2zone.c} bin/tools/ >+# cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/tools/ >+# fi >+# fi >+ >+ # should be installed by bind-tools >+ sed -i -r -e "s:(nsupdate|dig|delv) ::g" bin/Makefile.in || die >+ >+ # Disable tests for now, bug 406399 >+ sed -i '/^SUBDIRS/s:tests::' bin/Makefile.in lib/Makefile.in || die >+ >+ if use nslint; then >+ sed -i -e 's:/etc/named.conf:/etc/bind/named.conf:' ${NSLINT_DIR}/nslint.{c,8} || die >+ fi >+ >+ # bug #220361 >+ rm aclocal.m4 >+ rm -rf libtool.m4/ >+ eautoreconf >+} >+ >+src_configure() { >+ local myconf="" >+ >+ if use urandom; then >+ myconf="${myconf} --with-randomdev=/dev/urandom" >+ else >+ myconf="${myconf} --with-randomdev=/dev/random" >+ fi >+ >+ use geoip && myconf="${myconf} --with-geoip" >+ >+ # bug #158664 >+# gcc-specs-ssp && replace-flags -O[23s] -O >+ >+ # To include db.h from proper path >+ use berkdb && append-flags "-I$(db_includedir)" >+ >+ export BUILD_CC=$(tc-getBUILD_CC) >+ econf \ >+ --sysconfdir=/etc/bind \ >+ --localstatedir=/var \ >+ --with-libtool \ >+ --enable-full-report \ >+ --without-readline \ >+ $(use_enable caps linux-caps) \ >+ $(use_enable fetchlimit) \ >+ $(use_enable filter-aaaa) \ >+ $(use_enable fixed-rrset) \ >+ $(use_enable ipv6) \ >+ $(use_enable rpz rpz-nsdname) \ >+ $(use_enable rpz rpz-nsip) \ >+ $(use_enable seccomp) \ >+ $(use_enable sit) \ >+ $(use_enable threads) \ >+ $(use_with berkdb dlz-bdb) \ >+ $(use_with dlz dlopen) \ >+ $(use_with dlz dlz-filesystem) \ >+ $(use_with dlz dlz-stub) \ >+ $(use_with gost) \ >+ $(use_with gssapi) \ >+ $(use_with idn) \ >+ $(use_with json libjson) \ >+ $(use_with ldap dlz-ldap) \ >+ $(use_with mysql dlz-mysql) \ >+ $(use_with odbc dlz-odbc) \ >+ $(use_with postgres dlz-postgres) \ >+ $(use_with python) \ >+ $(use_with ssl ecdsa) \ >+ $(use_with ssl openssl "${EPREFIX}"/usr) \ >+ $(use_with xml libxml2) \ >+ ${myconf} >+ >+ # $(use_enable static-libs static) \ >+ >+ # bug #151839 >+ echo '#undef SO_BSDCOMPAT' >> config.h >+ >+ if use nslint; then >+ cd $NSLINT_DIR >+ econf >+ fi >+} >+ >+src_compile() { >+ emake >+ >+ if use nslint; then >+ emake -C $NSLINT_DIR CCOPT="${CFLAGS}" >+ fi >+} >+ >+src_install() { >+ emake DESTDIR="${D}" install >+ >+ if use nslint; then >+ cd $NSLINT_DIR >+ dobin nslint >+ doman nslint.8 >+ cd "${S}" >+ fi >+ >+ dodoc CHANGES FAQ README >+ >+ if use idn; then >+ dodoc contrib/idn/README.idnkit >+ fi >+ >+ if use doc; then >+ dodoc doc/arm/Bv9ARM.pdf >+ >+ docinto misc >+ dodoc doc/misc/* >+ >+ # might a 'html' useflag make sense? >+ docinto html >+ dohtml -r doc/arm/* >+ >+ docinto contrib >+ dodoc contrib/scripts/{nanny.pl,named-bootconf.sh} >+ >+ # some handy-dandy dynamic dns examples >+ pushd "${D}"/usr/share/doc/${PF} 1>/dev/null >+ tar xf "${DISTDIR}"/dyndns-samples.tbz2 || die >+ popd 1>/dev/null >+ fi >+ >+ insinto /etc/bind >+ newins "${FILESDIR}"/named.conf-r8 named.conf >+ >+ # ftp://ftp.rs.internic.net/domain/named.cache: >+ insinto /var/bind >+ newins "${FILESDIR}"/named.cache-r1 named.cache >+ >+ insinto /var/bind/pri >+ newins "${FILESDIR}"/localhost.zone-r3 localhost.zone >+ >+ newinitd "${FILESDIR}"/named.init-r13 named >+ newconfd "${FILESDIR}"/named.confd-r7 named >+ >+ if use gost; then >+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}/' "${D}/etc/init.d/named" || die >+ else >+ sed -i -e 's/^OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-1}$/OPENSSL_LIBGOST=${OPENSSL_LIBGOST:-0}/' "${D}/etc/init.d/named" || die >+ fi >+ >+ newenvd "${FILESDIR}"/10bind.env 10bind >+ >+ # Let's get rid of those tools and their manpages since they're provided by bind-tools >+ rm -f "${D}"/usr/share/man/man1/{dig,host,nslookup}.1* >+ rm -f "${D}"/usr/share/man/man8/nsupdate.8* >+ rm -f "${D}"/usr/bin/{dig,host,nslookup,nsupdate} >+ rm -f "${D}"/usr/sbin/{dig,host,nslookup,nsupdate} >+ for tool in dsfromkey importkey keyfromlabel keygen \ >+ revoke settime signzone verify; do >+ rm -f "${D}"/usr/{,s}bin/dnssec-"${tool}" >+ rm -f "${D}"/usr/share/man/man8/dnssec-"${tool}".8* >+ done >+ >+ # bug 405251, library archives aren't properly handled by --enable/disable-static >+ if ! use static-libs; then >+ find "${D}" -type f -name '*.a' -delete || die >+ fi >+ >+ # bug 405251 >+ find "${D}" -type f -name '*.la' -delete || die >+ >+ if use python; then >+ install_python_tools() { >+ dosbin bin/python/dnssec-{checkds,coverage} >+ } >+ python_foreach_impl install_python_tools >+ >+ python_replicate_script "${D}usr/sbin/dnssec-checkds" >+ python_replicate_script "${D}usr/sbin/dnssec-coverage" >+ fi >+ >+ # bug 450406 >+ dosym named.cache /var/bind/root.cache >+ >+ dosym /var/bind/pri /etc/bind/pri >+ dosym /var/bind/sec /etc/bind/sec >+ dosym /var/bind/dyn /etc/bind/dyn >+ keepdir /var/bind/{pri,sec,dyn} >+ >+ dodir /var/log/named >+ >+ fowners root:named /{etc,var}/bind /var/log/named /var/bind/{sec,pri,dyn} >+ fowners root:named /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} >+ fperms 0640 /var/bind/named.cache /var/bind/pri/localhost.zone /etc/bind/{bind.keys,named.conf} >+ fperms 0750 /etc/bind /var/bind/pri >+ fperms 0770 /var/log/named /var/bind/{,sec,dyn} >+ >+ systemd_newunit "${FILESDIR}/named.service-r1" named.service >+ systemd_dotmpfilesd "${FILESDIR}"/named.conf >+ exeinto /usr/libexec >+ doexe "${FILESDIR}/generate-rndc-key.sh" >+} >+ >+pkg_postinst() { >+ if [ ! -f '/etc/bind/rndc.key' ]; then >+ if use urandom; then >+ einfo "Using /dev/urandom for generating rndc.key" >+ /usr/sbin/rndc-confgen -r /dev/urandom -a >+ echo >+ else >+ einfo "Using /dev/random for generating rndc.key" >+ /usr/sbin/rndc-confgen -a >+ echo >+ fi >+ chown root:named /etc/bind/rndc.key >+ chmod 0640 /etc/bind/rndc.key >+ fi >+ >+ einfo >+ einfo "You can edit /etc/conf.d/named to customize named settings" >+ einfo >+ use mysql || use postgres || use ldap && { >+ elog "If your named depends on MySQL/PostgreSQL or LDAP," >+ elog "uncomment the specified rc_named_* lines in your" >+ elog "/etc/conf.d/named config to ensure they'll start before bind" >+ einfo >+ } >+ einfo "If you'd like to run bind in a chroot AND this is a new" >+ einfo "install OR your bind doesn't already run in a chroot:" >+ einfo "1) Uncomment and set the CHROOT variable in /etc/conf.d/named." >+ einfo "2) Run \`emerge --config '=${CATEGORY}/${PF}'\`" >+ einfo >+ >+ CHROOT=$(source /etc/conf.d/named 2>/dev/null; echo ${CHROOT}) >+ if [[ -n ${CHROOT} ]]; then >+ elog "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" >+ elog "To enable the old behaviour (without using mount) uncomment the" >+ elog "CHROOT_NOMOUNT option in your /etc/conf.d/named config." >+ elog "If you decide to use the new/default method, ensure to make backup" >+ elog "first and merge your existing configs/zones to /etc/bind and" >+ elog "/var/bind because bind will now mount the needed directories into" >+ elog "the chroot dir." >+ fi >+} >+ >+pkg_config() { >+ CHROOT=$(source /etc/conf.d/named; echo ${CHROOT}) >+ CHROOT_NOMOUNT=$(source /etc/conf.d/named; echo ${CHROOT_NOMOUNT}) >+ CHROOT_GEOIP=$(source /etc/conf.d/named; echo ${CHROOT_GEOIP}) >+ >+ if [[ -z "${CHROOT}" ]]; then >+ eerror "This config script is designed to automate setting up" >+ eerror "a chrooted bind/named. To do so, please first uncomment" >+ eerror "and set the CHROOT variable in '/etc/conf.d/named'." >+ die "Unset CHROOT" >+ fi >+ if [[ -d "${CHROOT}" ]]; then >+ ewarn "NOTE: As of net-dns/bind-9.4.3_p5-r1 the chroot part of the init-script got some major changes!" >+ ewarn "To enable the old behaviour (without using mount) uncomment the" >+ ewarn "CHROOT_NOMOUNT option in your /etc/conf.d/named config." >+ ewarn >+ ewarn "${CHROOT} already exists... some things might become overridden" >+ ewarn "press CTRL+C if you don't want to continue" >+ sleep 10 >+ fi >+ >+ echo; einfo "Setting up the chroot directory..." >+ >+ mkdir -m 0750 -p ${CHROOT} >+ mkdir -m 0755 -p ${CHROOT}/{dev,etc,var/log,run} >+ mkdir -m 0750 -p ${CHROOT}/etc/bind >+ mkdir -m 0770 -p ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ >+ # As of bind 9.8.0 >+ if has_version net-dns/bind[gost]; then >+ if [ "$(get_libdir)" = "lib64" ]; then >+ mkdir -m 0755 -p ${CHROOT}/usr/lib64/engines >+ ln -s lib64 ${CHROOT}/usr/lib >+ else >+ mkdir -m 0755 -p ${CHROOT}/usr/lib/engines >+ fi >+ fi >+ chown root:named ${CHROOT} ${CHROOT}/var/{bind,log/named} ${CHROOT}/run/named/ ${CHROOT}/etc/bind >+ >+ mknod ${CHROOT}/dev/null c 1 3 >+ chmod 0666 ${CHROOT}/dev/null >+ >+ mknod ${CHROOT}/dev/zero c 1 5 >+ chmod 0666 ${CHROOT}/dev/zero >+ >+ if use urandom; then >+ mknod ${CHROOT}/dev/urandom c 1 9 >+ chmod 0666 ${CHROOT}/dev/urandom >+ else >+ mknod ${CHROOT}/dev/random c 1 8 >+ chmod 0666 ${CHROOT}/dev/random >+ fi >+ >+ if [ "${CHROOT_NOMOUNT:-0}" -ne 0 ]; then >+ cp -a /etc/bind ${CHROOT}/etc/ >+ cp -a /var/bind ${CHROOT}/var/ >+ fi >+ >+ if [ "${CHROOT_GEOIP:-0}" -eq 1 ]; then >+ mkdir -m 0755 -p ${CHROOT}/usr/share/GeoIP >+ fi >+ >+ elog "You may need to add the following line to your syslog-ng.conf:" >+ elog "source jail { unix-stream(\"${CHROOT}/dev/log\"); };" >+} >diff --git a/net-dns/bind/files/bind-9.10.3-libressl.patch b/net-dns/bind/files/bind-9.10.3-libressl.patch >new file mode 100644 >index 0000000..a38a70d >--- /dev/null >+++ b/net-dns/bind/files/bind-9.10.3-libressl.patch >@@ -0,0 +1,110 @@ >+Fix LibreSSL compatibility, patches from OpenBSD >+ >+http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/patches/ >+ >+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_dst_openssl_h?rev=1.1&content-type=text/plain >+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssl_link_c?rev=1.1&content-type=text/plain >+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldh_link_c?rev=1.1&content-type=text/plain >+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_openssldsa_link_c?rev=1.1&content-type=text/plain >+http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/isc-bind/patches/patch-lib_dns_opensslrsa_link_c?rev=1.1&content-type=text/plain >+ >+--- lib/dns/dst_openssl.h.orig Wed Sep 16 14:00:47 2015 >++++ lib/dns/dst_openssl.h Wed Sep 16 14:02:42 2015 >+@@ -36,7 +36,7 @@ >+ #define USE_ENGINE 1 >+ #endif >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ /* >+ * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in >+ * the function like this before the BN_GENCB_new call: >+--- lib/dns/openssl_link.c.orig Wed Sep 16 14:01:23 2015 >++++ lib/dns/openssl_link.c Wed Sep 16 14:01:46 2015 >+@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) { >+ return (result == ISC_R_SUCCESS ? 1 : -1); >+ } >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ static void >+ entropy_add(const void *buf, int num, double entropy) { >+ /* >+@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in >+ UNLOCK(&locks[type]); >+ } >+ >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ static unsigned long >+ id_callback(void) { >+ return ((unsigned long)isc_thread_self()); >+@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) { >+ if (result != ISC_R_SUCCESS) >+ goto cleanup_mutexalloc; >+ CRYPTO_set_locking_callback(lock_callback); >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ CRYPTO_set_id_callback(id_callback); >+ #endif >+ >+@@ -287,7 +287,7 @@ dst__openssl_destroy(void) { >+ CRYPTO_cleanup_all_ex_data(); >+ #endif >+ ERR_clear_error(); >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ ERR_remove_state(0); >+ #endif >+ ERR_free_strings(); >+--- lib/dns/openssldh_link.c.orig Wed Sep 16 14:01:23 2015 >++++ lib/dns/openssldh_link.c Wed Sep 16 14:02:06 2015 >+@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void >+ DH *dh = NULL; >+ #if OPENSSL_VERSION_NUMBER > 0x00908000L >+ BN_GENCB *cb; >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ BN_GENCB _cb; >+ #endif >+ union { >+@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void >+ if (dh == NULL) >+ return (dst__openssl_toresult(ISC_R_NOMEMORY)); >+ cb = BN_GENCB_new(); >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ if (cb == NULL) { >+ DH_free(dh); >+ return (dst__openssl_toresult(ISC_R_NOMEMORY)); >+--- lib/dns/openssldsa_link.c.orig Wed Sep 16 14:01:23 2015 >++++ lib/dns/openssldsa_link.c Wed Sep 16 14:02:22 2015 >+@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( >+ isc_result_t result; >+ #if OPENSSL_VERSION_NUMBER > 0x00908000L >+ BN_GENCB *cb; >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ BN_GENCB _cb; >+ #endif >+ union { >+@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( >+ if (dsa == NULL) >+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); >+ cb = BN_GENCB_new(); >+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L >++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) >+ if (cb == NULL) { >+ DSA_free(dsa); >+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); >+--- lib/dns/opensslrsa_link.c.orig Wed Sep 16 14:01:23 2015 >++++ lib/dns/opensslrsa_link.c Wed Sep 16 14:02:31 2015 >+@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca >+ } u; >+ RSA *rsa = RSA_new(); >+ BIGNUM *e = BN_new(); >+-#if OPENSSL_VERSION_NUMBER < 0x10100000L >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >+ BN_GENCB _cb; >+ #endif >+ BN_GENCB *cb = BN_GENCB_new(); >-- >2.6.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=414798">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 563362
: 414798 |
414800
|
414802
