commit: 1894204dbd5de656fcbc78abc530c0346824f6e4
parent 843eaf0bedec3fba1205c0e5182bb9491abd3e13
Author: Michael Forney <mforney@mforney.org>
Date: Mon, 9 Dec 2019 00:24:28 -0800
nsd: Update to 4.2.4
Diffstat:
7 files changed, 50 insertions(+), 32 deletions(-)
diff --git a/pkg/nsd/.gitignore b/pkg/nsd/.gitignore
@@ -1,2 +1,2 @@
-/nsd-4.2.3.tar.gz
+/nsd-4.2.4.tar.gz
/src
diff --git a/pkg/nsd/config.h b/pkg/nsd/config.h
@@ -22,10 +22,12 @@
#define HAVE_CHOWN 1
#define HAVE_CHROOT 1
#define HAVE_CLOCK_GETTIME 1
+/* #undef HAVE_CRYPTO_MEMCMP */
#define HAVE_CTIME_R_PROTO 1
/* #undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO */
/* #undef HAVE_DECL_SSL_CTX_SET_TMP_ECDH */
#define HAVE_DUP2 1
+/* #undef HAVE_EC_KEY_NEW_BY_CURVE_NAME */
#define HAVE_ENDIAN_H 1
#define HAVE_ENDPWENT 1
/* #undef HAVE_ERR_LOAD_CRYPTO_STRINGS */
@@ -128,6 +130,7 @@
#define HAVE_SYS_WAIT_H 1
/* #undef HAVE_TCPD_H */
#define HAVE_TIME_H 1
+#define HAVE_TIMINGSAFE_MEMCMP 1
#define HAVE_TZSET 1
#define HAVE_UNISTD_H 1
/* #undef HAVE_VA_LIST_DOUBLE_DEF */
@@ -152,10 +155,10 @@
/* #undef NSEC3 */
#define PACKAGE_BUGREPORT "nsd-bugs@nlnetlabs.nl"
#define PACKAGE_NAME "NSD"
-#define PACKAGE_STRING "NSD 4.2.3"
+#define PACKAGE_STRING "NSD 4.2.4"
#define PACKAGE_TARNAME "nsd"
#define PACKAGE_URL ""
-#define PACKAGE_VERSION "4.2.3"
+#define PACKAGE_VERSION "4.2.4"
/* #undef PACKED_STRUCTS */
#define PIDFILE "/run/nsd.pid"
/* #undef RATELIMIT */
diff --git a/pkg/nsd/patch/0002-Use-timingsafe_memcmp-if-available.patch b/pkg/nsd/patch/0002-Use-timingsafe_memcmp-if-available.patch
@@ -0,0 +1,41 @@
+From 8bb168cfe8640134c5c654fdda91632c6f131aa9 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 21 Aug 2018 15:52:34 -0700
+Subject: [PATCH] Use timingsafe_memcmp if available
+
+---
+ configure.ac | 2 +-
+ tsig.c | 4 +++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 806d8fba..b8e498f3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -628,7 +628,7 @@ AC_CHECK_SIZEOF(void*)
+ AC_CHECK_SIZEOF(off_t)
+ AC_CHECK_FUNCS([arc4random arc4random_uniform])
+ AC_SEARCH_LIBS([setusercontext],[util],[AC_CHECK_HEADERS([login_cap.h])])
+-AC_CHECK_FUNCS([tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrinfo getnameinfo freeaddrinfo gai_strerror sigaction sigprocmask strptime strftime localtime_r setusercontext glob initgroups setresuid setreuid setresgid setregid getpwnam mmap ppoll clock_gettime accept4])
++AC_CHECK_FUNCS([tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrinfo getnameinfo freeaddrinfo gai_strerror sigaction sigprocmask strptime strftime localtime_r setusercontext glob initgroups setresuid setreuid setresgid setregid getpwnam mmap ppoll clock_gettime accept4 timingsafe_memcmp])
+
+ AC_CHECK_TYPE([struct mmsghdr], AC_DEFINE(HAVE_MMSGHDR, 1, [If sys/socket.h has a struct mmsghdr.]), [], [
+ AC_INCLUDES_DEFAULT
+diff --git a/tsig.c b/tsig.c
+index 91ca99b9..8c63ecfa 100644
+--- a/tsig.c
++++ b/tsig.c
+@@ -19,7 +19,9 @@
+ #include "query.h"
+ #include "rbtree.h"
+
+-#if !defined(HAVE_SSL) || !defined(HAVE_CRYPTO_MEMCMP)
++#if defined(HAVE_TIMINGSAFE_MEMCMP)
++#define CRYPTO_memcmp timingsafe_memcmp
++#elif !defined(HAVE_SSL) || !defined(HAVE_CRYPTO_MEMCMP)
+ /* we need fixed time compare */
+ #define CRYPTO_memcmp memcmp_fixedtime
+ int memcmp_fixedtime(const void *s1, const void *s2, size_t n)
+--
+2.24.0
+
diff --git a/pkg/nsd/patch/0002-Use-timingsafe_memcmp-instead-of-CRYPTO_memcmp.patch b/pkg/nsd/patch/0002-Use-timingsafe_memcmp-instead-of-CRYPTO_memcmp.patch
@@ -1,26 +0,0 @@
-From 8d5f6f5c73c68ec5189ed626d515927cba700a32 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Tue, 21 Aug 2018 15:52:34 -0700
-Subject: [PATCH] Use timingsafe_memcmp instead of CRYPTO_memcmp
-
-We do not build with OpenSSL support, so CRYPTO_memcmp is unavailable.
----
- tsig.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tsig.c b/tsig.c
-index a450a8b3..d43ba362 100644
---- a/tsig.c
-+++ b/tsig.c
-@@ -530,7 +530,7 @@ tsig_verify(tsig_record_type *tsig)
- &tsig->prior_mac_size);
-
- if (tsig->mac_size != tsig->prior_mac_size
-- || CRYPTO_memcmp(tsig->mac_data,
-+ || timingsafe_memcmp(tsig->mac_data,
- tsig->prior_mac_data,
- tsig->mac_size) != 0)
- {
---
-2.23.0
-
diff --git a/pkg/nsd/sha256 b/pkg/nsd/sha256
@@ -1 +1 @@
-817d963b39d2af982f6a523f905cfd5b14a3707220a8da8f3013f34cdfe5c498 nsd-4.2.3.tar.gz
+9ebd6d766765631a56c0eb332eac26b310fa39f662e5582c8210488cf91ef27c nsd-4.2.4.tar.gz
diff --git a/pkg/nsd/url b/pkg/nsd/url
@@ -1 +1 @@
-url = "https://www.nlnetlabs.nl/downloads/nsd/nsd-4.2.3.tar.gz"
+url = "https://www.nlnetlabs.nl/downloads/nsd/nsd-4.2.4.tar.gz"
diff --git a/pkg/nsd/ver b/pkg/nsd/ver
@@ -1 +1 @@
-4.2.3 r0
+4.2.4 r0
