summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD9
-rw-r--r--openssl-1.1.patch60
3 files changed, 69 insertions, 4 deletions
diff --git a/.SRCINFO b/.SRCINFO
index eeb2daf8c50d..1329fd00b374 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = dnssec-trigger
pkgdesc = Reconfigures the local unbound DNS server to use DNSSEC enabled forwarders
pkgver = 0.14
- pkgrel = 1
+ pkgrel = 2
url = http://www.nlnetlabs.nl/projects/dnssec-trigger/
arch = i686
arch = x86_64
@@ -15,10 +15,12 @@ pkgbase = dnssec-trigger
source = dnssec-triggerd.service
source = dnssec-triggerd-keygen.service
source = gtk-update-icon-cache-invocation.patch
+ source = openssl-1.1.patch
sha256sums = f8d2cf7f451f713be0505c9e4b26bc10ac299a84cd489afe80d3ddd9aa55cf5b
sha256sums = c8ed3ef4ec9cba0bd00f47bfbf0e59c318130615aca4370bc597d98365445be9
sha256sums = 831f2cf40687325d50fcc11a74050198d9a24f230749e3570cf9153abf3db12e
sha256sums = 5710dd86e0b8534096274ace3fe6cd224c440a6e86f4ed6bbdb0753146717121
+ sha256sums = b5fca9809783f9ca1cbd981585ee13f8ddf3243c1766a86d66e65e6a9bc3e92b
pkgname = dnssec-trigger
diff --git a/PKGBUILD b/PKGBUILD
index 80eee6058e16..5bbec1e67bac 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@
pkgname=dnssec-trigger
pkgver=0.14
-pkgrel=1
+pkgrel=2
pkgdesc="Reconfigures the local unbound DNS server to use DNSSEC enabled forwarders"
arch=('i686' 'x86_64')
url="http://www.nlnetlabs.nl/projects/dnssec-trigger/"
@@ -15,15 +15,18 @@ backup=('etc/dnssec.conf'
source=(http://www.nlnetlabs.nl/downloads/dnssec-trigger/$pkgname-$pkgver.tar.gz
dnssec-triggerd.service
dnssec-triggerd-keygen.service
- gtk-update-icon-cache-invocation.patch)
+ gtk-update-icon-cache-invocation.patch
+ openssl-1.1.patch)
sha256sums=('f8d2cf7f451f713be0505c9e4b26bc10ac299a84cd489afe80d3ddd9aa55cf5b'
'c8ed3ef4ec9cba0bd00f47bfbf0e59c318130615aca4370bc597d98365445be9'
'831f2cf40687325d50fcc11a74050198d9a24f230749e3570cf9153abf3db12e'
- '5710dd86e0b8534096274ace3fe6cd224c440a6e86f4ed6bbdb0753146717121')
+ '5710dd86e0b8534096274ace3fe6cd224c440a6e86f4ed6bbdb0753146717121'
+ 'b5fca9809783f9ca1cbd981585ee13f8ddf3243c1766a86d66e65e6a9bc3e92b')
prepare() {
cd "$srcdir/$pkgname-$pkgver"
patch -p1 -i "$srcdir/gtk-update-icon-cache-invocation.patch"
+ patch -p1 -i "$srcdir/openssl-1.1.patch"
sed -i "s!/usr/libexec/!/usr/lib/$pkgname/!g" 01-dnssec-trigger.in
}
diff --git a/openssl-1.1.patch b/openssl-1.1.patch
new file mode 100644
index 000000000000..ea6435cde00f
--- /dev/null
+++ b/openssl-1.1.patch
@@ -0,0 +1,60 @@
+diff -aur dnssec-trigger-0.14/riggerd/cfg.c dnssec-trigger-0.14-patched/riggerd/cfg.c
+--- dnssec-trigger-0.14/riggerd/cfg.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/cfg.c 2017-11-18 11:21:50.477359449 +0100
+@@ -540,9 +540,11 @@
+ if(!ctx)
+ return ctx_err_ret(ctx, err, errlen,
+ "could not allocate SSL_CTX pointer");
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
+ return ctx_err_ret(ctx, err, errlen,
+ "could not set SSL_OP_NO_SSLv2");
++#endif
+ if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
+ !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
+ || !SSL_CTX_check_private_key(ctx))
+diff -aur dnssec-trigger-0.14/riggerd/net_help.c dnssec-trigger-0.14-patched/riggerd/net_help.c
+--- dnssec-trigger-0.14/riggerd/net_help.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/net_help.c 2017-11-18 11:22:40.546960367 +0100
+@@ -447,11 +447,13 @@
+ return NULL;
+ }
+ /* no SSLv2 because has defects */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
+ log_crypto_err("could not set SSL_OP_NO_SSLv2");
+ SSL_CTX_free(ctx);
+ return NULL;
+ }
++#endif
+ if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
+ log_err("error for cert file: %s", pem);
+ log_crypto_err("error in SSL_CTX use_certificate_file");
+diff -aur dnssec-trigger-0.14/riggerd/reshook.c dnssec-trigger-0.14-patched/riggerd/reshook.c
+--- dnssec-trigger-0.14/riggerd/reshook.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/reshook.c 2017-11-18 11:23:54.853034153 +0100
+@@ -256,7 +256,7 @@
+ win_set_resolv("127.0.0.1");
+ #else /* not on windows */
+ # ifndef HOOKS_OSX /* on Linux/BSD */
+- if (system("/usr/libexec/dnssec-trigger-script --setup") == 0)
++ if (system(LIBEXEC_DIR "/dnssec-trigger-script --setup") == 0)
+ return;
+
+ if(really_set_to_localhost(cfg)) {
+diff -aur dnssec-trigger-0.14/riggerd/svr.c dnssec-trigger-0.14-patched/riggerd/svr.c
+--- dnssec-trigger-0.14/riggerd/svr.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/svr.c 2017-11-18 11:23:10.156724197 +0100
+@@ -162,10 +162,12 @@
+ return 0;
+ }
+ /* no SSLv2 because has defects */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
+ log_crypto_err("could not set SSL_OP_NO_SSLv2");
+ return 0;
+ }
++#endif
+ s_cert = s->cfg->server_cert_file;
+ s_key = s->cfg->server_key_file;
+ verbose(VERB_ALGO, "setup SSL certificates");