diff options
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 9 | ||||
-rw-r--r-- | openssl-1.1.patch | 60 |
3 files changed, 69 insertions, 4 deletions
@@ -1,7 +1,7 @@ pkgbase = dnssec-trigger pkgdesc = Reconfigures the local unbound DNS server to use DNSSEC enabled forwarders pkgver = 0.14 - pkgrel = 1 + pkgrel = 2 url = http://www.nlnetlabs.nl/projects/dnssec-trigger/ arch = i686 arch = x86_64 @@ -15,10 +15,12 @@ pkgbase = dnssec-trigger source = dnssec-triggerd.service source = dnssec-triggerd-keygen.service source = gtk-update-icon-cache-invocation.patch + source = openssl-1.1.patch sha256sums = f8d2cf7f451f713be0505c9e4b26bc10ac299a84cd489afe80d3ddd9aa55cf5b sha256sums = c8ed3ef4ec9cba0bd00f47bfbf0e59c318130615aca4370bc597d98365445be9 sha256sums = 831f2cf40687325d50fcc11a74050198d9a24f230749e3570cf9153abf3db12e sha256sums = 5710dd86e0b8534096274ace3fe6cd224c440a6e86f4ed6bbdb0753146717121 + sha256sums = b5fca9809783f9ca1cbd981585ee13f8ddf3243c1766a86d66e65e6a9bc3e92b pkgname = dnssec-trigger @@ -4,7 +4,7 @@ pkgname=dnssec-trigger pkgver=0.14 -pkgrel=1 +pkgrel=2 pkgdesc="Reconfigures the local unbound DNS server to use DNSSEC enabled forwarders" arch=('i686' 'x86_64') url="http://www.nlnetlabs.nl/projects/dnssec-trigger/" @@ -15,15 +15,18 @@ backup=('etc/dnssec.conf' source=(http://www.nlnetlabs.nl/downloads/dnssec-trigger/$pkgname-$pkgver.tar.gz dnssec-triggerd.service dnssec-triggerd-keygen.service - gtk-update-icon-cache-invocation.patch) + gtk-update-icon-cache-invocation.patch + openssl-1.1.patch) sha256sums=('f8d2cf7f451f713be0505c9e4b26bc10ac299a84cd489afe80d3ddd9aa55cf5b' 'c8ed3ef4ec9cba0bd00f47bfbf0e59c318130615aca4370bc597d98365445be9' '831f2cf40687325d50fcc11a74050198d9a24f230749e3570cf9153abf3db12e' - '5710dd86e0b8534096274ace3fe6cd224c440a6e86f4ed6bbdb0753146717121') + '5710dd86e0b8534096274ace3fe6cd224c440a6e86f4ed6bbdb0753146717121' + 'b5fca9809783f9ca1cbd981585ee13f8ddf3243c1766a86d66e65e6a9bc3e92b') prepare() { cd "$srcdir/$pkgname-$pkgver" patch -p1 -i "$srcdir/gtk-update-icon-cache-invocation.patch" + patch -p1 -i "$srcdir/openssl-1.1.patch" sed -i "s!/usr/libexec/!/usr/lib/$pkgname/!g" 01-dnssec-trigger.in } diff --git a/openssl-1.1.patch b/openssl-1.1.patch new file mode 100644 index 000000000000..ea6435cde00f --- /dev/null +++ b/openssl-1.1.patch @@ -0,0 +1,60 @@ +diff -aur dnssec-trigger-0.14/riggerd/cfg.c dnssec-trigger-0.14-patched/riggerd/cfg.c +--- dnssec-trigger-0.14/riggerd/cfg.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/cfg.c 2017-11-18 11:21:50.477359449 +0100 +@@ -540,9 +540,11 @@ + if(!ctx) + return ctx_err_ret(ctx, err, errlen, + "could not allocate SSL_CTX pointer"); ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)) + return ctx_err_ret(ctx, err, errlen, + "could not set SSL_OP_NO_SSLv2"); ++#endif + if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) || + !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM) + || !SSL_CTX_check_private_key(ctx)) +diff -aur dnssec-trigger-0.14/riggerd/net_help.c dnssec-trigger-0.14-patched/riggerd/net_help.c +--- dnssec-trigger-0.14/riggerd/net_help.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/net_help.c 2017-11-18 11:22:40.546960367 +0100 +@@ -447,11 +447,13 @@ + return NULL; + } + /* no SSLv2 because has defects */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + log_crypto_err("could not set SSL_OP_NO_SSLv2"); + SSL_CTX_free(ctx); + return NULL; + } ++#endif + if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) { + log_err("error for cert file: %s", pem); + log_crypto_err("error in SSL_CTX use_certificate_file"); +diff -aur dnssec-trigger-0.14/riggerd/reshook.c dnssec-trigger-0.14-patched/riggerd/reshook.c +--- dnssec-trigger-0.14/riggerd/reshook.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/reshook.c 2017-11-18 11:23:54.853034153 +0100 +@@ -256,7 +256,7 @@ + win_set_resolv("127.0.0.1"); + #else /* not on windows */ + # ifndef HOOKS_OSX /* on Linux/BSD */ +- if (system("/usr/libexec/dnssec-trigger-script --setup") == 0) ++ if (system(LIBEXEC_DIR "/dnssec-trigger-script --setup") == 0) + return; + + if(really_set_to_localhost(cfg)) { +diff -aur dnssec-trigger-0.14/riggerd/svr.c dnssec-trigger-0.14-patched/riggerd/svr.c +--- dnssec-trigger-0.14/riggerd/svr.c 2017-06-08 17:06:17.000000000 +0200 ++++ dnssec-trigger-0.14-patched/riggerd/svr.c 2017-11-18 11:23:10.156724197 +0100 +@@ -162,10 +162,12 @@ + return 0; + } + /* no SSLv2 because has defects */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000 + if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){ + log_crypto_err("could not set SSL_OP_NO_SSLv2"); + return 0; + } ++#endif + s_cert = s->cfg->server_cert_file; + s_key = s->cfg->server_key_file; + verbose(VERB_ALGO, "setup SSL certificates"); |