From bdfc4efd670bdccba4e5f4969b72639aefdfe7d2 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Sat, 28 Nov 2015 18:26:59 +0000 Subject: [PATCH] bind: add patch to build with libressl 2.3 --- pkgs/servers/dns/bind/default.nix | 4 +- pkgs/servers/dns/bind/libressl.patch | 102 +++++++++++++++++++++++++++ 2 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 pkgs/servers/dns/bind/libressl.patch diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix index c44f507f2ead..64c461b70ea3 100644 --- a/pkgs/servers/dns/bind/default.nix +++ b/pkgs/servers/dns/bind/default.nix @@ -10,10 +10,12 @@ stdenv.mkDerivation rec { sha256 = "1w4gp4hdkb452nmz91l413d1rx89isl2l6wv8kpbdd2afpc3phws"; }; - patchPhase = '' + postPatchPhase = '' sed -i 's/^\t.*run/\t/' Makefile.in ''; + patches = [ ./libressl.patch ]; + buildInputs = [ openssl libtool perl libxml2 ]; configureFlags = [ diff --git a/pkgs/servers/dns/bind/libressl.patch b/pkgs/servers/dns/bind/libressl.patch new file mode 100644 index 000000000000..b77f24ee429a --- /dev/null +++ b/pkgs/servers/dns/bind/libressl.patch @@ -0,0 +1,102 @@ +$OpenBSD: patch-lib_dns_openssl_link_c,v 1.1 2015/09/16 15:28:16 sthen Exp $ +--- a/lib/dns/openssl_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/openssl_link.c Wed Sep 16 14:01:46 2015 +@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) { + return (result == ISC_R_SUCCESS ? 1 : -1); + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + static void + entropy_add(const void *buf, int num, double entropy) { + /* +@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, in + UNLOCK(&locks[type]); + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + static unsigned long + id_callback(void) { + return ((unsigned long)isc_thread_self()); +@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) { + if (result != ISC_R_SUCCESS) + goto cleanup_mutexalloc; + CRYPTO_set_locking_callback(lock_callback); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_set_id_callback(id_callback); + #endif + +@@ -287,7 +287,7 @@ dst__openssl_destroy(void) { + CRYPTO_cleanup_all_ex_data(); + #endif + ERR_clear_error(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ERR_remove_state(0); + #endif + ERR_free_strings(); +--- a/lib/dns/dst_openssl.h Wed Sep 16 14:00:47 2015 ++++ b/lib/dns/dst_openssl.h Wed Sep 16 14:02:42 2015 +@@ -36,7 +36,7 @@ + #define USE_ENGINE 1 + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* + * These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in + * the function like this before the BN_GENCB_new call: +--- a/lib/dns/openssldh_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/openssldh_link.c Wed Sep 16 14:02:06 2015 +@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void + DH *dh = NULL; + #if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB *cb; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + BN_GENCB _cb; + #endif + union { +@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void + if (dh == NULL) + return (dst__openssl_toresult(ISC_R_NOMEMORY)); + cb = BN_GENCB_new(); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (cb == NULL) { + DH_free(dh); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); +--- a/lib/dns/openssldsa_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/openssldsa_link.c Wed Sep 16 14:02:22 2015 +@@ -359,7 +359,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( + isc_result_t result; + #if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB *cb; +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + BN_GENCB _cb; + #endif + union { +@@ -383,7 +383,7 @@ openssldsa_generate(dst_key_t *key, int unused, void ( + if (dsa == NULL) + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + cb = BN_GENCB_new(); +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + if (cb == NULL) { + DSA_free(dsa); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); +$OpenBSD: patch-lib_dns_opensslrsa_link_c,v 1.1 2015/09/16 15:28:16 sthen Exp $ +--- a/lib/dns/opensslrsa_link.c Wed Sep 16 14:01:23 2015 ++++ b/lib/dns/opensslrsa_link.c Wed Sep 16 14:02:31 2015 +@@ -771,7 +771,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*ca + } u; + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + BN_GENCB _cb; + #endif + BN_GENCB *cb = BN_GENCB_new();