summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2019-02-11 13:58:08 +0000
committerRenato Botelho <garga@FreeBSD.org>2019-02-11 13:58:08 +0000
commit6256c3a0d10d465552d236b1c72f6df98d417b9c (patch)
tree8c6ea3e9de8f138591074be1a154b8d770c607fd
parent57c8dd1b0476b73e404a16a55a999ff5c4200a5f (diff)
downloadfreebsd-ports-6256c3a0d10d465552d236b1c72f6df98d417b9c.zip
dns/unbound: Import patch to fix hostname verification with OpenSSL 1.0.2
PR: 235571 Approved by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer) Obtained from: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206#c5 https://github.com/pfsense/FreeBSD-ports/commit/af2c493a0dfa99e2afc6e3f9236aad10021d6b39 Sponsored by: Rubicon Communications, LLC (Netgate)
-rw-r--r--dns/unbound/Makefile1
-rw-r--r--dns/unbound/files/patch-daemon_remote.c11
-rw-r--r--dns/unbound/files/patch-iterator_iter__fwd.c11
-rw-r--r--dns/unbound/files/patch-iterator_iter__hints.c11
4 files changed, 34 insertions, 0 deletions
diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile
index 8c1da84c83a3..698b45a270d1 100644
--- a/dns/unbound/Makefile
+++ b/dns/unbound/Makefile
@@ -3,6 +3,7 @@
PORTNAME= unbound
PORTVERSION= 1.9.0
+PORTREVISION= 1
CATEGORIES= dns
MASTER_SITES= https://www.nlnetlabs.nl/downloads/unbound/ \
https://distfiles.crux.guru/
diff --git a/dns/unbound/files/patch-daemon_remote.c b/dns/unbound/files/patch-daemon_remote.c
new file mode 100644
index 000000000000..cfa503a582f5
--- /dev/null
+++ b/dns/unbound/files/patch-daemon_remote.c
@@ -0,0 +1,11 @@
+--- daemon/remote.c.orig 2019-01-23 09:35:52 UTC
++++ daemon/remote.c
+@@ -1987,7 +1987,7 @@ parse_delegpt(RES* ssl, char* args, uint8_t* nm, int a
+ return NULL;
+ }
+ } else {
+-#ifndef HAVE_SSL_SET1_HOST
++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+ if(auth_name)
+ log_err("no name verification functionality in "
+ "ssl library, ignored name for %s", todo);
diff --git a/dns/unbound/files/patch-iterator_iter__fwd.c b/dns/unbound/files/patch-iterator_iter__fwd.c
new file mode 100644
index 000000000000..fc328b0fa5d6
--- /dev/null
+++ b/dns/unbound/files/patch-iterator_iter__fwd.c
@@ -0,0 +1,11 @@
+--- iterator/iter_fwd.c.orig 2018-08-09 12:44:40 UTC
++++ iterator/iter_fwd.c
+@@ -239,7 +239,7 @@ read_fwds_addr(struct config_stub* s, struct delegpt*
+ s->name, p->str);
+ return 0;
+ }
+-#ifndef HAVE_SSL_SET1_HOST
++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+ if(tls_auth_name)
+ log_err("no name verification functionality in "
+ "ssl library, ignored name for %s", p->str);
diff --git a/dns/unbound/files/patch-iterator_iter__hints.c b/dns/unbound/files/patch-iterator_iter__hints.c
new file mode 100644
index 000000000000..4e85a91bad99
--- /dev/null
+++ b/dns/unbound/files/patch-iterator_iter__hints.c
@@ -0,0 +1,11 @@
+--- iterator/iter_hints.c.orig 2018-08-09 12:44:40 UTC
++++ iterator/iter_hints.c
+@@ -252,7 +252,7 @@ read_stubs_addr(struct config_stub* s, struct delegpt*
+ s->name, p->str);
+ return 0;
+ }
+-#ifndef HAVE_SSL_SET1_HOST
++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+ if(auth_name)
+ log_err("no name verification functionality in "
+ "ssl library, ignored name for %s", p->str);