From 6256c3a0d10d465552d236b1c72f6df98d417b9c Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 11 Feb 2019 13:58:08 +0000 Subject: dns/unbound: Import patch to fix hostname verification with OpenSSL 1.0.2 PR: 235571 Approved by: Jaap Akkerhuis (maintainer) Obtained from: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206#c5 https://github.com/pfsense/FreeBSD-ports/commit/af2c493a0dfa99e2afc6e3f9236aad10021d6b39 Sponsored by: Rubicon Communications, LLC (Netgate) --- dns/unbound/Makefile | 1 + dns/unbound/files/patch-daemon_remote.c | 11 +++++++++++ dns/unbound/files/patch-iterator_iter__fwd.c | 11 +++++++++++ dns/unbound/files/patch-iterator_iter__hints.c | 11 +++++++++++ 4 files changed, 34 insertions(+) create mode 100644 dns/unbound/files/patch-daemon_remote.c create mode 100644 dns/unbound/files/patch-iterator_iter__fwd.c create mode 100644 dns/unbound/files/patch-iterator_iter__hints.c (limited to 'dns/unbound') diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile index 8c1da84c83a3..698b45a270d1 100644 --- a/dns/unbound/Makefile +++ b/dns/unbound/Makefile @@ -3,6 +3,7 @@ PORTNAME= unbound PORTVERSION= 1.9.0 +PORTREVISION= 1 CATEGORIES= dns MASTER_SITES= https://www.nlnetlabs.nl/downloads/unbound/ \ https://distfiles.crux.guru/ diff --git a/dns/unbound/files/patch-daemon_remote.c b/dns/unbound/files/patch-daemon_remote.c new file mode 100644 index 000000000000..cfa503a582f5 --- /dev/null +++ b/dns/unbound/files/patch-daemon_remote.c @@ -0,0 +1,11 @@ +--- daemon/remote.c.orig 2019-01-23 09:35:52 UTC ++++ daemon/remote.c +@@ -1987,7 +1987,7 @@ parse_delegpt(RES* ssl, char* args, uint8_t* nm, int a + return NULL; + } + } else { +-#ifndef HAVE_SSL_SET1_HOST ++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) + if(auth_name) + log_err("no name verification functionality in " + "ssl library, ignored name for %s", todo); diff --git a/dns/unbound/files/patch-iterator_iter__fwd.c b/dns/unbound/files/patch-iterator_iter__fwd.c new file mode 100644 index 000000000000..fc328b0fa5d6 --- /dev/null +++ b/dns/unbound/files/patch-iterator_iter__fwd.c @@ -0,0 +1,11 @@ +--- iterator/iter_fwd.c.orig 2018-08-09 12:44:40 UTC ++++ iterator/iter_fwd.c +@@ -239,7 +239,7 @@ read_fwds_addr(struct config_stub* s, struct delegpt* + s->name, p->str); + return 0; + } +-#ifndef HAVE_SSL_SET1_HOST ++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) + if(tls_auth_name) + log_err("no name verification functionality in " + "ssl library, ignored name for %s", p->str); diff --git a/dns/unbound/files/patch-iterator_iter__hints.c b/dns/unbound/files/patch-iterator_iter__hints.c new file mode 100644 index 000000000000..4e85a91bad99 --- /dev/null +++ b/dns/unbound/files/patch-iterator_iter__hints.c @@ -0,0 +1,11 @@ +--- iterator/iter_hints.c.orig 2018-08-09 12:44:40 UTC ++++ iterator/iter_hints.c +@@ -252,7 +252,7 @@ read_stubs_addr(struct config_stub* s, struct delegpt* + s->name, p->str); + return 0; + } +-#ifndef HAVE_SSL_SET1_HOST ++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) + if(auth_name) + log_err("no name verification functionality in " + "ssl library, ignored name for %s", p->str); -- cgit v1.2.3