From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 5 Jul 2014 11:39:13 +0000 (+0200)
Subject: Update nettle to version 3.0.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b66edc18d7954e235c08a0ea4bc82f0896f8cf59;p=people%2Fms%2Fipfire-2.x.git

Update nettle to version 3.0.

Requires some fixes in dnsmasq which can be dropped
with the next release.
---

diff --git a/config/rootfiles/common/nettle b/config/rootfiles/common/nettle
index 1de06f2fe4..53185e662c 100644
--- a/config/rootfiles/common/nettle
+++ b/config/rootfiles/common/nettle
@@ -1,5 +1,6 @@
 #usr/bin/nettle-hash
 #usr/bin/nettle-lfib-stream
+#usr/bin/nettle-pbkdf2
 #usr/bin/pkcs1-conv
 #usr/bin/sexp-conv
 #usr/include/nettle
@@ -15,10 +16,15 @@
 #usr/include/nettle/camellia.h
 #usr/include/nettle/cast128.h
 #usr/include/nettle/cbc.h
+#usr/include/nettle/ccm.h
+#usr/include/nettle/chacha-poly1305.h
+#usr/include/nettle/chacha.h
 #usr/include/nettle/ctr.h
 #usr/include/nettle/des-compat.h
 #usr/include/nettle/des.h
+#usr/include/nettle/dsa-compat.h
 #usr/include/nettle/dsa.h
+#usr/include/nettle/eax.h
 #usr/include/nettle/ecc-curve.h
 #usr/include/nettle/ecc.h
 #usr/include/nettle/ecdsa.h
@@ -38,9 +44,9 @@
 #usr/include/nettle/pbkdf2.h
 #usr/include/nettle/pgp.h
 #usr/include/nettle/pkcs1.h
+#usr/include/nettle/poly1305.h
 #usr/include/nettle/realloc.h
 #usr/include/nettle/ripemd160.h
-#usr/include/nettle/rsa-compat.h
 #usr/include/nettle/rsa.h
 #usr/include/nettle/salsa20.h
 #usr/include/nettle/serpent.h
@@ -54,12 +60,12 @@
 #usr/include/nettle/yarrow.h
 #usr/lib/libhogweed.a
 #usr/lib/libhogweed.so
-usr/lib/libhogweed.so.2
-usr/lib/libhogweed.so.2.5
+#usr/lib/libhogweed.so.3
+#usr/lib/libhogweed.so.3.0
 #usr/lib/libnettle.a
 #usr/lib/libnettle.so
-usr/lib/libnettle.so.4
-usr/lib/libnettle.so.4.7
+#usr/lib/libnettle.so.5
+#usr/lib/libnettle.so.5.0
 #usr/lib/pkgconfig/hogweed.pc
 #usr/lib/pkgconfig/nettle.pc
 #usr/share/info/nettle.info
diff --git a/lfs/dnsmasq b/lfs/dnsmasq
index 29de283d97..58b001755d 100644
--- a/lfs/dnsmasq
+++ b/lfs/dnsmasq
@@ -72,6 +72,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.70-Add-support-to-read-ISC-DHCP-lease-file.patch
 	cd $(DIR_APP) && sed -i src/config.h \
 		-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
diff --git a/lfs/nettle b/lfs/nettle
index 59c013ea59..0ea42f343f 100644
--- a/lfs/nettle
+++ b/lfs/nettle
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.7.1
+VER        = 3.0
 
 THISAPP    = nettle-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 003d5147911317931dd453520eb234a5
+$(DL_FILE)_MD5 = f64b1bf1e774b7ae6e507318e340250e
 
 install : $(TARGET)
 
diff --git a/src/patches/dnsmasq-2.71-support-nettle-3.0.patch b/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
new file mode 100644
index 0000000000..593a7cd8d0
--- /dev/null
+++ b/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
@@ -0,0 +1,65 @@
+From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 18 Jun 2014 20:52:53 +0100
+Subject: [PATCH] Fix FTBFS with Nettle-3.0.
+
+---
+ CHANGELOG    |    3 +++
+ src/dnssec.c |   18 ++++++++++++------
+ 2 files changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 2ffb75d..69bfc29 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -28,6 +28,12 @@
+ #include <nettle/nettle-meta.h>
+ #include <nettle/bignum.h>
+ 
++/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
++   to detect Nettle-3, and invoke the backwards compatibility mode. */
++#ifdef dsa_params_init
++#include <nettle/dsa-compat.h>
++#endif
++
+ 
+ #define SERIAL_UNDEF  -100
+ #define SERIAL_EQ        0
+@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
+   return 1;
+ }
+   
+-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+-		      unsigned char *digest, int algo)
++static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++			      unsigned char *digest, int algo)
+ {
+   unsigned char *p;
+   size_t exp_len;
+@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
+   return 0;
+ }  
+ 
+-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+-		      unsigned char *digest, int algo)
++static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++			      unsigned char *digest, int algo)
+ {
+   unsigned char *p;
+   unsigned int t;
+@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
+   switch (algo)
+     {
+     case 1: case 5: case 7: case 8: case 10:
+-      return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++      return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+       
+     case 3: case 6: 
+-      return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++      return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+  
+ #ifndef NO_NETTLE_ECC   
+     case 13: case 14:
+-- 
+1.7.10.4
+
diff --git a/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch b/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
new file mode 100644
index 0000000000..374c9eca11
--- /dev/null
+++ b/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
@@ -0,0 +1,88 @@
+From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 17 Jun 2014 19:49:31 +0100
+Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp
+
+---
+ Makefile        |    2 +-
+ bld/pkg-wrapper |    9 +++++++--
+ src/config.h    |    7 +++++++
+ src/dnssec.c    |    3 ++-
+ 4 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index c58b50b..17eeb27 100644
+--- a/Makefile
++++ b/Makefile
+@@ -61,7 +61,7 @@ lua_cflags =    `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON
+ lua_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1` 
+ nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
+ nettle_libs =   `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
+-gmp_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp`
++gmp_libs =      `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
+ sunos_libs =    `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
+ version =     -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
+ 
+diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
+index 9f9332d..0ddb678 100755
+--- a/bld/pkg-wrapper
++++ b/bld/pkg-wrapper
+@@ -11,9 +11,14 @@ in=`cat`
+ 
+ if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
+     echo $in | grep $search >/dev/null 2>&1; then
+-
++# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP
+     if [ $op = "--copy" ]; then
+-	pkg="$*"
++	if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
++            echo $in | grep $pkg >/dev/null 2>&1; then
++	    pkg=""
++	else 
++	    pkg="$*"
++	fi
+     elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
+ 	      echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
+ 	pkg=`$pkg  --static $op $*`
+diff --git a/src/config.h b/src/config.h
+index 2155544..ee6d218 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -105,6 +105,8 @@ HAVE_AUTH
+    define this to include the facility to act as an authoritative DNS
+    server for one or more zones.
+ 
++HAVE_DNSSEC
++   include DNSSEC validator.
+ 
+ NO_IPV6
+ NO_TFTP
+@@ -118,6 +120,11 @@ NO_AUTH
+    which are enabled  by default in the distributed source tree. Building dnsmasq
+    with something like "make COPTS=-DNO_SCRIPT" will do the trick.
+ 
++NO_NETTLE_ECC
++   Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
++NO_GMP
++   Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
++
+ LEASEFILE
+ CONFFILE
+ RESOLVFILE
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 44d626b..2ffb75d 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -26,7 +26,8 @@
+ #  include <nettle/ecc-curve.h>
+ #endif
+ #include <nettle/nettle-meta.h>
+-#include <gmp.h>
++#include <nettle/bignum.h>
++
+ 
+ #define SERIAL_UNDEF  -100
+ #define SERIAL_EQ        0
+-- 
+1.7.10.4
+