#usr/bin/nettle-hash
#usr/bin/nettle-lfib-stream
+#usr/bin/nettle-pbkdf2
#usr/bin/pkcs1-conv
#usr/bin/sexp-conv
#usr/include/nettle
#usr/include/nettle/camellia.h
#usr/include/nettle/cast128.h
#usr/include/nettle/cbc.h
+#usr/include/nettle/ccm.h
+#usr/include/nettle/chacha-poly1305.h
+#usr/include/nettle/chacha.h
#usr/include/nettle/ctr.h
#usr/include/nettle/des-compat.h
#usr/include/nettle/des.h
+#usr/include/nettle/dsa-compat.h
#usr/include/nettle/dsa.h
+#usr/include/nettle/eax.h
#usr/include/nettle/ecc-curve.h
#usr/include/nettle/ecc.h
#usr/include/nettle/ecdsa.h
#usr/include/nettle/pbkdf2.h
#usr/include/nettle/pgp.h
#usr/include/nettle/pkcs1.h
+#usr/include/nettle/poly1305.h
#usr/include/nettle/realloc.h
#usr/include/nettle/ripemd160.h
-#usr/include/nettle/rsa-compat.h
#usr/include/nettle/rsa.h
#usr/include/nettle/salsa20.h
#usr/include/nettle/serpent.h
#usr/include/nettle/yarrow.h
#usr/lib/libhogweed.a
#usr/lib/libhogweed.so
-usr/lib/libhogweed.so.2
-usr/lib/libhogweed.so.2.5
+#usr/lib/libhogweed.so.3
+#usr/lib/libhogweed.so.3.0
#usr/lib/libnettle.a
#usr/lib/libnettle.so
-usr/lib/libnettle.so.4
-usr/lib/libnettle.so.4.7
+#usr/lib/libnettle.so.5
+#usr/lib/libnettle.so.5.0
#usr/lib/pkgconfig/hogweed.pc
#usr/lib/pkgconfig/nettle.pc
#usr/share/info/nettle.info
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-use-nettle-with-minigmp.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.71-support-nettle-3.0.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-2.70-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \
-e 's|/\* #define HAVE_IDN \*/|#define HAVE_IDN|g' \
include Config
-VER = 2.7.1
+VER = 3.0
THISAPP = nettle-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 003d5147911317931dd453520eb234a5
+$(DL_FILE)_MD5 = f64b1bf1e774b7ae6e507318e340250e
install : $(TARGET)
--- /dev/null
+From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 18 Jun 2014 20:52:53 +0100
+Subject: [PATCH] Fix FTBFS with Nettle-3.0.
+
+---
+ CHANGELOG | 3 +++
+ src/dnssec.c | 18 ++++++++++++------
+ 2 files changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 2ffb75d..69bfc29 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -28,6 +28,12 @@
+ #include <nettle/nettle-meta.h>
+ #include <nettle/bignum.h>
+
++/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
++ to detect Nettle-3, and invoke the backwards compatibility mode. */
++#ifdef dsa_params_init
++#include <nettle/dsa-compat.h>
++#endif
++
+
+ #define SERIAL_UNDEF -100
+ #define SERIAL_EQ 0
+@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
+ return 1;
+ }
+
+-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+- unsigned char *digest, int algo)
++static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++ unsigned char *digest, int algo)
+ {
+ unsigned char *p;
+ size_t exp_len;
+@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
+ return 0;
+ }
+
+-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+- unsigned char *digest, int algo)
++static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++ unsigned char *digest, int algo)
+ {
+ unsigned char *p;
+ unsigned int t;
+@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
+ switch (algo)
+ {
+ case 1: case 5: case 7: case 8: case 10:
+- return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++ return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+ case 3: case 6:
+- return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++ return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+ #ifndef NO_NETTLE_ECC
+ case 13: case 14:
+--
+1.7.10.4
+
--- /dev/null
+From 063efb330a3f341c2548e2cf1f67f83e49cd6395 Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Tue, 17 Jun 2014 19:49:31 +0100
+Subject: [PATCH] Build config: add -DNO_GMP for use with nettle/mini-gmp
+
+---
+ Makefile | 2 +-
+ bld/pkg-wrapper | 9 +++++++--
+ src/config.h | 7 +++++++
+ src/dnssec.c | 3 ++-
+ 4 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index c58b50b..17eeb27 100644
+--- a/Makefile
++++ b/Makefile
+@@ -61,7 +61,7 @@ lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CON
+ lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.1`
+ nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
+ nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
+-gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --copy -lgmp`
++gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
+ sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
+ version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
+
+diff --git a/bld/pkg-wrapper b/bld/pkg-wrapper
+index 9f9332d..0ddb678 100755
+--- a/bld/pkg-wrapper
++++ b/bld/pkg-wrapper
+@@ -11,9 +11,14 @@ in=`cat`
+
+ if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
+ echo $in | grep $search >/dev/null 2>&1; then
+-
++# Nasty, nasty, in --copy, arg 2 is another config to search for, use with NO_GMP
+ if [ $op = "--copy" ]; then
+- pkg="$*"
++ if grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
++ echo $in | grep $pkg >/dev/null 2>&1; then
++ pkg=""
++ else
++ pkg="$*"
++ fi
+ elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
+ echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
+ pkg=`$pkg --static $op $*`
+diff --git a/src/config.h b/src/config.h
+index 2155544..ee6d218 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -105,6 +105,8 @@ HAVE_AUTH
+ define this to include the facility to act as an authoritative DNS
+ server for one or more zones.
+
++HAVE_DNSSEC
++ include DNSSEC validator.
+
+ NO_IPV6
+ NO_TFTP
+@@ -118,6 +120,11 @@ NO_AUTH
+ which are enabled by default in the distributed source tree. Building dnsmasq
+ with something like "make COPTS=-DNO_SCRIPT" will do the trick.
+
++NO_NETTLE_ECC
++ Don't include the ECDSA cypher in DNSSEC validation. Needed for older Nettle versions.
++NO_GMP
++ Don't use and link against libgmp, Useful if nettle is built with --enable-mini-gmp.
++
+ LEASEFILE
+ CONFFILE
+ RESOLVFILE
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 44d626b..2ffb75d 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -26,7 +26,8 @@
+ # include <nettle/ecc-curve.h>
+ #endif
+ #include <nettle/nettle-meta.h>
+-#include <gmp.h>
++#include <nettle/bignum.h>
++
+
+ #define SERIAL_UNDEF -100
+ #define SERIAL_EQ 0
+--
+1.7.10.4
+