+From cdb755c5f16a6768c3e8b1f345fe15fc9244228d Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Wed, 18 Jun 2014 20:52:53 +0100
+Subject: [PATCH] Fix FTBFS with Nettle-3.0.
+
+---
+ CHANGELOG | 3 +++
+ src/dnssec.c | 18 ++++++++++++------
+ 2 files changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/src/dnssec.c b/src/dnssec.c
+index 2ffb75d..69bfc29 100644
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -28,6 +28,12 @@
+ #include <nettle/nettle-meta.h>
+ #include <nettle/bignum.h>
+
++/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
++ to detect Nettle-3, and invoke the backwards compatibility mode. */
++#ifdef dsa_params_init
++#include <nettle/dsa-compat.h>
++#endif
++
+
+ #define SERIAL_UNDEF -100
+ #define SERIAL_EQ 0
+@@ -121,8 +127,8 @@ static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char
+ return 1;
+ }
+
+-static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+- unsigned char *digest, int algo)
++static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++ unsigned char *digest, int algo)
+ {
+ unsigned char *p;
+ size_t exp_len;
+@@ -173,8 +179,8 @@ static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned
+ return 0;
+ }
+
+-static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+- unsigned char *digest, int algo)
++static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
++ unsigned char *digest, int algo)
+ {
+ unsigned char *p;
+ unsigned int t;
+@@ -293,10 +299,10 @@ static int verify(struct blockdata *key_data, unsigned int key_len, unsigned cha
+ switch (algo)
+ {
+ case 1: case 5: case 7: case 8: case 10:
+- return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++ return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+ case 3: case 6:
+- return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
++ return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+ #ifndef NO_NETTLE_ECC
+ case 13: case 14:
+--
+1.7.10.4
+