From c8554ff48c6fea3ec3922e73985d89bb62ce438b Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 15 Jan 2024 16:44:27 +0100 Subject: [PATCH 01/20] - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows. --- acx_nlnetlabs.m4 | 80 ++++++++++++++++++++++++++++------------------ configure | 82 ++++++++++++++++++++++++++++++++++++------------ configure.ac | 6 +++- doc/Changelog | 3 ++ 4 files changed, 119 insertions(+), 52 deletions(-) diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index f27615bd8..579e70991 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,8 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 46 +# Version 47 +# 2024-01-15 fix to add crypt32 to -lcrypto link check when checking for gdi32. # 2023-05-04 fix to remove unused whitespace. # 2023-01-26 fix -Wstrict-prototypes. # 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. @@ -707,7 +708,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib" ACX_RUNTIME_PATH_ADD([$ssldir_lib]) fi - + AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" @@ -732,38 +733,55 @@ AC_DEFUN([ACX_SSL_CHECKS], [ ]])],[ AC_DEFINE([HAVE_EVP_SHA256], 1, [If you have EVP_sha256]) - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - AC_MSG_CHECKING([if -lcrypto needs -ldl]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32" + AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -ldl" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl" + AC_MSG_CHECKING([if -lcrypto needs -ldl]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + ]) ]) ]) ]) @@ -779,7 +797,7 @@ AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT]) dnl Check for SSL, where SSL is mandatory dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found -dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. +dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. dnl Checks main header files of SSL. dnl AC_DEFUN([ACX_WITH_SSL], diff --git a/configure b/configure index c87c669c8..2b100b613 100755 --- a/configure +++ b/configure @@ -18104,19 +18104,53 @@ else $as_echo "no" >&6; } LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5 + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32" >&5 +$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + int EVP_sha256(void); + (void)EVP_sha256(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -ldl" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5 $as_echo_n "checking if -lcrypto needs -ldl... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { - int EVP_sha256(void); - (void)EVP_sha256(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -18127,28 +18161,28 @@ if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 $as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { - int EVP_sha256(void); - (void)EVP_sha256(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -18159,14 +18193,18 @@ if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext \ @@ -20166,7 +20204,11 @@ else WINDRES="$ac_cv_prog_WINDRES" fi - LIBS="$LIBS -liphlpapi -lcrypt32" + if echo "$LIBS" | grep crypt32 >/dev/null; then + LIBS="$LIBS -liphlpapi" + else + LIBS="$LIBS -liphlpapi -lcrypt32" + fi WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" diff --git a/configure.ac b/configure.ac index 70fc7e7fd..04d4e00ed 100644 --- a/configure.ac +++ b/configure.ac @@ -1569,7 +1569,11 @@ if test "$USE_WINSOCK" = 1; then #include ]) AC_CHECK_TOOL(WINDRES, windres) - LIBS="$LIBS -liphlpapi -lcrypt32" + if echo "$LIBS" | grep crypt32 >/dev/null; then + LIBS="$LIBS -liphlpapi" + else + LIBS="$LIBS -liphlpapi -lcrypt32" + fi WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" AC_SUBST(WINAPPS) WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" diff --git a/doc/Changelog b/doc/Changelog index 23f43087d..733ba123e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +15 January 2024: Wouter + - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows. + 9 January 2024: Wouter - Merge #988: Fix NLnetLabs#981: dump_cache truncates large records. From 40fcb9120692475d2341e63718a0539040821209 Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Tue, 16 Jan 2024 16:13:29 +0100 Subject: [PATCH 02/20] Update b.root-servers.net also in example config file Addition to commit a8739bad76d4d179290627e989c7ef236345bda6, which updated only address specified in code. But addresses provided in example configuration were not updated, I think they should be updated too. --- doc/example.conf.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/example.conf.in b/doc/example.conf.in index 4085b8616..1ac155b7c 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1169,7 +1169,7 @@ remote-control: # sources of notifies. # auth-zone: # name: "." -# primary: 199.9.14.201 # b.root-servers.net +# primary: 170.247.170.2 # b.root-servers.net # primary: 192.33.4.12 # c.root-servers.net # primary: 199.7.91.13 # d.root-servers.net # primary: 192.5.5.241 # f.root-servers.net @@ -1177,7 +1177,7 @@ remote-control: # primary: 193.0.14.129 # k.root-servers.net # primary: 192.0.47.132 # xfr.cjr.dns.icann.org # primary: 192.0.32.132 # xfr.lax.dns.icann.org -# primary: 2001:500:200::b # b.root-servers.net +# primary: 2801:1b8:10::b # b.root-servers.net # primary: 2001:500:2::c # c.root-servers.net # primary: 2001:500:2d::d # d.root-servers.net # primary: 2001:500:2f::f # f.root-servers.net From c550bc154f2959796fc709ad437eb683b34afd1f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 16 Jan 2024 16:40:14 +0100 Subject: [PATCH 03/20] - Fix to link with libssp for libcrypto and getaddrinfo check for only header. Also update crosscompile to remove ssp for 32bit. --- acx_nlnetlabs.m4 | 57 +++++++++++++++++++++----- configure | 102 +++++++++++++++++++++++++++++++++++++++++------ configure.ac | 14 +++++-- doc/Changelog | 4 ++ makedist.sh | 50 +++++++++++++++++------ 5 files changed, 188 insertions(+), 39 deletions(-) diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index 579e70991..6a01dc5a4 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 47 +# Version 48 +# 2024-01-16 fix to add -l:libssp.a to -lcrypto link check. +# and check for getaddrinfo with only header. # 2024-01-15 fix to add crypt32 to -lcrypto link check when checking for gdi32. # 2023-05-04 fix to remove unused whitespace. # 2023-01-26 fix -Wstrict-prototypes. @@ -754,9 +756,9 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - AC_MSG_CHECKING([if -lcrypto needs -ldl]) + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ int EVP_sha256(void); (void)EVP_sha256(); @@ -768,9 +770,10 @@ AC_DEFUN([ACX_SSL_CHECKS], [ AC_MSG_RESULT(no) LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) + + LIBS="$LIBS -ldl" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl" + AC_MSG_CHECKING([if -lcrypto needs -ldl]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ int EVP_sha256(void); (void)EVP_sha256(); @@ -780,10 +783,25 @@ AC_DEFUN([ACX_SSL_CHECKS], [ AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) - AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + ]) ]) ]) - ]) + ]) ]) ]) fi @@ -890,7 +908,7 @@ dnl see if on windows if test "$ac_cv_header_windows_h" = "yes"; then AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) USE_WINSOCK="1" - if echo $LIBS | grep 'lws2_32' >/dev/null; then + if echo "$LIBS" | grep 'lws2_32' >/dev/null; then : else LIBS="$LIBS -lws2_32" @@ -898,6 +916,24 @@ if test "$ac_cv_header_windows_h" = "yes"; then fi ], dnl no quick getaddrinfo, try mingw32 and winsock2 library. +dnl perhaps getaddrinfo needs only the include +AC_LINK_IFELSE( +[AC_LANG_PROGRAM( +[ +#ifdef HAVE_WS2TCPIP_H +#include +#endif +], +[ + (void)getaddrinfo(NULL, NULL, NULL, NULL); +] +)], +[ +ac_cv_func_getaddrinfo="yes" +AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) +USE_WINSOCK="1" +], + ORIGLIBS="$LIBS" LIBS="$LIBS -lws2_32" AC_LINK_IFELSE( @@ -922,6 +958,7 @@ ac_cv_func_getaddrinfo="no" LIBS="$ORIGLIBS" ]) ) +) AC_MSG_RESULT($ac_cv_func_getaddrinfo) if test $ac_cv_func_getaddrinfo = yes; then diff --git a/configure b/configure index 2b100b613..1f07417ec 100755 --- a/configure +++ b/configure @@ -18138,10 +18138,10 @@ $as_echo "no" >&6; } LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5 -$as_echo_n "checking if -lcrypto needs -ldl... " >&6; } + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" >&5 +$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18170,10 +18170,11 @@ else $as_echo "no" >&6; } LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 -$as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; } + + LIBS="$LIBS -ldl" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5 +$as_echo_n "checking if -lcrypto needs -ldl... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18200,7 +18201,43 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 +$as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + int EVP_sha256(void); + (void)EVP_sha256(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext \ @@ -19885,7 +19922,7 @@ if test x_$enable_static_exe = x_yes; then if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - if echo $LIBS | grep 'lgdi32' >/dev/null; then + if echo "$LIBS" | grep 'lgdi32' >/dev/null; then : else LIBS="$LIBS -lgdi32" @@ -19930,7 +19967,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then : LIBS="$LIBS -lz" fi - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi @@ -19989,7 +20030,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then : LIBS="$LIBS -lz" fi - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi @@ -20036,13 +20081,40 @@ if test "$ac_cv_header_windows_h" = "yes"; then $as_echo "#define USE_WINSOCK 1" >>confdefs.h USE_WINSOCK="1" - if echo $LIBS | grep 'lws2_32' >/dev/null; then + if echo "$LIBS" | grep 'lws2_32' >/dev/null; then : else LIBS="$LIBS -lws2_32" fi fi +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +int +main () +{ + + (void)getaddrinfo(NULL, NULL, NULL, NULL); + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +ac_cv_func_getaddrinfo="yes" + +$as_echo "#define USE_WINSOCK 1" >>confdefs.h + +USE_WINSOCK="1" + else ORIGLIBS="$LIBS" LIBS="$LIBS -lws2_32" @@ -20085,6 +20157,10 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo" >&5 $as_echo "$ac_cv_func_getaddrinfo" >&6; } if test $ac_cv_func_getaddrinfo = yes; then diff --git a/configure.ac b/configure.ac index 04d4e00ed..d4a13e6d6 100644 --- a/configure.ac +++ b/configure.ac @@ -1526,13 +1526,17 @@ if test x_$enable_static_exe = x_yes; then if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - if echo $LIBS | grep 'lgdi32' >/dev/null; then + if echo "$LIBS" | grep 'lgdi32' >/dev/null; then : else LIBS="$LIBS -lgdi32" fi AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi @@ -1549,7 +1553,11 @@ if test x_$enable_fully_static = x_yes; then LIBS="$LIBS -lgdi32" fi AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi diff --git a/doc/Changelog b/doc/Changelog index 733ba123e..78ad7c154 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +16 January 2024: Wouter + - Fix to link with libssp for libcrypto and getaddrinfo check for + only header. Also update crosscompile to remove ssp for 32bit. + 15 January 2024: Wouter - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows. diff --git a/makedist.sh b/makedist.sh index 84f16d4ea..c86b3b655 100755 --- a/makedist.sh +++ b/makedist.sh @@ -267,10 +267,10 @@ if [ "$DOWIN" = "yes" ]; then # cross-compilation and it is not used anyway # before 1.0.1i need --cross-compile-prefix=i686-w64-mingw32- if test "$mw64" = "mingw64"; then - sslflags="no-asm -DOPENSSL_NO_CAPIENG mingw64" + sslflags="no-asm no-tests -DOPENSSL_NO_CAPIENG mingw64" sspdll="/usr/x86_64-w64-mingw32/sys-root/mingw/bin/libssp-0.dll" else - sslflags="no-asm -DOPENSSL_NO_CAPIENG mingw" + sslflags="no-asm no-tests -DOPENSSL_NO_CAPIENG mingw" sspdll="/usr/i686-w64-mingw32/sys-root/mingw/bin/libssp-0.dll" fi if test -f "$sspdll"; then @@ -282,9 +282,18 @@ if [ "$DOWIN" = "yes" ]; then SSPLIB="" fi info "winssl: Configure no-shared $sslflags" - set -x # echo the configure command - __CNF_LDLIBS=$SSPLIB CC=${warch}-w64-mingw32-gcc AR=${warch}-w64-mingw32-ar RANLIB=${warch}-w64-mingw32-ranlib WINDRES=${warch}-w64-mingw32-windres ./Configure --prefix="$sslinstall" no-shared $sslflags || error_cleanup "OpenSSL Configure failed" - set +x + if test "$W64" = "no"; then + # Disable stack-protector for 32-bit windows builds. + # mingw passes an LDFLAGS, so there is something + # passed in the LDFLAGS to stop -lssp passed in it. + set -x # echo the configure command + __CNF_LDLIBS=$SSPLIB __CNF_LDFLAGS="-fno-stack-protector" CC=${warch}-w64-mingw32-gcc AR=${warch}-w64-mingw32-ar RANLIB=${warch}-w64-mingw32-ranlib WINDRES=${warch}-w64-mingw32-windres ./Configure --prefix="$sslinstall" no-shared $sslflags || error_cleanup "OpenSSL Configure failed" + set +x + else + set -x # echo the configure command + __CNF_LDLIBS=$SSPLIB CC=${warch}-w64-mingw32-gcc AR=${warch}-w64-mingw32-ar RANLIB=${warch}-w64-mingw32-ranlib WINDRES=${warch}-w64-mingw32-windres ./Configure --prefix="$sslinstall" no-shared $sslflags || error_cleanup "OpenSSL Configure failed" + set +x + fi info "winssl: make" make $MINJ || error_cleanup "OpenSSL crosscompile failed" # only install sw not docs, which take a long time. @@ -297,9 +306,15 @@ if [ "$DOWIN" = "yes" ]; then sslsharedinstall="`pwd`/sslsharedinstall" cd openssl_shared info "winssl: Configure shared $sslflags" - set -x # echo the configure command - __CNF_LDLIBS=$SSPLIB CC=${warch}-w64-mingw32-gcc AR=${warch}-w64-mingw32-ar RANLIB=${warch}-w64-mingw32-ranlib WINDRES=${warch}-w64-mingw32-windres ./Configure --prefix="$sslsharedinstall" shared $sslflags || error_cleanup "OpenSSL Configure failed" - set +x + if test "$W64" = "no"; then + set -x # echo the configure command + __CNF_LDLIBS=$SSPLIB __CNF_LDFLAGS="-fno-stack-protector" CC=${warch}-w64-mingw32-gcc AR=${warch}-w64-mingw32-ar RANLIB=${warch}-w64-mingw32-ranlib WINDRES=${warch}-w64-mingw32-windres ./Configure --prefix="$sslsharedinstall" shared $sslflags || error_cleanup "OpenSSL Configure failed" + set +x + else + set -x # echo the configure command + __CNF_LDLIBS=$SSPLIB CC=${warch}-w64-mingw32-gcc AR=${warch}-w64-mingw32-ar RANLIB=${warch}-w64-mingw32-ranlib WINDRES=${warch}-w64-mingw32-windres ./Configure --prefix="$sslsharedinstall" shared $sslflags || error_cleanup "OpenSSL Configure failed" + set +x + fi info "winssl: make" make $MINJ || error_cleanup "OpenSSL crosscompile failed" info "winssl: make install_sw" @@ -315,7 +330,16 @@ if [ "$DOWIN" = "yes" ]; then wxpinstall="`pwd`/wxpinstall" cd expat-* || error_cleanup "no expat-X dir in tarball" info "wxp: configure" - $configure --prefix="$wxpinstall" --exec-prefix="$wxpinstall" --bindir="$wxpinstall/bin" --includedir="$wxpinstall/include" --mandir="$wxpinstall/man" --libdir="$wxpinstall/lib" || error_cleanup "libexpat configure failed" + if test "$W64" = "no"; then + # Disable stack-protector for 32-bit windows builds. + set -x # echo the configure command + $configure --prefix="$wxpinstall" --exec-prefix="$wxpinstall" --bindir="$wxpinstall/bin" --includedir="$wxpinstall/include" --mandir="$wxpinstall/man" --libdir="$wxpinstall/lib" LDFLAGS="-fno-stack-protector" || error_cleanup "libexpat configure failed" + set +x + else + set -x # echo the configure command + $configure --prefix="$wxpinstall" --exec-prefix="$wxpinstall" --bindir="$wxpinstall/bin" --includedir="$wxpinstall/include" --mandir="$wxpinstall/man" --libdir="$wxpinstall/lib" || error_cleanup "libexpat configure failed" + set +x + fi info "wxp: make" make $MINJ || error_cleanup "libexpat crosscompile failed" info "wxp: make install" @@ -379,8 +403,8 @@ if [ "$DOWIN" = "yes" ]; then fi if test "$W64" = "no"; then # Disable stack-protector for 32-bit windows builds. - echo "$configure"' --enable-debug --enable-static-exe --disable-flto --disable-gost '"$* $cross_flag" "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector' - $configure --enable-debug --enable-static-exe --disable-flto --disable-gost $* $cross_flag "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector'\ + echo "$configure"' --enable-debug --enable-static-exe --disable-flto --disable-gost '"$* $cross_flag" "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector' LDFLAGS="-fno-stack-protector" + $configure --enable-debug --enable-static-exe --disable-flto --disable-gost $* $cross_flag "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector' LDFLAGS="-fno-stack-protector" \ || error_cleanup "Could not configure" else echo "$configure"' --enable-debug --enable-static-exe --disable-flto --disable-gost '"$* $cross_flag" @@ -396,8 +420,8 @@ if [ "$DOWIN" = "yes" ]; then cd ../unbound_shared if test "$W64" = "no"; then # Disable stack-protector for 32-bit windows builds. - echo "$configure"' --enable-debug --disable-flto --disable-gost '"$* $shared_cross_flag" "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector' - $configure --enable-debug --disable-flto --disable-gost $* $shared_cross_flag "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector'\ + echo "$configure"' --enable-debug --disable-flto --disable-gost '"$* $shared_cross_flag" "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector' LDFLAGS="-fno-stack-protector" + $configure --enable-debug --disable-flto --disable-gost $* $shared_cross_flag "$file_flag" "$file2_flag" "$file3_flag" CFLAGS='-O2 -g -fno-stack-protector' LDFLAGS="-fno-stack-protector" \ || error_cleanup "Could not configure" else echo "$configure"' --enable-debug --disable-flto --disable-gost '"$* $shared_cross_flag" From fea8f0d5fd4d6fef6ea4dead76cd0b6263da6df5 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 16 Jan 2024 16:44:15 +0100 Subject: [PATCH 04/20] Changelog note for #993 - Merge #993: Update b.root-servers.net also in example config file. --- doc/Changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Changelog b/doc/Changelog index 78ad7c154..6085ea43f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 16 January 2024: Wouter - Fix to link with libssp for libcrypto and getaddrinfo check for only header. Also update crosscompile to remove ssp for 32bit. + - Merge #993: Update b.root-servers.net also in example config file. 15 January 2024: Wouter - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows. From 74b4d81992a65b9b303f002a23e169a1676e3661 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 13:45:59 +0100 Subject: [PATCH 05/20] - Update workflow for ports to use newer openssl on windows compile. --- .github/workflows/analysis_ports.yml | 6 +++--- doc/Changelog | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 59f3285aa..02c9349ff 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -187,9 +187,9 @@ jobs: #perl cpanm Pod::Usage mkdir openssl echo "curl openssl" - curl -L -k -s -S -o openssl-1.1.1j.tar.gz https://www.openssl.org/source/openssl-1.1.1j.tar.gz - tar xzf openssl-1.1.1j.tar.gz - cd openssl-1.1.1j + curl -L -k -s -S -o openssl-3.2.0.tar.gz https://www.openssl.org/source/openssl-3.2.0.tar.gz + tar xzf openssl-3.2.0.tar.gz + cd openssl-3.2.0 # remove pod::Usage because we do not need -help or -man output # from the Configure script echo "Fixup ./Configure by removing use Pod::Usage require" diff --git a/doc/Changelog b/doc/Changelog index 6085ea43f..2fb11dadc 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +17 January 2024: Wouter + - Update workflow for ports to use newer openssl on windows compile. + 16 January 2024: Wouter - Fix to link with libssp for libcrypto and getaddrinfo check for only header. Also update crosscompile to remove ssp for 32bit. From 379e4b68f5c607dace0db1fade1dd521dad2be93 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:03:30 +0100 Subject: [PATCH 06/20] Fix for workflow to install perl module. --- .github/workflows/analysis_ports.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 02c9349ff..22bea2ae9 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -181,8 +181,12 @@ jobs: export LEX="win_flex" echo 'YACC="win_bison -y"' export YACC="win_bison -y" + echo "ppm install Locale-Maketext-Simple" + ppm install Locale-Maketext-Simple #echo "curl cpanm" #curl -L -k -s -S -o cpanm https://cpanmin.us/ + #echo "perl cpanm App::cpanminus Locale::Maketext::Simple" + #perl cpanm App::cpanminus Locale::Maketext::Simple #echo "perl cpanm Pod::Usage" #perl cpanm Pod::Usage mkdir openssl From 180275c4e0b8fdb155b79d9d1fca849b9b2d6c53 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:07:57 +0100 Subject: [PATCH 07/20] Fix to install with cpanmin a missing perl module for the windows workflow. --- .github/workflows/analysis_ports.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 22bea2ae9..80dfedf93 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -181,12 +181,10 @@ jobs: export LEX="win_flex" echo 'YACC="win_bison -y"' export YACC="win_bison -y" - echo "ppm install Locale-Maketext-Simple" - ppm install Locale-Maketext-Simple - #echo "curl cpanm" - #curl -L -k -s -S -o cpanm https://cpanmin.us/ - #echo "perl cpanm App::cpanminus Locale::Maketext::Simple" - #perl cpanm App::cpanminus Locale::Maketext::Simple + echo "curl cpanm" + curl -L -k -s -S -o cpanm https://cpanmin.us/ + echo "perl cpanm App::cpanminus Locale::Maketext::Simple" + perl cpanm App::cpanminus Locale::Maketext::Simple #echo "perl cpanm Pod::Usage" #perl cpanm Pod::Usage mkdir openssl From 576b93c99fd3ce474d69b868c729e3567d777d90 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:30:48 +0100 Subject: [PATCH 08/20] For windows runner, look at perl contents. --- .github/workflows/analysis_ports.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 80dfedf93..fbd05c4e3 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -181,10 +181,16 @@ jobs: export LEX="win_flex" echo 'YACC="win_bison -y"' export YACC="win_bison -y" - echo "curl cpanm" - curl -L -k -s -S -o cpanm https://cpanmin.us/ - echo "perl cpanm App::cpanminus Locale::Maketext::Simple" - perl cpanm App::cpanminus Locale::Maketext::Simple + echo "dir strawberry perl" + ls -l C:/Strawberry/perl + echo 'PERL5LIB="C:/Strawberry/perl/site/lib;C:/Strawberry/perl/vendor/lib;C:/Strawberry/perl/lib"' + export PERL5LIB="C:/Strawberry/perl/site/lib;C:/Strawberry/perl/vendor/lib C:/Strawberry/perl/lib" + echo "perl -V:path_sep" + perl -V:path_sep + #echo "curl cpanm" + #curl -L -k -s -S -o cpanm https://cpanmin.us/ + #echo "perl cpanm Locale::Maketext::Simple" + #perl cpanm Locale::Maketext::Simple #echo "perl cpanm Pod::Usage" #perl cpanm Pod::Usage mkdir openssl From 546062d3a3b1148b703626550a44af08502c20c1 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:36:35 +0100 Subject: [PATCH 09/20] For workflow, change path separator. --- .github/workflows/analysis_ports.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index fbd05c4e3..e732037a0 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -183,10 +183,11 @@ jobs: export YACC="win_bison -y" echo "dir strawberry perl" ls -l C:/Strawberry/perl - echo 'PERL5LIB="C:/Strawberry/perl/site/lib;C:/Strawberry/perl/vendor/lib;C:/Strawberry/perl/lib"' - export PERL5LIB="C:/Strawberry/perl/site/lib;C:/Strawberry/perl/vendor/lib C:/Strawberry/perl/lib" - echo "perl -V:path_sep" - perl -V:path_sep + ls -l C:/Strawberry/perl/bin + echo 'PERL5LIB="/C/Strawberry/perl/site/lib:/C/Strawberry/perl/vendor/lib:/C/Strawberry/perl/lib"' + export PERL5LIB="/C/Strawberry/perl/site/lib:/C/Strawberry/perl/vendor/lib:/C/Strawberry/perl/lib" + echo "attempt perl in strawberry" + C:/Strawberry/perl/bin/perl -h #echo "curl cpanm" #curl -L -k -s -S -o cpanm https://cpanmin.us/ #echo "perl cpanm Locale::Maketext::Simple" From 437bac370a1df5af2087696800d6e63560e316bf Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:40:57 +0100 Subject: [PATCH 10/20] In workflow, use strawberry perl to run configure script. --- .github/workflows/analysis_ports.yml | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index e732037a0..506427d47 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -181,19 +181,6 @@ jobs: export LEX="win_flex" echo 'YACC="win_bison -y"' export YACC="win_bison -y" - echo "dir strawberry perl" - ls -l C:/Strawberry/perl - ls -l C:/Strawberry/perl/bin - echo 'PERL5LIB="/C/Strawberry/perl/site/lib:/C/Strawberry/perl/vendor/lib:/C/Strawberry/perl/lib"' - export PERL5LIB="/C/Strawberry/perl/site/lib:/C/Strawberry/perl/vendor/lib:/C/Strawberry/perl/lib" - echo "attempt perl in strawberry" - C:/Strawberry/perl/bin/perl -h - #echo "curl cpanm" - #curl -L -k -s -S -o cpanm https://cpanmin.us/ - #echo "perl cpanm Locale::Maketext::Simple" - #perl cpanm Locale::Maketext::Simple - #echo "perl cpanm Pod::Usage" - #perl cpanm Pod::Usage mkdir openssl echo "curl openssl" curl -L -k -s -S -o openssl-3.2.0.tar.gz https://www.openssl.org/source/openssl-3.2.0.tar.gz @@ -203,8 +190,8 @@ jobs: # from the Configure script echo "Fixup ./Configure by removing use Pod::Usage require" sed -e 's/use Pod::Usage//' < Configure > Configure.fix - echo "./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" - ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" + echo "C:/Strawberry/perl/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" + C:/Strawberry/perl/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" # make the libs only, build faster echo "make build_libs" #make From 4d481668351c41ffccfa9885a6ee00133d90cc6f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:53:23 +0100 Subject: [PATCH 11/20] For workflow, use msys2 perl. --- .github/workflows/analysis_ports.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 506427d47..a96fc1a11 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -190,8 +190,15 @@ jobs: # from the Configure script echo "Fixup ./Configure by removing use Pod::Usage require" sed -e 's/use Pod::Usage//' < Configure > Configure.fix - echo "C:/Strawberry/perl/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" - C:/Strawberry/perl/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" + echo "pacman -S perl" + pacman -S perl + echo "ls C:/msys64" + ls -l C:/msys64 + ls -l C:/msys64/bin + ls -l C:/msys64/usr + ls -l C:/msys64/usr/bin + echo "C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" + C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" # make the libs only, build faster echo "make build_libs" #make From 1b212aa073a44f1c24c5b4acbe70241fbd6a11c0 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:56:10 +0100 Subject: [PATCH 12/20] For workflow, look for pacman. --- .github/workflows/analysis_ports.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index a96fc1a11..26a6a8259 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -190,13 +190,14 @@ jobs: # from the Configure script echo "Fixup ./Configure by removing use Pod::Usage require" sed -e 's/use Pod::Usage//' < Configure > Configure.fix - echo "pacman -S perl" - pacman -S perl echo "ls C:/msys64" ls -l C:/msys64 ls -l C:/msys64/bin ls -l C:/msys64/usr ls -l C:/msys64/usr/bin + #echo "pacman -S perl" + #pacman -S perl + ls -l C:/msys64/usr/bin/pacman echo "C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" # make the libs only, build faster From 6045911d95511881c997d4e420ae063c1db1bdef Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 14:58:44 +0100 Subject: [PATCH 13/20] - Fix for workflow --- .github/workflows/analysis_ports.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 26a6a8259..cad1ba7a0 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -192,12 +192,11 @@ jobs: sed -e 's/use Pod::Usage//' < Configure > Configure.fix echo "ls C:/msys64" ls -l C:/msys64 - ls -l C:/msys64/bin ls -l C:/msys64/usr ls -l C:/msys64/usr/bin #echo "pacman -S perl" #pacman -S perl - ls -l C:/msys64/usr/bin/pacman + ls -l C:/msys64/usr/bin/pacman || echo no echo "C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" # make the libs only, build faster From 7708429d35d6537ffe276d730d041e2dd432e505 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 15:08:56 +0100 Subject: [PATCH 14/20] For workflow, set perl interpreter for build. --- .github/workflows/analysis_ports.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index cad1ba7a0..2532b4b27 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -194,11 +194,10 @@ jobs: ls -l C:/msys64 ls -l C:/msys64/usr ls -l C:/msys64/usr/bin - #echo "pacman -S perl" - #pacman -S perl - ls -l C:/msys64/usr/bin/pacman || echo no - echo "C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl\""" - C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" + # pacman is used to install for msys2, with + # C:/msys64/usr/bin/pacman -S perl + echo "C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl"\" PERL=\"C:/msys64/usr/bin/perl\"" + C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" PERL="C:/msys64/usr/bin/perl" # make the libs only, build faster echo "make build_libs" #make From d1a2bd67da3317d1b7c38f63621a188d6f735e06 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 16:19:56 +0100 Subject: [PATCH 15/20] - Fix warning for windres on resource files due to redefinition. --- doc/Changelog | 1 + winrc/rsrc_anchorupd.rc | 2 +- winrc/rsrc_svcinst.rc | 2 +- winrc/rsrc_svcuninst.rc | 2 +- winrc/rsrc_unbound.rc | 2 +- winrc/rsrc_unbound_anchor.rc | 2 +- winrc/rsrc_unbound_checkconf.rc | 2 +- winrc/rsrc_unbound_control.rc | 2 +- winrc/rsrc_unbound_host.rc | 2 +- 9 files changed, 9 insertions(+), 8 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index 2fb11dadc..e57943241 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,6 @@ 17 January 2024: Wouter - Update workflow for ports to use newer openssl on windows compile. + - Fix warning for windres on resource files due to redefinition. 16 January 2024: Wouter - Fix to link with libssp for libcrypto and getaddrinfo check for diff --git a/winrc/rsrc_anchorupd.rc b/winrc/rsrc_anchorupd.rc index 2419bfad5..ac5167866 100644 --- a/winrc/rsrc_anchorupd.rc +++ b/winrc/rsrc_anchorupd.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" diff --git a/winrc/rsrc_svcinst.rc b/winrc/rsrc_svcinst.rc index cb325f4c4..0ed113695 100644 --- a/winrc/rsrc_svcinst.rc +++ b/winrc/rsrc_svcinst.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" diff --git a/winrc/rsrc_svcuninst.rc b/winrc/rsrc_svcuninst.rc index ecff8dcd3..86bed5e89 100644 --- a/winrc/rsrc_svcuninst.rc +++ b/winrc/rsrc_svcuninst.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" diff --git a/winrc/rsrc_unbound.rc b/winrc/rsrc_unbound.rc index cc05d0eeb..d6db15eeb 100644 --- a/winrc/rsrc_unbound.rc +++ b/winrc/rsrc_unbound.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" /* diff --git a/winrc/rsrc_unbound_anchor.rc b/winrc/rsrc_unbound_anchor.rc index 76b96b785..2550dd051 100644 --- a/winrc/rsrc_unbound_anchor.rc +++ b/winrc/rsrc_unbound_anchor.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" diff --git a/winrc/rsrc_unbound_checkconf.rc b/winrc/rsrc_unbound_checkconf.rc index de61900bf..d974d9602 100644 --- a/winrc/rsrc_unbound_checkconf.rc +++ b/winrc/rsrc_unbound_checkconf.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" diff --git a/winrc/rsrc_unbound_control.rc b/winrc/rsrc_unbound_control.rc index f9e1245db..5360c06be 100644 --- a/winrc/rsrc_unbound_control.rc +++ b/winrc/rsrc_unbound_control.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" diff --git a/winrc/rsrc_unbound_host.rc b/winrc/rsrc_unbound_host.rc index d00f95cf4..ace601049 100644 --- a/winrc/rsrc_unbound_host.rc +++ b/winrc/rsrc_unbound_host.rc @@ -1,8 +1,8 @@ /* Unbound resource file for windows. For use with windres */ -#include "winver.h" #include "config.h" +#include "winver.h" 1 ICON "winrc/combined.ico" From 9e84cebfdbf938bb953cfd8dfa1b4a41fb29192b Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 16:20:22 +0100 Subject: [PATCH 16/20] - workflow for analysis, cleanup of windows compile with msys2 perl. --- .github/workflows/analysis_ports.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 2532b4b27..170186126 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -187,13 +187,10 @@ jobs: tar xzf openssl-3.2.0.tar.gz cd openssl-3.2.0 # remove pod::Usage because we do not need -help or -man output - # from the Configure script - echo "Fixup ./Configure by removing use Pod::Usage require" - sed -e 's/use Pod::Usage//' < Configure > Configure.fix - echo "ls C:/msys64" - ls -l C:/msys64 - ls -l C:/msys64/usr - ls -l C:/msys64/usr/bin + # from the Configure script, this fixes it for openssl 1.1.1 + #echo "Fixup ./Configure by removing use Pod::Usage require" + #sed -e 's/use Pod::Usage//' < Configure > Configure.fix + # ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" # pacman is used to install for msys2, with # C:/msys64/usr/bin/pacman -S perl echo "C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl"\" PERL=\"C:/msys64/usr/bin/perl\"" From 585d73bf7c6ebac04afdc99be378c6e60cd61378 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 17 Jan 2024 16:23:18 +0100 Subject: [PATCH 17/20] For analysis workflow, clean up the script to use OpenSSL Configure without change. --- .github/workflows/analysis_ports.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/analysis_ports.yml b/.github/workflows/analysis_ports.yml index 170186126..47cd527a6 100644 --- a/.github/workflows/analysis_ports.yml +++ b/.github/workflows/analysis_ports.yml @@ -193,8 +193,8 @@ jobs: # ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" # pacman is used to install for msys2, with # C:/msys64/usr/bin/pacman -S perl - echo "C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl"\" PERL=\"C:/msys64/usr/bin/perl\"" - C:/msys64/usr/bin/perl ./Configure.fix no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" PERL="C:/msys64/usr/bin/perl" + echo "C:/msys64/usr/bin/perl ./Configure no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix=\""$prepath/openssl"\" PERL=\"C:/msys64/usr/bin/perl\"" + C:/msys64/usr/bin/perl ./Configure no-shared no-asm -DOPENSSL_NO_CAPIENG mingw64 --prefix="$prepath/openssl" PERL="C:/msys64/usr/bin/perl" # make the libs only, build faster echo "make build_libs" #make From 1f46d5945bc41ceca7687a2f34cd5bfec6832bd9 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 22 Jan 2024 09:40:36 +0100 Subject: [PATCH 18/20] - Fix for #997: Print details for SSL certificate failure. --- doc/Changelog | 3 +++ util/netevent.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index e57943241..b87d32b9d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +22 January 2024: Wouter + - Fix for #997: Print details for SSL certificate failure. + 17 January 2024: Wouter - Update workflow for ports to use newer openssl on windows compile. - Fix warning for windres on resource files due to redefinition. diff --git a/util/netevent.c b/util/netevent.c index 1750a3192..1fc8c6b86 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1672,8 +1672,13 @@ ssl_handshake(struct comm_point* c) } else { unsigned long err = ERR_get_error(); if(!squelch_err_ssl_handshake(err)) { + long vr; log_crypto_err_io_code("ssl handshake failed", want, err); + if((vr=SSL_get_verify_result(c->ssl)) != 0) + log_err("ssl handshake cert error: %s", + X509_verify_cert_error_string( + vr)); log_addr(VERB_OPS, "ssl handshake failed", &c->repinfo.remote_addr, c->repinfo.remote_addrlen); From fe03bacd6c7a05c4df996dc945e5c20dddffbd05 Mon Sep 17 00:00:00 2001 From: Yorgos Thessalonikefs Date: Mon, 22 Jan 2024 15:53:36 +0100 Subject: [PATCH 19/20] - Update error printout for duplicate trust anchors to include the trust anchor name (relates to #920). --- doc/Changelog | 4 ++++ validator/autotrust.c | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index b87d32b9d..c2d770368 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +22 January 2024: Yorgos + - Update error printout for duplicate trust anchors to include the + trust anchor name (relates to #920). + 22 January 2024: Wouter - Fix for #997: Print details for SSL certificate failure. diff --git a/validator/autotrust.c b/validator/autotrust.c index 3011a0ace..3eb13b35c 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -353,17 +353,21 @@ autr_tp_create(struct val_anchors* anchors, uint8_t* own, size_t own_len, lock_basic_lock(&anchors->lock); if(!rbtree_insert(anchors->tree, &tp->node)) { + char buf[LDNS_MAX_DOMAINLEN+1]; lock_basic_unlock(&anchors->lock); - log_err("trust anchor presented twice"); + dname_str(tp->name, buf); + log_err("trust anchor for '%s' presented twice", buf); free(tp->name); free(tp->autr); free(tp); return NULL; } if(!rbtree_insert(&anchors->autr->probe, &tp->autr->pnode)) { + char buf[LDNS_MAX_DOMAINLEN+1]; (void)rbtree_delete(anchors->tree, tp); lock_basic_unlock(&anchors->lock); - log_err("trust anchor in probetree twice"); + dname_str(tp->name, buf); + log_err("trust anchor for '%s' in probetree twice", buf); free(tp->name); free(tp->autr); free(tp); From 352245160058e9419565f922d62ce01634280b9d Mon Sep 17 00:00:00 2001 From: Yorgos Thessalonikefs Date: Tue, 23 Jan 2024 10:10:37 +0100 Subject: [PATCH 20/20] - Update message TTL when using cached RRSETs. It could result in non-expired messages with expired RRSETs (non-usable messages by Unbound). --- doc/Changelog | 5 ++ services/cache/dns.c | 10 +++ testdata/rrset_use_cached.rpl | 151 ++++++++++++++++++++++++++++++++++ 3 files changed, 166 insertions(+) create mode 100644 testdata/rrset_use_cached.rpl diff --git a/doc/Changelog b/doc/Changelog index c2d770368..e82d1240a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +23 January 2024: Yorgos + - Update message TTL when using cached RRSETs. It could result in + non-expired messages with expired RRSETs (non-usable messages by + Unbound). + 22 January 2024: Yorgos - Update error printout for duplicate trust anchors to include the trust anchor name (relates to #920). diff --git a/services/cache/dns.c b/services/cache/dns.c index fa57697a4..5bd0f423f 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -80,6 +80,7 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, struct regional* region, time_t qstarttime) { size_t i; + time_t ttl, min_ttl = rep->ttl; /* see if rrset already exists in cache, if not insert it. */ for(i=0; irrset_count; i++) { rep->ref[i].key = rep->rrsets[i]; @@ -112,6 +113,15 @@ store_rrsets(struct module_env* env, struct reply_info* rep, time_t now, case 1: /* ref updated, item inserted */ rep->rrsets[i] = rep->ref[i].key; } + /* if ref was updated make sure the message ttl is updated to + * the minimum of the current rrsets. */ + ttl = ((struct packed_rrset_data*)rep->rrsets[i]->entry.data)->ttl; + if(ttl < min_ttl) min_ttl = ttl; + } + if(min_ttl < rep->ttl) { + rep->ttl = min_ttl; + rep->prefetch_ttl = PREFETCH_TTL_CALC(rep->ttl); + rep->serve_expired_ttl = rep->ttl + SERVE_EXPIRED_TTL; } } diff --git a/testdata/rrset_use_cached.rpl b/testdata/rrset_use_cached.rpl new file mode 100644 index 000000000..8420ae02a --- /dev/null +++ b/testdata/rrset_use_cached.rpl @@ -0,0 +1,151 @@ +server: + minimal-responses: no + serve-expired: yes + # The value does not matter, we will not simulate delay. + # We do not want only serve-expired because fetches from that + # apply a generous PREFETCH_LEEWAY. + serve-expired-client-timeout: 1000 + # So that we can only have to give one SERVFAIL answer. + outbound-msg-retry: 0 + +forward-zone: name: "." forward-addr: 216.0.0.1 +CONFIG_END + +SCENARIO_BEGIN RRset from cache updates the message TTL. + +STEP 1 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; the query is sent to the forwarder - no cache yet. +STEP 2 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH qname qtype opcode + SECTION QUESTION + www.example.com. IN A +ENTRY_END +STEP 3 REPLY +ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + ; authoritative answer + REPLY QR AA RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 10.20.30.50 +ENTRY_END +STEP 4 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 10.20.30.50 +ENTRY_END + +; Wait for the A RRSET to expire. +STEP 5 TIME_PASSES ELAPSE 6 + +STEP 6 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; expired answer will not be served due to serve-expired-client-timeout. +STEP 7 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH qname qtype opcode + SECTION QUESTION + www.example.com. IN A +ENTRY_END +STEP 8 REPLY +ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + ; authoritative answer + REPLY QR AA RD RA NOERROR + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 10 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 10 IN A 10.20.30.50 +ENTRY_END +; The cached NS related RRSETs will not be overwritten by the fresh answer. +; The message should have a TTL of 4 instead of 5 from above. +STEP 9 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 5 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 4 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 4 IN A 10.20.30.50 +ENTRY_END + +; Wait for the NS RRSETs to expire. +STEP 10 TIME_PASSES ELAPSE 5 + +STEP 11 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; The message should be expired, again no expired answer at this point due to +; serve-expired-client-timeout. +STEP 12 CHECK_OUT_QUERY +ENTRY_BEGIN + MATCH qname qtype opcode + SECTION QUESTION + www.example.com. IN A +ENTRY_END +STEP 13 REPLY +ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR RD RA SERVFAIL + SECTION QUESTION + www.example.com. IN A +ENTRY_END +; The SERVFAIL will trigger the serve-expired-client-timeout logic to try and +; replace the SERVFAIL with a possible cached (expired) answer. +; The A RRSET would be at 0TTL left (not expired) but the message should have +; been updated to use a TTL of 4 so expired by now. +; If the message TTL was not updated (bug), this message would be treated as +; non-expired and the now expired NS related RRSETs would fail sanity checks +; for non-expired messages. The result would be SERVFAIL here. +STEP 14 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + www.example.com. 0 IN A 10.20.30.40 + SECTION AUTHORITY + example.com. 30 IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 30 IN A 10.20.30.50 +ENTRY_END + +SCENARIO_END