Re: Problems building BIND 9.10.3 on OpenBSD 5.7
On 2015-09-17, Researchwrote: > Hello, > > I am currently having issues compiling BIND 9.10.3 (released by ISC this week > to correct for DoS vulnerabilities), on my OpenBSD 5.7 test machine. I am > running the OpenBSD 5.7 release build with the 14 errata patches successfully > applied and with the userland also rebuilt. 9.10.3 is a feature release, it's in -current ports but I don't intend to backport to -stable yet. The security fixes are in 9.10.2-P4 which is in -stable ports. > I can successfully make configure, but when I attempt make build, I receive: > > …previous successful build messages removed... > > making all in /home/developer/bind-9.10.3/lib/samples > gcc -pthread -I/home/developer/bind-9.10.3 -I../.. -I./include > -I../dns/include -I/home/developer/bind-9.10.3/lib/dns/include > -I../../lib/dns/include -I/home/developer/bind-9.10.3/lib/isc/include > -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include > -I../../lib/isc/pthreads/include -I../../lib/isc/x86_32/include > -I../../lib/irs/include -I../../lib/irs/include -D_REENTRANT > -DVERSION=\"9.10.3\" -DSYSCONFDIR=\"/etc/bind\" -g -O2 -W -Wall > -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith > -fno-strict-aliasing -fno-delete-null-pointer-checks -c resolve.c > gcc -pthread -g -O2 -o resolve resolve.o ../irs/libirs.a ../dns/libdns.a > -lcrypto ../isccfg/libisccfg.a ../isc/libisc.a -lpthread > ../irs/libirs.a(getnameinfo.o)(.text+0x18f): In function `getnameinfo': > /home/developer/bind-9.10.3/lib/irs/getnameinfo.c:220: warning: strcpy() is > almost always misused, please use strlcpy() > ../dns/libdns.a(resolver.o)(.text+0x9774): In function > `dns_resolver_createfetch3': > /home/developer/bind-9.10.3/lib/dns/resolver.c:4155: warning: strcat() is > almost always misused, please use strlcat() > ../dns/libdns.a(name.o)(.text+0x426b): In function `dns_name_tofilenametext': > /home/developer/bind-9.10.3/lib/dns/name.c:1636: warning: sprintf() is often > misused, please use snprintf() > ../dns/libdns.a(openssldh_link.o)(.text+0xed5): In function > `openssldh_generate': > /home/developer/bind-9.10.3/lib/dns/openssldh_link.c:212: undefined reference > to `BN_GENCB_new' > ../dns/libdns.a(openssldh_link.o)(.text+0xf23):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:234: > undefined reference to `BN_GENCB_free' > ../dns/libdns.a(openssldh_link.o)(.text+0xffe):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:229: > undefined reference to `BN_GENCB_free' Our OPENSSL_VERSION_NUMBER #defines don't (and can't) directly map from libressl's api to openssl's. If you have a requirement to use 9.10.3 now then either run -current, backport my patches, or disable crypto support if you don't need it (untested but should work).
Re: Problems building BIND 9.10.3 on OpenBSD 5.7
Hi Raf and Stuart, On Sep 17, 2015, at 3:36 AM, Stuart Hendersonwrote: > 9.10.3 is a feature release, it's in -current ports but I don't intend to > backport to -stable yet. The security fixes are in 9.10.2-P4 which is > in -stable ports. Ok. I believe Raf was mentioning this as well, that the security fixes are in 9.10.2-P4, which I currently have. I misread the ISC release notes and thought there was a new patch included in 9.10.3. I have 9.10.2-P4 successfully running and will stick with this until 9.10.3 is backported to stable. > Our OPENSSL_VERSION_NUMBER #defines don't (and can't) directly map from > libressl's api to openssl's. If you have a requirement to use 9.10.3 now > then either run -current, backport my patches, or disable crypto support > if you don't need it (untested but should work). Ah, ok - that’s good to know. Wasn’t entirely sure what the build error meant but this makes sense. Raf, thanks for pointer regarding @ports - will remember that going forward. Regards, - Scott
Problems building BIND 9.10.3 on OpenBSD 5.7
Hello, I am currently having issues compiling BIND 9.10.3 (released by ISC this week to correct for DoS vulnerabilities), on my OpenBSD 5.7 test machine. I am running the OpenBSD 5.7 release build with the 14 errata patches successfully applied and with the userland also rebuilt. I can successfully make configure, but when I attempt make build, I receive: …previous successful build messages removed... making all in /home/developer/bind-9.10.3/lib/samples gcc -pthread -I/home/developer/bind-9.10.3 -I../.. -I./include -I../dns/include -I/home/developer/bind-9.10.3/lib/dns/include -I../../lib/dns/include -I/home/developer/bind-9.10.3/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/pthreads/include -I../../lib/isc/x86_32/include -I../../lib/irs/include -I../../lib/irs/include -D_REENTRANT -DVERSION=\"9.10.3\" -DSYSCONFDIR=\"/etc/bind\" -g -O2 -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -c resolve.c gcc -pthread -g -O2 -o resolve resolve.o ../irs/libirs.a ../dns/libdns.a -lcrypto ../isccfg/libisccfg.a ../isc/libisc.a -lpthread ../irs/libirs.a(getnameinfo.o)(.text+0x18f): In function `getnameinfo': /home/developer/bind-9.10.3/lib/irs/getnameinfo.c:220: warning: strcpy() is almost always misused, please use strlcpy() ../dns/libdns.a(resolver.o)(.text+0x9774): In function `dns_resolver_createfetch3': /home/developer/bind-9.10.3/lib/dns/resolver.c:4155: warning: strcat() is almost always misused, please use strlcat() ../dns/libdns.a(name.o)(.text+0x426b): In function `dns_name_tofilenametext': /home/developer/bind-9.10.3/lib/dns/name.c:1636: warning: sprintf() is often misused, please use snprintf() ../dns/libdns.a(openssldh_link.o)(.text+0xed5): In function `openssldh_generate': /home/developer/bind-9.10.3/lib/dns/openssldh_link.c:212: undefined reference to `BN_GENCB_new' ../dns/libdns.a(openssldh_link.o)(.text+0xf23):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:234: undefined reference to `BN_GENCB_free' ../dns/libdns.a(openssldh_link.o)(.text+0xffe):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:229: undefined reference to `BN_GENCB_free' ../dns/libdns.a(openssldh_link.o)(.text+0x107d): In function `progress_cb': /home/developer/bind-9.10.3/lib/dns/openssldh_link.c:164: undefined reference to `BN_GENCB_get_arg' ../dns/libdns.a(openssldsa_link.o)(.text+0xab0): In function `openssldsa_generate': /home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:385: undefined reference to `BN_GENCB_new' ../dns/libdns.a(openssldsa_link.o)(.text+0xb01):/home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:408: undefined reference to `BN_GENCB_free' ../dns/libdns.a(openssldsa_link.o)(.text+0xb4e):/home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:404: undefined reference to `BN_GENCB_free' ../dns/libdns.a(openssldsa_link.o)(.text+0xbcd): In function `progress_cb': /home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:348: undefined reference to `BN_GENCB_get_arg' ../dns/libdns.a(opensslrsa_link.o)(.text+0x1352): In function `opensslrsa_generate': /home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:777: undefined reference to `BN_GENCB_new' ../dns/libdns.a(opensslrsa_link.o)(.text+0x145b):/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:821: undefined reference to `BN_GENCB_free' ../dns/libdns.a(opensslrsa_link.o)(.text+0x1489):/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:835: undefined reference to `BN_GENCB_free' ../dns/libdns.a(opensslrsa_link.o)(.text+0x14bc):/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:810: undefined reference to `BN_GENCB_free' ../dns/libdns.a(opensslrsa_link.o)(.text+0x152d): In function `progress_cb': /home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:757: undefined reference to `BN_GENCB_get_arg' collect2: ld returned 1 exit status *** Error 1 in lib/samples (Makefile:479 'resolve') *** Error 1 in lib (Makefile:100 'subdirs') *** Error 1 in /home/developer/bind-9.10.3 (Makefile:105 'subduers’) It appears to be failing while building in lib/samples and is seeing undefined references to BN_GENCB functions. I am almost 100% certain this is something that I’ve overlooked. I am wondering (guessing ?), if it is referring to something in OpenSSL that is not in LibreSSL and that is why it is failing ? Interestingly enough I had no problems building BIND 10.9.2-P4 (the previous release). I would welcome any suggestions as to how I can fix the build - running BIND as opposed to Unbound in my current scenario is unfortunately a requirement. Thanks - Scott
Re: Problems building BIND 9.10.3 on OpenBSD 5.7
On Thu, Sep 17, 2015 at 02:03:01AM BST, Research wrote: > Hello, Hi, > I am currently having issues compiling BIND 9.10.3 (released by ISC > this week to correct for DoS vulnerabilities), on my OpenBSD 5.7 > test machine. I am running the OpenBSD 5.7 release build with the > 14 errata patches successfully applied and with the userland also > rebuilt. [...] It appears to be failing while building in lib/samples > and is seeing undefined references to BN_GENCB functions. > > I am almost 100% certain this is something that I’ve overlooked. I > am wondering (guessing ?), if it is referring to something in OpenSSL > that is not in LibreSSL and that is why it is failing ? Yes, it appears to be OpenSSL-related[0]. Check the ports tree[0] for the patches which Stuart added to HEAD and see whether the port would built cleanly on 5.7. Rule of thumb - if there's a port in OpenBSD tree, you might be better of consulting ports@. Regards, Raf P.S. BTW, security patches for bind-9.10.2-P4 in the OPENBSD_5_7 branch are from 2nd September. [0] https://marc.info/?l=openbsd-ports-cvs=144241734102813 [1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/