Re: Problems building BIND 9.10.3 on OpenBSD 5.7

2015-09-17 Thread Stuart Henderson 
On 2015-09-17, Research  wrote:
> Hello,
>
> I am currently having issues compiling BIND 9.10.3 (released by ISC this week 
> to correct for DoS vulnerabilities), on my OpenBSD 5.7 test machine.  I am 
> running the OpenBSD 5.7 release build with the 14 errata patches successfully 
> applied and with the userland also rebuilt.

9.10.3 is a feature release, it's in -current ports but I don't intend to
backport to -stable yet. The security fixes are in 9.10.2-P4 which is
in -stable ports.

> I can successfully make configure, but when I attempt make build, I receive:
>
> …previous successful build messages removed...
>
> making all in /home/developer/bind-9.10.3/lib/samples
> gcc -pthread  -I/home/developer/bind-9.10.3 -I../.. -I./include 
> -I../dns/include  -I/home/developer/bind-9.10.3/lib/dns/include  
> -I../../lib/dns/include -I/home/developer/bind-9.10.3/lib/isc/include  
> -I../../lib/isc  -I../../lib/isc/include  -I../../lib/isc/unix/include  
> -I../../lib/isc/pthreads/include  -I../../lib/isc/x86_32/include  
> -I../../lib/irs/include  -I../../lib/irs/include   -D_REENTRANT 
> -DVERSION=\"9.10.3\" -DSYSCONFDIR=\"/etc/bind\"  -g -O2   -W -Wall 
> -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith 
> -fno-strict-aliasing -fno-delete-null-pointer-checks  -c resolve.c
> gcc -pthread -g -O2  -o resolve  resolve.o ../irs/libirs.a ../dns/libdns.a  
> -lcrypto ../isccfg/libisccfg.a ../isc/libisc.a -lpthread 
> ../irs/libirs.a(getnameinfo.o)(.text+0x18f): In function `getnameinfo':
> /home/developer/bind-9.10.3/lib/irs/getnameinfo.c:220: warning: strcpy() is 
> almost always misused, please use strlcpy()
> ../dns/libdns.a(resolver.o)(.text+0x9774): In function 
> `dns_resolver_createfetch3':
> /home/developer/bind-9.10.3/lib/dns/resolver.c:4155: warning: strcat() is 
> almost always misused, please use strlcat()
> ../dns/libdns.a(name.o)(.text+0x426b): In function `dns_name_tofilenametext':
> /home/developer/bind-9.10.3/lib/dns/name.c:1636: warning: sprintf() is often 
> misused, please use snprintf()
> ../dns/libdns.a(openssldh_link.o)(.text+0xed5): In function 
> `openssldh_generate':
> /home/developer/bind-9.10.3/lib/dns/openssldh_link.c:212: undefined reference 
> to `BN_GENCB_new'
> ../dns/libdns.a(openssldh_link.o)(.text+0xf23):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:234:
>  undefined reference to `BN_GENCB_free'
> ../dns/libdns.a(openssldh_link.o)(.text+0xffe):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:229:
>  undefined reference to `BN_GENCB_free'

Our OPENSSL_VERSION_NUMBER #defines don't (and can't) directly map from
libressl's api to openssl's. If you have a requirement to use 9.10.3 now
then either run -current, backport my patches, or disable crypto support
if you don't need it (untested but should work).

Re: Problems building BIND 9.10.3 on OpenBSD 5.7

2015-09-17 Thread Research 
Hi Raf and Stuart,


On Sep 17, 2015, at 3:36 AM, Stuart Henderson  wrote:

> 9.10.3 is a feature release, it's in -current ports but I don't intend to
> backport to -stable yet. The security fixes are in 9.10.2-P4 which is
> in -stable ports.

Ok.  I believe Raf was mentioning this as well, that the security fixes are in 
9.10.2-P4, which I currently have.  I misread the ISC release notes and thought 
there was a new patch included in 9.10.3.  I have 9.10.2-P4 successfully 
running and will stick with this until 9.10.3 is backported to stable.

> Our OPENSSL_VERSION_NUMBER #defines don't (and can't) directly map from
> libressl's api to openssl's. If you have a requirement to use 9.10.3 now
> then either run -current, backport my patches, or disable crypto support
> if you don't need it (untested but should work).

Ah, ok - that’s good to know.  Wasn’t entirely sure what the build error meant 
but this makes sense.

Raf, thanks for pointer regarding @ports - will remember that going forward.

Regards,

- Scott

Problems building BIND 9.10.3 on OpenBSD 5.7

2015-09-16 Thread Research 
Hello,

I am currently having issues compiling BIND 9.10.3 (released by ISC this week 
to correct for DoS vulnerabilities), on my OpenBSD 5.7 test machine.  I am 
running the OpenBSD 5.7 release build with the 14 errata patches successfully 
applied and with the userland also rebuilt.

I can successfully make configure, but when I attempt make build, I receive:

…previous successful build messages removed...

making all in /home/developer/bind-9.10.3/lib/samples
gcc -pthread  -I/home/developer/bind-9.10.3 -I../.. -I./include 
-I../dns/include  -I/home/developer/bind-9.10.3/lib/dns/include  
-I../../lib/dns/include -I/home/developer/bind-9.10.3/lib/isc/include  
-I../../lib/isc  -I../../lib/isc/include  -I../../lib/isc/unix/include  
-I../../lib/isc/pthreads/include  -I../../lib/isc/x86_32/include  
-I../../lib/irs/include  -I../../lib/irs/include   -D_REENTRANT 
-DVERSION=\"9.10.3\" -DSYSCONFDIR=\"/etc/bind\"  -g -O2   -W -Wall 
-Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith 
-fno-strict-aliasing -fno-delete-null-pointer-checks  -c resolve.c
gcc -pthread -g -O2  -o resolve  resolve.o ../irs/libirs.a ../dns/libdns.a  
-lcrypto ../isccfg/libisccfg.a ../isc/libisc.a -lpthread 
../irs/libirs.a(getnameinfo.o)(.text+0x18f): In function `getnameinfo':
/home/developer/bind-9.10.3/lib/irs/getnameinfo.c:220: warning: strcpy() is 
almost always misused, please use strlcpy()
../dns/libdns.a(resolver.o)(.text+0x9774): In function 
`dns_resolver_createfetch3':
/home/developer/bind-9.10.3/lib/dns/resolver.c:4155: warning: strcat() is 
almost always misused, please use strlcat()
../dns/libdns.a(name.o)(.text+0x426b): In function `dns_name_tofilenametext':
/home/developer/bind-9.10.3/lib/dns/name.c:1636: warning: sprintf() is often 
misused, please use snprintf()
../dns/libdns.a(openssldh_link.o)(.text+0xed5): In function 
`openssldh_generate':
/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:212: undefined reference 
to `BN_GENCB_new'
../dns/libdns.a(openssldh_link.o)(.text+0xf23):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:234:
 undefined reference to `BN_GENCB_free'
../dns/libdns.a(openssldh_link.o)(.text+0xffe):/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:229:
 undefined reference to `BN_GENCB_free'
../dns/libdns.a(openssldh_link.o)(.text+0x107d): In function `progress_cb':
/home/developer/bind-9.10.3/lib/dns/openssldh_link.c:164: undefined reference 
to `BN_GENCB_get_arg'
../dns/libdns.a(openssldsa_link.o)(.text+0xab0): In function 
`openssldsa_generate':
/home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:385: undefined reference 
to `BN_GENCB_new'
../dns/libdns.a(openssldsa_link.o)(.text+0xb01):/home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:408:
 undefined reference to `BN_GENCB_free'
../dns/libdns.a(openssldsa_link.o)(.text+0xb4e):/home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:404:
 undefined reference to `BN_GENCB_free'
../dns/libdns.a(openssldsa_link.o)(.text+0xbcd): In function `progress_cb':
/home/developer/bind-9.10.3/lib/dns/openssldsa_link.c:348: undefined reference 
to `BN_GENCB_get_arg'
../dns/libdns.a(opensslrsa_link.o)(.text+0x1352): In function 
`opensslrsa_generate':
/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:777: undefined reference 
to `BN_GENCB_new'
../dns/libdns.a(opensslrsa_link.o)(.text+0x145b):/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:821:
 undefined reference to `BN_GENCB_free'
../dns/libdns.a(opensslrsa_link.o)(.text+0x1489):/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:835:
 undefined reference to `BN_GENCB_free'
../dns/libdns.a(opensslrsa_link.o)(.text+0x14bc):/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:810:
 undefined reference to `BN_GENCB_free'
../dns/libdns.a(opensslrsa_link.o)(.text+0x152d): In function `progress_cb':
/home/developer/bind-9.10.3/lib/dns/opensslrsa_link.c:757: undefined reference 
to `BN_GENCB_get_arg'
collect2: ld returned 1 exit status
*** Error 1 in lib/samples (Makefile:479 'resolve')
*** Error 1 in lib (Makefile:100 'subdirs')
*** Error 1 in /home/developer/bind-9.10.3 (Makefile:105 'subduers’)


It appears to be failing while building in lib/samples and is seeing undefined 
references to BN_GENCB functions.

I am almost 100% certain this is something that I’ve overlooked.  I am 
wondering (guessing ?), if it is referring to something in OpenSSL that is not 
in LibreSSL and that is why it is failing ?

Interestingly enough I had no problems building BIND 10.9.2-P4 (the previous 
release).

I would welcome any suggestions as to how I can fix the build - running BIND as 
opposed to Unbound in my current scenario is unfortunately a requirement.

Thanks

- Scott

Re: Problems building BIND 9.10.3 on OpenBSD 5.7

2015-09-16 Thread Raf Czlonka 
On Thu, Sep 17, 2015 at 02:03:01AM BST, Research wrote:

> Hello,

Hi,

> I am currently having issues compiling BIND 9.10.3 (released by ISC
> this week to correct for DoS vulnerabilities), on my OpenBSD 5.7
> test machine.  I am running the OpenBSD 5.7 release build with the
> 14 errata patches successfully applied and with the userland also
> rebuilt. [...] It appears to be failing while building in lib/samples
> and is seeing undefined references to BN_GENCB functions.
>
> I am almost 100% certain this is something that I’ve overlooked.  I
> am wondering (guessing ?), if it is referring to something in OpenSSL
> that is not in LibreSSL and that is why it is failing ?

Yes, it appears to be OpenSSL-related[0].

Check the ports tree[0] for the patches which Stuart added to HEAD and
see whether the port would built cleanly on 5.7.

Rule of thumb - if there's a port in OpenBSD tree, you might be better
of consulting ports@.

Regards,

Raf

P.S. BTW, security patches for bind-9.10.2-P4 in the OPENBSD_5_7 branch
are from 2nd September.

[0] https://marc.info/?l=openbsd-ports-cvs=144241734102813
[1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/isc-bind/