unbound-control-setup on line 106: if ! openssl >/dev/null 2>&1; When changed to: [ if ! openssl ] >/dev/null 2>&1; the new certificates are created and the port installs as expected. I found the same behavior for the unbound pkg.
Interesting. Adding the [...] changes what the statement is supposed to do. The line number is wrong. It should be 107 > grep -n openssl unbound-control-setup > 107:if ! openssl >/dev/null 2>&1; then > 108: echo "$0 requires openssl to be installed for keys/certificates generation." &2 > etc. I guess that somehow the script got changed from the original. For your information, It should be 224 lines: > wc unbound-control-setup > 224 815 6141 unbound-control-setup
Understood. I'm not much of a coder. This block was added in v1.21.0. Is it even necessary? Since base includes openssl shouldn't it always be there? Anyway, this seems to work: #!/bin/sh if ! openssl version >/dev/null 2>&1; then echo "$0 requires openssl to be installed for keys/certificates generation." >&2A exit 1 fi
Created attachment 253969 [details] unbound-1.21.0_1.patch (In reply to randy from comment #3) I hadn't paid much attention to it until now, but it is definitely stopping at the point you pointed out. I have created a patch file, so please check it carefully.
(In reply to randy from comment #3) My guess is the test is there since openssl might be missing in some systems.
(In reply to takefu from comment #4) The patch makes sense since openssl in the base system will be interactive when called without argument.
(In reply to takefu from comment #4) I've applied the patch but since /usr/ports/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in does not exist there is nothing to patch except the Makefile. The patch does create patch-smallapp_unbound-control-setup.sh.in and patch-smallapp_unbound-control-setup.sh.in.orig. patch-smallapp_unbound-control-setup.sh.in.orig us empty. <snip> # ls * Makefile distinfo pkg-descr pkg-plist files: pkg-message.in unbound.in </snip> <snip> # patch < unbound-1.21.0_1.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |RTNAME= unbound | DISTVERSION= 1.21.0 |+PORTREVISION= 1 | CATEGORIES= dns | MASTER_SITES= https://www.nlnetlabs.nl/downloads/unbound/ | |diff -udprN /usr/ports/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in ./files/patch-smallapp_unbound-control-setup.sh.in |--- /usr/ports/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in 1970-01-01 00:00:00.000000000 +0000 |+++ ./files/patch-smallapp_unbound-control-setup.sh.in 2024-10-02 22:41:22.364099000 +0000 -------------------------- (Creating file patch-smallapp_unbound-control-setup.sh.in...) Patching file patch-smallapp_unbound-control-setup.sh.in using Plan A... Empty context always matches. Hunk #1 succeeded at 1. done </snip> <snip> # ls * Makefile pkg-descr distinfo pkg-plist unbound-1.21.0_1.patch patch-smallapp_unbound-control-setup.sh.in.orig files: pkg-message.in unbound.in </snip> I did install the patched port. unbound-control-setup is unchanged.
Created attachment 253981 [details] corrected patch The patch turns out to be incorrect, here is a new one. (Message to self: check contributed patches better)
(In reply to Jaap Akkerhuis from comment #8) I applied the patch and installed unbound. Unless I am applying the patch incorrectly... unbound-control-setup remains unchanged. <snip> # patch < unbound-patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile |index ceac886c5b0..6159b044898 100644 |--- a/dns/unbound/Makefile |+++ b/dns/unbound/Makefile -------------------------- Patching file Makefile using Plan A... Hunk #1 succeeded at 1. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in b/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in |new file mode 100644 |index 00000000000..f366b8adc04 |--- /dev/null |+++ b/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in -------------------------- (Creating file patch-smallapp_unbound-control-setup.sh.in...) Patching file patch-smallapp_unbound-control-setup.sh.in using Plan A... Empty context always matches. Hunk #1 succeeded at 1. done </snip>
You need to remake the port before install. Be sure you do a make clean && make install
(In reply to Jaap Akkerhuis from comment #10) What I did and verified again: # make deinstall clean fetch -o unbound.patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253981 # patch < unbound.patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/dns/unbound/Makefile b/dns/unbound/Makefile |index ceac886c5b0..6159b044898 100644 |--- a/dns/unbound/Makefile |+++ b/dns/unbound/Makefile -------------------------- Patching file Makefile using Plan A... Hunk #1 failed at 1. 1 out of 1 hunks failed--saving rejects to Makefile.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in b/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in |new file mode 100644 |index 00000000000..f366b8adc04 |--- /dev/null |+++ b/dns/unbound/files/patch-smallapp_unbound-control-setup.sh.in -------------------------- (Creating file patch-smallapp_unbound-control-setup.sh.in...) Patching file patch-smallapp_unbound-control-setup.sh.in using Plan A... Empty context always matches. Hunk #1 succeeded at 1. done # make install clean # grep 'if ! openssl' /usr/local/sbin/unbound-control-setup if ! openssl >/dev/null 2>&1; then
(In reply to randy from comment #11) I see that "Hunk #1 failed at 1.". I did a refresh of the port and ran the patch again. "Hunk #1 succeeded". I ran "make clean make install" but unbound-control-setup is still not being updated. patch-smallapp_unbound-control-setup.sh.in is not being created in the files directory. I copied patch-smallapp_unbound-control-setup.sh.in into files/, re-rand the install and voila, unbound-control-setup gets modified. # cd /usr/ports/dns/unbound/ # fetch -o unbound.patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253981 # patch < unbound.patch # cp patch-smallapp_unbound-control-setup.sh.in files/ # make install clean # grep 'if ! openssl' /usr/local/sbin/unbound-control-setup if ! openssl version >/dev/null 2>&1; then
You should have done first a "make clean" and then a "make install". If you don;t clean the ports, nothing would have been remade. (A "make clean && make install" makes sure that it is first cleaned out)
Created attachment 253992 [details] unbound patch 10.04.24
(In reply to Jaap Akkerhuis from comment #13) I'm not sure you read my reply. I ran make clean. I also applied the patch on a clean install of FreeBSD-13.3. Hereis the problem: <snip> (Creating file patch-smallapp_unbound-control-setup.sh.in...) Patching file patch-smallapp_unbound-control-setup.sh.in using Plan A... </snip> The patch should be creating these files in dns/unbound/files. I have attached a patch the works for me.
Created attachment 253994 [details] Updated unbound.patch For some reason hunk #1 was failing. This corrects the Makefile part of the ptch.
A patch will be committed with the update from bug #281894.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=4af9b830bfc0df17b05eee4247b637efa40b13bc commit 4af9b830bfc0df17b05eee4247b637efa40b13bc Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> AuthorDate: 2024-10-05 13:30:31 +0000 Commit: Robert Clausecker <fuz@FreeBSD.org> CommitDate: 2024-10-06 16:16:21 +0000 dns/unbound: Update to version 1.21.1 - patch for users who use base OpenSSL PR: 281894, 281804 Security: 2368755b-83f6-11ef-8d2e-a04a5edf46d9 Security: CVE-2024-8508 dns/unbound/Makefile | 2 +- dns/unbound/distinfo | 6 +++--- .../files/patch-smallapp_unbound-control-setup.sh.in (new) | 11 +++++++++++ dns/unbound/pkg-plist | 2 +- 4 files changed, 16 insertions(+), 5 deletions(-)
Thank you for your contribution.