[Dnsmasq-discuss] Announce 2.85rc1 and security warning.
Daniel
tech at tootai.net
Mon Mar 22 14:40:44 UTC 2021
Hi Petr
Le 22/03/2021 à 13:56, Petr Menšík a écrit :
> -DHAVE_CRYPTOHASH is needed only when -DHAVE_DNSSEC is NOT enabled.
> Please turn off either DNSSEC or CRYPTOHASH. When DNSSEC is enabled,
> CRYPTOHASH is always used without explicit declaration. It is there to
> use cryptohash only without DNSSEC support compiled in.
I deactivate CRYPTOHASH and it's smoothly compiling.
Thanks to you and Simon for the help.
> [...]
>
> On 3/22/21 9:26 AM, Daniel via Dnsmasq-discuss wrote:
>> Le 21/03/2021 à 23:39, Simon Kelley a écrit :
>>> On 21/03/2021 12:12, Daniel via Dnsmasq-discuss wrote:
>>>> Le 20/03/2021 à 22:55, Simon Kelley a écrit :
>>>>> On 20/03/2021 11:11, Daniel via Dnsmasq-discuss wrote:
>>>>>> Le 19/03/2021 à 23:37, Simon Kelley a écrit :
>>>>>>> On 18/03/2021 08:38, Daniel via Dnsmasq-discuss wrote:
>>>>>>>> Hello
>>>>>>>>
>>>>>>>> Le 17/03/2021 à 22:48, Simon Kelley a écrit :
>>>>>>>>> [...]
>>>>>>>>>
>>>>>>>>> https://thekelleys.org.uk/dnsmasq/release-candidates/dnsmasq-2.85rc1.tar.gz
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Thanks Simon. FYI I didn't get it compiled (as well as 2,84) on
>>>>>>>> Debian
>>>>>>>> Buster getting
>>>>>>>>
>>>>>>>> cc -o dnsmasq cache.o rfc1035.o util.o option.o forward.o network.o
>>>>>>>> dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o
>>>>>>>> tftp.o log.o conntrack.o dhcp6.o rfc3315.o dhcp-common.o outpacket.o
>>>>>>>> radv.o slaac.o auth.o ipset.o domain.o dnssec.o blockdata.o tables.o
>>>>>>>> loop.o inotify.o poll.o rrfilter.o edns0.o arp.o crypto.o dump.o
>>>>>>>> ubus.o
>>>>>>>> metrics.o hash_questions.o -ldbus-1 -lidn -lnetfilter_conntrack
>>>>>>>> -lnfnetlink -llua5.2 -lnettle -lhogweed
>>>>>>>> /usr/bin/ld: crypto.o: undefined reference to symbol '__gmpz_init'
>>>>>>>> /usr/bin/ld: //usr/lib/x86_64-linux-gnu/libgmp.so.10: error adding
>>>>>>>> symbols: DSO manquant dans la ligne de commande
>>>>>>>> collect2: error: ld returned 1 exit status
>>>>>>>>
>>>>>>>> It's working by adding -lgmp to nettle_cflags and nettle_libs
>>>>>>>>
>>>>>>>> nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC
>>>>>>>> $(PKG_CONFIG) --cflags 'nettle hogweed' -lgmp\
>>>>>>>> HAVE_CRYPTOHASH $(PKG_CONFIG) --cflags nettle \
>>>>>>>> HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
>>>>>>>> nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC
>>>>>>>> $(PKG_CONFIG) --libs 'nettle hogweed' -lgmp\
>>>>>>>> HAVE_CRYPTOHASH $(PKG_CONFIG) --libs nettle \
>>>>>>>> HAVE_NETTLEHASH $(PKG_CONFIG) --libs nettle`
>>>>>>>>
>>>>>>>> Cheers
>>>>>>>>
>>>>>>> How are you compiling? What command?
>>>>>> uname -a
>>>>>> Linux keewi 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30)
>>>>>> x86_64
>>>>>> GNU/Linux
>>>>>>
>>>>>> . download tarball
>>>>>> . untar
>>>>>> . sudo make
>>>>>>
>>>>>> Error. Add the -lgmp to both lines => works fine
>>>>>>
>>>>> That doesn't make sense. The makefile in the tarball builds a binaery
>>>>> which doesn't rely on any libraries other than libc when make is run
>>>>> without arguments. Unless you've enabled DNSSEC, there should be no
>>>>> dependency on libgmp.
>>>> Yes sorry, forgot to mention that I activate some options
>>>>
>>>> Dnsmasq version 2.85rc1 Copyright (c) 2000-2021 Simon Kelley
>>>> Compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n IDN DHCP
>>>> DHCPv6 Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect
>>>> inotify dumpfile
>>>>
>>> HOW do you activate those options? Please try to tell us EXACTLY what
>>> you do, starting from the downloaded tarball.
>> . download tarball
>> . untar
>> . edit src/config.h
>> /* Build options which require external libraries.
>>
>> Defining HAVE_<opt>_STATIC as _well_ as HAVE_<opt> will link the
>> library statically.
>>
>> You can use "make COPTS=-DHAVE_<opt>" instead of editing these.
>> */
>>
>> #define HAVE_LUASCRIPT
>> #define HAVE_DBUS
>> #define HAVE_IDN
>> /* #define HAVE_LIBIDN2 */
>> #define HAVE_CONNTRACK
>> #define HAVE_CRYPTOHASH
>>
>> #define HAVE_DNSSEC
>> . make
>> => error
>>
>> . edit Makefile and add -lgmp
>> nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC
>> $(PKG_CONFIG) --cflags 'nettle hogweed' -lgmp\
>> HAVE_CRYPTOHASH $(PKG_CONFIG) --cflags nettle \
>> HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
>> nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC
>> $(PKG_CONFIG) --libs 'nettle hogweed' -lgmp\
>> HAVE_CRYPTOHASH $(PKG_CONFIG) --libs nettle \
>> HAVE_NETTLEHASH $(PKG_CONFIG) --libs nettle`
>> => perfect :)
>>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Daniel Huhardeaux
+33.368460088 at tootai.net sip:820 at sip.tootai.net
+41.445532125 at swiss-itech.ch tootaiNET
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210322/36ce8c28/attachment.htm>
More information about the Dnsmasq-discuss
mailing list