From dd64cb713bc3d08b94b544d95dd22151f0e71394 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sat, 20 Mar 2021 15:21:51 -0700
Subject: [PATCH] bind: update to 9.17.11

Backport upstream OpenSSL deprecated API patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 net/bind/Makefile                             |  6 +--
 net/bind/patches/010-openssl-deprecated.patch | 45 +++++++++++++++++++
 2 files changed, 48 insertions(+), 3 deletions(-)
 create mode 100644 net/bind/patches/010-openssl-deprecated.patch

diff --git a/net/bind/Makefile b/net/bind/Makefile
index 44219e424a..f29ac6d6fe 100644
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,8 +9,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.17.10
-PKG_RELEASE:=1
+PKG_VERSION:=9.17.11
+PKG_RELEASE:=$(AUTORELEASE)
 USERID:=bind=57:bind=57
 
 PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
@@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:= \
 	https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
 	https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=26a90d28ad694029e480fadcdf60b6219e8128a02d3dd594f6c1a83d002890fd
+PKG_HASH:=00de7bad9291121f3b93e70a6959b540b002f742774823c358c7a416c2e2ed4b
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4
diff --git a/net/bind/patches/010-openssl-deprecated.patch b/net/bind/patches/010-openssl-deprecated.patch
new file mode 100644
index 0000000000..2b88bd5d0f
--- /dev/null
+++ b/net/bind/patches/010-openssl-deprecated.patch
@@ -0,0 +1,45 @@
+From a9f883cbc28b865d312918368772627cf9610a2f Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 16 Mar 2021 21:58:55 +0000
+Subject: [PATCH] Stop using deprecated calls in lib/isc/tls.c
+
+from Rosen Penev @neheb
+---
+ lib/isc/tls.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/lib/isc/tls.c
++++ b/lib/isc/tls.c
+@@ -12,10 +12,12 @@
+ #include <inttypes.h>
+ #include <nghttp2/nghttp2.h>
+ 
++#include <openssl/bn.h>
+ #include <openssl/conf.h>
+ #include <openssl/err.h>
+ #include <openssl/opensslv.h>
+ #include <openssl/rand.h>
++#include <openssl/rsa.h>
+ 
+ #include <isc/atomic.h>
+ #include <isc/log.h>
+@@ -274,11 +276,19 @@ isc_tlsctx_createserver(const char *keyf
+ 		rsa = NULL;
+ 		ASN1_INTEGER_set(X509_get_serialNumber(cert), 1);
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
+ 		X509_gmtime_adj(X509_get_notBefore(cert), 0);
++#else
++		X509_gmtime_adj(X509_getm_notBefore(cert), 0);
++#endif
+ 		/*
+ 		 * We set the vailidy for 10 years.
+ 		 */
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
+ 		X509_gmtime_adj(X509_get_notAfter(cert), 3650 * 24 * 3600);
++#else
++		X509_gmtime_adj(X509_getm_notAfter(cert), 3650 * 24 * 3600);
++#endif
+ 
+ 		X509_set_pubkey(cert, pkey);
+ 
-- 
2.30.2