diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bfa937d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ldns-1.7.0.tar.gz diff --git a/.ldns.metadata b/.ldns.metadata new file mode 100644 index 0000000..e28cb75 --- /dev/null +++ b/.ldns.metadata @@ -0,0 +1 @@ +ceeeccf8a27e61a854762737f6ee02f44662c1b8 SOURCES/ldns-1.7.0.tar.gz diff --git a/SOURCES/ldns-1.7.0-coverity.patch b/SOURCES/ldns-1.7.0-coverity.patch new file mode 100644 index 0000000..6aaa451 --- /dev/null +++ b/SOURCES/ldns-1.7.0-coverity.patch @@ -0,0 +1,437 @@ +From c5fcd8ab8ee1b66d0ef75b02f72ccfc3ebf50cf5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Wed, 12 Sep 2018 15:01:37 +0200 +Subject: [PATCH 1/2] Purge unused variables + +--- + packaging/ldns-config.in | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/packaging/ldns-config.in b/packaging/ldns-config.in +index 950c135..a8c860e 100755 +--- a/packaging/ldns-config.in ++++ b/packaging/ldns-config.in +@@ -1,9 +1,6 @@ + #!/bin/sh + +-prefix="@prefix@" +-exec_prefix="@exec_prefix@" + VERSION="@PACKAGE_VERSION@" +-CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@" + LIBS="@LIBS@ @LIBSSL_LIBS@" + INCLUDEDIR="@includedir@" + LIBVERSION="@VERSION_INFO@" +-- +2.20.1 + + +From db06eb482b09a0bcdaf3f688702b1c0df2cb1eca Mon Sep 17 00:00:00 2001 +From: Willem Toorop +Date: Thu, 11 Jul 2019 15:22:44 +0200 +Subject: [PATCH 2/2] Issues detected in ldns library by scan of Coverity +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Thanks Petr Menšík +--- + dnssec.c | 6 +++++- + dnssec_sign.c | 4 ++-- + dnssec_verify.c | 18 ++++++------------ + dnssec_zone.c | 23 +++++++++++++++++------ + host2str.c | 13 +++++++------ + host2wire.c | 22 ++++++++++++++++------ + net.c | 12 ++++++++++-- + packet.c | 2 ++ + radix.c | 5 ++++- + str2host.c | 2 ++ + 10 files changed, 71 insertions(+), 36 deletions(-) + +diff --git a/dnssec.c b/dnssec.c +index e3c99de..b2dd3f3 100644 +--- a/dnssec.c ++++ b/dnssec.c +@@ -149,6 +149,7 @@ ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname, + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); ++ ldns_rdf_deep_free(hashed_sname); + return NULL; + } + +@@ -1556,6 +1557,7 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + ldns_rr_type t_netorder; ++ ldns_status status; + + if (!k) { + return LDNS_STATUS_ERR; +@@ -1607,7 +1609,9 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, + } + return LDNS_STATUS_ERR; + } +- return ldns_verify_time(rrset, sigs, k, check_time, good_keys); ++ status = ldns_verify_time(rrset, sigs, k, check_time, good_keys); ++ ldns_rr_list_deep_free(rrset); ++ return status; + } + + ldns_status +diff --git a/dnssec_sign.c b/dnssec_sign.c +index 22f0981..94ea925 100644 +--- a/dnssec_sign.c ++++ b/dnssec_sign.c +@@ -234,8 +234,6 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) + + new_owner = NULL; + +- signatures = ldns_rr_list_new(); +- + /* prepare a signature and add all the know data + * prepare the rrset. Sign this together. */ + rrset_clone = ldns_rr_list_clone(rrset); +@@ -252,6 +250,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) + /* sort */ + ldns_rr_list_sort(rrset_clone); + ++ signatures = ldns_rr_list_new(); ++ + for (key_count = 0; + key_count < ldns_key_list_key_count(keys); + key_count++) { +diff --git a/dnssec_verify.c b/dnssec_verify.c +index c554e4f..c7e2fba 100644 +--- a/dnssec_verify.c ++++ b/dnssec_verify.c +@@ -1583,8 +1583,6 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr + bool wildcard_covered = false; + ldns_rdf *zone_name; + ldns_rdf *hashed_name; +- /* self assignment to suppress uninitialized warning */ +- ldns_rdf *next_closer = next_closer; + ldns_rdf *hashed_next_closer; + size_t i; + ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; +@@ -1659,6 +1657,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr + } + } + } ++ ldns_rdf_deep_free(hashed_name); + result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; + /* wildcard no data? section 8.7 */ + closest_encloser = ldns_dnssec_nsec3_closest_encloser( +@@ -1748,7 +1747,9 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr + /* Query name *is* the "next closer". */ + hashed_next_closer = hashed_name; + } else { +- ++ ldns_rdf *next_closer; ++ ++ ldns_rdf_deep_free(hashed_name); + /* "next closer" has less labels than the query name. + * Create the name and hash it. + */ +@@ -1762,6 +1763,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr + next_closer + ); + (void) ldns_dname_cat(hashed_next_closer, zone_name); ++ ldns_rdf_deep_free(next_closer); + } + /* Find the NSEC3 that covers the "next closer" */ + for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) { +@@ -1776,15 +1778,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr + break; + } + } +- if (ldns_dname_label_count(closest_encloser) + 1 +- < ldns_dname_label_count(ldns_rr_owner(rr))) { +- +- /* "next closer" has less labels than the query name. +- * Dispose of the temporary variables that held that name. +- */ +- ldns_rdf_deep_free(hashed_next_closer); +- ldns_rdf_deep_free(next_closer); +- } ++ ldns_rdf_deep_free(hashed_next_closer); + ldns_rdf_deep_free(closest_encloser); + } + +diff --git a/dnssec_zone.c b/dnssec_zone.c +index f610a3c..e089754 100644 +--- a/dnssec_zone.c ++++ b/dnssec_zone.c +@@ -746,6 +746,7 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or + newzone = NULL; + } else { + ldns_dnssec_zone_free(newzone); ++ newzone = NULL; + } + + error: +@@ -1105,8 +1106,12 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3( + ldns_rdf *ent_name; + + if (!(ent_name = ldns_dname_clone_from( +- next_name, i))) ++ next_name, i))) { ++ ++ ldns_rdf_deep_free(l1); ++ ldns_rdf_deep_free(l2); + return LDNS_STATUS_MEM_ERR; ++ } + + if (nsec3s && zone->_nsec3params) { + ldns_rdf *ent_hashed_name; +@@ -1114,28 +1119,34 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3( + if (!(ent_hashed_name = + ldns_nsec3_hash_name_frm_nsec3( + zone->_nsec3params, +- ent_name))) ++ ent_name))) { ++ ldns_rdf_deep_free(l1); ++ ldns_rdf_deep_free(l2); ++ ldns_rdf_deep_free(ent_name); + return LDNS_STATUS_MEM_ERR; ++ } + node = ldns_rbtree_search(nsec3s, + ent_hashed_name); + if (!node) { + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); ++ ldns_rdf_deep_free(ent_name); + continue; + } + } + new_name = ldns_dnssec_name_new(); + if (!new_name) { ++ ldns_rdf_deep_free(l1); ++ ldns_rdf_deep_free(l2); ++ ldns_rdf_deep_free(ent_name); + return LDNS_STATUS_MEM_ERR; + } + new_name->name = ent_name; +- if (!new_name->name) { +- ldns_dnssec_name_free(new_name); +- return LDNS_STATUS_MEM_ERR; +- } + new_name->name_alloced = true; + new_node = LDNS_MALLOC(ldns_rbnode_t); + if (!new_node) { ++ ldns_rdf_deep_free(l1); ++ ldns_rdf_deep_free(l2); + ldns_dnssec_name_free(new_name); + return LDNS_STATUS_MEM_ERR; + } +diff --git a/host2str.c b/host2str.c +index 747d543..f39a184 100644 +--- a/host2str.c ++++ b/host2str.c +@@ -1085,12 +1085,12 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf) + /* no gateway */ + break; + case 1: +- gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN); +- if(!gateway_data) +- return LDNS_STATUS_MEM_ERR; + if (ldns_rdf_size(rdf) < offset + LDNS_IP4ADDRLEN) { + return LDNS_STATUS_ERR; + } ++ gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN); ++ if(!gateway_data) ++ return LDNS_STATUS_MEM_ERR; + memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN); + gateway = ldns_rdf_new(LDNS_RDF_TYPE_A, + LDNS_IP4ADDRLEN , gateway_data); +@@ -1101,12 +1101,12 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf) + } + break; + case 2: +- gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN); +- if(!gateway_data) +- return LDNS_STATUS_MEM_ERR; + if (ldns_rdf_size(rdf) < offset + LDNS_IP6ADDRLEN) { + return LDNS_STATUS_ERR; + } ++ gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN); ++ if(!gateway_data) ++ return LDNS_STATUS_MEM_ERR; + memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN); + offset += LDNS_IP6ADDRLEN; + gateway = +@@ -1129,6 +1129,7 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf) + } + + if (ldns_rdf_size(rdf) <= offset) { ++ ldns_rdf_deep_free(gateway); + return LDNS_STATUS_ERR; + } + public_key_size = ldns_rdf_size(rdf) - offset; +diff --git a/host2wire.c b/host2wire.c +index 4d8aa30..a12b6b0 100644 +--- a/host2wire.c ++++ b/host2wire.c +@@ -67,17 +67,27 @@ ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_ + { + /* Not found. Write cache entry, take off first label, write it, */ + /* try again with the rest of the name. */ +- node = LDNS_MALLOC(ldns_rbnode_t); +- if(!node) +- { +- return LDNS_STATUS_MEM_ERR; +- } + if (ldns_buffer_position(buffer) < 16384) { +- node->key = ldns_rdf_clone(name); ++ ldns_rdf *key; ++ ++ node = LDNS_MALLOC(ldns_rbnode_t); ++ if(!node) ++ { ++ return LDNS_STATUS_MEM_ERR; ++ } ++ ++ key = ldns_rdf_clone(name); ++ if (!key) { ++ LDNS_FREE(node); ++ return LDNS_STATUS_MEM_ERR; ++ } ++ node->key = key; + node->data = (void *) (intptr_t) ldns_buffer_position(buffer); + if(!ldns_rbtree_insert(compression_data,node)) + { + /* fprintf(stderr,"Name not found but now it's there?\n"); */ ++ ldns_rdf_deep_free(key); ++ LDNS_FREE(node); + } + } + label = ldns_dname_label(name, 0); +diff --git a/net.c b/net.c +index 9e048d2..6e6a12b 100644 +--- a/net.c ++++ b/net.c +@@ -202,6 +202,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen, + } + #endif + if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == SOCK_INVALID){ ++ close_socket(sockfd); + return 0; + } + +@@ -337,7 +338,7 @@ ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin, + answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout); + close_socket(sockfd); + +- if (*answer_size == 0) { ++ if (!answer) { + /* oops */ + return LDNS_STATUS_NETWORK_ERR; + } +@@ -390,6 +391,7 @@ ldns_udp_bgsend_from(ldns_buffer *qbin, + } + + if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){ ++ close_socket(sockfd); + return 0; + } + +@@ -437,7 +439,7 @@ ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin, + answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL); + close_socket(sockfd); + +- if (*answer_size == 0) { ++ if (!answer) { + /* oops */ + return LDNS_STATUS_NETWORK_ERR; + } +@@ -571,6 +573,9 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf + if (!reply_bytes) { + /* the current nameserver seems to have a problem, blacklist it */ + if (ldns_resolver_fail(r)) { ++ if(src) { ++ LDNS_FREE(src); ++ } + LDNS_FREE(ns); + return LDNS_STATUS_ERR; + } else { +@@ -918,6 +923,9 @@ ldns_axfr_start(ldns_resolver *resolver, const ldns_rdf *domain, ldns_rr_class c + src, (socklen_t)src_len, + ldns_resolver_timeout(resolver)); + } ++ if (src) { ++ LDNS_FREE(src); ++ } + + if (resolver->_socket == SOCK_INVALID) { + ldns_pkt_free(query); +diff --git a/packet.c b/packet.c +index 95f8f3f..f8fb960 100644 +--- a/packet.c ++++ b/packet.c +@@ -928,11 +928,13 @@ ldns_pkt_query_new_frm_str_internal(ldns_pkt **p, const char *name, + } + + if (!ldns_pkt_set_flags(packet, flags)) { ++ ldns_pkt_free(packet); + return LDNS_STATUS_ERR; + } + + question_rr = ldns_rr_new(); + if (!question_rr) { ++ ldns_pkt_free(packet); + return LDNS_STATUS_MEM_ERR; + } + +diff --git a/radix.c b/radix.c +index 43f7365..9695e13 100644 +--- a/radix.c ++++ b/radix.c +@@ -225,9 +225,9 @@ ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len, + } + } else if (pos == len) { + /** Exact match found */ ++ LDNS_FREE(add); + if (prefix->data) { + /* Element already exists */ +- LDNS_FREE(add); + return LDNS_STATUS_EXISTS_ERR; + } + prefix->data = data; +@@ -1120,12 +1120,15 @@ ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, + if (array->len - common_len > 1) { + if (!ldns_radix_prefix_remainder(common_len+1, + array->str, array->len, &s1, &l1)) { ++ LDNS_FREE(common); + return 0; + } + } + if (strlen_to_add - common_len > 1) { + if (!ldns_radix_prefix_remainder(common_len+1, + str_to_add, strlen_to_add, &s2, &l2)) { ++ LDNS_FREE(common); ++ LDNS_FREE(s1); + return 0; + } + } +diff --git a/str2host.c b/str2host.c +index c3afba1..68bccf1 100644 +--- a/str2host.c ++++ b/str2host.c +@@ -445,6 +445,7 @@ ldns_str2rdf_str(ldns_rdf **rd, const char *str) + *++dp = ch; + } + if (! str) { ++ LDNS_FREE(data); + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } + length = (size_t)(dp - data); +@@ -1494,6 +1495,7 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) + } + } + if (! str) { ++ LDNS_FREE(data); + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } + if (!(length = (size_t)(dp - data))) { +-- +2.20.1 + diff --git a/SOURCES/ldns-1.7.0-multilib.patch b/SOURCES/ldns-1.7.0-multilib.patch new file mode 100644 index 0000000..428dc78 --- /dev/null +++ b/SOURCES/ldns-1.7.0-multilib.patch @@ -0,0 +1,77 @@ +diff --git a/ldns-1.7.0/configure b/ldns-1.7.0/configure +index cd087de..aeec9fb 100755 +--- a/ldns-1.7.0/configure ++++ b/ldns-1.7.0/configure +@@ -684,6 +684,7 @@ PYTHON_SITE_PKG + PYTHON_LDFLAGS + PYTHON_CPPFLAGS + PYTHON ++PYTHON_LIB + PYTHON_VERSION + UNINSTALL_CONFIG_MANPAGE + UNINSTALL_CONFIG +@@ -14311,6 +14312,7 @@ EOD` + # use the official shared library + ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"` + PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library" ++ PYTHON_LIB="$ac_python_library" + else + # old way: use libpython from python_configdir + ac_python_libdir=`$PYTHON -c \ +@@ -14318,6 +14320,7 @@ EOD` + import os; \ + print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"` + PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version" ++ PYTHON_LIB="python$ac_python_version" + fi + + if test -z "PYTHON_LDFLAGS"; then +diff --git a/ldns-1.7.0/packaging/ldns-config.in b/ldns-1.7.0/packaging/ldns-config.in +index ffb2c57..950c135 100755 +--- a/ldns-1.7.0/packaging/ldns-config.in ++++ b/ldns-1.7.0/packaging/ldns-config.in +@@ -3,13 +3,26 @@ + prefix="@prefix@" + exec_prefix="@exec_prefix@" + VERSION="@PACKAGE_VERSION@" +-CFLAGS="@CFLAGS@" + CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@" +-LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@" + LIBS="@LIBS@ @LIBSSL_LIBS@" +-LIBDIR="@libdir@" + INCLUDEDIR="@includedir@" + LIBVERSION="@VERSION_INFO@" ++ARCH="`uname -m`" ++ ++case $ARCH in ++ x86_64 | amd64 | sparc64 | s390x | ppc64) ++ ++ LIBDIR="/usr/lib64" ++ LIBDIR_SEC="/usr/lib" ++ ;; ++ * ) ++ LIBDIR="/usr/lib" ++ LIBDIR_SEC="/usr/lib64" ++ ;; ++esac ++ ++LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR -l@PYTHON_LIB@" ++LDFLAGS_SEC="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR_SEC -l@PYTHON_LIB@" + + for arg in $@ + do +@@ -21,9 +34,13 @@ do + then + echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns" + fi ++ if [ $arg = "--libs_sec" ] ++ then ++ echo "${LDFLAGS_SEC} -L${LIBDIR_SEC} ${LIBS} -lldns" ++ fi + if [ $arg = "-h" ] || [ $arg = "--help" ] + then +- echo "Usage: $0 [--cflags] [--libs] [--version]" ++ echo "Usage: $0 [--cflags] [--libs] [--libs_sec] [--version]" + fi + if [ $arg = "--version" ] + then diff --git a/SOURCES/ldns-1.7.0-parse-limit.patch b/SOURCES/ldns-1.7.0-parse-limit.patch new file mode 100644 index 0000000..2c2abe8 --- /dev/null +++ b/SOURCES/ldns-1.7.0-parse-limit.patch @@ -0,0 +1,28 @@ +From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001 +From: Willem Toorop +Date: Thu, 27 Apr 2017 00:14:58 +0200 +Subject: [PATCH] Check parse limit before t increment + +Thanks Stephan Zeisberg +--- + parse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/parse.c b/parse.c +index e68627c..947dbb8 100644 +--- a/parse.c ++++ b/parse.c +@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li + if (line_nr) { + *line_nr = *line_nr + 1; + } ++ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { ++ *t = '\0'; ++ return -1; ++ } + *t++ = ' '; + prev_c = c; + continue; +-- +2.9.5 + diff --git a/SOURCES/ldns-1.7.0-realloc.patch b/SOURCES/ldns-1.7.0-realloc.patch new file mode 100644 index 0000000..25be44d --- /dev/null +++ b/SOURCES/ldns-1.7.0-realloc.patch @@ -0,0 +1,30 @@ +From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001 +From: Willem Toorop +Date: Thu, 27 Apr 2017 00:25:20 +0200 +Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size + +Thanks Stephan Zeisberg +--- + str2host.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/str2host.c b/str2host.c +index b274b17..f2a317b 100644 +--- a/str2host.c ++++ b/str2host.c +@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } +- length = (size_t)(dp - data); +- ++ if (!(length = (size_t)(dp - data))) { ++ LDNS_FREE(data); ++ return LDNS_STATUS_SYNTAX_EMPTY; ++ } + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); + if (! data) { +-- +2.9.5 + diff --git a/SPECS/ldns.spec b/SPECS/ldns.spec new file mode 100644 index 0000000..1e9d61c --- /dev/null +++ b/SPECS/ldns.spec @@ -0,0 +1,731 @@ +%global _hardened_build 1 + +%bcond_without python3 +%if 0%{?rhel} > 7 +%bcond_with python2 +%else +%bcond_without python2 +%endif +%bcond_without perl +%bcond_without ecdsa +%if 0%{?fedora} >= 26 || 0%{?rhel} > 7 +%bcond_without eddsa +%bcond_without dane_ta +%else +%bcond_with eddsa +%bcond_with dane_ta +%endif +# GOST is not allowed in Fedora/RHEL due to legal reasons (not NIST ECC) +%bcond_with gost + +%{?!snapshot: %global snapshot 0} + +%if %{with python2} || %{with python3} +%{?filter_setup: +%global _ldns_internal_filter /^_ldns[.]so.*/d; +%filter_from_requires %{_ldns_internal_filter} +%filter_from_provides %{_ldns_internal_filter} +%filter_setup +} +%global _ldns_internal _ldns[.]so[.].* +%global __requires_exclude ^(%{_ldns_internal})$ +%global __provides_exclude ^(%{_ldns_internal})$ +%endif + +%if %{with perl} +%{?perl_default_filter} +%endif + +Summary: Low-level DNS(SEC) library with API +Name: ldns +Version: 1.7.0 +Release: 21%{?dist} + +License: BSD +Url: http://www.nlnetlabs.nl/%{name}/ +Source0: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz +Patch1: ldns-1.7.0-multilib.patch +Patch2: ldns-1.7.0-parse-limit.patch +Patch3: ldns-1.7.0-realloc.patch +Patch4: ldns-1.7.0-coverity.patch + +Group: System Environment/Libraries +# Only needed for builds from svn snapshot +%if 0%{snapshot} +BuildRequires: libtool +BuildRequires: autoconf +BuildRequires: automake +%endif + +BuildRequires: gcc, make +BuildRequires: libpcap-devel +%if %{with dane_ta} +BuildRequires: openssl-devel >= 1.1.0 +%else +BuildRequires: openssl-devel >= 1.0.2k +%endif +BuildRequires: gcc-c++ +BuildRequires: doxygen + +# for snapshots only +# BuildRequires: libtool, autoconf, automake +%if %{with python2} +BuildRequires: python2-devel, swig +%endif +%if %{with python3} +BuildRequires: python3-devel, swig +%endif +%if %{with perl} +BuildRequires: perl-devel +BuildRequires: perl-ExtUtils-MakeMaker +BuildRequires: perl-generators +BuildRequires: perl(Devel::CheckLib) +%endif +Requires: ca-certificates + +%description +ldns is a library with the aim to simplify DNS programming in C. All +low-level DNS/DNSSEC operations are supported. We also define a higher +level API which allows a programmer to (for instance) create or sign +packets. + +%package devel +Summary: Development package that includes the ldns header files +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig openssl-devel + +%description devel +The devel package contains the ldns library and the include files + +%package utils +Summary: DNS(SEC) utilities for querying dns +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description utils +Collection of tools to get, check or alter DNS(SEC) data. + + +%if %{with python2} +%package -n python2-ldns +Summary: Python2 extensions for ldns +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +%{?python_provide:%python_provide python2-ldns} + +%description -n python2-ldns +Python2 extensions for ldns +%endif + + +%if %{with python3} +%package -n python3-ldns +Summary: Python3 extensions for ldns +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +%{?python_provide:%python_provide python3-ldns} + +%description -n python3-ldns +Python3 extensions for ldns +%endif + + +%if %{with perl} +%package -n perl-ldns +Summary: Perl extensions for ldns +Group: Applications/System +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description -n perl-ldns +Perl extensions for ldns +%endif + +%package doc +Summary: Documentation for the ldns library +Group: Development/Libraries +BuildArch: noarch + +%description doc +This package contains documentation for the ldns library + +%prep +%{?extra_version:%global pkgname %{name}-%{version}%{extra_version}}%{!?extra_version:%global pkgname %{name}-%{version}} + +%setup -qcn %{pkgname} +pushd %{pkgname} + +%patch1 -p2 -b .multilib +%patch2 -p1 -b .limit +%patch3 -p1 -b .realloc +%patch4 -p1 -b .covscan +# To built svn snapshots +%if 0%{snapshot} + rm config.guess config.sub ltmain.sh + aclocal + libtoolize -c --install + autoreconf --install +%endif + +# fixup .pc file +sed -i "s/@includedir@/@includedir@\/ldns/" packaging/libldns.pc.in + +# copy common doc files - after here, since it may be patched +cp -pr doc LICENSE README* Changelog ../ +cp -p contrib/ldnsx/LICENSE ../LICENSE.ldnsx +cp -p contrib/ldnsx/README ../README.ldnsx +popd + +%if %{with python3} +mv %{pkgname} %{pkgname}_python3 +%endif + +%if %{with python2} +cp -a %{pkgname}_python3 %{pkgname}_python2 +%endif # with python2 + + +%build +CFLAGS="%{optflags} -fPIC" +CXXFLAGS="%{optflags} -fPIC" +LDFLAGS="$RPM_LD_FLAGS -Wl,-z,now -pie" +export CFLAGS CXXFLAGS LDFLAGS + +%if %{with gost} + %global enable_gost --enable-gost +%else + %global enable_gost --disable-gost +%endif + +%if %{with ecdsa} + %global enable_ecdsa --enable-ecdsa +%else + %global enable_ecdsa --disable-ecdsa +%endif + +%if %{with eddsa} + %global enable_eddsa --enable-ed25519 --enable-ed448 +%else + %global enable_eddsa --disable-ed25519 --disable-ed448 +%endif + +%if ! %{with dane_ta} + %global disable_dane_ta --disable-dane-ta-usage +%endif + +%global common_args \\\ + --disable-rpath \\\ + %{enable_gost} %{enable_ecdsa} %{enable_eddsa} %{?disable_dane_ta} \\\ + --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \\\ + --with-ca-path=/etc/pki/tls/certs/ \\\ + --with-trust-anchor=%{_sharedstatedir}/unbound/root.key \\\ + --disable-static \\\ + + +%if 0%{with python3} +pushd %{pkgname}_python3 +%else +pushd %{pkgname} +%endif # with python3 + +%configure \ + %{common_args} \ + --with-examples \ + --with-drill \ +%if %{with python3} + --with-pyldns PYTHON=%{__python3} +%endif + +make %{?_smp_mflags} +make %{?_smp_mflags} doc + +# We cannot use the built-in --with-p5-dns-ldns +%if %{with perl} + pushd contrib/DNS-LDNS + LD_LIBRARY_PATH="../../lib:$LD_LIBRARY_PATH" perl \ + Makefile.PL INSTALLDIRS=vendor INC="-I. -I../.." LIBS="-L../../lib" + make + popd +%endif + +# specfic hardening options should not end up in ldns-config +sed -i "s~$RPM_LD_FLAGS~~" packaging/ldns-config +popd + +%if %{with python2} + pushd %{pkgname}_python2 + %configure \ + %{common_args} \ + --with-pyldns PYTHON=%{__python2} + + make %{?_smp_mflags} + popd +%endif + + + +%install +rm -rf %{buildroot} + +%if %{with python3} +pushd %{pkgname}_python3 +%else +pushd %{pkgname} +%endif + +make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install +make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-doc + +# remove .la files +rm -rf %{buildroot}%{_libdir}/*.la +%if %{with python3} +rm -rf %{buildroot}%{python3_sitearch}/*.la +%endif + +# install pkg-config file +install -D -m644 packaging/libldns.pc %{buildroot}%{_libdir}/pkgconfig/ldns.pc +%if %{with perl} + make -C contrib/DNS-LDNS DESTDIR=%{buildroot} pure_install + chmod 755 %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/LDNS.so + rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs} +%endif +popd + +%if %{with python2} + pushd %{pkgname}_python2 + make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-pyldns install-pyldnsx + rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python2_sitearch}/*.la + popd +%endif + +# don't package xml files +rm doc/*.xml +# don't package building script for install-doc in doc section +rm doc/doxyparse.pl +# remove double set of man pages +rm -rf doc/man + +%ldconfig_scriptlets + +%files +%doc README +%license LICENSE +%{_libdir}/libldns.so.2* + +%files utils +%{_bindir}/drill +%{_bindir}/ldnsd +%{_bindir}/ldns-chaos +%{_bindir}/ldns-compare-zones +%{_bindir}/ldns-[d-z]* +%{_mandir}/man1/* + +%files devel +%doc Changelog README.git +%{_libdir}/libldns.so +%{_libdir}/pkgconfig/ldns.pc +%{_bindir}/ldns-config +%dir %{_includedir}/ldns +%{_includedir}/ldns/*.h +%{_mandir}/man3/*.3.gz + +%if %{with python2} +%files -n python2-ldns +%doc %{pkgname}_python2/contrib/python/Changelog README.ldnsx +%license LICENSE.ldnsx +%{python2_sitearch}/* +%endif + +%if %{with python3} +%files -n python3-ldns +%doc %{pkgname}_python3/contrib/python/Changelog README.ldnsx +%license LICENSE.ldnsx +%{python3_sitearch}/* +%endif + +%if %{with perl} +%files -n perl-ldns +%{perl_vendorarch}/* +%exclude %dir %{perl_vendorarch}/auto/ +%{_mandir}/man3/*.3pm.gz +%endif + +%files doc +%doc doc + +%changelog +* Tue Jul 23 2019 Martin Osvald - 1.7.0-21 +- Fix for issues found by covscan (#1602571) + +* Tue Jul 10 2018 Petr Menšík - 1.7.0-20 +- Add all depends, spec cleanup, use full python interpreter + +* Tue Jul 03 2018 Petr Pisar - 1.7.0-19 +- Perl 5.28 rebuild + +* Fri Jun 29 2018 Jitka Plesnikova - 1.7.0-18 +- Perl 5.28 rebuild + +* Tue Jun 19 2018 Miro Hrončok - 1.7.0-17 +- Rebuilt for Python 3.7 + +* Wed Apr 11 2018 Petr Menšík - 1.7.0-16 +- Make DANE TA usage more clear, autoconfigure for old fedora + +* Wed Feb 21 2018 Petr Menšík - 1.7.0-15 +- Experimental support for ed25519 and ed448 + +* Wed Feb 21 2018 Petr Menšík - 1.7.0-14 +- Add only extra flags to default RPM LDFLAGS +- Fix multilib conflict of ldns-config (#1463423) +- Make primary python3 in primary build, python2 in optional + +* Wed Feb 21 2018 Petr Menšík - 1.7.0-13 +- Support for python3 package (#1323248) +- Moved perl manual pages to perl-ldns + +* Wed Feb 07 2018 Fedora Release Engineering - 1.7.0-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 05 2018 Iryna Shcherbina - 1.7.0-11 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Thu Nov 09 2017 Petr Menšík - 1.7.0-10 +- Fix memory corruption in ldns_str2rdf_long_str (#1511046) + +* Thu Nov 09 2017 Petr Menšík - 1.7.0-9 +- Fix memory corruption in ldns_rr_new_frm_fp_l (#1511046) + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 1.7.0-8 +- Python 2 binary package renamed to python2-ldns + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 Fedora Release Engineering - 1.7.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.7.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jul 07 2017 Igor Gnatenko - 1.7.0-5 +- Rebuild due to bug in RPM (RHBZ #1468476) + +* Mon Jun 05 2017 Jitka Plesnikova - 1.7.0-4 +- Perl 5.26 rebuild + +* Sat Mar 11 2017 Rex Dieter - 1.7.0-3 +- explicitly track library soname (so bumps aren't a surprise) +- use %%license, drop dup'd README in -devel +- BR: openssl-devel >= 1.1.0 (required for DANE verification) + +* Wed Mar 01 2017 Petr Menšík - 1.7.0-2 +- Update to 1.7.0 + +* Fri Feb 10 2017 Fedora Release Engineering - 1.6.17-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jul 19 2016 Fedora Release Engineering - 1.6.17-20 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Sun May 15 2016 Jitka Plesnikova - 1.6.17-19 +- Perl 5.24 rebuild + +* Thu Apr 21 2016 Paul Wouters - 1.6.17-18 +- Resolves: rhbz#1190724 Missing dependency - openssl-devel + +* Thu Feb 04 2016 Fedora Release Engineering - 1.6.17-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jul 16 2015 Tomas Hozza - 1.6.17-16 +- Fix FTBFS on F23+ (#1230140) + +* Wed Jun 17 2015 Paul Wouters - 1.6.17-15 +- Remove obsoleted Obsolete:s +- Fix for man page generation + +* Sat Jun 06 2015 Paul Wouters - 1.6.17-14 +- rebuilt with --enable-rrtype-cds --enable-rrtype-uri enabled + +* Sat Jun 06 2015 Jitka Plesnikova - 1.6.17-13 +- Perl 5.22 rebuild + +* Mon Apr 27 2015 Paul Wouters - 1.6.17-12 +- Split with_ecc macro in with_ecdsa and with_gost - and disable gost + +* Mon Nov 24 2014 Paul Wouters - 1.6.17-11 +- Only cond_without sets "with ", so use underscores +- multilib.patch was setting LIBDIR_SEC once without leading / + +* Thu Oct 02 2014 Paul Wouters - 1.6.17-10 +- Fix and install the .pc (pkg-config) file + +* Wed Oct 01 2014 Paul Wouters - 1.6.17-9 +- Remove hardening options from ldns-config (rhbz#1147972) + +* Tue Sep 30 2014 Paul Wouters - 1.6.17-8 +- Fix ldns-config (rhbz#1147972) [Florian Lehner] + +* Tue Aug 26 2014 Jitka Plesnikova - 1.6.17-7 +- Perl 5.20 rebuild + +* Sun Aug 17 2014 Fedora Release Engineering - 1.6.17-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.6.17-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 06 2014 Paul Wouters - 1.6.17-4 +- Rename ldns-python to python-ldns +- Rename ldns-perl to perl-ldns +- Ensure ldns-utils is dragged it so an upgrade does not remove utils + +* Tue May 06 2014 Paul Wouters - 1.6.17-3 +- CVE-2014-3209 ldns: ldns-keygen generates keys with world readable permissions +- Fix 1017958 - 32 and 64 bit ldns conflicts on some manual pages +- Fix rhbz#1062874 - cannot install ldns.x86_64 in parallel to ldns.i686 +- Incorporate fixes from Tuomo Soini +- hardened build +- fix ldns internal provides and requires filter +- fix perl-ldns requirement to include %%_isa +- setup filters for perl and python bindings for internal stuff +- split utils to separate package + +* Mon Mar 24 2014 Tomas Hozza - 1.6.17-2 +- Fix error causing ldns to sometimes produce faulty DSA sign (#1077776) +- Fix FTBFS due to perl modules + +* Fri Jan 10 2014 Paul Wouters - 1.6.17-1 +- Updated to 1.6.17 +- Enable perl bindings via new ldns-perl sub-package +- Enable ECDSA/GOST which is now allowed in Fedora +- Removed patches merged upstream, ported multilib patch to 1.6.17 + +* Sat Aug 03 2013 Fedora Release Engineering - 1.6.16-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 23 2013 Tomas Hozza - 1.6.16-5 +- Fix compiler warnings and one uninitialized value +- make ldns-config multilib clean +- Fix man pages and usages errors + +* Mon Jun 03 2013 Paul Wouters - 1.6.16-4 +- Use /var/lib/unbound/root.key for --with-trust-anchor + +* Fri Apr 19 2013 Adam Tkac - 1.6.16-3 +- make package multilib clean + +* Thu Feb 14 2013 Fedora Release Engineering - 1.6.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Oct 30 2012 Paul Wouters - 1.6.16-1 +- Updated to 1.6.16 +- Addresses bug in 1.6.14 and 1.6.15 that affects opendnssec + (if you have empty non-terminals and use NSEC3) + +* Fri Oct 26 2012 Paul Wouters - 1.6.15-1 +- Updated to 1.6.15, as 1.6.14 accidentally broke ABI + (We never released 1.6.14) + +* Tue Oct 23 2012 Paul Wouters - 1.6.14-1 +- [pulled before release] +- Updated to 1.6.14 +- Removed merged in patch +- Added new dependancy on ca-certificates for ldns-dane PKIX validation + +* Thu Jul 19 2012 Fedora Release Engineering - 1.6.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 01 2012 Paul Wouters - 1.6.13-2 +- Added reworked ldns-read-zone patch from trunk + (adds -p for SOA padding, and -o for zeroizing timestamps/sigs) + +* Mon May 21 2012 Paul Wouters - 1.6.13-1 +- Upgraded to 1.6.13, bugfix release +- Added --disable-ecdsa as ECC is still banned +- Removed --with-sha2 - it is always enabled and option was removed + +* Wed Jan 11 2012 Paul Wouters - 1.6.12-1 +- Upgraded to 1.6.12, fixes important end of year handling date bug + +* Wed Oct 5 2011 Paul Wouters - 1.6.11-2 +- Updated to 1.6.11, fixes rhbz#741026 which is CVE-2011-3581 +- Python goes into sitearch, not sitelib +- Fix source link and spelling errors in description + +* Mon Sep 19 2011 Paul Wouters - 1.6.10-2 +- Fix for losing nameserver when it drops UDP fragments in + ldns_resolver_send_pkt [Willem Toorop ] +- Added ldnsx module (to be merged into ldns soon) + http://git.xelerance.com/cgi-bin/gitweb.cgi?p=ldnsx.git;a=summary + +* Wed Jun 08 2011 Paul Wouters - 1.6.10-1 +- Upodated to 1.6.10 +- Commented out dependancies that are only needed for snapshots + +* Sun Mar 27 2011 Paul Wouters - 1.6.9-1 +- Updated to 1.6.9 + +* Mon Feb 07 2011 Fedora Release Engineering - 1.6.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 24 2011 Paul Wouters - 1.6.8-1 +- Updated to 1.6.8 + +* Thu Aug 26 2010 Paul Wouters - 1.6.6-2 +- Bump for EVR + +* Mon Aug 09 2010 Paul Wouters - 1.6.6-1 +- Upgraded to 1.6.6 + +* Wed Jul 21 2010 David Malcolm - 1.6.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Jun 15 2010 Paul Wouters - 1.6.5-1 +- Updated to 1.6.5 + +* Fri Jan 22 2010 Paul Wouters - 1.6.4-2 +- Fix missing _ldns.so causing ldns-python to not work +- Patch for installing ldns-python files +- Patch for rpath in ldns-python +- Don't install .a file for ldns-python + +* Wed Jan 20 2010 Paul Wouters - 1.6.4-1 +- Upgraded to 1.6.4 +- Added ldns-python sub package + +* Fri Dec 04 2009 Paul Wouters - 1.6.3-1 +- Upgraded to 1.6.3, which has minor bugfixes + +* Fri Nov 13 2009 Paul Wouters - 1.6.2-1 +- Upgraded to 1.6.2. This fixes various bugs. + (upstream released mostly to default with sha2 for the imminent + signed root, but we already enabled that in our builds) + +* Tue Aug 25 2009 Tomas Mraz - 1.6.1-3 +- rebuilt with new openssl + +* Sun Aug 16 2009 Paul Wouters - 1.6.1-2 +- Added openssl dependancy back in, since we get more functionality + when using openssl. Especially in 'drill'. + +* Sun Aug 16 2009 Paul Wouters - 1.6.1-1 +- Updated to 1.6.1 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.6.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jul 13 2009 Paul Wouters - 1.6.0-4 +- Fixed the ssl patch so it can now compile --without-ssl + +* Sat Jul 11 2009 Paul Wouters - 1.6.0-3 +- Added patch to compile with --without-ssl +- Removed openssl dependancies +- Recompiled with --without-ssl + +* Sat Jul 11 2009 Paul Wouters - 1.6.0-2 +- Updated to 1.6.0 +- (did not yet compile with --without-ssl due to compile failures) + +* Fri Jul 10 2009 Paul Wouters - 1.6.0-1 +- Updated to 1.6.0 +- Compile without openssl + +* Thu Apr 16 2009 Paul Wouters - 1.5.1-4 +- Memory management bug when generating a sha256 key, see: + https://bugzilla.redhat.com/show_bug.cgi?id=493953 + +* Wed Feb 25 2009 Fedora Release Engineering - 1.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Feb 10 2009 Paul Wouters - 1.5.1-1 +- Updated to new version, 1.5.0 had a bug preventing + zone signing. + +* Mon Feb 9 2009 Paul Wouters - 1.5.0-1 +- Updated to new version + +* Thu Feb 05 2009 Adam Tkac - 1.4.0-3 +- fixed configure flags + +* Sat Jan 17 2009 Tomas Mraz - 1.4.0-2 +- rebuild with new openssl + +* Fri Nov 7 2008 Paul Wouters - 1.4.0-1 +- Updated to 1.4.0 + +* Wed May 28 2008 Paul Wouters - 1.3.0-3 +- enable SHA2 functionality + +* Wed May 28 2008 Paul Wouters - 1.3.0-2 +- re-tag (don't do builds while renaming local repo dirs) + +* Wed May 28 2008 Paul Wouters - 1.3.0-1 +- Updated to latest release + +* Tue Feb 19 2008 Fedora Release Engineering - 1.2.2-3 +- Autorebuild for GCC 4.3 + +* Wed Dec 5 2007 Paul Wouters - 1.2.2-2 +- Rebuild for new libcrypto + +* Thu Nov 29 2007 Paul Wouters - 1.2.2-1 +- Upgraded to 1.2.2. Removed no longer needed race workaround + +* Tue Nov 13 2007 Paul Wouters - 1.2.1-4 +- Try to fix racing ln -s statements in parallel builds + +* Fri Nov 9 2007 Paul Wouters - 1.2.1-3 +- Added patch for ldns-read-zone that does not put @. in RRDATA + +* Fri Oct 19 2007 Paul Wouters - 1.2.1-2 +- Use install -p to work around multilib conflicts for .h files + +* Wed Oct 10 2007 Paul Wouters - 1.2.1-1 +- Updated to 1.2.1 +- Removed patches that got moved into upstream + +* Wed Aug 8 2007 Paul Wouters 1.2.0-11 +- Patch for ldns-key2ds to write to stdout +- Again remove extra set of man pages from doc +- own /usr/include/ldns (bug 233858) + +* Wed Aug 8 2007 Paul Wouters 1.2.0-10 +- Added sha256 DS record patch to ldns-key2ds +- Minor tweaks for proper doc/man page installation. +- Workaround for parallel builds + +* Mon Aug 6 2007 Paul Wouters 1.2.0-2 +- Own the /usr/include/ldns directory (bug #233858) +- Removed obsoleted patch +- Remove files form previous libtool run accidentally packages by upstream + +* Mon Sep 11 2006 Paul Wouters 1.0.1-4 +- Commented out 1.1.0 make targets, put make 1.0.1 targets. + +* Mon Sep 11 2006 Paul Wouters 1.0.1-3 +- Fixed changelog typo in date +- Rebuild requested for PT_GNU_HASH support from gcc +- Did not upgrade to 1.1.0 due to compile issues on x86_64 + +* Fri Jan 6 2006 Paul Wouters 1.0.1-1 +- Upgraded to 1.0.1. Removed temporary clean hack from spec file. + +* Sun Dec 18 2005 Paul Wouters 1.0.0-8 +- Cannot use make clean because there are no Makefiles. Use hardcoded rm. + +* Sun Dec 18 2005 Paul Wouters 1.0.0-7 +- Patched 'make clean' target to get rid of object files shipped with 1.0.0 + +* Tue Dec 13 2005 Paul Wouters 1.0.0-6 +- added a make clean for 2.3.3 since .o files were left behind upstream, + causing failure on ppc platform + +* Sun Dec 11 2005 Tom "spot" Callaway 1.0.0-5 +- minor cleanups + +* Wed Oct 5 2005 Paul Wouters 0.70_1205 +- reworked for svn version + +* Sun Sep 25 2005 Paul Wouters - 0.70 +- Initial version