diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5ac5ddf --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ldns-1.6.16.tar.gz diff --git a/.ldns.metadata b/.ldns.metadata new file mode 100644 index 0000000..9748851 --- /dev/null +++ b/.ldns.metadata @@ -0,0 +1 @@ +5b4fc6c5c3078cd061905c47178478cb1015c62a SOURCES/ldns-1.6.16.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/ldns-1.6.16-dsa-key-failures.patch b/SOURCES/ldns-1.6.16-dsa-key-failures.patch new file mode 100644 index 0000000..318a69d --- /dev/null +++ b/SOURCES/ldns-1.6.16-dsa-key-failures.patch @@ -0,0 +1,28 @@ +diff -up ldns-1.6.16/keys.c.dsa ldns-1.6.16/keys.c +--- ldns-1.6.16/keys.c.dsa 2012-08-31 14:03:18.000000000 +0200 ++++ ldns-1.6.16/keys.c 2014-03-18 17:48:57.474128661 +0100 +@@ -1314,7 +1314,6 @@ ldns_key_dsa2bin(unsigned char *data, DS + /* See RFC2536 */ + *size = (uint16_t)BN_num_bytes(k->p); + T = (*size - 64) / 8; +- memcpy(data, &T, 1); + + if (T > 8) { + fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)"); +@@ -1323,12 +1322,13 @@ ldns_key_dsa2bin(unsigned char *data, DS + } + + /* size = 64 + (T * 8); */ ++ memset(data, 0, 21 + *size * 3); + data[0] = (unsigned char)T; + BN_bn2bin(k->q, data + 1 ); /* 20 octects */ + BN_bn2bin(k->p, data + 21 ); /* offset octects */ +- BN_bn2bin(k->g, data + 21 + *size); /* offset octets */ +- BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */ +- *size = 21 + (*size * 3); ++ BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g)); ++ BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key)); ++ *size = 21 + *size * 3; + return true; + } + diff --git a/SOURCES/ldns-1.6.16-manpage-fixes-bundle.patch b/SOURCES/ldns-1.6.16-manpage-fixes-bundle.patch new file mode 100644 index 0000000..7951ec1 --- /dev/null +++ b/SOURCES/ldns-1.6.16-manpage-fixes-bundle.patch @@ -0,0 +1,269 @@ +From 8481a8f65fec3b6b9bc0984f6ba36fbc82cc78ff Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 14:52:28 +0200 +Subject: [PATCH 1/8] ldns-compare: add missing options into usage + +Signed-off-by: Tomas Hozza +--- + examples/ldns-compare-zones.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/examples/ldns-compare-zones.c b/examples/ldns-compare-zones.c +index 663b744..084b801 100644 +--- a/examples/ldns-compare-zones.c ++++ b/examples/ldns-compare-zones.c +@@ -33,6 +33,8 @@ usage(char *prog) + printf(" -a - print all differences (-i -d -c)\n"); + printf(" -s - do not exclude SOA record from comparison\n"); + printf(" -z - do not sort zones\n"); ++ printf(" -h - show usage and exit\n"); ++ printf(" -v - show the version and exit\n"); + } + + int +-- +1.8.3.1 + + +From 911a2bdcb03cbf36ac4591e1eea3c142b236350f Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 15:01:39 +0200 +Subject: [PATCH 2/8] ldns-key2ds: Add -f option into man page + +Signed-off-by: Tomas Hozza +--- + examples/ldns-key2ds.1 | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/examples/ldns-key2ds.1 b/examples/ldns-key2ds.1 +index 6fdbee5..a20ab96 100644 +--- a/examples/ldns-key2ds.1 ++++ b/examples/ldns-key2ds.1 +@@ -17,6 +17,10 @@ SHA1 for RSASHA1, and so on. + + .SH OPTIONS + .TP ++\fB-f\fR ++Ignore SEP flag (i.e. make DS records for any key) ++ ++.TP + \fB-n\fR + Write the result DS Resource Record to stdout instead of a file + +-- +1.8.3.1 + + +From 4d9ea09fac2965316381336e83e78a30cd9b0573 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 15:07:51 +0200 +Subject: [PATCH 3/8] ldns-keygen: remove unused options + +Signed-off-by: Tomas Hozza +--- + examples/ldns-keygen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c +index 5765417..38ecfc1 100644 +--- a/examples/ldns-keygen.c ++++ b/examples/ldns-keygen.c +@@ -71,7 +71,7 @@ main(int argc, char *argv[]) + random = NULL; + ksk = false; /* don't create a ksk per default */ + +- while ((c = getopt(argc, argv, "a:kb:r:v25")) != -1) { ++ while ((c = getopt(argc, argv, "a:kb:r:v")) != -1) { + switch (c) { + case 'a': + if (algorithm != 0) { +-- +1.8.3.1 + + +From 8726559f93ed85ae85b3667e4d8018c80714f3af Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 15:17:58 +0200 +Subject: [PATCH 4/8] ldns-read-zone: document -b option in man page + +Signed-off-by: Tomas Hozza +--- + examples/ldns-read-zone.1 | 4 ++++ + examples/ldns-read-zone.c | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/examples/ldns-read-zone.1 b/examples/ldns-read-zone.1 +index 7d4fd7d..e166658 100644 +--- a/examples/ldns-read-zone.1 ++++ b/examples/ldns-read-zone.1 +@@ -22,6 +22,10 @@ that is not of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are not + printed. + + .TP ++\fB-b\fR ++Include Bubble Babble encoding of DS's. ++ ++.TP + \fB-0\fR + Print a (null) for the RRSIG inception, expiry and key data. This option + can be used when comparing different signing systems that use the same +diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c +index efe187e..b0f5c3c 100644 +--- a/examples/ldns-read-zone.c ++++ b/examples/ldns-read-zone.c +@@ -63,7 +63,7 @@ main(int argc, char **argv) + printf("Usage: %s [OPTIONS] \n", argv[0]); + printf("\tReads the zonefile and prints it.\n"); + printf("\tThe RR count of the zone is printed to stderr.\n"); +- printf("\t-b include bubblebabble of DS's.\n"); ++ printf("\t-b include Bubble Babble encoding of DS's.\n"); + printf("\t-0 zeroize timestamps and signature in RRSIG records.\n"); + printf("\t-c canonicalize all rrs in the zone.\n"); + printf("\t-d only show DNSSEC data from the zone\n"); +-- +1.8.3.1 + + +From 9292d3ffc9e929b50e23d6ccc71fe2201af11e25 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 15:22:47 +0200 +Subject: [PATCH 5/8] ldns-sigzone: remove unused -l option + +Signed-off-by: Tomas Hozza +--- + examples/ldns-signzone.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/examples/ldns-signzone.c b/examples/ldns-signzone.c +index 25ece3a..be505f4 100644 +--- a/examples/ldns-signzone.c ++++ b/examples/ldns-signzone.c +@@ -379,7 +379,7 @@ main(int argc, char *argv[]) + + OPENSSL_config(NULL); + +- while ((c = getopt(argc, argv, "a:bde:f:i:k:lno:ps:t:vAE:K:")) != -1) { ++ while ((c = getopt(argc, argv, "a:bde:f:i:k:no:ps:t:vAE:K:")) != -1) { + switch (c) { + case 'a': + nsec3_algorithm = (uint8_t) atoi(optarg); +-- +1.8.3.1 + + +From 76a188d66f919b25d553c94e41781d6bf14704f1 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 15:28:21 +0200 +Subject: [PATCH 6/8] ldns-walk: add missing options into man page + +Signed-off-by: Tomas Hozza +--- + examples/ldns-walk.1 | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/examples/ldns-walk.1 b/examples/ldns-walk.1 +index c8ace40..d4d1b6e 100644 +--- a/examples/ldns-walk.1 ++++ b/examples/ldns-walk.1 +@@ -22,6 +22,14 @@ Of course the nameserver that is used must be DNSSEC-aware. + + .SH OPTIONS + .TP ++\fB-4\fR ++Use only IPv4. ++ ++.TP ++\fB-6\fR ++Use only IPv6. ++ ++.TP + \fB-f\fR + Do a 'full' zone walk; by default, ldns-walk will only show the names, and types present at those names. If this option is given, all resource records will be printed. + +@@ -31,6 +39,10 @@ Start the walk with this owner name. Useful when continuing the walk for a + large zone. + + .TP ++\fB-v\fR \fIverbosity\fR ++Verbosity level [1-5]. ++ ++.TP + \fB@\fR \fInameserver\fR + Send the queries to this nameserver. + +-- +1.8.3.1 + + +From 4317011bef2f58c045300ff7e479635d2e680809 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 15:35:35 +0200 +Subject: [PATCH 7/8] ldns-zcat: remove unused option -n and document option -v + in man page + +Signed-off-by: Tomas Hozza +--- + examples/ldns-zcat.1 | 4 ++++ + examples/ldns-zcat.c | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/examples/ldns-zcat.1 b/examples/ldns-zcat.1 +index 9c4054d..4fd7ba6 100644 +--- a/examples/ldns-zcat.1 ++++ b/examples/ldns-zcat.1 +@@ -18,6 +18,10 @@ The resulted zone file is printed to standard output. + .B -o ORIGIN + use ORIGIN when reading in the zone + ++.TP ++.B -v ++show the version number and exit ++ + .SH AUTHOR + Written by the ldns team as an example for ldns usage. + +diff --git a/examples/ldns-zcat.c b/examples/ldns-zcat.c +index df4ecba..eea6ea7 100644 +--- a/examples/ldns-zcat.c ++++ b/examples/ldns-zcat.c +@@ -54,7 +54,7 @@ main(int argc, char **argv) + progname = strdup(argv[0]); + origin = NULL; + +- while ((c = getopt(argc, argv, "n:o:v")) != -1) { ++ while ((c = getopt(argc, argv, "o:v")) != -1) { + switch(c) { + case 'o': + origin = ldns_dname_new_frm_str(strdup(optarg)); +-- +1.8.3.1 + + +From 147b12971f4308f6ebf1085fde5e61327c192ed5 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 18 Jul 2013 15:39:03 +0200 +Subject: [PATCH 8/8] ldns-zsplit: document -v option in man page + +Signed-off-by: Tomas Hozza +--- + examples/ldns-zsplit.1 | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/examples/ldns-zsplit.1 b/examples/ldns-zsplit.1 +index 8e64668..02dce40 100644 +--- a/examples/ldns-zsplit.1 ++++ b/examples/ldns-zsplit.1 +@@ -27,6 +27,10 @@ use ORIGIN as origin when reading the zonefile. + .B -z + Sort the zone before splitting. + ++.TP ++.B -v ++Show version number and exit. ++ + .SH AUTHOR + Written by the ldns team as an example for ldns usage. + +-- +1.8.3.1 + diff --git a/SOURCES/ldns-1.6.16-multilib.patch b/SOURCES/ldns-1.6.16-multilib.patch new file mode 100644 index 0000000..967e860 --- /dev/null +++ b/SOURCES/ldns-1.6.16-multilib.patch @@ -0,0 +1,106 @@ +From 3a006cd795855bf2cad86e0e86cd485d27548f36 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Fri, 19 Jul 2013 12:11:44 +0200 +Subject: [PATCH] Make ldns-config multilib clean + +Signed-off-by: Tomas Hozza +--- + configure | 3 +++ + packaging/ldns-config.1 | 4 ++++ + packaging/ldns-config.in | 26 +++++++++++++++++++++----- + 3 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/configure b/configure +index be312d1..ec8d551 100755 +--- a/configure ++++ b/configure +@@ -674,6 +674,7 @@ PYTHON_SITE_PKG + PYTHON_LDFLAGS + PYTHON_CPPFLAGS + PYTHON ++PYTHON_LIB + PYTHON_VERSION + UNINSTALL_CONFIG_MANPAGE + UNINSTALL_CONFIG +@@ -6356,6 +6357,7 @@ EOD + # use the official shared library + ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"` + PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library" ++ PYTHON_LIB="$ac_python_library" + else + # old way: use libpython from python_configdir + ac_python_libdir=`$PYTHON -c \ +@@ -6363,6 +6365,7 @@ EOD + import os; \ + print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"` + PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version" ++ PYTHON_LIB="python$ac_python_version" + fi + + if test -z "PYTHON_LDFLAGS"; then +diff --git a/packaging/ldns-config.1 b/packaging/ldns-config.1 +index c5a00a1..1e4ff93 100644 +--- a/packaging/ldns-config.1 ++++ b/packaging/ldns-config.1 +@@ -23,6 +23,10 @@ Show the C compiler flags needed to compile with ldns + Show the flags to be used to link with ldns + + .TP ++\fB--libs_sec\fR ++Show the flags to be used to link with ldns compiled for secondary architecture. ++ ++.TP + \fB--version\fR + Shows the version of the installed ldns library + +diff --git a/packaging/ldns-config.in b/packaging/ldns-config.in +index b728ba5..e34051f 100755 +--- a/packaging/ldns-config.in ++++ b/packaging/ldns-config.in +@@ -3,12 +3,24 @@ + prefix="@prefix@" + exec_prefix="@exec_prefix@" + VERSION="@PACKAGE_VERSION@" +-CFLAGS="@CFLAGS@" +-CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@" +-LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@" + LIBS="@LIBS@ @LIBSSL_LIBS@" +-LIBDIR="@libdir@" + INCLUDEDIR="@includedir@" ++ARCH="`uname -m`" ++ ++case $ARCH in ++ x86_64 | amd64 | sparc64 | s390x | ppc64) ++ ++ LIBDIR="/usr/lib64" ++ LIBDIR_SEC="/usr/lib" ++ ;; ++ * ) ++ LIBDIR="/usr/lib" ++ LIBDIR_SEC="usr/lib64" ++ ;; ++esac ++ ++LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR -l@PYTHON_LIB@" ++LDFLAGS_SEC="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR_SEC -l@PYTHON_LIB@" + + for arg in $@ + do +@@ -20,9 +32,13 @@ do + then + echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns" + fi ++ if [ $arg = "--libs_sec" ] ++ then ++ echo "${LDFLAGS_SEC} -L${LIBDIR_SEC} ${LIBS} -lldns" ++ fi + if [ $arg = "-h" ] || [ $arg = "--help" ] + then +- echo "Usage: $0 [--cflags] [--libs] [--version]" ++ echo "Usage: $0 [--cflags] [--libs] [--libs_sec] [--version]" + fi + if [ $arg = "--version" ] + then +-- +1.8.3.1 + diff --git a/SOURCES/ldns-1.6.16-uninitialized-value-compiler-warnings.patch b/SOURCES/ldns-1.6.16-uninitialized-value-compiler-warnings.patch new file mode 100644 index 0000000..81cd9e1 --- /dev/null +++ b/SOURCES/ldns-1.6.16-uninitialized-value-compiler-warnings.patch @@ -0,0 +1,147 @@ +From ab321a4f77eba0048c4cfb1081ae2c8e3496f3fd Mon Sep 17 00:00:00 2001 +From: willem +Date: Tue, 12 Mar 2013 13:34:18 +0000 +Subject: [PATCH] - Uninitialized variable in securetrace.c - New install-sh + (apperantly :) - Get rid of "dereferencing type-punned pointer will break + strict-aliasing rules" warnings in sha2.c with gcc >= 4.7 + +git-svn-id: http://www.nlnetlabs.nl/svn/ldns@3826 af62348d-a3ea-0310-b058-bb613a78d823 +--- + trunk/drill/securetrace.c | 2 +- + trunk/install-sh | 14 +++++++------- + trunk/sha2.c | 15 ++++++++++++--- + 3 files changed, 20 insertions(+), 11 deletions(-) + +diff --git a/trunk/drill/securetrace.c b/trunk/drill/securetrace.c +index c6e7e58..9d61ec0 100644 +--- a/trunk/drill/securetrace.c ++++ b/trunk/drill/securetrace.c +@@ -138,7 +138,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, + size_t j; + size_t k; + size_t l; +- uint8_t labels_count; ++ uint8_t labels_count = 0; + + /* dnssec */ + ldns_rr_list *key_list; +diff --git a/trunk/install-sh b/trunk/install-sh +index a9244eb..377bb86 100755 +--- a/trunk/install-sh ++++ b/trunk/install-sh +@@ -1,7 +1,7 @@ + #!/bin/sh + # install - install a program, script, or datafile + +-scriptversion=2011-01-19.21; # UTC ++scriptversion=2011-11-20.07; # UTC + + # This originates from X11R5 (mit/util/scripts/install.sh), which was + # later released in X11R6 (xc/config/util/install.sh) with the +@@ -35,7 +35,7 @@ scriptversion=2011-01-19.21; # UTC + # FSF changes to this file are in the public domain. + # + # Calling this script install-sh is preferred over install.sh, to prevent +-# `make' implicit rules from creating a file called install from it ++# 'make' implicit rules from creating a file called install from it + # when there is no Makefile. + # + # This script is compatible with the BSD install script, but was written +@@ -156,7 +156,7 @@ while test $# -ne 0; do + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 +- # Protect names problematic for `test' and other utilities. ++ # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac +@@ -190,7 +190,7 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + fi + shift # arg + dst_arg=$arg +- # Protect names problematic for `test' and other utilities. ++ # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac +@@ -202,7 +202,7 @@ if test $# -eq 0; then + echo "$0: no input file specified." >&2 + exit 1 + fi +- # It's OK to call `install-sh -d' without argument. ++ # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 + fi +@@ -240,7 +240,7 @@ fi + + for src + do +- # Protect names problematic for `test' and other utilities. ++ # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac +@@ -354,7 +354,7 @@ do + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or +- # other-writeable bit of parent directory when it shouldn't. ++ # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in +diff --git a/trunk/sha2.c b/trunk/sha2.c +index 6ba4ab5..9a27122 100644 +--- a/trunk/sha2.c ++++ b/trunk/sha2.c +@@ -546,9 +546,15 @@ void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t + usedspace = freespace = 0; + } + ++typedef union _ldns_sha2_buffer_union { ++ uint8_t* theChars; ++ uint64_t* theLongs; ++} ldns_sha2_buffer_union; ++ + void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) { + sha2_word32 *d = (sha2_word32*)digest; + size_t usedspace; ++ ldns_sha2_buffer_union cast_var; + + /* Sanity check: */ + assert(context != (ldns_sha256_CTX*)0); +@@ -585,7 +591,8 @@ void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) { + *context->buffer = 0x80; + } + /* Set the bit count: */ +- *(sha2_word64*)&context->buffer[ldns_sha256_SHORT_BLOCK_LENGTH] = context->bitcount; ++ cast_var.theChars = context->buffer; ++ cast_var.theLongs[ldns_sha256_SHORT_BLOCK_LENGTH / 8] = context->bitcount; + + /* final transform: */ + ldns_sha256_Transform(context, (sha2_word32*)context->buffer); +@@ -850,6 +857,7 @@ void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t + + static void ldns_sha512_Last(ldns_sha512_CTX* context) { + size_t usedspace; ++ ldns_sha2_buffer_union cast_var; + + usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; + #if BYTE_ORDER == LITTLE_ENDIAN +@@ -882,8 +890,9 @@ static void ldns_sha512_Last(ldns_sha512_CTX* context) { + *context->buffer = 0x80; + } + /* Store the length of input data (in bits): */ +- *(sha2_word64*)&context->buffer[ldns_sha512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; +- *(sha2_word64*)&context->buffer[ldns_sha512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; ++ cast_var.theChars = context->buffer; ++ cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1]; ++ cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0]; + + /* final transform: */ + ldns_sha512_Transform(context, (sha2_word64*)context->buffer); +-- +1.8.3.1 + diff --git a/SPECS/ldns.spec b/SPECS/ldns.spec new file mode 100644 index 0000000..7c52720 --- /dev/null +++ b/SPECS/ldns.spec @@ -0,0 +1,389 @@ +%{?!with_python: %global with_python 1} + +%if %{with_python} +%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +%endif + +Summary: Low-level DNS(SEC) library with API +Name: ldns +Version: 1.6.16 +Release: 7%{?dist}.1 +License: BSD +Url: http://www.nlnetlabs.nl/%{name}/ +Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz + +Patch0: %{name}-1.6.16-uninitialized-value-compiler-warnings.patch +Patch1: %{name}-1.6.16-multilib.patch +Patch2: %{name}-1.6.16-manpage-fixes-bundle.patch +Patch3: %{name}-1.6.16-dsa-key-failures.patch + +Group: System Environment/Libraries +BuildRequires: perl, libpcap-devel, openssl-devel, gcc-c++, doxygen, +# for snapshots only +# BuildRequires: libtool, autoconf, automake +%if %{with_python} +BuildRequires: python-devel, swig +%endif +Requires: ca-certificates + +%description +ldns is a library with the aim to simplify DNS programming in C. All +low-level DNS/DNSSEC operations are supported. We also define a higher +level API which allows a programmer to (for instance) create or sign +packets. + +%package devel +Summary: Development package that includes the ldns header files +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +The devel package contains the ldns library and the include files + +%if %{with_python} +%package python +Summary: Python extensions for ldns +Group: Applications/System +Requires: %{name} = %{version}-%{release} + +%description python +Python extensions for ldns +%endif + +%package doc +Summary: Documentation for the ldns library +Group: Development/Libraries +Requires: %{name}-devel = %{version}-%{release} +BuildArch: noarch + +%description doc +This package contains documentation for the ldns library + +%prep +%setup -q +%patch0 -p2 +%patch1 -p1 +%patch2 -p1 -b .manpage +%patch3 -p1 -b .dsa_issue + +# To built svn snapshots +# rm config.guess config.sub ltmain.sh +# aclocal +# libtoolize -c --install +# autoreconf --install + +%build +# as long as ECC is banned we cannot enable GOST +%configure --disable-rpath --disable-static --disable-gost --enable-ecdsa \ + --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \ +%if %{with_python} + --with-pyldns \ +%endif + --with-trust-anchor=%{_sharedstatedir}/unbound/root.key + +(cd drill ; %configure --disable-rpath --disable-static --disable-gost \ + --disable-ecdsa \ + --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \ + --with-trust-anchor=%{_sharedstatedir}/unbound/root.key +) +(cd examples ; %configure --disable-rpath --disable-static --disable-gost \ + --disable-ecdsa \ + --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \ + --with-trust-anchor=%{_sharedstatedir}/unbound/root.key +) + +make %{?_smp_mflags} +( cd drill ; make %{?_smp_mflags} ) +( cd examples ; make %{?_smp_mflags} ) +make %{?_smp_mflags} doc + +%install +rm -rf %{buildroot} + +make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install +make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-doc + +# don't package xml files +rm doc/*.xml +# don't package building script for install-doc in doc section +rm doc/doxyparse.pl +#remove double set of man pages +rm -rf doc/man +# remove .la files +rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python_sitearch}/*.la +(cd drill ; make DESTDIR=%{buildroot} install) +(cd examples; make DESTDIR=%{buildroot} install) + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root) +%{_libdir}/libldns*so.* +%{_bindir}/drill +%{_bindir}/ldnsd +%{_bindir}/ldns-chaos +%{_bindir}/ldns-compare-zones +%{_bindir}/ldns-[d-z]* +%doc README LICENSE +%{_mandir}/*/* + +%files devel +%defattr(-,root,root,-) +%{_libdir}/libldns*so +%{_bindir}/ldns-config +%dir %{_includedir}/ldns +%{_includedir}/ldns/*.h +%doc Changelog README + +%if %{with_python} +%files python +%defattr(-,root,root) +%{python_sitearch}/* +%endif + +%files doc +%doc doc + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%changelog +* Fri Aug 14 2015 Tomas Hozza - 1.6.16-7.1 +- port the rhel-7 package version to rhel-6 +- enabled ECDSA due to Unbound +- Fix issue in DSA algorithm (#1077799) + +* Fri Jan 24 2014 Daniel Mach - 1.6.16-7 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.6.16-6 +- Mass rebuild 2013-12-27 + +* Tue Jul 23 2013 Tomas Hozza - 1.6.16-5 +- Fix compiler warnings and one uninitialized value +- make ldns-config multilib clean +- Fix man pages and usages errors + +* Mon Jun 03 2013 Paul Wouters - 1.6.16-4 +- Use /var/lib/unbound/root.key for --with-trust-anchor + +* Fri Apr 19 2013 Adam Tkac - 1.6.16-3 +- make package multilib clean + +* Thu Feb 14 2013 Fedora Release Engineering - 1.6.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Oct 30 2012 Paul Wouters - 1.6.16-1 +- Updated to 1.6.16 +- Addresses bug in 1.6.14 and 1.6.15 that affects opendnssec + (if you have empty non-terminals and use NSEC3) + +* Fri Oct 26 2012 Paul Wouters - 1.6.15-1 +- Updated to 1.6.15, as 1.6.14 accidentally broke ABI + (We never released 1.6.14) + +* Tue Oct 23 2012 Paul Wouters - 1.6.14-1 +- [pulled before release] +- Updated to 1.6.14 +- Removed merged in patch +- Added new dependancy on ca-certificates for ldns-dane PKIX validation + +* Thu Jul 19 2012 Fedora Release Engineering - 1.6.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 01 2012 Paul Wouters - 1.6.13-2 +- Added reworked ldns-read-zone patch from trunk + (adds -p for SOA padding, and -o for zeroizing timestamps/sigs) + +* Mon May 21 2012 Paul Wouters - 1.6.13-1 +- Upgraded to 1.6.13, bugfix release +- Added --disable-ecdsa as ECC is still banned +- Removed --with-sha2 - it is always enabled and option was removed + +* Wed Jan 11 2012 Paul Wouters - 1.6.12-1 +- Upgraded to 1.6.12, fixes important end of year handling date bug + +* Wed Oct 5 2011 Paul Wouters - 1.6.11-2 +- Updated to 1.6.11, fixes rhbz#741026 which is CVE-2011-3581 +- Python goes into sitearch, not sitelib +- Fix source link and spelling errors in description + +* Mon Sep 19 2011 Paul Wouters - 1.6.10-2 +- Fix for losing nameserver when it drops UDP fragments in + ldns_resolver_send_pkt [Willem Toorop ] +- Added ldnsx module (to be merged into ldns soon) + http://git.xelerance.com/cgi-bin/gitweb.cgi?p=ldnsx.git;a=summary + +* Wed Jun 08 2011 Paul Wouters - 1.6.10-1 +- Upodated to 1.6.10 +- Commented out dependancies that are only needed for snapshots + +* Sun Mar 27 2011 Paul Wouters - 1.6.9-1 +- Updated to 1.6.9 + +* Mon Feb 07 2011 Fedora Release Engineering - 1.6.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 24 2011 Paul Wouters - 1.6.8-1 +- Updated to 1.6.8 + +* Thu Aug 26 2010 Paul Wouters - 1.6.6-2 +- Bump for EVR + +* Mon Aug 09 2010 Paul Wouters - 1.6.6-1 +- Upgraded to 1.6.6 + +* Wed Jul 21 2010 David Malcolm - 1.6.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Jun 15 2010 Paul Wouters - 1.6.5-1 +- Updated to 1.6.5 + +* Fri Jan 22 2010 Paul Wouters - 1.6.4-2 +- Fix missing _ldns.so causing ldns-python to not work +- Patch for installing ldns-python files +- Patch for rpath in ldns-python +- Don't install .a file for ldns-python + +* Wed Jan 20 2010 Paul Wouters - 1.6.4-1 +- Upgraded to 1.6.4. +- Added ldns-python sub package + +* Fri Dec 04 2009 Paul Wouters - 1.6.3-1 +- Upgraded to 1.6.3, which has minor bugfixes + +* Fri Nov 13 2009 Paul Wouters - 1.6.2-1 +- Upgraded to 1.6.2. This fixes various bugs. + (upstream released mostly to default with sha2 for the imminent + signed root, but we already enabled that in our builds) + +* Tue Aug 25 2009 Tomas Mraz - 1.6.1-3 +- rebuilt with new openssl + +* Sun Aug 16 2009 Paul Wouters - 1.6.1-2 +- Added openssl dependancy back in, since we get more functionality + when using openssl. Especially in 'drill'. + +* Sun Aug 16 2009 Paul Wouters - 1.6.1-1 +- Updated to 1.6.1 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.6.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jul 13 2009 Paul Wouters - 1.6.0-4 +- Fixed the ssl patch so it can now compile --without-ssl + +* Sat Jul 11 2009 Paul Wouters - 1.6.0-3 +- Added patch to compile with --without-ssl +- Removed openssl dependancies +- Recompiled with --without-ssl + +* Sat Jul 11 2009 Paul Wouters - 1.6.0-2 +- Updated to 1.6.0 +- (did not yet compile with --without-ssl due to compile failures) + +* Fri Jul 10 2009 Paul Wouters - 1.6.0-1 +- Updated to 1.6.0 +- Compile without openssl + +* Thu Apr 16 2009 Paul Wouters - 1.5.1-4 +- Memory management bug when generating a sha256 key, see: + https://bugzilla.redhat.com/show_bug.cgi?id=493953 + +* Wed Feb 25 2009 Fedora Release Engineering - 1.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Feb 10 2009 Paul Wouters - 1.5.1-1 +- Updated to new version, 1.5.0 had a bug preventing + zone signing. + +* Mon Feb 9 2009 Paul Wouters - 1.5.0-1 +- Updated to new version + +* Thu Feb 05 2009 Adam Tkac - 1.4.0-3 +- fixed configure flags + +* Sat Jan 17 2009 Tomas Mraz - 1.4.0-2 +- rebuild with new openssl + +* Fri Nov 7 2008 Paul Wouters - 1.4.0-1 +- Updated to 1.4.0 + +* Wed May 28 2008 Paul Wouters - 1.3.0-3 +- enable SHA2 functionality + +* Wed May 28 2008 Paul Wouters - 1.3.0-2 +- re-tag (don't do builds while renaming local repo dirs) + +* Wed May 28 2008 Paul Wouters - 1.3.0-1 +- Updated to latest release + +* Tue Feb 19 2008 Fedora Release Engineering - 1.2.2-3 +- Autorebuild for GCC 4.3 + +* Wed Dec 5 2007 Paul Wouters - 1.2.2-2 +- Rebuild for new libcrypto + +* Thu Nov 29 2007 Paul Wouters - 1.2.2-1 +- Upgraded to 1.2.2. Removed no longer needed race workaround + +* Tue Nov 13 2007 Paul Wouters - 1.2.1-4 +- Try to fix racing ln -s statements in parallel builds + +* Fri Nov 9 2007 Paul Wouters - 1.2.1-3 +- Added patch for ldns-read-zone that does not put @. in RRDATA + +* Fri Oct 19 2007 Paul Wouters - 1.2.1-2 +- Use install -p to work around multilib conflicts for .h files + +* Wed Oct 10 2007 Paul Wouters - 1.2.1-1 +- Updated to 1.2.1 +- Removed patches that got moved into upstream + +* Wed Aug 8 2007 Paul Wouters 1.2.0-11 +- Patch for ldns-key2ds to write to stdout +- Again remove extra set of man pages from doc +- own /usr/include/ldns (bug 233858) + +* Wed Aug 8 2007 Paul Wouters 1.2.0-10 +- Added sha256 DS record patch to ldns-key2ds +- Minor tweaks for proper doc/man page installation. +- Workaround for parallel builds + +* Mon Aug 6 2007 Paul Wouters 1.2.0-2 +- Own the /usr/include/ldns directory (bug #233858) +- Removed obsoleted patch +- Remove files form previous libtool run accidentally packages by upstream + +* Mon Sep 11 2006 Paul Wouters 1.0.1-4 +- Commented out 1.1.0 make targets, put make 1.0.1 targets. + +* Mon Sep 11 2006 Paul Wouters 1.0.1-3 +- Fixed changelog typo in date +- Rebuild requested for PT_GNU_HASH support from gcc +- Did not upgrade to 1.1.0 due to compile issues on x86_64 + +* Fri Jan 6 2006 Paul Wouters 1.0.1-1 +- Upgraded to 1.0.1. Removed temporary clean hack from spec file. + +* Sun Dec 18 2005 Paul Wouters 1.0.0-8 +- Cannot use make clean because there are no Makefiles. Use hardcoded rm. + +* Sun Dec 18 2005 Paul Wouters 1.0.0-7 +- Patched 'make clean' target to get rid of object files shipped with 1.0.0 + +* Tue Dec 13 2005 Paul Wouters 1.0.0-6 +- added a make clean for 2.3.3 since .o files were left behind upstream, + causing failure on ppc platform + +* Sun Dec 11 2005 Tom "spot" Callaway 1.0.0-5 +- minor cleanups + +* Wed Oct 5 2005 Paul Wouters 0.70_1205 +- reworked for svn version + +* Sun Sep 25 2005 Paul Wouters - 0.70 +- Initial version