diff --git a/SOURCES/ldns-1.6.16-dsa.patch b/SOURCES/ldns-1.6.16-dsa.patch new file mode 100644 index 0000000..318a69d --- /dev/null +++ b/SOURCES/ldns-1.6.16-dsa.patch @@ -0,0 +1,28 @@ +diff -up ldns-1.6.16/keys.c.dsa ldns-1.6.16/keys.c +--- ldns-1.6.16/keys.c.dsa 2012-08-31 14:03:18.000000000 +0200 ++++ ldns-1.6.16/keys.c 2014-03-18 17:48:57.474128661 +0100 +@@ -1314,7 +1314,6 @@ ldns_key_dsa2bin(unsigned char *data, DS + /* See RFC2536 */ + *size = (uint16_t)BN_num_bytes(k->p); + T = (*size - 64) / 8; +- memcpy(data, &T, 1); + + if (T > 8) { + fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)"); +@@ -1323,12 +1322,13 @@ ldns_key_dsa2bin(unsigned char *data, DS + } + + /* size = 64 + (T * 8); */ ++ memset(data, 0, 21 + *size * 3); + data[0] = (unsigned char)T; + BN_bn2bin(k->q, data + 1 ); /* 20 octects */ + BN_bn2bin(k->p, data + 21 ); /* offset octects */ +- BN_bn2bin(k->g, data + 21 + *size); /* offset octets */ +- BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */ +- *size = 21 + (*size * 3); ++ BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g)); ++ BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key)); ++ *size = 21 + *size * 3; + return true; + } + diff --git a/SPECS/ldns.spec b/SPECS/ldns.spec index 406de5a..b4e2ba6 100644 --- a/SPECS/ldns.spec +++ b/SPECS/ldns.spec @@ -8,13 +8,14 @@ Summary: Low-level DNS(SEC) library with API Name: ldns Version: 1.6.16 -Release: 7%{?dist} +Release: 10%{?dist} License: BSD Url: http://www.nlnetlabs.nl/%{name}/ Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz Patch0: %{name}-1.6.16-uninitialized-value-compiler-warnings.patch Patch1: %{name}-1.6.16-multilib.patch Patch2: %{name}-1.6.16-manpage-fixes-bundle.patch +Patch3: %{name}-1.6.16-dsa.patch Group: System Environment/Libraries BuildRequires: perl, libpcap-devel, openssl-devel, gcc-c++, doxygen, # for snapshots only @@ -34,6 +35,7 @@ packets. Summary: Development package that includes the ldns header files Group: Development/Libraries Requires: %{name} = %{version}-%{release} +Requires: pkgconfig %description devel The devel package contains the ldns library and the include files @@ -62,30 +64,49 @@ This package contains documentation for the ldns library %patch0 -p2 %patch1 -p1 %patch2 -p1 -b .manpage +%patch3 -p1 # To built svn snapshots # rm config.guess config.sub ltmain.sh # aclocal # libtoolize -c --install # autoreconf --install +# fixup .pc file +sed -i "s/@includedir@/@includedir@\/ldns/" packaging/libldns.pc.in + %build # as long as ECC is banned we cannot enable GOST or ECDSA -%configure --disable-rpath --disable-static --disable-gost --disable-ecdsa \ - --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \ +%configure \ + --disable-rpath \ + --disable-static \ + --disable-gost \ + --enable-ecdsa \ + --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \ + --with-ca-path=/etc/pki/tls/certs/ \ %if %{with_python} - --with-pyldns \ + --with-pyldns \ %endif - --with-trust-anchor=%{_sharedstatedir}/unbound/root.key - -(cd drill ; %configure --disable-rpath --disable-static --disable-gost \ - --disable-ecdsa \ - --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \ - --with-trust-anchor=%{_sharedstatedir}/unbound/root.key + --with-trust-anchor=%{_sharedstatedir}/unbound/root.key + +(cd drill ; +%configure \ + --disable-rpath \ + --disable-static \ + --disable-gost \ + --enable-ecdsa \ + --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \ + --with-ca-path=/etc/pki/tls/certs/ \ + --with-trust-anchor=%{_sharedstatedir}/unbound/root.key ) -(cd examples ; %configure --disable-rpath --disable-static --disable-gost \ - --disable-ecdsa \ - --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \ - --with-trust-anchor=%{_sharedstatedir}/unbound/root.key +(cd examples ; +%configure \ + --disable-rpath \ + --disable-static \ + --disable-gost \ + --enable-ecdsa \ + --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \ + --with-ca-path=/etc/pki/tls/certs/ \ + --with-trust-anchor=%{_sharedstatedir}/unbound/root.key ) make %{?_smp_mflags} @@ -99,6 +120,9 @@ rm -rf %{buildroot} make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-doc +# install pkg-config file +install -D -m 644 packaging/libldns.pc %{buildroot}%{_libdir}/pkgconfig/ldns.pc + # don't package xml files rm doc/*.xml # don't package building script for install-doc in doc section @@ -127,6 +151,7 @@ rm -rf %{buildroot} %files devel %defattr(-,root,root,-) %{_libdir}/libldns*so +%{_libdir}/pkgconfig/ldns.pc %{_bindir}/ldns-config %dir %{_includedir}/ldns %{_includedir}/ldns/*.h @@ -146,6 +171,15 @@ rm -rf %{buildroot} %postun -p /sbin/ldconfig %changelog +* Wed May 18 2016 Pavel Šimerda - 1.6.16-10 +- Resolves: #1077799 - ldns could produce bad DSA sign + +* Tue May 17 2016 Tomas Hozza - 1.6.16-9 +- Fix and install the .pc (pkg-config) file (#1096925) + +* Thu May 12 2016 Tomas Hozza - 1.6.16-8 +- Enabled ECDSA support (#1265605) + * Fri Jan 24 2014 Daniel Mach - 1.6.16-7 - Mass rebuild 2014-01-24