diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..28d8a38
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/ldns-1.7.1.tar.gz
+SOURCES/wtoorop.asc
diff --git a/.ldns.metadata b/.ldns.metadata
new file mode 100644
index 0000000..fb7596b
--- /dev/null
+++ b/.ldns.metadata
@@ -0,0 +1,2 @@
+d075a08972c0f573101fb4a6250471daaa53cb3e SOURCES/ldns-1.7.1.tar.gz
+4b3565c2ca0afea2b60e7829df5b2e3f6f5d7b7b SOURCES/wtoorop.asc
diff --git a/SOURCES/ldns-1.7.0-multilib.patch b/SOURCES/ldns-1.7.0-multilib.patch
new file mode 100644
index 0000000..e38112c
--- /dev/null
+++ b/SOURCES/ldns-1.7.0-multilib.patch
@@ -0,0 +1,75 @@
+diff --git a/ldns-1.7.1/configure b/ldns-1.7.1/configure
+index b79067e..543806e 100755
+--- a/ldns-1.7.1/configure
++++ b/ldns-1.7.1/configure
+@@ -684,6 +684,7 @@ PYTHON_SITE_PKG
+ PYTHON_LDFLAGS
+ PYTHON_CPPFLAGS
+ PYTHON
++PYTHON_LIB
+ PYTHON_VERSION
+ UNINSTALL_CONFIG_MANPAGE
+ UNINSTALL_CONFIG
+@@ -14324,6 +14325,7 @@ EOD`
+ # use the official shared library
+ ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
+ PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
++ PYTHON_LIB="$ac_python_library"
+ else
+ # old way: use libpython from python_configdir
+ ac_python_libdir=`$PYTHON -c \
+@@ -14331,6 +14333,7 @@ EOD`
+ import os; \
+ print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
+ PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
++ PYTHON_LIB="python$ac_python_version"
+ fi
+
+ if test -z "PYTHON_LDFLAGS"; then
+diff --git a/ldns-1.7.1/packaging/ldns-config.in b/ldns-1.7.1/packaging/ldns-config.in
+index f147920..5235c7a 100755
+--- a/ldns-1.7.1/packaging/ldns-config.in
++++ b/ldns-1.7.1/packaging/ldns-config.in
+@@ -1,11 +1,26 @@
+ #!/bin/sh
+
+ VERSION="@PACKAGE_VERSION@"
+-LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@"
+ LIBS="@LIBS@ @LIBSSL_LIBS@"
+ LIBDIR="@libdir@"
+ INCLUDEDIR="@includedir@"
+ LIBVERSION="@VERSION_INFO@"
++ARCH="`uname -m`"
++
++case $ARCH in
++ x86_64 | amd64 | sparc64 | s390x | ppc64)
++
++ LIBDIR="/usr/lib64"
++ LIBDIR_SEC="/usr/lib"
++ ;;
++ * )
++ LIBDIR="/usr/lib"
++ LIBDIR_SEC="/usr/lib64"
++ ;;
++esac
++
++LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR -l@PYTHON_LIB@"
++LDFLAGS_SEC="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR_SEC -l@PYTHON_LIB@"
+
+ for arg in $@
+ do
+@@ -17,9 +32,13 @@ do
+ then
+ echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns"
+ fi
++ if [ $arg = "--libs_sec" ]
++ then
++ echo "${LDFLAGS_SEC} -L${LIBDIR_SEC} ${LIBS} -lldns"
++ fi
+ if [ $arg = "-h" ] || [ $arg = "--help" ]
+ then
+- echo "Usage: $0 [--cflags] [--libs] [--version]"
++ echo "Usage: $0 [--cflags] [--libs] [--libs_sec] [--version]"
+ fi
+ if [ $arg = "--version" ]
+ then
diff --git a/SOURCES/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch b/SOURCES/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
new file mode 100644
index 0000000..e6b2ccf
--- /dev/null
+++ b/SOURCES/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
@@ -0,0 +1,248 @@
+--- a/m4/ax_python_devel.m4 2019-07-26 17:07:44.000000000 +0200
++++ b/m4/ax_python_devel.m4 2022-02-15 10:29:28.876543000 +0100
+@@ -1,5 +1,5 @@
+ # ===========================================================================
+-# http://www.gnu.org/software/autoconf-archive/ax_python_devel.html
++# https://www.gnu.org/software/autoconf-archive/ax_python_devel.html
+ # ===========================================================================
+ #
+ # SYNOPSIS
+@@ -12,8 +12,8 @@
+ # in your configure.ac.
+ #
+ # This macro checks for Python and tries to get the include path to
+-# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LDFLAGS)
+-# output variables. It also exports $(PYTHON_EXTRA_LIBS) and
++# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output
++# variables. It also exports $(PYTHON_EXTRA_LIBS) and
+ # $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code.
+ #
+ # You can search for some particular version of Python by passing a
+@@ -52,7 +52,7 @@
+ # Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License along
+-# with this program. If not, see .
++# with this program. If not, see .
+ #
+ # As a special exception, the respective Autoconf Macro's copyright owner
+ # gives unlimited permission to copy, distribute and modify the configure
+@@ -67,7 +67,7 @@
+ # modified version of the Autoconf Macro, you may extend this special
+ # exception to the GPL to apply to your modified version as well.
+
+-#serial 16
++#serial 23
+
+ AU_ALIAS([AC_PYTHON_DEVEL], [AX_PYTHON_DEVEL])
+ AC_DEFUN([AX_PYTHON_DEVEL],[
+@@ -99,7 +99,7 @@
+ This version of the AC@&t@_PYTHON_DEVEL macro
+ doesn't work properly with versions of Python before
+ 2.1.0. You may need to re-run configure, setting the
+-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
++variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG,
+ PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
+ Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
+ to something else than an empty string.
+@@ -135,16 +135,25 @@
+ #
+ # Check if you have distutils, else fail
+ #
+- AC_MSG_CHECKING([for the distutils Python package])
+- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
+- if test -z "$ac_distutils_result"; then
++ AC_MSG_CHECKING([for the sysconfig Python package])
++ ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`
++ if test $? -eq 0; then
+ AC_MSG_RESULT([yes])
++ IMPORT_SYSCONFIG="import sysconfig"
+ else
+ AC_MSG_RESULT([no])
+- AC_MSG_ERROR([cannot import Python module "distutils".
++
++ AC_MSG_CHECKING([for the distutils Python package])
++ ac_sysconfig_result=`$PYTHON -c "from distutils import sysconfig" 2>&1`
++ if test $? -eq 0; then
++ AC_MSG_RESULT([yes])
++ IMPORT_SYSCONFIG="from distutils import sysconfig"
++ else
++ AC_MSG_ERROR([cannot import Python module "distutils".
+ Please check your Python installation. The error was:
+-$ac_distutils_result])
+- PYTHON_VERSION=""
++$ac_sysconfig_result])
++ PYTHON_VERSION=""
++ fi
+ fi
+
+ #
+@@ -152,10 +161,19 @@
+ #
+ AC_MSG_CHECKING([for Python include path])
+ if test -z "$PYTHON_CPPFLAGS"; then
+- python_path=`$PYTHON -c "import distutils.sysconfig; \
+- print (distutils.sysconfig.get_python_inc ());"`
+- plat_python_path=`$PYTHON -c "import distutils.sysconfig; \
+- print (distutils.sysconfig.get_python_inc (plat_specific=1));"`
++ if test "$IMPORT_SYSCONFIG" = "import sysconfig"; then
++ # sysconfig module has different functions
++ python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
++ print (sysconfig.get_path ('include'));"`
++ plat_python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
++ print (sysconfig.get_path ('platinclude'));"`
++ else
++ # old distutils way
++ python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
++ print (sysconfig.get_python_inc ());"`
++ plat_python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
++ print (sysconfig.get_python_inc (plat_specific=1));"`
++ fi
+ if test -n "${python_path}"; then
+ if test "${plat_python_path}" != "${python_path}"; then
+ python_path="-I$python_path -I$plat_python_path"
+@@ -172,14 +190,14 @@
+ # Check for Python library path
+ #
+ AC_MSG_CHECKING([for Python library path])
+- if test -z "$PYTHON_LDFLAGS"; then
++ if test -z "$PYTHON_LIBS"; then
+ # (makes two attempts to ensure we've got a version number
+ # from the interpreter)
+ ac_python_version=`cat<
+Date: Thu, 3 Jun 2021 10:51:15 +0200
+Subject: [PATCH] Use PYTHON_LIBS instead of PYTHON_LDFLAGS
+
+Definition was changed to more obvious variable in ax_python_devel.m4
+---
+ Makefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ldns-1.7.1/Makefile.in b/ldns-1.7.1/Makefile.in
+index af529e43..2f6b1423 100644
+--- a/ldns-1.7.1/Makefile.in
++++ b/ldns-1.7.1/Makefile.in
+@@ -48,7 +48,7 @@ LIBS = @LIBS@
+ LIBOBJDIR = compat/
+ LIBOBJS = @LIBOBJS@
+ PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
+-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
++PYTHON_LIBS = @PYTHON_LIBS@
+ PYTHON_X_CFLAGS = @PYTHON_X_CFLAGS@
+ LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@
+ LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@
+@@ -301,7 +301,7 @@
+ $(COMP_LIB) -I./include/ldns $(LIBSSL_CPPFLAGS) $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $(pywrapdir)/ldns_wrapper.c -o $@
+
+ _ldns.la: ldns_wrapper.lo libldns.la
+- $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(LIBS)
++ $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(PYTHON_LIBS) $(LIBS)
+
+ $(p5_dns_ldns_dir)/Makefile: $(p5_dns_ldns_dir)/Makefile.PL
+ BUILDDIR=`pwd`; cd $(p5_dns_ldns_dir); LD_LIBRARY_PATH="$$BUILDDIR/.libs:$$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="$$BUILDDIR/.libs:$$DYLD_LIBRARY_PATH" $(PERL) Makefile.PL LIBS="-L$$BUILDDIR/.libs -lldns" INC="-I$$BUILDDIR"
diff --git a/SOURCES/ldns-1.7.1-openssl-build.patch b/SOURCES/ldns-1.7.1-openssl-build.patch
new file mode 100644
index 0000000..41834ad
--- /dev/null
+++ b/SOURCES/ldns-1.7.1-openssl-build.patch
@@ -0,0 +1,369 @@
+--- a/ldns-1.7.1/acx_nlnetlabs.m4
++++ b/ldns-1.7.1/acx_nlnetlabs.m4
+@@ -2,7 +2,15 @@
+ # Copyright 2009, Wouter Wijngaards, NLnet Labs.
+ # BSD licensed.
+ #
+-# Version 34
++# Version 41
++# 2021-07-30 fix for openssl use of lib64 directory.
++# 2021-06-14 fix nonblocking test to use host instead of target for mingw test.
++# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for
++# 64bit compatibility.
++# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS.
++# 2021-01-05 fix defun for aclocal
++# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE
++# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
+ # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
+ # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
+ # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
+@@ -446,15 +454,12 @@
+ AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute)
+ AC_CACHE_VAL(ac_cv_c_format_attribute,
+ [ac_cv_c_format_attribute=no
+-AC_TRY_COMPILE(
+-[#include
++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include
+ void f (char *format, ...) __attribute__ ((format (printf, 1, 2)));
+ void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2)));
+-], [
++]], [[
+ f ("%s", "str");
+-],
+-[ac_cv_c_format_attribute="yes"],
+-[ac_cv_c_format_attribute="no"])
++]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"])
+ ])
+
+ AC_MSG_RESULT($ac_cv_c_format_attribute)
+@@ -483,14 +488,11 @@
+ AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute)
+ AC_CACHE_VAL(ac_cv_c_unused_attribute,
+ [ac_cv_c_unused_attribute=no
+-AC_TRY_COMPILE(
+-[#include
++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include
+ void f (char *u __attribute__((unused)));
+-], [
++]], [[
+ f ("x");
+-],
+-[ac_cv_c_unused_attribute="yes"],
+-[ac_cv_c_unused_attribute="no"])
++]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"])
+ ])
+
+ dnl Setup ATTR_UNUSED config.h parts.
+@@ -547,7 +549,7 @@
+ dnl because libtools 'AC_REQUIRE' names are right after this one, before
+ dnl this function contents.
+ AC_REQUIRE([ACX_LIBTOOL_C_PRE])
+-AC_PROG_LIBTOOL
++LT_INIT
+ ])
+
+ dnl Detect if u_char type is defined, otherwise define it.
+@@ -646,7 +648,7 @@
+ if test x_$withval != x_no; then
+ AC_MSG_CHECKING(for SSL)
+ if test x_$withval = x_ -o x_$withval = x_yes; then
+- withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr"
++ withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
+ fi
+ for dir in $withval; do
+ ssldir="$dir"
+@@ -668,22 +670,28 @@
+ HAVE_SSL=yes
+ dnl assume /usr is already in the lib and dynlib paths.
+ if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
+- LDFLAGS="$LDFLAGS -L$ssldir/lib"
+- LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
+- ACX_RUNTIME_PATH_ADD([$ssldir/lib])
++ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
++ LDFLAGS="$LDFLAGS -L$ssldir/lib64"
++ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
++ ACX_RUNTIME_PATH_ADD([$ssldir/lib64])
++ else
++ LDFLAGS="$LDFLAGS -L$ssldir/lib"
++ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
++ ACX_RUNTIME_PATH_ADD([$ssldir/lib])
++ fi
+ fi
+
+- AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
++ AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
+ LIBS="$LIBS -lcrypto"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
+- AC_TRY_LINK(, [
+- int HMAC_Update(void);
+- (void)HMAC_Update();
+- ], [
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
++ int EVP_sha256(void);
++ (void)EVP_sha256();
++ ]])],[
+ AC_MSG_RESULT(yes)
+- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
+- [If you have HMAC_Update])
+- ], [
++ AC_DEFINE([HAVE_EVP_SHA256], 1,
++ [If you have EVP_sha256])
++ ],[
+ AC_MSG_RESULT(no)
+ # check if -lwsock32 or -lgdi32 are needed.
+ BAKLIBS="$LIBS"
+@@ -691,12 +699,12 @@
+ LIBS="$LIBS -lgdi32 -lws2_32"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
+ AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
+- AC_TRY_LINK([], [
+- int HMAC_Update(void);
+- (void)HMAC_Update();
+- ],[
+- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
+- [If you have HMAC_Update])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
++ int EVP_sha256(void);
++ (void)EVP_sha256();
++ ]])],[
++ AC_DEFINE([HAVE_EVP_SHA256], 1,
++ [If you have EVP_sha256])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+@@ -705,12 +713,12 @@
+ LIBS="$LIBS -ldl"
+ LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
+ AC_MSG_CHECKING([if -lcrypto needs -ldl])
+- AC_TRY_LINK([], [
+- int HMAC_Update(void);
+- (void)HMAC_Update();
+- ],[
+- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
+- [If you have HMAC_Update])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
++ int EVP_sha256(void);
++ (void)EVP_sha256();
++ ]])],[
++ AC_DEFINE([HAVE_EVP_SHA256], 1,
++ [If you have EVP_sha256])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+@@ -719,12 +727,12 @@
+ LIBS="$LIBS -ldl -pthread"
+ LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
+ AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
+- AC_TRY_LINK([], [
+- int HMAC_Update(void);
+- (void)HMAC_Update();
+- ],[
+- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
+- [If you have HMAC_Update])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
++ int EVP_sha256(void);
++ (void)EVP_sha256();
++ ]])],[
++ AC_DEFINE([HAVE_EVP_SHA256], 1,
++ [If you have EVP_sha256])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+@@ -749,9 +757,8 @@
+ dnl
+ AC_DEFUN([ACX_WITH_SSL],
+ [
+-AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
+- [enable SSL (will check /usr/local/ssl
+- /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[
++AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
++ /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
+ ],[
+ withval="yes"
+ ])
+@@ -768,9 +775,8 @@
+ dnl
+ AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
+ [
+-AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
+- [enable SSL (will check /usr/local/ssl
+- /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[
++AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
++ /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
+ ],[
+ withval="yes"
+ ])
+@@ -893,7 +899,7 @@
+ [
+ echo '$3' >conftest.c
+ echo 'void f(){ $2 }' >>conftest.c
+-if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then
++if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
+ eval "cv_cc_deprecated_$cache=no"
+ else
+ eval "cv_cc_deprecated_$cache=yes"
+@@ -919,7 +925,7 @@
+ AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN],
+ [
+ AC_MSG_CHECKING([if nonblocking sockets work])
+-if echo $target | grep mingw32 >/dev/null; then
++if echo $host | grep mingw >/dev/null; then
+ AC_MSG_RESULT([no (windows)])
+ AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).])
+ else
+@@ -1061,7 +1067,7 @@
+ AC_DEFUN([ACX_MKDIR_ONE_ARG],
+ [
+ AC_MSG_CHECKING([whether mkdir has one arg])
+-AC_TRY_COMPILE([
++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include
+ #include
+ #ifdef HAVE_WINSOCK2_H
+@@ -1070,14 +1076,12 @@
+ #ifdef HAVE_SYS_STAT_H
+ #include
+ #endif
+-], [
++]], [[
+ (void)mkdir("directory");
+-],
+-AC_MSG_RESULT(yes)
++]])],[AC_MSG_RESULT(yes)
+ AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.])
+-,
+-AC_MSG_RESULT(no)
+-)
++],[AC_MSG_RESULT(no)
++])
+ ])dnl end of ACX_MKDIR_ONE_ARG
+
+ dnl Check for ioctlsocket function. works on mingw32 too.
+
+--- a/ldns-1.7.1/dnssec_sign.c
++++ b/ldns-1.7.1/dnssec_sign.c
+
+@@ -413,11 +416,14 @@
+ {
+ EC_KEY* ec;
+ const EC_GROUP* g;
+-#ifdef HAVE_EVP_PKEY_BASE_ID
++#ifdef HAVE_EVP_PKEY_GET_BASE_ID
++ if(EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC)
++ return 0;
++#elif defined(HAVE_EVP_PKEY_BASE_ID)
+ if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+ #else
+- if(EVP_PKEY_type(key->type) != EVP_PKEY_EC)
++ if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
+ return 0;
+ #endif
+ ec = EVP_PKEY_get1_EC_KEY(pkey);
+@@ -529,7 +535,9 @@
+ #ifdef USE_DSA
+ #ifndef S_SPLINT_S
+ /* unfortunately, OpenSSL output is different from DNS DSA format */
+-# ifdef HAVE_EVP_PKEY_BASE_ID
++# ifdef HAVE_EVP_PKEY_GET_BASE_ID
++ if (EVP_PKEY_get_base_id(key) == EVP_PKEY_DSA) {
++# elif defined(HAVE_EVP_PKEY_BASE_ID)
+ if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) {
+ # else
+ if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
+@@ -541,7 +549,9 @@
+ #endif
+ #if defined(USE_ECDSA)
+ if(
+-# ifdef HAVE_EVP_PKEY_BASE_ID
++# ifdef HAVE_EVP_PKEY_GET_BASE_ID
++ EVP_PKEY_get_base_id(key)
++# elif defined(HAVE_EVP_PKEY_BASE_ID)
+ EVP_PKEY_base_id(key)
+ # else
+ EVP_PKEY_type(key->type)
+
+--- a/ldns-1.7.1/configure.ac
++++ b/ldns-1.7.1/configure.ac
+@@ -332,7 +356,8 @@
+ else
+ AC_MSG_RESULT([no])
+ fi
+-AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings])
++AC_CHECK_HEADERS([openssl/ssl.h openssl/evp.h openssl/engine.h openssl/conf.h])
++AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key EVP_cleanup ENGINE_cleanup ENGINE_free CRYPTO_cleanup_all_ex_data ERR_free_strings CONF_modules_unload OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp EVP_PKEY_get_base_id])
+
+ # for macosx, see if glibtool exists and use that
+ # BSD's need to know the version...
+@@ -355,21 +380,33 @@
+ ;;
+ esac
+
+-# check wether gost also works
++# check whether gost also works
+ AC_DEFUN([AC_CHECK_GOST_WORKS],
+ [AC_REQUIRE([AC_PROG_CC])
+ AC_MSG_CHECKING([if GOST works])
+ if test c${cross_compiling} = cno; then
+ BAKCFLAGS="$CFLAGS"
+ if test -n "$ssldir"; then
++ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
++ CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64"
++ else
+ CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib"
++ fi
+ fi
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+ #include
++#ifdef HAVE_OPENSSL_SSL_H
+ #include
++#endif
++#ifdef HAVE_OPENSSL_EVP_H
+ #include
++#endif
++#ifdef HAVE_OPENSSL_ENGINE_H
+ #include
++#endif
++#ifdef HAVE_OPENSSL_CONF_H
+ #include
++#endif
+ /* routine to load gost (from sldns) */
+ int load_gost_id(void)
+ {
+@@ -464,7 +501,7 @@
+ AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])])
+ AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])])
+ AC_CHECK_GOST_WORKS
+- AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even whithout a GOST engine installed]))
++ AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even without a GOST engine installed]))
+ if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then
+ if test "$ac_cv_c_gost_works" = "no"; then
+ AC_MSG_RESULT([no, but compiling with GOST support anyway])
+@@ -584,9 +621,11 @@
+ AC_SUBST(ldns_build_config_use_dane_ta_usage, 0)
+ ;;
+ *) dnl default
+- LIBS="-lssl $LIBS"
++ danetmpLIBS="$LIBS"
++ LIBS="-lssl -lcrypto $LIBS"
+ AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])])
+ LIBSSL_LIBS="-lssl $LIBSSL_LIBS"
++ LIBS="$danetmpLIBS"
+ AC_SUBST(ldns_build_config_use_dane_ta_usage, 1)
+ AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.])
+ ;;
+@@ -658,7 +697,12 @@
+ AC_SUBST(LIBSSL_LDFLAGS)
+ AC_SUBST(LIBSSL_LIBS)
+ if test "x$HAVE_SSL" = "xyes"; then
+-AC_SUBST(LIBSSL_SSL_LIBS, ["-lssl $LIBSSL_LIBS"])
++ if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then
++ LIBSSL_SSL_LIBS="$LIBSSL_LIBS"
++ else
++ LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS"
++ fi
++ AC_SUBST(LIBSSL_SSL_LIBS, "$LIBSSL_SSL_LIBS")
+ fi
+ CPPFLAGS=$tmp_CPPFLAGS
+ LDFLAGS=$tmp_LDFLAGS
+
diff --git a/SOURCES/ldns-1.7.1-out-of-boud-read-vuln.patch b/SOURCES/ldns-1.7.1-out-of-boud-read-vuln.patch
new file mode 100644
index 0000000..474902c
--- /dev/null
+++ b/SOURCES/ldns-1.7.1-out-of-boud-read-vuln.patch
@@ -0,0 +1,41 @@
+From 15d96206996bea969fbc918eb0a4a346f514b9f3 Mon Sep 17 00:00:00 2001
+From: Wouter Wijngaards
+Date: Tue, 24 Sep 2019 16:50:27 +0200
+Subject: [PATCH 1/2] * bugfix #70: heap Out-of-bound Read vulnerability in
+rr_frm_str_internal reported by pokerfacett.
+
+From 4e9861576a600a5ecfa16ec2de853c90dd9ce276 Mon Sep 17 00:00:00 2001
+From: Wouter Wijngaards
+Date: Tue, 24 Sep 2019 16:51:09 +0200
+Subject: [PATCH 2/2] Fix #70 fix code.
+
+diff --git a/ldns-1.7.1/rr.c b/ldns-1.7.1/rr.c
+index 6642aca7..adf67ae4 100644
+--- a/ldns-1.7.1/rr.c
++++ b/ldns-1.7.1/rr.c
+@@ -365,15 +365,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
+ ldns_buffer_remaining(rd_buf) > 0){
+
+ /* skip spaces */
+- while (*(ldns_buffer_current(rd_buf)) == ' ') {
++ while (ldns_buffer_remaining(rd_buf) > 0 &&
++ *(ldns_buffer_current(rd_buf)) == ' ') {
+ ldns_buffer_skip(rd_buf, 1);
+ }
+
+- if (*(ldns_buffer_current(rd_buf)) == '\"') {
++ if (ldns_buffer_remaining(rd_buf) > 0 &&
++ *(ldns_buffer_current(rd_buf)) == '\"') {
+ delimiters = "\"\0";
+ ldns_buffer_skip(rd_buf, 1);
+ quoted = true;
+- } else if (ldns_rr_descriptor_field_type(desc, r_cnt)
++ }
++ if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
+ == LDNS_RDF_TYPE_LONG_STR) {
+
+ status = LDNS_STATUS_SYNTAX_RDATA_ERR;
+--
+2.34.1
+
+
diff --git a/SOURCES/ldns-1.7.1.tar.gz.asc b/SOURCES/ldns-1.7.1.tar.gz.asc
new file mode 100644
index 0000000..c78b5de
--- /dev/null
+++ b/SOURCES/ldns-1.7.1.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAl07F1AACgkQ5fj4IS93
+pJg+LxAAh0Z8DcUO/GVLIoNqpJcSW7/kuKrOH4a58WtXVsmRYYQQEVrf5TwA8wsS
+7sYdVGbpAbM3FLs9cKe8scTr/3aM+P5VFR6e+n+Zad1k321ro7fjZT7uzPrH4rFH
+Sj19hexW1nkTqCZL1lL3zvPc4zX20U2ucVQL1sXkPJZek5DES4MD4J1Y/b/zfvPG
+llhlaRrsfvJKflDgqia4FvrproUjujItbAIQu1V0ItczqVOAoTnH6PuWz7jAJfPK
+CN2OB2R+yfS27C1+tkUt5ld8TakevvjQ16rtF39akL4/Jhl7EA9B+Hp2x3MnxwYB
+wkenY0wzkmqh5JmAG8IdF0c2PCLqv+EZcFf0Q5s+RYB3F7I4lxS5DjNlpPOyLoa9
+ISYLFHQ+Et2gAv5SoWm/vixtkqaM1SaX1eR/gIIF01DThB1jew639wZzv7v5wCus
+LsaBWEW55AjWVzFNVucp9D3l+fX8IBYVzJTv0+VZT6tmoaIvoC1A/I2pFmkwVy/n
+z5yiUyIoh9D0YSAg8u4JEjC9cHhsAzz6J5JtI74wmRUCsTyLv2CV0fV6bXm9nQdY
+vIXbVarv5YiOaV6QoCC/2YlFnZov0qUO+96io96e8jIpAyCBrfIn/F0U/WySIjr+
+yifbaVuvj4HXa7tsu/hG+QgmxYfHFWIIq7CiWN4N1YsNuVq/ElM=
+=IvBt
+-----END PGP SIGNATURE-----
diff --git a/SPECS/ldns.spec b/SPECS/ldns.spec
new file mode 100644
index 0000000..ddc15c6
--- /dev/null
+++ b/SPECS/ldns.spec
@@ -0,0 +1,802 @@
+%global _hardened_build 1
+
+%bcond_without python3
+%if 0%{?rhel} > 7 || 0%{?fedora} > 29
+%bcond_with python2
+%else
+%bcond_without python2
+%endif
+%bcond_without perl
+%bcond_without ecdsa
+%if 0%{?fedora} >= 26 || 0%{?rhel} > 7
+%bcond_without eddsa
+%bcond_without dane_ta
+%else
+%bcond_with eddsa
+%bcond_with dane_ta
+%endif
+# GOST is not allowed in Fedora/RHEL due to legal reasons (not NIST ECC)
+%bcond_with gost
+
+%{?!snapshot: %global snapshot 1}
+
+%if %{with python2} || %{with python3}
+%{?filter_setup:
+%global _ldns_internal_filter /^_ldns[.]so.*/d;
+%filter_from_requires %{_ldns_internal_filter}
+%filter_from_provides %{_ldns_internal_filter}
+%filter_setup
+}
+%global _ldns_internal _ldns[.]so[.].*
+%global __requires_exclude ^(%{_ldns_internal})$
+%global __provides_exclude ^(%{_ldns_internal})$
+%endif
+
+%if %{with perl}
+%{?perl_default_filter}
+%endif
+
+Summary: Low-level DNS(SEC) library with API
+Name: ldns
+Version: 1.7.1
+Release: 10%{?dist}
+
+License: BSD
+Url: https://www.nlnetlabs.nl/%{name}/
+Source0: https://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
+Source1: https://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz.asc
+# Willem Toorop, https://www.nlnetlabs.nl/people/
+Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/DC34EE5DB2417BCC151E5100E5F8F8212F77A498#/wtoorop.asc
+Patch1: ldns-1.7.0-multilib.patch
+# 2008445 - https://github.com/NLnetLabs/ldns/commit/12ab6f7a408cd99e9b43b7db86724c2ee66bc36e
+Patch2: ldns-1.7.1-openssl-build.patch
+# 2051211 - https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3
+Patch3: ldns-1.7.1-out-of-boud-read-vuln.patch
+# https://github.com/autoconf-archive/autoconf-archive/commit/7f21e125bbe4e7c93d3bc86cda29c8b8e3b07d52
+# used 'platlib' instead of 'purelib'
+Patch4: ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
+# https://github.com/NLnetLabs/ldns/commit/a5a5dd867fdb934a7ce3637dd9def598f0979247
+Patch5: ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch
+
+
+# Only needed for builds from svn snapshot
+%if 0%{snapshot}
+BuildRequires: libtool
+BuildRequires: autoconf
+BuildRequires: automake
+%endif
+
+BuildRequires: gcc, make
+BuildRequires: libpcap-devel
+%if %{with dane_ta}
+BuildRequires: openssl-devel >= 1.1.0
+%else
+BuildRequires: openssl-devel >= 1.0.2k
+%endif
+BuildRequires: gcc-c++
+BuildRequires: doxygen
+BuildRequires: gnupg2
+
+# for snapshots only
+# BuildRequires: libtool, autoconf, automake
+%if %{with python2}
+BuildRequires: python2-devel, swig
+%endif
+%if %{with python3}
+BuildRequires: python3-devel, swig
+%endif
+%if %{with perl}
+BuildRequires: perl-devel
+BuildRequires: perl-ExtUtils-MakeMaker
+BuildRequires: perl-generators
+BuildRequires: perl(Devel::CheckLib)
+%endif
+Requires: ca-certificates
+
+%description
+ldns is a library with the aim to simplify DNS programming in C. All
+low-level DNS/DNSSEC operations are supported. We also define a higher
+level API which allows a programmer to (for instance) create or sign
+packets.
+
+%package devel
+Summary: Development package that includes the ldns header files
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: pkgconfig openssl-devel
+
+%description devel
+The devel package contains the ldns library and the include files
+
+%package utils
+Summary: DNS(SEC) utilities for querying dns
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description utils
+Collection of tools to get, check or alter DNS(SEC) data.
+
+
+%if %{with python2}
+%package -n python2-ldns
+Summary: Python2 extensions for ldns
+Requires: %{name}%{?_isa} = %{version}-%{release}
+%{?python_provide:%python_provide python2-ldns}
+
+%description -n python2-ldns
+Python2 extensions for ldns
+%endif
+
+
+%if %{with python3}
+%package -n python3-ldns
+Summary: Python3 extensions for ldns
+Requires: %{name}%{?_isa} = %{version}-%{release}
+%{?python_provide:%python_provide python3-ldns}
+
+%description -n python3-ldns
+Python3 extensions for ldns
+%endif
+
+
+%if %{with perl}
+%package -n perl-ldns
+Summary: Perl extensions for ldns
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+
+%description -n perl-ldns
+Perl extensions for ldns
+%endif
+
+%package doc
+Summary: Documentation for the ldns library
+BuildArch: noarch
+
+%description doc
+This package contains documentation for the ldns library
+
+%prep
+%{?extra_version:%global pkgname %{name}-%{version}%{extra_version}}%{!?extra_version:%global pkgname %{name}-%{version}}
+%if 0%{?fedora}
+%gpgverify -d 0 -s 1 -k 2
+%endif
+
+%autosetup -cn %{pkgname} -N
+pushd %{pkgname}
+
+%autopatch -p2
+# To built svn snapshots
+%if 0%{snapshot}
+ rm config.guess config.sub ltmain.sh
+ aclocal
+ libtoolize -c --install
+ autoreconf --install
+%endif
+
+# fixup .pc file
+sed -i "s/@includedir@/@includedir@\/ldns/" packaging/libldns.pc.in
+
+# copy common doc files - after here, since it may be patched
+cp -pr doc LICENSE README* Changelog ../
+cp -p contrib/ldnsx/LICENSE ../LICENSE.ldnsx
+cp -p contrib/ldnsx/README ../README.ldnsx
+popd
+
+%if %{with python3}
+mv %{pkgname} %{pkgname}_python3
+%endif
+
+%if %{with python2}
+cp -a %{pkgname}_python3 %{pkgname}_python2
+%endif
+
+
+%build
+CFLAGS="%{optflags} -fPIC"
+CXXFLAGS="%{optflags} -fPIC"
+LDFLAGS="$RPM_LD_FLAGS -Wl,-z,now -pie"
+export CFLAGS CXXFLAGS LDFLAGS
+
+%if %{with gost}
+ %global enable_gost --enable-gost
+%else
+ %global enable_gost --disable-gost
+%endif
+
+%if %{with ecdsa}
+ %global enable_ecdsa --enable-ecdsa
+%else
+ %global enable_ecdsa --disable-ecdsa
+%endif
+
+%if %{with eddsa}
+ %global enable_eddsa --enable-ed25519 --enable-ed448
+%else
+ %global enable_eddsa --disable-ed25519 --disable-ed448
+%endif
+
+%if ! %{with dane_ta}
+ %global disable_dane_ta --disable-dane-ta-usage
+%endif
+
+%global common_args \\\
+ --disable-rpath \\\
+ %{enable_gost} %{enable_ecdsa} %{enable_eddsa} %{?disable_dane_ta} \\\
+ --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \\\
+ --with-ca-path=/etc/pki/tls/certs/ \\\
+ --with-trust-anchor=%{_sharedstatedir}/unbound/root.key \\\
+ --disable-static \\\
+
+
+%if 0%{with python3}
+pushd %{pkgname}_python3
+%else
+pushd %{pkgname}
+%endif
+
+%configure \
+ %{common_args} \
+ --with-examples \
+ --with-drill \
+%if %{with python3}
+ --with-pyldns PYTHON=%{__python3}
+%endif
+
+%make_build
+%make_build doc
+
+# We cannot use the built-in --with-p5-dns-ldns
+%if %{with perl}
+ pushd contrib/DNS-LDNS
+ LD_LIBRARY_PATH="../../lib:$LD_LIBRARY_PATH" perl \
+ Makefile.PL INSTALLDIRS=vendor INC="-I. -I../.." LIBS="-L../../lib"
+ %make_build -j1
+ popd
+%endif
+
+# specfic hardening options should not end up in ldns-config
+sed -i "s~$RPM_LD_FLAGS~~" packaging/ldns-config
+popd
+
+%if %{with python2}
+ pushd %{pkgname}_python2
+ %configure \
+ %{common_args} \
+ --with-pyldns PYTHON=%{__python2}
+
+ %make_build
+ popd
+%endif
+
+
+
+%install
+rm -rf %{buildroot}
+
+%if %{with python3}
+pushd %{pkgname}_python3
+%else
+pushd %{pkgname}
+%endif
+
+mkdir -p %{buildroot}%{_libdir}/pkgconfig
+%make_install install
+%make_install install-doc
+
+# remove .la files
+rm -rf %{buildroot}%{_libdir}/*.la
+%if %{with python3}
+rm -rf %{buildroot}%{python3_sitearch}/*.la
+%endif
+
+%if %{with perl}
+ %make_install -j1 -C contrib/DNS-LDNS pure_install
+ chmod 755 %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/LDNS.so
+ rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs}
+ rm -f %{buildroot}%{perl_archlib}/perllocal.pod
+%endif
+popd
+
+%if %{with python2}
+ pushd %{pkgname}_python2
+ %make_install install-pyldns install-pyldnsx
+ rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python2_sitearch}/*.la
+ popd
+%endif
+
+# don't package xml files
+rm doc/*.xml
+# don't package building script for install-doc in doc section
+rm doc/doxyparse.pl
+# remove double set of man pages
+rm -rf doc/man
+
+%ldconfig_scriptlets
+
+%files
+%doc README
+%license LICENSE
+%{_libdir}/libldns.so.3*
+
+%files utils
+%{_bindir}/drill
+%{_bindir}/ldnsd
+%{_bindir}/ldns-chaos
+%{_bindir}/ldns-compare-zones
+%{_bindir}/ldns-[d-z]*
+%{_mandir}/man1/*
+
+%files devel
+%doc Changelog README.git
+%{_libdir}/libldns.so
+%{_libdir}/pkgconfig/ldns.pc
+%{_bindir}/ldns-config
+%dir %{_includedir}/ldns
+%{_includedir}/ldns/*.h
+%{_mandir}/man3/*.3.gz
+
+%if %{with python2}
+%files -n python2-ldns
+%doc %{pkgname}_python2/contrib/python/Changelog README.ldnsx
+%license LICENSE.ldnsx
+%{python2_sitearch}/*
+%endif
+
+%if %{with python3}
+%files -n python3-ldns
+%doc %{pkgname}_python3/contrib/python/Changelog README.ldnsx
+%license LICENSE.ldnsx
+%{python3_sitearch}/*
+%endif
+
+%if %{with perl}
+%files -n perl-ldns
+%{perl_vendorarch}/*
+%exclude %dir %{perl_vendorarch}/auto/
+%{_mandir}/man3/*.3pm.gz
+%endif
+
+%files doc
+%doc doc
+
+%changelog
+* Fri Feb 25 2022 Richard Lescak - 1.7.1-10
+- use Python LIBS instead of LDFLAGS - fix annocheck issues
+
+* Thu Feb 24 2022 Richard Lescak - 1.7.1-9
+- Fix for CVE-2020-19860 ldns: heap overread vulnerability (#2051211)
+- Added also patch for deprecated distutils Python module used in build
+
+* Wed Oct 13 2021 Richard Lescak - 1.7.1-8
+- Added patch for failing rebuild with OpenSSL 3.0.0 (#2008445)
+
+* Mon Aug 09 2021 Mohan Boddu - 1.7.1-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+ Related: rhbz#1991688
+
+* Wed Jul 28 2021 Florian Weimer - 1.7.1-6
+- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
+
+* Wed Jun 16 2021 Mohan Boddu - 1.7.1-5
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+ Related: rhbz#1971065
+
+* Fri Apr 16 2021 Mohan Boddu - 1.7.1-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering - 1.7.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 04 2021 Petr Menšík - 1.7.1-2
+- Use make_build and make_install macro instead of make
+- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
+
+* Thu Oct 08 2020 Petr Menšík - 1.7.1-1
+- Update to 1.7.1
+
+* Tue Jul 28 2020 Fedora Release Engineering - 1.7.0-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jun 23 2020 Jitka Plesnikova - 1.7.0-31
+- Perl 5.32 rebuild
+
+* Tue May 26 2020 Miro Hrončok - 1.7.0-30
+- Rebuilt for Python 3.9
+
+* Wed Jan 29 2020 Fedora Release Engineering - 1.7.0-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 03 2019 Miro Hrončok - 1.7.0-28
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok - 1.7.0-27
+- Rebuilt for Python 3.8
+
+* Thu Jul 25 2019 Fedora Release Engineering - 1.7.0-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri May 31 2019 Jitka Plesnikova - 1.7.0-25
+- Perl 5.30 rebuild
+
+* Mon May 20 2019 Jitka Plesnikova - 1.7.0-24
+- Fixed build for SWIG 4.0.0 (#1707450)
+
+* Fri Feb 01 2019 Fedora Release Engineering - 1.7.0-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Sep 26 2018 Petr Menšík - 1.7.0-22
+- Do not build python2 subpackage on Fedora 30 (#1629800)
+
+* Fri Jul 13 2018 Fedora Release Engineering - 1.7.0-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jul 10 2018 Petr Menšík - 1.7.0-20
+- Add all depends, spec cleanup, use full python interpreter
+
+* Tue Jul 03 2018 Petr Pisar - 1.7.0-19
+- Perl 5.28 rebuild
+
+* Fri Jun 29 2018 Jitka Plesnikova - 1.7.0-18
+- Perl 5.28 rebuild
+
+* Tue Jun 19 2018 Miro Hrončok - 1.7.0-17
+- Rebuilt for Python 3.7
+
+* Wed Apr 11 2018 Petr Menšík - 1.7.0-16
+- Make DANE TA usage more clear, autoconfigure for old fedora
+
+* Wed Feb 21 2018 Petr Menšík - 1.7.0-15
+- Experimental support for ed25519 and ed448
+
+* Wed Feb 21 2018 Petr Menšík - 1.7.0-14
+- Add only extra flags to default RPM LDFLAGS
+- Fix multilib conflict of ldns-config (#1463423)
+- Make primary python3 in primary build, python2 in optional
+
+* Wed Feb 21 2018 Petr Menšík - 1.7.0-13
+- Support for python3 package (#1323248)
+- Moved perl manual pages to perl-ldns
+
+* Wed Feb 07 2018 Fedora Release Engineering - 1.7.0-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Fri Jan 05 2018 Iryna Shcherbina - 1.7.0-11
+- Update Python 2 dependency declarations to new packaging standards
+ (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Thu Nov 09 2017 Petr Menšík - 1.7.0-10
+- Fix memory corruption in ldns_str2rdf_long_str (#1511046)
+
+* Thu Nov 09 2017 Petr Menšík - 1.7.0-9
+- Fix memory corruption in ldns_rr_new_frm_fp_l (#1511046)
+
+* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 1.7.0-8
+- Python 2 binary package renamed to python2-ldns
+ See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
+
+* Thu Aug 03 2017 Fedora Release Engineering - 1.7.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering - 1.7.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Jul 07 2017 Igor Gnatenko - 1.7.0-5
+- Rebuild due to bug in RPM (RHBZ #1468476)
+
+* Mon Jun 05 2017 Jitka Plesnikova - 1.7.0-4
+- Perl 5.26 rebuild
+
+* Sat Mar 11 2017 Rex Dieter - 1.7.0-3
+- explicitly track library soname (so bumps aren't a surprise)
+- use %%license, drop dup'd README in -devel
+- BR: openssl-devel >= 1.1.0 (required for DANE verification)
+
+* Wed Mar 01 2017 Petr Menšík - 1.7.0-2
+- Update to 1.7.0
+
+* Fri Feb 10 2017 Fedora Release Engineering - 1.6.17-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Jul 19 2016 Fedora Release Engineering - 1.6.17-20
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Sun May 15 2016 Jitka Plesnikova - 1.6.17-19
+- Perl 5.24 rebuild
+
+* Thu Apr 21 2016 Paul Wouters - 1.6.17-18
+- Resolves: rhbz#1190724 Missing dependency - openssl-devel
+
+* Thu Feb 04 2016 Fedora Release Engineering - 1.6.17-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Jul 16 2015 Tomas Hozza - 1.6.17-16
+- Fix FTBFS on F23+ (#1230140)
+
+* Wed Jun 17 2015 Paul Wouters - 1.6.17-15
+- Remove obsoleted Obsolete:s
+- Fix for man page generation
+
+* Sat Jun 06 2015 Paul Wouters - 1.6.17-14
+- rebuilt with --enable-rrtype-cds --enable-rrtype-uri enabled
+
+* Sat Jun 06 2015 Jitka Plesnikova - 1.6.17-13
+- Perl 5.22 rebuild
+
+* Mon Apr 27 2015 Paul Wouters - 1.6.17-12
+- Split with_ecc macro in with_ecdsa and with_gost - and disable gost
+
+* Mon Nov 24 2014 Paul Wouters - 1.6.17-11
+- Only cond_without sets "with ", so use underscores
+- multilib.patch was setting LIBDIR_SEC once without leading /
+
+* Thu Oct 02 2014 Paul Wouters - 1.6.17-10
+- Fix and install the .pc (pkg-config) file
+
+* Wed Oct 01 2014 Paul Wouters - 1.6.17-9
+- Remove hardening options from ldns-config (rhbz#1147972)
+
+* Tue Sep 30 2014 Paul Wouters - 1.6.17-8
+- Fix ldns-config (rhbz#1147972) [Florian Lehner]
+
+* Tue Aug 26 2014 Jitka Plesnikova - 1.6.17-7
+- Perl 5.20 rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering - 1.6.17-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering - 1.6.17-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue May 06 2014 Paul Wouters - 1.6.17-4
+- Rename ldns-python to python-ldns
+- Rename ldns-perl to perl-ldns
+- Ensure ldns-utils is dragged it so an upgrade does not remove utils
+
+* Tue May 06 2014 Paul Wouters - 1.6.17-3
+- CVE-2014-3209 ldns: ldns-keygen generates keys with world readable permissions
+- Fix 1017958 - 32 and 64 bit ldns conflicts on some manual pages
+- Fix rhbz#1062874 - cannot install ldns.x86_64 in parallel to ldns.i686
+- Incorporate fixes from Tuomo Soini
+- hardened build
+- fix ldns internal provides and requires filter
+- fix perl-ldns requirement to include %%_isa
+- setup filters for perl and python bindings for internal stuff
+- split utils to separate package
+
+* Mon Mar 24 2014 Tomas Hozza - 1.6.17-2
+- Fix error causing ldns to sometimes produce faulty DSA sign (#1077776)
+- Fix FTBFS due to perl modules
+
+* Fri Jan 10 2014 Paul Wouters - 1.6.17-1
+- Updated to 1.6.17
+- Enable perl bindings via new ldns-perl sub-package
+- Enable ECDSA/GOST which is now allowed in Fedora
+- Removed patches merged upstream, ported multilib patch to 1.6.17
+
+* Sat Aug 03 2013 Fedora Release Engineering - 1.6.16-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Jul 23 2013 Tomas Hozza - 1.6.16-5
+- Fix compiler warnings and one uninitialized value
+- make ldns-config multilib clean
+- Fix man pages and usages errors
+
+* Mon Jun 03 2013 Paul Wouters - 1.6.16-4
+- Use /var/lib/unbound/root.key for --with-trust-anchor
+
+* Fri Apr 19 2013 Adam Tkac - 1.6.16-3
+- make package multilib clean
+
+* Thu Feb 14 2013 Fedora Release Engineering - 1.6.16-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Tue Oct 30 2012 Paul Wouters - 1.6.16-1
+- Updated to 1.6.16
+- Addresses bug in 1.6.14 and 1.6.15 that affects opendnssec
+ (if you have empty non-terminals and use NSEC3)
+
+* Fri Oct 26 2012 Paul Wouters - 1.6.15-1
+- Updated to 1.6.15, as 1.6.14 accidentally broke ABI
+ (We never released 1.6.14)
+
+* Tue Oct 23 2012 Paul Wouters - 1.6.14-1
+- [pulled before release]
+- Updated to 1.6.14
+- Removed merged in patch
+- Added new dependancy on ca-certificates for ldns-dane PKIX validation
+
+* Thu Jul 19 2012 Fedora Release Engineering - 1.6.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jun 01 2012 Paul Wouters - 1.6.13-2
+- Added reworked ldns-read-zone patch from trunk
+ (adds -p for SOA padding, and -o for zeroizing timestamps/sigs)
+
+* Mon May 21 2012 Paul Wouters - 1.6.13-1
+- Upgraded to 1.6.13, bugfix release
+- Added --disable-ecdsa as ECC is still banned
+- Removed --with-sha2 - it is always enabled and option was removed
+
+* Wed Jan 11 2012 Paul Wouters - 1.6.12-1
+- Upgraded to 1.6.12, fixes important end of year handling date bug
+
+* Wed Oct 5 2011 Paul Wouters - 1.6.11-2
+- Updated to 1.6.11, fixes rhbz#741026 which is CVE-2011-3581
+- Python goes into sitearch, not sitelib
+- Fix source link and spelling errors in description
+
+* Mon Sep 19 2011 Paul Wouters - 1.6.10-2
+- Fix for losing nameserver when it drops UDP fragments in
+ ldns_resolver_send_pkt [Willem Toorop ]
+- Added ldnsx module (to be merged into ldns soon)
+ http://git.xelerance.com/cgi-bin/gitweb.cgi?p=ldnsx.git;a=summary
+
+* Wed Jun 08 2011 Paul Wouters - 1.6.10-1
+- Upodated to 1.6.10
+- Commented out dependancies that are only needed for snapshots
+
+* Sun Mar 27 2011 Paul Wouters - 1.6.9-1
+- Updated to 1.6.9
+
+* Mon Feb 07 2011 Fedora Release Engineering - 1.6.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon Jan 24 2011 Paul Wouters - 1.6.8-1
+- Updated to 1.6.8
+
+* Thu Aug 26 2010 Paul Wouters - 1.6.6-2
+- Bump for EVR
+
+* Mon Aug 09 2010 Paul Wouters - 1.6.6-1
+- Upgraded to 1.6.6
+
+* Wed Jul 21 2010 David Malcolm - 1.6.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Tue Jun 15 2010 Paul Wouters - 1.6.5-1
+- Updated to 1.6.5
+
+* Fri Jan 22 2010 Paul Wouters - 1.6.4-2
+- Fix missing _ldns.so causing ldns-python to not work
+- Patch for installing ldns-python files
+- Patch for rpath in ldns-python
+- Don't install .a file for ldns-python
+
+* Wed Jan 20 2010 Paul Wouters - 1.6.4-1
+- Upgraded to 1.6.4
+- Added ldns-python sub package
+
+* Fri Dec 04 2009 Paul Wouters - 1.6.3-1
+- Upgraded to 1.6.3, which has minor bugfixes
+
+* Fri Nov 13 2009 Paul Wouters - 1.6.2-1
+- Upgraded to 1.6.2. This fixes various bugs.
+ (upstream released mostly to default with sha2 for the imminent
+ signed root, but we already enabled that in our builds)
+
+* Tue Aug 25 2009 Tomas Mraz - 1.6.1-3
+- rebuilt with new openssl
+
+* Sun Aug 16 2009 Paul Wouters - 1.6.1-2
+- Added openssl dependancy back in, since we get more functionality
+ when using openssl. Especially in 'drill'.
+
+* Sun Aug 16 2009 Paul Wouters - 1.6.1-1
+- Updated to 1.6.1
+
+* Fri Jul 24 2009 Fedora Release Engineering - 1.6.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Jul 13 2009 Paul Wouters - 1.6.0-4
+- Fixed the ssl patch so it can now compile --without-ssl
+
+* Sat Jul 11 2009 Paul Wouters - 1.6.0-3
+- Added patch to compile with --without-ssl
+- Removed openssl dependancies
+- Recompiled with --without-ssl
+
+* Sat Jul 11 2009 Paul Wouters - 1.6.0-2
+- Updated to 1.6.0
+- (did not yet compile with --without-ssl due to compile failures)
+
+* Fri Jul 10 2009 Paul Wouters - 1.6.0-1
+- Updated to 1.6.0
+- Compile without openssl
+
+* Thu Apr 16 2009 Paul Wouters - 1.5.1-4
+- Memory management bug when generating a sha256 key, see:
+ https://bugzilla.redhat.com/show_bug.cgi?id=493953
+
+* Wed Feb 25 2009 Fedora Release Engineering - 1.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Feb 10 2009 Paul Wouters - 1.5.1-1
+- Updated to new version, 1.5.0 had a bug preventing
+ zone signing.
+
+* Mon Feb 9 2009 Paul Wouters - 1.5.0-1
+- Updated to new version
+
+* Thu Feb 05 2009 Adam Tkac - 1.4.0-3
+- fixed configure flags
+
+* Sat Jan 17 2009 Tomas Mraz - 1.4.0-2
+- rebuild with new openssl
+
+* Fri Nov 7 2008 Paul Wouters - 1.4.0-1
+- Updated to 1.4.0
+
+* Wed May 28 2008 Paul Wouters - 1.3.0-3
+- enable SHA2 functionality
+
+* Wed May 28 2008 Paul Wouters - 1.3.0-2
+- re-tag (don't do builds while renaming local repo dirs)
+
+* Wed May 28 2008 Paul Wouters - 1.3.0-1
+- Updated to latest release
+
+* Tue Feb 19 2008 Fedora Release Engineering - 1.2.2-3
+- Autorebuild for GCC 4.3
+
+* Wed Dec 5 2007 Paul Wouters - 1.2.2-2
+- Rebuild for new libcrypto
+
+* Thu Nov 29 2007 Paul Wouters - 1.2.2-1
+- Upgraded to 1.2.2. Removed no longer needed race workaround
+
+* Tue Nov 13 2007 Paul Wouters - 1.2.1-4
+- Try to fix racing ln -s statements in parallel builds
+
+* Fri Nov 9 2007 Paul Wouters - 1.2.1-3
+- Added patch for ldns-read-zone that does not put @. in RRDATA
+
+* Fri Oct 19 2007 Paul Wouters - 1.2.1-2
+- Use install -p to work around multilib conflicts for .h files
+
+* Wed Oct 10 2007 Paul Wouters - 1.2.1-1
+- Updated to 1.2.1
+- Removed patches that got moved into upstream
+
+* Wed Aug 8 2007 Paul Wouters 1.2.0-11
+- Patch for ldns-key2ds to write to stdout
+- Again remove extra set of man pages from doc
+- own /usr/include/ldns (bug 233858)
+
+* Wed Aug 8 2007 Paul Wouters 1.2.0-10
+- Added sha256 DS record patch to ldns-key2ds
+- Minor tweaks for proper doc/man page installation.
+- Workaround for parallel builds
+
+* Mon Aug 6 2007 Paul Wouters 1.2.0-2
+- Own the /usr/include/ldns directory (bug #233858)
+- Removed obsoleted patch
+- Remove files form previous libtool run accidentally packages by upstream
+
+* Mon Sep 11 2006 Paul Wouters 1.0.1-4
+- Commented out 1.1.0 make targets, put make 1.0.1 targets.
+
+* Mon Sep 11 2006 Paul Wouters 1.0.1-3
+- Fixed changelog typo in date
+- Rebuild requested for PT_GNU_HASH support from gcc
+- Did not upgrade to 1.1.0 due to compile issues on x86_64
+
+* Fri Jan 6 2006 Paul Wouters 1.0.1-1
+- Upgraded to 1.0.1. Removed temporary clean hack from spec file.
+
+* Sun Dec 18 2005 Paul Wouters 1.0.0-8
+- Cannot use make clean because there are no Makefiles. Use hardcoded rm.
+
+* Sun Dec 18 2005 Paul Wouters 1.0.0-7
+- Patched 'make clean' target to get rid of object files shipped with 1.0.0
+
+* Tue Dec 13 2005 Paul Wouters 1.0.0-6
+- added a make clean for 2.3.3 since .o files were left behind upstream,
+ causing failure on ppc platform
+
+* Sun Dec 11 2005 Tom "spot" Callaway 1.0.0-5
+- minor cleanups
+
+* Wed Oct 5 2005 Paul Wouters 0.70_1205
+- reworked for svn version
+
+* Sun Sep 25 2005 Paul Wouters - 0.70
+- Initial version