[ldns/f20] Bring ldns up to 1.6.17 to match rawhide and f21
Paul Wouters
pwouters at fedoraproject.org
Wed Aug 27 16:19:01 UTC 2014
commit b5c56ee42573216e281b761ef6c61ea9e10aac8f
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Aug 27 12:18:44 2014 -0400
Bring ldns up to 1.6.17 to match rawhide and f21
ldns-1.6.16-dsa-key-failures.patch | 12 +-
ldns-1.6.17-keygen.patch | 32 +++++
ldns-1.6.17-multilib.patch | 75 +++++++++++
ldns.spec | 253 ++++++++++++++++++++++++++++--------
4 files changed, 310 insertions(+), 62 deletions(-)
---
diff --git a/ldns-1.6.16-dsa-key-failures.patch b/ldns-1.6.16-dsa-key-failures.patch
index 318a69d..93e8a73 100644
--- a/ldns-1.6.16-dsa-key-failures.patch
+++ b/ldns-1.6.16-dsa-key-failures.patch
@@ -1,15 +1,15 @@
-diff -up ldns-1.6.16/keys.c.dsa ldns-1.6.16/keys.c
---- ldns-1.6.16/keys.c.dsa 2012-08-31 14:03:18.000000000 +0200
-+++ ldns-1.6.16/keys.c 2014-03-18 17:48:57.474128661 +0100
-@@ -1314,7 +1314,6 @@ ldns_key_dsa2bin(unsigned char *data, DS
+diff -up ldns-1.6.17/keys.c.dsa ldns-1.6.17/keys.c
+--- ldns-1.6.17/keys.c.dsa 2014-01-10 22:04:41.000000000 +0100
++++ ldns-1.6.17/keys.c 2014-03-18 17:54:34.751742493 +0100
+@@ -1324,7 +1324,6 @@ ldns_key_dsa2bin(unsigned char *data, DS
/* See RFC2536 */
*size = (uint16_t)BN_num_bytes(k->p);
T = (*size - 64) / 8;
- memcpy(data, &T, 1);
if (T > 8) {
- fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)");
-@@ -1323,12 +1322,13 @@ ldns_key_dsa2bin(unsigned char *data, DS
+ #ifdef STDERR_MSGS
+@@ -1335,12 +1334,13 @@ ldns_key_dsa2bin(unsigned char *data, DS
}
/* size = 64 + (T * 8); */
diff --git a/ldns-1.6.17-keygen.patch b/ldns-1.6.17-keygen.patch
new file mode 100644
index 0000000..1c010f6
--- /dev/null
+++ b/ldns-1.6.17-keygen.patch
@@ -0,0 +1,32 @@
+diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
+index 316d60d..f4f0116 100644
+--- a/examples/ldns-keygen.c
++++ b/examples/ldns-keygen.c
+@@ -247,9 +247,14 @@ main(int argc, char *argv[])
+ LDNS_FREE(filename);
+ }
+
++ {
++ mode_t oldmask = umask();
++
+ /* print the priv key to stderr */
+ filename = LDNS_XMALLOC(char, strlen(owner) + 21);
+ snprintf(filename, strlen(owner) + 20, "K%s+%03u+%05u.private", owner, algorithm, (unsigned int) ldns_key_keytag(key));
++
++ umask(077); /* ensure only owner can read private key */
+ file = fopen(filename, "w");
+ if (!file) {
+ fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+@@ -262,9 +267,12 @@ main(int argc, char *argv[])
+ } else {
+ ldns_key_print(file, key);
+ fclose(file);
++ umask(oldmask);
+ LDNS_FREE(filename);
+ }
+
++ }
++
+ /* print the DS to .ds */
+ if (algorithm != LDNS_SIGN_HMACMD5 &&
+ algorithm != LDNS_SIGN_HMACSHA1 &&
diff --git a/ldns-1.6.17-multilib.patch b/ldns-1.6.17-multilib.patch
new file mode 100644
index 0000000..fc8216b
--- /dev/null
+++ b/ldns-1.6.17-multilib.patch
@@ -0,0 +1,75 @@
+diff -Naur ldns-1.6.17-orig/configure ldns-1.6.17/configure
+--- ldns-1.6.17-orig/configure 2014-01-10 16:04:50.000000000 -0500
++++ ldns-1.6.17/configure 2014-01-10 20:22:39.138190093 -0500
+@@ -662,6 +662,7 @@
+ PYTHON_LDFLAGS
+ PYTHON_CPPFLAGS
+ PYTHON
++PYTHON_LIB
+ PYTHON_VERSION
+ UNINSTALL_CONFIG_MANPAGE
+ UNINSTALL_CONFIG
+@@ -13599,6 +13600,7 @@
+ # use the official shared library
+ ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
+ PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
++ PYTHON_LIB="$ac_python_library"
+ else
+ # old way: use libpython from python_configdir
+ ac_python_libdir=`$PYTHON -c \
+@@ -13606,6 +13608,7 @@
+ import os; \
+ print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
+ PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
++ PYTHON_LIB="python$ac_python_version"
+ fi
+
+ if test -z "PYTHON_LDFLAGS"; then
+diff -Naur ldns-1.6.17-orig/packaging/ldns-config.in ldns-1.6.17/packaging/ldns-config.in
+--- ldns-1.6.17-orig/packaging/ldns-config.in 2014-01-10 16:04:41.000000000 -0500
++++ ldns-1.6.17/packaging/ldns-config.in 2014-01-10 20:33:13.033665804 -0500
+@@ -3,13 +3,25 @@
+ prefix="@prefix@"
+ exec_prefix="@exec_prefix@"
+ VERSION="@PACKAGE_VERSION@"
+-CFLAGS="@CFLAGS@"
+-CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@"
+-LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@"
+ LIBS="@LIBS@ @LIBSSL_LIBS@"
+-LIBDIR="@libdir@"
+ INCLUDEDIR="@includedir@"
+ LIBVERSION="@LIBLDNS_CURRENT at .@LIBLDNS_REVISION at .@LIBLDNS_AGE@"
++ARCH="`uname -m`"
++
++case $ARCH in
++ x86_64 | amd64 | sparc64 | s390x | ppc64)
++
++ LIBDIR="/usr/lib64"
++ LIBDIR_SEC="/usr/lib"
++ ;;
++ * )
++ LIBDIR="/usr/lib"
++ LIBDIR_SEC="usr/lib64"
++ ;;
++esac
++
++LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ -L$LIBDIR -l at PYTHON_LIB@"
++LDFLAGS_SEC="@LDFL
+
+ for arg in $@
+ do
+@@ -21,9 +33,13 @@
+ then
+ echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns"
+ fi
++ if [ $arg = "--libs_sec" ]
++ then
++ echo "${LDFLAGS_SEC} -L${LIBDIR_SEC} ${LIBS} -lldns"
++ fi
+ if [ $arg = "-h" ] || [ $arg = "--help" ]
+ then
+- echo "Usage: $0 [--cflags] [--libs] [--version]"
++ echo "Usage: $0 [--cflags] [--libs] [--libs_sec] [--version]"
+ fi
+ if [ $arg = "--version" ]
+ then
diff --git a/ldns.spec b/ldns.spec
index b9760ac..a606655 100644
--- a/ldns.spec
+++ b/ldns.spec
@@ -1,30 +1,66 @@
+%global _hardened_build 1
%{?!with_python: %global with_python 1}
+%{?!with_perl: %global with_perl 1}
+%{?!with_ecc: %global with_ecc 1}
-%if %{with_python}
+%if %{with python}
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
+%{?filter_setup:
+%global _ldns_internal_filter /^_ldns[.]so.*/d;
+%filter_from_requires %{_ldns_internal_filter}
+%filter_from_provides %{_ldns_internal_filter}
+%filter_setup
+}
+%global _ldns_internal _ldns[.]so[.].*
+%global __requires_exclude ^(%{_ldns_internal})$
+%global __provides_exclude ^(%{_ldns_internal})$
+%endif
+
+%if %{with_perl}
+%{?perl_default_filter}
%endif
Summary: Low-level DNS(SEC) library with API
Name: ldns
-Version: 1.6.16
+Version: 1.6.17
Release: 7%{?dist}
+
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
-Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
-Patch0: %{name}-1.6.16-uninitialized-value-compiler-warnings.patch
-Patch1: %{name}-1.6.16-multilib.patch
-Patch2: %{name}-1.6.16-manpage-fixes-bundle.patch
-Patch3: %{name}-1.6.16-dsa-key-failures.patch
+Source0: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
+Patch1: ldns-1.6.17-multilib.patch
+Patch2: ldns-1.6.16-dsa-key-failures.patch
+Patch3: ldns-1.6.17-keygen.patch
+
Group: System Environment/Libraries
-BuildRequires: perl, libpcap-devel, openssl-devel, gcc-c++, doxygen,
+# Only needed for builds from svn snapshot
+# BuildRequires: libtool
+# BuildRequires: autoconf
+# BuildRequires: automake
+
+BuildRequires: libpcap-devel
+BuildRequires: openssl-devel
+BuildRequires: gcc-c++
+BuildRequires: doxygen
+
# for snapshots only
# BuildRequires: libtool, autoconf, automake
-%if %{with_python}
-BuildRequires: python-devel, swig
+%if %{with python}
+BuildRequires: python-devel, swig
+%endif
+%if %{with perl}
+BuildRequires: perl-ExtUtils-MakeMaker
%endif
Requires: ca-certificates
+# Transition: To ensure people who installed 'ldns' for binaries don't lose them. Remove in f21
+Obsoletes: ldns < 1.6.17-4
+Conflicts: ldns < 1.6.17-4
+Provides: ldns = %{version}-%{release}
+Provides: ldns%{?_isa} = %{version}-%{release}
+Requires: ldns-utils
+
%description
ldns is a library with the aim to simplify DNS programming in C. All
low-level DNS/DNSSEC operations are supported. We also define a higher
@@ -34,36 +70,58 @@ packets.
%package devel
Summary: Development package that includes the ldns header files
Group: Development/Libraries
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The devel package contains the ldns library and the include files
-%if %{with_python}
-%package python
+%package utils
+Summary: DNS(SEC) utilities for querying dns
+Group: Applications/System
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description utils
+Collection of tools to get, check or alter DNS(SEC) data.
+
+%if %{with python}
+%package -n python-ldns
Summary: Python extensions for ldns
Group: Applications/System
-Requires: %{name} = %{version}-%{release}
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Obsoletes: ldns-python < 1.6.17-4
+Conflicts: ldns-python < 1.6.17-4
+
-%description python
+%description -n python-ldns
Python extensions for ldns
%endif
+%if %{with perl}
+%package -n perl-ldns
+Summary: Perl extensions for ldns
+Group: Applications/System
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+Obsoletes: ldns-perl < 1.6.17-4
+Conflicts: ldns-perl < 1.6.17-4
+
+%description -n perl-ldns
+Perl extensions for ldns
+%endif
+
%package doc
Summary: Documentation for the ldns library
Group: Development/Libraries
-Requires: %{name}-devel = %{version}-%{release}
BuildArch: noarch
%description doc
This package contains documentation for the ldns library
%prep
-%setup -q
-%patch0 -p2
+%setup -q
%patch1 -p1
-%patch2 -p1 -b .manpage
-%patch3 -p1 -b .dsa
+%patch2 -p1 -b .dsa
+%patch3 -p1 -b .keygen
# To built svn snapshots
# rm config.guess config.sub ltmain.sh
# aclocal
@@ -71,85 +129,168 @@ This package contains documentation for the ldns library
# autoreconf --install
%build
-# as long as ECC is banned we cannot enable GOST or ECDSA
-%configure --disable-rpath --disable-static --disable-gost --disable-ecdsa \
- --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \
-%if %{with_python}
- --with-pyldns \
+CFLAGS="%{optflags} -fPIC"
+CXXFLAGS="%{optflags} -fPIC"
+LDFLAGS="-Wl,-z,relro,-z,now -pie"
+export CFLAGS CXXFLAGS LDFLAGS
+%configure \
+ --disable-rpath \
+ --disable-static \
+%if %{with ecc}
+ --enable-gost \
+ --enable-ecdsa \
+%else
+ --disable-gost \
+ --disable-ecdsa \
+%endif
+%if %{with python}
+ --with-pyldns \
+%endif
+ --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \
+ --with-ca-path=/etc/pki/tls/certs/ \
+ --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
+
+pushd drill
+%configure \
+ --disable-rpath \
+%if %{with ecc}
+ --enable-gost \
+ --enable-ecdsa \
+%else
+ --disable-gost \
+ --disable-ecdsa \
%endif
+ --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \
+ --with-ca-path=/etc/pki/tls/certs/ \
--with-trust-anchor=%{_sharedstatedir}/unbound/root.key
+popd
+
+pushd examples
+%configure \
+ --disable-rpath \
+%if %{with ecc}
+ --enable-gost \
+ --enable-ecdsa \
+%else
+ --disable-gost \
+ --disable-ecdsa \
+%endif
+ --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt \
+ --with-ca-path=/etc/pki/tls/certs/ \
+ --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
+popd
+
+# We cannot use the built-in --with-p5-dns-ldns
+%if %{with perl}
+ pushd contrib/DNS-LDNS
+ perl Makefile.PL INSTALLDIRS=vendor INC="-I. -I../.."
+ make
+ popd
+%endif
-(cd drill ; %configure --disable-rpath --disable-static --disable-gost \
- --disable-ecdsa \
- --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \
- --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
-)
-(cd examples ; %configure --disable-rpath --disable-static --disable-gost \
- --disable-ecdsa \
- --with-ca-file=/etc/pki/tls/certs/ca-bundle.trust.crt --with-ca-path=/etc/pki/tls/certs/ \
- --with-trust-anchor=%{_sharedstatedir}/unbound/root.key
-)
-
-make %{?_smp_mflags}
-( cd drill ; make %{?_smp_mflags} )
-( cd examples ; make %{?_smp_mflags} )
+make %{?_smp_mflags}
+make -C drill %{?_smp_mflags}
+make -C examples %{?_smp_mflags}
make %{?_smp_mflags} doc
%install
rm -rf %{buildroot}
-make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install
+make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install
make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-doc
# don't package xml files
rm doc/*.xml
# don't package building script for install-doc in doc section
rm doc/doxyparse.pl
-#remove double set of man pages
+# remove double set of man pages
rm -rf doc/man
# remove .la files
rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python_sitearch}/*.la
-(cd drill ; make DESTDIR=%{buildroot} install)
-(cd examples; make DESTDIR=%{buildroot} install)
+make -C drill DESTDIR=%{buildroot} install
+make -C examples DESTDIR=%{buildroot} install
+%if %{with perl}
+ make -C contrib/DNS-LDNS DESTDIR=%{buildroot} pure_install
+ chmod 755 %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/LDNS.so
+ rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs}
+%endif
%clean
rm -rf %{buildroot}
-%files
-%defattr(-,root,root)
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%doc README LICENSE
%{_libdir}/libldns*so.*
+
+%files utils
%{_bindir}/drill
%{_bindir}/ldnsd
%{_bindir}/ldns-chaos
%{_bindir}/ldns-compare-zones
%{_bindir}/ldns-[d-z]*
-%doc README LICENSE
-%{_mandir}/*/*
+%{_mandir}/man1/*
%files devel
-%defattr(-,root,root,-)
+%doc Changelog README
%{_libdir}/libldns*so
%{_bindir}/ldns-config
%dir %{_includedir}/ldns
%{_includedir}/ldns/*.h
-%doc Changelog README
+%{_mandir}/man3/*
-%if %{with_python}
-%files python
-%defattr(-,root,root)
+%if %{with python}
+%files -n python-ldns
%{python_sitearch}/*
%endif
+%if %{with perl}
+%files -n perl-ldns
+%{perl_vendorarch}/*
+%exclude %dir %{perl_vendorarch}/auto/
+%endif
+
%files doc
%doc doc
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
-
%changelog
-* Tue Mar 18 2014 Tomas Hozza <thozza at redhat.com> - 1.6.16-7
+* Tue Aug 26 2014 Jitka Plesnikova <jplesnik at redhat.com> - 1.6.17-7
+- Perl 5.20 rebuild
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.17-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.17-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue May 06 2014 Paul Wouters <pwouters at redhat.com> - 1.6.17-4
+- Rename ldns-python to python-ldns
+- Rename ldns-perl to perl-ldns
+- Ensure ldns-utils is dragged it so an upgrade does not remove utils
+
+* Tue May 06 2014 Paul Wouters <pwouters at redhat.com> - 1.6.17-3
+- CVE-2014-3209 ldns: ldns-keygen generates keys with world readable permissions
+- Fix 1017958 - 32 and 64 bit ldns conflicts on some manual pages
+- Fix rhbz#1062874 - cannot install ldns.x86_64 in parallel to ldns.i686
+- Incorporate fixes from Tuomo Soini <tis at foobar.fi>
+- hardened build
+- fix ldns internal provides and requires filter
+- fix perl-ldns requirement to include %%_isa
+- setup filters for perl and python bindings for internal stuff
+- split utils to separate package
+
+* Mon Mar 24 2014 Tomas Hozza <thozza at redhat.com> - 1.6.17-2
- Fix error causing ldns to sometimes produce faulty DSA sign (#1077776)
+- Fix FTBFS due to perl modules
+
+* Fri Jan 10 2014 Paul Wouters <pwouters at redhat.com> - 1.6.17-1
+- Updated to 1.6.17
+- Enable perl bindings via new ldns-perl sub-package
+- Enable ECDSA/GOST which is now allowed in Fedora
+- Removed patches merged upstream, ported multilib patch to 1.6.17
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.16-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list