From 026b07928dbc75c099ba964cb9f10acecc311f6d Mon Sep 17 00:00:00 2001
From: Richard Lescak <rlescak@redhat.com>
Date: Fri, 25 Feb 2022 14:57:47 +0100
Subject: [PATCH] use Python LIBS instead of LDFLAGS - fix annocheck issues
 Resolves: rhbz#2051211

---
 ...config-python-module-in-python_devel.patch | 131 ++++++++++++++++--
 ...YTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch |  32 +++++
 ldns.spec                                     |   7 +-
 3 files changed, 154 insertions(+), 16 deletions(-)
 create mode 100644 ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch

diff --git a/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch b/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
index bb3f395..e6b2ccf 100644
--- a/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
+++ b/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
@@ -1,7 +1,51 @@
-diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
---- a/ldns-1.7.1/ax_python_devel.m4	2019-07-26 17:07:44.000000000 +0200
-+++ b/ldns-1.7.1/ax_python_devel.m4	2022-02-15 12:35:30.881489085 +0100
-@@ -135,16 +135,24 @@
+--- a/m4/ax_python_devel.m4	2019-07-26 17:07:44.000000000 +0200
++++ b/m4/ax_python_devel.m4	2022-02-15 10:29:28.876543000 +0100
+@@ -1,5 +1,5 @@
+ # ===========================================================================
+-#      http://www.gnu.org/software/autoconf-archive/ax_python_devel.html
++#     https://www.gnu.org/software/autoconf-archive/ax_python_devel.html
+ # ===========================================================================
+ #
+ # SYNOPSIS
+@@ -12,8 +12,8 @@
+ #   in your configure.ac.
+ #
+ #   This macro checks for Python and tries to get the include path to
+-#   'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LDFLAGS)
+-#   output variables. It also exports $(PYTHON_EXTRA_LIBS) and
++#   'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output
++#   variables. It also exports $(PYTHON_EXTRA_LIBS) and
+ #   $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code.
+ #
+ #   You can search for some particular version of Python by passing a
+@@ -52,7 +52,7 @@
+ #   Public License for more details.
+ #
+ #   You should have received a copy of the GNU General Public License along
+-#   with this program. If not, see <http://www.gnu.org/licenses/>.
++#   with this program. If not, see <https://www.gnu.org/licenses/>.
+ #
+ #   As a special exception, the respective Autoconf Macro's copyright owner
+ #   gives unlimited permission to copy, distribute and modify the configure
+@@ -67,7 +67,7 @@
+ #   modified version of the Autoconf Macro, you may extend this special
+ #   exception to the GPL to apply to your modified version as well.
+ 
+-#serial 16
++#serial 23
+ 
+ AU_ALIAS([AC_PYTHON_DEVEL], [AX_PYTHON_DEVEL])
+ AC_DEFUN([AX_PYTHON_DEVEL],[
+@@ -99,7 +99,7 @@
+ This version of the AC@&t@_PYTHON_DEVEL macro
+ doesn't work properly with versions of Python before
+ 2.1.0. You may need to re-run configure, setting the
+-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
++variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG,
+ PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
+ Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
+ to something else than an empty string.
+@@ -135,16 +135,25 @@
  	#
  	# Check if you have distutils, else fail
  	#
@@ -16,6 +60,7 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  	else
  		AC_MSG_RESULT([no])
 -		AC_MSG_ERROR([cannot import Python module "distutils".
++
 +		AC_MSG_CHECKING([for the distutils Python package])
 +		ac_sysconfig_result=`$PYTHON -c "from distutils import sysconfig" 2>&1`
 +		if test $? -eq 0; then
@@ -32,7 +77,7 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  	fi
  
  	#
-@@ -152,10 +160,19 @@
+@@ -152,10 +161,19 @@
  	#
  	AC_MSG_CHECKING([for Python include path])
  	if test -z "$PYTHON_CPPFLAGS"; then
@@ -56,7 +101,15 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  		if test -n "${python_path}"; then
  			if test "${plat_python_path}" != "${python_path}"; then
  				python_path="-I$python_path -I$plat_python_path"
-@@ -179,7 +196,7 @@
+@@ -172,14 +190,14 @@
+ 	# Check for Python library path
+ 	#
+ 	AC_MSG_CHECKING([for Python library path])
+-	if test -z "$PYTHON_LDFLAGS"; then
++	if test -z "$PYTHON_LIBS"; then
+ 		# (makes two attempts to ensure we've got a version number
+ 		# from the interpreter)
+ 		ac_python_version=`cat<<EOD | $PYTHON -
  
  # join all versioning strings, on some systems
  # major/minor numbers could be in different list elements
@@ -65,7 +118,7 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  e = get_config_var('VERSION')
  if e is not None:
  	print(e)
-@@ -202,8 +219,8 @@
+@@ -202,8 +220,8 @@
  		ac_python_libdir=`cat<<EOD | $PYTHON -
  
  # There should be only one
@@ -76,7 +129,7 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  if e is not None:
  	print (e)
  EOD`
-@@ -211,8 +228,8 @@
+@@ -211,8 +229,8 @@
  		# Now, for the library:
  		ac_python_library=`cat<<EOD | $PYTHON -
  
@@ -87,7 +140,12 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  if 'LDVERSION' in c:
  	print ('python'+c[['LDVERSION']])
  else:
-@@ -231,7 +248,7 @@
+@@ -227,45 +245,51 @@
+ 		then
+ 			# use the official shared library
+ 			ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
+-			PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
++			PYTHON_LIBS="-L$ac_python_libdir -l$ac_python_library"
  		else
  			# old way: use libpython from python_configdir
  			ac_python_libdir=`$PYTHON -c \
@@ -95,8 +153,26 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
 +			  "from sysconfig import get_python_lib as f; \
  			  import os; \
  			  print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
- 			PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
-@@ -252,8 +269,14 @@
+-			PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
++			PYTHON_LIBS="-L$ac_python_libdir -lpython$ac_python_version"
+ 		fi
+ 
+-		if test -z "PYTHON_LDFLAGS"; then
++		if test -z "PYTHON_LIBS"; then
+ 			AC_MSG_ERROR([
+   Cannot determine location of your Python DSO. Please check it was installed with
+-  dynamic libraries enabled, or try setting PYTHON_LDFLAGS by hand.
++  dynamic libraries enabled, or try setting PYTHON_LIBS by hand.
+ 			])
+ 		fi
+ 	fi
+-	AC_MSG_RESULT([$PYTHON_LDFLAGS])
+-	AC_SUBST([PYTHON_LDFLAGS])
++	AC_MSG_RESULT([$PYTHON_LIBS])
++	AC_SUBST([PYTHON_LIBS])
+ 
+ 	#
+ 	# Check for site packages
  	#
  	AC_MSG_CHECKING([for Python site-packages path])
  	if test -z "$PYTHON_SITE_PKG"; then
@@ -113,7 +189,9 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  	fi
  	AC_MSG_RESULT([$PYTHON_SITE_PKG])
  	AC_SUBST([PYTHON_SITE_PKG])
-@@ -263,9 +286,9 @@
+ 
+ 	#
+ 	# libraries which must be linked in when embedding
  	#
  	AC_MSG_CHECKING(python extra libraries)
  	if test -z "$PYTHON_EXTRA_LIBS"; then
@@ -126,7 +204,7 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  	fi
  	AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
  	AC_SUBST(PYTHON_EXTRA_LIBS)
-@@ -275,8 +298,8 @@
+@@ -275,8 +316,8 @@
  	#
  	AC_MSG_CHECKING(python extra linking flags)
  	if test -z "$PYTHON_EXTRA_LDFLAGS"; then
@@ -137,11 +215,34 @@ diff -urN a/ldns-1.7.1/ax_python_devel.m4 b/ldns-1.7.1/ax_python_devel.m4
  			print (conf('LINKFORSHARED'))"`
  	fi
  	AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
-@@ -300,6 +323,7 @@
+@@ -288,8 +329,10 @@
+ 	AC_MSG_CHECKING([consistency of all components of python development environment])
+ 	# save current global flags
+ 	ac_save_LIBS="$LIBS"
++	ac_save_LDFLAGS="$LDFLAGS"
+ 	ac_save_CPPFLAGS="$CPPFLAGS"
+-	LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LDFLAGS $PYTHON_EXTRA_LIBS"
++	LIBS="$ac_save_LIBS $PYTHON_LIBS $PYTHON_EXTRA_LIBS $PYTHON_EXTRA_LIBS"
++	LDFLAGS="$ac_save_LDFLAGS $PYTHON_EXTRA_LDFLAGS"
+ 	CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
+ 	AC_LANG_PUSH([C])
+ 	AC_LINK_IFELSE([
+@@ -300,6 +343,7 @@
  	# turn back to default flags
  	CPPFLAGS="$ac_save_CPPFLAGS"
  	LIBS="$ac_save_LIBS"
 +	LDFLAGS="$ac_save_LDFLAGS"
  
  	AC_MSG_RESULT([$pythonexists])
-
+ 
+@@ -307,8 +351,8 @@
+ 	   AC_MSG_FAILURE([
+   Could not link test program to Python. Maybe the main Python library has been
+   installed in some non-standard library path. If so, pass it to configure,
+-  via the LDFLAGS environment variable.
+-  Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib"
++  via the LIBS environment variable.
++  Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
+   ============================================================================
+    ERROR!
+    You probably have to install the development version of the Python package
diff --git a/ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch b/ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch
new file mode 100644
index 0000000..28beb33
--- /dev/null
+++ b/ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch
@@ -0,0 +1,32 @@
+From a5a5dd867fdb934a7ce3637dd9def598f0979247 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 3 Jun 2021 10:51:15 +0200
+Subject: [PATCH] Use PYTHON_LIBS instead of PYTHON_LDFLAGS
+
+Definition was changed to more obvious variable in ax_python_devel.m4
+---
+ Makefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ldns-1.7.1/Makefile.in b/ldns-1.7.1/Makefile.in
+index af529e43..2f6b1423 100644
+--- a/ldns-1.7.1/Makefile.in
++++ b/ldns-1.7.1/Makefile.in
+@@ -48,7 +48,7 @@ LIBS 		= @LIBS@
+ LIBOBJDIR	= compat/
+ LIBOBJS		= @LIBOBJS@
+ PYTHON_CPPFLAGS	= @PYTHON_CPPFLAGS@
+-PYTHON_LDFLAGS	= @PYTHON_LDFLAGS@
++PYTHON_LIBS	= @PYTHON_LIBS@
+ PYTHON_X_CFLAGS = @PYTHON_X_CFLAGS@
+ LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@
+ LIBSSL_LDFLAGS  = @LIBSSL_LDFLAGS@
+@@ -301,7 +301,7 @@
+ 	$(COMP_LIB) -I./include/ldns $(LIBSSL_CPPFLAGS) $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $(pywrapdir)/ldns_wrapper.c -o $@
+ 
+ _ldns.la: ldns_wrapper.lo libldns.la 
+-	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(LIBS)
++	$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(PYTHON_LIBS) $(LIBS)
+ 
+ $(p5_dns_ldns_dir)/Makefile: $(p5_dns_ldns_dir)/Makefile.PL
+ 	BUILDDIR=`pwd`; cd $(p5_dns_ldns_dir); LD_LIBRARY_PATH="$$BUILDDIR/.libs:$$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="$$BUILDDIR/.libs:$$DYLD_LIBRARY_PATH" $(PERL) Makefile.PL LIBS="-L$$BUILDDIR/.libs -lldns" INC="-I$$BUILDDIR"
diff --git a/ldns.spec b/ldns.spec
index 191dde4..ddc15c6 100644
--- a/ldns.spec
+++ b/ldns.spec
@@ -39,7 +39,7 @@
 Summary: Low-level DNS(SEC) library with API
 Name: ldns
 Version: 1.7.1
-Release: 9%{?dist}
+Release: 10%{?dist}
 
 License: BSD
 Url: https://www.nlnetlabs.nl/%{name}/
@@ -55,6 +55,8 @@ Patch3: ldns-1.7.1-out-of-boud-read-vuln.patch
 # https://github.com/autoconf-archive/autoconf-archive/commit/7f21e125bbe4e7c93d3bc86cda29c8b8e3b07d52
 # used 'platlib' instead of 'purelib'
 Patch4: ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
+# https://github.com/NLnetLabs/ldns/commit/a5a5dd867fdb934a7ce3637dd9def598f0979247
+Patch5: ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch
 
 
 # Only needed for builds from svn snapshot
@@ -357,6 +359,9 @@ rm -rf doc/man
 %doc doc
 
 %changelog
+* Fri Feb 25 2022 Richard Lescak <rlescak@redhat.com> - 1.7.1-10
+- use Python LIBS instead of LDFLAGS - fix annocheck issues
+
 * Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1.7.1-9
 - Fix for CVE-2020-19860 ldns: heap overread vulnerability (#2051211)
 - Added also patch for deprecated distutils Python module used in build