From 3e6bf64a7799e87cce81c4b417d014741aefcbc5 Mon Sep 17 00:00:00 2001
From: Paul Wouters <pwouters@redhat.com>
Date: Fri, 1 Jun 2012 17:18:13 -0400
Subject: [PATCH] * Fri Jun 01 2012 Paul Wouters <pwouters@redhat.com> -
 1.6.13-2 - Added reworked ldns-read-zone patch from trunk   (adds -p for SOA
 padding, and -o for zeroizing timestamps/sigs)

---
 ldns-1.6.13-readzone.patch | 156 +++++++++++++++++++++++++++++++++++++
 ldns.spec                  |   8 +-
 2 files changed, 163 insertions(+), 1 deletion(-)
 create mode 100644 ldns-1.6.13-readzone.patch

diff --git a/ldns-1.6.13-readzone.patch b/ldns-1.6.13-readzone.patch
new file mode 100644
index 0000000..e126474
--- /dev/null
+++ b/ldns-1.6.13-readzone.patch
@@ -0,0 +1,156 @@
+diff --git a/examples/ldns-read-zone.1 b/examples/ldns-read-zone.1
+index 81f238d..7d4fd7d 100644
+--- a/examples/ldns-read-zone.1
++++ b/examples/ldns-read-zone.1
+@@ -22,6 +22,12 @@ that is not of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are not
+ printed.
+ 
+ .TP
++\fB-0\fR
++Print a 0 for the RRSIG inception, expiry and key data. This option
++can be used when comparing different signing systems that use the same
++DNSKEYs for signing but would have a slightly different timings/jitter.
++
++.TP
+ \fB-h\fR
+ Show usage and exit
+ 
+@@ -30,6 +36,11 @@ Show usage and exit
+ Do not print the SOA record
+ 
+ .TP
++\fB-p\fR
++Pad the SOA serial number with spaces so the number and the spaces together
++take ten characters. This is useful for in file serial number increments
++ that want to use mmap()
++.TP
+ \fB-s\fR
+ Strip DNSSEC data from the zone. This option skips every record
+ that is of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are still
+diff --git a/examples/ldns-read-zone.c b/examples/ldns-read-zone.c
+index ac32bac..df2b2c2 100644
+--- a/examples/ldns-read-zone.c
++++ b/examples/ldns-read-zone.c
+@@ -33,14 +33,23 @@ main(int argc, char **argv)
+ 	ldns_rr_list *stripped_list;
+ 	ldns_rr *cur_rr;
+ 	ldns_rr_type cur_rr_type;
+-	const ldns_output_format *fmt = NULL;
++	ldns_output_format fmt = { 
++		ldns_output_format_default->flags,
++		ldns_output_format_default->data
++	};
+ 	ldns_soa_serial_increment_func_t soa_serial_increment_func = NULL;
+ 	int soa_serial_increment_func_data = 0;
+ 
+-        while ((c = getopt(argc, argv, "bcdhnsvzS:")) != -1) {
++        while ((c = getopt(argc, argv, "0bcdhnpsvzS:")) != -1) {
+                 switch(c) {
+ 			case 'b':
+-				fmt = ldns_output_format_bubblebabble;
++				fmt.flags |= 
++					( LDNS_COMMENT_BUBBLEBABBLE |
++					  LDNS_COMMENT_FLAGS        );
++				break;
++			case '0':
++				fmt.flags |= LDNS_FMT_ZEROIZE_RRSIGS;
++				break;
+                 	case 'c':
+                 		canonicalize = true;
+                 		break;
+@@ -55,10 +64,13 @@ main(int argc, char **argv)
+ 				printf("\tReads the zonefile and prints it.\n");
+ 				printf("\tThe RR count of the zone is printed to stderr.\n");
+ 				printf("\t-b include bubblebabble of DS's.\n");
++				printf("\t-0 zeroize timestamps and signature in RRSIG records.\n");
+ 				printf("\t-c canonicalize all rrs in the zone.\n");
+ 				printf("\t-d only show DNSSEC data from the zone\n");
+ 				printf("\t-h show this text\n");
+ 				printf("\t-n do not print the SOA record\n");
++				printf("\t-p prepend SOA serial with spaces so"
++					" it takes exactly ten characters.\n");
+ 				printf("\t-s strip DNSSEC data from the zone\n");
+ 				printf("\t-S [[+|-]<number> | YYYYMMDDxx | "
+ 						" unixtime ]\n"
+@@ -80,6 +92,9 @@ main(int argc, char **argv)
+ 			case 'n':
+ 				print_soa = false;
+ 				break;
++			case 'p':
++				fmt.flags |= LDNS_FMT_PAD_SOA_SERIAL;
++				break;
+                         case 's':
+                         	strip = true;
+                 		if (only_dnssec) {
+@@ -195,9 +210,9 @@ main(int argc, char **argv)
+ 					, soa_serial_increment_func_data
+ 					);
+ 			}
+-			ldns_rr_print_fmt(stdout, fmt, ldns_zone_soa(z));
++			ldns_rr_print_fmt(stdout, &fmt, ldns_zone_soa(z));
+ 		}
+-		ldns_rr_list_print_fmt(stdout, fmt, ldns_zone_rrs(z));
++		ldns_rr_list_print_fmt(stdout, &fmt, ldns_zone_rrs(z));
+ 
+ 		ldns_zone_deep_free(z);
+ 	} else {
+diff --git a/host2str.c b/host2str.c
+index 636d80d..2ec8ae1 100644
+--- a/host2str.c
++++ b/host2str.c
+@@ -123,6 +123,7 @@ const ldns_output_format  *ldns_output_format_onlykeyids
+ 			= &ldns_output_format_onlykeyids_record;
+ const ldns_output_format  *ldns_output_format_default
+ 			= &ldns_output_format_onlykeyids_record;
++
+ const ldns_output_format   ldns_output_format_bubblebabble_record = { 
+ 	LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL
+ };
+@@ -1231,7 +1232,33 @@ ldns_rr2buffer_str_fmt(ldns_buffer *output,
+ 
+ 	for (i = 0; i < ldns_rr_rd_count(rr); i++) {
+ 		/* ldns_rdf2buffer_str handles NULL input fine! */
+-		status = ldns_rdf2buffer_str(output, ldns_rr_rdf(rr, i));
++		if ((fmt->flags & LDNS_FMT_ZEROIZE_RRSIGS) &&
++				(ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) &&
++				((/* inception  */ i == 4 &&
++				  ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) == 
++							LDNS_RDF_TYPE_TIME) ||
++				  (/* expiration */ i == 5 &&
++				   ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) ==
++				   			LDNS_RDF_TYPE_TIME) ||
++				  (/* signature  */ i == 8 &&
++				   ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) ==
++				   			LDNS_RDF_TYPE_B64))) {
++
++			ldns_buffer_printf(output, "0");
++			status = ldns_buffer_status(output);
++		} else if ((fmt->flags & LDNS_FMT_PAD_SOA_SERIAL) &&
++				(ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) &&
++				/* serial */ i == 2 &&
++			 	ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) ==
++			 				LDNS_RDF_TYPE_INT32) {
++			ldns_buffer_printf(output, "%10lu",
++				(unsigned long) ldns_read_uint32(
++					ldns_rdf_data(ldns_rr_rdf(rr, 2))));
++			status = ldns_buffer_status(output);
++		} else {
++			status = ldns_rdf2buffer_str(output,
++					ldns_rr_rdf(rr, i));
++		}
+ 		if(status != LDNS_STATUS_OK)
+ 			return status;
+ 		if (i < ldns_rr_rd_count(rr) - 1) {
+diff --git a/ldns/host2str.h b/ldns/host2str.h
+index f0a14a4..32cdd60 100644
+--- a/ldns/host2str.h
++++ b/ldns/host2str.h
+@@ -64,6 +64,8 @@ extern "C" {
+ #define LDNS_COMMENT_LAYOUT		0x0080
+ /** Also comment KEY_ID with RRSIGS **/
+ #define LDNS_COMMENT_RRSIGS		0x0100
++#define LDNS_FMT_ZEROIZE_RRSIGS		0x0200
++#define LDNS_FMT_PAD_SOA_SERIAL		0x0400
+ 
+ /**
+  * Output format specifier
diff --git a/ldns.spec b/ldns.spec
index 58a8641..9d0527e 100644
--- a/ldns.spec
+++ b/ldns.spec
@@ -8,10 +8,11 @@
 Summary: Lowlevel DNS(SEC) library with API
 Name: ldns
 Version: 1.6.13
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/%{name}/
 Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
+Patch1:ldns-1.6.13-readzone.patch
 Group: System Environment/Libraries
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: perl, libpcap-devel, openssl-devel, gcc-c++, doxygen,
@@ -52,6 +53,7 @@ Python extensions for ldns
 # aclocal
 # libtoolize -c --install
 # autoreconf --install
+%patch1 -p1 
 
 %build
 # as long as ECC is banned we cannot enable GOST or ECDSA
@@ -116,6 +118,10 @@ rm -rf %{buildroot}
 %postun -p /sbin/ldconfig
 
 %changelog
+* Fri Jun 01 2012 Paul Wouters <pwouters@redhat.com> - 1.6.13-2
+- Added reworked ldns-read-zone patch from trunk
+  (adds -p for SOA padding, and -o for zeroizing timestamps/sigs)
+
 * Mon May 21 2012 Paul Wouters <pwouters@redhat.com> - 1.6.13-1
 - Upgraded to 1.6.13, bugfix release
 - Added --disable-ecdsa as ECC is still banned