rpms/ldns
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:c8s
rpms:c9
rpms:c10s
rpms:c9-beta
rpms:c9s
rpms:c8
rpms:c8-beta
rpms:imports/c9/ldns-1.7.1-12.el9
rpms:imports/c9-beta/ldns-1.7.1-12.el9
rpms:imports/c10s/ldns-1.8.3-18.el10
rpms:imports/c10s/ldns-1.8.3-17.el10
rpms:imports/c10s/ldns-1.8.3-16.el10
rpms:imports/c10s/ldns-1.8.3-15.el10
rpms:imports/c8/ldns-1.7.0-22.el8
rpms:imports/c9/ldns-1.7.1-11.el9
rpms:imports/c9-beta/ldns-1.7.1-11.el9
rpms:imports/c9/ldns-1.7.1-10.el9
rpms:imports/c9-beta/ldns-1.7.1-10.el9
rpms:imports/c9-beta/ldns-1.7.1-8.el9
rpms:imports/c9-beta/ldns-1.7.1-7.el9
rpms:imports/c8-beta/ldns-1.7.0-21.el8
rpms:imports/c8-beta/ldns-1.7.0-20.el8
rpms:imports/c8/ldns-1.7.0-21.el8
rpms:imports/c8/ldns-1.7.0-20.el8
rpms:imports/c8s/ldns-1.7.0-21.el8
...
pull from: rpms:c8s
Branches Tags
rpms:c9
rpms:c10s
rpms:c9-beta
rpms:c9s
rpms:c8
rpms:c8-beta
rpms:c8s
rpms:imports/c9/ldns-1.7.1-12.el9
rpms:imports/c9-beta/ldns-1.7.1-12.el9
rpms:imports/c10s/ldns-1.8.3-18.el10
rpms:imports/c10s/ldns-1.8.3-17.el10
rpms:imports/c10s/ldns-1.8.3-16.el10
rpms:imports/c10s/ldns-1.8.3-15.el10
rpms:imports/c8/ldns-1.7.0-22.el8
rpms:imports/c9/ldns-1.7.1-11.el9
rpms:imports/c9-beta/ldns-1.7.1-11.el9
rpms:imports/c9/ldns-1.7.1-10.el9
rpms:imports/c9-beta/ldns-1.7.1-10.el9
rpms:imports/c9-beta/ldns-1.7.1-8.el9
rpms:imports/c9-beta/ldns-1.7.1-7.el9
rpms:imports/c8-beta/ldns-1.7.0-21.el8
rpms:imports/c8-beta/ldns-1.7.0-20.el8
rpms:imports/c8/ldns-1.7.0-21.el8
rpms:imports/c8/ldns-1.7.0-20.el8
rpms:imports/c8s/ldns-1.7.0-21.el8

No commits in common. "c9" and "c8s" have entirely different histories.
c9 ... c8s

15 changed files with 561 additions and 936 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1 +1,2 @@
SOURCES/ldns-1.7.1.tar.gz
SOURCES/ldns-1.7.0.tar.gz
/ldns-1.7.0.tar.gz

1
.ldns.metadata
View File

@ -1 +0,0 @@
d075a08972c0f573101fb4a6250471daaa53cb3e SOURCES/ldns-1.7.1.tar.gz

248
SOURCES/ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
View File

@ -1,248 +0,0 @@
--- a/m4/ax_python_devel.m4 2019-07-26 17:07:44.000000000 +0200
+++ b/m4/ax_python_devel.m4 2022-02-15 10:29:28.876543000 +0100
@@ -1,5 +1,5 @@
# ===========================================================================
-# http://www.gnu.org/software/autoconf-archive/ax_python_devel.html
+# https://www.gnu.org/software/autoconf-archive/ax_python_devel.html
# ===========================================================================
#
# SYNOPSIS
@@ -12,8 +12,8 @@
# in your configure.ac.
#
# This macro checks for Python and tries to get the include path to
-# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LDFLAGS)
-# output variables. It also exports $(PYTHON_EXTRA_LIBS) and
+# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output
+# variables. It also exports $(PYTHON_EXTRA_LIBS) and
# $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code.
#
# You can search for some particular version of Python by passing a
@@ -52,7 +52,7 @@
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
-# with this program. If not, see <http://www.gnu.org/licenses/>.
+# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
@@ -67,7 +67,7 @@
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
-#serial 16
+#serial 23
AU_ALIAS([AC_PYTHON_DEVEL], [AX_PYTHON_DEVEL])
AC_DEFUN([AX_PYTHON_DEVEL],[
@@ -99,7 +99,7 @@
This version of the AC@&t@_PYTHON_DEVEL macro
doesn't work properly with versions of Python before
2.1.0. You may need to re-run configure, setting the
-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
+variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG,
PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
to something else than an empty string.
@@ -135,16 +135,25 @@
#
# Check if you have distutils, else fail
#
- AC_MSG_CHECKING([for the distutils Python package])
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
+ AC_MSG_CHECKING([for the sysconfig Python package])
+ ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`
+ if test $? -eq 0; then
AC_MSG_RESULT([yes])
+ IMPORT_SYSCONFIG="import sysconfig"
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python module "distutils".
+
+ AC_MSG_CHECKING([for the distutils Python package])
+ ac_sysconfig_result=`$PYTHON -c "from distutils import sysconfig" 2>&1`
+ if test $? -eq 0; then
+ AC_MSG_RESULT([yes])
+ IMPORT_SYSCONFIG="from distutils import sysconfig"
+ else
+ AC_MSG_ERROR([cannot import Python module "distutils".
Please check your Python installation. The error was:
-$ac_distutils_result])
- PYTHON_VERSION=""
+$ac_sysconfig_result])
+ PYTHON_VERSION=""
+ fi
fi
#
@@ -152,10 +161,19 @@
#
AC_MSG_CHECKING([for Python include path])
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_inc ());"`
- plat_python_path=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_inc (plat_specific=1));"`
+ if test "$IMPORT_SYSCONFIG" = "import sysconfig"; then
+ # sysconfig module has different functions
+ python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ print (sysconfig.get_path ('include'));"`
+ plat_python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ print (sysconfig.get_path ('platinclude'));"`
+ else
+ # old distutils way
+ python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ print (sysconfig.get_python_inc ());"`
+ plat_python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ print (sysconfig.get_python_inc (plat_specific=1));"`
+ fi
if test -n "${python_path}"; then
if test "${plat_python_path}" != "${python_path}"; then
python_path="-I$python_path -I$plat_python_path"
@@ -172,14 +190,14 @@
# Check for Python library path
#
AC_MSG_CHECKING([for Python library path])
- if test -z "$PYTHON_LDFLAGS"; then
+ if test -z "$PYTHON_LIBS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
ac_python_version=`cat<<EOD | $PYTHON -
# join all versioning strings, on some systems
# major/minor numbers could be in different list elements
-from distutils.sysconfig import *
+from sysconfig import *
e = get_config_var('VERSION')
if e is not None:
print(e)
@@ -202,8 +220,8 @@
ac_python_libdir=`cat<<EOD | $PYTHON -
# There should be only one
-import distutils.sysconfig
-e = distutils.sysconfig.get_config_var('LIBDIR')
+$IMPORT_SYSCONFIG
+e = sysconfig.get_config_var('LIBDIR')
if e is not None:
print (e)
EOD`
@@ -211,8 +229,8 @@
# Now, for the library:
ac_python_library=`cat<<EOD | $PYTHON -
-import distutils.sysconfig
-c = distutils.sysconfig.get_config_vars()
+$IMPORT_SYSCONFIG
+c = sysconfig.get_config_vars()
if 'LDVERSION' in c:
print ('python'+c[['LDVERSION']])
else:
@@ -227,45 +245,51 @@
then
# use the official shared library
ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
- PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
+ PYTHON_LIBS="-L$ac_python_libdir -l$ac_python_library"
else
# old way: use libpython from python_configdir
ac_python_libdir=`$PYTHON -c \
- "from distutils.sysconfig import get_python_lib as f; \
+ "from sysconfig import get_python_lib as f; \
import os; \
print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
- PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
+ PYTHON_LIBS="-L$ac_python_libdir -lpython$ac_python_version"
fi
- if test -z "PYTHON_LDFLAGS"; then
+ if test -z "PYTHON_LIBS"; then
AC_MSG_ERROR([
Cannot determine location of your Python DSO. Please check it was installed with
- dynamic libraries enabled, or try setting PYTHON_LDFLAGS by hand.
+ dynamic libraries enabled, or try setting PYTHON_LIBS by hand.
])
fi
fi
- AC_MSG_RESULT([$PYTHON_LDFLAGS])
- AC_SUBST([PYTHON_LDFLAGS])
+ AC_MSG_RESULT([$PYTHON_LIBS])
+ AC_SUBST([PYTHON_LIBS])
#
# Check for site packages
#
AC_MSG_CHECKING([for Python site-packages path])
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
- print (distutils.sysconfig.get_python_lib(1,0));"`
+ if test "$IMPORT_SYSCONFIG" = "import sysconfig"; then
+ PYTHON_SITE_PKG=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ print (sysconfig.get_path('platlib'));"`
+ else
+ # distutils.sysconfig way
+ PYTHON_SITE_PKG=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ print (sysconfig.get_python_lib(0,0));"`
+ fi
fi
AC_MSG_RESULT([$PYTHON_SITE_PKG])
AC_SUBST([PYTHON_SITE_PKG])
#
# libraries which must be linked in when embedding
#
AC_MSG_CHECKING(python extra libraries)
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \
- conf = distutils.sysconfig.get_config_var; \
- print (conf('LIBS'))"`
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ conf = sysconfig.get_config_var; \
+ print (conf('LIBS') + ' ' + conf('SYSLIBS'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
AC_SUBST(PYTHON_EXTRA_LIBS)
@@ -275,8 +316,8 @@
#
AC_MSG_CHECKING(python extra linking flags)
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import distutils.sysconfig; \
- conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "$IMPORT_SYSCONFIG; \
+ conf = sysconfig.get_config_var; \
print (conf('LINKFORSHARED'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
@@ -288,8 +329,10 @@
AC_MSG_CHECKING([consistency of all components of python development environment])
# save current global flags
ac_save_LIBS="$LIBS"
+ ac_save_LDFLAGS="$LDFLAGS"
ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LDFLAGS $PYTHON_EXTRA_LIBS"
+ LIBS="$ac_save_LIBS $PYTHON_LIBS $PYTHON_EXTRA_LIBS $PYTHON_EXTRA_LIBS"
+ LDFLAGS="$ac_save_LDFLAGS $PYTHON_EXTRA_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
AC_LANG_PUSH([C])
AC_LINK_IFELSE([
@@ -300,6 +343,7 @@
# turn back to default flags
CPPFLAGS="$ac_save_CPPFLAGS"
LIBS="$ac_save_LIBS"
+ LDFLAGS="$ac_save_LDFLAGS"
AC_MSG_RESULT([$pythonexists])
@@ -307,8 +351,8 @@
AC_MSG_FAILURE([
Could not link test program to Python. Maybe the main Python library has been
installed in some non-standard library path. If so, pass it to configure,
- via the LDFLAGS environment variable.
- Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib"
+ via the LIBS environment variable.
+ Example: ./configure LIBS="-L/usr/non-standard-path/python/lib"
============================================================================
ERROR!
You probably have to install the development version of the Python package

32
SOURCES/ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch
View File

@ -1,32 +0,0 @@
From a5a5dd867fdb934a7ce3637dd9def598f0979247 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 3 Jun 2021 10:51:15 +0200
Subject: [PATCH] Use PYTHON_LIBS instead of PYTHON_LDFLAGS
Definition was changed to more obvious variable in ax_python_devel.m4
---
Makefile.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ldns-1.7.1/Makefile.in b/ldns-1.7.1/Makefile.in
index af529e43..2f6b1423 100644
--- a/ldns-1.7.1/Makefile.in
+++ b/ldns-1.7.1/Makefile.in
@@ -48,7 +48,7 @@ LIBS = @LIBS@
LIBOBJDIR = compat/
LIBOBJS = @LIBOBJS@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
+PYTHON_LIBS = @PYTHON_LIBS@
PYTHON_X_CFLAGS = @PYTHON_X_CFLAGS@
LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@
LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@
@@ -301,7 +301,7 @@
$(COMP_LIB) -I./include/ldns $(LIBSSL_CPPFLAGS) $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $(pywrapdir)/ldns_wrapper.c -o $@
_ldns.la: ldns_wrapper.lo libldns.la
- $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(LIBS)
+ $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(PYTHON_LIBS) $(LIBS)
$(p5_dns_ldns_dir)/Makefile: $(p5_dns_ldns_dir)/Makefile.PL
BUILDDIR=`pwd`; cd $(p5_dns_ldns_dir); LD_LIBRARY_PATH="$$BUILDDIR/.libs:$$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="$$BUILDDIR/.libs:$$DYLD_LIBRARY_PATH" $(PERL) Makefile.PL LIBS="-L$$BUILDDIR/.libs -lldns" INC="-I$$BUILDDIR"

369
SOURCES/ldns-1.7.1-openssl-build.patch
View File

@ -1,369 +0,0 @@
--- a/ldns-1.7.1/acx_nlnetlabs.m4
+++ b/ldns-1.7.1/acx_nlnetlabs.m4
@@ -2,7 +2,15 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
-# Version 34
+# Version 41
+# 2021-07-30 fix for openssl use of lib64 directory.
+# 2021-06-14 fix nonblocking test to use host instead of target for mingw test.
+# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for
+# 64bit compatibility.
+# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS.
+# 2021-01-05 fix defun for aclocal
+# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE
+# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
@@ -446,15 +454,12 @@
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute)
AC_CACHE_VAL(ac_cv_c_format_attribute,
[ac_cv_c_format_attribute=no
-AC_TRY_COMPILE(
-[#include <stdio.h>
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *format, ...) __attribute__ ((format (printf, 1, 2)));
void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2)));
-], [
+]], [[
f ("%s", "str");
-],
-[ac_cv_c_format_attribute="yes"],
-[ac_cv_c_format_attribute="no"])
+]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"])
])
AC_MSG_RESULT($ac_cv_c_format_attribute)
@@ -483,14 +488,11 @@
AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute)
AC_CACHE_VAL(ac_cv_c_unused_attribute,
[ac_cv_c_unused_attribute=no
-AC_TRY_COMPILE(
-[#include <stdio.h>
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
void f (char *u __attribute__((unused)));
-], [
+]], [[
f ("x");
-],
-[ac_cv_c_unused_attribute="yes"],
-[ac_cv_c_unused_attribute="no"])
+]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"])
])
dnl Setup ATTR_UNUSED config.h parts.
@@ -547,7 +549,7 @@
dnl because libtools 'AC_REQUIRE' names are right after this one, before
dnl this function contents.
AC_REQUIRE([ACX_LIBTOOL_C_PRE])
-AC_PROG_LIBTOOL
+LT_INIT
])
dnl Detect if u_char type is defined, otherwise define it.
@@ -646,7 +648,7 @@
if test x_$withval != x_no; then
AC_MSG_CHECKING(for SSL)
if test x_$withval = x_ -o x_$withval = x_yes; then
- withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr"
+ withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
fi
for dir in $withval; do
ssldir="$dir"
@@ -668,22 +670,28 @@
HAVE_SSL=yes
dnl assume /usr is already in the lib and dynlib paths.
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
- LDFLAGS="$LDFLAGS -L$ssldir/lib"
- LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
- ACX_RUNTIME_PATH_ADD([$ssldir/lib])
+ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
+ LDFLAGS="$LDFLAGS -L$ssldir/lib64"
+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
+ ACX_RUNTIME_PATH_ADD([$ssldir/lib64])
+ else
+ LDFLAGS="$LDFLAGS -L$ssldir/lib"
+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
+ ACX_RUNTIME_PATH_ADD([$ssldir/lib])
+ fi
fi
- AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
+ AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
- AC_TRY_LINK(, [
- int HMAC_Update(void);
- (void)HMAC_Update();
- ], [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
AC_MSG_RESULT(yes)
- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
- [If you have HMAC_Update])
- ], [
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
+ ],[
AC_MSG_RESULT(no)
# check if -lwsock32 or -lgdi32 are needed.
BAKLIBS="$LIBS"
@@ -691,12 +699,12 @@
LIBS="$LIBS -lgdi32 -lws2_32"
LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
- AC_TRY_LINK([], [
- int HMAC_Update(void);
- (void)HMAC_Update();
- ],[
- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
- [If you have HMAC_Update])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@@ -705,12 +713,12 @@
LIBS="$LIBS -ldl"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
AC_MSG_CHECKING([if -lcrypto needs -ldl])
- AC_TRY_LINK([], [
- int HMAC_Update(void);
- (void)HMAC_Update();
- ],[
- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
- [If you have HMAC_Update])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@@ -719,12 +727,12 @@
LIBS="$LIBS -ldl -pthread"
LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
- AC_TRY_LINK([], [
- int HMAC_Update(void);
- (void)HMAC_Update();
- ],[
- AC_DEFINE([HAVE_HMAC_UPDATE], 1,
- [If you have HMAC_Update])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
@@ -749,9 +757,8 @@
dnl
AC_DEFUN([ACX_WITH_SSL],
[
-AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
- [enable SSL (will check /usr/local/ssl
- /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[
+AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
+ /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
])
@@ -768,9 +775,8 @@
dnl
AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
[
-AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
- [enable SSL (will check /usr/local/ssl
- /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[
+AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl
+ /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
],[
withval="yes"
])
@@ -893,7 +899,7 @@
[
echo '$3' >conftest.c
echo 'void f(){ $2 }' >>conftest.c
-if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then
+if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then
eval "cv_cc_deprecated_$cache=no"
else
eval "cv_cc_deprecated_$cache=yes"
@@ -919,7 +925,7 @@
AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN],
[
AC_MSG_CHECKING([if nonblocking sockets work])
-if echo $target | grep mingw32 >/dev/null; then
+if echo $host | grep mingw >/dev/null; then
AC_MSG_RESULT([no (windows)])
AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).])
else
@@ -1061,7 +1067,7 @@
AC_DEFUN([ACX_MKDIR_ONE_ARG],
[
AC_MSG_CHECKING([whether mkdir has one arg])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <stdio.h>
#include <unistd.h>
#ifdef HAVE_WINSOCK2_H
@@ -1070,14 +1076,12 @@
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
-], [
+]], [[
(void)mkdir("directory");
-],
-AC_MSG_RESULT(yes)
+]])],[AC_MSG_RESULT(yes)
AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.])
-,
-AC_MSG_RESULT(no)
-)
+],[AC_MSG_RESULT(no)
+])
])dnl end of ACX_MKDIR_ONE_ARG
dnl Check for ioctlsocket function. works on mingw32 too.
--- a/ldns-1.7.1/dnssec_sign.c
+++ b/ldns-1.7.1/dnssec_sign.c
@@ -413,11 +416,14 @@
{
EC_KEY* ec;
const EC_GROUP* g;
-#ifdef HAVE_EVP_PKEY_BASE_ID
+#ifdef HAVE_EVP_PKEY_GET_BASE_ID
+ if(EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC)
+ return 0;
+#elif defined(HAVE_EVP_PKEY_BASE_ID)
if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC)
return 0;
#else
- if(EVP_PKEY_type(key->type) != EVP_PKEY_EC)
+ if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
return 0;
#endif
ec = EVP_PKEY_get1_EC_KEY(pkey);
@@ -529,7 +535,9 @@
#ifdef USE_DSA
#ifndef S_SPLINT_S
/* unfortunately, OpenSSL output is different from DNS DSA format */
-# ifdef HAVE_EVP_PKEY_BASE_ID
+# ifdef HAVE_EVP_PKEY_GET_BASE_ID
+ if (EVP_PKEY_get_base_id(key) == EVP_PKEY_DSA) {
+# elif defined(HAVE_EVP_PKEY_BASE_ID)
if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) {
# else
if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) {
@@ -541,7 +549,9 @@
#endif
#if defined(USE_ECDSA)
if(
-# ifdef HAVE_EVP_PKEY_BASE_ID
+# ifdef HAVE_EVP_PKEY_GET_BASE_ID
+ EVP_PKEY_get_base_id(key)
+# elif defined(HAVE_EVP_PKEY_BASE_ID)
EVP_PKEY_base_id(key)
# else
EVP_PKEY_type(key->type)
--- a/ldns-1.7.1/configure.ac
+++ b/ldns-1.7.1/configure.ac
@@ -332,7 +356,8 @@
else
AC_MSG_RESULT([no])
fi
-AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings])
+AC_CHECK_HEADERS([openssl/ssl.h openssl/evp.h openssl/engine.h openssl/conf.h])
+AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key EVP_cleanup ENGINE_cleanup ENGINE_free CRYPTO_cleanup_all_ex_data ERR_free_strings CONF_modules_unload OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp EVP_PKEY_get_base_id])
# for macosx, see if glibtool exists and use that
# BSD's need to know the version...
@@ -355,21 +380,33 @@
;;
esac
-# check wether gost also works
+# check whether gost also works
AC_DEFUN([AC_CHECK_GOST_WORKS],
[AC_REQUIRE([AC_PROG_CC])
AC_MSG_CHECKING([if GOST works])
if test c${cross_compiling} = cno; then
BAKCFLAGS="$CFLAGS"
if test -n "$ssldir"; then
+ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
+ CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64"
+ else
CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib"
+ fi
fi
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <string.h>
+#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
+#endif
+#ifdef HAVE_OPENSSL_EVP_H
#include <openssl/evp.h>
+#endif
+#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
+#endif
+#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
+#endif
/* routine to load gost (from sldns) */
int load_gost_id(void)
{
@@ -464,7 +501,7 @@
AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])])
AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])])
AC_CHECK_GOST_WORKS
- AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even whithout a GOST engine installed]))
+ AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even without a GOST engine installed]))
if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then
if test "$ac_cv_c_gost_works" = "no"; then
AC_MSG_RESULT([no, but compiling with GOST support anyway])
@@ -584,9 +621,11 @@
AC_SUBST(ldns_build_config_use_dane_ta_usage, 0)
;;
*) dnl default
- LIBS="-lssl $LIBS"
+ danetmpLIBS="$LIBS"
+ LIBS="-lssl -lcrypto $LIBS"
AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])])
LIBSSL_LIBS="-lssl $LIBSSL_LIBS"
+ LIBS="$danetmpLIBS"
AC_SUBST(ldns_build_config_use_dane_ta_usage, 1)
AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.])
;;
@@ -658,7 +697,12 @@
AC_SUBST(LIBSSL_LDFLAGS)
AC_SUBST(LIBSSL_LIBS)
if test "x$HAVE_SSL" = "xyes"; then
-AC_SUBST(LIBSSL_SSL_LIBS, ["-lssl $LIBSSL_LIBS"])
+ if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then
+ LIBSSL_SSL_LIBS="$LIBSSL_LIBS"
+ else
+ LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS"
+ fi
+ AC_SUBST(LIBSSL_SSL_LIBS, "$LIBSSL_SSL_LIBS")
fi
CPPFLAGS=$tmp_CPPFLAGS
LDFLAGS=$tmp_LDFLAGS

41
SOURCES/ldns-1.7.1-out-of-boud-read-vuln.patch
View File

@ -1,41 +0,0 @@
From 15d96206996bea969fbc918eb0a4a346f514b9f3 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 24 Sep 2019 16:50:27 +0200
Subject: [PATCH 1/2] * bugfix #70: heap Out-of-bound Read vulnerability in
rr_frm_str_internal reported by pokerfacett.
From 4e9861576a600a5ecfa16ec2de853c90dd9ce276 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 24 Sep 2019 16:51:09 +0200
Subject: [PATCH 2/2] Fix #70 fix code.
diff --git a/ldns-1.7.1/rr.c b/ldns-1.7.1/rr.c
index 6642aca7..adf67ae4 100644
--- a/ldns-1.7.1/rr.c
+++ b/ldns-1.7.1/rr.c
@@ -365,15 +365,18 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
ldns_buffer_remaining(rd_buf) > 0){
/* skip spaces */
- while (*(ldns_buffer_current(rd_buf)) == ' ') {
+ while (ldns_buffer_remaining(rd_buf) > 0 &&
+ *(ldns_buffer_current(rd_buf)) == ' ') {
ldns_buffer_skip(rd_buf, 1);
}
- if (*(ldns_buffer_current(rd_buf)) == '\"') {
+ if (ldns_buffer_remaining(rd_buf) > 0 &&
+ *(ldns_buffer_current(rd_buf)) == '\"') {
delimiters = "\"\0";
ldns_buffer_skip(rd_buf, 1);
quoted = true;
- } else if (ldns_rr_descriptor_field_type(desc, r_cnt)
+ }
+ if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt)
== LDNS_RDF_TYPE_LONG_STR) {
status = LDNS_STATUS_SYNTAX_RDATA_ERR;
--
2.34.1

16
SOURCES/ldns-1.7.1.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAl07F1AACgkQ5fj4IS93
pJg+LxAAh0Z8DcUO/GVLIoNqpJcSW7/kuKrOH4a58WtXVsmRYYQQEVrf5TwA8wsS
7sYdVGbpAbM3FLs9cKe8scTr/3aM+P5VFR6e+n+Zad1k321ro7fjZT7uzPrH4rFH
Sj19hexW1nkTqCZL1lL3zvPc4zX20U2ucVQL1sXkPJZek5DES4MD4J1Y/b/zfvPG
llhlaRrsfvJKflDgqia4FvrproUjujItbAIQu1V0ItczqVOAoTnH6PuWz7jAJfPK
CN2OB2R+yfS27C1+tkUt5ld8TakevvjQ16rtF39akL4/Jhl7EA9B+Hp2x3MnxwYB
wkenY0wzkmqh5JmAG8IdF0c2PCLqv+EZcFf0Q5s+RYB3F7I4lxS5DjNlpPOyLoa9
ISYLFHQ+Et2gAv5SoWm/vixtkqaM1SaX1eR/gIIF01DThB1jew639wZzv7v5wCus
LsaBWEW55AjWVzFNVucp9D3l+fX8IBYVzJTv0+VZT6tmoaIvoC1A/I2pFmkwVy/n
z5yiUyIoh9D0YSAg8u4JEjC9cHhsAzz6J5JtI74wmRUCsTyLv2CV0fV6bXm9nQdY
vIXbVarv5YiOaV6QoCC/2YlFnZov0qUO+96io96e8jIpAyCBrfIn/F0U/WySIjr+
yifbaVuvj4HXa7tsu/hG+QgmxYfHFWIIq7CiWN4N1YsNuVq/ElM=
=IvBt
-----END PGP SIGNATURE-----

99
SOURCES/wtoorop.asc
View File

@ -1,99 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07
WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTp
Mnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRai
a54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZ
xR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20
tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXi
DqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbO
tgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpy
cDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/
45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdim
pAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQAB
zSNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPsLBfgQTAQIAKAUC
TWzzUQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ5fj4IS93
pJhdWw/+KJuX99jk5avFN4t9bbfDlfmMPXh+P7WYY4xB6ImupAy+WzAB2UfHGEyS
nv5q0eMq6aywgCgjhwuxScOnvfu1kWAdjAmbO907PdzLA7TWEdx0HZxJw7W4dlSi
HfthjP5gh/Fys9xmOp9MDa2BR26+W2/ZZhZDg7w5MDpmJyo/5qC5qBPU4knGudrP
dIpJqXmz+iQDbkcJnh0k7TMQzAQ0Hgvzr9TjZaBM0HW30d/2B6O4c4q/iFp9yVkl
F4XKYmuMm0dvREOWU2FUN8cVsaWGI2Ey4fibDkqdLYTkA+ZzPJCpbsBB0UmUsZ7A
0jFTu5TZBZhRkBNT3bYLnELt9xWvbuTvER5a/VYJKh92Yqcq+A+HaEJTJKinM1yA
WkmxxNPcJ5tpEUpcWSY4/yKpY7000tS8wxmXK5nBl/oxwhuJ5ifzbOgRKX/3B/U+
bCWNq0B7fWGOwpYxelZcLIt0CjkkTY+CCVhC9vhESNzim7KSx+FQcrAMBPKg9M1w
Dy5zSLcD90vLjV9CNfvSgk9RWFLqm+BiVfiNgaUEbR9zDpvxA7MzX18D10rC7GWB
Tdkg6YW1ejtODGmfMQOrAzzPNqWwN7Nmg2VIS1ikRi15QU0nFwydtChb7HLSSpZU
NUuZbRPBSymU9nJeNvt2bVenntchw8okgiE5DX1vpl+Gf6b6E2nCwX4EEwECACgC
GyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW1BOaBQkQ6+5JAAoJEOX4+CEv
d6SYhnwP/AtfvzPhGkCLVc0P4jwm2oAU6ljkorKTMyZ3vYJopicz7PpcYJ61zrmJ
SAcsB6VgdiZs+OYfgnOPnYuPFkH1fbRxDZ/TFRZMCs0nXGOr+XqLesUmORUR0ttu
jD0fVCfP8+T75Ys2VFW2zPjYMYN0cdOOUNBZ0JtKOVWrBCdT6EdwkohCyaGdd7pE
5OaUJSslZJ1Ch9RNXbPl7YNY6WQaoi4gc3C5ClmKgb61yOlwBD6/sKEYI98VfD9u
FI9t9riu8aHvNo1iHmVl7fwGxwUpjTljyIDHfYtxY3Xkw5pebGUstwZQ2DK/ISDX
p4WC4XS6SZ18D3LGo9Ir3FfsUoy7UodJhOILnXFYZOV0dTOnpkpQEwuvgap9DPST
U5+Eh4ZDUsqPO2j8CqlhQ5b4wGZUcj8pvZoiQZc3nIdrjpWEpOhhbnmnezKRgIqX
+T8DTUSgzA4t8vh+O2Btos266o93DmXamZhK8K8wlPMVZMc2PxGOsPzDTBTXqpl1
RscyGfMvSgIx+iTvejPwMUuJlxyYdaHHx7UpvdAIcvxzySvtvufiIJAMpirL8iG7
47OxXHDFKPjokj1mIvsTvzVwOKQZVLhpleeSqIO8ptX5c6PDg/bh3yz61TkQR4J7
CE283/b4CdHpsvH8TApMxU99+IAtTlYQ9X39X62z18lW3BiPADvqwsGPBBMBAgA5
AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBNw07l2yQXvMFR5RAOX4+CEv
d6SYBQJeCb+wAAoJEOX4+CEvd6SYsQ4P/RbnQYVbk59L9pneTsF+gGBJgSmCzfBQ
/EUK+TDguxERxItJ0T2MV8haHuwaJLXI/+RAZmv/JSdHnycCMav17HIH3RWyARCp
SVuSzmcKpBlmsxxlGAcIHQiK1hmp7AF+X8Y43+aoClMRBeBMlLvTCLrrzbxfsDII
DqQ+BR8OXlX/M4TQYqbx6M20oggSexw0dTCk2nBMX8R6BToWjoiHj9sy+mBHK0KA
iLW12ZYRN7IqMvsBIgZkvSRmRN+FBlX5Xk2BOgOcwXE/Kd2+/nsWKnaZRI+QABZG
GCoCkvv3sL8oylzWYIrjeDqAPbUo/TV7nLPUGdJzT00nuG4sdgMVApEEJ9tRm4l7
QpKJulGCY0RhpZPWzEHLGo9tOZYOC9FfLhMaGQ+bbXAupEAJWbKZ38qIUd1oHk3N
bOsLkLR5ZIKzajOIO7JLN/z/vWwjyk3COoEin/zMDxkj0BmsKSDN64R7IoFyNbw7
zeImTHZL0ILQoGuvK9OLZDCK0df5bEmcaU4U0tAbh+n3/oQO49QQqCZupqKigKAP
JThodg8WlSsdNzxpqNqEnb3BxeRaQiubqsGZbNP/7TmPKusyXQehKZkiqHCC0Yet
bD5ucLEFlXYk7KcMTSf7PjOHw3itDW+8Je7foJxH/rZgVOWItUqjCQW2o76iboM7
wwHCz8WhifD8zsFNBE1s81EBEACk7OIVs/eCuuj7bB4/3AbR5iQicfQbBz/HqFI3
eIgUe3FoE04LdTxgjQcwjxiLlImvNPHasbtS/Dlo0KcFwwo16gIm59JgiTETjVbM
8SSpI2J2RihjqPHIOzpkAWchHeqq38VX/3cBy7HUEyWc8/WxjsbmFQALtKtzx1uY
BhXPqad3jeO6sxjMRI7KBE4/3JWsY6orKIRtd/4ZD+j7w6A+zjnThnUED/G+BkQQ
+q2fxajC7+AvNMw58wh9ay6TRkKZX9Wp8tOlkwLAy+H+oBACx+tkyMTl+FO1sXrr
x8cilzgLjfnsfzLxdms9duGG3Fgu7dXalVt8rNtMymnpnpsl0isVemjJ+CgXCRdw
nTNaAAWQ8r4i/Xpe0P8kMpaWQuhJeEKMGjyDgLsznSHOnLjOj01rwQK3ClYEIVny
bIX3hZn5Mac/4VnPSuNMgo5m/oT2SK90W10rECLVFJAajkjBza6CIF/iGljKt3u8
jB3TKpSq9JVOdpXwW3xAo5XgfzTuCt0hiQT804C7c3vi7FsUiUKEDFir+iEsEK1t
67JlI6oEDa0hkTl960cvDb7s62r7OGtxZnVKRyFsNin2NjOgLF/RwRbkbIpoKhY0
JuVW6lwOzbRyQpwNUb6l5YP4iecPgxJR6LMcIx0vlG3owxplUPiE6pYd/fdaLD42
atSMtQARAQABwsFkBBgBAgAPBQJNbPNRAhsMBQkJZgGAAAoJEOX4+CEvd6SY7XQP
+OHNW6pjHXXf8Yoqon3vnEFhGNF4CSocMnw8xkH9dLyXbzobXaUrlc/qaGGLMfKq
7m+C8w7ZNOuY3gEFh4pIFPyBETntSzqjVuPJYsQi8L5NPVn46eZJE5ZChygqZRnN
Cx8/A2Fa6iI7J278vFzUkheHwX9wsJZ679zFRiNEOZtBgO/XXBGFqD1raR5mD4IQ
52Yk8ah9mIuvk2fSa4Tctd+McwPClHxMI4c0rdzLeXD2wZLz9d1fdRJ+KJ8msv2g
VitEoDLtRa4fyFXcpn1UElzNNsFvIH5DibD05f9F/mAyilOzIlNIaP8NPYrKC7B4
HuH+YvLA5vxGj1fM95XO2fKyfjy20W/EF71MqWmjZNxknqXFfwMlIF6qd/2d+EQx
w75TKXc4KNDjLAARy7iF5xMbRLH8Umews/8SXnJVwjMjn8boyIRNYT2rdoM+SafZ
R/rms86zWy3c4qD3HzhPdP7NpSGuB84zMuXrLHnRAK2Pms4qAGfBtZD2HdGKsCHW
ZgWqdFtZRNgw3kyfYdzIiTVLGmID2RilwjF7bV8YjY0M9tqxHJV49vQdMImHG7sp
Y7EUWasLTEIg3a+xTCDsusqxzsYKUi7MiDvR1TnKYc3UkzxBL6/WMdA+/yOyOkFk
cp4yI2lH9iL+eaF0kxVOmjCyV+P9+X8LLhuMZfyFvZjCwWUEGAECAA8CGwwFAlbU
E5oFCRDr7kkACgkQ5fj4IS93pJjBwxAAnko5CSFDX/ZqW97satNacACHSAOOM8/j
z1p2QtJSwbrbLsJRMpN1mSnjXWPBTmXoP4SGHGtxTVZxrYCpSMEHMqOV4yK3QlUn
QXnf+CSvo2Ud3rpCh/lFLVHqG2Sy5Ietf/T+GGsoPd9DIdTHO0aFlW2yRQPxSrbY
pv1v2aACgRO4114qkex2j36diqlLod/OU4OQ51nuSesjTrUM9Fz6ikBJ1UDjakjA
Xe/HiRxUmdv4LANCmso+Gn17Co5lUdpn3fa8zTwNNAgLm6RBiBSSdaYExM9ir6pH
rcWL5N+iZKnVmfE5CBufziZq7V1E3I4FRuvDN4echbf58c6YxBQDsd9VZMJeFWY6
0w4JEXpHQdt129GS1FN/2PQ8NmAUXYCkYYk6Lv1tnGJCSLnD3ObLyWm+sjA5yAK2
H8WU+nutsDF63yFJujNMpmB3bi9+699TzsyQNVKd2fH38cgk1gZFb6Nbx9+lrTIw
zAJJlOu8UwbR0HgGuRmrWp0EIm3tcy4xqWF3CavnM22BAOKKKH+qnwx8BRrx58co
HQFMswW4W7Bo+jpKbQJ4RV2cXUEbmHbYUoXDHZyv/RzOI46dXAoWFc3oCoqLqpsZ
YZstJ4UJHXB5aHi1zxJDwzKxsflmSKfIUr3glRWCy/ylcPMEXzPBb3qbGFMUboio
UjqLuNV4SSbCwXYEGAECACACGwwWIQTcNO5dskF7zBUeUQDl+PghL3ekmAUCXgm/
sAAKCRDl+PghL3ekmJ0MEAClDfBdTdxua0YHcqK0Y1/fjRL2Up+rBQGWbJ4JDtX1
p8t8/T6BkvZ9zqynajtlPTXcL3VhC8rhSL/t7KXejJ+g0mC0n6o4PYvmBgtwIkDa
EUflV9RVkP02rRS6avqNS28tOLFgAYSonOqQsXgj12NgsxOw0n1LTMAbD4XiuCYa
UDbelOPu8duECB28XIr6U6ufVe32QfCaVIKDdZOwxAHrPTBHdYjijOmbnCoMdUN3
pWkvA40Vu5yZflPXmrn2twVbd/id3i9y60OnqeCAzRJECaDsCcrQc1UCXBpBNKXZ
EozuIxKHLDXEEVU2oTms7mFVMmHs6hw8VJbQCagbsY58skds2WsgwqF/NvlCNI7b
m8M9axTKgncyA/J9zz59AJZnBwLEjZwr+JiISPraH3Om53TXLrSWTI6GANTJhIYM
dU0rUKbQED/2UTcFdk2RUdtIMEFldaf+Ufxk5T96JTXQvTo8tAJhTAS2W8ezyO+R
1SdsLRfGqu76NopbRDNZNc4ZdEruTr/0xAauiYag+VM6aiT1erU8++hBF38efAMR
YX1ZMrYni1wjyNJEE1n3p3sXfQ1ADQqGv032CBDou2ByRmMfw6Y30j304Q8Uxn1r
dFmjCC6TqvmExQOOvH0FucYHlbyZQTa8uHU9V14FW3vx/gje6uwtGNTYNdVTnzuu
Vw==
=0pAG
-----END PGP PUBLIC KEY BLOCK-----

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

437
ldns-1.7.0-coverity.patch Normal file
View File

@ -0,0 +1,437 @@
From c5fcd8ab8ee1b66d0ef75b02f72ccfc3ebf50cf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 12 Sep 2018 15:01:37 +0200
Subject: [PATCH 1/2] Purge unused variables
---
packaging/ldns-config.in | 3 ---
1 file changed, 3 deletions(-)
diff --git a/packaging/ldns-config.in b/packaging/ldns-config.in
index 950c135..a8c860e 100755
--- a/packaging/ldns-config.in
+++ b/packaging/ldns-config.in
@@ -1,9 +1,6 @@
#!/bin/sh
-prefix="@prefix@"
-exec_prefix="@exec_prefix@"
VERSION="@PACKAGE_VERSION@"
-CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@"
LIBS="@LIBS@ @LIBSSL_LIBS@"
INCLUDEDIR="@includedir@"
LIBVERSION="@VERSION_INFO@"
--
2.20.1
From db06eb482b09a0bcdaf3f688702b1c0df2cb1eca Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 11 Jul 2019 15:22:44 +0200
Subject: [PATCH 2/2] Issues detected in ldns library by scan of Coverity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Thanks Petr Menšík
---
dnssec.c | 6 +++++-
dnssec_sign.c | 4 ++--
dnssec_verify.c | 18 ++++++------------
dnssec_zone.c | 23 +++++++++++++++++------
host2str.c | 13 +++++++------
host2wire.c | 22 ++++++++++++++++------
net.c | 12 ++++++++++--
packet.c | 2 ++
radix.c | 5 ++++-
str2host.c | 2 ++
10 files changed, 71 insertions(+), 36 deletions(-)
diff --git a/dnssec.c b/dnssec.c
index e3c99de..b2dd3f3 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -149,6 +149,7 @@ ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname,
LDNS_FREE(salt);
ldns_rdf_deep_free(zone_name);
ldns_rdf_deep_free(sname);
+ ldns_rdf_deep_free(hashed_sname);
return NULL;
}
@@ -1556,6 +1557,7 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
ldns_rr_list *sigs_covered;
ldns_rdf *rdf_t;
ldns_rr_type t_netorder;
+ ldns_status status;
if (!k) {
return LDNS_STATUS_ERR;
@@ -1607,7 +1609,9 @@ ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o,
}
return LDNS_STATUS_ERR;
}
- return ldns_verify_time(rrset, sigs, k, check_time, good_keys);
+ status = ldns_verify_time(rrset, sigs, k, check_time, good_keys);
+ ldns_rr_list_deep_free(rrset);
+ return status;
}
ldns_status
diff --git a/dnssec_sign.c b/dnssec_sign.c
index 22f0981..94ea925 100644
--- a/dnssec_sign.c
+++ b/dnssec_sign.c
@@ -234,8 +234,6 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
new_owner = NULL;
- signatures = ldns_rr_list_new();
-
/* prepare a signature and add all the know data
* prepare the rrset. Sign this together. */
rrset_clone = ldns_rr_list_clone(rrset);
@@ -252,6 +250,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
/* sort */
ldns_rr_list_sort(rrset_clone);
+ signatures = ldns_rr_list_new();
+
for (key_count = 0;
key_count < ldns_key_list_key_count(keys);
key_count++) {
diff --git a/dnssec_verify.c b/dnssec_verify.c
index c554e4f..c7e2fba 100644
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -1583,8 +1583,6 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
bool wildcard_covered = false;
ldns_rdf *zone_name;
ldns_rdf *hashed_name;
- /* self assignment to suppress uninitialized warning */
- ldns_rdf *next_closer = next_closer;
ldns_rdf *hashed_next_closer;
size_t i;
ldns_status result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
@@ -1659,6 +1657,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
}
}
}
+ ldns_rdf_deep_free(hashed_name);
result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
/* wildcard no data? section 8.7 */
closest_encloser = ldns_dnssec_nsec3_closest_encloser(
@@ -1748,7 +1747,9 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
/* Query name *is* the "next closer". */
hashed_next_closer = hashed_name;
} else {
-
+ ldns_rdf *next_closer;
+
+ ldns_rdf_deep_free(hashed_name);
/* "next closer" has less labels than the query name.
* Create the name and hash it.
*/
@@ -1762,6 +1763,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
next_closer
);
(void) ldns_dname_cat(hashed_next_closer, zone_name);
+ ldns_rdf_deep_free(next_closer);
}
/* Find the NSEC3 that covers the "next closer" */
for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
@@ -1776,15 +1778,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
break;
}
}
- if (ldns_dname_label_count(closest_encloser) + 1
- < ldns_dname_label_count(ldns_rr_owner(rr))) {
-
- /* "next closer" has less labels than the query name.
- * Dispose of the temporary variables that held that name.
- */
- ldns_rdf_deep_free(hashed_next_closer);
- ldns_rdf_deep_free(next_closer);
- }
+ ldns_rdf_deep_free(hashed_next_closer);
ldns_rdf_deep_free(closest_encloser);
}
diff --git a/dnssec_zone.c b/dnssec_zone.c
index f610a3c..e089754 100644
--- a/dnssec_zone.c
+++ b/dnssec_zone.c
@@ -746,6 +746,7 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* or
newzone = NULL;
} else {
ldns_dnssec_zone_free(newzone);
+ newzone = NULL;
}
error:
@@ -1105,8 +1106,12 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3(
ldns_rdf *ent_name;
if (!(ent_name = ldns_dname_clone_from(
- next_name, i)))
+ next_name, i))) {
+
+ ldns_rdf_deep_free(l1);
+ ldns_rdf_deep_free(l2);
return LDNS_STATUS_MEM_ERR;
+ }
if (nsec3s && zone->_nsec3params) {
ldns_rdf *ent_hashed_name;
@@ -1114,28 +1119,34 @@ ldns_dnssec_zone_add_empty_nonterminals_nsec3(
if (!(ent_hashed_name =
ldns_nsec3_hash_name_frm_nsec3(
zone->_nsec3params,
- ent_name)))
+ ent_name))) {
+ ldns_rdf_deep_free(l1);
+ ldns_rdf_deep_free(l2);
+ ldns_rdf_deep_free(ent_name);
return LDNS_STATUS_MEM_ERR;
+ }
node = ldns_rbtree_search(nsec3s,
ent_hashed_name);
if (!node) {
ldns_rdf_deep_free(l1);
ldns_rdf_deep_free(l2);
+ ldns_rdf_deep_free(ent_name);
continue;
}
}
new_name = ldns_dnssec_name_new();
if (!new_name) {
+ ldns_rdf_deep_free(l1);
+ ldns_rdf_deep_free(l2);
+ ldns_rdf_deep_free(ent_name);
return LDNS_STATUS_MEM_ERR;
}
new_name->name = ent_name;
- if (!new_name->name) {
- ldns_dnssec_name_free(new_name);
- return LDNS_STATUS_MEM_ERR;
- }
new_name->name_alloced = true;
new_node = LDNS_MALLOC(ldns_rbnode_t);
if (!new_node) {
+ ldns_rdf_deep_free(l1);
+ ldns_rdf_deep_free(l2);
ldns_dnssec_name_free(new_name);
return LDNS_STATUS_MEM_ERR;
}
diff --git a/host2str.c b/host2str.c
index 747d543..f39a184 100644
--- a/host2str.c
+++ b/host2str.c
@@ -1085,12 +1085,12 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
/* no gateway */
break;
case 1:
- gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN);
- if(!gateway_data)
- return LDNS_STATUS_MEM_ERR;
if (ldns_rdf_size(rdf) < offset + LDNS_IP4ADDRLEN) {
return LDNS_STATUS_ERR;
}
+ gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN);
+ if(!gateway_data)
+ return LDNS_STATUS_MEM_ERR;
memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN);
gateway = ldns_rdf_new(LDNS_RDF_TYPE_A,
LDNS_IP4ADDRLEN , gateway_data);
@@ -1101,12 +1101,12 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
}
break;
case 2:
- gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN);
- if(!gateway_data)
- return LDNS_STATUS_MEM_ERR;
if (ldns_rdf_size(rdf) < offset + LDNS_IP6ADDRLEN) {
return LDNS_STATUS_ERR;
}
+ gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN);
+ if(!gateway_data)
+ return LDNS_STATUS_MEM_ERR;
memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN);
offset += LDNS_IP6ADDRLEN;
gateway =
@@ -1129,6 +1129,7 @@ ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf)
}
if (ldns_rdf_size(rdf) <= offset) {
+ ldns_rdf_deep_free(gateway);
return LDNS_STATUS_ERR;
}
public_key_size = ldns_rdf_size(rdf) - offset;
diff --git a/host2wire.c b/host2wire.c
index 4d8aa30..a12b6b0 100644
--- a/host2wire.c
+++ b/host2wire.c
@@ -67,17 +67,27 @@ ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_
{
/* Not found. Write cache entry, take off first label, write it, */
/* try again with the rest of the name. */
- node = LDNS_MALLOC(ldns_rbnode_t);
- if(!node)
- {
- return LDNS_STATUS_MEM_ERR;
- }
if (ldns_buffer_position(buffer) < 16384) {
- node->key = ldns_rdf_clone(name);
+ ldns_rdf *key;
+
+ node = LDNS_MALLOC(ldns_rbnode_t);
+ if(!node)
+ {
+ return LDNS_STATUS_MEM_ERR;
+ }
+
+ key = ldns_rdf_clone(name);
+ if (!key) {
+ LDNS_FREE(node);
+ return LDNS_STATUS_MEM_ERR;
+ }
+ node->key = key;
node->data = (void *) (intptr_t) ldns_buffer_position(buffer);
if(!ldns_rbtree_insert(compression_data,node))
{
/* fprintf(stderr,"Name not found but now it's there?\n"); */
+ ldns_rdf_deep_free(key);
+ LDNS_FREE(node);
}
}
label = ldns_dname_label(name, 0);
diff --git a/net.c b/net.c
index 9e048d2..6e6a12b 100644
--- a/net.c
+++ b/net.c
@@ -202,6 +202,7 @@ ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen,
}
#endif
if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == SOCK_INVALID){
+ close_socket(sockfd);
return 0;
}
@@ -337,7 +338,7 @@ ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin,
answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout);
close_socket(sockfd);
- if (*answer_size == 0) {
+ if (!answer) {
/* oops */
return LDNS_STATUS_NETWORK_ERR;
}
@@ -390,6 +391,7 @@ ldns_udp_bgsend_from(ldns_buffer *qbin,
}
if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){
+ close_socket(sockfd);
return 0;
}
@@ -437,7 +439,7 @@ ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin,
answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL);
close_socket(sockfd);
- if (*answer_size == 0) {
+ if (!answer) {
/* oops */
return LDNS_STATUS_NETWORK_ERR;
}
@@ -571,6 +573,9 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
if (!reply_bytes) {
/* the current nameserver seems to have a problem, blacklist it */
if (ldns_resolver_fail(r)) {
+ if(src) {
+ LDNS_FREE(src);
+ }
LDNS_FREE(ns);
return LDNS_STATUS_ERR;
} else {
@@ -918,6 +923,9 @@ ldns_axfr_start(ldns_resolver *resolver, const ldns_rdf *domain, ldns_rr_class c
src, (socklen_t)src_len,
ldns_resolver_timeout(resolver));
}
+ if (src) {
+ LDNS_FREE(src);
+ }
if (resolver->_socket == SOCK_INVALID) {
ldns_pkt_free(query);
diff --git a/packet.c b/packet.c
index 95f8f3f..f8fb960 100644
--- a/packet.c
+++ b/packet.c
@@ -928,11 +928,13 @@ ldns_pkt_query_new_frm_str_internal(ldns_pkt **p, const char *name,
}
if (!ldns_pkt_set_flags(packet, flags)) {
+ ldns_pkt_free(packet);
return LDNS_STATUS_ERR;
}
question_rr = ldns_rr_new();
if (!question_rr) {
+ ldns_pkt_free(packet);
return LDNS_STATUS_MEM_ERR;
}
diff --git a/radix.c b/radix.c
index 43f7365..9695e13 100644
--- a/radix.c
+++ b/radix.c
@@ -225,9 +225,9 @@ ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len,
}
} else if (pos == len) {
/** Exact match found */
+ LDNS_FREE(add);
if (prefix->data) {
/* Element already exists */
- LDNS_FREE(add);
return LDNS_STATUS_EXISTS_ERR;
}
prefix->data = data;
@@ -1120,12 +1120,15 @@ ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key,
if (array->len - common_len > 1) {
if (!ldns_radix_prefix_remainder(common_len+1,
array->str, array->len, &s1, &l1)) {
+ LDNS_FREE(common);
return 0;
}
}
if (strlen_to_add - common_len > 1) {
if (!ldns_radix_prefix_remainder(common_len+1,
str_to_add, strlen_to_add, &s2, &l2)) {
+ LDNS_FREE(common);
+ LDNS_FREE(s1);
return 0;
}
}
diff --git a/str2host.c b/str2host.c
index c3afba1..68bccf1 100644
--- a/str2host.c
+++ b/str2host.c
@@ -445,6 +445,7 @@ ldns_str2rdf_str(ldns_rdf **rd, const char *str)
*++dp = ch;
}
if (! str) {
+ LDNS_FREE(data);
return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
}
length = (size_t)(dp - data);
@@ -1494,6 +1495,7 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
}
}
if (! str) {
+ LDNS_FREE(data);
return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
}
if (!(length = (size_t)(dp - data))) {
--
2.20.1

32
SOURCES/ldns-1.7.0-multilib.patch → ldns-1.7.0-multilib.patch
View File

@ -1,7 +1,7 @@
diff --git a/ldns-1.7.1/configure b/ldns-1.7.1/configure
index b79067e..543806e 100755
--- a/ldns-1.7.1/configure
+++ b/ldns-1.7.1/configure
diff --git a/ldns-1.7.0/configure b/ldns-1.7.0/configure
index cd087de..aeec9fb 100755
--- a/ldns-1.7.0/configure
+++ b/ldns-1.7.0/configure
@@ -684,6 +684,7 @@ PYTHON_SITE_PKG
PYTHON_LDFLAGS
PYTHON_CPPFLAGS
@ -10,7 +10,7 @@ index b79067e..543806e 100755
PYTHON_VERSION
UNINSTALL_CONFIG_MANPAGE
UNINSTALL_CONFIG
@@ -14324,6 +14325,7 @@ EOD`
@@ -14311,6 +14312,7 @@ EOD`
# use the official shared library
ac_python_library=`echo "$ac_python_library" | sed "s/^lib//"`
PYTHON_LDFLAGS="-L$ac_python_libdir -l$ac_python_library"
@ -18,7 +18,7 @@ index b79067e..543806e 100755
else
# old way: use libpython from python_configdir
ac_python_libdir=`$PYTHON -c \
@@ -14331,6 +14333,7 @@ EOD`
@@ -14318,6 +14320,7 @@ EOD`
import os; \
print (os.path.join(f(plat_specific=1, standard_lib=1), 'config'));"`
PYTHON_LDFLAGS="-L$ac_python_libdir -lpython$ac_python_version"
@ -26,17 +26,19 @@ index b79067e..543806e 100755
fi
if test -z "PYTHON_LDFLAGS"; then
diff --git a/ldns-1.7.1/packaging/ldns-config.in b/ldns-1.7.1/packaging/ldns-config.in
index f147920..5235c7a 100755
--- a/ldns-1.7.1/packaging/ldns-config.in
+++ b/ldns-1.7.1/packaging/ldns-config.in
@@ -1,11 +1,26 @@
#!/bin/sh
diff --git a/ldns-1.7.0/packaging/ldns-config.in b/ldns-1.7.0/packaging/ldns-config.in
index ffb2c57..950c135 100755
--- a/ldns-1.7.0/packaging/ldns-config.in
+++ b/ldns-1.7.0/packaging/ldns-config.in
@@ -3,13 +3,26 @@
prefix="@prefix@"
exec_prefix="@exec_prefix@"
VERSION="@PACKAGE_VERSION@"
-CFLAGS="@CFLAGS@"
CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@ @PYTHON_CPPFLAGS@"
-LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@"
LIBS="@LIBS@ @LIBSSL_LIBS@"
LIBDIR="@libdir@"
-LIBDIR="@libdir@"
INCLUDEDIR="@includedir@"
LIBVERSION="@VERSION_INFO@"
+ARCH="`uname -m`"
@ -58,7 +60,7 @@ index f147920..5235c7a 100755
for arg in $@
do
@@ -17,9 +32,13 @@ do
@@ -21,9 +34,13 @@ do
then
echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns"
fi

28
ldns-1.7.0-parse-limit.patch Normal file
View File

@ -0,0 +1,28 @@
From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 27 Apr 2017 00:14:58 +0200
Subject: [PATCH] Check parse limit before t increment
Thanks Stephan Zeisberg
---
parse.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/parse.c b/parse.c
index e68627c..947dbb8 100644
--- a/parse.c
+++ b/parse.c
@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
if (line_nr) {
*line_nr = *line_nr + 1;
}
+ if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+ *t = '\0';
+ return -1;
+ }
*t++ = ' ';
prev_c = c;
continue;
--
2.9.5

30
ldns-1.7.0-realloc.patch Normal file
View File

@ -0,0 +1,30 @@
From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 27 Apr 2017 00:25:20 +0200
Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size
Thanks Stephan Zeisberg
---
str2host.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/str2host.c b/str2host.c
index b274b17..f2a317b 100644
--- a/str2host.c
+++ b/str2host.c
@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
if (! str) {
return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
}
- length = (size_t)(dp - data);
-
+ if (!(length = (size_t)(dp - data))) {
+ LDNS_FREE(data);
+ return LDNS_STATUS_SYNTAX_EMPTY;
+ }
/* Lose the overmeasure */
data = LDNS_XREALLOC(dp = data, uint8_t, length);
if (! data) {
--
2.9.5

154
SPECS/ldns.spec → ldns.spec
View File

@ -1,7 +1,7 @@
%global _hardened_build 1
%bcond_without python3
%if 0%{?rhel} > 7 || 0%{?fedora} > 29
%if 0%{?rhel} > 7
%bcond_with python2
%else
%bcond_without python2
@ -18,7 +18,7 @@
# GOST is not allowed in Fedora/RHEL due to legal reasons (not NIST ECC)
%bcond_with gost
%{?!snapshot: %global snapshot 1}
%{?!snapshot: %global snapshot 0}
%if %{with python2} || %{with python3}
%{?filter_setup:
@ -38,27 +38,18 @@
Summary: Low-level DNS(SEC) library with API
Name: ldns
Version: 1.7.1
Release: 12%{?dist}
Version: 1.7.0
Release: 22%{?dist}
License: BSD
Url: https://www.nlnetlabs.nl/%{name}/
Source0: https://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Source1: https://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz.asc
# Willem Toorop, https://www.nlnetlabs.nl/people/
Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/DC34EE5DB2417BCC151E5100E5F8F8212F77A498#/wtoorop.asc
Url: http://www.nlnetlabs.nl/%{name}/
Source0: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
Patch1: ldns-1.7.0-multilib.patch
# 2008445 - https://github.com/NLnetLabs/ldns/commit/12ab6f7a408cd99e9b43b7db86724c2ee66bc36e
Patch2: ldns-1.7.1-openssl-build.patch
# 2051211 - https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3
Patch3: ldns-1.7.1-out-of-boud-read-vuln.patch
# https://github.com/autoconf-archive/autoconf-archive/commit/7f21e125bbe4e7c93d3bc86cda29c8b8e3b07d52
# used 'platlib' instead of 'purelib'
Patch4: ldns-1.7.1-Support-sysconfig-python-module-in-python_devel.patch
# https://github.com/NLnetLabs/ldns/commit/a5a5dd867fdb934a7ce3637dd9def598f0979247
Patch5: ldns-1.7.1-Use-PYTHON_LIBS-instead-of-PYTHON_LDFLAGS.patch
Patch2: ldns-1.7.0-parse-limit.patch
Patch3: ldns-1.7.0-realloc.patch
Patch4: ldns-1.7.0-coverity.patch
Group: System Environment/Libraries
# Only needed for builds from svn snapshot
%if 0%{snapshot}
BuildRequires: libtool
@ -75,7 +66,6 @@ BuildRequires: openssl-devel >= 1.0.2k
%endif
BuildRequires: gcc-c++
BuildRequires: doxygen
BuildRequires: gnupg2
# for snapshots only
# BuildRequires: libtool, autoconf, automake
@ -101,6 +91,7 @@ packets.
%package devel
Summary: Development package that includes the ldns header files
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig openssl-devel
@ -109,6 +100,7 @@ The devel package contains the ldns library and the include files
%package utils
Summary: DNS(SEC) utilities for querying dns
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
%description utils
@ -118,6 +110,7 @@ Collection of tools to get, check or alter DNS(SEC) data.
%if %{with python2}
%package -n python2-ldns
Summary: Python2 extensions for ldns
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
%{?python_provide:%python_provide python2-ldns}
@ -129,6 +122,7 @@ Python2 extensions for ldns
%if %{with python3}
%package -n python3-ldns
Summary: Python3 extensions for ldns
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
%{?python_provide:%python_provide python3-ldns}
@ -140,6 +134,7 @@ Python3 extensions for ldns
%if %{with perl}
%package -n perl-ldns
Summary: Perl extensions for ldns
Group: Applications/System
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@ -149,6 +144,7 @@ Perl extensions for ldns
%package doc
Summary: Documentation for the ldns library
Group: Development/Libraries
BuildArch: noarch
%description doc
@ -156,14 +152,14 @@ This package contains documentation for the ldns library
%prep
%{?extra_version:%global pkgname %{name}-%{version}%{extra_version}}%{!?extra_version:%global pkgname %{name}-%{version}}
%if 0%{?fedora}
%gpgverify -d 0 -s 1 -k 2
%endif
%autosetup -cn %{pkgname} -N
%setup -qcn %{pkgname}
pushd %{pkgname}
%autopatch -p2
%patch1 -p2 -b .multilib
%patch2 -p1 -b .limit
%patch3 -p1 -b .realloc
%patch4 -p1 -b .covscan
# To built svn snapshots
%if 0%{snapshot}
rm config.guess config.sub ltmain.sh
@ -187,12 +183,12 @@ mv %{pkgname} %{pkgname}_python3
%if %{with python2}
cp -a %{pkgname}_python3 %{pkgname}_python2
%endif
%endif # with python2
%build
CFLAGS="%{optflags} -fPIC -fno-strict-aliasing"
CXXFLAGS="%{optflags} -fPIC -fno-strict-aliasing"
CFLAGS="%{optflags} -fPIC"
CXXFLAGS="%{optflags} -fPIC"
LDFLAGS="$RPM_LD_FLAGS -Wl,-z,now -pie"
export CFLAGS CXXFLAGS LDFLAGS
@ -231,7 +227,7 @@ export CFLAGS CXXFLAGS LDFLAGS
pushd %{pkgname}_python3
%else
pushd %{pkgname}
%endif
%endif # with python3
%configure \
%{common_args} \
@ -241,15 +237,15 @@ pushd %{pkgname}
--with-pyldns PYTHON=%{__python3}
%endif
%make_build
%make_build doc
make %{?_smp_mflags}
make %{?_smp_mflags} doc
# We cannot use the built-in --with-p5-dns-ldns
%if %{with perl}
pushd contrib/DNS-LDNS
LD_LIBRARY_PATH="../../lib:$LD_LIBRARY_PATH" perl \
Makefile.PL INSTALLDIRS=vendor INC="-I. -I../.." LIBS="-L../../lib"
%make_build -j1
make
popd
%endif
@ -263,7 +259,7 @@ popd
%{common_args} \
--with-pyldns PYTHON=%{__python2}
%make_build
make %{?_smp_mflags}
popd
%endif
@ -278,9 +274,8 @@ pushd %{pkgname}_python3
pushd %{pkgname}
%endif
mkdir -p %{buildroot}%{_libdir}/pkgconfig
%make_install install
%make_install install-doc
make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install
make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-doc
# remove .la files
rm -rf %{buildroot}%{_libdir}/*.la
@ -288,17 +283,18 @@ rm -rf %{buildroot}%{_libdir}/*.la
rm -rf %{buildroot}%{python3_sitearch}/*.la
%endif
# install pkg-config file
install -D -m644 packaging/libldns.pc %{buildroot}%{_libdir}/pkgconfig/ldns.pc
%if %{with perl}
%make_install -j1 -C contrib/DNS-LDNS pure_install
make -C contrib/DNS-LDNS DESTDIR=%{buildroot} pure_install
chmod 755 %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/LDNS.so
rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs}
rm -f %{buildroot}%{perl_archlib}/perllocal.pod
%endif
popd
%if %{with python2}
pushd %{pkgname}_python2
%make_install install-pyldns install-pyldnsx
make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install-pyldns install-pyldnsx
rm -rf %{buildroot}%{_libdir}/*.la %{buildroot}%{python2_sitearch}/*.la
popd
%endif
@ -315,7 +311,7 @@ rm -rf doc/man
%files
%doc README
%license LICENSE
%{_libdir}/libldns.so.3*
%{_libdir}/libldns.so.2*
%files utils
%{_bindir}/drill
@ -359,81 +355,11 @@ rm -rf doc/man
%doc doc
%changelog
* Tue Dec 03 2024 Petr Menšík <pemensik@redhat.com> - 1.7.1-12
- Fix digest calculation of sha256 (RHEL-20391)
* Tue Jan 16 2024 Petr Menšík <pemensik@redhat.com> - 1.7.0-22
- Export ldns-utils, ldns-doc, perl-ldns and python3-ldns into CRB (RHEL-315)
* Wed Jul 6 2022 Joe Orton <jorton@redhat.com> - 1.7.1-11
- rebuild (#2080206)
* Fri Feb 25 2022 Richard Lescak <rlescak@redhat.com> - 1.7.1-10
- use Python LIBS instead of LDFLAGS - fix annocheck issues
* Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1.7.1-9
- Fix for CVE-2020-19860 ldns: heap overread vulnerability (#2051211)
- Added also patch for deprecated distutils Python module used in build
* Wed Oct 13 2021 Richard Lescak <rlescak@redhat.com> - 1.7.1-8
- Added patch for failing rebuild with OpenSSL 3.0.0 (#2008445)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.1-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 1.7.1-6
- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.1-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.7.1-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 04 2021 Petr Menšík <pemensik@redhat.com> - 1.7.1-2
- Use make_build and make_install macro instead of make
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
* Thu Oct 08 2020 Petr Menšík <pemensik@redhat.com> - 1.7.1-1
- Update to 1.7.1
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.7.0-31
- Perl 5.32 rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.7.0-30
- Rebuilt for Python 3.9
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.7.0-28
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.7.0-27
- Rebuilt for Python 3.8
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.7.0-25
- Perl 5.30 rebuild
* Mon May 20 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.7.0-24
- Fixed build for SWIG 4.0.0 (#1707450)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Sep 26 2018 Petr Menšík <pemensik@redhat.com> - 1.7.0-22
- Do not build python2 subpackage on Fedora 30 (#1629800)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 23 2019 Martin Osvald <mosvald@redhat.com> - 1.7.0-21
- Fix for issues found by covscan (#1602571)
* Tue Jul 10 2018 Petr Menšík <pemensik@redhat.com> - 1.7.0-20
- Add all depends, spec cleanup, use full python interpreter

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (ldns-1.7.0.tar.gz) = 8a4e48bcc2a244b92447a9830b60efbb656fb7955f3559ef2eb6f8e724c4c0208776350c44ccf7dcf1ffe0b7b9d9ccc4cbddc5bc16e8888db494ab4d0bce3bd8