Update to 2.1.10
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
This commit is contained in:
Rafael Guterres Jeffman
parent
4fa1d2222b
commit
cff14e5928
1
.gitignore
vendored
1
.gitignore
vendored
@ -18,3 +18,4 @@
|
||||
/opendnssec-2.1.6.tar.gz
|
||||
/opendnssec-2.1.7.tar.gz
|
||||
/opendnssec-2.1.8.tar.gz
|
||||
/opendnssec-2.1.10.tar.gz
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
From 4d87db0f11bcdd5c54fadb92351b603bd07f76f8 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Bokovoy <abokovoy@redhat.com>
|
||||
Date: Mon, 30 Jan 2023 11:44:49 +0200
|
||||
Subject: [PATCH] Pass right remaining buffer size in hsm_hex_unparse to handle
|
||||
string fortification
|
||||
|
||||
When string fortification is in use (-DFORTIFY_SOURCE=3), GCC and glibc
|
||||
will cut few bytes off the string buffer for prevention of buffer
|
||||
overruns. As a result, hsm_hex_unparse() will call into snprintf() with
|
||||
a buffer length bigger than the size of the buffer as seen by the
|
||||
GCC/glibc pair.
|
||||
|
||||
See also: https://pagure.io/freeipa/issue/9312
|
||||
|
||||
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
||||
---
|
||||
libhsm/src/lib/libhsm.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libhsm/src/lib/libhsm.c b/libhsm/src/lib/libhsm.c
|
||||
index 88dc79e31..8f1e0c3bc 100644
|
||||
--- a/libhsm/src/lib/libhsm.c
|
||||
+++ b/libhsm/src/lib/libhsm.c
|
||||
@@ -1382,7 +1382,7 @@ hsm_hex_unparse(char *dst, const unsigned char *src, size_t len)
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
- snprintf(dst + (2*i), dst_len, "%02x", src[i]);
|
||||
+ snprintf(dst + (2*i), dst_len - (2*i), "%02x", src[i]);
|
||||
}
|
||||
dst[len*2] = '\0';
|
||||
}
|
||||
--
|
||||
2.39.0
|
||||
|
||||
83
1001-opendnssec-c99.patch
Normal file
83
1001-opendnssec-c99.patch
Normal file
@ -0,0 +1,83 @@
|
||||
Include <unistd.h> for the setresuid and setresgid functions,
|
||||
to avoid an implicit function declaration.
|
||||
|
||||
Submitted upstream: <https://github.com/opendnssec/opendnssec/pull/843>
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index bf515cde3d4fab71..52d2885d6a6ef546 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -21101,6 +21101,7 @@ else
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
+#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
|
||||
@@ -21143,6 +21144,7 @@ else
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
+#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
|
||||
diff --git a/m4/acx_broken_setres.m4 b/m4/acx_broken_setres.m4
|
||||
index 374cee0b0b8ef196..467db9170a319170 100644
|
||||
--- a/m4/acx_broken_setres.m4
|
||||
+++ b/m4/acx_broken_setres.m4
|
||||
@@ -4,6 +4,7 @@ AC_DEFUN([ACX_BROKEN_SETRES],[
|
||||
AC_MSG_CHECKING(if setresuid seems to work)
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
+#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
|
||||
@@ -20,6 +21,7 @@ int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
|
||||
AC_MSG_CHECKING(if setresgid seems to work)
|
||||
AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
+#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
|
||||
commit 27290c5fcd065a5a857d37236e7f79121e303d0a
|
||||
Author: Mathieu Mirmont <mat@parad0x.org>
|
||||
Date: Sun Dec 1 18:43:53 2019 +0100
|
||||
|
||||
common: add missing util.h header
|
||||
|
||||
diff --git a/common/scheduler/task.c b/common/scheduler/task.c
|
||||
index cfdbd2d101aae795..9c09dc1893363abe 100644
|
||||
--- a/common/scheduler/task.c
|
||||
+++ b/common/scheduler/task.c
|
||||
@@ -39,6 +39,7 @@
|
||||
#include "status.h"
|
||||
#include "duration.h"
|
||||
#include "file.h"
|
||||
+#include "util.h"
|
||||
#include "log.h"
|
||||
|
||||
static const char* task_str = "task";
|
||||
commit 5422819c17c02e6069328b2f5e4bef6fe5c179df
|
||||
Author: Mathieu Mirmont <mat@parad0x.org>
|
||||
Date: Sun Dec 1 17:57:36 2019 +0100
|
||||
|
||||
enforcer: remove remove strptime build warning
|
||||
|
||||
diff --git a/enforcer/src/daemon/time_leap_cmd.c b/enforcer/src/daemon/time_leap_cmd.c
|
||||
index f1ee21b87529c136..5baef1b6ff7c4cc2 100644
|
||||
--- a/enforcer/src/daemon/time_leap_cmd.c
|
||||
+++ b/enforcer/src/daemon/time_leap_cmd.c
|
||||
@@ -26,8 +26,8 @@
|
||||
*
|
||||
*/
|
||||
|
||||
-#include <getopt.h>
|
||||
#include "config.h"
|
||||
+#include <getopt.h>
|
||||
|
||||
#include "file.h"
|
||||
#include "duration.h"
|
||||
@ -3,8 +3,8 @@
|
||||
|
||||
Summary: DNSSEC key and zone management software
|
||||
Name: opendnssec
|
||||
Version: 2.1.8
|
||||
Release: 4%{?dist}
|
||||
Version: 2.1.10
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
Url: http://www.opendnssec.org/
|
||||
Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
|
||||
@ -17,6 +17,9 @@ Source6: opendnssec.cron
|
||||
Source7: opendnssec-2.1.sqlite_convert.sql
|
||||
Source8: opendnssec-2.1.sqlite_rpmversion.sql
|
||||
|
||||
Patch1: 0001-Pass-right-remaining-buffer-size-in-hsm_hex_unparse-.patch
|
||||
Patch1001: 1001-opendnssec-c99.patch
|
||||
|
||||
Requires: opencryptoki, softhsm >= 2.5.0 , systemd-units
|
||||
Requires: libxml2, libxslt sqlite
|
||||
BuildRequires: make
|
||||
@ -33,10 +36,8 @@ Requires(pre): shadow-utils
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
%if 0%{?prever:1}
|
||||
# For building development snapshots
|
||||
|
||||
Buildrequires: autoconf, automake, libtool, java
|
||||
%endif
|
||||
|
||||
%description
|
||||
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.
|
||||
@ -45,6 +46,8 @@ name server. It requires a PKCS#11 crypto module library, such as softhsm
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}%{?prever}
|
||||
%autopatch -p1
|
||||
|
||||
# bump default policy ZSK keysize to 2048
|
||||
sed -i "s/1024/2048/" conf/kasp.xml.in
|
||||
|
||||
@ -178,6 +181,10 @@ ods-enforcer update all >/dev/null 2>/dev/null ||:
|
||||
%systemd_postun_with_restart ods-signerd.service
|
||||
|
||||
%changelog
|
||||
* Thu Apr 27 2023 Rafael Guterres Jeffman <rjeffman@redhat.com> - 2.1.10-1
|
||||
- Upstream release 2.1.10.
|
||||
Resolves: rhbz#1981324
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.8-4
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (opendnssec-2.1.8.tar.gz) = 48fa9e1efe54d00bba1c97d42d8680a7b33d90360cbb12e333835384447a9d42ffc6508ee6b455bfa4522907b371d4703068e4fd184fd72ea6d950427029cc1c
|
||||
SHA512 (opendnssec-2.1.10.tar.gz) = c7fdbf1c3867d7b53ac11ab5cb5e636af4595dbee8d704429c7fb84cc3a6b2082ed490c33aad7747d4ee1a2c580afcf24a260bc3ed29eaf5e9d337004045b82d
|
||||
|
||||
Loading…
Reference in New Issue
Block a user