From b3edeffe48fbdbf7b4af597401200c0092c2f3a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 17 May 2023 14:46:01 +0200 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 ldns revision 4ade6950c3506913fe41fb4d3617b83c --- .gitattributes | 23 +++ ldns-1.8.3.tar.gz | 3 + ldns-1.8.3.tar.gz.asc | 16 ++ ldns.changes | 450 ++++++++++++++++++++++++++++++++++++++++++ ldns.keyring | 51 +++++ ldns.spec | 193 ++++++++++++++++++ 6 files changed, 736 insertions(+) create mode 100644 .gitattributes create mode 100644 ldns-1.8.3.tar.gz create mode 100644 ldns-1.8.3.tar.gz.asc create mode 100644 ldns.changes create mode 100644 ldns.keyring create mode 100644 ldns.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/ldns-1.8.3.tar.gz b/ldns-1.8.3.tar.gz new file mode 100644 index 0000000..4c9ea7e --- /dev/null +++ b/ldns-1.8.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c3f72dd1036b2907e3a56e6acf9dfb2e551256b3c1bbd9787942deeeb70e7860 +size 1299856 diff --git a/ldns-1.8.3.tar.gz.asc b/ldns-1.8.3.tar.gz.asc new file mode 100644 index 0000000..0be0353 --- /dev/null +++ b/ldns-1.8.3.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAmL6IjQACgkQ5fj4IS93 +pJhiJA//eHb2+DVUz4StIrTwfCd5VSe0xETUkg2m3qfUT+7+blf/w+8aRzN6dwhQ +bs44URFgmpy2dKUlC9Q2sCKX5RxLFI/8JnXWenaofIw/n320F0YhBN/kewH+8YTN +KN9CMFbEsAR1ortzPPsM4r56JeHgcTwEwwIhYX+WaC9n6QMqk7pJVC+B6vrW1Gjc +7loZ0vD1CeLSTKZrt9aknlQEjBe0CSpCAVOBlrh/fPghv9p0slIq6Ovol6Kt2w88 +OeheBWf6g/Ll4g1ke41VE40e3SETW5KxHsxyIuhUltaUyJHzpmrGac6ydoctipzT +nJzwPA9PUIt+dX2qOKlUDD7PwRIGqmOG1pV6x0wz7eJq7tIjPgxgNk+xF2rTKjyt +m3bRGgBOzYf0raOE1yGtnyanAtI9BK6HbsaEuLxsZswzNWByZ9Fgp5sOK5iTswQO +xl2nhH9chyf0ktxbHvla6zZIi/Jj1mAumiZbkWUg6LHnIORYOqdeKByCg/aFHuNX +t7IDpO9VL+EPdrrhnynX+JDRbAxxarQAYqOsi+ARWyygQ0tON+UyxJ2vtEoFQFhG +LMQoal2h9mohYl5pJoWigsnPKdN4JMIhyxEyAS5HreDoeB8YX8x64cuvySVkUlyr +Qi7eByrJuyw9YdWt8iWOO6chokzw9S3jOyuYiKH/G9cqMDpRgAY= +=lSAh +-----END PGP SIGNATURE----- diff --git a/ldns.changes b/ldns.changes new file mode 100644 index 0000000..b12c6ac --- /dev/null +++ b/ldns.changes @@ -0,0 +1,450 @@ +------------------------------------------------------------------- +Fri Sep 2 19:37:42 UTC 2022 - Michael Ströder + +- use HTTPS URLs for URL and Source + +------------------------------------------------------------------- +Mon Aug 15 19:23:59 UTC 2022 - Michael Ströder + +- new version 1.8.3 + + 1.8.3 2022-08-15 + * bugfix #183: Assertion failure with OPT record without rdata. + This caused packet creation with only a DO bit (for DNSSEC OK) to crash. + * Fix for syntax error in pyldns + + 1.8.2 2022-08-12 + * bugfix #147: Allow for tabs in whitespace before quoted rdata fields. + * bugfix #149: Add some missing [out] annotations to doxygen parameters. + * Fix build error on Solaris 10 with inet_ntop redeclaration error. + * Fix -U flag with ldns-signzone. + * Enable compile of SVCB and HTTPS support by default. + * bugfix #179: Free line memory even if zone file parsing fails + * bugfix #166: Grow buffer when writing chars and fixed size + strings when converting to presentation format, preventing + potential assersion errors. + * bugfix #46: Print network errors when secure tracing. + * EDNS0 Option handling and conversion into presentation format. + * bugfix #145: ldns-verify-zone should not call occluded records glue. + +------------------------------------------------------------------- +Fri Dec 3 18:15:35 UTC 2021 - Michael Ströder + +- new version 1.8.1 + + 1.8.1 2021-12-03 + * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname + needs to larger. + * Undo PR#123 fix ldns.pc installation when building out-of-source + + 1.8.0 2021-11-26 + * bugfix #38: Print "line" before line number when printing + zone parse errors. Thanks Petr Špaček. + * bugfix: Revert unused variables in ldns-config removal patch. + * bugfix #50: heap Out-of-bound Read vulnerability in + rr_frm_str_internal reported by pokerfacett. + (bsc#1195057, CVE-2020-19860) + * bugfix #51: Heap Out-of-bound Read vulnerability in + ldns_nsec3_salt_data reported by pokerfacett. + (bsc#1195058, CVE-2020-19861) + * Fix memory leak in examples/ldns-testns handle_tcp routine. + * Detect fixed time memory compare for openssl 0.9.8. + * Fix compile warning by variable initialisation for older gcc. + * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not + available on tvOS. + * Fix for #93: fix packaging/libldns.pc Makefile rule. + * ZONEMD support in ldns-signzone and ldns-verify-zone + * ldns-testns can answer several queries over one tcp connection, + if they arrive within 100msec of each other. + * Fix so that ldns-testns does not leak sockets if the read fails. + * SVCB and HTTPS draft rrtypes. + Enable with --enable-rrtype-svcb-https. + * bugfix #117: Assertion failure with DNSSEC validating of + non existence of RR types at the root. Thanks ZjYwMj + * Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA + record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl + * bugfix #119: Let example tools read longer RR's than + LDNS_MAX_LINELEN + * Add SVCPARAMS to python ldns_rdf_type2str function. + * PR #134 Miscellaneous spelling fixes. Thanks jsoref! + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return + the $INCLUDE not implemented error. + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line + number for an empty line after a comment. + * Fix #135: Fix compile with OpenSSL-3.0.0-beta2. + * PR #107: Added ldns_pkt2buffer_wire_compress() to make dname + compression optional when converting packets to wire format. + Thanks Eli Lindsey + * Option to ldns-keygen to create symlinks with known names + (i.e. without the key id) to the created files. + Thanks Andreas Schulze + * Fix #121: Correct handling of centimetres by LOC parser. + Thanks Felipe Gasper + * PR #126: Link with libldns.la in Makefile.in. + Thanks orbea + * PR #127: Addes option -Q to drill to give short answer. + Thanks niknah + * PR #133: Update m4 files for python modules. + Thanks Petr Menšík + * Bufix CAA value fields may be empty: Thanks Robert Mortimer + * PR #108: Fix for ldns-compare-zones net detecting when first zone + has a RRset that shrinks from two to one RRs, or grows from one + to two RRs. Thanks Emilio Caballero + * Fix #131: Drill sig chasing breaks with gcc-11 and + strict-aliasing. Thanks Stanislav Levin + * Fix #130: Unless $TLL is defined, ttl defaults to the last + explicitly stated value. Thanks Benno + * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc + * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 + Thanks Daniel J. Luke + * Let ldns-signzone warn for high NSEC3 iteration counts. + Thanks Andreas Schulze + +------------------------------------------------------------------- +Tue Aug 6 10:24:54 UTC 2019 - Ludwig Nussel + +- new version 1.7.1 + https://open.nlnetlabs.nl/pipermail/ldns-users/2019-July/000946.html + * Support for DNSSEC algorithms ED25519 and ED448 + when compiled with OpenSSL 1.1.1 + * An -I option to ldns-notify to specify a source IP address + to send to notify from. + * Complete OpenSSL engine support with ldns-signzone + contributed by Vadim Penzin + * security fixes CVE-2017-1000231 (boo#1068711), CVE-2017-1000232 (boo#1068709) + * includes ldns-swig4.0.patch +- add keyring and signature + +------------------------------------------------------------------- +Fri Jun 7 14:18:17 UTC 2019 - Dominique Leuenberger + +- Add ldns-swig4.0.patch: Fix build wih SWIG 4.0 (boo#1135750). + +------------------------------------------------------------------- +Mon Jan 8 10:08:13 UTC 2018 - tchvatal@suse.com + +- Switch directly to python3 in order for us to proceed with py2 + obsoletion for future releases + * Upstream sadly can build only against one of the two + +------------------------------------------------------------------- +Thu Nov 16 14:17:03 UTC 2017 - vcizek@suse.com + +- disable DANE verification when building with openssl < 1.1 to fix + build on distributions that have openssl 1.0.x + +------------------------------------------------------------------- +Sun Aug 27 20:46:30 UTC 2017 - jengelh@inai.de + +- Update descriptions. + +------------------------------------------------------------------- +Fri Aug 18 10:57:32 UTC 2017 - pmonrealgonzalez@suse.com + +- Update to version 1.7.0 + * Ldns built with openssl-1.1.0 [bsc#1042653] + * Fix #551 change Regent to Copyright holder in BSD license in some of + the headings of the file, to match the opensource.org BSD license. + * -e option makes ldns-compare-zones exit with status code 2 on difference + * Filter out specified RR types with ldns-read-zone -e and -E options + * bugfix #563: Correct DNSKEY from DSA private key. + * bugfix #562: ldns-keygen match DSA key maximum size with library. + And check keysizes with all algorithms. + * ldns-verify-zone accepts only one single zonefile as argument. + * bugfix #573: ldns-keygen write private keys with mode 0600. + * Fix configure to make ldns compile with LibreSSL 2.0 + * drill now also accepts dig style -y option + (-y <[algo:]name:key> i.s.o. -y ) + * OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey + * bugfix #608: Correct comment about escaped characters + * CDS and CDNSKEY rr type from RFC 7344. --enable-rrtype-cds configure + option removed + * fix: Memory leak in ldns_pkt_rr_list_by_name() + * fix: Memory leak in ldns_dname2buffer_wire_compress() + * bugfix #613: Allow tab as whitespace too in last rdata field of types + of variable length. + * bugfix: strip trailing whitespace from $ORIGIN lines in zone files + * Let ldns-keygen output .ds files only for KSK keys + * Parse RFC7218 TLSA mnemonics, but do not output them + * Let ldns-dane use SPKI as the default selector i.s.o. Cert + * bugfix: Fit left over NSEC3s once more before adding empty non terminals + * bugfix #605: Determine default trust anchor location at compile time + * bugfix #697: Double free with ldns-dane create + * bugfix #623: Do not redefine bool type and boolean values + * bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx + * bugfix #575: ldns_pkt_clone() does not copy timestamp field + * bugfix #584: ldns-update fixes. Send update to port 53, bring manpage + in sync with the usage text, and don't alter the ldns_resolver passed + to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone() + function in the process. + * bugfix #633: ldns_pkt_clone() parameter isn't const. + * bugfix: ldns-dane manpage correction + * RFC7553 RR Type URI is supported by default. + * Fix ECDSA signature generation, do not omit leading zeroes. + * bugfix: Get rid of superfluous newline in ldns-keyfetcher + * bugfix: -U option to ldns-signzone to sign with every algorithm + * const function parameters whenever possible. + * bugfix #725: allow RR-types on the type bitmap window border + * Add type CSYNC support, RFC 7477. + * Prepare for ED25519, ED448 support: todo convert* routines in dnssec.h, + once openssl has support for signing with these algorithms. The dns + algorithm number is not yet allocated. These features are not fully + implemented yet, openssl (1.1) does not support the algorithms enough + to generate keys and sign and verify with them. + * Fix drill axfr ipv4/ipv6 queries. + * Fix for openssl 1.1.0 API changes. + * bugfix #825: Module import breaks with newer SWIG versions. + * bugfix #769: Add support for :: in an IPv6 address + * bugfix #708: warnings and errors with xcode 6.1/7.0 + * bugfix #754: Memory leak in ldns_str2rdf_ipseckey + * bugfix #661: Fail NSEC3 signing when NSEC domainname length would + overflow. + * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys. + * bugfix #680: ldns fails to reject invalidly formatted RFC 7553 URI RRs. + * bugfix #678: Use poll i.s.o. select to support > 1024 fds + * Use OpenSSL DANE functions for verification (unless explicitly disabled + with --disable-dane-ta-usage). + * Bumb .so version + * Include OPENPGPKEY RR type by default + * rdata processing for SMIMEA RR type + * Fix crash in displaying TLSA RR's. + * Update ldns-key2ds man page to mention GOST and SHA384 hash functions. + * Add sha384 and sha512 tsig algorithm. + * Clarify data ownership with consts for tsig parameters. + * bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0 + * bugfix #1160: Provide sha256 for release tarballs + * --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0 even + when the GOST engine is not available. + +- Dropped patch ldns-perl-5.22.patch + +------------------------------------------------------------------- +Tue May 10 22:52:09 UTC 2016 - mrueckert@suse.de + +- disable python because the bindings dont match the old python + version either + +------------------------------------------------------------------- +Tue May 10 22:44:17 UTC 2016 - mrueckert@suse.de + +- disable perl on sle11 as it needs at least 5.14.2 + +------------------------------------------------------------------- +Tue May 10 22:23:24 UTC 2016 - mrueckert@suse.de + +- fix building on SLE11 by disabling gost + +------------------------------------------------------------------- +Tue Sep 1 11:46:20 UTC 2015 - dimstar@opensuse.org + +- Add ldns-perl-5.22.patch: Fix build with perl 5.22. + +------------------------------------------------------------------- +Thu May 22 17:03:27 UTC 2014 - mrueckert@suse.de + +- update to 1.6.17 + * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a + zone to be an NSEC3 (or its RRSIG) covering an empty non terminal. + * Add --disable-dane option to configure and check availability of the + for dane needed X509_check_ca function in openssl. + * bugfix #490: Get rid of type-punned pointer warnings. + Thanks Adam Tkac. + * Make sure executables are linked against libcrypto with the + LIBSSL_LDFLAGS. Thanks Leo Baltus. + * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav. + * README now shows preferred way to configure for examples and drill. + * Bind to source address for resolvers. drill binds to source with -I. + Thanks Bryan Duff. + * -T option for ldns-dane that has specific exit status for PKIX + validated connections without (secure) TLSA records. + * Fix b{32,64}_{ntop,pton} detection and handling. + * New RR type TKEY, but without operational practice. + * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA. + * New output format flag (and accompanying functions) to print certain + RR's as unknown type + * -u and -U parameter for ldns-read-zone to mark/unmark a RR type + for printing as unknown type + * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen. + * bugfix #497: Properly test for EOF when reading key files with drill. + * New functions: ldns_pkt_ixfr_request_new and + ldns_pkt_ixfr_request_new_frm_str. + * Use SNI with ldns-dane + * bugfix #507: ldnsx Fix use of non-existent variables and not + properly referring to instance variable. Patch from shussain. + * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type + dictionary. Patch from shussain. + * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL + file pointer. + * Fix memory leak in contrib/python: ldns_pkt.new_query. + * Fix buffer overflow in fget_token and bget_token. + * ldns-verify-zone NSEC3 checking from quadratic to linear performance. + Thanks NIC MX (nicmexico.mx) + * ldns-dane setup new ssl session for each new connect to prevent hangs + * bugfix #521: drill trace continue on empty non-terminals with NSEC3 + * bugfix #525: Fix documentation of ldns_resolver_set_retry + * Remove unused LDNS_RDF_TYPE_TSIG and associated functions. + * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek. + * Configure option to build perl bindings: --with-p5-dns-ldns + (DNS::LDNS is a contribution from Erik Ostlyngen) + * bugfix #527: Move -lssl before -lcrypto when linking + * Optimize TSIG digest function name comparison (Thanks Marc Buijsman) + * Compare names case insensitive with ldns_pkt_rr_list_by_name and + ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) + * A separate --enable for each draft RR type: --enable-rrtype-ninfo, + --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and + --enable-rrtype-ta + * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) + * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza) + * Adjust ldns_sha1() so that the input data is not modified (Thanks + Marc Buijsman) + * Messages to stderr are now off by default and can be reenabled with + the --enable-stderr-msgs configure option. +- enable rrtype-ninfo, rrtype-rkey, rrtype-cds, rrtype-uri, rrtype-ta +- build pyldnsx bindings +- build perl bindings +- pass the path to our CA store + +------------------------------------------------------------------- +Mon Jan 21 13:40:47 UTC 2013 - johann.luce@wanadoo.fr + +- Fix spec file for submit in Server:dns repos + +------------------------------------------------------------------- +Mon Dec 3 15:20:36 UTC 2012 - johann.luce@wanadoo.fr + +- Upgrade to 1.6.16 +1.6.16 2012-11-13 + * Fix Makefile to build pyldns with BSD make + * Fix typo in exporting b32_* symbols to make pyldns load again + * Allow leaving the RR owner name empty in ldns-testns datafiles. + * Fix fail to create NSEC3 bitmap for empty non-terminal (bug + introduced in 1.6.14). + +1.6.15 2012-10-25 + * Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns + binary compatible with earlier releases again. + +1.6.14 2012-10-23 + * DANE support (RFC6698), including ldns-dane example tool. + * Configurable default CA certificate repository for ldns-dane with + --with-ca-file=CAFILE and --with-ca-path=CAPATH + * Configurable default trust anchor with --with-trust-anchor=FILE + for drill, ldns-verify-zone and ldns-dane + * bugfix #474: Define socklen_t when undefined (like in Win32) + * bugfix #473: Dead code removal and resource leak fix in drill + * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too. + * Various bugfixes from code reviews from CZ.NIC and Paul Wouters + * ldns-notify TSIG option argument checking + * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's + in sync. + * Let ldns_pkt_push_rr now return false on (memory) errors. + * Make buffer_export comply to documentation and fix buffer2str + * Various improvements and fixes of pyldns from Katel Slany + now documented in their own Changelog. + * bugfix: Make ldns_resolver_pop_nameserver clear the array when + there was only one. + * bugfix #459: Remove ldns_symbols and export symbols based on regex + * bugfix #458: Track all newly created signatures when signing. + * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given. + * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm. + * pyldns memory handling fixes and the python3/ldns-signzone.py + examples script contribution from Karel Slany. + * bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed + to be bigger (or equal) P in ldns_key_dsa2bin. + * bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new. + * bugfix #448: Copy nameserver value (in stead of reference) of the + answering nameserver to the answer packet in ldns_send_buffer, so + the original value may be deep freed with the ldns_resolver struct. + * New -0 option for ldns-read-zone to replace inception, expiration + and signature rdata fields with (null). Thanks Paul Wouters. + * New -p option for ldns-read-zone to prepend-pad SOA serial to take + up ten characters. + * Return error if printing RR fails due to unknown/null RDATA. + +------------------------------------------------------------------- +Sun Jun 10 20:33:18 UTC 2012 - johann.luce@wanadoo.fr + +- Upgrade to 1.6.13 + * New -S option for ldns-verify-zone to chase signatures online. + * New -k option for ldns-verify-zone to validate using a trusted key. + * New inception and expiration margin options (-i and -e) to + ldns-verify-zone. + * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l + functions. + * New ldns_duration* functions (copied from OpenDNSSEC source) + * fix ldns-verify-zone to allow NSEC3 signatures to come before + the NSEC3 RR in all cases. Thanks Wolfgang Nagele. + * Zero the correct flag (opt-out) when creating NSEC3PARAMS. + Thanks Peter van Dijk. + * Canonicalize RRSIG's Signer's name too when validating, because + bind and unbound do that too. Thanks Peter van Dijk. + * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label + * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free + * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT + * bugfix #427: Explicitely link ssl with the programs that use it. + * Fix reading \DDD: Error on values that are outside range (>255). + * bugfix #429: fix doxyparse.pl fails on NetBSD because specified + path to perl. + * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. + * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. + Thanks John Barnitz + +------------------------------------------------------------------- +Thu Apr 19 14:05:39 UTC 2012 - johann.luce@wanadoo.fr + +- Upgrade in 1.6.12 + * bugfix #413: Fix manpage source for srcdir != builddir + * Canonicalize the signers name rdata field in RRSIGs when signing + * Ignore minor version of Private-key-format (so v1.3 may be used) + * Allow a check_time to be given in stead of always checking against + the current time. With ldns-verify-zone the check_time can be set + with the -t option. + * Added functions for updating and manipulating SOA serial numbers. + ldns-read-zone has an option -S for updating and manipulating the + serial numbers. + * The library Makefile is now GNU and BSD make compatible. + * bugfix #419: NSEC3 validation of a name covered by a wildcard with + no data. + * Two new options (--with-drill and --with-examples) to the main + configure script (in the root of the source tree) to build drill + and examples too. + * Fix days_since_epoch to year_yday calculation on 32bits systems. +------------------------------------------------------------------- +Tue Jan 10 11:21:38 UTC 2012 - dimstar@opensuse.org + +- Add openssl-devel Requires to -devel package: dnssec.h includes + ssl.h, which in turn is provided by openssl-devel. Without this + Requires, depending packages need to be aware of underlying + implementations of ldns. + +------------------------------------------------------------------- +Mon Oct 17 15:17:12 UTC 2011 - lnussel@suse.de + +- new version 1.6.11 + * new ldnsx python module + * fix heap overflow (bnc#720277, CVE-2011-3581) + +------------------------------------------------------------------- +Wed May 25 13:38:43 UTC 2011 - lnussel@suse.de + +- new version 1.6.9 +- enable python bindings, used by sshfp's dane tool +- merge with Factory version + +------------------------------------------------------------------- +Mon Apr 27 15:34:10 CEST 2009 - crrodriguez@suse.de + +- initial version, required by unbound + +------------------------------------------------------------------- +Wed May 21 17:59:04 CEST 2008 - mrueckert@suse.de + +- fix the rpmlint warnings + +------------------------------------------------------------------- +Wed May 21 05:53:12 CEST 2008 - mrueckert@suse.de + +- update to 1.3.0.pre20080229 (taken from unbound-1.0.0 tarball) + required version update to make it work with unbound + +------------------------------------------------------------------- +Wed May 21 04:43:07 CEST 2008 - mrueckert@suse.de + +- initial package + diff --git a/ldns.keyring b/ldns.keyring new file mode 100644 index 0000000..8afb1ff --- /dev/null +++ b/ldns.keyring @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07 +WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTp +Mnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRai +a54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZ +xR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20 +tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXi +DqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbO +tgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpy +cDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ +45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdim +pAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQAB +tCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAIb +IwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlbUE5oFCRDr7kkACgkQ5fj4IS93 +pJiGfA/8C1+/M+EaQItVzQ/iPCbagBTqWOSispMzJne9gmimJzPs+lxgnrXOuYlI +BywHpWB2Jmz45h+Cc4+di48WQfV9tHENn9MVFkwKzSdcY6v5eot6xSY5FRHS226M +PR9UJ8/z5PvlizZUVbbM+Ngxg3Rx045Q0FnQm0o5VasEJ1PoR3CSiELJoZ13ukTk +5pQlKyVknUKH1E1ds+Xtg1jpZBqiLiBzcLkKWYqBvrXI6XAEPr+woRgj3xV8P24U +j232uK7xoe82jWIeZWXt/AbHBSmNOWPIgMd9i3FjdeTDml5sZSy3BlDYMr8hINen +hYLhdLpJnXwPcsaj0ivcV+xSjLtSh0mE4gudcVhk5XR1M6emSlATC6+Bqn0M9JNT +n4SHhkNSyo87aPwKqWFDlvjAZlRyPym9miJBlzech2uOlYSk6GFuead7MpGAipf5 +PwNNRKDMDi3y+H47YG2izbrqj3cOZdqZmErwrzCU8xVkxzY/EY6w/MNMFNeqmXVG +xzIZ8y9KAjH6JO96M/AxS4mXHJh1ocfHtSm90Ahy/HPJK+2+5+IgkAymKsvyIbvj +s7FccMUo+OiSPWYi+xO/NXA4pBlUuGmV55Kog7ym1flzo8OD9uHfLPrVORBHgnsI +Tbzf9vgJ0emy8fxMCkzFT334gC1OVhD1ff1frbPXyVbcGI8AO+q5Ag0ETWzzUQEQ +AKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuU +ia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd +6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/c +laxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNG +Qplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124Ybc +WC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC +6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+ +hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/ +NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzr +avs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ +5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiUEGAECAA8C +GwwFAlbUE5oFCRDr7kkACgkQ5fj4IS93pJjBwxAAnko5CSFDX/ZqW97satNacACH +SAOOM8/jz1p2QtJSwbrbLsJRMpN1mSnjXWPBTmXoP4SGHGtxTVZxrYCpSMEHMqOV +4yK3QlUnQXnf+CSvo2Ud3rpCh/lFLVHqG2Sy5Ietf/T+GGsoPd9DIdTHO0aFlW2y +RQPxSrbYpv1v2aACgRO4114qkex2j36diqlLod/OU4OQ51nuSesjTrUM9Fz6ikBJ +1UDjakjAXe/HiRxUmdv4LANCmso+Gn17Co5lUdpn3fa8zTwNNAgLm6RBiBSSdaYE +xM9ir6pHrcWL5N+iZKnVmfE5CBufziZq7V1E3I4FRuvDN4echbf58c6YxBQDsd9V +ZMJeFWY60w4JEXpHQdt129GS1FN/2PQ8NmAUXYCkYYk6Lv1tnGJCSLnD3ObLyWm+ +sjA5yAK2H8WU+nutsDF63yFJujNMpmB3bi9+699TzsyQNVKd2fH38cgk1gZFb6Nb +x9+lrTIwzAJJlOu8UwbR0HgGuRmrWp0EIm3tcy4xqWF3CavnM22BAOKKKH+qnwx8 +BRrx58coHQFMswW4W7Bo+jpKbQJ4RV2cXUEbmHbYUoXDHZyv/RzOI46dXAoWFc3o +CoqLqpsZYZstJ4UJHXB5aHi1zxJDwzKxsflmSKfIUr3glRWCy/ylcPMEXzPBb3qb +GFMUboioUjqLuNV4SSY= +=n3Or +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ldns.spec b/ldns.spec new file mode 100644 index 0000000..6da1c39 --- /dev/null +++ b/ldns.spec @@ -0,0 +1,193 @@ +# +# spec file for package ldns +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libname libldns3 +Name: ldns +Version: 1.8.3 +Release: 0 +Summary: A library for developing the Domain Name System +License: BSD-3-Clause +Group: Development/Libraries/C and C++ +URL: https://www.nlnetlabs.nl/projects/ldns/ +Source: https://www.nlnetlabs.nl/downloads/ldns/ldns-%{version}.tar.gz +Source1: https://www.nlnetlabs.nl/downloads/ldns/ldns-%{version}.tar.gz.asc +Source2: ldns.keyring +BuildRequires: doxygen +BuildRequires: fdupes +BuildRequires: libopenssl-devel +BuildRequires: libpcap-devel +BuildRequires: perl-Devel-CheckLib +BuildRequires: python3-devel +BuildRequires: swig + +%description +ldns is a C library that can be used for domain name system (DNS) +development. It supports RFCs like the DNSSEC documents, and allows +developers to create software conforming to RFCs, as well as +experimental software for current Internet Drafts. + +This package holds the tools/examples from ldns. + +%package -n %{libname} +Summary: A library for developing the Domain Name System +Group: System/Libraries + +%description -n %{libname} +ldns is a C library that can be used for domain name system (DNS) +development. It supports RFCs like the DNSSEC documents, and allows +developers to create software conforming to RFCs, as well as +experimental software for current Internet Drafts. + +%package devel +Summary: Development files for ldns +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} +Requires: openssl-devel + +%description devel +ldns is a C library that can be used for domain name system (DNS) +development. It supports RFCs like the DNSSEC documents, and allows +developers to create software conforming to RFCs, as well as +experimental software for current Internet Drafts. + +This package holds the development files. + +%package -n python3-ldns +Summary: Python3 bindings for ldns +Group: Development/Languages/Python +Requires: %{libname} >= %{version} + +%description -n python3-ldns +Python bindings for the ldns library + +%package -n perl-DNS-LDNS +Summary: Perl bindings for ldns +Group: Development/Languages/Perl +Requires: %{libname} >= %{version} +%libperl_requires + +%description -n perl-DNS-LDNS +Perl bindings for the ldns library. + +%prep +%autosetup + +%build +export CFLAGS="%{optflags} -fno-strict-aliasing" +if pkg-config --max-version=1.1.0 openssl; then + DISABLE_DANE="--disable-dane-verify" +fi +export PYTHON=%{_bindir}/python3 +%configure \ + --disable-rpath \ + --disable-static \ + --enable-rrtype-ninfo \ + --enable-rrtype-rkey \ + --enable-rrtype-cds \ + --enable-rrtype-uri \ + --enable-rrtype-ta \ + --with-pyldns \ + --with-pyldnsx \ + --with-drill \ + --with-examples \ + --with-ca-path=%{_sysconfdir}/ssl/certs/ \ + $DISABLE_DANE +make %{?_smp_mflags} + +# We cannot use the built-in --with-p5-dns-ldns +pushd contrib/DNS-LDNS +LD_LIBRARY_PATH="../../lib:$LD_LIBRARY_PATH" perl \ + Makefile.PL INSTALLDIRS=vendor INC="-I. -I../.." LIBS="-L../../lib" +make %{?_smp_mflags} +popd + +%install +make DESTDIR=%{buildroot} \ + install \ + install-drill \ + install-examples + +make DESTDIR=%{buildroot} \ + install-pyldns \ + install-pyldnsx +rm -v %{buildroot}%{python3_sitearch}/*.la + +make -C contrib/DNS-LDNS DESTDIR=%{buildroot} pure_install +chmod 755 %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/LDNS.so +rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs} + +rm -v %{buildroot}%{_libdir}/libldns.*a +%fdupes %{buildroot}%{_mandir} + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files +%{_bindir}/drill +%{_bindir}/ldns-chaos +%{_bindir}/ldns-compare-zones +%{_bindir}/ldns-dpa +%{_bindir}/ldns-gen-zone +%{_bindir}/ldns-key2ds +%{_bindir}/ldns-keyfetcher +%{_bindir}/ldns-keygen +%{_bindir}/ldns-mx +%{_bindir}/ldns-notify +%{_bindir}/ldns-nsec3-hash +%{_bindir}/ldns-read-zone +%{_bindir}/ldns-resolver +%{_bindir}/ldns-revoke +%{_bindir}/ldns-rrsig +%{_bindir}/ldns-signzone +%{_bindir}/ldns-test-edns +%{_bindir}/ldns-testns +%{_bindir}/ldns-update +%{_bindir}/ldns-verify-zone +%{_bindir}/ldns-version +%{_bindir}/ldns-walk +%{_bindir}/ldns-zcat +%{_bindir}/ldns-zsplit +%{_bindir}/ldnsd +%{_bindir}/ldns-dane +%{_mandir}/man1/drill.1%{?ext_man} +%{_mandir}/man1/ldns*.1%{?ext_man} + +%files -n %{libname} +%license LICENSE +%{_libdir}/libldns.so.* + +%files devel +%{_bindir}/ldns-config +%{_includedir}/ldns/ +%{_libdir}/libldns.so +%{_libdir}/pkgconfig/ldns.pc +%{_mandir}/man3/ldns*.3%{?ext_man} +%doc libdns.vim README* + +%files -n perl-DNS-LDNS +%{perl_vendorarch}/DNS/LDNS.pm +%dir %{perl_vendorarch}/DNS/ +%{perl_vendorarch}/DNS/LDNS/ +%dir %{perl_vendorarch}/auto/DNS/ +%{perl_vendorarch}/auto/DNS/LDNS/ +%{_mandir}/man3/DNS::LDNS*3pm* + +%files -n python3-ldns +%{python3_sitearch}/*ldns* + +%changelog