From 6aa21a27c7498947874ff878ee9e3e3b5f0a62a9af16cb8023332af08de897e5 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Mon, 4 Nov 2024 13:05:56 +0000 Subject: [PATCH 1/2] ldns 1.8.4 boo#1231584 OBS-URL: https://build.opensuse.org/package/show/server:dns/ldns?expand=0&rev=49 --- .gitattributes | 23 ++ .gitignore | 1 + ldns-1.8.3.tar.gz | 3 + ldns-1.8.3.tar.gz.asc | 16 ++ ldns-1.8.4-swig-3.4.0.patch | 113 +++++++++ ldns-1.8.4.tar.gz | 3 + ldns-1.8.4.tar.gz.asc | 16 ++ ldns-swig-32bit.patch | 33 +++ ldns-swig-4.2.patch | 67 +++++ ldns.changes | 472 ++++++++++++++++++++++++++++++++++++ ldns.keyring | 51 ++++ ldns.spec | 198 +++++++++++++++ 12 files changed, 996 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 ldns-1.8.3.tar.gz create mode 100644 ldns-1.8.3.tar.gz.asc create mode 100644 ldns-1.8.4-swig-3.4.0.patch create mode 100644 ldns-1.8.4.tar.gz create mode 100644 ldns-1.8.4.tar.gz.asc create mode 100644 ldns-swig-32bit.patch create mode 100644 ldns-swig-4.2.patch create mode 100644 ldns.changes create mode 100644 ldns.keyring create mode 100644 ldns.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/ldns-1.8.3.tar.gz b/ldns-1.8.3.tar.gz new file mode 100644 index 0000000..13c7e65 --- /dev/null +++ b/ldns-1.8.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c3f72dd1036b2907e3a56e6acf9dfb2e551256b3c1bbd9787942deeeb70e7860 +size 1299856 diff --git a/ldns-1.8.3.tar.gz.asc b/ldns-1.8.3.tar.gz.asc new file mode 100644 index 0000000..2aacb04 --- /dev/null +++ b/ldns-1.8.3.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAmL6IjQACgkQ5fj4IS93 +pJhiJA//eHb2+DVUz4StIrTwfCd5VSe0xETUkg2m3qfUT+7+blf/w+8aRzN6dwhQ +bs44URFgmpy2dKUlC9Q2sCKX5RxLFI/8JnXWenaofIw/n320F0YhBN/kewH+8YTN +KN9CMFbEsAR1ortzPPsM4r56JeHgcTwEwwIhYX+WaC9n6QMqk7pJVC+B6vrW1Gjc +7loZ0vD1CeLSTKZrt9aknlQEjBe0CSpCAVOBlrh/fPghv9p0slIq6Ovol6Kt2w88 +OeheBWf6g/Ll4g1ke41VE40e3SETW5KxHsxyIuhUltaUyJHzpmrGac6ydoctipzT +nJzwPA9PUIt+dX2qOKlUDD7PwRIGqmOG1pV6x0wz7eJq7tIjPgxgNk+xF2rTKjyt +m3bRGgBOzYf0raOE1yGtnyanAtI9BK6HbsaEuLxsZswzNWByZ9Fgp5sOK5iTswQO +xl2nhH9chyf0ktxbHvla6zZIi/Jj1mAumiZbkWUg6LHnIORYOqdeKByCg/aFHuNX +t7IDpO9VL+EPdrrhnynX+JDRbAxxarQAYqOsi+ARWyygQ0tON+UyxJ2vtEoFQFhG +LMQoal2h9mohYl5pJoWigsnPKdN4JMIhyxEyAS5HreDoeB8YX8x64cuvySVkUlyr +Qi7eByrJuyw9YdWt8iWOO6chokzw9S3jOyuYiKH/G9cqMDpRgAY= +=lSAh +-----END PGP SIGNATURE----- diff --git a/ldns-1.8.4-swig-3.4.0.patch b/ldns-1.8.4-swig-3.4.0.patch new file mode 100644 index 0000000..02d70ae --- /dev/null +++ b/ldns-1.8.4-swig-3.4.0.patch @@ -0,0 +1,113 @@ +From 8f98152d325f464bc1a20e17236a232f32e91703 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Wed, 23 Oct 2024 23:08:54 +0200 +Subject: [PATCH] Use SWIG_AppendOutput to support swig 4.3 + +Swig has changed language specific AppendOutput functions. But helper +macro SWIG_AppendOutput remains unchanged. Use that everywhere instead +of SWIG_Python_AppendOutput, which would require one extra parameter +since swig 4.3.0. + +https://github.com/swig/swig/blob/v4.3.0/CHANGES.current#L376 +https://github.com/swig/swig/issues/2905 +--- + contrib/python/ldns_buffer.i | 2 +- + contrib/python/ldns_key.i | 2 +- + contrib/python/ldns_packet.i | 2 +- + contrib/python/ldns_rdf.i | 2 +- + contrib/python/ldns_resolver.i | 2 +- + contrib/python/ldns_rr.i | 2 +- + contrib/python/ldns_zone.i | 2 +- + 7 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/contrib/python/ldns_buffer.i b/contrib/python/ldns_buffer.i +index 5c2d583b..0a3e3895 100644 +--- a/contrib/python/ldns_buffer.i ++++ b/contrib/python/ldns_buffer.i +@@ -45,7 +45,7 @@ + /* Result generation, appends (ldns_buffer *) after the result. */ + %typemap(argout, noblock=1) (ldns_buffer **) + { +- $result = SWIG_Python_AppendOutput($result, ++ $result = SWIG_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_buf), + SWIGTYPE_p_ldns_struct_buffer, SWIG_POINTER_OWN | 0)); + } +diff --git a/contrib/python/ldns_key.i b/contrib/python/ldns_key.i +index dc67e67b..6a3c2db4 100644 +--- a/contrib/python/ldns_key.i ++++ b/contrib/python/ldns_key.i +@@ -38,7 +38,7 @@ + /* result generation */ + %typemap(argout,noblock=1) (ldns_key **) + { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_key), SWIGTYPE_p_ldns_struct_key, SWIG_POINTER_OWN | 0 )); ++ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_key), SWIGTYPE_p_ldns_struct_key, SWIG_POINTER_OWN | 0 )); + } + + %typemap(argout) ldns_rdf *r "Py_INCREF($input);" +diff --git a/contrib/python/ldns_packet.i b/contrib/python/ldns_packet.i +index c2d7a3b6..8309808d 100644 +--- a/contrib/python/ldns_packet.i ++++ b/contrib/python/ldns_packet.i +@@ -45,7 +45,7 @@ + /* Result generation, appends (ldns_pkt *) after the result. */ + %typemap(argout,noblock=1) (ldns_pkt **) + { +- $result = SWIG_Python_AppendOutput($result, ++ $result = SWIG_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_pkt), + SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN | 0 )); + } +diff --git a/contrib/python/ldns_rdf.i b/contrib/python/ldns_rdf.i +index 39f9af18..ed1f0d00 100644 +--- a/contrib/python/ldns_rdf.i ++++ b/contrib/python/ldns_rdf.i +@@ -45,7 +45,7 @@ + /* Result generation, appends (ldns_rdf *) after the result. */ + %typemap(argout, noblock=1) (ldns_rdf **) + { +- $result = SWIG_Python_AppendOutput($result, ++ $result = SWIG_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_rdf), + SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0)); + } +diff --git a/contrib/python/ldns_resolver.i b/contrib/python/ldns_resolver.i +index 8468cce3..8d0abc6e 100644 +--- a/contrib/python/ldns_resolver.i ++++ b/contrib/python/ldns_resolver.i +@@ -45,7 +45,7 @@ + /* Result generation, appends (ldns_resolver *) after the result. */ + %typemap(argout,noblock=1) (ldns_resolver **r) + { +- $result = SWIG_Python_AppendOutput($result, ++ $result = SWIG_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_res), + SWIGTYPE_p_ldns_struct_resolver, SWIG_POINTER_OWN | 0 )); + } +diff --git a/contrib/python/ldns_rr.i b/contrib/python/ldns_rr.i +index 2e0a0714..c53955cf 100644 +--- a/contrib/python/ldns_rr.i ++++ b/contrib/python/ldns_rr.i +@@ -45,7 +45,7 @@ + /* Result generation, appends (ldns_rr *) after the result. */ + %typemap(argout, noblock=1) (ldns_rr **) + { +- $result = SWIG_Python_AppendOutput($result, ++ $result = SWIG_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_rr), + SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 )); + } +diff --git a/contrib/python/ldns_zone.i b/contrib/python/ldns_zone.i +index bbb8d8f2..3459478a 100644 +--- a/contrib/python/ldns_zone.i ++++ b/contrib/python/ldns_zone.i +@@ -39,7 +39,7 @@ + /* result generation */ + %typemap(argout,noblock=1) (ldns_zone **) + { +- $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_zone), SWIGTYPE_p_ldns_struct_zone, SWIG_POINTER_OWN | 0 )); ++ $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_zone), SWIGTYPE_p_ldns_struct_zone, SWIG_POINTER_OWN | 0 )); + } + + %nodefaultctor ldns_struct_zone; //no default constructor & destructor diff --git a/ldns-1.8.4.tar.gz b/ldns-1.8.4.tar.gz new file mode 100644 index 0000000..7351e22 --- /dev/null +++ b/ldns-1.8.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:838b907594baaff1cd767e95466a7745998ae64bc74be038dccc62e2de2e4247 +size 1301058 diff --git a/ldns-1.8.4.tar.gz.asc b/ldns-1.8.4.tar.gz.asc new file mode 100644 index 0000000..0c05bc4 --- /dev/null +++ b/ldns-1.8.4.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAmabRi4ACgkQ5fj4IS93 +pJiTTQ/+Oq6CRH4LJccxpbKAPaLFicUZzfY2zYO4OjY0yFQuYqVc1OWIdJbYQdZp +ouX45FhXAklYZiqQYniE7HdImDZNecWBHPtjgrc+jpfsIgx6wzU0tUHzXRWXv3sZ +1JV8D+xs+9r9LP4XfN643fpIltC4a2wYLsv97cp5mtAdPp5vnNkSZkCMvYrX+A3c +fapVZfpFLiJ9Su/sM2zUIM3XuKanA2Dc3DKctxnjNHG6CLnERZLoVXURItXkItNU +qo8yu6xoEYLSwE70Z/H5EWn3nqFvHVkaxNOBDSEMLFCp1dbddV2F+zFg8UsCMgUS +A2SqzXGAdBczKlOVrXkuBgMIQd0uvekSsuc2YU+bS2qiQIEuIbGoaqyUgFvVGwTB +s4NQEkBl59eqJf5J6m3sE/ScquxO0eyAu/F8DMqwUMCsDBcFrLG0jewZrSBNQxuQ +pys1efHJiFCCLuYX7gWz65vrdl99b2TOzGfDnNsZoafJ1TtSWcJTd6XuAgk0yGTi +zdiJAmOjCAvt5D0yS5zJYYtbWosYKR4Fn/fiTOk9uwUw6AXQFcAiibRnFX0Xk+E9 +TsoMEpM/OAQADPtThRKRHBWKAEhKpNbiGosxLBTDofKdCmlvspQxfbQzSyow6NyK ++sgLbXdrcUtzu0E1ZC0LXvQF2AlxqyvGF8W3dfeAuK033N4fcbI= +=q3pY +-----END PGP SIGNATURE----- diff --git a/ldns-swig-32bit.patch b/ldns-swig-32bit.patch new file mode 100644 index 0000000..d52af20 --- /dev/null +++ b/ldns-swig-32bit.patch @@ -0,0 +1,33 @@ +From f91f61e10be595a6a46845112aaed7da24551bf9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Fri, 26 Jan 2024 11:57:03 +0100 +Subject: [PATCH] 32-bit compatibility for Python SWIG bindings +Upstream: https://github.com/NLnetLabs/ldns/pull/233 +References: boo#1225794 + +The ssize_t type can be int instead of long, and the pointer +types are incompatible. +--- + contrib/python/ldns.i | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/contrib/python/ldns.i b/contrib/python/ldns.i +index 881ba5e85..b4a740820 100644 +--- a/contrib/python/ldns.i ++++ b/contrib/python/ldns.i +@@ -99,12 +99,14 @@ + %typemap(in, noblock=1) (ssize_t) + { + int $1_res = 0; +- $1_res = SWIG_AsVal_long($input, &$1); ++ long val; ++ $1_res = SWIG_AsVal_long($input, &val); + if (!SWIG_IsOK($1_res)) { + SWIG_exception_fail(SWIG_ArgError($1_res), "in method '" + "$symname" "', argument " "$argnum" " of type '" + "$type""'"); + } ++ $1 = val; + } + + diff --git a/ldns-swig-4.2.patch b/ldns-swig-4.2.patch new file mode 100644 index 0000000..472b9d5 --- /dev/null +++ b/ldns-swig-4.2.patch @@ -0,0 +1,67 @@ +From daf38095763f758c77be538da25c267dc5cb73c8 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Fri, 26 Jan 2024 11:30:39 +0100 +Subject: [PATCH] SWIG_Python_str_AsChar removal in SWIG 4.2.0 +Upstream: https://github.com/NLnetLabs/ldns/pull/232 +References: boo#1225794 + +The replacement, SWIG_PyUnicode_AsUTF8AndSize, has different +memory management requirements. +--- + contrib/python/ldns_rdf.i | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/contrib/python/ldns_rdf.i b/contrib/python/ldns_rdf.i +index 5d7448fd..60daf1a7 100644 +--- a/contrib/python/ldns_rdf.i ++++ b/contrib/python/ldns_rdf.i +@@ -56,7 +56,11 @@ + */ + %typemap(arginit, noblock=1) const ldns_rdf * + { ++#if SWIG_VERSION >= 0x040200 ++ PyObject *$1_bytes = NULL; ++#else + char *$1_str = NULL; ++#endif + } + + /* +@@ -66,11 +70,17 @@ + %typemap(in, noblock=1) const ldns_rdf * (void* argp, $1_ltype tmp = 0, int res) + { + if (Python_str_Check($input)) { ++ const char *argstr; ++#if SWIG_VERSION >= 0x040200 ++ argstr = SWIG_PyUnicode_AsUTF8AndSize($input, NULL, &$1_bytes); ++#else + $1_str = SWIG_Python_str_AsChar($input); +- if ($1_str == NULL) { ++ argstr = $1_str; ++#endif ++ if (argstr == NULL) { + %argument_fail(SWIG_TypeError, "char *", $symname, $argnum); + } +- tmp = ldns_dname_new_frm_str($1_str); ++ tmp = ldns_dname_new_frm_str(argstr); + if (tmp == NULL) { + %argument_fail(SWIG_TypeError, "char *", $symname, $argnum); + } +@@ -90,10 +100,17 @@ + */ + %typemap(freearg, noblock=1) const ldns_rdf * + { ++#if SWIG_VERSION >= 0x040200 ++ if ($1_bytes != NULL) { ++ /* Is not NULL only when a conversion form string occurred. */ ++ Py_XDECREF($1_bytes); ++ } ++#else + if ($1_str != NULL) { + /* Is not NULL only when a conversion form string occurred. */ + SWIG_Python_str_DelForPy3($1_str); /* Is a empty macro for Python < 3. */ + } ++#endif + } + + %nodefaultctor ldns_struct_rdf; /* No default constructor. */ diff --git a/ldns.changes b/ldns.changes new file mode 100644 index 0000000..cc6e65e --- /dev/null +++ b/ldns.changes @@ -0,0 +1,472 @@ +------------------------------------------------------------------- +Mon Nov 4 11:08:29 UTC 2024 - Andreas Stieger + +- update to 1.8.4: + * Fix Resolver uses nameserver commented out in /etc/resolv.conf + * Added RESINFO rrtype + * Added WALLET rrtype + * Added NXNAME rrtype + * Fix static code analysis findings, and developer visible fixes + * improve 'next-label' algorithm in ldns-walk + * Add functions to extract RFC 8914 extended errors + * Build system fixes and fixes for dependencies +- drop ldns-swig-4.2.patch, ldns-swig-32bit.patch +- add ldns-1.8.4-swig-3.4.0.patch boo#1231584 + +------------------------------------------------------------------- +Wed Jul 10 13:43:44 UTC 2024 - Martin Jambor + +- Added ldns-swig-4.2.patch and ldns-swig-32bit.patch in order to + avoid C99 viloations which are compile time errors by default with + GCC 14. [boo#1225794] + +------------------------------------------------------------------- +Fri Sep 2 19:37:42 UTC 2022 - Michael Ströder + +- use HTTPS URLs for URL and Source + +------------------------------------------------------------------- +Mon Aug 15 19:23:59 UTC 2022 - Michael Ströder + +- new version 1.8.3 + + 1.8.3 2022-08-15 + * bugfix #183: Assertion failure with OPT record without rdata. + This caused packet creation with only a DO bit (for DNSSEC OK) to crash. + * Fix for syntax error in pyldns + + 1.8.2 2022-08-12 + * bugfix #147: Allow for tabs in whitespace before quoted rdata fields. + * bugfix #149: Add some missing [out] annotations to doxygen parameters. + * Fix build error on Solaris 10 with inet_ntop redeclaration error. + * Fix -U flag with ldns-signzone. + * Enable compile of SVCB and HTTPS support by default. + * bugfix #179: Free line memory even if zone file parsing fails + * bugfix #166: Grow buffer when writing chars and fixed size + strings when converting to presentation format, preventing + potential assersion errors. + * bugfix #46: Print network errors when secure tracing. + * EDNS0 Option handling and conversion into presentation format. + * bugfix #145: ldns-verify-zone should not call occluded records glue. + +------------------------------------------------------------------- +Fri Dec 3 18:15:35 UTC 2021 - Michael Ströder + +- new version 1.8.1 + + 1.8.1 2021-12-03 + * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname + needs to larger. + * Undo PR#123 fix ldns.pc installation when building out-of-source + + 1.8.0 2021-11-26 + * bugfix #38: Print "line" before line number when printing + zone parse errors. Thanks Petr Špaček. + * bugfix: Revert unused variables in ldns-config removal patch. + * bugfix #50: heap Out-of-bound Read vulnerability in + rr_frm_str_internal reported by pokerfacett. + (bsc#1195057, CVE-2020-19860) + * bugfix #51: Heap Out-of-bound Read vulnerability in + ldns_nsec3_salt_data reported by pokerfacett. + (bsc#1195058, CVE-2020-19861) + * Fix memory leak in examples/ldns-testns handle_tcp routine. + * Detect fixed time memory compare for openssl 0.9.8. + * Fix compile warning by variable initialisation for older gcc. + * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not + available on tvOS. + * Fix for #93: fix packaging/libldns.pc Makefile rule. + * ZONEMD support in ldns-signzone and ldns-verify-zone + * ldns-testns can answer several queries over one tcp connection, + if they arrive within 100msec of each other. + * Fix so that ldns-testns does not leak sockets if the read fails. + * SVCB and HTTPS draft rrtypes. + Enable with --enable-rrtype-svcb-https. + * bugfix #117: Assertion failure with DNSSEC validating of + non existence of RR types at the root. Thanks ZjYwMj + * Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA + record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl + * bugfix #119: Let example tools read longer RR's than + LDNS_MAX_LINELEN + * Add SVCPARAMS to python ldns_rdf_type2str function. + * PR #134 Miscellaneous spelling fixes. Thanks jsoref! + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return + the $INCLUDE not implemented error. + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line + number for an empty line after a comment. + * Fix #135: Fix compile with OpenSSL-3.0.0-beta2. + * PR #107: Added ldns_pkt2buffer_wire_compress() to make dname + compression optional when converting packets to wire format. + Thanks Eli Lindsey + * Option to ldns-keygen to create symlinks with known names + (i.e. without the key id) to the created files. + Thanks Andreas Schulze + * Fix #121: Correct handling of centimetres by LOC parser. + Thanks Felipe Gasper + * PR #126: Link with libldns.la in Makefile.in. + Thanks orbea + * PR #127: Addes option -Q to drill to give short answer. + Thanks niknah + * PR #133: Update m4 files for python modules. + Thanks Petr Menšík + * Bufix CAA value fields may be empty: Thanks Robert Mortimer + * PR #108: Fix for ldns-compare-zones net detecting when first zone + has a RRset that shrinks from two to one RRs, or grows from one + to two RRs. Thanks Emilio Caballero + * Fix #131: Drill sig chasing breaks with gcc-11 and + strict-aliasing. Thanks Stanislav Levin + * Fix #130: Unless $TLL is defined, ttl defaults to the last + explicitly stated value. Thanks Benno + * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc + * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 + Thanks Daniel J. Luke + * Let ldns-signzone warn for high NSEC3 iteration counts. + Thanks Andreas Schulze + +------------------------------------------------------------------- +Tue Aug 6 10:24:54 UTC 2019 - Ludwig Nussel + +- new version 1.7.1 + https://open.nlnetlabs.nl/pipermail/ldns-users/2019-July/000946.html + * Support for DNSSEC algorithms ED25519 and ED448 + when compiled with OpenSSL 1.1.1 + * An -I option to ldns-notify to specify a source IP address + to send to notify from. + * Complete OpenSSL engine support with ldns-signzone + contributed by Vadim Penzin + * security fixes CVE-2017-1000231 (boo#1068711), CVE-2017-1000232 (boo#1068709) + * includes ldns-swig4.0.patch +- add keyring and signature + +------------------------------------------------------------------- +Fri Jun 7 14:18:17 UTC 2019 - Dominique Leuenberger + +- Add ldns-swig4.0.patch: Fix build wih SWIG 4.0 (boo#1135750). + +------------------------------------------------------------------- +Mon Jan 8 10:08:13 UTC 2018 - tchvatal@suse.com + +- Switch directly to python3 in order for us to proceed with py2 + obsoletion for future releases + * Upstream sadly can build only against one of the two + +------------------------------------------------------------------- +Thu Nov 16 14:17:03 UTC 2017 - vcizek@suse.com + +- disable DANE verification when building with openssl < 1.1 to fix + build on distributions that have openssl 1.0.x + +------------------------------------------------------------------- +Sun Aug 27 20:46:30 UTC 2017 - jengelh@inai.de + +- Update descriptions. + +------------------------------------------------------------------- +Fri Aug 18 10:57:32 UTC 2017 - pmonrealgonzalez@suse.com + +- Update to version 1.7.0 + * Ldns built with openssl-1.1.0 [bsc#1042653] + * Fix #551 change Regent to Copyright holder in BSD license in some of + the headings of the file, to match the opensource.org BSD license. + * -e option makes ldns-compare-zones exit with status code 2 on difference + * Filter out specified RR types with ldns-read-zone -e and -E options + * bugfix #563: Correct DNSKEY from DSA private key. + * bugfix #562: ldns-keygen match DSA key maximum size with library. + And check keysizes with all algorithms. + * ldns-verify-zone accepts only one single zonefile as argument. + * bugfix #573: ldns-keygen write private keys with mode 0600. + * Fix configure to make ldns compile with LibreSSL 2.0 + * drill now also accepts dig style -y option + (-y <[algo:]name:key> i.s.o. -y ) + * OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey + * bugfix #608: Correct comment about escaped characters + * CDS and CDNSKEY rr type from RFC 7344. --enable-rrtype-cds configure + option removed + * fix: Memory leak in ldns_pkt_rr_list_by_name() + * fix: Memory leak in ldns_dname2buffer_wire_compress() + * bugfix #613: Allow tab as whitespace too in last rdata field of types + of variable length. + * bugfix: strip trailing whitespace from $ORIGIN lines in zone files + * Let ldns-keygen output .ds files only for KSK keys + * Parse RFC7218 TLSA mnemonics, but do not output them + * Let ldns-dane use SPKI as the default selector i.s.o. Cert + * bugfix: Fit left over NSEC3s once more before adding empty non terminals + * bugfix #605: Determine default trust anchor location at compile time + * bugfix #697: Double free with ldns-dane create + * bugfix #623: Do not redefine bool type and boolean values + * bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx + * bugfix #575: ldns_pkt_clone() does not copy timestamp field + * bugfix #584: ldns-update fixes. Send update to port 53, bring manpage + in sync with the usage text, and don't alter the ldns_resolver passed + to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone() + function in the process. + * bugfix #633: ldns_pkt_clone() parameter isn't const. + * bugfix: ldns-dane manpage correction + * RFC7553 RR Type URI is supported by default. + * Fix ECDSA signature generation, do not omit leading zeroes. + * bugfix: Get rid of superfluous newline in ldns-keyfetcher + * bugfix: -U option to ldns-signzone to sign with every algorithm + * const function parameters whenever possible. + * bugfix #725: allow RR-types on the type bitmap window border + * Add type CSYNC support, RFC 7477. + * Prepare for ED25519, ED448 support: todo convert* routines in dnssec.h, + once openssl has support for signing with these algorithms. The dns + algorithm number is not yet allocated. These features are not fully + implemented yet, openssl (1.1) does not support the algorithms enough + to generate keys and sign and verify with them. + * Fix drill axfr ipv4/ipv6 queries. + * Fix for openssl 1.1.0 API changes. + * bugfix #825: Module import breaks with newer SWIG versions. + * bugfix #769: Add support for :: in an IPv6 address + * bugfix #708: warnings and errors with xcode 6.1/7.0 + * bugfix #754: Memory leak in ldns_str2rdf_ipseckey + * bugfix #661: Fail NSEC3 signing when NSEC domainname length would + overflow. + * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys. + * bugfix #680: ldns fails to reject invalidly formatted RFC 7553 URI RRs. + * bugfix #678: Use poll i.s.o. select to support > 1024 fds + * Use OpenSSL DANE functions for verification (unless explicitly disabled + with --disable-dane-ta-usage). + * Bumb .so version + * Include OPENPGPKEY RR type by default + * rdata processing for SMIMEA RR type + * Fix crash in displaying TLSA RR's. + * Update ldns-key2ds man page to mention GOST and SHA384 hash functions. + * Add sha384 and sha512 tsig algorithm. + * Clarify data ownership with consts for tsig parameters. + * bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0 + * bugfix #1160: Provide sha256 for release tarballs + * --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0 even + when the GOST engine is not available. + +- Dropped patch ldns-perl-5.22.patch + +------------------------------------------------------------------- +Tue May 10 22:52:09 UTC 2016 - mrueckert@suse.de + +- disable python because the bindings dont match the old python + version either + +------------------------------------------------------------------- +Tue May 10 22:44:17 UTC 2016 - mrueckert@suse.de + +- disable perl on sle11 as it needs at least 5.14.2 + +------------------------------------------------------------------- +Tue May 10 22:23:24 UTC 2016 - mrueckert@suse.de + +- fix building on SLE11 by disabling gost + +------------------------------------------------------------------- +Tue Sep 1 11:46:20 UTC 2015 - dimstar@opensuse.org + +- Add ldns-perl-5.22.patch: Fix build with perl 5.22. + +------------------------------------------------------------------- +Thu May 22 17:03:27 UTC 2014 - mrueckert@suse.de + +- update to 1.6.17 + * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a + zone to be an NSEC3 (or its RRSIG) covering an empty non terminal. + * Add --disable-dane option to configure and check availability of the + for dane needed X509_check_ca function in openssl. + * bugfix #490: Get rid of type-punned pointer warnings. + Thanks Adam Tkac. + * Make sure executables are linked against libcrypto with the + LIBSSL_LDFLAGS. Thanks Leo Baltus. + * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav. + * README now shows preferred way to configure for examples and drill. + * Bind to source address for resolvers. drill binds to source with -I. + Thanks Bryan Duff. + * -T option for ldns-dane that has specific exit status for PKIX + validated connections without (secure) TLSA records. + * Fix b{32,64}_{ntop,pton} detection and handling. + * New RR type TKEY, but without operational practice. + * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA. + * New output format flag (and accompanying functions) to print certain + RR's as unknown type + * -u and -U parameter for ldns-read-zone to mark/unmark a RR type + for printing as unknown type + * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen. + * bugfix #497: Properly test for EOF when reading key files with drill. + * New functions: ldns_pkt_ixfr_request_new and + ldns_pkt_ixfr_request_new_frm_str. + * Use SNI with ldns-dane + * bugfix #507: ldnsx Fix use of non-existent variables and not + properly referring to instance variable. Patch from shussain. + * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type + dictionary. Patch from shussain. + * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL + file pointer. + * Fix memory leak in contrib/python: ldns_pkt.new_query. + * Fix buffer overflow in fget_token and bget_token. + * ldns-verify-zone NSEC3 checking from quadratic to linear performance. + Thanks NIC MX (nicmexico.mx) + * ldns-dane setup new ssl session for each new connect to prevent hangs + * bugfix #521: drill trace continue on empty non-terminals with NSEC3 + * bugfix #525: Fix documentation of ldns_resolver_set_retry + * Remove unused LDNS_RDF_TYPE_TSIG and associated functions. + * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek. + * Configure option to build perl bindings: --with-p5-dns-ldns + (DNS::LDNS is a contribution from Erik Ostlyngen) + * bugfix #527: Move -lssl before -lcrypto when linking + * Optimize TSIG digest function name comparison (Thanks Marc Buijsman) + * Compare names case insensitive with ldns_pkt_rr_list_by_name and + ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) + * A separate --enable for each draft RR type: --enable-rrtype-ninfo, + --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and + --enable-rrtype-ta + * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) + * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza) + * Adjust ldns_sha1() so that the input data is not modified (Thanks + Marc Buijsman) + * Messages to stderr are now off by default and can be reenabled with + the --enable-stderr-msgs configure option. +- enable rrtype-ninfo, rrtype-rkey, rrtype-cds, rrtype-uri, rrtype-ta +- build pyldnsx bindings +- build perl bindings +- pass the path to our CA store + +------------------------------------------------------------------- +Mon Jan 21 13:40:47 UTC 2013 - johann.luce@wanadoo.fr + +- Fix spec file for submit in Server:dns repos + +------------------------------------------------------------------- +Mon Dec 3 15:20:36 UTC 2012 - johann.luce@wanadoo.fr + +- Upgrade to 1.6.16 +1.6.16 2012-11-13 + * Fix Makefile to build pyldns with BSD make + * Fix typo in exporting b32_* symbols to make pyldns load again + * Allow leaving the RR owner name empty in ldns-testns datafiles. + * Fix fail to create NSEC3 bitmap for empty non-terminal (bug + introduced in 1.6.14). + +1.6.15 2012-10-25 + * Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns + binary compatible with earlier releases again. + +1.6.14 2012-10-23 + * DANE support (RFC6698), including ldns-dane example tool. + * Configurable default CA certificate repository for ldns-dane with + --with-ca-file=CAFILE and --with-ca-path=CAPATH + * Configurable default trust anchor with --with-trust-anchor=FILE + for drill, ldns-verify-zone and ldns-dane + * bugfix #474: Define socklen_t when undefined (like in Win32) + * bugfix #473: Dead code removal and resource leak fix in drill + * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too. + * Various bugfixes from code reviews from CZ.NIC and Paul Wouters + * ldns-notify TSIG option argument checking + * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's + in sync. + * Let ldns_pkt_push_rr now return false on (memory) errors. + * Make buffer_export comply to documentation and fix buffer2str + * Various improvements and fixes of pyldns from Katel Slany + now documented in their own Changelog. + * bugfix: Make ldns_resolver_pop_nameserver clear the array when + there was only one. + * bugfix #459: Remove ldns_symbols and export symbols based on regex + * bugfix #458: Track all newly created signatures when signing. + * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given. + * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm. + * pyldns memory handling fixes and the python3/ldns-signzone.py + examples script contribution from Karel Slany. + * bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed + to be bigger (or equal) P in ldns_key_dsa2bin. + * bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new. + * bugfix #448: Copy nameserver value (in stead of reference) of the + answering nameserver to the answer packet in ldns_send_buffer, so + the original value may be deep freed with the ldns_resolver struct. + * New -0 option for ldns-read-zone to replace inception, expiration + and signature rdata fields with (null). Thanks Paul Wouters. + * New -p option for ldns-read-zone to prepend-pad SOA serial to take + up ten characters. + * Return error if printing RR fails due to unknown/null RDATA. + +------------------------------------------------------------------- +Sun Jun 10 20:33:18 UTC 2012 - johann.luce@wanadoo.fr + +- Upgrade to 1.6.13 + * New -S option for ldns-verify-zone to chase signatures online. + * New -k option for ldns-verify-zone to validate using a trusted key. + * New inception and expiration margin options (-i and -e) to + ldns-verify-zone. + * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l + functions. + * New ldns_duration* functions (copied from OpenDNSSEC source) + * fix ldns-verify-zone to allow NSEC3 signatures to come before + the NSEC3 RR in all cases. Thanks Wolfgang Nagele. + * Zero the correct flag (opt-out) when creating NSEC3PARAMS. + Thanks Peter van Dijk. + * Canonicalize RRSIG's Signer's name too when validating, because + bind and unbound do that too. Thanks Peter van Dijk. + * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label + * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free + * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT + * bugfix #427: Explicitely link ssl with the programs that use it. + * Fix reading \DDD: Error on values that are outside range (>255). + * bugfix #429: fix doxyparse.pl fails on NetBSD because specified + path to perl. + * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. + * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. + Thanks John Barnitz + +------------------------------------------------------------------- +Thu Apr 19 14:05:39 UTC 2012 - johann.luce@wanadoo.fr + +- Upgrade in 1.6.12 + * bugfix #413: Fix manpage source for srcdir != builddir + * Canonicalize the signers name rdata field in RRSIGs when signing + * Ignore minor version of Private-key-format (so v1.3 may be used) + * Allow a check_time to be given in stead of always checking against + the current time. With ldns-verify-zone the check_time can be set + with the -t option. + * Added functions for updating and manipulating SOA serial numbers. + ldns-read-zone has an option -S for updating and manipulating the + serial numbers. + * The library Makefile is now GNU and BSD make compatible. + * bugfix #419: NSEC3 validation of a name covered by a wildcard with + no data. + * Two new options (--with-drill and --with-examples) to the main + configure script (in the root of the source tree) to build drill + and examples too. + * Fix days_since_epoch to year_yday calculation on 32bits systems. +------------------------------------------------------------------- +Tue Jan 10 11:21:38 UTC 2012 - dimstar@opensuse.org + +- Add openssl-devel Requires to -devel package: dnssec.h includes + ssl.h, which in turn is provided by openssl-devel. Without this + Requires, depending packages need to be aware of underlying + implementations of ldns. + +------------------------------------------------------------------- +Mon Oct 17 15:17:12 UTC 2011 - lnussel@suse.de + +- new version 1.6.11 + * new ldnsx python module + * fix heap overflow (bnc#720277, CVE-2011-3581) + +------------------------------------------------------------------- +Wed May 25 13:38:43 UTC 2011 - lnussel@suse.de + +- new version 1.6.9 +- enable python bindings, used by sshfp's dane tool +- merge with Factory version + +------------------------------------------------------------------- +Mon Apr 27 15:34:10 CEST 2009 - crrodriguez@suse.de + +- initial version, required by unbound + +------------------------------------------------------------------- +Wed May 21 17:59:04 CEST 2008 - mrueckert@suse.de + +- fix the rpmlint warnings + +------------------------------------------------------------------- +Wed May 21 05:53:12 CEST 2008 - mrueckert@suse.de + +- update to 1.3.0.pre20080229 (taken from unbound-1.0.0 tarball) + required version update to make it work with unbound + +------------------------------------------------------------------- +Wed May 21 04:43:07 CEST 2008 - mrueckert@suse.de + +- initial package + diff --git a/ldns.keyring b/ldns.keyring new file mode 100644 index 0000000..f2268a4 --- /dev/null +++ b/ldns.keyring @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07 +WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTp +Mnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRai +a54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZ +xR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20 +tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXi +DqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbO +tgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpy +cDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ +45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdim +pAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQAB +tCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAIb +IwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlbUE5oFCRDr7kkACgkQ5fj4IS93 +pJiGfA/8C1+/M+EaQItVzQ/iPCbagBTqWOSispMzJne9gmimJzPs+lxgnrXOuYlI +BywHpWB2Jmz45h+Cc4+di48WQfV9tHENn9MVFkwKzSdcY6v5eot6xSY5FRHS226M +PR9UJ8/z5PvlizZUVbbM+Ngxg3Rx045Q0FnQm0o5VasEJ1PoR3CSiELJoZ13ukTk +5pQlKyVknUKH1E1ds+Xtg1jpZBqiLiBzcLkKWYqBvrXI6XAEPr+woRgj3xV8P24U +j232uK7xoe82jWIeZWXt/AbHBSmNOWPIgMd9i3FjdeTDml5sZSy3BlDYMr8hINen +hYLhdLpJnXwPcsaj0ivcV+xSjLtSh0mE4gudcVhk5XR1M6emSlATC6+Bqn0M9JNT +n4SHhkNSyo87aPwKqWFDlvjAZlRyPym9miJBlzech2uOlYSk6GFuead7MpGAipf5 +PwNNRKDMDi3y+H47YG2izbrqj3cOZdqZmErwrzCU8xVkxzY/EY6w/MNMFNeqmXVG +xzIZ8y9KAjH6JO96M/AxS4mXHJh1ocfHtSm90Ahy/HPJK+2+5+IgkAymKsvyIbvj +s7FccMUo+OiSPWYi+xO/NXA4pBlUuGmV55Kog7ym1flzo8OD9uHfLPrVORBHgnsI +Tbzf9vgJ0emy8fxMCkzFT334gC1OVhD1ff1frbPXyVbcGI8AO+q5Ag0ETWzzUQEQ +AKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuU +ia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd +6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/c +laxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNG +Qplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124Ybc +WC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC +6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+ +hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/ +NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzr +avs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ +5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiUEGAECAA8C +GwwFAlbUE5oFCRDr7kkACgkQ5fj4IS93pJjBwxAAnko5CSFDX/ZqW97satNacACH +SAOOM8/jz1p2QtJSwbrbLsJRMpN1mSnjXWPBTmXoP4SGHGtxTVZxrYCpSMEHMqOV +4yK3QlUnQXnf+CSvo2Ud3rpCh/lFLVHqG2Sy5Ietf/T+GGsoPd9DIdTHO0aFlW2y +RQPxSrbYpv1v2aACgRO4114qkex2j36diqlLod/OU4OQ51nuSesjTrUM9Fz6ikBJ +1UDjakjAXe/HiRxUmdv4LANCmso+Gn17Co5lUdpn3fa8zTwNNAgLm6RBiBSSdaYE +xM9ir6pHrcWL5N+iZKnVmfE5CBufziZq7V1E3I4FRuvDN4echbf58c6YxBQDsd9V +ZMJeFWY60w4JEXpHQdt129GS1FN/2PQ8NmAUXYCkYYk6Lv1tnGJCSLnD3ObLyWm+ +sjA5yAK2H8WU+nutsDF63yFJujNMpmB3bi9+699TzsyQNVKd2fH38cgk1gZFb6Nb +x9+lrTIwzAJJlOu8UwbR0HgGuRmrWp0EIm3tcy4xqWF3CavnM22BAOKKKH+qnwx8 +BRrx58coHQFMswW4W7Bo+jpKbQJ4RV2cXUEbmHbYUoXDHZyv/RzOI46dXAoWFc3o +CoqLqpsZYZstJ4UJHXB5aHi1zxJDwzKxsflmSKfIUr3glRWCy/ylcPMEXzPBb3qb +GFMUboioUjqLuNV4SSY= +=n3Or +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ldns.spec b/ldns.spec new file mode 100644 index 0000000..9865d45 --- /dev/null +++ b/ldns.spec @@ -0,0 +1,198 @@ +# +# spec file for package ldns +# +# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2024 Andreas Stieger +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define libname libldns3 +Name: ldns +Version: 1.8.4 +Release: 0 +Summary: A library for developing the Domain Name System +License: BSD-3-Clause +Group: Development/Libraries/C and C++ +URL: https://www.nlnetlabs.nl/projects/ldns/ +Source: https://www.nlnetlabs.nl/downloads/ldns/ldns-%{version}.tar.gz +Source1: https://www.nlnetlabs.nl/downloads/ldns/ldns-%{version}.tar.gz.asc +Source2: ldns.keyring +Patch2: ldns-1.8.4-swig-3.4.0.patch +BuildRequires: doxygen +BuildRequires: fdupes +BuildRequires: libopenssl-devel +BuildRequires: libpcap-devel +BuildRequires: perl-Devel-CheckLib +BuildRequires: python3-devel +BuildRequires: swig + +%description +ldns is a C library that can be used for domain name system (DNS) +development. It supports RFCs like the DNSSEC documents, and allows +developers to create software conforming to RFCs, as well as +experimental software for current Internet Drafts. + +This package holds the tools/examples from ldns. + +%package -n %{libname} +Summary: A library for developing the Domain Name System +Group: System/Libraries + +%description -n %{libname} +ldns is a C library that can be used for domain name system (DNS) +development. It supports RFCs like the DNSSEC documents, and allows +developers to create software conforming to RFCs, as well as +experimental software for current Internet Drafts. + +%package devel +Summary: Development files for ldns +Group: Development/Libraries/C and C++ +Requires: %{libname} = %{version} +Requires: openssl-devel + +%description devel +ldns is a C library that can be used for domain name system (DNS) +development. It supports RFCs like the DNSSEC documents, and allows +developers to create software conforming to RFCs, as well as +experimental software for current Internet Drafts. + +This package holds the development files. + +%package -n python3-ldns +Summary: Python3 bindings for ldns +Group: Development/Languages/Python +Requires: %{libname} >= %{version} + +%description -n python3-ldns +Python bindings for the ldns library + +%package -n perl-DNS-LDNS +Summary: Perl bindings for ldns +Group: Development/Languages/Perl +Requires: %{libname} >= %{version} +%{libperl_requires} + +%description -n perl-DNS-LDNS +Perl bindings for the ldns library. + +%prep +%autosetup -p1 + +%build +export CFLAGS="%{optflags} -fno-strict-aliasing" +if pkg-config --max-version=1.1.0 openssl; then + DISABLE_DANE="--disable-dane-verify" +fi +export PYTHON=%{_bindir}/python3 +%configure \ + --disable-rpath \ + --disable-static \ + --enable-rrtype-ninfo \ + --enable-rrtype-rkey \ + --enable-rrtype-cds \ + --enable-rrtype-uri \ + --enable-rrtype-ta \ + --with-pyldns \ + --with-pyldnsx \ + --with-drill \ + --with-examples \ + --with-ca-path=%{_sysconfdir}/ssl/certs/ \ + $DISABLE_DANE +%make_build + +# We cannot use the built-in --with-p5-dns-ldns +pushd contrib/DNS-LDNS +LD_LIBRARY_PATH="../../lib:$LD_LIBRARY_PATH" perl \ + Makefile.PL INSTALLDIRS=vendor INC="-I. -I../.." LIBS="-L../../lib" +%make_build +popd + +%install +make DESTDIR=%{buildroot} \ + install \ + install-drill \ + install-examples + +make DESTDIR=%{buildroot} \ + install-pyldns \ + install-pyldnsx +rm -v %{buildroot}%{python3_sitearch}/*.la + +make -C contrib/DNS-LDNS DESTDIR=%{buildroot} pure_install +chmod 755 %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/LDNS.so +rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs} + +rm -v %{buildroot}%{_libdir}/libldns.*a +%fdupes %{buildroot}%{_mandir} + +%ldconfig_scriptlets -n %{libname} + +%files +%license LICENSE +%{_bindir}/drill +%{_bindir}/ldns-chaos +%{_bindir}/ldns-compare-zones +%{_bindir}/ldns-dpa +%{_bindir}/ldns-gen-zone +%{_bindir}/ldns-key2ds +%{_bindir}/ldns-keyfetcher +%{_bindir}/ldns-keygen +%{_bindir}/ldns-mx +%{_bindir}/ldns-notify +%{_bindir}/ldns-nsec3-hash +%{_bindir}/ldns-read-zone +%{_bindir}/ldns-resolver +%{_bindir}/ldns-revoke +%{_bindir}/ldns-rrsig +%{_bindir}/ldns-signzone +%{_bindir}/ldns-test-edns +%{_bindir}/ldns-testns +%{_bindir}/ldns-update +%{_bindir}/ldns-verify-zone +%{_bindir}/ldns-version +%{_bindir}/ldns-walk +%{_bindir}/ldns-zcat +%{_bindir}/ldns-zsplit +%{_bindir}/ldnsd +%{_bindir}/ldns-dane +%{_mandir}/man1/drill.1%{?ext_man} +%{_mandir}/man1/ldns*.1%{?ext_man} + +%files -n %{libname} +%license LICENSE +%{_libdir}/libldns.so.* + +%files devel +%license LICENSE +%{_bindir}/ldns-config +%{_includedir}/ldns/ +%{_libdir}/libldns.so +%{_libdir}/pkgconfig/ldns.pc +%{_mandir}/man3/ldns*.3%{?ext_man} +%doc libdns.vim README* + +%files -n perl-DNS-LDNS +%license LICENSE +%{perl_vendorarch}/DNS/LDNS.pm +%dir %{perl_vendorarch}/DNS/ +%{perl_vendorarch}/DNS/LDNS/ +%dir %{perl_vendorarch}/auto/DNS/ +%{perl_vendorarch}/auto/DNS/LDNS/ +%{_mandir}/man3/DNS::LDNS*3pm* + +%files -n python3-ldns +%license LICENSE +%{python3_sitearch}/*ldns* + +%changelog From c85a77cb8cfcaae89cc3be6f0d76d3881b55ae6e5382f609d32af39c0207f1ad Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Mon, 4 Nov 2024 13:09:02 +0000 Subject: [PATCH 2/2] - upstreamed, droped: ldns-swig-4.2.patch, ldns-swig-32bit.patch - ldns-1.8.4-swig-3.4.0.patch: fix build with Swig 3.4.0 [boo#1231584] OBS-URL: https://build.opensuse.org/package/show/server:dns/ldns?expand=0&rev=50 --- ldns.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ldns.changes b/ldns.changes index cc6e65e..02aa1ed 100644 --- a/ldns.changes +++ b/ldns.changes @@ -10,8 +10,8 @@ Mon Nov 4 11:08:29 UTC 2024 - Andreas Stieger * improve 'next-label' algorithm in ldns-walk * Add functions to extract RFC 8914 extended errors * Build system fixes and fixes for dependencies -- drop ldns-swig-4.2.patch, ldns-swig-32bit.patch -- add ldns-1.8.4-swig-3.4.0.patch boo#1231584 +- upstreamed, droped: ldns-swig-4.2.patch, ldns-swig-32bit.patch +- ldns-1.8.4-swig-3.4.0.patch: fix build with Swig 3.4.0 [boo#1231584] ------------------------------------------------------------------- Wed Jul 10 13:43:44 UTC 2024 - Martin Jambor