rpms
/
opendnssec
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c-beta-stream-client
rpms:c8-beta-stream-client
rpms:i8c-beta-stream-DL1
rpms:c8-beta-stream-DL1
rpms:i8c-stream-client
rpms:c8-stream-client
rpms:i8c-stream-DL1
rpms:c8-stream-DL1
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta
...
pull from: rpms:c8-stream-client
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c-beta-stream-client
rpms:c8-beta-stream-client
rpms:i8c-beta-stream-DL1
rpms:c8-beta-stream-DL1
rpms:i8c-stream-client
rpms:c8-stream-client
rpms:i8c-stream-DL1
rpms:c8-stream-DL1
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c9' and 'c8-stream-client' have entirely different histories.
c9 ... c8-stream-

6 changed files with 18 additions and 200 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/opendnssec-2.1.10.tar.gz SOURCES/opendnssec-2.1.7.tar.gz

2
.opendnssec.metadata
Unescape View File

@ -1 +1 @@
450313b710434d1d7531b5eb5c28a475646a49fb SOURCES/opendnssec-2.1.10.tar.gz 0277e4f54098bea74809e3d8e6cad1a435570349 SOURCES/opendnssec-2.1.7.tar.gz

35
SOURCES/0001-Pass-right-remaining-buffer-size-in-hsm_hex_unparse-.patch
Unescape View File

@ -1,35 +0,0 @@
From 4d87db0f11bcdd5c54fadb92351b603bd07f76f8 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 30 Jan 2023 11:44:49 +0200
Subject: [PATCH] Pass right remaining buffer size in hsm_hex_unparse to handle
string fortification
When string fortification is in use (-DFORTIFY_SOURCE=3), GCC and glibc
will cut few bytes off the string buffer for prevention of buffer
overruns. As a result, hsm_hex_unparse() will call into snprintf() with
a buffer length bigger than the size of the buffer as seen by the
GCC/glibc pair.
See also: https://pagure.io/freeipa/issue/9312
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
libhsm/src/lib/libhsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libhsm/src/lib/libhsm.c b/libhsm/src/lib/libhsm.c
index 88dc79e31..8f1e0c3bc 100644
--- a/libhsm/src/lib/libhsm.c
+++ b/libhsm/src/lib/libhsm.c
@@ -1382,7 +1382,7 @@ hsm_hex_unparse(char *dst, const unsigned char *src, size_t len)
size_t i;
for (i = 0; i < len; i++) {
- snprintf(dst + (2*i), dst_len, "%02x", src[i]);
+ snprintf(dst + (2*i), dst_len - (2*i), "%02x", src[i]);
}
dst[len*2] = '\0';
}
--
2.39.0

83
SOURCES/1001-opendnssec-c99.patch
Unescape View File

@ -1,83 +0,0 @@
Include <unistd.h> for the setresuid and setresgid functions,
to avoid an implicit function declaration.
Submitted upstream: <https://github.com/opendnssec/opendnssec/pull/843>
diff --git a/configure b/configure
index bf515cde3d4fab71..52d2885d6a6ef546 100755
--- a/configure
+++ b/configure
@@ -21101,6 +21101,7 @@ else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
+#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
@@ -21143,6 +21144,7 @@ else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
+#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
diff --git a/m4/acx_broken_setres.m4 b/m4/acx_broken_setres.m4
index 374cee0b0b8ef196..467db9170a319170 100644
--- a/m4/acx_broken_setres.m4
+++ b/m4/acx_broken_setres.m4
@@ -4,6 +4,7 @@ AC_DEFUN([ACX_BROKEN_SETRES],[
AC_MSG_CHECKING(if setresuid seems to work)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([[
+#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
@@ -20,6 +21,7 @@ int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
AC_MSG_CHECKING(if setresgid seems to work)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([[
+#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
commit 27290c5fcd065a5a857d37236e7f79121e303d0a
Author: Mathieu Mirmont <mat@parad0x.org>
Date: Sun Dec 1 18:43:53 2019 +0100
common: add missing util.h header
diff --git a/common/scheduler/task.c b/common/scheduler/task.c
index cfdbd2d101aae795..9c09dc1893363abe 100644
--- a/common/scheduler/task.c
+++ b/common/scheduler/task.c
@@ -39,6 +39,7 @@
#include "status.h"
#include "duration.h"
#include "file.h"
+#include "util.h"
#include "log.h"
static const char* task_str = "task";
commit 5422819c17c02e6069328b2f5e4bef6fe5c179df
Author: Mathieu Mirmont <mat@parad0x.org>
Date: Sun Dec 1 17:57:36 2019 +0100
enforcer: remove remove strptime build warning
diff --git a/enforcer/src/daemon/time_leap_cmd.c b/enforcer/src/daemon/time_leap_cmd.c
index f1ee21b87529c136..5baef1b6ff7c4cc2 100644
--- a/enforcer/src/daemon/time_leap_cmd.c
+++ b/enforcer/src/daemon/time_leap_cmd.c
@@ -26,8 +26,8 @@
*
*/
-#include <getopt.h>
#include "config.h"
+#include <getopt.h>
#include "file.h"
#include "duration.h"

2
SOURCES/ods-signerd.service
Unescape View File

@ -1,6 +1,6 @@
[Unit] [Unit]
Description=OpenDNSSEC signer daemon Description=OpenDNSSEC signer daemon
After=syslog.target network.target ods-enforcerd.service After=syslog.target network.target ods-enforcerd
[Service] [Service]
Type=simple Type=simple

94
SPECS/opendnssec.spec
Unescape View File

@ -3,8 +3,8 @@
Summary: DNSSEC key and zone management software Summary: DNSSEC key and zone management software
Name: opendnssec Name: opendnssec
Version: 2.1.10 Version: 2.1.7
Release: 1%{?dist} Release: 1%{?prever}%{?dist}
License: BSD License: BSD
Url: http://www.opendnssec.org/ Url: http://www.opendnssec.org/
Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
@ -17,12 +17,8 @@ Source6: opendnssec.cron
Source7: opendnssec-2.1.sqlite_convert.sql Source7: opendnssec-2.1.sqlite_convert.sql
Source8: opendnssec-2.1.sqlite_rpmversion.sql Source8: opendnssec-2.1.sqlite_rpmversion.sql
Patch1: 0001-Pass-right-remaining-buffer-size-in-hsm_hex_unparse-.patch
Patch1001: 1001-opendnssec-c99.patch
Requires: opencryptoki, softhsm >= 2.5.0 , systemd-units Requires: opencryptoki, softhsm >= 2.5.0 , systemd-units
Requires: libxml2, libxslt sqlite Requires: libxml2, libxslt sqlite
BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: ldns-devel >= 1.6.12, sqlite-devel >= 3.0.0, openssl-devel BuildRequires: ldns-devel >= 1.6.12, sqlite-devel >= 3.0.0, openssl-devel
BuildRequires: libxml2-devel CUnit-devel, doxygen BuildRequires: libxml2-devel CUnit-devel, doxygen
@ -36,8 +32,10 @@ Requires(pre): shadow-utils
Requires(post): systemd-units Requires(post): systemd-units
Requires(preun): systemd-units Requires(preun): systemd-units
Requires(postun): systemd-units Requires(postun): systemd-units
%if 0%{?prever:1}
# For building development snapshots
Buildrequires: autoconf, automake, libtool, java Buildrequires: autoconf, automake, libtool, java
%endif
%description %description
OpenDNSSEC was created as an open-source turn-key solution for DNSSEC. OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.
@ -46,21 +44,19 @@ name server. It requires a PKCS#11 crypto module library, such as softhsm
%prep %prep
%setup -q -n %{name}-%{version}%{?prever} %setup -q -n %{name}-%{version}%{?prever}
%autopatch -p1
# bump default policy ZSK keysize to 2048 # bump default policy ZSK keysize to 2048
sed -i "s/1024/2048/" conf/kasp.xml.in sed -i "s/1024/2048/" conf/kasp.xml.in
%build %build
export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld" #export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security" #export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security"
export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wformat-nonliteral -Wformat-security" #export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wformat-nonliteral -Wformat-security"
%if 0%{?prever:1} %if 0%{?prever:1}
# for development snapshots # for development snapshots
sh ./autogen.sh sh ./autogen.sh
%endif %endif
%configure --with-ldns=%{_libdir} %configure --with-ldns=%{_libdir}
%make_build make %{?_smp_mflags}
%check %check
# Requires sample db not shipped with upstream # Requires sample db not shipped with upstream
@ -68,7 +64,7 @@ sh ./autogen.sh
%install %install
rm -rf %{buildroot} rm -rf %{buildroot}
%make_install make DESTDIR=%{buildroot} install
mkdir -p %{buildroot}%{_localstatedir}/opendnssec/{tmp,signed,signconf,enforcer} mkdir -p %{buildroot}%{_localstatedir}/opendnssec/{tmp,signed,signconf,enforcer}
install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/ install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
install -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec install -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
@ -181,75 +177,15 @@ ods-enforcer update all >/dev/null 2>/dev/null ||:
%systemd_postun_with_restart ods-signerd.service %systemd_postun_with_restart ods-signerd.service
%changelog %changelog
* Thu Apr 27 2023 Rafael Guterres Jeffman <rjeffman@redhat.com> - 2.1.10-1
- Upstream release 2.1.10.
Resolves: rhbz#1981324
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.8-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.8-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.8-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Sat Feb 20 2021 Fedora Release Monitoring <release-monitoring@fedoraproject.org> - 2.1.8-1
- Update to 2.1.8 (#1931143)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Dec 19 10:13:50 PST 2020 awilliam@redhat.com - 2.1.7-3
- Rebuild for libldns soname bump
* Tue Dec 8 21:09:23 EST 2020 Paul Wouters <pwouters@redhat.com> - 2.1.7-2
- Resolves rhbz#1826233 ods-enforcerd.service should wait until socket is ready
* Fri Dec 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.7-1 * Fri Dec 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.7-1
- Upstream release 2.1.7 - Upstream release 2.1.7
- Resolves: rhbz#1904484
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.6-8 * Fri May 08 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - Resolves: rhbz#1831732 AVC avc: denied { dac_override } for comm="ods-enforcerd
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.1.6-7
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Thu May 28 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-6
- Resolves: rhbz#1833718 ods-signerd.service missing .service
* Mon Apr 20 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-5
- Resolves: rhbz#1825812 AVC avc: denied { dac_override } for comm="ods-enforcerd
* Wed Mar 11 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-4
- Fix migration check to not attempt to check on first install with no db
* Tue Mar 03 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.6-3
- Create and manage /var/opendnssec/enforcer directory
- Resolves rhbz#1809492
* Wed Feb 19 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-2
- Update to 2.1.6 (major upgrade, supports migration from 1.4.x)
- gcc10 compile fixups
- Fix trying to use unversioned libsqlite3.so file
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-2 * Wed Apr 15 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Resolves: rhbz#1759888 Rebase OpenDNSSEC to 2.1
* Tue Dec 12 2017 Paul Wouters <pwouters@redhat.com> - 1.4.14-1 * Tue Dec 12 2017 Paul Wouters <pwouters@redhat.com> - 1.4.14-1
- Update to 1.4.14 as first steop to migrating to 2.x - Update to 1.4.14 as first steop to migrating to 2.x

Write Preview
Loading…
Cancel
Save