6 changed files with 20 additions and 199 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/opendnssec-2.1.10.tar.gz
+SOURCES/opendnssec-2.1.7.tar.gz
--- a/.opendnssec.metadata
+++ b/.opendnssec.metadata
@ -1 +1 @@
-450313b710434d1d7531b5eb5c28a475646a49fb SOURCES/opendnssec-2.1.10.tar.gz
+0277e4f54098bea74809e3d8e6cad1a435570349 SOURCES/opendnssec-2.1.7.tar.gz
--- a/SOURCES/0001-Pass-right-remaining-buffer-size-in-hsm_hex_unparse-.patch
+++ b/SOURCES/0001-Pass-right-remaining-buffer-size-in-hsm_hex_unparse-.patch
@ -1,35 +0,0 @@
-From 4d87db0f11bcdd5c54fadb92351b603bd07f76f8 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <abokovoy@redhat.com>
-Date: Mon, 30 Jan 2023 11:44:49 +0200
-Subject: [PATCH] Pass right remaining buffer size in hsm_hex_unparse to handle
- string fortification
-
-When string fortification is in use (-DFORTIFY_SOURCE=3), GCC and glibc
-will cut few bytes off the string buffer for prevention of buffer
-overruns. As a result, hsm_hex_unparse() will call into snprintf() with
-a buffer length bigger than the size of the buffer as seen by the
-GCC/glibc pair.
-
-See also: https://pagure.io/freeipa/issue/9312
-
-Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
- libhsm/src/lib/libhsm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libhsm/src/lib/libhsm.c b/libhsm/src/lib/libhsm.c
-index 88dc79e31..8f1e0c3bc 100644
--- a/libhsm/src/lib/libhsm.c
-+++ b/libhsm/src/lib/libhsm.c
-@@ -1382,7 +1382,7 @@ hsm_hex_unparse(char *dst, const unsigned char *src, size_t len)
-     size_t i;
- 
-     for (i = 0; i < len; i++) {
-        snprintf(dst + (2*i), dst_len, "%02x", src[i]);
-+        snprintf(dst + (2*i), dst_len - (2*i), "%02x", src[i]);
-     }
-     dst[len*2] = '\0';
- }
-- 
-2.39.0
-
--- a/SOURCES/1001-opendnssec-c99.patch
+++ b/SOURCES/1001-opendnssec-c99.patch
@ -1,83 +0,0 @@
-Include <unistd.h> for the setresuid and setresgid functions,
-to avoid an implicit function declaration.
-
-Submitted upstream: <https://github.com/opendnssec/opendnssec/pull/843>
-
-diff --git a/configure b/configure
-index bf515cde3d4fab71..52d2885d6a6ef546 100755
--- a/configure
-+++ b/configure
-@@ -21101,6 +21101,7 @@ else
-   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-+#include <unistd.h>
- #include <stdlib.h>
- #include <errno.h>
- int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
-@@ -21143,6 +21144,7 @@ else
-   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
-+#include <unistd.h>
- #include <stdlib.h>
- #include <errno.h>
- int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
-diff --git a/m4/acx_broken_setres.m4 b/m4/acx_broken_setres.m4
-index 374cee0b0b8ef196..467db9170a319170 100644
--- a/m4/acx_broken_setres.m4
-+++ b/m4/acx_broken_setres.m4
-@@ -4,6 +4,7 @@ AC_DEFUN([ACX_BROKEN_SETRES],[
- 		AC_MSG_CHECKING(if setresuid seems to work)
- 		AC_RUN_IFELSE(
- 			[AC_LANG_SOURCE([[
-+#include <unistd.h>
- #include <stdlib.h>
- #include <errno.h>
- int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
-@@ -20,6 +21,7 @@ int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
- 		AC_MSG_CHECKING(if setresgid seems to work)
- 		AC_RUN_IFELSE(
- 			[AC_LANG_SOURCE([[
-+#include <unistd.h>
- #include <stdlib.h>
- #include <errno.h>
- int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
-commit 27290c5fcd065a5a857d37236e7f79121e303d0a
-Author: Mathieu Mirmont <mat@parad0x.org>
-Date:   Sun Dec 1 18:43:53 2019 +0100
-
-    common: add missing util.h header
-
-diff --git a/common/scheduler/task.c b/common/scheduler/task.c
-index cfdbd2d101aae795..9c09dc1893363abe 100644
--- a/common/scheduler/task.c
-+++ b/common/scheduler/task.c
-@@ -39,6 +39,7 @@
- #include "status.h"
- #include "duration.h"
- #include "file.h"
-+#include "util.h"
- #include "log.h"
- 
- static const char* task_str = "task";
-commit 5422819c17c02e6069328b2f5e4bef6fe5c179df
-Author: Mathieu Mirmont <mat@parad0x.org>
-Date:   Sun Dec 1 17:57:36 2019 +0100
-
-    enforcer: remove remove strptime build warning
-
-diff --git a/enforcer/src/daemon/time_leap_cmd.c b/enforcer/src/daemon/time_leap_cmd.c
-index f1ee21b87529c136..5baef1b6ff7c4cc2 100644
--- a/enforcer/src/daemon/time_leap_cmd.c
-+++ b/enforcer/src/daemon/time_leap_cmd.c
-@@ -26,8 +26,8 @@
-  *
-  */
- 
-#include <getopt.h>
- #include "config.h"
-+#include <getopt.h>
- 
- #include "file.h"
- #include "duration.h"
--- a/SOURCES/ods-signerd.service
+++ b/SOURCES/ods-signerd.service
@ -1,6 +1,6 @@
 [Unit]
 Description=OpenDNSSEC signer daemon
-After=syslog.target network.target ods-enforcerd.service
+After=syslog.target network.target ods-enforcerd

 [Service]
 Type=simple
--- a/SPECS/opendnssec.spec
+++ b/SPECS/opendnssec.spec
@ -3,8 +3,8 @@

 Summary: DNSSEC key and zone management software
 Name: opendnssec
-Version: 2.1.10
-Release: 1%{?dist}
+Version: 2.1.7
+Release: 1%{?prever}%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
@ -17,12 +17,8 @@ Source6: opendnssec.cron
 Source7: opendnssec-2.1.sqlite_convert.sql
 Source8: opendnssec-2.1.sqlite_rpmversion.sql

-Patch1:    0001-Pass-right-remaining-buffer-size-in-hsm_hex_unparse-.patch
-Patch1001: 1001-opendnssec-c99.patch
-
 Requires: opencryptoki, softhsm >= 2.5.0 , systemd-units
 Requires: libxml2, libxslt sqlite
-BuildRequires: make
 BuildRequires:  gcc
 BuildRequires: ldns-devel >= 1.6.12, sqlite-devel >= 3.0.0, openssl-devel
 BuildRequires: libxml2-devel CUnit-devel, doxygen
@ -36,8 +32,10 @@ Requires(pre): shadow-utils
 Requires(post): systemd-units
 Requires(preun): systemd-units
 Requires(postun): systemd-units
-
+%if 0%{?prever:1}
+# For building development snapshots
 Buildrequires: autoconf, automake, libtool, java
+%endif

 %description
 OpenDNSSEC was created as an open-source turn-key solution for DNSSEC.
@ -46,21 +44,19 @@ name server. It requires a PKCS#11 crypto module library, such as softhsm

 %prep
 %setup -q -n %{name}-%{version}%{?prever}
-%autopatch -p1
-
 # bump default policy ZSK keysize to 2048
 sed -i "s/1024/2048/" conf/kasp.xml.in

 %build
-export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
-export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security"
-export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wformat-nonliteral -Wformat-security"
+#export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
+#export CFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wextra -Wformat -Wformat-nonliteral -Wformat-security"
+#export CXXFLAGS="$RPM_OPT_FLAGS -fPIE -pie -Wformat-nonliteral -Wformat-security"
 %if 0%{?prever:1}
 # for development snapshots
 sh ./autogen.sh
 %endif
 %configure --with-ldns=%{_libdir}
-%make_build
+make %{?_smp_mflags}

 %check
 # Requires sample db not shipped with upstream
@ -68,7 +64,7 @@ sh ./autogen.sh

 %install
 rm -rf %{buildroot}
-%make_install
+make DESTDIR=%{buildroot} install
 mkdir -p %{buildroot}%{_localstatedir}/opendnssec/{tmp,signed,signconf,enforcer}
 install -d -m 0755 %{buildroot}%{_initrddir} %{buildroot}%{_sysconfdir}/cron.d/
 install -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/cron.d/opendnssec
@ -181,75 +177,18 @@ ods-enforcer update all >/dev/null 2>/dev/null ||:
 %systemd_postun_with_restart ods-signerd.service

 %changelog
-* Thu Apr 27 2023 Rafael Guterres Jeffman <rjeffman@redhat.com> - 2.1.10-1
- Upstream release 2.1.10.
-  Resolves: rhbz#1981324
-
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.8-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.8-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
-  Related: rhbz#1971065
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.8-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-
-* Sat Feb 20 2021 Fedora Release Monitoring <release-monitoring@fedoraproject.org> - 2.1.8-1
- Update to 2.1.8 (#1931143)
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Sat Dec 19 10:13:50 PST 2020 awilliam@redhat.com - 2.1.7-3
- Rebuild for libldns soname bump
-
-* Tue Dec  8 21:09:23 EST 2020 Paul Wouters <pwouters@redhat.com> - 2.1.7-2
- Resolves rhbz#1826233 ods-enforcerd.service should wait until socket is ready
+* Sun Dec 10 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.1.7-1
+- Rebuilt for MSVSphere 8.8

 * Fri Dec 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.7-1
 - Upstream release 2.1.7
+- Resolves: rhbz#1904484

-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.6-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2.1.6-7
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
-
-* Thu May 28 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-6
- Resolves: rhbz#1833718 ods-signerd.service missing .service
-
-* Mon Apr 20 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-5
- Resolves: rhbz#1825812 AVC avc: denied { dac_override } for comm="ods-enforcerd
-
-* Wed Mar 11 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-4
- Fix migration check to not attempt to check on first install with no db
-
-* Tue Mar 03 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.6-3
- Create and manage /var/opendnssec/enforcer directory
- Resolves rhbz#1809492
-
-* Wed Feb 19 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-2
- Update to 2.1.6 (major upgrade, supports migration from 1.4.x)
- gcc10 compile fixups
- Fix trying to use unversioned libsqlite3.so file
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+* Fri May 08 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-2
+- Resolves: rhbz#1831732 AVC avc: denied { dac_override } for comm="ods-enforcerd

-* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+* Wed Apr 15 2020 Paul Wouters <pwouters@redhat.com> - 2.1.6-1
+- Resolves: rhbz#1759888 Rebase OpenDNSSEC to 2.1

 * Tue Dec 12 2017 Paul Wouters <pwouters@redhat.com> - 1.4.14-1
 - Update to 1.4.14 as first steop to migrating to 2.x