#1 [WIP] Upgrade to opendnssec 2.1.3
Opened 2 years ago by cheimes. Modified 2 years ago
rpms/ cheimes/opendnssec opendnssec2  into  master

file modified
+1

@@ -14,3 +14,4 @@ 

  /opendnssec-1.4.6.tar.gz

  /opendnssec-1.4.7.tar.gz

  /opendnssec-1.4.9.tar.gz

+ /opendnssec-2.1.3.tar.gz

@@ -1,95 +0,0 @@ 

- From e2bbb899195ea98b6b5f6c972ab764a53b387789 Mon Sep 17 00:00:00 2001

- From: Yuri Schaeffer <yuri@nlnetlabs.nl>

- Date: Fri, 4 Nov 2016 15:35:06 +0100

- Subject: [PATCH] HMAC_CTX_init deprecated in openssl-1.1.0

- 

- ---

-  m4/acx_ssl.m4                  | 12 +++++++++---

-  signer/src/Makefile.am         |  4 ++--

-  signer/src/wire/tsig-openssl.c | 15 ++++++++++++---

-  3 files changed, 23 insertions(+), 8 deletions(-)

- 

- diff --git a/m4/acx_ssl.m4 b/m4/acx_ssl.m4

- index 1dc6e40..3d64626 100644

- --- a/m4/acx_ssl.m4

- +++ b/m4/acx_ssl.m4

- @@ -35,12 +35,18 @@ AC_DEFUN([ACX_SSL], [

-              if test x_$ssldir = x_/usr/sfw; then

-                  SSL_LIBS="$SSL_LIBS -R$ssldir/lib";

-              fi

- -            AC_CHECK_LIB(crypto, HMAC_CTX_init,, [

- -                    AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])

- -            ])

- +            AC_CHECK_LIB(crypto, HMAC_CTX_reset, [

- +                    AC_DEFINE_UNQUOTED([HAVE_SSL_NEW_HMAC], [], [Define if you have the SSL libraries with new HMAC related functions.])

- +                    SSL_LIBS="$SSL_LIBS -lcrypto";

- +            ], [

- +                    AC_CHECK_LIB(crypto, HMAC_CTX_init,, [

- +                            AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])

- +                    ])

- +            ] )

-              AC_CHECK_FUNCS([EVP_sha1 EVP_sha256])

-          fi

-          AC_SUBST(HAVE_SSL)

- +        AC_SUBST(HAVE_SSL_NEW_HMAC)

-          AC_SUBST(SSL_INCLUDES)

-          AC_SUBST(SSL_LIBS)

-      fi

- diff --git a/signer/src/Makefile.am b/signer/src/Makefile.am

- index 60e8877..b39eac8 100644

- --- a/signer/src/Makefile.am

- +++ b/signer/src/Makefile.am

- @@ -133,7 +133,7 @@ ods_signer_SOURCES=		ods-signer.c \

-  				wire/xfrd.c wire/xfrd.h

-  

-  ods_signer_LDADD=		$(LIBHSM)

- -ods_signer_LDADD+=		@LDNS_LIBS@ @XML2_LIBS@ @RT_LIBS@

- +ods_signer_LDADD+=		@LDNS_LIBS@ @XML2_LIBS@ @RT_LIBS@ @SSL_LIBS@ 

-  ods_signer_LDADD+=		$(LIBCOMPAT)

-  

-  ods_getconf_SOURCES=		ods-getconf.c \

- @@ -193,5 +193,5 @@ ods_getconf_SOURCES=		ods-getconf.c \

-  				wire/xfrd.c wire/xfrd.h

-  

-  ods_getconf_LDADD=		$(LIBHSM)

- -ods_getconf_LDADD+=		@LDNS_LIBS@ @XML2_LIBS@ @RT_LIBS@

- +ods_getconf_LDADD+=		@SSL_LIBS@ @LDNS_LIBS@ @XML2_LIBS@ @RT_LIBS@

-  ods_getconf_LDADD+=		$(LIBCOMPAT)

- diff --git a/signer/src/wire/tsig-openssl.c b/signer/src/wire/tsig-openssl.c

- index c26b1e7..24fd342 100644

- --- a/signer/src/wire/tsig-openssl.c

- +++ b/signer/src/wire/tsig-openssl.c

- @@ -131,8 +131,11 @@ static void

-  cleanup_context(void *data)

-  {

-      HMAC_CTX* context = (HMAC_CTX*) data;

- +#ifdef HAVE_SSL_NEW_HMAC

- +    HMAC_CTX_free(context);

- +#else

-      HMAC_CTX_cleanup(context);

- -    return;

- +#endif

-  }

-  

-  static void

- @@ -155,9 +158,15 @@ context_add_cleanup(void* context)

-  static void*

-  create_context(allocator_type* allocator)

-  {

- -    HMAC_CTX* context = (HMAC_CTX*) allocator_alloc(allocator,

- -        sizeof(HMAC_CTX));

- +    HMAC_CTX* context;

- +#ifdef HAVE_SSL_NEW_HMAC

- +    context = HMAC_CTX_new();

- +    if (!context) return NULL;

- +    HMAC_CTX_reset(context);

- +#else

- +    context = (HMAC_CTX*) allocator_alloc(allocator, sizeof(HMAC_CTX));

-      HMAC_CTX_init(context);

- +#endif

-      context_add_cleanup(context);

-      return context;

-  }

- -- 

- 2.9.3

- 

@@ -1,13 +0,0 @@ 

- diff -Naur opendnssec-1.4.5-orig/signer/src/adapter/addns.c opendnssec-1.4.5/signer/src/adapter/addns.c

- --- opendnssec-1.4.5-orig/signer/src/adapter/addns.c	2014-03-25 06:45:44.000000000 +0000

- +++ opendnssec-1.4.5/signer/src/adapter/addns.c	2014-04-18 16:26:39.079974120 +0000

- @@ -243,7 +243,8 @@

-              tmp_serial =

-                  ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));

-              old_serial = adapi_get_serial(zone);

- -            if (!util_serial_gt(tmp_serial, old_serial)) {

- +            if (!util_serial_gt(tmp_serial, old_serial)

- +		&& zone->db->is_initialized) {

-                  ods_log_info("[%s] zone %s is already up to date, have "

-                      "serial %u, got serial %u", adapter_str, zone->name,

-                      old_serial, tmp_serial);

file modified
+8 -7

@@ -3,8 +3,8 @@ 

  

  Summary: DNSSEC key and zone management software

  Name: opendnssec

- Version: 1.4.9

- Release: 7%{?prever}%{?dist}

+ Version: 2.1.3

+ Release: 1%{?dist}

  License: BSD

  Url: http://www.opendnssec.org/

  Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz

@@ -15,9 +15,6 @@ 

  Source5: tmpfiles-opendnssec.conf

  Source6: opendnssec.cron

  

- # https://github.com/opendnssec/opendnssec/commit/cc8f1a06c8e1e8e62107fb70e5291e952fe22eb1

- Patch0:  opendnssec-1.4.13-openssl1.1.patch

- 

  Group: Applications/System

  Requires: opencryptoki, softhsm, systemd-units

  Requires: libxml2, libxslt sqlite

@@ -46,7 +43,6 @@ 

  

  %prep

  %setup -q -n %{name}-%{version}%{?prever}

- %patch0 -p1 -b .openssl110

  autoreconf -iv .

  # bump default policy ZSK keysize to 2048

  sed -i "s/1024/2048/" conf/kasp.xml.in

@@ -78,7 +74,7 @@ 

  mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/

  install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tmpfiles.d/opendnssec.conf

  mkdir -p %{buildroot}%{_localstatedir}/run/opendnssec

- cp enforcer/utils/migrate_1_4_8.sqlite3 %{buildroot}%{_datadir}/%{name}/

+ cp -r enforcer/utils/1.4-2.0_db_convert %{buildroot}%{_datadir}/%{name}/

  

  %files

  %{_unitdir}/ods-enforcerd.service

@@ -118,6 +114,7 @@ 

  fi

  

  # Migrate version 3 db to version 4 db

+ # TODO: run /usr/share/openddnssec/1.4-2.0_db_convert/convert_sqlite instead

  if [ "`%{_bindir}/sqlite3 %{_localstatedir}/%{name}/kasp.db 'select version from dbadmin;'`" != "4" ]; then

     %{_bindir}/sqlite3 %{_localstatedir}/%{name}/kasp.db < %{_datadir}/%{name}/migrate_1_4_8.sqlite3

  fi

@@ -136,6 +133,10 @@ 

  %systemd_postun_with_restart ods-signerd.service

  

  %changelog

+ * Tue Dec 12 2017 Christian Heimes <cheimes@redhat.com> - 2.1.3-1

+ - New release 2.1.3

+ - Resolves: rhbz#1470604

+ 

  * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.9-7

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

  

file modified
+1 -1

@@ -1,1 +1,1 @@ 

- 7d0c9e54d7ed36c6f6be9636997bea90  opendnssec-1.4.9.tar.gz

+ SHA512 (opendnssec-2.1.3.tar.gz) = 2d7dfb3a9d1d2256ba615378f9c1a04567e27b455bd76530fe6582eb58de66051ecbcb7a86ee0dcfa513d5affde41304243cbc5b9a6e3ecd98dd72a4b57fb060

Completely untested PR

TODO