From 29acd0c8273c50127695cb0e6e8ae6ec3aa3fabc Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Thu, 20 Jan 2022 17:34:47 +0100 Subject: [PATCH 01/23] Quote the expansion to keep newlines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Same fix as inĀ : https://github.com/zonemaster/zonemaster-backend/pull/945 https://github.com/zonemaster/zonemaster-cli/pull/251 --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index cf8c922..0d77bb1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,9 @@ perl: - "5.16" before_install: - - eval $(curl https://travis-perl.github.io/init) + # quoting preserves newlines in the script and then avoid error if the + # script contains comments + - eval "$(curl https://travis-perl.github.io/init)" - sudo apt-get install -y libidn11-dev - cpan-install --deps Devel::CheckLib Module::Install Module::Install::XSUtil From 8771f31146a84101c8a0a19e579acdd728bf7953 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Tue, 15 Feb 2022 17:30:54 +0100 Subject: [PATCH 02/23] Use libidn2 library The define IDNA_ACE_PREFIX is not defined in the idn2.h header. Therefore we use another define IDN2_OK to test that the lib is properly loaded. --- Makefile.PL | 9 ++++----- include/LDNS.h | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Makefile.PL b/Makefile.PL index dbf3e39..9724ad1 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -99,12 +99,11 @@ else { if ( $opt_idn ) { print "Feature idn enabled\n"; check_lib_or_exit( - lib => 'idn', - header => 'idna.h', + lib => 'idn2', + header => 'idn2.h', function => - 'if(strcmp(IDNA_ACE_PREFIX,"xn--")==0) return 0; else return 1;' - ); - cc_libs 'idn'; + 'return IDN2_OK;'); + cc_libs 'idn2'; cc_define '-DWE_CAN_HAZ_IDN'; } else { diff --git a/include/LDNS.h b/include/LDNS.h index 53bfb29..9de985a 100644 --- a/include/LDNS.h +++ b/include/LDNS.h @@ -13,7 +13,7 @@ #include #ifdef WE_CAN_HAZ_IDN -#include +#include #endif /* ldns 1.6.17 does not have this in its header files, but it is in the published documentation and we need it */ From 2e564b8eee5de22e202d98ceee5b0425bd526e85 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Tue, 15 Feb 2022 17:36:32 +0100 Subject: [PATCH 03/23] Convert to the IDN2 API https://libidn.gitlab.io/libidn2/manual/libidn2.html#Converting-from-libidn --- src/LDNS.xs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/LDNS.xs b/src/LDNS.xs index f2e8c98..1144eb1 100644 --- a/src/LDNS.xs +++ b/src/LDNS.xs @@ -18,8 +18,8 @@ to_idn(...) if (SvPOK(ST(i))) { - status = idna_to_ascii_8z(SvPVutf8_nolen(obj), &out, IDNA_ALLOW_UNASSIGNED); - if (status == IDNA_SUCCESS) + status = idn2_to_ascii_8z(SvPVutf8_nolen(obj), &out, IDN2_ALLOW_UNASSIGNED); + if (status == IDN2_OK) { SV *new = newSVpv(out,0); SvUTF8_on(new); /* We know the string is plain ASCII, so let Perl know too */ @@ -28,7 +28,7 @@ to_idn(...) } else { - croak("Error: %s\n", idna_strerror(status)); + croak("Error: %s\n", idn2_strerror(status)); } } } From 2dfb8e3e00fdb5666425ac1424e6ef2a9ea4f3c7 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Tue, 15 Feb 2022 17:41:02 +0100 Subject: [PATCH 04/23] Update documentation --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 265a65e..3fb02b8 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Initially this module was named Net::LDNS. Run-time dependencies: * `openssl` (openssl >= 1.1.1 unless [Ed25519] is disabled) - * `libidn` (if [IDN] is enabled) + * `libidn2` (if [IDN] is enabled) * `libldns` (if [Internal ldns] is disabled; libldns >= 1.7.0, or libldns >= 1.7.1 if [Ed25519] is enabled) @@ -139,7 +139,7 @@ Requires support for Ed25519 in both openssl and ldns. Enabled by default. Disable with `--no-idn`. -If the IDN feature is enabled, the GNU `libidn` library will be used to +If the IDN feature is enabled, the GNU `libidn2` library will be used to add a simple function that converts strings from Perl's internal encoding to IDNA domain name format. In order to convert strings from whatever encoding you have to Perl's From 18a9b6c9ce3efdb3a4dee6a7a02297d5ddbbac0a Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Tue, 15 Feb 2022 17:49:11 +0100 Subject: [PATCH 05/23] Update Travis config to download libidn2-dev And not libidn11-dev anymore --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 0d77bb1..acf1408 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,7 +16,7 @@ before_install: # quoting preserves newlines in the script and then avoid error if the # script contains comments - eval "$(curl https://travis-perl.github.io/init)" - - sudo apt-get install -y libidn11-dev + - sudo apt-get install -y libidn2-dev - cpan-install --deps Devel::CheckLib Module::Install Module::Install::XSUtil install: From 0d9681c14cd414d9abc38bf759ea1035305a19e7 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Wed, 16 Feb 2022 10:23:55 +0100 Subject: [PATCH 06/23] Update DNS data used in tests The `se` and `nic.se` zones have evolved a little. The tests made over the network using these zones have been slightly updated to fix errors and be aligned with current zone configuration. --- t/rr.t | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/t/rr.t b/t/rr.t index b13e935..9b7aa66 100644 --- a/t/rr.t +++ b/t/rr.t @@ -103,8 +103,8 @@ subtest 'DNSKEY' => sub { isa_ok( $rr, 'Zonemaster::LDNS::RR::DNSKEY' ); ok( $rr->flags == 256 or $rr->flags == 257 ); is( $rr->protocol, 3 ); - # Alg 8 will replace 5. Now (December 2017) both are used. - ok( $rr->algorithm == 5 or $rr->algorithm == 8 ); + # Alg 8 has replaced 5. Now (February 2022) only alg 8 is used. + ok( $rr->algorithm == 8 ); } } }; @@ -122,9 +122,9 @@ subtest 'RRSIG' => sub { is( $rr->signer, 'se.' ); is( $rr->labels, 1 ); if ( $rr->typecovered eq 'DNSKEY' ) { - # .SE KSK should not change very often. 59407 will replace 59747. - # Now (December 2017) both are used. - ok( $rr->keytag == 59747 or $rr->keytag == 59407 ); + # .SE KSK should not change very often. 59407 has replaced 59747. + # Now (February 2022) only 59407 is used. + ok( $rr->keytag == 59407 ); } } } @@ -172,19 +172,17 @@ subtest 'DS' => sub { my $pd = $se->query( 'nic.se', 'DS' ); plan skip_all => 'No response, cannot test' if not $pd; + # As of February 2022, new KSK with keytag 22643 and algo 13 is used my $nic_key = Zonemaster::LDNS::RR->new( - 'nic.se IN DNSKEY 257 3 5 AwEAAdhJAx197qFpGGXuQn8XH0tQpQSfjvLKMcreRvJyO+f3F3weIHR3 6E8DObolHFp+m1YkxsgnHYjUFN4E9sKa38ZXU0oHTSsB3adExJkINA/t INDlKrzUDn4cIbyUCqHNGe0et+lHmjmfZdj62GJlHgVmxizYkoBd7Rg0 wxzEOo7CA3ZadaHuqmVJ2HvqRCoe+5NDsYpnDia7WggvLTe0vorV6kDc u6d5N9AUPwBsR7YUkbetfXMtUebux71kHCGUJdmzp84MeDi9wXYIssjR oTC5wUF2H3I2Mnj5GqdyBwQCdj5otFbRAx3jiMD+ROxXJxOFdFq7fWi1 yPqUf1jpJ+8=' + 'nic.se IN DNSKEY 257 3 13 lkpZSlU70pd1LHrXqZttOAYKmX046YqYQg1aQJsv1y0xKr+qJS+3Ue1tM5VCYPU3lKuzq93nz0Lm/AV9jeoumQ==' ); my $made = Zonemaster::LDNS::RR->new_from_string( 'nic.se IN NS a.ns.se' ); foreach my $rr ( $pd->answer ) { isa_ok( $rr, 'Zonemaster::LDNS::RR::DS' ); - is( $rr->keytag, 16696 ); - is( $rr->algorithm, 5 ); + is( $rr->keytag, 22643 ); + is( $rr->algorithm, 13 ); ok( $rr->digtype == 1 or $rr->digtype == 2 ); - ok( - $rr->hexdigest eq '40079ddf8d09e7f10bb248a69b6630478a28ef969dde399f95bc3b39f8cbacd7' - or $rr->hexdigest eq 'ef5d421412a5eaf1230071affd4f585e3b2b1a60' - ); + ok( $rr->hexdigest eq 'aa0b38f6755c2777992a74935d50a2a3480effef1a60bf8643d12c307465c9da' ); ok( $rr->verify( $nic_key ), 'derived from expected DNSKEY' ); ok( !$rr->verify( $made ), 'does not match a non-DS non-DNSKEY record' ); } From b6a937e900875f5c3eb810b5e7aefef5fce8e3b5 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Tue, 1 Mar 2022 12:50:27 +0100 Subject: [PATCH 07/23] Options to provide OpenSSL distinct inc/lib paths Allow passing distinct OpenSSL paths for include and library files when configuring LDNS. --- Makefile.PL | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/Makefile.PL b/Makefile.PL index dbf3e39..ce5ce79 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -19,12 +19,16 @@ my $opt_idn = 1; my $opt_internal_ldns = 1; my $opt_randomize = 0; my $opt_prefix_openssl = ""; +my $opt_openssl_inc = ""; +my $opt_openssl_lib = ""; GetOptions( 'ed25519!' => \$opt_ed25519, 'idn!' => \$opt_idn, 'internal-ldns!' => \$opt_internal_ldns, 'randomize!' => \$opt_randomize, 'prefix-openssl=s' => \$opt_prefix_openssl, + 'openssl-inc=s' => \$opt_openssl_inc, + 'openssl-lib=s' => \$opt_openssl_lib, ); configure_requires 'Devel::CheckLib'; @@ -42,12 +46,31 @@ cc_src_paths 'src'; # OpenSSL my %assert_lib_args_openssl; -if ( $opt_prefix_openssl ) { - print "Custom prefix for OpenSSL: $opt_prefix_openssl\n"; - cc_include_paths "$opt_prefix_openssl/include"; - cc_libs "-L$opt_prefix_openssl/lib", "crypto"; - $assert_lib_args_openssl{incpath} = "$opt_prefix_openssl/include"; - $assert_lib_args_openssl{libpath} = "$opt_prefix_openssl/lib"; +my $custom_openssl = ( $opt_prefix_openssl or $opt_openssl_inc or $opt_openssl_lib ); +if ( $custom_openssl ) { + my $openssl_incpath = ""; + my $openssl_libpath = ""; + + if ( $opt_prefix_openssl ) { + print "Custom prefix for OpenSSL: $opt_prefix_openssl\n"; + $openssl_incpath = "$opt_prefix_openssl/include"; + $openssl_libpath = "$opt_prefix_openssl/lib"; + } + + if ( $opt_openssl_inc ) { + print "Custom include directory for OpenSSL: $opt_openssl_inc\n"; + $openssl_incpath = "$opt_openssl_inc"; + } + + if ( $opt_openssl_lib ) { + print "Custom library directory for OpenSSL: $opt_openssl_lib\n"; + $openssl_libpath = "$opt_openssl_lib"; + } + + cc_include_paths "$openssl_incpath"; + cc_libs "-L$openssl_libpath", "crypto"; + $assert_lib_args_openssl{incpath} = "$openssl_incpath"; + $assert_lib_args_openssl{libpath} = "$openssl_libpath"; } else { cc_libs 'crypto'; From 97576ce64e59eaf185b91559b1ffd5ad11ef96f7 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Thu, 3 Mar 2022 16:22:59 +0100 Subject: [PATCH 08/23] Pass custom OpenSSL paths to LDNS C compiler --- Makefile.PL | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/Makefile.PL b/Makefile.PL index ce5ce79..e62b637 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -179,11 +179,18 @@ CONFIGURE_FLAGS += --disable-ldns-config --disable-dane END_CONFIGURE_FLAGS - my $openssl_make = < Date: Tue, 1 Mar 2022 13:50:41 +0100 Subject: [PATCH 09/23] Add POD for optional features --- Makefile.PL | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/Makefile.PL b/Makefile.PL index e62b637..b000fb0 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -14,6 +14,51 @@ all_from 'lib/Zonemaster/LDNS.pm'; repository 'https://github.com/zonemaster/zonemaster-ldns'; bugtracker 'https://github.com/zonemaster/zonemaster-ldns/issues'; +=head1 Optional features + +=over + +=item --[no-]ed25519 + +Requires (or disable) support for Ed25519 in both openssl and ldns. +Enabled by default. + +=item --[no-]idn + +Requires (or disable) support for GNU libidn library to add a simple function +that converts strings from Perl's internal encoding to IDNA domain name format. +Enabled by default. + +=item --[no-]internal-ldns + +Statically or dynamically link the LDNS library to Zonemaster::LDNS. +Enabled by default (the library is statically linked). + +=item --[no-]randomize + +Experimental. +Randomizes the capitalization of returned domain names. +Enabled by default. + +=item --prefix-openssl=PATH + +Search for OpenSSL include and library in PATH. +The LDNS script will look for an "include" and a "lib" folder. + +=item --openssl-inc=PATH + +Search for OpenSSL include in PATH. +The PATH is passed to the LDNS compiler via the CFLAGS variable. + +=item --openssl-lib=PATH + +Search for OpenSSL library in PATH. +The PATH is passed to the LDNS compiler via the LDFLAGS variable. + +=back + +=cut + my $opt_ed25519 = 1; my $opt_idn = 1; my $opt_internal_ldns = 1; From 9e46c8d6471b9a65ce952bc43860dfe2a568304e Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Wed, 16 Feb 2022 10:23:55 +0100 Subject: [PATCH 10/23] Update DNS data used in tests The `se` and `nic.se` zones have evolved a little. The tests made over the network using these zones have been slightly updated to fix errors and be aligned with current zone configuration. --- t/rr.t | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/t/rr.t b/t/rr.t index b13e935..9b7aa66 100644 --- a/t/rr.t +++ b/t/rr.t @@ -103,8 +103,8 @@ subtest 'DNSKEY' => sub { isa_ok( $rr, 'Zonemaster::LDNS::RR::DNSKEY' ); ok( $rr->flags == 256 or $rr->flags == 257 ); is( $rr->protocol, 3 ); - # Alg 8 will replace 5. Now (December 2017) both are used. - ok( $rr->algorithm == 5 or $rr->algorithm == 8 ); + # Alg 8 has replaced 5. Now (February 2022) only alg 8 is used. + ok( $rr->algorithm == 8 ); } } }; @@ -122,9 +122,9 @@ subtest 'RRSIG' => sub { is( $rr->signer, 'se.' ); is( $rr->labels, 1 ); if ( $rr->typecovered eq 'DNSKEY' ) { - # .SE KSK should not change very often. 59407 will replace 59747. - # Now (December 2017) both are used. - ok( $rr->keytag == 59747 or $rr->keytag == 59407 ); + # .SE KSK should not change very often. 59407 has replaced 59747. + # Now (February 2022) only 59407 is used. + ok( $rr->keytag == 59407 ); } } } @@ -172,19 +172,17 @@ subtest 'DS' => sub { my $pd = $se->query( 'nic.se', 'DS' ); plan skip_all => 'No response, cannot test' if not $pd; + # As of February 2022, new KSK with keytag 22643 and algo 13 is used my $nic_key = Zonemaster::LDNS::RR->new( - 'nic.se IN DNSKEY 257 3 5 AwEAAdhJAx197qFpGGXuQn8XH0tQpQSfjvLKMcreRvJyO+f3F3weIHR3 6E8DObolHFp+m1YkxsgnHYjUFN4E9sKa38ZXU0oHTSsB3adExJkINA/t INDlKrzUDn4cIbyUCqHNGe0et+lHmjmfZdj62GJlHgVmxizYkoBd7Rg0 wxzEOo7CA3ZadaHuqmVJ2HvqRCoe+5NDsYpnDia7WggvLTe0vorV6kDc u6d5N9AUPwBsR7YUkbetfXMtUebux71kHCGUJdmzp84MeDi9wXYIssjR oTC5wUF2H3I2Mnj5GqdyBwQCdj5otFbRAx3jiMD+ROxXJxOFdFq7fWi1 yPqUf1jpJ+8=' + 'nic.se IN DNSKEY 257 3 13 lkpZSlU70pd1LHrXqZttOAYKmX046YqYQg1aQJsv1y0xKr+qJS+3Ue1tM5VCYPU3lKuzq93nz0Lm/AV9jeoumQ==' ); my $made = Zonemaster::LDNS::RR->new_from_string( 'nic.se IN NS a.ns.se' ); foreach my $rr ( $pd->answer ) { isa_ok( $rr, 'Zonemaster::LDNS::RR::DS' ); - is( $rr->keytag, 16696 ); - is( $rr->algorithm, 5 ); + is( $rr->keytag, 22643 ); + is( $rr->algorithm, 13 ); ok( $rr->digtype == 1 or $rr->digtype == 2 ); - ok( - $rr->hexdigest eq '40079ddf8d09e7f10bb248a69b6630478a28ef969dde399f95bc3b39f8cbacd7' - or $rr->hexdigest eq 'ef5d421412a5eaf1230071affd4f585e3b2b1a60' - ); + ok( $rr->hexdigest eq 'aa0b38f6755c2777992a74935d50a2a3480effef1a60bf8643d12c307465c9da' ); ok( $rr->verify( $nic_key ), 'derived from expected DNSKEY' ); ok( !$rr->verify( $made ), 'does not match a non-DS non-DNSKEY record' ); } From 9d23ca9ba8b58cda410655847ba1496fa59583d8 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Mon, 7 Mar 2022 13:59:23 +0100 Subject: [PATCH 11/23] Editorial updates --- Makefile.PL | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Makefile.PL b/Makefile.PL index b000fb0..5d24f29 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -20,19 +20,21 @@ bugtracker 'https://github.com/zonemaster/zonemaster-ldns/issues'; =item --[no-]ed25519 -Requires (or disable) support for Ed25519 in both openssl and ldns. +Enable (or disable) support for Ed25519 in both openssl and ldns. Enabled by default. =item --[no-]idn -Requires (or disable) support for GNU libidn library to add a simple function -that converts strings from Perl's internal encoding to IDNA domain name format. +Enable (or disable) support for converting domain names from unicode to A-label +format. Enabled by default. =item --[no-]internal-ldns -Statically or dynamically link the LDNS library to Zonemaster::LDNS. -Enabled by default (the library is statically linked). +When enabled, an included version of ldns is statically linked into +Zonemaster::LDNS. +When disabled, libldns is dynamically linked just like other dependencies. +Enabled by default. =item --[no-]randomize @@ -42,7 +44,7 @@ Enabled by default. =item --prefix-openssl=PATH -Search for OpenSSL include and library in PATH. +Search for OpenSSL headers and libraries in PATH. The LDNS script will look for an "include" and a "lib" folder. =item --openssl-inc=PATH From 156cca2a78801ad6b04f796825565d4a705f23e4 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Thu, 7 Apr 2022 12:00:17 +0200 Subject: [PATCH 12/23] Fix default value in documentation --- Makefile.PL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.PL b/Makefile.PL index 5d24f29..fda9a5c 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -40,7 +40,7 @@ Enabled by default. Experimental. Randomizes the capitalization of returned domain names. -Enabled by default. +Disabled by default. =item --prefix-openssl=PATH From 580888fc4b84f0eeb5a07f596eac5cb10eb3ce8b Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Thu, 7 Apr 2022 12:06:39 +0200 Subject: [PATCH 13/23] Document new OpenSSL options in README --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 265a65e..65830c7 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,8 @@ Randomizes the capitalization of returned domain names. ### Custom OpenSSL Disabled by default. -Enabled with `--prefix-openssl=/path/to/openssl`. +Enabled with `--prefix-openssl=/path/to/openssl` or +`--openssl-inc=/path/to/openssl_inc` or `--openssl-lib=/path/to/openssl_lib` Enabling this makes the build tools look for OpenSSL in a non-standard place. @@ -185,6 +186,10 @@ Technically this does two things: > **Note:** The `lib` directory under the given path must be known to the > dynamic linker or feature checks will fail. +If both headers and libraries directories (`include` and `lib`) are not in the +same parent directory, use `--openssl-inc` and `--openssl-lib` options to +specify both paths. + [DNS::LDNS]: http://search.cpan.org/~erikoest/DNS-LDNS/ [Docker Hub]: https://hub.docker.com/u/zonemaster From f39abb9ccc2676254a3e86251fa5b207d8a6d19d Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Thu, 7 Apr 2022 12:09:25 +0200 Subject: [PATCH 14/23] Update documentation --- Makefile.PL | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile.PL b/Makefile.PL index fda9a5c..7cdba8a 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -25,8 +25,9 @@ Enabled by default. =item --[no-]idn -Enable (or disable) support for converting domain names from unicode to A-label -format. +Enable (or disable) support for converting IDN labels in U-label format (with +non-ASCII Unicode characters) to the same IDN labels in A-label format (encoded +in ASCII). Enabled by default. =item --[no-]internal-ldns From a97450cd6546cb035865440c36fdec794049f8aa Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Wed, 27 Apr 2022 16:46:20 +0200 Subject: [PATCH 15/23] Update Docker dependencies --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 16d0168..2d5a928 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apk add --no-cache \ # Compile-time dependencies build-base \ ldns-dev \ - libidn-dev \ + libidn2-dev \ make \ openssl-dev \ perl-app-cpanminus \ @@ -32,5 +32,5 @@ COPY --from=build /usr/local/lib/perl5/site_perl/Zonemaster /usr/local/lib/perl5 RUN apk add --no-cache \ # Run-time dependencies ldns \ - libidn \ + libidn2 \ perl From 5817b761782c38ea25ed8f4e2f9a4225a2820bfe Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Thu, 28 Apr 2022 10:48:38 +0200 Subject: [PATCH 16/23] Replace references to "libidn" with "libidn2" --- lib/Zonemaster/LDNS.pm | 4 ++-- src/LDNS.xs | 2 +- t/idn.t | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/Zonemaster/LDNS.pm b/lib/Zonemaster/LDNS.pm index dc8ca88..a9fa3a8 100644 --- a/lib/Zonemaster/LDNS.pm +++ b/lib/Zonemaster/LDNS.pm @@ -46,12 +46,12 @@ labels converted to A-labels unless they are already in ASCII. Assumes that the strings have been converted to Perl's internal encoding before it's called. Can be exported, but is not by default. -This function requires that GNU libidn was present when L was +This function requires that GNU libidn2 was present when L was compiled. If not, calling C will result in an exception getting thrown. =item has_idn() -Takes no arguments. Returns true if libidn was present at compilation, false if not. +Takes no arguments. Returns true if libidn2 was present at compilation, false if not. =item has_gost() diff --git a/src/LDNS.xs b/src/LDNS.xs index 1144eb1..becb907 100644 --- a/src/LDNS.xs +++ b/src/LDNS.xs @@ -33,7 +33,7 @@ to_idn(...) } } #else - croak("libidn not installed"); + croak("libidn2 not installed"); #endif } diff --git a/t/idn.t b/t/idn.t index 86c16c7..a00dd10 100644 --- a/t/idn.t +++ b/t/idn.t @@ -7,7 +7,7 @@ use utf8; BEGIN { use_ok( "Zonemaster::LDNS" => qw[:all] ) } no warnings 'uninitialized'; -if (exception {to_idn("whatever")} =~ /libidn not installed/) { +if (exception {to_idn("whatever")} =~ /libidn2 not installed/) { ok(!has_idn(), 'No IDN'); done_testing; exit; From ac30ed5ae476e7b0c1fe5b096cdd1c60f9403327 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Mon, 2 May 2022 06:44:02 +0200 Subject: [PATCH 17/23] Travis: use Ubuntu 20.04 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index acf1408..3087636 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,4 @@ -dist: bionic +dist: focal env: - TEST_WITH_NETWORK=1 From d889cdf591cc87724304fdb5413b90a5988cd2f5 Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Mon, 2 May 2022 07:14:43 +0200 Subject: [PATCH 18/23] Fix unfound Perl version Travis automatically fetches a tarball based on provided Perl version. Sometimes there is no tarball available for a generic version (error 404). --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3087636..290ca43 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,12 +5,12 @@ env: language: perl perl: - - "5.30" + - "5.30.2" - "5.28" - "5.26" - "5.24" - "5.22" - - "5.16" + - "5.14.4" before_install: # quoting preserves newlines in the script and then avoid error if the From 1de8f843597fd8462a3e0a9e5884fed34567193b Mon Sep 17 00:00:00 2001 From: Alexandre Pion Date: Mon, 2 May 2022 11:02:43 +0200 Subject: [PATCH 19/23] Update matrix of supported Perl versions * Keep only the Perl versions provided on the supported OS. * Add Perl 5.32 --- .travis.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 290ca43..1875fc7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,11 +5,9 @@ env: language: perl perl: + - "5.32" - "5.30.2" - - "5.28" - "5.26" - - "5.24" - - "5.22" - "5.14.4" before_install: From 8bb0c91e6d1c29a2dc904e7dc42d065914b43166 Mon Sep 17 00:00:00 2001 From: Mats Dufberg Date: Wed, 8 Jun 2022 16:26:18 +0200 Subject: [PATCH 20/23] Adds changes for v2.3.0 --- Changes | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Changes b/Changes index 9042bec..1fbbd6e 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,14 @@ Release history for Zonemaster component Zonemaster-LDNS +2.3.0 2022-06-09 + + [Features] + - Gives more freedom when configuring (#134, #129, #96) + - Replaces libidn with libidn2 (#133, #131) + + [Fixes] + - Clarifies README on --ed25519 (#142) + 2.2.1 2021-12-03 [Features] From 2fe03a1ed1dfd45dbc84b63d29f83aa43ed4b517 Mon Sep 17 00:00:00 2001 From: Mats Dufberg Date: Wed, 8 Jun 2022 16:27:10 +0200 Subject: [PATCH 21/23] Sets new version v2.3.0 --- lib/Zonemaster/LDNS.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Zonemaster/LDNS.pm b/lib/Zonemaster/LDNS.pm index a9fa3a8..652c999 100644 --- a/lib/Zonemaster/LDNS.pm +++ b/lib/Zonemaster/LDNS.pm @@ -2,7 +2,7 @@ package Zonemaster::LDNS; use 5.014; -our $VERSION = '2.2.1'; +our $VERSION = '2.3.0'; use parent 'Exporter'; our @EXPORT_OK = qw[to_idn has_idn ldns_version load_zonefile]; From a78fb471afc68f1c477b11a2e15be5900f5a5d4b Mon Sep 17 00:00:00 2001 From: Mats Dufberg Date: Thu, 9 Jun 2022 14:47:20 +0200 Subject: [PATCH 22/23] Set version to 2.2.2 instead --- Changes | 2 +- lib/Zonemaster/LDNS.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Changes b/Changes index 1fbbd6e..972d85f 100644 --- a/Changes +++ b/Changes @@ -1,6 +1,6 @@ Release history for Zonemaster component Zonemaster-LDNS -2.3.0 2022-06-09 +2.2.2 2022-06-09 [Features] - Gives more freedom when configuring (#134, #129, #96) diff --git a/lib/Zonemaster/LDNS.pm b/lib/Zonemaster/LDNS.pm index 652c999..1bea10b 100644 --- a/lib/Zonemaster/LDNS.pm +++ b/lib/Zonemaster/LDNS.pm @@ -2,7 +2,7 @@ package Zonemaster::LDNS; use 5.014; -our $VERSION = '2.3.0'; +our $VERSION = '2.2.2'; use parent 'Exporter'; our @EXPORT_OK = qw[to_idn has_idn ldns_version load_zonefile]; From fe52d0a06ec4f9d0b3a3c0530020e224bf3d9cbd Mon Sep 17 00:00:00 2001 From: Mats Dufberg Date: Thu, 9 Jun 2022 21:45:02 +0200 Subject: [PATCH 23/23] Update_master_to_state_of_develop --- .travis.yml | 16 +++--- Changes | 9 ++++ Dockerfile | 4 +- Makefile.PL | 107 +++++++++++++++++++++++++++++++++++------ README.md | 16 ++++-- include/LDNS.h | 2 +- lib/Zonemaster/LDNS.pm | 6 +-- src/LDNS.xs | 8 +-- t/idn.t | 2 +- t/rr.t | 22 ++++----- 10 files changed, 142 insertions(+), 50 deletions(-) diff --git a/.travis.yml b/.travis.yml index cf8c922..1875fc7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,20 +1,20 @@ -dist: bionic +dist: focal env: - TEST_WITH_NETWORK=1 language: perl perl: - - "5.30" - - "5.28" + - "5.32" + - "5.30.2" - "5.26" - - "5.24" - - "5.22" - - "5.16" + - "5.14.4" before_install: - - eval $(curl https://travis-perl.github.io/init) - - sudo apt-get install -y libidn11-dev + # quoting preserves newlines in the script and then avoid error if the + # script contains comments + - eval "$(curl https://travis-perl.github.io/init)" + - sudo apt-get install -y libidn2-dev - cpan-install --deps Devel::CheckLib Module::Install Module::Install::XSUtil install: diff --git a/Changes b/Changes index 9042bec..972d85f 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,14 @@ Release history for Zonemaster component Zonemaster-LDNS +2.2.2 2022-06-09 + + [Features] + - Gives more freedom when configuring (#134, #129, #96) + - Replaces libidn with libidn2 (#133, #131) + + [Fixes] + - Clarifies README on --ed25519 (#142) + 2.2.1 2021-12-03 [Features] diff --git a/Dockerfile b/Dockerfile index 16d0168..2d5a928 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apk add --no-cache \ # Compile-time dependencies build-base \ ldns-dev \ - libidn-dev \ + libidn2-dev \ make \ openssl-dev \ perl-app-cpanminus \ @@ -32,5 +32,5 @@ COPY --from=build /usr/local/lib/perl5/site_perl/Zonemaster /usr/local/lib/perl5 RUN apk add --no-cache \ # Run-time dependencies ldns \ - libidn \ + libidn2 \ perl diff --git a/Makefile.PL b/Makefile.PL index dbf3e39..cf5c342 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -14,17 +14,69 @@ all_from 'lib/Zonemaster/LDNS.pm'; repository 'https://github.com/zonemaster/zonemaster-ldns'; bugtracker 'https://github.com/zonemaster/zonemaster-ldns/issues'; +=head1 Optional features + +=over + +=item --[no-]ed25519 + +Enable (or disable) support for Ed25519 in both openssl and ldns. +Enabled by default. + +=item --[no-]idn + +Enable (or disable) support for converting IDN labels in U-label format (with +non-ASCII Unicode characters) to the same IDN labels in A-label format (encoded +in ASCII). +Enabled by default. + +=item --[no-]internal-ldns + +When enabled, an included version of ldns is statically linked into +Zonemaster::LDNS. +When disabled, libldns is dynamically linked just like other dependencies. +Enabled by default. + +=item --[no-]randomize + +Experimental. +Randomizes the capitalization of returned domain names. +Disabled by default. + +=item --prefix-openssl=PATH + +Search for OpenSSL headers and libraries in PATH. +The LDNS script will look for an "include" and a "lib" folder. + +=item --openssl-inc=PATH + +Search for OpenSSL include in PATH. +The PATH is passed to the LDNS compiler via the CFLAGS variable. + +=item --openssl-lib=PATH + +Search for OpenSSL library in PATH. +The PATH is passed to the LDNS compiler via the LDFLAGS variable. + +=back + +=cut + my $opt_ed25519 = 1; my $opt_idn = 1; my $opt_internal_ldns = 1; my $opt_randomize = 0; my $opt_prefix_openssl = ""; +my $opt_openssl_inc = ""; +my $opt_openssl_lib = ""; GetOptions( 'ed25519!' => \$opt_ed25519, 'idn!' => \$opt_idn, 'internal-ldns!' => \$opt_internal_ldns, 'randomize!' => \$opt_randomize, 'prefix-openssl=s' => \$opt_prefix_openssl, + 'openssl-inc=s' => \$opt_openssl_inc, + 'openssl-lib=s' => \$opt_openssl_lib, ); configure_requires 'Devel::CheckLib'; @@ -42,12 +94,31 @@ cc_src_paths 'src'; # OpenSSL my %assert_lib_args_openssl; -if ( $opt_prefix_openssl ) { - print "Custom prefix for OpenSSL: $opt_prefix_openssl\n"; - cc_include_paths "$opt_prefix_openssl/include"; - cc_libs "-L$opt_prefix_openssl/lib", "crypto"; - $assert_lib_args_openssl{incpath} = "$opt_prefix_openssl/include"; - $assert_lib_args_openssl{libpath} = "$opt_prefix_openssl/lib"; +my $custom_openssl = ( $opt_prefix_openssl or $opt_openssl_inc or $opt_openssl_lib ); +if ( $custom_openssl ) { + my $openssl_incpath = ""; + my $openssl_libpath = ""; + + if ( $opt_prefix_openssl ) { + print "Custom prefix for OpenSSL: $opt_prefix_openssl\n"; + $openssl_incpath = "$opt_prefix_openssl/include"; + $openssl_libpath = "$opt_prefix_openssl/lib"; + } + + if ( $opt_openssl_inc ) { + print "Custom include directory for OpenSSL: $opt_openssl_inc\n"; + $openssl_incpath = "$opt_openssl_inc"; + } + + if ( $opt_openssl_lib ) { + print "Custom library directory for OpenSSL: $opt_openssl_lib\n"; + $openssl_libpath = "$opt_openssl_lib"; + } + + cc_include_paths "$openssl_incpath"; + cc_libs "-L$openssl_libpath", "crypto"; + $assert_lib_args_openssl{incpath} = "$openssl_incpath"; + $assert_lib_args_openssl{libpath} = "$openssl_libpath"; } else { cc_libs 'crypto'; @@ -99,12 +170,11 @@ else { if ( $opt_idn ) { print "Feature idn enabled\n"; check_lib_or_exit( - lib => 'idn', - header => 'idna.h', + lib => 'idn2', + header => 'idn2.h', function => - 'if(strcmp(IDNA_ACE_PREFIX,"xn--")==0) return 0; else return 1;' - ); - cc_libs 'idn'; + 'return IDN2_OK;'); + cc_libs 'idn2'; cc_define '-DWE_CAN_HAZ_IDN'; } else { @@ -156,11 +226,18 @@ CONFIGURE_FLAGS += --disable-ldns-config --disable-dane END_CONFIGURE_FLAGS - my $openssl_make = <= 1.1.1 unless [Ed25519] is disabled) - * `libidn` (if [IDN] is enabled) + * `libidn2` (if [IDN] is enabled) * `libldns` (if [Internal ldns] is disabled; libldns >= 1.7.0, or libldns >= 1.7.1 if [Ed25519] is enabled) @@ -127,11 +127,12 @@ commands. Enabled by default. Disabled with `--no-ed25519` -Requires support for Ed25519 in both openssl and ldns. +Requires support for algorithms Ed25519 and Ed448 in both openssl and ldns. > > *Note:* Zonemaster Engine relies on this feature for its analysis when Ed25519 -> (algorithm 15) is being used in DNS records. +> (DNSKEY algorithm 15) or Ed448 (DNSKEY algorithm 16) is being used in DNSSEC +> signatures. > ### IDN @@ -139,7 +140,7 @@ Requires support for Ed25519 in both openssl and ldns. Enabled by default. Disable with `--no-idn`. -If the IDN feature is enabled, the GNU `libidn` library will be used to +If the IDN feature is enabled, the GNU `libidn2` library will be used to add a simple function that converts strings from Perl's internal encoding to IDNA domain name format. In order to convert strings from whatever encoding you have to Perl's @@ -173,7 +174,8 @@ Randomizes the capitalization of returned domain names. ### Custom OpenSSL Disabled by default. -Enabled with `--prefix-openssl=/path/to/openssl`. +Enabled with `--prefix-openssl=/path/to/openssl` or +`--openssl-inc=/path/to/openssl_inc` or `--openssl-lib=/path/to/openssl_lib` Enabling this makes the build tools look for OpenSSL in a non-standard place. @@ -185,6 +187,10 @@ Technically this does two things: > **Note:** The `lib` directory under the given path must be known to the > dynamic linker or feature checks will fail. +If both headers and libraries directories (`include` and `lib`) are not in the +same parent directory, use `--openssl-inc` and `--openssl-lib` options to +specify both paths. + [DNS::LDNS]: http://search.cpan.org/~erikoest/DNS-LDNS/ [Docker Hub]: https://hub.docker.com/u/zonemaster diff --git a/include/LDNS.h b/include/LDNS.h index 53bfb29..9de985a 100644 --- a/include/LDNS.h +++ b/include/LDNS.h @@ -13,7 +13,7 @@ #include #ifdef WE_CAN_HAZ_IDN -#include +#include #endif /* ldns 1.6.17 does not have this in its header files, but it is in the published documentation and we need it */ diff --git a/lib/Zonemaster/LDNS.pm b/lib/Zonemaster/LDNS.pm index dc8ca88..1bea10b 100644 --- a/lib/Zonemaster/LDNS.pm +++ b/lib/Zonemaster/LDNS.pm @@ -2,7 +2,7 @@ package Zonemaster::LDNS; use 5.014; -our $VERSION = '2.2.1'; +our $VERSION = '2.2.2'; use parent 'Exporter'; our @EXPORT_OK = qw[to_idn has_idn ldns_version load_zonefile]; @@ -46,12 +46,12 @@ labels converted to A-labels unless they are already in ASCII. Assumes that the strings have been converted to Perl's internal encoding before it's called. Can be exported, but is not by default. -This function requires that GNU libidn was present when L was +This function requires that GNU libidn2 was present when L was compiled. If not, calling C will result in an exception getting thrown. =item has_idn() -Takes no arguments. Returns true if libidn was present at compilation, false if not. +Takes no arguments. Returns true if libidn2 was present at compilation, false if not. =item has_gost() diff --git a/src/LDNS.xs b/src/LDNS.xs index f2e8c98..becb907 100644 --- a/src/LDNS.xs +++ b/src/LDNS.xs @@ -18,8 +18,8 @@ to_idn(...) if (SvPOK(ST(i))) { - status = idna_to_ascii_8z(SvPVutf8_nolen(obj), &out, IDNA_ALLOW_UNASSIGNED); - if (status == IDNA_SUCCESS) + status = idn2_to_ascii_8z(SvPVutf8_nolen(obj), &out, IDN2_ALLOW_UNASSIGNED); + if (status == IDN2_OK) { SV *new = newSVpv(out,0); SvUTF8_on(new); /* We know the string is plain ASCII, so let Perl know too */ @@ -28,12 +28,12 @@ to_idn(...) } else { - croak("Error: %s\n", idna_strerror(status)); + croak("Error: %s\n", idn2_strerror(status)); } } } #else - croak("libidn not installed"); + croak("libidn2 not installed"); #endif } diff --git a/t/idn.t b/t/idn.t index 86c16c7..a00dd10 100644 --- a/t/idn.t +++ b/t/idn.t @@ -7,7 +7,7 @@ use utf8; BEGIN { use_ok( "Zonemaster::LDNS" => qw[:all] ) } no warnings 'uninitialized'; -if (exception {to_idn("whatever")} =~ /libidn not installed/) { +if (exception {to_idn("whatever")} =~ /libidn2 not installed/) { ok(!has_idn(), 'No IDN'); done_testing; exit; diff --git a/t/rr.t b/t/rr.t index b13e935..9b7aa66 100644 --- a/t/rr.t +++ b/t/rr.t @@ -103,8 +103,8 @@ subtest 'DNSKEY' => sub { isa_ok( $rr, 'Zonemaster::LDNS::RR::DNSKEY' ); ok( $rr->flags == 256 or $rr->flags == 257 ); is( $rr->protocol, 3 ); - # Alg 8 will replace 5. Now (December 2017) both are used. - ok( $rr->algorithm == 5 or $rr->algorithm == 8 ); + # Alg 8 has replaced 5. Now (February 2022) only alg 8 is used. + ok( $rr->algorithm == 8 ); } } }; @@ -122,9 +122,9 @@ subtest 'RRSIG' => sub { is( $rr->signer, 'se.' ); is( $rr->labels, 1 ); if ( $rr->typecovered eq 'DNSKEY' ) { - # .SE KSK should not change very often. 59407 will replace 59747. - # Now (December 2017) both are used. - ok( $rr->keytag == 59747 or $rr->keytag == 59407 ); + # .SE KSK should not change very often. 59407 has replaced 59747. + # Now (February 2022) only 59407 is used. + ok( $rr->keytag == 59407 ); } } } @@ -172,19 +172,17 @@ subtest 'DS' => sub { my $pd = $se->query( 'nic.se', 'DS' ); plan skip_all => 'No response, cannot test' if not $pd; + # As of February 2022, new KSK with keytag 22643 and algo 13 is used my $nic_key = Zonemaster::LDNS::RR->new( - 'nic.se IN DNSKEY 257 3 5 AwEAAdhJAx197qFpGGXuQn8XH0tQpQSfjvLKMcreRvJyO+f3F3weIHR3 6E8DObolHFp+m1YkxsgnHYjUFN4E9sKa38ZXU0oHTSsB3adExJkINA/t INDlKrzUDn4cIbyUCqHNGe0et+lHmjmfZdj62GJlHgVmxizYkoBd7Rg0 wxzEOo7CA3ZadaHuqmVJ2HvqRCoe+5NDsYpnDia7WggvLTe0vorV6kDc u6d5N9AUPwBsR7YUkbetfXMtUebux71kHCGUJdmzp84MeDi9wXYIssjR oTC5wUF2H3I2Mnj5GqdyBwQCdj5otFbRAx3jiMD+ROxXJxOFdFq7fWi1 yPqUf1jpJ+8=' + 'nic.se IN DNSKEY 257 3 13 lkpZSlU70pd1LHrXqZttOAYKmX046YqYQg1aQJsv1y0xKr+qJS+3Ue1tM5VCYPU3lKuzq93nz0Lm/AV9jeoumQ==' ); my $made = Zonemaster::LDNS::RR->new_from_string( 'nic.se IN NS a.ns.se' ); foreach my $rr ( $pd->answer ) { isa_ok( $rr, 'Zonemaster::LDNS::RR::DS' ); - is( $rr->keytag, 16696 ); - is( $rr->algorithm, 5 ); + is( $rr->keytag, 22643 ); + is( $rr->algorithm, 13 ); ok( $rr->digtype == 1 or $rr->digtype == 2 ); - ok( - $rr->hexdigest eq '40079ddf8d09e7f10bb248a69b6630478a28ef969dde399f95bc3b39f8cbacd7' - or $rr->hexdigest eq 'ef5d421412a5eaf1230071affd4f585e3b2b1a60' - ); + ok( $rr->hexdigest eq 'aa0b38f6755c2777992a74935d50a2a3480effef1a60bf8643d12c307465c9da' ); ok( $rr->verify( $nic_key ), 'derived from expected DNSKEY' ); ok( !$rr->verify( $made ), 'does not match a non-DS non-DNSKEY record' ); }