9 changed files with 49 additions and 805 deletions
--- a/.gitignore
+++ b/.gitignore
@ -10,5 +10,3 @@ x86_64
 /dnssec-tools-2.0.tar.gz
 /dnssec-tools-2.1.tar.gz
 /dnssec-tools-2.2.tar.gz
-/dnssec-tools-2.2.1.tar.gz
-/dnssec-tools-2.2.3.tar.gz
--- a/7287c6b96422e499560fb10b95c1a481ea82656d.patch
+++ b/7287c6b96422e499560fb10b95c1a481ea82656d.patch
@ -1,51 +0,0 @@
-From 7287c6b96422e499560fb10b95c1a481ea82656d Mon Sep 17 00:00:00 2001
-From: Conrad Kostecki <conrad@kostecki.com>
-Date: Sun, 21 Apr 2019 12:55:15 +0200
-Subject: [PATCH] Update makefile to respect users LDFLAGS
-
-Signed-off-by: Conrad Kostecki <conrad@kostecki.com>
---
- dnssec-tools/validator/libsres/Makefile.in     | 2 +-
- dnssec-tools/validator/libval/Makefile.in      | 2 +-
- dnssec-tools/validator/libval_shim/Makefile.in | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/dnssec-tools/validator/libsres/Makefile.in b/dnssec-tools/validator/libsres/Makefile.in
-index e20f6d788..0ef21cf80 100644
--- a/dnssec-tools/validator/libsres/Makefile.in
-+++ b/dnssec-tools/validator/libsres/Makefile.in
-@@ -63,7 +63,7 @@ clean:
- 	$(RM) -rf $(LT_DIR)
- 
- $(LIBRES): $(LOBJ)
-	$(LIBTOOLLD) -o $@ $(LOBJ) 
-+	$(LIBTOOLLD) -o $@ $(LOBJ) $(LDFLAGS)
- 
- install:
- 	$(MKPATH) $(DESTDIR)$(libdir)
-diff --git a/dnssec-tools/validator/libval/Makefile.in b/dnssec-tools/validator/libval/Makefile.in
-index 0d6f35f99..6b361756c 100644
--- a/dnssec-tools/validator/libval/Makefile.in
-+++ b/dnssec-tools/validator/libval/Makefile.in
-@@ -65,7 +65,7 @@ clean:
- 	$(RM) -rf $(LT_DIR)
- 
- $(LIBVAL): $(LOBJ)
-	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES)
-+	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES) $(LDFLAGS)
- 
- install:
- 	$(MKPATH) $(DESTDIR)$(libdir)
-diff --git a/dnssec-tools/validator/libval_shim/Makefile.in b/dnssec-tools/validator/libval_shim/Makefile.in
-index 8b7c8e550..303943cc3 100644
--- a/dnssec-tools/validator/libval_shim/Makefile.in
-+++ b/dnssec-tools/validator/libval_shim/Makefile.in
-@@ -21,7 +21,7 @@ clean:
- 	$(RM) -rf $(LT_DIR)
- 
- $(LIBVAL_SHIM): $(LOBJ)
-	$(LIBTOOLLD) -o $@ $(LOBJ) $(EXTRA_LIBS)
-+	$(LIBTOOLLD) -o $@ $(LOBJ) $(EXTRA_LIBS) $(LDFLAGS)
- 
- install:
- 	$(MKPATH) $(DESTDIR)$(libdir)
--- a/dnssec-tools-2.2.3-add_ifdedf_to_engine.patch
+++ b/dnssec-tools-2.2.3-add_ifdedf_to_engine.patch
@ -1,38 +0,0 @@
-diff -r -u dnssec-tools-2.2.3.orig/validator/libval/val_context.c dnssec-tools-2.2.3/validator/libval/val_context.c
--- dnssec-tools-2.2.3.orig/validator/libval/val_context.c	2024-11-05 11:39:33.696730353 +0100
-+++ dnssec-tools-2.2.3/validator/libval/val_context.c	2024-11-05 11:44:01.428711438 +0100
-@@ -17,9 +17,10 @@
- 
- #include <openssl/conf.h>
- #include <openssl/evp.h>
-+#ifndef OPENSSL_NO_ENGINE
- #include <openssl/engine.h>
-+#endif /* !defined(OPENSSL_NO_ENGINE) */
- #include <openssl/err.h>
-
- #include "val_support.h"
- #include "val_policy.h"
- #include "val_cache.h"
-@@ -853,7 +854,9 @@
-     /* Whole bunch of openssl cleanup routines */
-     CONF_modules_unload(1); 
-     EVP_cleanup(); 
-+#ifndef OPENSSL_NO_ENGINE
-     ENGINE_cleanup(); 
-+#endif
-     CRYPTO_cleanup_all_ex_data(); 
-     ERR_remove_state(0); 
-     ERR_free_strings(); 
-diff -r -u dnssec-tools-2.2.3.orig/validator/libval/val_crypto.c dnssec-tools-2.2.3/validator/libval/val_crypto.c
--- dnssec-tools-2.2.3.orig/validator/libval/val_crypto.c	2024-11-05 11:39:33.695730345 +0100
-+++ dnssec-tools-2.2.3/validator/libval/val_crypto.c	2024-11-05 11:40:17.569919704 +0100
-@@ -22,7 +22,9 @@
- #include <crypto/sha2.h>
- #endif
- #include <openssl/dsa.h>
-+#ifndef OPENSSL_NO_ENGINE
- #include <openssl/engine.h>
-+#endif /* !defined(OPENSSL_NO_ENGINE) */
- #include <openssl/md5.h>
- #include <openssl/rsa.h>
- #include <openssl/err.h>
--- a/dnssec-tools-2.2.3-link-libval-threads-with-libs.patch
+++ b/dnssec-tools-2.2.3-link-libval-threads-with-libs.patch
@ -1,17 +0,0 @@
-diff -up dnssec-tools-2.2.3/validator/libval/Makefile.in.link-with-libs dnssec-tools-2.2.3/validator/libval/Makefile.in
--- dnssec-tools-2.2.3/validator/libval/Makefile.in.link-with-libs	2019-12-19 16:36:05.522457192 -0500
-+++ dnssec-tools-2.2.3/validator/libval/Makefile.in	2019-12-19 16:36:11.967342451 -0500
-@@ -1,3 +1,4 @@
-+LIBS=@LIBS@
- 
- INCL= ../include
- LIB= ../libsres
-@@ -65,7 +66,7 @@ clean:
- 	$(RM) -rf $(LT_DIR)
- 
- $(LIBVAL): $(LOBJ)
-	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES) $(LDFLAGS)
-+	$(LIBTOOLLD) -o $@ $(LOBJ) $(LSRES) $(LIBS) $(LDFLAGS)
- 
- install:
- 	$(MKPATH) $(DESTDIR)$(libdir)
--- a/dnssec-tools-dnsval.conf
+++ b/dnssec-tools-dnsval.conf
@ -1,61 +1,10 @@
-##################################
-# Includes 
-##################################
-
-# TRUSTMAN-ACTION bind-include /var/opt/named/named.conf
-
-##################################
-# Global Options 
-##################################
-
-global-options
-    trust-oob-answers yes
-    edns0-size 1492
-    env-policy disable
-    app-policy disable
+: trust-anchor
+	.	DS "19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
 ;

-##################################
-# Default policies 
-##################################
-
-:	trust-anchor 
-                .  DS  19036  8  2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
-                .  DS  20326  8  2  E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
+: zone-security-expectation
+        . validate
 ;
-
-: zone-security-expectation 
-                . validate
-;
-
 : provably-insecure-status
-                . trusted
-;
-   
-: clock-skew
-                . 0
-;
-
-##################################
-# MTA Policies
-##################################
-    
-mta provably-insecure-status
-                . trusted
-;
-   
-mta clock-skew
-                . -1
-;
-  
-##################################
-# Web Browser Policies 
-##################################
-
-browser provably-insecure-status
-                . trusted
-;
-
-browser clock-skew
-                . 0
+        . trusted
 ;
--- a/dnssec-tools-new-2017-key.patch
+++ b/dnssec-tools-new-2017-key.patch
@ -1,12 +0,0 @@
-diff --git a/dnssec-tools/validator/etc/dnsval.conf b/dnssec-tools/validator/etc/dnsval.conf
-index 07288fe..34bbe6d 100644
--- a/dnssec-tools/validator/etc/dnsval.conf
-+++ b/dnssec-tools/validator/etc/dnsval.conf
-@@ -21,6 +21,7 @@ global-options
- 
- :	trust-anchor 
-                 .  DS  19036  8  2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
-+                .  DS  19036  8  2  E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
- ;
- 
- : zone-security-expectation 
--- a/dnssec-tools-new-openssl-APIs.patch
+++ b/dnssec-tools-new-openssl-APIs.patch
@ -1,464 +0,0 @@
-diff --git a/dnssec-tools/validator/doc/dt-danechk.1 b/dnssec-tools/validator/doc/dt-danechk.1
-index 0d7f5c0a..afe6df47 100644
--- a/dnssec-tools/validator/doc/dt-danechk.1
-+++ b/dnssec-tools/validator/doc/dt-danechk.1
-@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
-+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
- .\"
- .\" Standard preamble:
- .\" ========================================================================
-@@ -38,26 +38,31 @@
- .    ds PI \(*p
- .    ds L" ``
- .    ds R" ''
-+.    ds C`
-+.    ds C'
- 'br\}
- .\"
- .\" Escape single quotes in literal strings from groff's Unicode transform.
- .ie \n(.g .ds Aq \(aq
- .el       .ds Aq '
- .\"
-.\" If the F register is turned on, we'll generate index entries on stderr for
-+.\" If the F register is >0, we'll generate index entries on stderr for
- .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
- .\" entries marked with X<> in POD.  Of course, you'll have to process the
- .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
-+.\"
-+.\" Avoid warning from groff about undefined register 'F'.
-+.de IX
- ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-+.if !\nF .nr F 0
-+.if \nF>0 \{\
- .    de IX
-+.    tm Index:\\$1\t\\n%\t"\\$2"
- ..
-+.    if !\nF==2 \{\
-+.        nr % 0
-+.        nr F 2
-+.    \}
- .\}
- .\"
- .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-@@ -124,7 +129,7 @@
- .\" ========================================================================
- .\"
- .IX Title "DT-DANECHK 1"
-.TH DT-DANECHK 1 "2013-03-07" "perl v5.12.4" "User Commands"
-+.TH DT-DANECHK 1 "2016-12-16" "perl v5.26.2" "User Commands"
- .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
- .\" way too many mistakes in technical documents.
- .if n .ad l
-@@ -139,8 +144,8 @@ dt\-danechk \- validate TLSA records against SSL certificates.
- .SH "DESCRIPTION"
- .IX Header "DESCRIPTION"
- \&\fBdt-danechk\fR is a diagnostic tool that can be used to test the validity
-of an \s-1SSL/TLS\s0 certificate against the \s-1TLSA\s0 record published in the \s-1DNS\s0.
-For more information on \s-1TLSA\s0 and \s-1DANE\s0 see \s-1RFC\s0 6698.
-+of an \s-1SSL/TLS\s0 certificate against the \s-1TLSA\s0 record published in the \s-1DNS.\s0
-+For more information on \s-1TLSA\s0 and \s-1DANE\s0 see \s-1RFC 6698.\s0
- .SH "OPTIONS"
- .IX Header "OPTIONS"
- .IP "\-h, \-\-help" 4
-@@ -204,7 +209,7 @@ Display the version and exit.
- \&\fBlibval\fR
- .SH "COPYRIGHT"
- .IX Header "COPYRIGHT"
-Copyright 2005\-2013 \s-1SPARTA\s0, Inc.  All rights reserved.
-+Copyright 2005\-2013 \s-1SPARTA,\s0 Inc.  All rights reserved.
- See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details.
- .SH "AUTHORS"
- .IX Header "AUTHORS"
-diff --git a/dnssec-tools/validator/doc/val_getdaneinfo.3 b/dnssec-tools/validator/doc/val_getdaneinfo.3
-index 12f3be6d..148b5a5c 100644
--- a/dnssec-tools/validator/doc/val_getdaneinfo.3
-+++ b/dnssec-tools/validator/doc/val_getdaneinfo.3
-@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14)
-+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
- .\"
- .\" Standard preamble:
- .\" ========================================================================
-@@ -38,26 +38,31 @@
- .    ds PI \(*p
- .    ds L" ``
- .    ds R" ''
-+.    ds C`
-+.    ds C'
- 'br\}
- .\"
- .\" Escape single quotes in literal strings from groff's Unicode transform.
- .ie \n(.g .ds Aq \(aq
- .el       .ds Aq '
- .\"
-.\" If the F register is turned on, we'll generate index entries on stderr for
-+.\" If the F register is >0, we'll generate index entries on stderr for
- .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
- .\" entries marked with X<> in POD.  Of course, you'll have to process the
- .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
-+.\"
-+.\" Avoid warning from groff about undefined register 'F'.
-+.de IX
- ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-+.if !\nF .nr F 0
-+.if \nF>0 \{\
- .    de IX
-+.    tm Index:\\$1\t\\n%\t"\\$2"
- ..
-+.    if !\nF==2 \{\
-+.        nr % 0
-+.        nr F 2
-+.    \}
- .\}
- .\"
- .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-@@ -124,7 +129,7 @@
- .\" ========================================================================
- .\"
- .IX Title "val_getdaneinfo 3"
-.TH val_getdaneinfo 3 "2013-03-08" "perl v5.12.4" "Programmer's Manual"
-+.TH val_getdaneinfo 3 "2016-12-16" "perl v5.26.2" "Programmer's Manual"
- .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
- .\" way too many mistakes in technical documents.
- .if n .ad l
-@@ -231,9 +236,9 @@ form below:
- .Ve
- .PP
- The \fIttl\fR field is the time-to-live associated with the \s-1TLSA\s0 record. An
-application must not cache (and use) this \s-1TLSA\s0 record beyond its \s-1TTL\s0.
-+application must not cache (and use) this \s-1TLSA\s0 record beyond its \s-1TTL.\s0
- The \fIusage\fR, \fIselector\fR and \fItype\fR fields correspond to the first
-three fields of the \s-1TLSA\s0 \s-1RDATA\s0 as described in rfc6698. The \s-1TLSA\s0
-+three fields of the \s-1TLSA RDATA\s0 as described in rfc6698. The \s-1TLSA\s0
- certificate association data is returned in the \fIdata\fR field and has
- a length of \fIdatalen\fR bytes. There can be more than one \s-1TLSA\s0 record
- associated with a given name, and the \fInext\fR field points to the next
-@@ -250,7 +255,7 @@ This function automatically iterates over all elements in \fIdres\fR and
- compares the certificate association data against the \s-1SSL/TLS\s0
- certificates associated with the \s-1SSL\s0 connection \fIcon\fR. The \s-1DANE\s0
- protocol enables certain use cases that allows new trust anchors to be
-introduced via \s-1DNSSEC\s0. The value of \fIdo_pathval\fR indicates whether
-+introduced via \s-1DNSSEC.\s0 The value of \fIdo_pathval\fR indicates whether
- the application must proceed with X509 path validation for this
- connection in accordance with the usage that was encoded in the \s-1TLSA\s0
- record.
-@@ -267,7 +272,7 @@ validation policy).
- \&\fI\fIval_getdaneinfo()\fI\fR and \fI\fIval_dane_submit()\fI\fR return \fB\s-1VAL_DANE_NOERROR\s0\fR
- on success, and \fB\s-1VAL_DANE_MALFORMED_TLSA\s0\fR or \fB\s-1VAL_DANE_INTERNAL_ERROR\s0\fR
- for error conditions. A value of \fB\s-1VAL_DANE_NOTVALIDATED\s0\fR is returned if
-the \s-1TLSA\s0 record cannot be validated via \s-1DNSSEC\s0. A value of
-+the \s-1TLSA\s0 record cannot be validated via \s-1DNSSEC. A\s0 value of
- \&\fB\s-1VAL_DANE_IGNORE_TLSA\s0\fR is returned if the \s-1TLSA\s0 record for the given name
- is provably absent.
- .PP
-@@ -285,7 +290,7 @@ The \fI\fIp_dane_error()\fI\fR function can be used to convert the DANE-related
- error codes to an error string value.
- .SH "COPYRIGHT"
- .IX Header "COPYRIGHT"
-Copyright 2004\-2013 \s-1SPARTA\s0, Inc.  All rights reserved.
-+Copyright 2004\-2013 \s-1SPARTA,\s0 Inc.  All rights reserved.
- See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details.
- .SH "AUTHORS"
- .IX Header "AUTHORS"
-@@ -294,7 +299,7 @@ Suresh Krishnaswamy
- .IX Header "SEE ALSO"
- \&\fI\fIlibval\fI\|(3)\fR
- .PP
-\&\s-1RFC\s0 6698 (\s-1DANE\s0)
-+\&\s-1RFC 6698\s0 (\s-1DANE\s0)
- .PP
- draft-hayatnagarkar-dnsext-validator-api
- .PP
-diff --git a/dnssec-tools/validator/etc/dnsval.conf b/dnssec-tools/validator/etc/dnsval.conf
-index 07288fe3..34bbe6d6 100644
--- a/dnssec-tools/validator/etc/dnsval.conf
-+++ b/dnssec-tools/validator/etc/dnsval.conf
-@@ -21,6 +21,7 @@ global-options
- 
- :	trust-anchor 
-                 .  DS  19036  8  2  49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
-+                .  DS  19036  8  2  E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
- ;
- 
- : zone-security-expectation 
-diff --git a/dnssec-tools/validator/include/validator/validator-compat.h b/dnssec-tools/validator/include/validator/validator-compat.h
-index c6ebf23f..300ef11e 100644
--- a/dnssec-tools/validator/include/validator/validator-compat.h
-+++ b/dnssec-tools/validator/include/validator/validator-compat.h
-@@ -818,14 +818,6 @@ typedef enum __ns_flag {
-         ns_f_max
- } ns_flag;
- 
-/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
-#define NS_ALG_MD5RSA           1       /* MD5 with RSA */
-#define NS_ALG_DH               2       /* Diffie Hellman KEY */
-#define NS_ALG_DSA              3       /* DSA KEY */
-#define NS_ALG_DSS              NS_ALG_DSA
-#define NS_ALG_EXPIRE_ONLY      253     /* No alg, no security */
-#define NS_ALG_PRIVATE_OID      254     /* Key begins with OID giving alg */
-
- /* Protocol values  */
- /* value 0 is reserved */
- #define NS_KEY_PROT_TLS         1
-@@ -1050,5 +1042,26 @@ struct addrinfo {
- #endif
- 
- 
-+/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
-+#define NS_ALG_MD5RSA           1       /* MD5 with RSA */
-+#define NS_ALG_DH               2       /* Diffie Hellman KEY */
-+#define NS_ALG_DSA              3       /* DSA KEY */
-+#define NS_ALG_DSS              NS_ALG_DSA
-+#define NS_ALG_EXPIRE_ONLY      253     /* No alg, no security */
-+#define NS_ALG_PRIVATE_OID      254     /* Key begins with OID giving alg */
-+#define	ns_t_zxfr 256
-+
-+#define NS_MD5RSA_MIN_BITS       512    /* Size of a mod or exp in bits */
-+#define NS_MD5RSA_MAX_BITS      2552
-+        /* Total of binary mod and exp */
-+#define NS_MD5RSA_MAX_BYTES     ((NS_MD5RSA_MAX_BITS+7/8)*2+3)
-+        /* Max length of text sig block */
-+#define NS_MD5RSA_MAX_BASE64    (((NS_MD5RSA_MAX_BYTES+2)/3)*4)
-+#define NS_MD5RSA_MIN_SIZE      ((NS_MD5RSA_MIN_BITS+7)/8)
-+#define NS_MD5RSA_MAX_SIZE      ((NS_MD5RSA_MAX_BITS+7)/8)
-+
-+#include "openssl/hmac.h"
-+#include "openssl/ossl_typ.h"
-+
- #endif /* _VALIDATOR_COMPAT_H */
- 
-diff --git a/dnssec-tools/validator/libsres/ns_print.c b/dnssec-tools/validator/libsres/ns_print.c
-index 98f1f9c3..edcbbbc3 100644
--- a/dnssec-tools/validator/libsres/ns_print.c
-+++ b/dnssec-tools/validator/libsres/ns_print.c
-@@ -712,6 +712,10 @@ ns_sprintrrf_data(const u_char * msg, size_t msglen,
- nxtbitmaps:
- #endif /* LIBVAL_NSEC3 */
- 
-+#if !defined(NS_NXT_BIT_ISSET)
-+#define	NS_NXT_BITS 8
-+#define	NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] &   (0x80>>((n)%NS_NXT_BITS)))
-+#endif
-             /** Type bit map.  */
-             while (edata - rdata > 0) {
-                 b = *rdata;
-diff --git a/dnssec-tools/validator/libsres/res_tsig.c b/dnssec-tools/validator/libsres/res_tsig.c
-index bc010302..03f73c49 100644
--- a/dnssec-tools/validator/libsres/res_tsig.c
-+++ b/dnssec-tools/validator/libsres/res_tsig.c
-@@ -16,6 +16,7 @@
-  */
- #include "validator-internal.h"
- 
-+#include <openssl/ossl_typ.h>
- #include <openssl/hmac.h>
- 
- #include "res_tsig.h"
-@@ -237,7 +238,7 @@ res_tsig_sign(u_char * query,
-     u_char *hp;
-     HEADER *header;
-     struct timeval now;
-    HMAC_CTX ctx;
-+    HMAC_CTX *ctx;
-     const EVP_MD *md;
-     u_char hash[MAX_DIGEST_LENGTH];
-     unsigned int len;
-@@ -274,8 +275,8 @@ res_tsig_sign(u_char * query,
-                return SR_TS_FAIL;
-         } 
- 
-        HMAC_CTX_init(&ctx);
-        HMAC_Init_ex(&ctx, ns->ns_tsig->key, ns->ns_tsig->keylen,
-+        ctx = HMAC_CTX_new();
-+        HMAC_Init_ex(ctx, ns->ns_tsig->key, ns->ns_tsig->keylen,
-                 md, NULL);
- 
-         /* Create a TSIG RR and add it to the additional section */
-@@ -289,7 +290,7 @@ res_tsig_sign(u_char * query,
-         p = cp;
-         memcpy(cp, query, query_length * sizeof(u_char));
-         cp += query_length;
-        HMAC_Update(&ctx, p, cp-p); 
-+        HMAC_Update(ctx, p, cp-p); 
- 
-         /* Bump up the additional section count */
-         header = (HEADER *) p;
-@@ -300,7 +301,7 @@ res_tsig_sign(u_char * query,
-         p = cp;
-         memcpy(cp, ns->ns_tsig->name_n, wire_name_length(ns->ns_tsig->name_n));
-         cp += wire_name_length(ns->ns_tsig->name_n);
-        HMAC_Update(&ctx, p, cp-p); 
-+        HMAC_Update(ctx, p, cp-p); 
- 
-         /* don't digest type */
-         RES_PUT16(ns_t_tsig, cp);
-@@ -308,7 +309,7 @@ res_tsig_sign(u_char * query,
-         p = cp;
-         RES_PUT16(ns_t_any, cp);
-         RES_PUT32(0, cp);
-        HMAC_Update(&ctx, p, cp-p); 
-+        HMAC_Update(ctx, p, cp-p); 
- 
-         /* don't digest rdatalen */
-         RES_PUT16(ns->ns_tsig->rdatalen, cp);
-@@ -316,13 +317,13 @@ res_tsig_sign(u_char * query,
-         p = cp;
-         memcpy(cp, ns->ns_tsig->alg_n, wire_name_length(ns->ns_tsig->alg_n));
-         cp += wire_name_length(ns->ns_tsig->alg_n);
-        HMAC_Update(&ctx, p, cp-p); 
-+        HMAC_Update(ctx, p, cp-p); 
- 
-         gettimeofday(&now, NULL);
-         p = cp;
-         RES_PUT48((u_int64_t)now.tv_sec, cp);
-         RES_PUT16(ns->ns_tsig->fudge, cp);
-        HMAC_Update(&ctx, p, cp-p); 
-+        HMAC_Update(ctx, p, cp-p); 
- 
-         /* don't digest the mac_size */
-         RES_PUT16(ns->ns_tsig->mac_size, cp);
-@@ -337,9 +338,9 @@ res_tsig_sign(u_char * query,
-         p = cp;
-         RES_PUT16(0, cp);
-         RES_PUT16(0, cp);
-        HMAC_Update(&ctx, p, cp-p); 
-+        HMAC_Update(ctx, p, cp-p); 
- 
-        HMAC_Final(&ctx, hash, &len);
-+        HMAC_Final(ctx, hash, &len);
- 
-         if (len != ns->ns_tsig->mac_size) {
-             FREE(*signed_query);
-@@ -348,7 +349,7 @@ res_tsig_sign(u_char * query,
-         }
-         memcpy(hp, hash, len);
- 
-        HMAC_CTX_cleanup(&ctx);
-+        HMAC_CTX_free(ctx);
-         return SR_TS_OK;
- 
-     } else
-diff --git a/dnssec-tools/validator/libval/val_crypto.c b/dnssec-tools/validator/libval/val_crypto.c
-index 46d1ce5d..b3ccdcd4 100644
--- a/dnssec-tools/validator/libval/val_crypto.c
-+++ b/dnssec-tools/validator/libval/val_crypto.c
-@@ -22,6 +22,7 @@
- #include <crypto/sha2.h>
- #endif
- #include <openssl/dsa.h>
-+#include <openssl/engine.h>
- #include <openssl/md5.h>
- #include <openssl/rsa.h>
- #include <openssl/err.h>
-@@ -77,10 +78,8 @@ dsasha1_parse_public_key(const u_char *buf, size_t buflen, DSA * dsa)
-     bn_y = BN_bin2bn(buf + index, 64 + (T * 8), NULL);
-     index += (64 + (T * 8));
- 
-    dsa->p = bn_p;
-    dsa->q = bn_q;
-    dsa->g = bn_g;
-    dsa->pub_key = bn_y;
-+    DSA_set0_pqg(dsa, bn_p, bn_q, bn_g);
-+    DSA_set0_key(dsa, bn_y, NULL);
- 
-     return VAL_NO_ERROR;        /* success */
- }
-@@ -214,8 +213,7 @@ rsamd5_parse_public_key(const u_char *buf, size_t buflen, RSA * rsa)
-      */
-     bn_mod = BN_bin2bn(buf + index, buflen - index, NULL);
- 
-    rsa->e = bn_exp;
-    rsa->n = bn_mod;
-+    RSA_set0_key(rsa, bn_mod, bn_exp, NULL);
- 
-     return VAL_NO_ERROR;        /* success */
- }
-@@ -246,7 +244,7 @@ rsamd5_keytag(const u_char *pubkey, size_t pubkey_len)
-         return VAL_BAD_ARGUMENT;
-     }
- 
-    modulus = rsa->n;
-+    RSA_get0_key(rsa, (const BIGNUM **) &modulus, NULL, NULL);
-     modulus_len = BN_num_bytes(modulus);
-     modulus_bin =
-         (u_char *) MALLOC(modulus_len * sizeof(u_char));
-@@ -361,8 +359,7 @@ rsa_parse_public_key(const u_char *buf, size_t buflen, RSA * rsa)
-      */
-     bn_mod = BN_bin2bn(buf + index, buflen - index, NULL);
- 
-    rsa->e = bn_exp;
-    rsa->n = bn_mod;
-+    RSA_set0_key(rsa, bn_mod, bn_exp, NULL);
- 
-     return VAL_NO_ERROR;        /* success */
- }
-@@ -460,11 +457,10 @@ ecdsa_sigverify(val_context_t * ctx,
-     EC_KEY   *eckey = NULL;
-     BIGNUM *bn_x = NULL;
-     BIGNUM *bn_y = NULL;
-    ECDSA_SIG ecdsa_sig;
-+    ECDSA_SIG *ecdsa_sig;
-     size_t   hashlen = 0;
- 
-    ecdsa_sig.r = NULL;
-    ecdsa_sig.s = NULL;
-+    ecdsa_sig = ECDSA_SIG_new();
-     memset(sha_hash, 0, sizeof(sha_hash));
- 
-     val_log(ctx, LOG_DEBUG,
-@@ -523,10 +519,10 @@ ecdsa_sigverify(val_context_t * ctx,
-         goto err;
-     }
- 
-    ecdsa_sig.r = BN_bin2bn(rrsig->signature, hashlen, NULL); 
-    ecdsa_sig.s = BN_bin2bn(&rrsig->signature[hashlen], hashlen, NULL); 
-+    ECDSA_SIG_set0(ecdsa_sig, BN_bin2bn(rrsig->signature, hashlen, NULL),
-+                   BN_bin2bn(&rrsig->signature[hashlen], hashlen, NULL));
- 
-    if (ECDSA_do_verify(sha_hash, hashlen, &ecdsa_sig, eckey) == 1) {
-+    if (ECDSA_do_verify(sha_hash, hashlen, ecdsa_sig, eckey) == 1) {
-         val_log(ctx, LOG_INFO, "ecdsa_sigverify(): returned SUCCESS");
-         *sig_status = VAL_AC_RRSIG_VERIFIED;
-     } else {
-@@ -536,10 +532,8 @@ ecdsa_sigverify(val_context_t * ctx,
- 
-     /* Free all structures allocated */
- err:
-    if (ecdsa_sig.r)
-        BN_free(ecdsa_sig.r);
-    if (ecdsa_sig.s)
-        BN_free(ecdsa_sig.s);
-+    if (ecdsa_sig)
-+        ECDSA_SIG_free(ecdsa_sig);
-     if (bn_x)
-         BN_free(bn_x);
-     if (bn_y)
-diff --git a/dnssec-tools/validator/libval/val_dane.c b/dnssec-tools/validator/libval/val_dane.c
-index 32ffdc7a..16b0a0b2 100644
--- a/dnssec-tools/validator/libval/val_dane.c
-+++ b/dnssec-tools/validator/libval/val_dane.c
-@@ -875,7 +875,8 @@ val_X509_peer_cert_verify_cb(X509_STORE_CTX *x509ctx, void *arg)
-     if (x509ctx == NULL || ssl_dane_data == NULL)
-         return 0;
- 
-    cert = x509ctx->cert;
-+    
-+    cert = X509_STORE_CTX_get_current_cert(x509ctx);
-     context = ssl_dane_data->context;
- 
-     /* 
--- a/dnssec-tools.spec
+++ b/dnssec-tools.spec
@ -1,43 +1,32 @@
-# OpenSSL ENGINE support deprecated in Fedora 41 onwards
-# https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
-%if 0%{?fedora} > 40
-%global _preprocessor_defines %{?_preprocessor_defines} -DOPENSSL_NO_ENGINE
-%endif
-
-
 Summary: A suite of tools for managing dnssec aware DNS usage
 Name: dnssec-tools
-Version: 2.2.3
-Release: 30%{?dist}
-# Automatically converted from old format: BSD - review is highly recommended.
-License: LicenseRef-Callaway-BSD
+Version: 2.2
+Release: 4%{?dist}
+License: BSD
+Group: System Environment/Base
 URL: http://www.dnssec-tools.org/
-#Source0: https://www.dnssec-tools.org/download/%%{name}-%%{version}.tar.gz
-Source0: https://www.hardakers.net/software/%{name}-%{version}.tar.gz
+Source0: https://www.dnssec-tools.org/download/%{name}-%{version}.tar.gz
 Source1: dnssec-tools-dnsval.conf
 Source2: libval-config
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 # Require note: the auto-detection for perl-Net-DNS-SEC will not work since
 # the tools do run time tests for their existence.  But most of the tools
 # are much more useful with the modules in place, so we hand require them.
-Requires: dnssec-tools-perlmods, bind, perl(Getopt::GUI::Long)
+Requires: perl(Net::DNS), perl(Net::DNS::SEC), dnssec-tools-perlmods, bind, perl(Getopt::GUI::Long)
+Requires:  perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 Requires: perl(GraphViz)
-BuildRequires: gcc
 BuildRequires: openssl-devel
 BuildRequires: perl-devel
 BuildRequires: perl-generators
 BuildRequires: perl(Test) perl(ExtUtils::MakeMaker)
-BuildRequires: make
 # Makes the code installation linux filesystem friendly
 Patch5: dnssec-tools-linux-conf-paths-1.13.patch
+Patch6: dnssec-tools-zonefile-fast-new-bind-1.13.patch
+Patch12: dnssec-tools-zonefile-fast-nsec3-1.20.patch
 Patch13: dnssec-tools-2.0-autoconf-for-aarch64.patch
-Patch17: dnssec-tools-new-2017-key.patch
-Patch18: dnssec-tools-new-openssl-APIs.patch
-# Update Makefile to respect users LDFLAGS
-# https://github.com/DNSSEC-Tools/DNSSEC-Tools/commit/7287c6b96422e499560fb10b95c1a481ea82656d
-Patch19: 7287c6b96422e499560fb10b95c1a481ea82656d.patch
-# link libval-threads with libs
-Patch20: dnssec-tools-2.2.3-link-libval-threads-with-libs.patch
-Patch21: dnssec-tools-2.2.3-add_ifdedf_to_engine.patch
+Patch14: dnssec-tools-zonefile-fast-misc.patch
+Patch15: dnssec-tools-zonefile-fast-nsec3-fixes.patch
+Patch16: dnssec-tools-zonefile-fast-tlsa-fixes.patch

 %description

@ -46,8 +35,9 @@ patches, applications, wrappers, extensions, and plugins that will
 help ease the deployment of DNSSEC-related technologies.

 %package perlmods
+Group: System Environment/Libraries
 Summary: Perl modules supporting DNSSEC (needed by the dnssec-tools)
-Requires: perl(Getopt::GUI::Long)
+Requires: perl(Net::DNS), perl(Net::DNS::SEC)

 %description perlmods

@ -56,6 +46,7 @@ required by the DNSSEC tools themselves as well as modules that are
 useful for other developers.

 %package libs
+Group: System Environment/Libraries
 Summary: C-based libraries for dnssec aware tools
 Requires: openssl

@ -63,6 +54,7 @@ Requires: openssl
 C-based libraries useful for developing dnssec aware tools.

 %package libs-devel
+Group: Development/Libraries
 Summary: C-based development libraries for dnssec aware tools
 Requires: dnssec-tools-libs = %{version}-%{release}

@ -72,18 +64,13 @@ C-based libraries useful for developing dnssec aware tools.
 %prep
 %setup -q

-%patch -P5 -p0 
-#%%patch6 -p2
-#%%patch12 -p2
-#%%patch13 -p2
-#%%patch14 -p2
-#%%patch15 -p2
-#%%patch16 -p2
-#%%patch17 -p2
-#%%patch18 -p2
-%patch -P19 -p2
-%patch -P20 -p1 -b .link-with-libs
-%patch -P21 -p1
+%patch5 -p0 
+#%patch6 -p2
+#%patch12 -p2
+#%patch13 -p2
+#%patch14 -p2
+#%patch15 -p2
+#%patch16 -p2

 %build
 %configure --with-validator-testcases-file=%{_datadir}/dnssec-tools/validator-testcases --with-perl-build-args="INSTALLDIRS=vendor OPTIMIZE='$RPM_OPT_FLAGS'" --sysconfdir=/etc --with-root-hints=/etc/dnssec-tools/root.hints --with-resolv-conf=/etc/dnssec-tools/resolv.conf --disable-static --with-nsec3 --with-ipv6 --with-dlv --disable-bind-checks
@ -92,7 +79,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' validator/libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' validator/libtool
 # makefile dependencies are broken; we can't use smp_mflags:
-#make %%{?_smp_mflags} CCFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+#make %{?_smp_mflags} CCFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
 make CCFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"

 %install
@ -117,10 +104,16 @@ mv ${RPM_BUILD_ROOT}/%{_bindir}/libval-config ${RPM_BUILD_ROOT}/%{_bindir}/libva
 # Add a new wrapper script that calls the right file at run time
 install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config

-%ldconfig_scriptlets libs
+%post libs -p /sbin/ldconfig
+
+%postun libs -p /sbin/ldconfig
+
+%clean
+rm -rf %{buildroot}

 %files
-%doc README.md INSTALL COPYING
+%defattr(-,root,root,-)
+%doc README INSTALL COPYING

 %dir %{_sysconfdir}/dnssec-tools/
 %config(noreplace) %{_sysconfdir}/dnssec-tools/dnssec-tools.conf
@ -137,7 +130,7 @@ install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config
 %{_bindir}/maketestzone
 %{_bindir}/mapper
 %{_bindir}/zonesigner
-# this doesn't use %%{_datadir} because patch6 above uses this exact path
+# this doesn't use %{_datadir} because patch6 above uses this exact path
 /usr/share/dnssec-tools
 #/usr/share/dnssec-tools/donuts
 #/usr/share/dnssec-tools/donuts/rules
@ -164,7 +157,7 @@ install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config
 %{_bindir}/dt-libval_check_conf
 %{_bindir}/dt-validate
 # configure above 
-#%%{_datadir}/dnssec-tools/validator-testcases
+#%{_datadir}/dnssec-tools/validator-testcases
 %{_bindir}/dt-getaddr
 %{_bindir}/dt-gethost
 %{_bindir}/dt-getname
@ -266,6 +259,8 @@ install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config
 %{_mandir}/man3/Net::DNS::SEC::Tools::realmmgr.3pm.gz

 %files perlmods
+%defattr(-,root,root)
+
 # perl-Net-DNS-SEC is noarch and cannot own this directory:
 %dir %{perl_vendorarch}/Net/DNS/SEC

@ -291,6 +286,7 @@ install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config
 %{_mandir}/man3/Net::DNS::SEC::Validator.3pm.gz
 %{_mandir}/man3/Net::addrinfo.3pm.gz
 %{_mandir}/man3/Net::DNS::SEC::Tools::Donuts::Rule.3pm.gz
+%{_mandir}/man3/Net::DNS::ZoneFile::Fast.3pm.gz
 %{_mandir}/man3/Net::DNS::SEC::Tools::rolllog.3pm.gz

 %{_mandir}/man3/Net::DNS::SEC::Tools::TrustAnchor.3pm.gz
@ -303,16 +299,15 @@ install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config
 %{_mandir}/man3/Net::DNS::SEC::Tools::TrustAnchor::Mf.3pm.gz
 %{_mandir}/man3/Net::DNS::SEC::Tools::TrustAnchor::Secspider.3pm.gz

-# obsolete module still in upstream source:
-%{_mandir}/man3/Net::DNS::ZoneFile::Fast.3pm.gz
-
 %files libs
+%defattr(-,root,root)
 %{_libdir}/*.so.*
 %config(noreplace) %{_sysconfdir}/dnssec-tools
-#%%config(noreplace) %%{_sysconfdir}/dnssec-tools/dnsval.conf
-#%%config(noreplace) %%{_sysconfdir}/dnssec-tools/root.hints
+#%config(noreplace) %{_sysconfdir}/dnssec-tools/dnsval.conf
+#%config(noreplace) %{_sysconfdir}/dnssec-tools/root.hints

 %files libs-devel
+%defattr(-,root,root)
 %{_includedir}/validator
 %{_libdir}/*.so

@ -346,7 +341,7 @@ install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config
 %{_mandir}/man3/val_isvalidated.3.gz
 %{_mandir}/man3/val_res_query.3.gz
 %{_mandir}/man3/val_res_search.3.gz
-#%%{_mandir}/man3/val_addrinfo.3.gz
+#%{_mandir}/man3/val_addrinfo.3.gz
 %{_mandir}/man3/val_add_valpolicy.3.gz
 %{_mandir}/man3/val_context_setqflags.3.gz
 %{_mandir}/man3/val_does_not_exist.3.gz
@ -372,122 +367,6 @@ install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/libval-config


 %changelog
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-30
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Mon Jul 07 2025 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-29
- Perl 5.42 rebuild
-
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Tue Nov 05 2024 Michal Josef Špaček <mspacek@redhat.com> - 2.2.3-27
- Build without OpenSSL ENGINE support on Fedora 41 onwards
-
-* Wed Aug 28 2024 Miroslav Suchý <msuchy@redhat.com> - 2.2.3-26
- convert license to SPDX
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Mon Jun 10 2024 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-24
- Perl 5.40 rebuild
-
-* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-20
- Perl 5.38 rebuild
-
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Mon Dec 19 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-18
- Add BR perl-generators to automatically generates run-time dependencies
-  for installed Perl files
-
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-16
- Perl 5.36 rebuild
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.2.3-14
- Rebuilt with OpenSSL 3.0.0
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-12
- Perl 5.34 rebuild
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Fri Sep 25 2020 Petr Pisar <ppisar@redhat.com> - 2.2.3-10
- Build-require perl-macros for Perl RPM macros
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-8
- Perl 5.32 rebuild
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Dec 19 2019 Tom Callaway <spot@fedoraproject.org> - 2.2.3-6
- fix libval-threads to link with dependent libs
- use LDFLAGS
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.2.3-4
- Perl 5.30 rebuild
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Thu Oct 4 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.3-2
- update default dnsval.conf
-
-* Wed Aug 29 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.3-1
- match upstream version
-
-* Wed Aug 29 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.1-2
- add Mail::Send
-
-* Mon Jul 30 2018 Wes Hardaker <wjhns174@hardakers.net> - 2.2.1-1
- fix build issues
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2.2-9
- Perl 5.28 rebuild
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 2.2-5
- Perl 5.26 rebuild
-
 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (dnssec-tools-2.2.3.tar.gz) = b83d3dfc999560937f7bb5558caf45449ad0501818b2b7cbbdc03008a365cd1d37aae6dff49b7c6785f737d1a01f20d3bf35bb7c86e9f9fca7eff5f5b35b8834
+ceb39b4d2376bfc4aa22f73846c11789  dnssec-tools-2.2.tar.gz