From d620463052b76f01eefaf4434f675a0ffe14c22f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Jul 2020 03:51:19 -0400 Subject: [PATCH] import bind-9.11.20-3.el8 --- .bind.metadata | 2 +- .gitignore | 2 +- SOURCES/bind-9.10-sdb.patch | 18 +- SOURCES/bind-9.11-export-isc-config.patch | 35 ---- SOURCES/bind-9.11-kyua-pkcs11.patch | 34 ++-- SOURCES/bind-9.11-rh1624100.patch | 14 +- SOURCES/bind-9.11-rt31459.patch | 160 ++++++++-------- SOURCES/bind-9.11-rt46047.patch | 96 +++++----- SOURCES/bind-9.11-serve-stale.patch | 219 ++++++++++----------- SOURCES/bind-9.11-zone2ldap.patch | 47 +++-- SOURCES/bind-9.3.2b1-fix_sdb_ldap.patch | 222 +++++++++++----------- SOURCES/bind97-rh645544.patch | 19 +- SOURCES/trusted-key.key | 1 - SPECS/bind.spec | 127 ++++++++++--- 14 files changed, 507 insertions(+), 489 deletions(-) delete mode 100644 SOURCES/bind-9.11-export-isc-config.patch diff --git a/.bind.metadata b/.bind.metadata index c07b294..6031674 100644 --- a/.bind.metadata +++ b/.bind.metadata @@ -1,2 +1,2 @@ -550367762a653ac5ed0eb04b316d06517650a925 SOURCES/bind-9.11.13.tar.gz +ff6ad0d3f9282a77786e93eb889154008ef1ccdf SOURCES/bind-9.11.20.tar.gz a164fcad1d64d6b5fab5034928cb7260f1fa8fdd SOURCES/random.data diff --git a/.gitignore b/.gitignore index 8008e19..e7ad81f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/bind-9.11.13.tar.gz +SOURCES/bind-9.11.20.tar.gz SOURCES/random.data diff --git a/SOURCES/bind-9.10-sdb.patch b/SOURCES/bind-9.10-sdb.patch index 5524daa..f36e156 100644 --- a/SOURCES/bind-9.10-sdb.patch +++ b/SOURCES/bind-9.10-sdb.patch @@ -79,10 +79,10 @@ index 03a72d5..4c1cb6d 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c -index 108b8d6..a943421 100644 +index c9fc3cc..148ebb3 100644 --- a/bin/named-sdb/main.c +++ b/bin/named-sdb/main.c -@@ -93,6 +93,10 @@ +@@ -97,6 +97,10 @@ * Include header files for database drivers here. */ /* #include "xxdb.h" */ @@ -93,7 +93,7 @@ index 108b8d6..a943421 100644 #ifdef CONTRIB_DLZ /* -@@ -1069,6 +1073,11 @@ setup(void) { +@@ -1134,6 +1138,11 @@ setup(void) { ns_main_earlyfatal("isc_app_start() failed: %s", isc_result_totext(result)); @@ -105,7 +105,7 @@ index 108b8d6..a943421 100644 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting %s %s%s%s ", ns_g_product, ns_g_version, -@@ -1269,6 +1278,75 @@ setup(void) { +@@ -1334,6 +1343,75 @@ setup(void) { isc_result_totext(result)); #endif @@ -181,7 +181,7 @@ index 108b8d6..a943421 100644 ns_server_create(ns_g_mctx, &ns_g_server); #ifdef HAVE_LIBSECCOMP -@@ -1311,6 +1389,11 @@ cleanup(void) { +@@ -1376,6 +1454,11 @@ cleanup(void) { dns_name_destroy(); @@ -288,10 +288,10 @@ index c7e0868..95ab742 100644 + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 diff --git a/configure.ac b/configure.ac -index eff9f05..d05ad1f 100644 +index f85f45f..7d28c52 100644 --- a/configure.ac +++ b/configure.ac -@@ -5429,6 +5429,8 @@ AC_CONFIG_FILES([ +@@ -5400,6 +5400,8 @@ AC_CONFIG_FILES([ bin/named/unix/Makefile bin/named-pkcs11/Makefile bin/named-pkcs11/unix/Makefile @@ -300,9 +300,9 @@ index eff9f05..d05ad1f 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5453,6 +5455,7 @@ AC_CONFIG_FILES([ - bin/python/isc/tests/dnskey_test.py +@@ -5424,6 +5426,7 @@ AC_CONFIG_FILES([ bin/python/isc/tests/policy_test.py + bin/python/isc/utils.py bin/rndc/Makefile + bin/sdb_tools/Makefile bin/tests/Makefile diff --git a/SOURCES/bind-9.11-export-isc-config.patch b/SOURCES/bind-9.11-export-isc-config.patch deleted file mode 100644 index fd5622c..0000000 --- a/SOURCES/bind-9.11-export-isc-config.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/export-libs/Makefile b/export-libs/Makefile -index df15ea8..13f416b 100644 ---- a/export-libs/Makefile -+++ b/export-libs/Makefile -@@ -404,20 +404,18 @@ installdirs: - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 - - install:: isc-config.sh installdirs -- ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir} -- rm -f ${DESTDIR}${bindir}/bind9-config -- ln ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config -- ${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1 -- rm -f ${DESTDIR}${mandir}/man1/bind9-config.1 -- ln ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1 -- ${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir} -+ ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}/isc-export-config.sh -+ rm -f ${DESTDIR}${bindir}/bind9-export-config -+ ln ${DESTDIR}${bindir}/isc-export-config.sh ${DESTDIR}${bindir}/bind9-export-config -+ ${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1/isc-export-config.sh.1 -+ rm -f ${DESTDIR}${mandir}/man1/bind9-export-config.1 -+ ln ${DESTDIR}${mandir}/man1/isc-export-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-export-config.1 - - uninstall:: -- rm -f ${DESTDIR}${sysconfdir}/bind.keys -- rm -f ${DESTDIR}${mandir}/man1/bind9-config.1 -- rm -f ${DESTDIR}${mandir}/man1/isc-config.sh.1 -- rm -f ${DESTDIR}${bindir}/bind9-config -- rm -f ${DESTDIR}${bindir}/isc-config.sh -+ rm -f ${DESTDIR}${mandir}/man1/bind9-export-config.1 -+ rm -f ${DESTDIR}${mandir}/man1/isc-export-config.sh.1 -+ rm -f ${DESTDIR}${bindir}/bind9-export-config -+ rm -f ${DESTDIR}${bindir}/isc-export-config.sh - - tags: - rm -f TAGS diff --git a/SOURCES/bind-9.11-kyua-pkcs11.patch b/SOURCES/bind-9.11-kyua-pkcs11.patch index ac15d22..9cfa618 100644 --- a/SOURCES/bind-9.11-kyua-pkcs11.patch +++ b/SOURCES/bind-9.11-kyua-pkcs11.patch @@ -1,4 +1,4 @@ -From eb38d2278937ec3fe45d0af30cd080953bbb5b54 Mon Sep 17 00:00:00 2001 +From a9b5785f174cf7fd74891fa64f6b69b9a9b55466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 2 Jan 2018 18:13:07 +0100 Subject: [PATCH] Fix pkcs11 variants atf tests @@ -16,10 +16,10 @@ Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode 6 files changed, 38 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac -index 0532feb..a83ddd5 100644 +index 62ecf56..0940a7d 100644 --- a/configure.ac +++ b/configure.ac -@@ -5578,6 +5578,7 @@ AC_CONFIG_FILES([ +@@ -5476,6 +5476,7 @@ AC_CONFIG_FILES([ lib/dns-pkcs11/include/Makefile lib/dns-pkcs11/include/dns/Makefile lib/dns-pkcs11/include/dst/Makefile @@ -43,13 +43,13 @@ index 7c8bab0..eec9564 100644 include('isccfg/Kyuafile') include('lwres/Kyuafile') diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in -index 7671e1d..e237d5c 100644 +index 22a06a8..5df5b15 100644 --- a/lib/dns-pkcs11/tests/Makefile.in +++ b/lib/dns-pkcs11/tests/Makefile.in @@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@ CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \ - @DST_OPENSSL_INC@ + @DST_OPENSSL_INC@ ${MAXMINDDB_CFLAGS} -CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\"" +CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\"" @@ -65,10 +65,10 @@ index 7671e1d..e237d5c 100644 LIBS = @LIBS@ @CMOCKA_LIBS@ CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@ diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c -index 4dbfd82..a383b8e 100644 +index a5bf46c..9ff2b76 100644 --- a/lib/dns-pkcs11/tests/dh_test.c +++ b/lib/dns-pkcs11/tests/dh_test.c -@@ -86,7 +86,8 @@ dh_computesecret(void **state) { +@@ -88,7 +88,8 @@ dh_computesecret(void **state) { result = dst_key_computesecret(key, key, &buf); assert_int_equal(result, DST_R_NOTPRIVATEKEY); result = key->func->computesecret(key, key, &buf); @@ -79,7 +79,7 @@ index 4dbfd82..a383b8e 100644 dst_key_free(&key); } diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in -index 2fdee0b..a263b35 100644 +index 36d2207..00dfbc9 100644 --- a/lib/isc-pkcs11/tests/Makefile.in +++ b/lib/isc-pkcs11/tests/Makefile.in @@ -16,10 +16,10 @@ VERSION=@BIND9_VERSION@ @@ -97,10 +97,10 @@ index 2fdee0b..a263b35 100644 LIBS = @LIBS@ @CMOCKA_LIBS@ CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@ diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c -index 9c4d299..d9deba2 100644 +index 4fafc38..5eb2be2 100644 --- a/lib/isc-pkcs11/tests/hash_test.c +++ b/lib/isc-pkcs11/tests/hash_test.c -@@ -85,7 +85,7 @@ typedef struct hash_testcase { +@@ -84,7 +84,7 @@ typedef struct hash_testcase { typedef struct hash_test_key { const char *key; @@ -109,7 +109,7 @@ index 9c4d299..d9deba2 100644 } hash_test_key_t; /* non-hmac tests */ -@@ -956,8 +956,11 @@ isc_hmacsha1_test(void **state) { +@@ -955,8 +955,11 @@ isc_hmacsha1_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -122,7 +122,7 @@ index 9c4d299..d9deba2 100644 isc_hmacsha1_update(&hmacsha1, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1116,8 +1119,11 @@ isc_hmacsha224_test(void **state) { +@@ -1115,8 +1118,11 @@ isc_hmacsha224_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -135,7 +135,7 @@ index 9c4d299..d9deba2 100644 isc_hmacsha224_update(&hmacsha224, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1277,8 +1283,11 @@ isc_hmacsha256_test(void **state) { +@@ -1276,8 +1282,11 @@ isc_hmacsha256_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -148,7 +148,7 @@ index 9c4d299..d9deba2 100644 isc_hmacsha256_update(&hmacsha256, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1444,8 +1453,11 @@ isc_hmacsha384_test(void **state) { +@@ -1443,8 +1452,11 @@ isc_hmacsha384_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -161,7 +161,7 @@ index 9c4d299..d9deba2 100644 isc_hmacsha384_update(&hmacsha384, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1611,8 +1623,11 @@ isc_hmacsha512_test(void **state) { +@@ -1610,8 +1622,11 @@ isc_hmacsha512_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -174,7 +174,7 @@ index 9c4d299..d9deba2 100644 isc_hmacsha512_update(&hmacsha512, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1755,8 +1770,11 @@ isc_hmacmd5_test(void **state) { +@@ -1754,8 +1769,11 @@ isc_hmacmd5_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -188,5 +188,5 @@ index 9c4d299..d9deba2 100644 (const uint8_t *) testcase->input, testcase->input_len); -- -2.20.1 +2.21.1 diff --git a/SOURCES/bind-9.11-rh1624100.patch b/SOURCES/bind-9.11-rh1624100.patch index 5764ed7..0775820 100644 --- a/SOURCES/bind-9.11-rh1624100.patch +++ b/SOURCES/bind-9.11-rh1624100.patch @@ -1,4 +1,4 @@ -From 76594cba9a1e910bb36160d96fc3872349341799 Mon Sep 17 00:00:00 2001 +From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 25 Apr 2018 14:04:31 +0200 Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts @@ -24,10 +24,10 @@ Fix the isc_safe_memwipe() usage with (NULL, >0) delete mode 100644 lib/isc/safe.c diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c -index 6ddaebe..d921870 100644 +index 6dded0c..a9c5557 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c -@@ -787,7 +787,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name, +@@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name, static int hashlist_comp(const void *a, const void *b) { @@ -81,7 +81,7 @@ index ad77f24..670982a 100644 /* accept_sec_context.c */ diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in -index 0fd0837..8ad54bb 100644 +index 149552a..8529a86 100644 --- a/lib/isc/Makefile.in +++ b/lib/isc/Makefile.in @@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \ @@ -91,7 +91,7 @@ index 0fd0837..8ad54bb 100644 - safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ + serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \ - tm.@O@ timer.@O@ version.@O@ \ + tm.@O@ timer.@O@ utf8.@O@ version.@O@ \ ${UNIXOBJS} ${NLSOBJS} ${THREADOBJS} @@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \ netaddr.c netscope.c pool.c ondestroy.c \ @@ -100,7 +100,7 @@ index 0fd0837..8ad54bb 100644 - safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \ + serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \ strtoul.c symtab.c task.c taskpool.c timer.c \ - tm.c version.c + tm.c utf8.c version.c @@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@ @@ -284,5 +284,5 @@ index 266ac75..60e9181 100644 return (cmocka_run_group_tests(tests, NULL, NULL)); -- -2.20.1 +2.26.2 diff --git a/SOURCES/bind-9.11-rt31459.patch b/SOURCES/bind-9.11-rt31459.patch index ea25abe..266f78c 100644 --- a/SOURCES/bind-9.11-rt31459.patch +++ b/SOURCES/bind-9.11-rt31459.patch @@ -1,4 +1,4 @@ -From 7e61714a5d1509ec79af42391e41eb1afc53063a Mon Sep 17 00:00:00 2001 +From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 12 Sep 2017 19:05:46 -0700 Subject: [PATCH] rebased rt31459c @@ -71,10 +71,10 @@ index 5015abb..295e16f 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c -index 2c0c308..3e585af 100644 +index d9d6bb9..de4b15f 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c -@@ -494,14 +494,14 @@ main(int argc, char **argv) { +@@ -498,14 +498,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -92,7 +92,7 @@ index 2c0c308..3e585af 100644 isc_entropy_stopcallbacksources(ectx); setup_logging(mctx, &log); -@@ -571,8 +571,8 @@ main(int argc, char **argv) { +@@ -574,8 +574,8 @@ main(int argc, char **argv) { if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); cleanup_logging(&log); @@ -103,10 +103,10 @@ index 2c0c308..3e585af 100644 dns_name_destroy(); if (verbose > 10) diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c -index 0d1e7f8..79c4d74 100644 +index d65a514..04b3094 100644 --- a/bin/dnssec/dnssec-importkey.c +++ b/bin/dnssec/dnssec-importkey.c -@@ -407,14 +407,14 @@ main(int argc, char **argv) { +@@ -404,14 +404,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -124,7 +124,7 @@ index 0d1e7f8..79c4d74 100644 isc_entropy_stopcallbacksources(ectx); setup_logging(mctx, &log); -@@ -458,8 +458,8 @@ main(int argc, char **argv) { +@@ -455,8 +455,8 @@ main(int argc, char **argv) { if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); cleanup_logging(&log); @@ -167,10 +167,10 @@ index 7d82dbf..10f9359 100644 if (verbose > 10) isc_mem_stats(mctx, stdout); diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c -index f355903..6a2ca59 100644 +index 7afcaee..1cfa511 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c -@@ -382,14 +382,14 @@ main(int argc, char **argv) { +@@ -380,14 +380,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -188,7 +188,7 @@ index f355903..6a2ca59 100644 isc_entropy_stopcallbacksources(ectx); if (predecessor != NULL) { -@@ -674,8 +674,8 @@ main(int argc, char **argv) { +@@ -672,8 +672,8 @@ main(int argc, char **argv) { if (prevkey != NULL) dst_key_free(&prevkey); dst_key_free(&key); @@ -199,7 +199,7 @@ index f355903..6a2ca59 100644 if (verbose > 10) isc_mem_stats(mctx, stdout); diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c -index c6a0313..6ddaebe 100644 +index 319a805..27ae4d4 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) { @@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644 rdclass = strtoclass(classname); diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c -index fbc7ece..31a99e7 100644 +index 618ec5b..5654435 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -34,6 +34,7 @@ @@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644 usekeyboard); diff --git a/bin/named/server.c b/bin/named/server.c -index 7d85d3b..c782073 100644 +index 4e503e5..f27071f 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -36,6 +36,7 @@ @@ -304,7 +304,7 @@ index 7d85d3b..c782073 100644 #include #include #include -@@ -8211,6 +8212,10 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8217,6 +8218,10 @@ load_configuration(const char *filename, ns_server_t *server, "no source of entropy found"); } else { const char *randomdev = cfg_obj_asstring(obj); @@ -315,7 +315,7 @@ index 7d85d3b..c782073 100644 int level = ISC_LOG_ERROR; result = isc_entropy_createfilesource(ns_g_entropy, randomdev); -@@ -8245,6 +8250,7 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8251,6 +8256,7 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644 parse_args(false, argc, argv); if (server == NULL) diff --git a/configure b/configure -index ed002e0..a578874 100755 +index 6d05371..33689c9 100755 --- a/configure +++ b/configure @@ -640,6 +640,7 @@ ac_includes_default="\ @@ -699,7 +699,7 @@ index ed002e0..a578874 100755 BUILD_LIBS BUILD_LDFLAGS BUILD_CPPFLAGS -@@ -821,6 +822,7 @@ XMLSTATS +@@ -823,6 +824,7 @@ LIBXML2_CFLAGS NZDTARGETS NZDSRCS NZD_TOOLS @@ -707,7 +707,7 @@ index ed002e0..a578874 100755 PKCS11_TEST PKCS11_ED25519 PKCS11_GOST -@@ -1045,6 +1047,7 @@ with_eddsa +@@ -1047,6 +1049,7 @@ with_eddsa with_aes enable_openssl_hash with_cc_alg @@ -715,7 +715,7 @@ index ed002e0..a578874 100755 with_lmdb with_libxml2 with_libjson -@@ -1744,6 +1747,7 @@ Optional Features: +@@ -1749,6 +1752,7 @@ Optional Features: --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=no] @@ -723,7 +723,7 @@ index ed002e0..a578874 100755 --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace -@@ -17115,6 +17119,7 @@ case "$use_openssl" in +@@ -17144,6 +17148,7 @@ case "$use_openssl" in $as_echo "disabled because of native PKCS11" >&6; } DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -731,7 +731,7 @@ index ed002e0..a578874 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17129,6 +17134,7 @@ $as_echo "disabled because of native PKCS11" >&6; } +@@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; } $as_echo "no" >&6; } DST_OPENSSL_INC="" CRYPTO="" @@ -739,7 +739,7 @@ index ed002e0..a578874 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17141,6 +17147,7 @@ $as_echo "no" >&6; } +@@ -17170,6 +17176,7 @@ $as_echo "no" >&6; } auto) DST_OPENSSL_INC="" CRYPTO="" @@ -747,7 +747,7 @@ index ed002e0..a578874 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17150,7 +17157,7 @@ $as_echo "no" >&6; } +@@ -17179,7 +17186,7 @@ $as_echo "no" >&6; } OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -756,7 +756,7 @@ index ed002e0..a578874 100755 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -17181,6 +17188,7 @@ $as_echo "not found" >&6; } +@@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; } as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi CRYPTO='-DOPENSSL' @@ -764,7 +764,7 @@ index ed002e0..a578874 100755 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -17806,8 +17814,6 @@ fi +@@ -17835,8 +17843,6 @@ fi # Use OpenSSL for hash functions # @@ -773,7 +773,7 @@ index ed002e0..a578874 100755 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -18182,6 +18188,86 @@ if test "rt" = "$have_clock_gt"; then +@@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -860,7 +860,7 @@ index ed002e0..a578874 100755 # # was --with-lmdb specified? # -@@ -20264,9 +20350,12 @@ _ACEOF +@@ -20441,9 +20527,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 $as_echo "size_t for buflen; int for flags" >&6; } @@ -875,7 +875,7 @@ index ed002e0..a578874 100755 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h -@@ -21581,12 +21670,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -889,7 +889,7 @@ index ed002e0..a578874 100755 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -@@ -21619,6 +21703,11 @@ cat >>confdefs.h <<_ACEOF +@@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF @@ -901,7 +901,7 @@ index ed002e0..a578874 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21627,39 +21716,6 @@ _ACEOF +@@ -21804,39 +21893,6 @@ _ACEOF fi ;; x86_64-*|amd64-*) @@ -941,7 +941,7 @@ index ed002e0..a578874 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21690,6 +21746,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } +@@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } $as_echo "$arch" >&6; } fi @@ -952,7 +952,7 @@ index ed002e0..a578874 100755 if test "yes" = "$have_atomic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 $as_echo_n "checking compiler support for inline assembly code... " >&6; } -@@ -24244,6 +24304,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" +@@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" # dlzdir='${DLZ_DRIVER_DIR}' @@ -983,7 +983,7 @@ index ed002e0..a578874 100755 # # Private autoconf macro to simplify configuring drivers: # -@@ -24574,11 +24658,11 @@ $as_echo "no" >&6; } +@@ -24751,11 +24835,11 @@ $as_echo "no" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } ;; *) @@ -998,7 +998,7 @@ index ed002e0..a578874 100755 fi CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" -@@ -24663,7 +24747,7 @@ $as_echo "" >&6; } +@@ -24840,7 +24924,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). @@ -1007,7 +1007,7 @@ index ed002e0..a578874 100755 # include a blank element first for d in "" $bdb_incdirs do -@@ -24688,57 +24772,9 @@ $as_echo "" >&6; } +@@ -24865,57 +24949,9 @@ $as_echo "" >&6; } bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" for d in $bdb_libnames do @@ -1067,7 +1067,7 @@ index ed002e0..a578874 100755 break fi done -@@ -24897,10 +24933,10 @@ $as_echo "no" >&6; } +@@ -25074,10 +25110,10 @@ $as_echo "no" >&6; } DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" fi @@ -1081,7 +1081,7 @@ index ed002e0..a578874 100755 fi -@@ -24986,11 +25022,11 @@ fi +@@ -25163,11 +25199,11 @@ fi odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do @@ -1095,7 +1095,7 @@ index ed002e0..a578874 100755 break fi done -@@ -25265,6 +25301,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" +@@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -1104,7 +1104,7 @@ index ed002e0..a578874 100755 # # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody -@@ -27644,6 +27682,8 @@ report() { +@@ -27819,6 +27857,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1113,7 +1113,7 @@ index ed002e0..a578874 100755 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -27684,6 +27724,8 @@ report() { +@@ -27859,6 +27899,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1122,7 +1122,7 @@ index ed002e0..a578874 100755 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -27731,6 +27773,8 @@ report() { +@@ -27906,6 +27948,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1132,10 +1132,10 @@ index ed002e0..a578874 100755 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/configure.ac b/configure.ac -index 45a8126..bb1345b 100644 +index d10cde5..68bead8 100644 --- a/configure.ac +++ b/configure.ac -@@ -1537,6 +1537,7 @@ case "$use_openssl" in +@@ -1550,6 +1550,7 @@ case "$use_openssl" in AC_MSG_RESULT(disabled because of native PKCS11) DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -1143,7 +1143,7 @@ index 45a8126..bb1345b 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1550,6 +1551,7 @@ case "$use_openssl" in +@@ -1563,6 +1564,7 @@ case "$use_openssl" in AC_MSG_RESULT(no) DST_OPENSSL_INC="" CRYPTO="" @@ -1151,7 +1151,7 @@ index 45a8126..bb1345b 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1562,6 +1564,7 @@ case "$use_openssl" in +@@ -1575,6 +1577,7 @@ case "$use_openssl" in auto) DST_OPENSSL_INC="" CRYPTO="" @@ -1159,7 +1159,7 @@ index 45a8126..bb1345b 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1572,7 +1575,7 @@ case "$use_openssl" in +@@ -1585,7 +1588,7 @@ case "$use_openssl" in OPENSSLLINKSRCS="" AC_MSG_ERROR( [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -1168,7 +1168,7 @@ index 45a8126..bb1345b 100644 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -1602,6 +1605,7 @@ If you don't want OpenSSL, use --without-openssl]) +@@ -1615,6 +1618,7 @@ If you don't want OpenSSL, use --without-openssl]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) fi CRYPTO='-DOPENSSL' @@ -1176,7 +1176,7 @@ index 45a8126..bb1345b 100644 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -2037,7 +2041,6 @@ fi +@@ -2050,7 +2054,6 @@ fi # Use OpenSSL for hash functions # @@ -1184,7 +1184,7 @@ index 45a8126..bb1345b 100644 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -2309,6 +2312,67 @@ if test "rt" = "$have_clock_gt"; then +@@ -2322,6 +2325,67 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -1252,7 +1252,7 @@ index 45a8126..bb1345b 100644 # # was --with-lmdb specified? # -@@ -4105,12 +4169,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -1266,7 +1266,7 @@ index 45a8126..bb1345b 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -4119,7 +4183,6 @@ if test "yes" = "$use_atomic"; then +@@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then fi ;; x86_64-*|amd64-*) @@ -1274,7 +1274,7 @@ index 45a8126..bb1345b 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -5527,6 +5590,8 @@ report() { +@@ -5518,6 +5581,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1283,7 +1283,7 @@ index 45a8126..bb1345b 100644 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -5567,6 +5632,8 @@ report() { +@@ -5558,6 +5623,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1292,7 +1292,7 @@ index 45a8126..bb1345b 100644 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -5614,6 +5681,8 @@ report() { +@@ -5605,6 +5672,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1302,7 +1302,7 @@ index 45a8126..bb1345b 100644 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c -index ec6e00e..1614afa 100644 +index 65bf25d..1eccbe7 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx, @@ -1440,7 +1440,7 @@ index 304814b..60543c4 100644 isc_hash_destroy(); cleanup_db: diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c -index d65ce26..6849732 100644 +index 13e838f..ffe0a69 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -31,6 +31,7 @@ @@ -1476,7 +1476,7 @@ index d65ce26..6849732 100644 #endif +#endif /* !ISC_PLATFORM_CRYPTORANDOM */ - #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) static void @@ -192,7 +195,7 @@ _set_thread_id(CRYPTO_THREADID *id) isc_result_t @@ -1845,10 +1845,10 @@ index 0000000..bd3d164 + +#endif diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in -index 5c45d59..34b660c 100644 +index 63be973..40b21fa 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in -@@ -1484,6 +1484,13 @@ dst_lib_destroy +@@ -1485,6 +1485,13 @@ dst_lib_destroy dst_lib_init dst_lib_init2 dst_lib_initmsgcat @@ -1863,7 +1863,7 @@ index 5c45d59..34b660c 100644 dst_region_computerid dst_result_register diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c -index ab2f617..ed05ed6 100644 +index 907e470..451544d 100644 --- a/lib/isc/entropy.c +++ b/lib/isc/entropy.c @@ -104,11 +104,15 @@ struct isc_entropy { @@ -1921,10 +1921,10 @@ index ab2f617..ed05ed6 100644 + hook = myhook; +} diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h -index 4bba8e1..632166a 100644 +index e8733db..c40a18c 100644 --- a/lib/isc/include/isc/entropy.h +++ b/lib/isc/include/isc/entropy.h -@@ -304,6 +304,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, +@@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, * isc_entropy_createcallbacksource(). */ @@ -1944,10 +1944,10 @@ index 4bba8e1..632166a 100644 #endif /* ISC_ENTROPY_H */ diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in -index 9c7c342..ee8dc3e 100644 +index 61960f1..d22993d 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in -@@ -341,6 +341,11 @@ +@@ -359,6 +359,11 @@ */ @ISC_PLATFORM_HAVESTRINGSH@ @@ -1960,10 +1960,10 @@ index 9c7c342..ee8dc3e 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h -index 42ff7e0..8d87c44 100644 +index da9d66f..4205400 100644 --- a/lib/isc/include/isc/types.h +++ b/lib/isc/include/isc/types.h -@@ -93,6 +93,8 @@ typedef struct isc_time isc_time_t; /*%< Time */ +@@ -97,6 +97,8 @@ typedef struct isc_time isc_time_t; /*%< Time */ typedef struct isc_timer isc_timer_t; /*%< Timer */ typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */ @@ -1973,7 +1973,7 @@ index 42ff7e0..8d87c44 100644 typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int); diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c -index 8e6ed93..ceb5a2c 100644 +index 68aebdc..4b85527 100644 --- a/lib/isc/pk11.c +++ b/lib/isc/pk11.c @@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) { @@ -1999,10 +1999,10 @@ index 8e6ed93..ceb5a2c 100644 cleanup: if (stream != NULL) diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in -index 5b8a2c9..913a2ce 100644 +index 8ade705..fa72f9d 100644 --- a/lib/isc/win32/include/isc/platform.h.in +++ b/lib/isc/win32/include/isc/platform.h.in -@@ -69,6 +69,11 @@ +@@ -73,6 +73,11 @@ #define ISC_PLATFORM_NORETURN_PRE __declspec(noreturn) #define ISC_PLATFORM_NORETURN_POST @@ -2015,7 +2015,7 @@ index 5b8a2c9..913a2ce 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure -index ccaf067..240fb80 100644 +index 79d682e..6c78cb2 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA", @@ -2036,15 +2036,15 @@ index ccaf067..240fb80 100644 "fixed-rrset", "intrinsics", "isc-spnego", -@@ -581,6 +583,7 @@ my @help = ( +@@ -580,6 +582,7 @@ my @help = ( "\nOptional Features:\n", - " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", + " enable-intrinsics enable intrinsic/atomic functions [default=yes]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", +" enable-crypto-rand use crypto provider for random [default=yes]\n", " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", -@@ -630,7 +633,9 @@ my $want_clean = "no"; +@@ -628,7 +631,9 @@ my $want_clean = "no"; my $want_unknown = "no"; my $unknown_value; my $enable_intrinsics = "yes"; @@ -2054,7 +2054,7 @@ index ccaf067..240fb80 100644 my $enable_openssl_hash = "auto"; my $enable_filter_aaaa = "yes"; my $enable_isc_spnego = "yes"; -@@ -850,6 +855,10 @@ sub myenable { +@@ -847,6 +852,10 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_native_pkcs11 = "yes"; } @@ -2065,7 +2065,7 @@ index ccaf067..240fb80 100644 } elsif ($key =~ /^openssl-hash$/i) { if ($val =~ /^yes$/i) { $enable_openssl_hash = "yes"; -@@ -1158,6 +1167,11 @@ if ($verbose) { +@@ -1153,6 +1162,11 @@ if ($verbose) { } else { print "native-pkcs11: disabled\n"; } @@ -2077,7 +2077,7 @@ index ccaf067..240fb80 100644 if ($enable_openssl_hash eq "yes") { print "openssl-hash: enabled\n"; } else { -@@ -1516,6 +1530,7 @@ if ($enable_intrinsics eq "yes") { +@@ -1510,6 +1524,7 @@ if ($enable_intrinsics eq "yes") { # enable-native-pkcs11 if ($enable_native_pkcs11 eq "yes") { @@ -2085,7 +2085,7 @@ index ccaf067..240fb80 100644 if ($use_openssl eq "auto") { $use_openssl = "no"; } -@@ -1725,6 +1740,7 @@ if ($use_openssl eq "yes") { +@@ -1719,6 +1734,7 @@ if ($use_openssl eq "yes") { $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); } @@ -2093,7 +2093,7 @@ index ccaf067..240fb80 100644 $configcond{"OPENSSL"} = 1; $configdefd{"CRYPTO"} = "OPENSSL"; $configvar{"OPENSSL_PATH"} = "$openssl_path"; -@@ -2296,6 +2312,15 @@ if ($use_aes eq "yes") { +@@ -2290,6 +2306,15 @@ if ($use_aes eq "yes") { } @@ -2109,7 +2109,7 @@ index ccaf067..240fb80 100644 # enable-openssl-hash if ($enable_openssl_hash eq "yes") { if ($use_openssl eq "no") { -@@ -3671,6 +3696,7 @@ exit 0; +@@ -3665,6 +3690,7 @@ exit 0; # --enable-developer partially supported # --enable-newstats (9.9/9.9sub only) # --enable-native-pkcs11 supported @@ -2118,5 +2118,5 @@ index ccaf067..240fb80 100644 # --enable-openssl-hash supported # --enable-threads included without a way to disable it -- -2.20.1 +2.21.1 diff --git a/SOURCES/bind-9.11-rt46047.patch b/SOURCES/bind-9.11-rt46047.patch index 8f413f6..ee9bae8 100644 --- a/SOURCES/bind-9.11-rt46047.patch +++ b/SOURCES/bind-9.11-rt46047.patch @@ -1,4 +1,4 @@ -From 5a465424f5249ceaf0547ab90361a16eb08f7a2b Mon Sep 17 00:00:00 2001 +From 344c19ad4b3f058e65a4b41650bb0ee20692cc5c Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 28 Sep 2017 10:09:22 -0700 Subject: [PATCH] completed and corrected the crypto-random change @@ -39,15 +39,15 @@ Subject: [PATCH] completed and corrected the crypto-random change bin/tests/system/tkey/keycreate.c | 4 +- bin/tests/system/tkey/keydelete.c | 5 +-- doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++------- - doc/arm/notes-rh-changes.xml | 43 ++++++++++++++++++ + doc/arm/notes-rh-changes.xml | 42 ++++++++++++++++++ doc/arm/notes.xml | 1 + lib/dns/dst_api.c | 4 +- lib/dns/include/dst/dst.h | 14 +++++- lib/dns/openssl_link.c | 3 +- - lib/isc/include/isc/entropy.h | 50 +++++++++++++++------ + lib/isc/include/isc/entropy.h | 48 +++++++++++++++------ lib/isc/include/isc/random.h | 28 +++++++----- lib/isccfg/namedconf.c | 2 +- - 23 files changed, 241 insertions(+), 106 deletions(-) + 23 files changed, 240 insertions(+), 104 deletions(-) create mode 100644 doc/arm/notes-rh-changes.xml diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c @@ -78,10 +78,10 @@ index 295e16f..0f79aa8 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook -index 0ae6b41..4562430 100644 +index 1826919..96543fc 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook -@@ -348,15 +348,23 @@ +@@ -349,15 +349,23 @@ -r randomdev @@ -114,7 +114,7 @@ index 0ae6b41..4562430 100644 diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c -index 31a99e7..38c83ed 100644 +index 5654435..24c0d5a 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { @@ -142,10 +142,10 @@ index 31a99e7..38c83ed 100644 usekeyboard); diff --git a/bin/named/client.c b/bin/named/client.c -index 50fa2cd..524d9a3 100644 +index 9a0d3c8..c573177 100644 --- a/bin/named/client.c +++ b/bin/named/client.c -@@ -1762,7 +1762,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, +@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, isc_buffer_init(&buf, cookie, sizeof(cookie)); isc_stdtime_get(&now); @@ -223,7 +223,7 @@ index d955c2f..40621f2 100644 } else eresult = ns_control_docommand(request, listener->readonly, &text); diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h -index 7ee8f66..8982d26 100644 +index 3f96b7b..c92922e 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -20,6 +20,7 @@ @@ -255,7 +255,7 @@ index 9dea7c1..272d300 100644 #include #include diff --git a/bin/named/query.c b/bin/named/query.c -index c9e5469..0940714 100644 +index 203f1e6..25eeced 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -19,6 +19,7 @@ @@ -267,10 +267,10 @@ index c9e5469..0940714 100644 #include #include diff --git a/bin/named/server.c b/bin/named/server.c -index 36fc047..3c1eec0 100644 +index f27071f..f132c19 100644 --- a/bin/named/server.c +++ b/bin/named/server.c -@@ -8208,21 +8208,32 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8210,21 +8210,32 @@ load_configuration(const char *filename, ns_server_t *server, * Open the source of entropy. */ if (first_time) { @@ -312,7 +312,7 @@ index 36fc047..3c1eec0 100644 #ifdef PATH_RANDOMDEV if (ns_g_fallbackentropy != NULL) { level = ISC_LOG_INFO; -@@ -8233,8 +8244,8 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8235,8 +8246,8 @@ load_configuration(const char *filename, ns_server_t *server, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, level, @@ -323,7 +323,7 @@ index 36fc047..3c1eec0 100644 randomdev, isc_result_totext(result)); } -@@ -8254,7 +8265,6 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8256,7 +8267,6 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -331,7 +331,7 @@ index 36fc047..3c1eec0 100644 #endif } -@@ -9022,6 +9032,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { +@@ -9025,6 +9035,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->in_roothints = NULL; server->blackholeacl = NULL; server->keepresporder = NULL; @@ -339,7 +339,7 @@ index 36fc047..3c1eec0 100644 /* Must be first. */ CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy, -@@ -9048,6 +9059,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { +@@ -9051,6 +9062,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy, &server->tkeyctx), "creating TKEY context"); @@ -349,7 +349,7 @@ index 36fc047..3c1eec0 100644 /* * Setup the server task, which is responsible for coordinating -@@ -9254,7 +9268,8 @@ ns_server_destroy(ns_server_t **serverp) { +@@ -9257,7 +9271,8 @@ ns_server_destroy(ns_server_t **serverp) { if (server->zonemgr != NULL) dns_zonemgr_detach(&server->zonemgr); @@ -359,7 +359,7 @@ index 36fc047..3c1eec0 100644 if (server->tkeyctx != NULL) dns_tkeyctx_destroy(&server->tkeyctx); -@@ -13230,10 +13245,10 @@ newzone_cfgctx_destroy(void **cfgp) { +@@ -13263,10 +13278,10 @@ newzone_cfgctx_destroy(void **cfgp) { static isc_result_t generate_salt(unsigned char *salt, size_t saltlen) { @@ -372,7 +372,7 @@ index 36fc047..3c1eec0 100644 } rnd; unsigned char text[512 + 1]; isc_region_t r; -@@ -13243,9 +13258,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { +@@ -13276,9 +13291,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { if (saltlen > 256U) return (ISC_R_RANGE); @@ -455,10 +455,10 @@ index 2146f9b..64b8e74 100644 } #endif diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index 33e06e6..539973c 100644 +index 93c7a08..bb1e81d 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml -@@ -5076,22 +5076,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] +@@ -5081,22 +5081,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] random-device @@ -522,11 +522,10 @@ index 33e06e6..539973c 100644 diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml new file mode 100644 -index 0000000..11c3a7c +index 0000000..89a4961 --- /dev/null +++ b/doc/arm/notes-rh-changes.xml -@@ -0,0 +1,43 @@ -+ +@@ -0,0 +1,42 @@ +