1
0
forked from rpms/bind

import bind-9.11.20-3.el8

This commit is contained in:
CentOS Sources 2020-07-28 03:51:19 -04:00 committed by Stepan Oksanichenko
parent fe12c7fcd0
commit d620463052
14 changed files with 507 additions and 489 deletions

View File

@ -1,2 +1,2 @@
550367762a653ac5ed0eb04b316d06517650a925 SOURCES/bind-9.11.13.tar.gz ff6ad0d3f9282a77786e93eb889154008ef1ccdf SOURCES/bind-9.11.20.tar.gz
a164fcad1d64d6b5fab5034928cb7260f1fa8fdd SOURCES/random.data a164fcad1d64d6b5fab5034928cb7260f1fa8fdd SOURCES/random.data

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/bind-9.11.13.tar.gz SOURCES/bind-9.11.20.tar.gz
SOURCES/random.data SOURCES/random.data

View File

@ -79,10 +79,10 @@ index 03a72d5..4c1cb6d 100644
@DLZ_DRIVER_RULES@ @DLZ_DRIVER_RULES@
diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c
index 108b8d6..a943421 100644 index c9fc3cc..148ebb3 100644
--- a/bin/named-sdb/main.c --- a/bin/named-sdb/main.c
+++ b/bin/named-sdb/main.c +++ b/bin/named-sdb/main.c
@@ -93,6 +93,10 @@ @@ -97,6 +97,10 @@
* Include header files for database drivers here. * Include header files for database drivers here.
*/ */
/* #include "xxdb.h" */ /* #include "xxdb.h" */
@ -93,7 +93,7 @@ index 108b8d6..a943421 100644
#ifdef CONTRIB_DLZ #ifdef CONTRIB_DLZ
/* /*
@@ -1069,6 +1073,11 @@ setup(void) { @@ -1134,6 +1138,11 @@ setup(void) {
ns_main_earlyfatal("isc_app_start() failed: %s", ns_main_earlyfatal("isc_app_start() failed: %s",
isc_result_totext(result)); isc_result_totext(result));
@ -105,7 +105,7 @@ index 108b8d6..a943421 100644
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "starting %s %s%s%s <id:%s>", ISC_LOG_NOTICE, "starting %s %s%s%s <id:%s>",
ns_g_product, ns_g_version, ns_g_product, ns_g_version,
@@ -1269,6 +1278,75 @@ setup(void) { @@ -1334,6 +1343,75 @@ setup(void) {
isc_result_totext(result)); isc_result_totext(result));
#endif #endif
@ -181,7 +181,7 @@ index 108b8d6..a943421 100644
ns_server_create(ns_g_mctx, &ns_g_server); ns_server_create(ns_g_mctx, &ns_g_server);
#ifdef HAVE_LIBSECCOMP #ifdef HAVE_LIBSECCOMP
@@ -1311,6 +1389,11 @@ cleanup(void) { @@ -1376,6 +1454,11 @@ cleanup(void) {
dns_name_destroy(); dns_name_destroy();
@ -288,10 +288,10 @@ index c7e0868..95ab742 100644
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index eff9f05..d05ad1f 100644 index f85f45f..7d28c52 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -5429,6 +5429,8 @@ AC_CONFIG_FILES([ @@ -5400,6 +5400,8 @@ AC_CONFIG_FILES([
bin/named/unix/Makefile bin/named/unix/Makefile
bin/named-pkcs11/Makefile bin/named-pkcs11/Makefile
bin/named-pkcs11/unix/Makefile bin/named-pkcs11/unix/Makefile
@ -300,9 +300,9 @@ index eff9f05..d05ad1f 100644
bin/nsupdate/Makefile bin/nsupdate/Makefile
bin/pkcs11/Makefile bin/pkcs11/Makefile
bin/python/Makefile bin/python/Makefile
@@ -5453,6 +5455,7 @@ AC_CONFIG_FILES([ @@ -5424,6 +5426,7 @@ AC_CONFIG_FILES([
bin/python/isc/tests/dnskey_test.py
bin/python/isc/tests/policy_test.py bin/python/isc/tests/policy_test.py
bin/python/isc/utils.py
bin/rndc/Makefile bin/rndc/Makefile
+ bin/sdb_tools/Makefile + bin/sdb_tools/Makefile
bin/tests/Makefile bin/tests/Makefile

View File

@ -1,35 +0,0 @@
diff --git a/export-libs/Makefile b/export-libs/Makefile
index df15ea8..13f416b 100644
--- a/export-libs/Makefile
+++ b/export-libs/Makefile
@@ -404,20 +404,18 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
install:: isc-config.sh installdirs
- ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
- rm -f ${DESTDIR}${bindir}/bind9-config
- ln ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config
- ${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
- rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
- ln ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1
- ${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
+ ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}/isc-export-config.sh
+ rm -f ${DESTDIR}${bindir}/bind9-export-config
+ ln ${DESTDIR}${bindir}/isc-export-config.sh ${DESTDIR}${bindir}/bind9-export-config
+ ${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1/isc-export-config.sh.1
+ rm -f ${DESTDIR}${mandir}/man1/bind9-export-config.1
+ ln ${DESTDIR}${mandir}/man1/isc-export-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-export-config.1
uninstall::
- rm -f ${DESTDIR}${sysconfdir}/bind.keys
- rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
- rm -f ${DESTDIR}${mandir}/man1/isc-config.sh.1
- rm -f ${DESTDIR}${bindir}/bind9-config
- rm -f ${DESTDIR}${bindir}/isc-config.sh
+ rm -f ${DESTDIR}${mandir}/man1/bind9-export-config.1
+ rm -f ${DESTDIR}${mandir}/man1/isc-export-config.sh.1
+ rm -f ${DESTDIR}${bindir}/bind9-export-config
+ rm -f ${DESTDIR}${bindir}/isc-export-config.sh
tags:
rm -f TAGS

View File

@ -1,4 +1,4 @@
From eb38d2278937ec3fe45d0af30cd080953bbb5b54 Mon Sep 17 00:00:00 2001 From a9b5785f174cf7fd74891fa64f6b69b9a9b55466 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 2 Jan 2018 18:13:07 +0100 Date: Tue, 2 Jan 2018 18:13:07 +0100
Subject: [PATCH] Fix pkcs11 variants atf tests Subject: [PATCH] Fix pkcs11 variants atf tests
@ -16,10 +16,10 @@ Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
6 files changed, 38 insertions(+), 16 deletions(-) 6 files changed, 38 insertions(+), 16 deletions(-)
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 0532feb..a83ddd5 100644 index 62ecf56..0940a7d 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -5578,6 +5578,7 @@ AC_CONFIG_FILES([ @@ -5476,6 +5476,7 @@ AC_CONFIG_FILES([
lib/dns-pkcs11/include/Makefile lib/dns-pkcs11/include/Makefile
lib/dns-pkcs11/include/dns/Makefile lib/dns-pkcs11/include/dns/Makefile
lib/dns-pkcs11/include/dst/Makefile lib/dns-pkcs11/include/dst/Makefile
@ -43,13 +43,13 @@ index 7c8bab0..eec9564 100644
include('isccfg/Kyuafile') include('isccfg/Kyuafile')
include('lwres/Kyuafile') include('lwres/Kyuafile')
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
index 7671e1d..e237d5c 100644 index 22a06a8..5df5b15 100644
--- a/lib/dns-pkcs11/tests/Makefile.in --- a/lib/dns-pkcs11/tests/Makefile.in
+++ b/lib/dns-pkcs11/tests/Makefile.in +++ b/lib/dns-pkcs11/tests/Makefile.in
@@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@ @@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@
CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \ CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
@DST_OPENSSL_INC@ @DST_OPENSSL_INC@ ${MAXMINDDB_CFLAGS}
-CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\"" -CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\""
+CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\"" +CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
@ -65,10 +65,10 @@ index 7671e1d..e237d5c 100644
LIBS = @LIBS@ @CMOCKA_LIBS@ LIBS = @LIBS@ @CMOCKA_LIBS@
CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@ CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@
diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c
index 4dbfd82..a383b8e 100644 index a5bf46c..9ff2b76 100644
--- a/lib/dns-pkcs11/tests/dh_test.c --- a/lib/dns-pkcs11/tests/dh_test.c
+++ b/lib/dns-pkcs11/tests/dh_test.c +++ b/lib/dns-pkcs11/tests/dh_test.c
@@ -86,7 +86,8 @@ dh_computesecret(void **state) { @@ -88,7 +88,8 @@ dh_computesecret(void **state) {
result = dst_key_computesecret(key, key, &buf); result = dst_key_computesecret(key, key, &buf);
assert_int_equal(result, DST_R_NOTPRIVATEKEY); assert_int_equal(result, DST_R_NOTPRIVATEKEY);
result = key->func->computesecret(key, key, &buf); result = key->func->computesecret(key, key, &buf);
@ -79,7 +79,7 @@ index 4dbfd82..a383b8e 100644
dst_key_free(&key); dst_key_free(&key);
} }
diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in
index 2fdee0b..a263b35 100644 index 36d2207..00dfbc9 100644
--- a/lib/isc-pkcs11/tests/Makefile.in --- a/lib/isc-pkcs11/tests/Makefile.in
+++ b/lib/isc-pkcs11/tests/Makefile.in +++ b/lib/isc-pkcs11/tests/Makefile.in
@@ -16,10 +16,10 @@ VERSION=@BIND9_VERSION@ @@ -16,10 +16,10 @@ VERSION=@BIND9_VERSION@
@ -97,10 +97,10 @@ index 2fdee0b..a263b35 100644
LIBS = @LIBS@ @CMOCKA_LIBS@ LIBS = @LIBS@ @CMOCKA_LIBS@
CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@ CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@
diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c
index 9c4d299..d9deba2 100644 index 4fafc38..5eb2be2 100644
--- a/lib/isc-pkcs11/tests/hash_test.c --- a/lib/isc-pkcs11/tests/hash_test.c
+++ b/lib/isc-pkcs11/tests/hash_test.c +++ b/lib/isc-pkcs11/tests/hash_test.c
@@ -85,7 +85,7 @@ typedef struct hash_testcase { @@ -84,7 +84,7 @@ typedef struct hash_testcase {
typedef struct hash_test_key { typedef struct hash_test_key {
const char *key; const char *key;
@ -109,7 +109,7 @@ index 9c4d299..d9deba2 100644
} hash_test_key_t; } hash_test_key_t;
/* non-hmac tests */ /* non-hmac tests */
@@ -956,8 +956,11 @@ isc_hmacsha1_test(void **state) { @@ -955,8 +955,11 @@ isc_hmacsha1_test(void **state) {
hash_test_key_t *test_key = test_keys; hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) { while (testcase->input != NULL && testcase->result != NULL) {
@ -122,7 +122,7 @@ index 9c4d299..d9deba2 100644
isc_hmacsha1_update(&hmacsha1, isc_hmacsha1_update(&hmacsha1,
(const uint8_t *) testcase->input, (const uint8_t *) testcase->input,
testcase->input_len); testcase->input_len);
@@ -1116,8 +1119,11 @@ isc_hmacsha224_test(void **state) { @@ -1115,8 +1118,11 @@ isc_hmacsha224_test(void **state) {
hash_test_key_t *test_key = test_keys; hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) { while (testcase->input != NULL && testcase->result != NULL) {
@ -135,7 +135,7 @@ index 9c4d299..d9deba2 100644
isc_hmacsha224_update(&hmacsha224, isc_hmacsha224_update(&hmacsha224,
(const uint8_t *) testcase->input, (const uint8_t *) testcase->input,
testcase->input_len); testcase->input_len);
@@ -1277,8 +1283,11 @@ isc_hmacsha256_test(void **state) { @@ -1276,8 +1282,11 @@ isc_hmacsha256_test(void **state) {
hash_test_key_t *test_key = test_keys; hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) { while (testcase->input != NULL && testcase->result != NULL) {
@ -148,7 +148,7 @@ index 9c4d299..d9deba2 100644
isc_hmacsha256_update(&hmacsha256, isc_hmacsha256_update(&hmacsha256,
(const uint8_t *) testcase->input, (const uint8_t *) testcase->input,
testcase->input_len); testcase->input_len);
@@ -1444,8 +1453,11 @@ isc_hmacsha384_test(void **state) { @@ -1443,8 +1452,11 @@ isc_hmacsha384_test(void **state) {
hash_test_key_t *test_key = test_keys; hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) { while (testcase->input != NULL && testcase->result != NULL) {
@ -161,7 +161,7 @@ index 9c4d299..d9deba2 100644
isc_hmacsha384_update(&hmacsha384, isc_hmacsha384_update(&hmacsha384,
(const uint8_t *) testcase->input, (const uint8_t *) testcase->input,
testcase->input_len); testcase->input_len);
@@ -1611,8 +1623,11 @@ isc_hmacsha512_test(void **state) { @@ -1610,8 +1622,11 @@ isc_hmacsha512_test(void **state) {
hash_test_key_t *test_key = test_keys; hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) { while (testcase->input != NULL && testcase->result != NULL) {
@ -174,7 +174,7 @@ index 9c4d299..d9deba2 100644
isc_hmacsha512_update(&hmacsha512, isc_hmacsha512_update(&hmacsha512,
(const uint8_t *) testcase->input, (const uint8_t *) testcase->input,
testcase->input_len); testcase->input_len);
@@ -1755,8 +1770,11 @@ isc_hmacmd5_test(void **state) { @@ -1754,8 +1769,11 @@ isc_hmacmd5_test(void **state) {
hash_test_key_t *test_key = test_keys; hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) { while (testcase->input != NULL && testcase->result != NULL) {
@ -188,5 +188,5 @@ index 9c4d299..d9deba2 100644
(const uint8_t *) testcase->input, (const uint8_t *) testcase->input,
testcase->input_len); testcase->input_len);
-- --
2.20.1 2.21.1

View File

@ -1,4 +1,4 @@
From 76594cba9a1e910bb36160d96fc3872349341799 Mon Sep 17 00:00:00 2001 From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 25 Apr 2018 14:04:31 +0200 Date: Wed, 25 Apr 2018 14:04:31 +0200
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
@ -24,10 +24,10 @@ Fix the isc_safe_memwipe() usage with (NULL, >0)
delete mode 100644 lib/isc/safe.c delete mode 100644 lib/isc/safe.c
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 6ddaebe..d921870 100644 index 6dded0c..a9c5557 100644
--- a/bin/dnssec/dnssec-signzone.c --- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c
@@ -787,7 +787,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name, @@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
static int static int
hashlist_comp(const void *a, const void *b) { hashlist_comp(const void *a, const void *b) {
@ -81,7 +81,7 @@ index ad77f24..670982a 100644
/* accept_sec_context.c */ /* accept_sec_context.c */
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 0fd0837..8ad54bb 100644 index 149552a..8529a86 100644
--- a/lib/isc/Makefile.in --- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in +++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \ @@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
@ -91,7 +91,7 @@ index 0fd0837..8ad54bb 100644
- safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ - safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
+ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ + serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \ string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
tm.@O@ timer.@O@ version.@O@ \ tm.@O@ timer.@O@ utf8.@O@ version.@O@ \
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS} ${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
@@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \ @@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
netaddr.c netscope.c pool.c ondestroy.c \ netaddr.c netscope.c pool.c ondestroy.c \
@ -100,7 +100,7 @@ index 0fd0837..8ad54bb 100644
- safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \ - safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
+ serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \ + serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
strtoul.c symtab.c task.c taskpool.c timer.c \ strtoul.c symtab.c task.c taskpool.c timer.c \
tm.c version.c tm.c utf8.c version.c
@@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@ @@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@
@ -284,5 +284,5 @@ index 266ac75..60e9181 100644
return (cmocka_run_group_tests(tests, NULL, NULL)); return (cmocka_run_group_tests(tests, NULL, NULL));
-- --
2.20.1 2.26.2

View File

@ -1,4 +1,4 @@
From 7e61714a5d1509ec79af42391e41eb1afc53063a Mon Sep 17 00:00:00 2001 From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org> From: Evan Hunt <each@isc.org>
Date: Tue, 12 Sep 2017 19:05:46 -0700 Date: Tue, 12 Sep 2017 19:05:46 -0700
Subject: [PATCH] rebased rt31459c Subject: [PATCH] rebased rt31459c
@ -71,10 +71,10 @@ index 5015abb..295e16f 100644
&entropy_source, &entropy_source,
randomfile, randomfile,
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
index 2c0c308..3e585af 100644 index d9d6bb9..de4b15f 100644
--- a/bin/dnssec/dnssec-dsfromkey.c --- a/bin/dnssec/dnssec-dsfromkey.c
+++ b/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -494,14 +494,14 @@ main(int argc, char **argv) { @@ -498,14 +498,14 @@ main(int argc, char **argv) {
if (ectx == NULL) if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx); setup_entropy(mctx, NULL, &ectx);
@ -92,7 +92,7 @@ index 2c0c308..3e585af 100644
isc_entropy_stopcallbacksources(ectx); isc_entropy_stopcallbacksources(ectx);
setup_logging(mctx, &log); setup_logging(mctx, &log);
@@ -571,8 +571,8 @@ main(int argc, char **argv) { @@ -574,8 +574,8 @@ main(int argc, char **argv) {
if (dns_rdataset_isassociated(&rdataset)) if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset); dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log); cleanup_logging(&log);
@ -103,10 +103,10 @@ index 2c0c308..3e585af 100644
dns_name_destroy(); dns_name_destroy();
if (verbose > 10) if (verbose > 10)
diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c
index 0d1e7f8..79c4d74 100644 index d65a514..04b3094 100644
--- a/bin/dnssec/dnssec-importkey.c --- a/bin/dnssec/dnssec-importkey.c
+++ b/bin/dnssec/dnssec-importkey.c +++ b/bin/dnssec/dnssec-importkey.c
@@ -407,14 +407,14 @@ main(int argc, char **argv) { @@ -404,14 +404,14 @@ main(int argc, char **argv) {
if (ectx == NULL) if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx); setup_entropy(mctx, NULL, &ectx);
@ -124,7 +124,7 @@ index 0d1e7f8..79c4d74 100644
isc_entropy_stopcallbacksources(ectx); isc_entropy_stopcallbacksources(ectx);
setup_logging(mctx, &log); setup_logging(mctx, &log);
@@ -458,8 +458,8 @@ main(int argc, char **argv) { @@ -455,8 +455,8 @@ main(int argc, char **argv) {
if (dns_rdataset_isassociated(&rdataset)) if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset); dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log); cleanup_logging(&log);
@ -167,10 +167,10 @@ index 7d82dbf..10f9359 100644
if (verbose > 10) if (verbose > 10)
isc_mem_stats(mctx, stdout); isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index f355903..6a2ca59 100644 index 7afcaee..1cfa511 100644
--- a/bin/dnssec/dnssec-settime.c --- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c
@@ -382,14 +382,14 @@ main(int argc, char **argv) { @@ -380,14 +380,14 @@ main(int argc, char **argv) {
if (ectx == NULL) if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx); setup_entropy(mctx, NULL, &ectx);
@ -188,7 +188,7 @@ index f355903..6a2ca59 100644
isc_entropy_stopcallbacksources(ectx); isc_entropy_stopcallbacksources(ectx);
if (predecessor != NULL) { if (predecessor != NULL) {
@@ -674,8 +674,8 @@ main(int argc, char **argv) { @@ -672,8 +672,8 @@ main(int argc, char **argv) {
if (prevkey != NULL) if (prevkey != NULL)
dst_key_free(&prevkey); dst_key_free(&prevkey);
dst_key_free(&key); dst_key_free(&key);
@ -199,7 +199,7 @@ index f355903..6a2ca59 100644
if (verbose > 10) if (verbose > 10)
isc_mem_stats(mctx, stdout); isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index c6a0313..6ddaebe 100644 index 319a805..27ae4d4 100644
--- a/bin/dnssec/dnssec-signzone.c --- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c
@@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) { @@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) {
@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644
rdclass = strtoclass(classname); rdclass = strtoclass(classname);
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index fbc7ece..31a99e7 100644 index 618ec5b..5654435 100644
--- a/bin/dnssec/dnssectool.c --- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c
@@ -34,6 +34,7 @@ @@ -34,6 +34,7 @@
@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644
usekeyboard); usekeyboard);
diff --git a/bin/named/server.c b/bin/named/server.c diff --git a/bin/named/server.c b/bin/named/server.c
index 7d85d3b..c782073 100644 index 4e503e5..f27071f 100644
--- a/bin/named/server.c --- a/bin/named/server.c
+++ b/bin/named/server.c +++ b/bin/named/server.c
@@ -36,6 +36,7 @@ @@ -36,6 +36,7 @@
@ -304,7 +304,7 @@ index 7d85d3b..c782073 100644
#include <isc/portset.h> #include <isc/portset.h>
#include <isc/print.h> #include <isc/print.h>
#include <isc/random.h> #include <isc/random.h>
@@ -8211,6 +8212,10 @@ load_configuration(const char *filename, ns_server_t *server, @@ -8217,6 +8218,10 @@ load_configuration(const char *filename, ns_server_t *server,
"no source of entropy found"); "no source of entropy found");
} else { } else {
const char *randomdev = cfg_obj_asstring(obj); const char *randomdev = cfg_obj_asstring(obj);
@ -315,7 +315,7 @@ index 7d85d3b..c782073 100644
int level = ISC_LOG_ERROR; int level = ISC_LOG_ERROR;
result = isc_entropy_createfilesource(ns_g_entropy, result = isc_entropy_createfilesource(ns_g_entropy,
randomdev); randomdev);
@@ -8245,6 +8250,7 @@ load_configuration(const char *filename, ns_server_t *server, @@ -8251,6 +8256,7 @@ load_configuration(const char *filename, ns_server_t *server,
} }
isc_entropy_detach(&ns_g_fallbackentropy); isc_entropy_detach(&ns_g_fallbackentropy);
} }
@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644
parse_args(false, argc, argv); parse_args(false, argc, argv);
if (server == NULL) if (server == NULL)
diff --git a/configure b/configure diff --git a/configure b/configure
index ed002e0..a578874 100755 index 6d05371..33689c9 100755
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\ @@ -640,6 +640,7 @@ ac_includes_default="\
@ -699,7 +699,7 @@ index ed002e0..a578874 100755
BUILD_LIBS BUILD_LIBS
BUILD_LDFLAGS BUILD_LDFLAGS
BUILD_CPPFLAGS BUILD_CPPFLAGS
@@ -821,6 +822,7 @@ XMLSTATS @@ -823,6 +824,7 @@ LIBXML2_CFLAGS
NZDTARGETS NZDTARGETS
NZDSRCS NZDSRCS
NZD_TOOLS NZD_TOOLS
@ -707,7 +707,7 @@ index ed002e0..a578874 100755
PKCS11_TEST PKCS11_TEST
PKCS11_ED25519 PKCS11_ED25519
PKCS11_GOST PKCS11_GOST
@@ -1045,6 +1047,7 @@ with_eddsa @@ -1047,6 +1049,7 @@ with_eddsa
with_aes with_aes
enable_openssl_hash enable_openssl_hash
with_cc_alg with_cc_alg
@ -715,7 +715,7 @@ index ed002e0..a578874 100755
with_lmdb with_lmdb
with_libxml2 with_libxml2
with_libjson with_libjson
@@ -1744,6 +1747,7 @@ Optional Features: @@ -1749,6 +1752,7 @@ Optional Features:
--enable-threads enable multithreading --enable-threads enable multithreading
--enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-native-pkcs11 use native PKCS11 for all crypto [default=no]
--enable-openssl-hash use OpenSSL for hash functions [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=no]
@ -723,7 +723,7 @@ index ed002e0..a578874 100755
--enable-largefile 64-bit file support --enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes] --enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace --enable-symtable use internal symbol table for backtrace
@@ -17115,6 +17119,7 @@ case "$use_openssl" in @@ -17144,6 +17148,7 @@ case "$use_openssl" in
$as_echo "disabled because of native PKCS11" >&6; } $as_echo "disabled because of native PKCS11" >&6; }
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO" CRYPTO="-DPKCS11CRYPTO"
@ -731,7 +731,7 @@ index ed002e0..a578874 100755
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -17129,6 +17134,7 @@ $as_echo "disabled because of native PKCS11" >&6; } @@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
$as_echo "no" >&6; } $as_echo "no" >&6; }
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -739,7 +739,7 @@ index ed002e0..a578874 100755
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -17141,6 +17147,7 @@ $as_echo "no" >&6; } @@ -17170,6 +17176,7 @@ $as_echo "no" >&6; }
auto) auto)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -747,7 +747,7 @@ index ed002e0..a578874 100755
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -17150,7 +17157,7 @@ $as_echo "no" >&6; } @@ -17179,7 +17186,7 @@ $as_echo "no" >&6; }
OPENSSLLINKOBJS="" OPENSSLLINKOBJS=""
OPENSSLLINKSRCS="" OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -756,7 +756,7 @@ index ed002e0..a578874 100755
;; ;;
*) *)
if test "yes" = "$want_native_pkcs11" if test "yes" = "$want_native_pkcs11"
@@ -17181,6 +17188,7 @@ $as_echo "not found" >&6; } @@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; }
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
fi fi
CRYPTO='-DOPENSSL' CRYPTO='-DOPENSSL'
@ -764,7 +764,7 @@ index ed002e0..a578874 100755
if test "/usr" = "$use_openssl" if test "/usr" = "$use_openssl"
then then
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
@@ -17806,8 +17814,6 @@ fi @@ -17835,8 +17843,6 @@ fi
# Use OpenSSL for hash functions # Use OpenSSL for hash functions
# #
@ -773,7 +773,7 @@ index ed002e0..a578874 100755
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in case $want_openssl_hash in
yes) yes)
@@ -18182,6 +18188,86 @@ if test "rt" = "$have_clock_gt"; then @@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS" LIBS="-lrt $LIBS"
fi fi
@ -860,7 +860,7 @@ index ed002e0..a578874 100755
# #
# was --with-lmdb specified? # was --with-lmdb specified?
# #
@@ -20264,9 +20350,12 @@ _ACEOF @@ -20441,9 +20527,12 @@ _ACEOF
if ac_fn_c_try_compile "$LINENO"; then : if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
$as_echo "size_t for buflen; int for flags" >&6; } $as_echo "size_t for buflen; int for flags" >&6; }
@ -875,7 +875,7 @@ index ed002e0..a578874 100755
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
@@ -21581,12 +21670,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" @@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then if test "yes" = "$use_atomic"; then
@ -889,7 +889,7 @@ index ed002e0..a578874 100755
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364. # This bug is HP SR number 8606223364.
@@ -21619,6 +21703,11 @@ cat >>confdefs.h <<_ACEOF @@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF
_ACEOF _ACEOF
@ -901,7 +901,7 @@ index ed002e0..a578874 100755
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -21627,39 +21716,6 @@ _ACEOF @@ -21804,39 +21893,6 @@ _ACEOF
fi fi
;; ;;
x86_64-*|amd64-*) x86_64-*|amd64-*)
@ -941,7 +941,7 @@ index ed002e0..a578874 100755
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -21690,6 +21746,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } @@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
$as_echo "$arch" >&6; } $as_echo "$arch" >&6; }
fi fi
@ -952,7 +952,7 @@ index ed002e0..a578874 100755
if test "yes" = "$have_atomic"; then if test "yes" = "$have_atomic"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
$as_echo_n "checking compiler support for inline assembly code... " >&6; } $as_echo_n "checking compiler support for inline assembly code... " >&6; }
@@ -24244,6 +24304,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" @@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
# #
dlzdir='${DLZ_DRIVER_DIR}' dlzdir='${DLZ_DRIVER_DIR}'
@ -983,7 +983,7 @@ index ed002e0..a578874 100755
# #
# Private autoconf macro to simplify configuring drivers: # Private autoconf macro to simplify configuring drivers:
# #
@@ -24574,11 +24658,11 @@ $as_echo "no" >&6; } @@ -24751,11 +24835,11 @@ $as_echo "no" >&6; }
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
;; ;;
*) *)
@ -998,7 +998,7 @@ index ed002e0..a578874 100755
fi fi
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
@@ -24663,7 +24747,7 @@ $as_echo "" >&6; } @@ -24840,7 +24924,7 @@ $as_echo "" >&6; }
# Check other locations for includes. # Check other locations for includes.
# Order is important (sigh). # Order is important (sigh).
@ -1007,7 +1007,7 @@ index ed002e0..a578874 100755
# include a blank element first # include a blank element first
for d in "" $bdb_incdirs for d in "" $bdb_incdirs
do do
@@ -24688,57 +24772,9 @@ $as_echo "" >&6; } @@ -24865,57 +24949,9 @@ $as_echo "" >&6; }
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
for d in $bdb_libnames for d in $bdb_libnames
do do
@ -1067,7 +1067,7 @@ index ed002e0..a578874 100755
break break
fi fi
done done
@@ -24897,10 +24933,10 @@ $as_echo "no" >&6; } @@ -25074,10 +25110,10 @@ $as_echo "no" >&6; }
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
fi fi
@ -1081,7 +1081,7 @@ index ed002e0..a578874 100755
fi fi
@@ -24986,11 +25022,11 @@ fi @@ -25163,11 +25199,11 @@ fi
odbcdirs="/usr /usr/local /usr/pkg" odbcdirs="/usr /usr/local /usr/pkg"
for d in $odbcdirs for d in $odbcdirs
do do
@ -1095,7 +1095,7 @@ index ed002e0..a578874 100755
break break
fi fi
done done
@@ -25265,6 +25301,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1104,7 +1104,7 @@ index ed002e0..a578874 100755
# #
# Commands to run at the end of config.status. # Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody # Don't just put these into configure, it won't work right if somebody
@@ -27644,6 +27682,8 @@ report() { @@ -27819,6 +27857,8 @@ report() {
echo " IPv6 support (--enable-ipv6)" echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)" echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1113,7 +1113,7 @@ index ed002e0..a578874 100755
test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -27684,6 +27724,8 @@ report() { @@ -27859,6 +27899,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)" echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1122,7 +1122,7 @@ index ed002e0..a578874 100755
echo " Dynamically loadable zone (DLZ) drivers:" echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \ test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)" echo " Berkeley DB (--with-dlz-bdb)"
@@ -27731,6 +27773,8 @@ report() { @@ -27906,6 +27948,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)" echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)" echo " EDDSA algorithm support (--with-eddsa)"
@ -1132,10 +1132,10 @@ index ed002e0..a578874 100755
test "yes" = "$enable_seccomp" || \ test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)" echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 45a8126..bb1345b 100644 index d10cde5..68bead8 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -1537,6 +1537,7 @@ case "$use_openssl" in @@ -1550,6 +1550,7 @@ case "$use_openssl" in
AC_MSG_RESULT(disabled because of native PKCS11) AC_MSG_RESULT(disabled because of native PKCS11)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO" CRYPTO="-DPKCS11CRYPTO"
@ -1143,7 +1143,7 @@ index 45a8126..bb1345b 100644
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -1550,6 +1551,7 @@ case "$use_openssl" in @@ -1563,6 +1564,7 @@ case "$use_openssl" in
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -1151,7 +1151,7 @@ index 45a8126..bb1345b 100644
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -1562,6 +1564,7 @@ case "$use_openssl" in @@ -1575,6 +1577,7 @@ case "$use_openssl" in
auto) auto)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -1159,7 +1159,7 @@ index 45a8126..bb1345b 100644
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -1572,7 +1575,7 @@ case "$use_openssl" in @@ -1585,7 +1588,7 @@ case "$use_openssl" in
OPENSSLLINKSRCS="" OPENSSLLINKSRCS=""
AC_MSG_ERROR( AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -1168,7 +1168,7 @@ index 45a8126..bb1345b 100644
;; ;;
*) *)
if test "yes" = "$want_native_pkcs11" if test "yes" = "$want_native_pkcs11"
@@ -1602,6 +1605,7 @@ If you don't want OpenSSL, use --without-openssl]) @@ -1615,6 +1618,7 @@ If you don't want OpenSSL, use --without-openssl])
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
fi fi
CRYPTO='-DOPENSSL' CRYPTO='-DOPENSSL'
@ -1176,7 +1176,7 @@ index 45a8126..bb1345b 100644
if test "/usr" = "$use_openssl" if test "/usr" = "$use_openssl"
then then
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
@@ -2037,7 +2041,6 @@ fi @@ -2050,7 +2054,6 @@ fi
# Use OpenSSL for hash functions # Use OpenSSL for hash functions
# #
@ -1184,7 +1184,7 @@ index 45a8126..bb1345b 100644
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in case $want_openssl_hash in
yes) yes)
@@ -2309,6 +2312,67 @@ if test "rt" = "$have_clock_gt"; then @@ -2322,6 +2325,67 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS" LIBS="-lrt $LIBS"
fi fi
@ -1252,7 +1252,7 @@ index 45a8126..bb1345b 100644
# #
# was --with-lmdb specified? # was --with-lmdb specified?
# #
@@ -4105,12 +4169,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" @@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then if test "yes" = "$use_atomic"; then
@ -1266,7 +1266,7 @@ index 45a8126..bb1345b 100644
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -4119,7 +4183,6 @@ if test "yes" = "$use_atomic"; then @@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then
fi fi
;; ;;
x86_64-*|amd64-*) x86_64-*|amd64-*)
@ -1274,7 +1274,7 @@ index 45a8126..bb1345b 100644
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -5527,6 +5590,8 @@ report() { @@ -5518,6 +5581,8 @@ report() {
echo " IPv6 support (--enable-ipv6)" echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)" echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1283,7 +1283,7 @@ index 45a8126..bb1345b 100644
test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -5567,6 +5632,8 @@ report() { @@ -5558,6 +5623,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)" echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1292,7 +1292,7 @@ index 45a8126..bb1345b 100644
echo " Dynamically loadable zone (DLZ) drivers:" echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \ test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)" echo " Berkeley DB (--with-dlz-bdb)"
@@ -5614,6 +5681,8 @@ report() { @@ -5605,6 +5672,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)" echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)" echo " EDDSA algorithm support (--with-eddsa)"
@ -1302,7 +1302,7 @@ index 45a8126..bb1345b 100644
test "yes" = "$enable_seccomp" || \ test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)" echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index ec6e00e..1614afa 100644 index 65bf25d..1eccbe7 100644
--- a/lib/dns/dst_api.c --- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c
@@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx, @@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
@ -1440,7 +1440,7 @@ index 304814b..60543c4 100644
isc_hash_destroy(); isc_hash_destroy();
cleanup_db: cleanup_db:
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index d65ce26..6849732 100644 index 13e838f..ffe0a69 100644
--- a/lib/dns/openssl_link.c --- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
@ -1476,7 +1476,7 @@ index d65ce26..6849732 100644
#endif #endif
+#endif /* !ISC_PLATFORM_CRYPTORANDOM */ +#endif /* !ISC_PLATFORM_CRYPTORANDOM */
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void static void
@@ -192,7 +195,7 @@ _set_thread_id(CRYPTO_THREADID *id) @@ -192,7 +195,7 @@ _set_thread_id(CRYPTO_THREADID *id)
isc_result_t isc_result_t
@ -1845,10 +1845,10 @@ index 0000000..bd3d164
+ +
+#endif +#endif
diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index 5c45d59..34b660c 100644 index 63be973..40b21fa 100644
--- a/lib/dns/win32/libdns.def.in --- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in
@@ -1484,6 +1484,13 @@ dst_lib_destroy @@ -1485,6 +1485,13 @@ dst_lib_destroy
dst_lib_init dst_lib_init
dst_lib_init2 dst_lib_init2
dst_lib_initmsgcat dst_lib_initmsgcat
@ -1863,7 +1863,7 @@ index 5c45d59..34b660c 100644
dst_region_computerid dst_region_computerid
dst_result_register dst_result_register
diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c
index ab2f617..ed05ed6 100644 index 907e470..451544d 100644
--- a/lib/isc/entropy.c --- a/lib/isc/entropy.c
+++ b/lib/isc/entropy.c +++ b/lib/isc/entropy.c
@@ -104,11 +104,15 @@ struct isc_entropy { @@ -104,11 +104,15 @@ struct isc_entropy {
@ -1921,10 +1921,10 @@ index ab2f617..ed05ed6 100644
+ hook = myhook; + hook = myhook;
+} +}
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index 4bba8e1..632166a 100644 index e8733db..c40a18c 100644
--- a/lib/isc/include/isc/entropy.h --- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h +++ b/lib/isc/include/isc/entropy.h
@@ -304,6 +304,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, @@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
* isc_entropy_createcallbacksource(). * isc_entropy_createcallbacksource().
*/ */
@ -1944,10 +1944,10 @@ index 4bba8e1..632166a 100644
#endif /* ISC_ENTROPY_H */ #endif /* ISC_ENTROPY_H */
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
index 9c7c342..ee8dc3e 100644 index 61960f1..d22993d 100644
--- a/lib/isc/include/isc/platform.h.in --- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in
@@ -341,6 +341,11 @@ @@ -359,6 +359,11 @@
*/ */
@ISC_PLATFORM_HAVESTRINGSH@ @ISC_PLATFORM_HAVESTRINGSH@
@ -1960,10 +1960,10 @@ index 9c7c342..ee8dc3e 100644
* Define if the hash functions must be provided by OpenSSL. * Define if the hash functions must be provided by OpenSSL.
*/ */
diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h
index 42ff7e0..8d87c44 100644 index da9d66f..4205400 100644
--- a/lib/isc/include/isc/types.h --- a/lib/isc/include/isc/types.h
+++ b/lib/isc/include/isc/types.h +++ b/lib/isc/include/isc/types.h
@@ -93,6 +93,8 @@ typedef struct isc_time isc_time_t; /*%< Time */ @@ -97,6 +97,8 @@ typedef struct isc_time isc_time_t; /*%< Time */
typedef struct isc_timer isc_timer_t; /*%< Timer */ typedef struct isc_timer isc_timer_t; /*%< Timer */
typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */ typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */
@ -1973,7 +1973,7 @@ index 42ff7e0..8d87c44 100644
typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int); typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int);
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index 8e6ed93..ceb5a2c 100644 index 68aebdc..4b85527 100644
--- a/lib/isc/pk11.c --- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c +++ b/lib/isc/pk11.c
@@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) { @@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) {
@ -1999,10 +1999,10 @@ index 8e6ed93..ceb5a2c 100644
cleanup: cleanup:
if (stream != NULL) if (stream != NULL)
diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in
index 5b8a2c9..913a2ce 100644 index 8ade705..fa72f9d 100644
--- a/lib/isc/win32/include/isc/platform.h.in --- a/lib/isc/win32/include/isc/platform.h.in
+++ b/lib/isc/win32/include/isc/platform.h.in +++ b/lib/isc/win32/include/isc/platform.h.in
@@ -69,6 +69,11 @@ @@ -73,6 +73,11 @@
#define ISC_PLATFORM_NORETURN_PRE __declspec(noreturn) #define ISC_PLATFORM_NORETURN_PRE __declspec(noreturn)
#define ISC_PLATFORM_NORETURN_POST #define ISC_PLATFORM_NORETURN_POST
@ -2015,7 +2015,7 @@ index 5b8a2c9..913a2ce 100644
* Define if the hash functions must be provided by OpenSSL. * Define if the hash functions must be provided by OpenSSL.
*/ */
diff --git a/win32utils/Configure b/win32utils/Configure diff --git a/win32utils/Configure b/win32utils/Configure
index ccaf067..240fb80 100644 index 79d682e..6c78cb2 100644
--- a/win32utils/Configure --- a/win32utils/Configure
+++ b/win32utils/Configure +++ b/win32utils/Configure
@@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA", @@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
@ -2036,15 +2036,15 @@ index ccaf067..240fb80 100644
"fixed-rrset", "fixed-rrset",
"intrinsics", "intrinsics",
"isc-spnego", "isc-spnego",
@@ -581,6 +583,7 @@ my @help = ( @@ -580,6 +582,7 @@ my @help = (
"\nOptional Features:\n", "\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", " enable-intrinsics enable intrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
+" enable-crypto-rand use crypto provider for random [default=yes]\n", +" enable-crypto-rand use crypto provider for random [default=yes]\n",
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", " enable-filter-aaaa enable filtering of AAAA records [default=yes]\n",
@@ -630,7 +633,9 @@ my $want_clean = "no"; @@ -628,7 +631,9 @@ my $want_clean = "no";
my $want_unknown = "no"; my $want_unknown = "no";
my $unknown_value; my $unknown_value;
my $enable_intrinsics = "yes"; my $enable_intrinsics = "yes";
@ -2054,7 +2054,7 @@ index ccaf067..240fb80 100644
my $enable_openssl_hash = "auto"; my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "yes"; my $enable_filter_aaaa = "yes";
my $enable_isc_spnego = "yes"; my $enable_isc_spnego = "yes";
@@ -850,6 +855,10 @@ sub myenable { @@ -847,6 +852,10 @@ sub myenable {
if ($val =~ /^yes$/i) { if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes"; $enable_native_pkcs11 = "yes";
} }
@ -2065,7 +2065,7 @@ index ccaf067..240fb80 100644
} elsif ($key =~ /^openssl-hash$/i) { } elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) { if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes"; $enable_openssl_hash = "yes";
@@ -1158,6 +1167,11 @@ if ($verbose) { @@ -1153,6 +1162,11 @@ if ($verbose) {
} else { } else {
print "native-pkcs11: disabled\n"; print "native-pkcs11: disabled\n";
} }
@ -2077,7 +2077,7 @@ index ccaf067..240fb80 100644
if ($enable_openssl_hash eq "yes") { if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n"; print "openssl-hash: enabled\n";
} else { } else {
@@ -1516,6 +1530,7 @@ if ($enable_intrinsics eq "yes") { @@ -1510,6 +1524,7 @@ if ($enable_intrinsics eq "yes") {
# enable-native-pkcs11 # enable-native-pkcs11
if ($enable_native_pkcs11 eq "yes") { if ($enable_native_pkcs11 eq "yes") {
@ -2085,7 +2085,7 @@ index ccaf067..240fb80 100644
if ($use_openssl eq "auto") { if ($use_openssl eq "auto") {
$use_openssl = "no"; $use_openssl = "no";
} }
@@ -1725,6 +1740,7 @@ if ($use_openssl eq "yes") { @@ -1719,6 +1734,7 @@ if ($use_openssl eq "yes") {
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
} }
@ -2093,7 +2093,7 @@ index ccaf067..240fb80 100644
$configcond{"OPENSSL"} = 1; $configcond{"OPENSSL"} = 1;
$configdefd{"CRYPTO"} = "OPENSSL"; $configdefd{"CRYPTO"} = "OPENSSL";
$configvar{"OPENSSL_PATH"} = "$openssl_path"; $configvar{"OPENSSL_PATH"} = "$openssl_path";
@@ -2296,6 +2312,15 @@ if ($use_aes eq "yes") { @@ -2290,6 +2306,15 @@ if ($use_aes eq "yes") {
} }
@ -2109,7 +2109,7 @@ index ccaf067..240fb80 100644
# enable-openssl-hash # enable-openssl-hash
if ($enable_openssl_hash eq "yes") { if ($enable_openssl_hash eq "yes") {
if ($use_openssl eq "no") { if ($use_openssl eq "no") {
@@ -3671,6 +3696,7 @@ exit 0; @@ -3665,6 +3690,7 @@ exit 0;
# --enable-developer partially supported # --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only) # --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported # --enable-native-pkcs11 supported
@ -2118,5 +2118,5 @@ index ccaf067..240fb80 100644
# --enable-openssl-hash supported # --enable-openssl-hash supported
# --enable-threads included without a way to disable it # --enable-threads included without a way to disable it
-- --
2.20.1 2.21.1

View File

@ -1,4 +1,4 @@
From 5a465424f5249ceaf0547ab90361a16eb08f7a2b Mon Sep 17 00:00:00 2001 From 344c19ad4b3f058e65a4b41650bb0ee20692cc5c Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org> From: Evan Hunt <each@isc.org>
Date: Thu, 28 Sep 2017 10:09:22 -0700 Date: Thu, 28 Sep 2017 10:09:22 -0700
Subject: [PATCH] completed and corrected the crypto-random change Subject: [PATCH] completed and corrected the crypto-random change
@ -39,15 +39,15 @@ Subject: [PATCH] completed and corrected the crypto-random change
bin/tests/system/tkey/keycreate.c | 4 +- bin/tests/system/tkey/keycreate.c | 4 +-
bin/tests/system/tkey/keydelete.c | 5 +-- bin/tests/system/tkey/keydelete.c | 5 +--
doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++------- doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++-------
doc/arm/notes-rh-changes.xml | 43 ++++++++++++++++++ doc/arm/notes-rh-changes.xml | 42 ++++++++++++++++++
doc/arm/notes.xml | 1 + doc/arm/notes.xml | 1 +
lib/dns/dst_api.c | 4 +- lib/dns/dst_api.c | 4 +-
lib/dns/include/dst/dst.h | 14 +++++- lib/dns/include/dst/dst.h | 14 +++++-
lib/dns/openssl_link.c | 3 +- lib/dns/openssl_link.c | 3 +-
lib/isc/include/isc/entropy.h | 50 +++++++++++++++------ lib/isc/include/isc/entropy.h | 48 +++++++++++++++------
lib/isc/include/isc/random.h | 28 +++++++----- lib/isc/include/isc/random.h | 28 +++++++-----
lib/isccfg/namedconf.c | 2 +- lib/isccfg/namedconf.c | 2 +-
23 files changed, 241 insertions(+), 106 deletions(-) 23 files changed, 240 insertions(+), 104 deletions(-)
create mode 100644 doc/arm/notes-rh-changes.xml create mode 100644 doc/arm/notes-rh-changes.xml
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
@ -78,10 +78,10 @@ index 295e16f..0f79aa8 100644
&entropy_source, &entropy_source,
randomfile, randomfile,
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 0ae6b41..4562430 100644 index 1826919..96543fc 100644
--- a/bin/dnssec/dnssec-keygen.docbook --- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook
@@ -348,15 +348,23 @@ @@ -349,15 +349,23 @@
<term>-r <replaceable class="parameter">randomdev</replaceable></term> <term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem> <listitem>
<para> <para>
@ -114,7 +114,7 @@ index 0ae6b41..4562430 100644
</listitem> </listitem>
</varlistentry> </varlistentry>
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 31a99e7..38c83ed 100644 index 5654435..24c0d5a 100644
--- a/bin/dnssec/dnssectool.c --- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c
@@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { @@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@ -142,10 +142,10 @@ index 31a99e7..38c83ed 100644
usekeyboard); usekeyboard);
diff --git a/bin/named/client.c b/bin/named/client.c diff --git a/bin/named/client.c b/bin/named/client.c
index 50fa2cd..524d9a3 100644 index 9a0d3c8..c573177 100644
--- a/bin/named/client.c --- a/bin/named/client.c
+++ b/bin/named/client.c +++ b/bin/named/client.c
@@ -1762,7 +1762,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, @@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
isc_buffer_init(&buf, cookie, sizeof(cookie)); isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_stdtime_get(&now); isc_stdtime_get(&now);
@ -223,7 +223,7 @@ index d955c2f..40621f2 100644
} else } else
eresult = ns_control_docommand(request, listener->readonly, &text); eresult = ns_control_docommand(request, listener->readonly, &text);
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 7ee8f66..8982d26 100644 index 3f96b7b..c92922e 100644
--- a/bin/named/include/named/server.h --- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h
@@ -20,6 +20,7 @@ @@ -20,6 +20,7 @@
@ -255,7 +255,7 @@ index 9dea7c1..272d300 100644
#include <isc/task.h> #include <isc/task.h>
#include <isc/util.h> #include <isc/util.h>
diff --git a/bin/named/query.c b/bin/named/query.c diff --git a/bin/named/query.c b/bin/named/query.c
index c9e5469..0940714 100644 index 203f1e6..25eeced 100644
--- a/bin/named/query.c --- a/bin/named/query.c
+++ b/bin/named/query.c +++ b/bin/named/query.c
@@ -19,6 +19,7 @@ @@ -19,6 +19,7 @@
@ -267,10 +267,10 @@ index c9e5469..0940714 100644
#include <isc/serial.h> #include <isc/serial.h>
#include <isc/stats.h> #include <isc/stats.h>
diff --git a/bin/named/server.c b/bin/named/server.c diff --git a/bin/named/server.c b/bin/named/server.c
index 36fc047..3c1eec0 100644 index f27071f..f132c19 100644
--- a/bin/named/server.c --- a/bin/named/server.c
+++ b/bin/named/server.c +++ b/bin/named/server.c
@@ -8208,21 +8208,32 @@ load_configuration(const char *filename, ns_server_t *server, @@ -8210,21 +8210,32 @@ load_configuration(const char *filename, ns_server_t *server,
* Open the source of entropy. * Open the source of entropy.
*/ */
if (first_time) { if (first_time) {
@ -312,7 +312,7 @@ index 36fc047..3c1eec0 100644
#ifdef PATH_RANDOMDEV #ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) { if (ns_g_fallbackentropy != NULL) {
level = ISC_LOG_INFO; level = ISC_LOG_INFO;
@@ -8233,8 +8244,8 @@ load_configuration(const char *filename, ns_server_t *server, @@ -8235,8 +8246,8 @@ load_configuration(const char *filename, ns_server_t *server,
NS_LOGCATEGORY_GENERAL, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, NS_LOGMODULE_SERVER,
level, level,
@ -323,7 +323,7 @@ index 36fc047..3c1eec0 100644
randomdev, randomdev,
isc_result_totext(result)); isc_result_totext(result));
} }
@@ -8254,7 +8265,6 @@ load_configuration(const char *filename, ns_server_t *server, @@ -8256,7 +8267,6 @@ load_configuration(const char *filename, ns_server_t *server,
} }
isc_entropy_detach(&ns_g_fallbackentropy); isc_entropy_detach(&ns_g_fallbackentropy);
} }
@ -331,7 +331,7 @@ index 36fc047..3c1eec0 100644
#endif #endif
} }
@@ -9022,6 +9032,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { @@ -9025,6 +9035,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->in_roothints = NULL; server->in_roothints = NULL;
server->blackholeacl = NULL; server->blackholeacl = NULL;
server->keepresporder = NULL; server->keepresporder = NULL;
@ -339,7 +339,7 @@ index 36fc047..3c1eec0 100644
/* Must be first. */ /* Must be first. */
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy, CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
@@ -9048,6 +9059,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { @@ -9051,6 +9062,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy, CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx), &server->tkeyctx),
"creating TKEY context"); "creating TKEY context");
@ -349,7 +349,7 @@ index 36fc047..3c1eec0 100644
/* /*
* Setup the server task, which is responsible for coordinating * Setup the server task, which is responsible for coordinating
@@ -9254,7 +9268,8 @@ ns_server_destroy(ns_server_t **serverp) { @@ -9257,7 +9271,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->zonemgr != NULL) if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr); dns_zonemgr_detach(&server->zonemgr);
@ -359,7 +359,7 @@ index 36fc047..3c1eec0 100644
if (server->tkeyctx != NULL) if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx); dns_tkeyctx_destroy(&server->tkeyctx);
@@ -13230,10 +13245,10 @@ newzone_cfgctx_destroy(void **cfgp) { @@ -13263,10 +13278,10 @@ newzone_cfgctx_destroy(void **cfgp) {
static isc_result_t static isc_result_t
generate_salt(unsigned char *salt, size_t saltlen) { generate_salt(unsigned char *salt, size_t saltlen) {
@ -372,7 +372,7 @@ index 36fc047..3c1eec0 100644
} rnd; } rnd;
unsigned char text[512 + 1]; unsigned char text[512 + 1];
isc_region_t r; isc_region_t r;
@@ -13243,9 +13258,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { @@ -13276,9 +13291,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
if (saltlen > 256U) if (saltlen > 256U)
return (ISC_R_RANGE); return (ISC_R_RANGE);
@ -455,10 +455,10 @@ index 2146f9b..64b8e74 100644
} }
#endif #endif
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 33e06e6..539973c 100644 index 93c7a08..bb1e81d 100644
--- a/doc/arm/Bv9ARM-book.xml --- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml
@@ -5076,22 +5076,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] @@ -5081,22 +5081,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<term><command>random-device</command></term> <term><command>random-device</command></term>
<listitem> <listitem>
<para> <para>
@ -522,11 +522,10 @@ index 33e06e6..539973c 100644
</varlistentry> </varlistentry>
diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml
new file mode 100644 new file mode 100644
index 0000000..11c3a7c index 0000000..89a4961
--- /dev/null --- /dev/null
+++ b/doc/arm/notes-rh-changes.xml +++ b/doc/arm/notes-rh-changes.xml
@@ -0,0 +1,43 @@ @@ -0,0 +1,42 @@
+
+<!-- +<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - + -
@ -570,10 +569,10 @@ index 0000000..11c3a7c
+</section> +</section>
+ +
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index b16dab6..763ff7e 100644 index 589a347..052a0bd 100644
--- a/doc/arm/notes.xml --- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml +++ b/doc/arm/notes.xml
@@ -36,6 +36,7 @@ @@ -40,6 +40,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/>
@ -582,7 +581,7 @@ index b16dab6..763ff7e 100644
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-thankyou.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-thankyou.xml"/>
</section> </section>
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 1614afa..0f52df9 100644 index 1eccbe7..1933993 100644
--- a/lib/dns/dst_api.c --- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c
@@ -2017,10 +2017,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) { @@ -2017,10 +2017,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
@ -625,7 +624,7 @@ index 6813c96..665574d 100644
bool bool
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 6849732..e00a0e4 100644 index ffe0a69..5e48686 100644
--- a/lib/dns/openssl_link.c --- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c
@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) { @@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) {
@ -639,19 +638,10 @@ index 6849732..e00a0e4 100644
#ifndef DONT_REQUIRE_DST_LIB_INIT #ifndef DONT_REQUIRE_DST_LIB_INIT
INSIST(dst__memory_pool != NULL); INSIST(dst__memory_pool != NULL);
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index 632166a..c7cb17d 100644 index c40a18c..c7cb17d 100644
--- a/lib/isc/include/isc/entropy.h --- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h +++ b/lib/isc/include/isc/entropy.h
@@ -9,8 +9,6 @@ @@ -189,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
* information regarding copyright ownership.
*/
-/* $Id: entropy.h,v 1.35 2009/10/19 02:37:08 marka Exp $ */
-
#ifndef ISC_ENTROPY_H
#define ISC_ENTROPY_H 1
@@ -191,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
/*!< /*!<
* \brief Create an entropy source that is polled via a callback. * \brief Create an entropy source that is polled via a callback.
* *
@ -663,18 +653,23 @@ index 632166a..c7cb17d 100644
* *
* Samples are added via isc_entropy_addcallbacksample(), below. * Samples are added via isc_entropy_addcallbacksample(), below.
* _addcallbacksample() is the only function which may be called from * _addcallbacksample() is the only function which may be called from
@@ -234,15 +231,32 @@ isc_result_t @@ -232,15 +231,32 @@ isc_result_t
isc_entropy_getdata(isc_entropy_t *ent, void *data, unsigned int length, isc_entropy_getdata(isc_entropy_t *ent, void *data, unsigned int length,
unsigned int *returned, unsigned int flags); unsigned int *returned, unsigned int flags);
/*!< /*!<
- * \brief Extract data from the entropy pool. This may load the pool from various - * \brief Extract data from the entropy pool. This may load the pool from various
- * sources. - * sources.
+ * \brief Get random data from entropy pool 'ent'. + * \brief Get random data from entropy pool 'ent'.
+ * *
- * Do this by stirring the pool and returning a part of hash as randomness.
- * Note that no secrets are given away here since parts of the hash are
- * xored together before returned.
+ * If a hook has been set up using isc_entropy_sethook() and + * If a hook has been set up using isc_entropy_sethook() and
+ * isc_entropy_usehook(), then the hook function will be called to get + * isc_entropy_usehook(), then the hook function will be called to get
+ * random data. + * random data.
+ * *
- * Honor the request from the caller to only return good data, any data,
- * etc.
+ * Otherwise, randomness is extracted from the entropy pool set up in BIND. + * Otherwise, randomness is extracted from the entropy pool set up in BIND.
+ * This may cause the pool to be loaded from various sources. Ths is done + * This may cause the pool to be loaded from various sources. Ths is done
+ * by stirring the pool and returning a part of hash as randomness. + * by stirring the pool and returning a part of hash as randomness.
@ -685,17 +680,12 @@ index 632166a..c7cb17d 100644
+ * ISC_ENTROPY_BLOCKING. These will be honored if the hook function is + * ISC_ENTROPY_BLOCKING. These will be honored if the hook function is
+ * not in use. If it is, the flags will be passed to the hook function + * not in use. If it is, the flags will be passed to the hook function
+ * but it may ignore them. + * but it may ignore them.
* + *
- * Do this by stiring the pool and returning a part of hash as randomness.
- * Note that no secrets are given away here since parts of the hash are
- * xored together before returned.
+ * Up to 'length' bytes of randomness are retrieved and copied into 'data'. + * Up to 'length' bytes of randomness are retrieved and copied into 'data'.
+ * (If 'returned' is not NULL, and the number of bytes copied is less than + * (If 'returned' is not NULL, and the number of bytes copied is less than
+ * 'length' - which may happen if ISC_ENTROPY_PARTIAL was used - then the + * 'length' - which may happen if ISC_ENTROPY_PARTIAL was used - then the
+ * number of bytes copied will be stored in *returned.) + * number of bytes copied will be stored in *returned.)
* + *
- * Honor the request from the caller to only return good data, any data,
- * etc.
+ * Returns: + * Returns:
+ * \li ISC_R_SUCCESS on success + * \li ISC_R_SUCCESS on success
+ * \li ISC_R_NOENTROPY if entropy pool is empty + * \li ISC_R_NOENTROPY if entropy pool is empty
@ -703,7 +693,7 @@ index 632166a..c7cb17d 100644
*/ */
void void
@@ -307,13 +321,21 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, @@ -305,13 +321,21 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
void void
isc_entropy_usehook(isc_entropy_t *ectx, bool onoff); isc_entropy_usehook(isc_entropy_t *ectx, bool onoff);
/*!< /*!<
@ -782,7 +772,7 @@ index f8aed34..17c551b 100644
ISC_LANG_ENDDECLS ISC_LANG_ENDDECLS
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 03890a3..7bad989 100644 index 1c45d5c..91693b5 100644
--- a/lib/isccfg/namedconf.c --- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c
@@ -1109,7 +1109,7 @@ options_clauses[] = { @@ -1109,7 +1109,7 @@ options_clauses[] = {
@ -795,5 +785,5 @@ index 03890a3..7bad989 100644
{ "recursive-clients", &cfg_type_uint32, 0 }, { "recursive-clients", &cfg_type_uint32, 0 },
{ "reserved-sockets", &cfg_type_uint32, 0 }, { "reserved-sockets", &cfg_type_uint32, 0 },
-- --
2.20.1 2.21.1

View File

@ -1,4 +1,4 @@
From 2bdcb7159b1ac097355e95864e979b4f68bc1a4e Mon Sep 17 00:00:00 2001 From 521fc8dcc0ac064ae8bc521418f5b03f0ceec657 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 7 Nov 2019 14:31:03 +0100 Date: Thu, 7 Nov 2019 14:31:03 +0100
Subject: [PATCH] Implement serve-stale in 9.11 Subject: [PATCH] Implement serve-stale in 9.11
@ -257,13 +257,13 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
lib/dns/master.c | 14 +- lib/dns/master.c | 14 +-
lib/dns/masterdump.c | 23 + lib/dns/masterdump.c | 23 +
lib/dns/rbtdb.c | 207 ++++++- lib/dns/rbtdb.c | 207 ++++++-
lib/dns/resolver.c | 78 ++- lib/dns/resolver.c | 79 ++-
lib/dns/sdb.c | 4 +- lib/dns/sdb.c | 4 +-
lib/dns/sdlz.c | 4 +- lib/dns/sdlz.c | 4 +-
lib/dns/tests/db_test.c | 198 ++++++- lib/dns/tests/db_test.c | 198 ++++++-
lib/dns/view.c | 3 + lib/dns/view.c | 3 +
lib/isccfg/namedconf.c | 5 + lib/isccfg/namedconf.c | 5 +
48 files changed, 2121 insertions(+), 102 deletions(-) 48 files changed, 2122 insertions(+), 102 deletions(-)
create mode 100644 bin/tests/system/serve-stale/.gitignore create mode 100644 bin/tests/system/serve-stale/.gitignore
create mode 100644 bin/tests/system/serve-stale/ans2/ans.pl.in create mode 100644 bin/tests/system/serve-stale/ans2/ans.pl.in
create mode 100644 bin/tests/system/serve-stale/clean.sh create mode 100644 bin/tests/system/serve-stale/clean.sh
@ -389,22 +389,22 @@ index 9661f56..445b578 100644
bool root_key_sentinel_is_ta; bool root_key_sentinel_is_ta;
bool root_key_sentinel_not_ta; bool root_key_sentinel_not_ta;
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 8982d26..919ac28 100644 index c92922e..588bf2d 100644
--- a/bin/named/include/named/server.h --- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h
@@ -224,7 +224,10 @@ enum { @@ -226,7 +226,10 @@ enum {
dns_nsstatscounter_tcphighwater = 57, dns_nsstatscounter_reclimitdropped = 58,
- dns_nsstatscounter_max = 58 - dns_nsstatscounter_max = 59
+ dns_nsstatscounter_trystale = 58, + dns_nsstatscounter_trystale = 59,
+ dns_nsstatscounter_usedstale = 59, + dns_nsstatscounter_usedstale = 60,
+ +
+ dns_nsstatscounter_max = 60 + dns_nsstatscounter_max = 61
}; };
/*% /*%
@@ -763,4 +766,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text); @@ -765,4 +768,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
isc_result_t isc_result_t
ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text); ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
@ -430,7 +430,7 @@ index 3aa25e9..12f178b 100644
}; };
diff --git a/bin/named/query.c b/bin/named/query.c diff --git a/bin/named/query.c b/bin/named/query.c
index 0940714..882d69c 100644 index 25eeced..162e4ea 100644
--- a/bin/named/query.c --- a/bin/named/query.c
+++ b/bin/named/query.c +++ b/bin/named/query.c
@@ -125,10 +125,14 @@ @@ -125,10 +125,14 @@
@ -733,10 +733,10 @@ index 0940714..882d69c 100644
(!PARTIALANSWER(client) || WANTRECURSION(client) (!PARTIALANSWER(client) || WANTRECURSION(client)
|| eresult == DNS_R_DROP)) { || eresult == DNS_R_DROP)) {
diff --git a/bin/named/server.c b/bin/named/server.c diff --git a/bin/named/server.c b/bin/named/server.c
index 0c1f08b..d195bca 100644 index 1f23cf0..1fa836f 100644
--- a/bin/named/server.c --- a/bin/named/server.c
+++ b/bin/named/server.c +++ b/bin/named/server.c
@@ -1722,7 +1722,8 @@ static bool @@ -1720,7 +1720,8 @@ static bool
cache_sharable(dns_view_t *originview, dns_view_t *view, cache_sharable(dns_view_t *originview, dns_view_t *view,
bool new_zero_no_soattl, bool new_zero_no_soattl,
unsigned int new_cleaning_interval, unsigned int new_cleaning_interval,
@ -746,7 +746,7 @@ index 0c1f08b..d195bca 100644
{ {
/* /*
* If the cache cannot even reused for the same view, it cannot be * If the cache cannot even reused for the same view, it cannot be
@@ -1737,6 +1738,7 @@ cache_sharable(dns_view_t *originview, dns_view_t *view, @@ -1735,6 +1736,7 @@ cache_sharable(dns_view_t *originview, dns_view_t *view,
*/ */
if (dns_cache_getcleaninginterval(originview->cache) != if (dns_cache_getcleaninginterval(originview->cache) !=
new_cleaning_interval || new_cleaning_interval ||
@ -754,7 +754,7 @@ index 0c1f08b..d195bca 100644
dns_cache_getcachesize(originview->cache) != new_max_cache_size) { dns_cache_getcachesize(originview->cache) != new_max_cache_size) {
return (false); return (false);
} }
@@ -3292,6 +3294,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, @@ -3290,6 +3292,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
size_t max_acache_size; size_t max_acache_size;
size_t max_adb_size; size_t max_adb_size;
uint32_t lame_ttl, fail_ttl; uint32_t lame_ttl, fail_ttl;
@ -762,7 +762,7 @@ index 0c1f08b..d195bca 100644
dns_tsig_keyring_t *ring = NULL; dns_tsig_keyring_t *ring = NULL;
dns_view_t *pview = NULL; /* Production view */ dns_view_t *pview = NULL; /* Production view */
isc_mem_t *cmctx = NULL, *hmctx = NULL; isc_mem_t *cmctx = NULL, *hmctx = NULL;
@@ -3320,6 +3323,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, @@ -3318,6 +3321,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
bool old_rpz_ok = false; bool old_rpz_ok = false;
isc_dscp_t dscp4 = -1, dscp6 = -1; isc_dscp_t dscp4 = -1, dscp6 = -1;
dns_dyndbctx_t *dctx = NULL; dns_dyndbctx_t *dctx = NULL;
@ -770,7 +770,7 @@ index 0c1f08b..d195bca 100644
REQUIRE(DNS_VIEW_VALID(view)); REQUIRE(DNS_VIEW_VALID(view));
@@ -3734,6 +3738,24 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, @@ -3732,6 +3736,24 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
if (view->maxncachettl > 7 * 24 * 3600) if (view->maxncachettl > 7 * 24 * 3600)
view->maxncachettl = 7 * 24 * 3600; view->maxncachettl = 7 * 24 * 3600;
@ -795,7 +795,7 @@ index 0c1f08b..d195bca 100644
/* /*
* Configure the view's cache. * Configure the view's cache.
* *
@@ -3767,7 +3789,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, @@ -3765,7 +3787,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
nsc = cachelist_find(cachelist, cachename, view->rdclass); nsc = cachelist_find(cachelist, cachename, view->rdclass);
if (nsc != NULL) { if (nsc != NULL) {
if (!cache_sharable(nsc->primaryview, view, zero_no_soattl, if (!cache_sharable(nsc->primaryview, view, zero_no_soattl,
@ -805,7 +805,7 @@ index 0c1f08b..d195bca 100644
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"views %s and %s can't share the cache " "views %s and %s can't share the cache "
@@ -3866,9 +3889,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, @@ -3864,9 +3887,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
dns_cache_setcleaninginterval(cache, cleaning_interval); dns_cache_setcleaninginterval(cache, cleaning_interval);
dns_cache_setcachesize(cache, max_cache_size); dns_cache_setcachesize(cache, max_cache_size);
@ -821,7 +821,7 @@ index 0c1f08b..d195bca 100644
/* /*
* Resolver. * Resolver.
* *
@@ -4057,6 +4086,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, @@ -4055,6 +4084,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
maxbits = 4096; maxbits = 4096;
view->maxbits = maxbits; view->maxbits = maxbits;
@ -843,7 +843,7 @@ index 0c1f08b..d195bca 100644
/* /*
* Set supported DNSSEC algorithms. * Set supported DNSSEC algorithms.
*/ */
@@ -14423,3 +14467,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) { @@ -14456,3 +14500,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
return (ISC_R_NOTIMPLEMENTED); return (ISC_R_NOTIMPLEMENTED);
#endif #endif
} }
@ -977,13 +977,13 @@ index 0c1f08b..d195bca 100644
+ return (result); + return (result);
+} +}
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 4cdf7d6..5b413e7 100644 index 4b8d972..8c68737 100644
--- a/bin/named/statschannel.c --- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c +++ b/bin/named/statschannel.c
@@ -297,6 +297,12 @@ init_desc(void) { @@ -300,6 +300,12 @@ init_desc(void) {
"QryNXRedirRLookup"); SET_NSSTATDESC(reclimitdropped,
SET_NSSTATDESC(badcookie, "sent badcookie response", "QryBADCOOKIE"); "queries dropped due to recursive client limit",
SET_NSSTATDESC(keytagopt, "Keytag option received", "KeyTagOpt"); "RecLimitDropped");
+ SET_NSSTATDESC(trystale, + SET_NSSTATDESC(trystale,
+ "attempts to use stale cache data after lookup failure", + "attempts to use stale cache data after lookup failure",
+ "QryTryStale"); + "QryTryStale");
@ -1007,10 +1007,10 @@ index 8083654..d519983 100644
Print a zone's configuration.\n\ Print a zone's configuration.\n\
sign zone [class [view]]\n\ sign zone [class [view]]\n\
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index 06b073a..6ae8e5d 100644 index e14a17e..eaf32d3 100644
--- a/bin/rndc/rndc.docbook --- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook
@@ -688,6 +688,25 @@ @@ -689,6 +689,25 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1052,10 +1052,10 @@ index f3f1939..9ff3f07 100644
+ exit 1 + exit 1
+fi +fi
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index f781966..d20a830 100644 index 22749b9..a247fd5 100644
--- a/bin/tests/system/conf.sh.in --- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in
@@ -125,7 +125,7 @@ PARALLELDIRS="dnssec rpzrecurse \ @@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \
reclimit redirect resolver rndc rootkeysentinel rpz \ reclimit redirect resolver rndc rootkeysentinel rpz \
rrchecker rrl rrsetorder rsabigexponent runtime \ rrchecker rrl rrsetorder rsabigexponent runtime \
sfcache smartsign sortlist \ sfcache smartsign sortlist \
@ -2039,10 +2039,10 @@ index 0000000..201c996
+echo "I:exit status: $status" +echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1 +[ $status -eq 0 ] || exit 1
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 539973c..8528649 100644 index bb1e81d..6dbbfad 100644
--- a/doc/arm/Bv9ARM-book.xml --- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml
@@ -4376,6 +4376,9 @@ badresp:1,adberr:0,findfail:0,valfail:0] @@ -4381,6 +4381,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
statement in the <filename>named.conf</filename> file: statement in the <filename>named.conf</filename> file:
</para> </para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="options.grammar.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="options.grammar.xml"/>
@ -2052,7 +2052,7 @@ index 539973c..8528649 100644
</section> </section>
<section xml:id="options"><info><title><command>options</command> Statement Definition and <section xml:id="options"><info><title><command>options</command> Statement Definition and
@@ -4469,6 +4472,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] @@ -4474,6 +4477,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<command>dnssec-validation</command>, <command>dnssec-validation</command>,
<command>max-cache-ttl</command>, <command>max-cache-ttl</command>,
<command>max-ncache-ttl</command>, <command>max-ncache-ttl</command>,
@ -2060,7 +2060,7 @@ index 539973c..8528649 100644
<command>max-cache-size</command>, and <command>max-cache-size</command>, and
<command>zero-no-soa-ttl</command>. <command>zero-no-soa-ttl</command>.
</para> </para>
@@ -5480,7 +5484,6 @@ options { @@ -5485,7 +5489,6 @@ options {
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2068,7 +2068,7 @@ index 539973c..8528649 100644
<varlistentry> <varlistentry>
<term><command>max-zone-ttl</command></term> <term><command>max-zone-ttl</command></term>
<listitem> <listitem>
@@ -5516,6 +5519,21 @@ options { @@ -5521,6 +5524,21 @@ options {
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2090,7 +2090,7 @@ index 539973c..8528649 100644
<varlistentry> <varlistentry>
<term><command>serial-update-method</command></term> <term><command>serial-update-method</command></term>
<listitem> <listitem>
@@ -6275,6 +6293,22 @@ options { @@ -6280,6 +6298,22 @@ options {
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2113,7 +2113,7 @@ index 539973c..8528649 100644
<varlistentry> <varlistentry>
<term><command>nocookie-udp-size</command></term> <term><command>nocookie-udp-size</command></term>
<listitem> <listitem>
@@ -7483,14 +7517,20 @@ options { @@ -7501,14 +7535,20 @@ options {
<term><command>resolver-query-timeout</command></term> <term><command>resolver-query-timeout</command></term>
<listitem> <listitem>
<para> <para>
@ -2137,7 +2137,7 @@ index 539973c..8528649 100644
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@@ -8976,6 +9016,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; @@ -8994,6 +9034,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2188,10 +2188,10 @@ index 181def7..59f6afb 100644
<entry colname="1"> <entry colname="1">
<para><command>spill</command></para> <para><command>spill</command></para>
diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml
index 11c3a7c..ba3c2cc 100644 index 89a4961..80b7dee 100644
--- a/doc/arm/notes-rh-changes.xml --- a/doc/arm/notes-rh-changes.xml
+++ b/doc/arm/notes-rh-changes.xml +++ b/doc/arm/notes-rh-changes.xml
@@ -13,6 +13,9 @@ @@ -12,6 +12,9 @@
<section xml:id="relnotes_rh_changes"><info><title>Red Hat Specific Changes</title></info> <section xml:id="relnotes_rh_changes"><info><title>Red Hat Specific Changes</title></info>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -2201,7 +2201,7 @@ index 11c3a7c..ba3c2cc 100644
<para> <para>
By default, BIND now uses the random number generation functions By default, BIND now uses the random number generation functions
in the cryptographic library (i.e., OpenSSL or a PKCS#11 in the cryptographic library (i.e., OpenSSL or a PKCS#11
@@ -37,7 +40,16 @@ @@ -36,7 +39,16 @@
case <filename>/dev/random</filename> will be the default case <filename>/dev/random</filename> will be the default
entropy source. [RT #31459] [RT #46047] entropy source. [RT #31459] [RT #46047]
</para> </para>
@ -2278,7 +2278,7 @@ index e11beed..fde93c7 100644
topology { <address_match_element>; ... }; // not implemented topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer ); transfer-format ( many-answers | one-answer );
diff --git a/lib/bind9/check.c b/lib/bind9/check.c diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 5c057a4..7b82618 100644 index eaac5ba..a89d78f 100644
--- a/lib/bind9/check.c --- a/lib/bind9/check.c
+++ b/lib/bind9/check.c +++ b/lib/bind9/check.c
@@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) { @@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
@ -2379,7 +2379,7 @@ index 5c057a4..7b82618 100644
} }
} }
} }
@@ -1267,7 +1276,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1271,7 +1280,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"auto-dnssec may only be activated at the " "auto-dnssec may only be activated at the "
"zone level"); "zone level");
@ -2389,7 +2389,7 @@ index 5c057a4..7b82618 100644
} }
} }
@@ -1287,7 +1297,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1291,7 +1301,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
{ {
obj = cfg_listelt_value(element); obj = cfg_listelt_value(element);
tresult = mustbesecure(obj, symtab, logctx, mctx); tresult = mustbesecure(obj, symtab, logctx, mctx);
@ -2398,7 +2398,7 @@ index 5c057a4..7b82618 100644
result = tresult; result = tresult;
} }
if (symtab != NULL) if (symtab != NULL)
@@ -1306,7 +1316,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1310,7 +1320,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"%s: invalid name '%s'", "%s: invalid name '%s'",
server_contact[i], str); server_contact[i], str);
@ -2408,7 +2408,7 @@ index 5c057a4..7b82618 100644
} }
} }
} }
@@ -1326,7 +1337,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1330,7 +1341,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"disable-empty-zone: invalid name '%s'", "disable-empty-zone: invalid name '%s'",
str); str);
@ -2418,7 +2418,7 @@ index 5c057a4..7b82618 100644
} }
} }
@@ -1340,11 +1352,12 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1344,11 +1356,12 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
strlen(cfg_obj_asstring(obj)) > 1024U) { strlen(cfg_obj_asstring(obj)) > 1024U) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'server-id' too big (>1024 bytes)"); "'server-id' too big (>1024 bytes)");
@ -2433,7 +2433,7 @@ index 5c057a4..7b82618 100644
result = tresult; result = tresult;
obj = NULL; obj = NULL;
@@ -1354,11 +1367,13 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1358,11 +1371,13 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
if (lifetime > 604800) { /* 7 days */ if (lifetime > 604800) { /* 7 days */
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'nta-lifetime' cannot exceed one week"); "'nta-lifetime' cannot exceed one week");
@ -2449,7 +2449,7 @@ index 5c057a4..7b82618 100644
} }
} }
@@ -1369,7 +1384,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1373,7 +1388,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
if (recheck > 604800) { /* 7 days */ if (recheck > 604800) { /* 7 days */
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'nta-recheck' cannot exceed one week"); "'nta-recheck' cannot exceed one week");
@ -2459,7 +2459,7 @@ index 5c057a4..7b82618 100644
} }
if (recheck > lifetime) if (recheck > lifetime)
@@ -1387,7 +1403,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1391,7 +1407,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
if (strcasecmp(ccalg, "aes") == 0) { if (strcasecmp(ccalg, "aes") == 0) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"cookie-algorithm: '%s' not supported", ccalg); "cookie-algorithm: '%s' not supported", ccalg);
@ -2469,7 +2469,7 @@ index 5c057a4..7b82618 100644
} }
#endif #endif
@@ -1476,7 +1493,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1480,7 +1497,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
cfg_obj_log(obj, logctx, ISC_LOG_ERROR, cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"%s out of range (%u < %u)", "%s out of range (%u < %u)",
fstrm[i].name, value, fstrm[i].min); fstrm[i].name, value, fstrm[i].min);
@ -2479,7 +2479,7 @@ index 5c057a4..7b82618 100644
} }
if (strcmp(fstrm[i].name, "fstrm-set-input-queue-size") == 0) { if (strcmp(fstrm[i].name, "fstrm-set-input-queue-size") == 0) {
@@ -1490,7 +1508,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1494,7 +1512,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
"%s '%u' not a power-of-2", "%s '%u' not a power-of-2",
fstrm[i].name, fstrm[i].name,
cfg_obj_asuint32(obj)); cfg_obj_asuint32(obj));
@ -2489,7 +2489,7 @@ index 5c057a4..7b82618 100644
} }
} }
} }
@@ -1508,7 +1527,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1512,7 +1531,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
"%" PRId64 "' " "%" PRId64 "' "
"is too small", "is too small",
mapsize); mapsize);
@ -2499,7 +2499,7 @@ index 5c057a4..7b82618 100644
} else if (mapsize > (1ULL << 40)) { /* 1 terabyte */ } else if (mapsize > (1ULL << 40)) { /* 1 terabyte */
cfg_obj_log(obj, logctx, cfg_obj_log(obj, logctx,
ISC_LOG_ERROR, ISC_LOG_ERROR,
@@ -1516,10 +1536,20 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, @@ -1520,10 +1540,20 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
"%" PRId64 "' " "%" PRId64 "' "
"is too large", "is too large",
mapsize); mapsize);
@ -2669,10 +2669,10 @@ index 62797db..714b78e 100644
dns_cache_flush(dns_cache_t *cache); dns_cache_flush(dns_cache_t *cache);
/*%< /*%<
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
index ae6ae36..5079053 100644 index 6f0eed0..e3917f2 100644
--- a/lib/dns/include/dns/db.h --- a/lib/dns/include/dns/db.h
+++ b/lib/dns/include/dns/db.h +++ b/lib/dns/include/dns/db.h
@@ -197,6 +197,8 @@ typedef struct dns_dbmethods { @@ -195,6 +195,8 @@ typedef struct dns_dbmethods {
dns_name_t *name); dns_name_t *name);
isc_result_t (*getsize)(dns_db_t *db, dns_dbversion_t *version, isc_result_t (*getsize)(dns_db_t *db, dns_dbversion_t *version,
uint64_t *records, uint64_t *bytes); uint64_t *records, uint64_t *bytes);
@ -2681,7 +2681,7 @@ index ae6ae36..5079053 100644
} dns_dbmethods_t; } dns_dbmethods_t;
typedef isc_result_t typedef isc_result_t
@@ -255,6 +257,7 @@ struct dns_dbonupdatelistener { @@ -253,6 +255,7 @@ struct dns_dbonupdatelistener {
#define DNS_DBFIND_FORCENSEC3 0x0080 #define DNS_DBFIND_FORCENSEC3 0x0080
#define DNS_DBFIND_ADDITIONALOK 0x0100 #define DNS_DBFIND_ADDITIONALOK 0x0100
#define DNS_DBFIND_NOZONECUT 0x0200 #define DNS_DBFIND_NOZONECUT 0x0200
@ -2689,7 +2689,7 @@ index ae6ae36..5079053 100644
/*@}*/ /*@}*/
/*@{*/ /*@{*/
@@ -1685,6 +1688,38 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name); @@ -1683,6 +1686,38 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name);
* \li 'db' is a valid database * \li 'db' is a valid database
* \li 'node' and 'name' are not NULL * \li 'node' and 'name' are not NULL
*/ */
@ -2783,7 +2783,7 @@ index 5295d8e..97071ed 100644
/*% /*%
* _OMITDNSSEC: * _OMITDNSSEC:
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 6da41b7..7b397cb 100644 index 0b66c75..4b4b6bd 100644
--- a/lib/dns/include/dns/resolver.h --- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h +++ b/lib/dns/include/dns/resolver.h
@@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name); @@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name);
@ -2883,7 +2883,7 @@ index c849dec..647ca2a 100644
#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w') #define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')
diff --git a/lib/dns/master.c b/lib/dns/master.c diff --git a/lib/dns/master.c b/lib/dns/master.c
index 2a87bca..ac4bb19 100644 index 8edd732..8c9f00e 100644
--- a/lib/dns/master.c --- a/lib/dns/master.c
+++ b/lib/dns/master.c +++ b/lib/dns/master.c
@@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) { @@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) {
@ -2979,10 +2979,10 @@ index 13d1a3e..873b694 100644
RUNTIME_CHECK(result == ISC_R_SUCCESS); RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_buffer_usedregion(&buffer, &r); isc_buffer_usedregion(&buffer, &r);
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 738aa20..5055fcb 100644 index 02f2c84..fda991d 100644
--- a/lib/dns/rbtdb.c --- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c
@@ -488,6 +488,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t; @@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t; typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_NONEXISTENT 0x0001 #define RDATASET_ATTR_NONEXISTENT 0x0001
@ -2990,7 +2990,7 @@ index 738aa20..5055fcb 100644
#define RDATASET_ATTR_STALE 0x0002 #define RDATASET_ATTR_STALE 0x0002
#define RDATASET_ATTR_IGNORE 0x0004 #define RDATASET_ATTR_IGNORE 0x0004
#define RDATASET_ATTR_RETAIN 0x0008 #define RDATASET_ATTR_RETAIN 0x0008
@@ -500,6 +501,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t; @@ -502,6 +503,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_CASESET 0x0400 #define RDATASET_ATTR_CASESET 0x0400
#define RDATASET_ATTR_ZEROTTL 0x0800 #define RDATASET_ATTR_ZEROTTL 0x0800
#define RDATASET_ATTR_CASEFULLYLOWER 0x1000 #define RDATASET_ATTR_CASEFULLYLOWER 0x1000
@ -2999,7 +2999,7 @@ index 738aa20..5055fcb 100644
typedef struct acache_cbarg { typedef struct acache_cbarg {
dns_rdatasetadditional_t type; dns_rdatasetadditional_t type;
@@ -550,6 +553,8 @@ struct acachectl { @@ -552,6 +555,8 @@ struct acachectl {
(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0) (((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
#define CASEFULLYLOWER(header) \ #define CASEFULLYLOWER(header) \
(((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0) (((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0)
@ -3008,7 +3008,7 @@ index 738aa20..5055fcb 100644
#define ACTIVE(header, now) \ #define ACTIVE(header, now) \
@@ -609,6 +614,12 @@ typedef enum { @@ -611,6 +616,12 @@ typedef enum {
expire_flush expire_flush
} expire_t; } expire_t;
@ -3021,7 +3021,7 @@ index 738aa20..5055fcb 100644
typedef struct rbtdb_version { typedef struct rbtdb_version {
/* Not locked */ /* Not locked */
rbtdb_serial_t serial; rbtdb_serial_t serial;
@@ -676,6 +687,12 @@ struct dns_rbtdb { @@ -678,6 +689,12 @@ struct dns_rbtdb {
dns_dbnode_t *soanode; dns_dbnode_t *soanode;
dns_dbnode_t *nsnode; dns_dbnode_t *nsnode;
@ -3034,7 +3034,7 @@ index 738aa20..5055fcb 100644
/* /*
* This is a linked list used to implement the LRU cache. There will * This is a linked list used to implement the LRU cache. There will
* be node_lock_count linked lists here. Nodes in bucket 1 will be * be node_lock_count linked lists here. Nodes in bucket 1 will be
@@ -719,6 +736,8 @@ struct dns_rbtdb { @@ -721,6 +738,8 @@ struct dns_rbtdb {
#define RBTDB_ATTR_LOADED 0x01 #define RBTDB_ATTR_LOADED 0x01
#define RBTDB_ATTR_LOADING 0x02 #define RBTDB_ATTR_LOADING 0x02
@ -3043,7 +3043,7 @@ index 738aa20..5055fcb 100644
/*% /*%
* Search Context * Search Context
*/ */
@@ -1784,15 +1803,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) { @@ -1791,15 +1810,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
} }
static inline void static inline void
@ -3063,7 +3063,7 @@ index 738aa20..5055fcb 100644
header->node->dirty = 1; header->node->dirty = 1;
/* /*
@@ -1833,8 +1852,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { @@ -1840,8 +1859,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
/* /*
* If current is nonexistent or stale, we can clean it up. * If current is nonexistent or stale, we can clean it up.
*/ */
@ -3074,7 +3074,7 @@ index 738aa20..5055fcb 100644
if (top_prev != NULL) if (top_prev != NULL)
top_prev->next = current->next; top_prev->next = current->next;
else else
@@ -2076,6 +2095,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { @@ -2086,6 +2105,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
} }
} }
@ -3155,7 +3155,7 @@ index 738aa20..5055fcb 100644
/* /*
* Caller must be holding the node lock. * Caller must be holding the node lock.
*/ */
@@ -3308,6 +3401,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, @@ -3313,6 +3406,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
rdataset->attributes |= DNS_RDATASETATTR_OPTOUT; rdataset->attributes |= DNS_RDATASETATTR_OPTOUT;
if (PREFETCH(header)) if (PREFETCH(header))
rdataset->attributes |= DNS_RDATASETATTR_PREFETCH; rdataset->attributes |= DNS_RDATASETATTR_PREFETCH;
@ -3168,7 +3168,7 @@ index 738aa20..5055fcb 100644
rdataset->private1 = rbtdb; rdataset->private1 = rbtdb;
rdataset->private2 = node; rdataset->private2 = node;
raw = (unsigned char *)header + sizeof(*header); raw = (unsigned char *)header + sizeof(*header);
@@ -4648,6 +4747,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, @@ -4653,6 +4752,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
#endif #endif
if (!ACTIVE(header, search->now)) { if (!ACTIVE(header, search->now)) {
@ -3188,7 +3188,7 @@ index 738aa20..5055fcb 100644
/* /*
* This rdataset is stale. If no one else is using the * This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we mark * node, we can clean it up right now, otherwise we mark
@@ -4687,7 +4799,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, @@ -4692,7 +4804,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
node->data = header->next; node->data = header->next;
free_rdataset(search->rbtdb, mctx, header); free_rdataset(search->rbtdb, mctx, header);
} else { } else {
@ -3197,7 +3197,7 @@ index 738aa20..5055fcb 100644
*header_prev = header; *header_prev = header;
} }
} else } else
@@ -5125,7 +5237,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, @@ -5130,7 +5242,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
&locktype, lock, &search, &locktype, lock, &search,
&header_prev)) { &header_prev)) {
/* Do nothing. */ /* Do nothing. */
@ -3206,7 +3206,7 @@ index 738aa20..5055fcb 100644
/* /*
* We now know that there is at least one active * We now know that there is at least one active
* non-stale rdataset at this node. * non-stale rdataset at this node.
@@ -5603,7 +5715,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { @@ -5608,7 +5720,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
* refcurrent(rbtnode) must be non-zero. This is so * refcurrent(rbtnode) must be non-zero. This is so
* because 'node' is an argument to the function. * because 'node' is an argument to the function.
*/ */
@ -3215,7 +3215,7 @@ index 738aa20..5055fcb 100644
if (log) if (log)
isc_log_write(dns_lctx, category, module, isc_log_write(dns_lctx, category, module,
level, "overmem cache: stale %s", level, "overmem cache: stale %s",
@@ -5611,7 +5723,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { @@ -5616,7 +5728,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
} else if (force_expire) { } else if (force_expire) {
if (! RETAIN(header)) { if (! RETAIN(header)) {
set_ttl(rbtdb, header, 0); set_ttl(rbtdb, header, 0);
@ -3224,7 +3224,7 @@ index 738aa20..5055fcb 100644
} else if (log) { } else if (log) {
isc_log_write(dns_lctx, category, module, isc_log_write(dns_lctx, category, module,
level, "overmem cache: " level, "overmem cache: "
@@ -5868,9 +5980,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, @@ -5873,9 +5985,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
* non-zero. This is so because 'node' is an * non-zero. This is so because 'node' is an
* argument to the function. * argument to the function.
*/ */
@ -3236,7 +3236,7 @@ index 738aa20..5055fcb 100644
if (header->type == matchtype) if (header->type == matchtype)
found = header; found = header;
else if (header->type == RBTDB_RDATATYPE_NCACHEANY || else if (header->type == RBTDB_RDATATYPE_NCACHEANY ||
@@ -6160,7 +6272,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, @@ -6167,7 +6279,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
topheader = topheader->next) topheader = topheader->next)
{ {
set_ttl(rbtdb, topheader, 0); set_ttl(rbtdb, topheader, 0);
@ -3245,7 +3245,7 @@ index 738aa20..5055fcb 100644
} }
goto find_header; goto find_header;
} }
@@ -6218,7 +6330,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, @@ -6225,7 +6337,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* ncache entry. * ncache entry.
*/ */
set_ttl(rbtdb, topheader, 0); set_ttl(rbtdb, topheader, 0);
@ -3254,7 +3254,7 @@ index 738aa20..5055fcb 100644
topheader = NULL; topheader = NULL;
goto find_header; goto find_header;
} }
@@ -6256,8 +6368,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, @@ -6263,8 +6375,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
} }
/* /*
@ -3268,7 +3268,7 @@ index 738aa20..5055fcb 100644
*/ */
if (rbtversion == NULL && trust < header->trust && if (rbtversion == NULL && trust < header->trust &&
(ACTIVE(header, now) || header_nx)) { (ACTIVE(header, now) || header_nx)) {
@@ -6286,6 +6401,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, @@ -6293,6 +6408,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
if ((options & DNS_DBADD_EXACT) != 0) if ((options & DNS_DBADD_EXACT) != 0)
flags |= DNS_RDATASLAB_EXACT; flags |= DNS_RDATASLAB_EXACT;
@ -3279,7 +3279,7 @@ index 738aa20..5055fcb 100644
if ((options & DNS_DBADD_EXACTTTL) != 0 && if ((options & DNS_DBADD_EXACTTTL) != 0 &&
newheader->rdh_ttl != header->rdh_ttl) newheader->rdh_ttl != header->rdh_ttl)
result = DNS_R_NOTEXACT; result = DNS_R_NOTEXACT;
@@ -6329,11 +6448,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, @@ -6336,11 +6455,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
} }
} }
/* /*
@ -3297,7 +3297,7 @@ index 738aa20..5055fcb 100644
*/ */
if (IS_CACHE(rbtdb) && ACTIVE(header, now) && if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns && header->type == dns_rdatatype_ns &&
@@ -6508,10 +6628,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, @@ -6511,10 +6631,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
changed->dirty = true; changed->dirty = true;
if (rbtversion == NULL) { if (rbtversion == NULL) {
set_ttl(rbtdb, header, 0); set_ttl(rbtdb, header, 0);
@ -3310,7 +3310,7 @@ index 738aa20..5055fcb 100644
} }
} }
if (rbtversion != NULL && !header_nx) { if (rbtversion != NULL && !header_nx) {
@@ -8310,6 +8430,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) { @@ -8331,6 +8451,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
return (result); return (result);
} }
@ -3341,7 +3341,7 @@ index 738aa20..5055fcb 100644
static dns_dbmethods_t zone_methods = { static dns_dbmethods_t zone_methods = {
attach, attach,
detach, detach,
@@ -8355,7 +8499,9 @@ static dns_dbmethods_t zone_methods = { @@ -8376,7 +8520,9 @@ static dns_dbmethods_t zone_methods = {
NULL, NULL,
hashsize, hashsize,
nodefullname, nodefullname,
@ -3352,7 +3352,7 @@ index 738aa20..5055fcb 100644
}; };
static dns_dbmethods_t cache_methods = { static dns_dbmethods_t cache_methods = {
@@ -8403,7 +8549,9 @@ static dns_dbmethods_t cache_methods = { @@ -8424,7 +8570,9 @@ static dns_dbmethods_t cache_methods = {
setcachestats, setcachestats,
hashsize, hashsize,
nodefullname, nodefullname,
@ -3363,7 +3363,7 @@ index 738aa20..5055fcb 100644
}; };
isc_result_t isc_result_t
@@ -8674,7 +8822,7 @@ dns_rbtdb_create @@ -8695,7 +8843,7 @@ dns_rbtdb_create
rbtdb->rpzs = NULL; rbtdb->rpzs = NULL;
rbtdb->load_rpzs = NULL; rbtdb->load_rpzs = NULL;
rbtdb->rpz_num = DNS_RPZ_INVALID_NUM; rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;
@ -3372,7 +3372,7 @@ index 738aa20..5055fcb 100644
/* /*
* Version Initialization. * Version Initialization.
*/ */
@@ -9092,7 +9240,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { @@ -9113,7 +9261,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
* rdatasets to work. * rdatasets to work.
*/ */
if (NONEXISTENT(header) || if (NONEXISTENT(header) ||
@ -3382,7 +3382,7 @@ index 738aa20..5055fcb 100644
header = NULL; header = NULL;
break; break;
} else } else
@@ -10280,7 +10429,7 @@ static inline bool @@ -10322,7 +10471,7 @@ static inline bool
need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) { need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {
if ((header->attributes & if ((header->attributes &
(RDATASET_ATTR_NONEXISTENT | (RDATASET_ATTR_NONEXISTENT |
@ -3391,7 +3391,7 @@ index 738aa20..5055fcb 100644
RDATASET_ATTR_ZEROTTL)) != 0) RDATASET_ATTR_ZEROTTL)) != 0)
return (false); return (false);
@@ -10386,7 +10535,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, @@ -10428,7 +10577,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
bool tree_locked, expire_t reason) bool tree_locked, expire_t reason)
{ {
set_ttl(rbtdb, header, 0); set_ttl(rbtdb, header, 0);
@ -3401,7 +3401,7 @@ index 738aa20..5055fcb 100644
/* /*
* Caller must hold the node (write) lock. * Caller must hold the node (write) lock.
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 04a58c0..164fc01 100644 index 337a2f3..24e14d2 100644
--- a/lib/dns/resolver.c --- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c +++ b/lib/dns/resolver.c
@@ -141,16 +141,17 @@ @@ -141,16 +141,17 @@
@ -3434,18 +3434,19 @@ index 04a58c0..164fc01 100644
#endif #endif
/* The default maximum number of recursions to follow before giving up. */ /* The default maximum number of recursions to follow before giving up. */
@@ -496,6 +497,10 @@ struct dns_resolver { @@ -515,6 +516,11 @@ struct dns_resolver {
unsigned int maxqueries; dns_fetch_t * primefetch;
isc_result_t quotaresp[2]; /* Locked by nlock. */
unsigned int nfctx;
+ /* Additions for serve-stale feature. */ +
+ /* Unlocked. Additions for serve-stale feature. */
+ unsigned int retryinterval; /* in milliseconds */ + unsigned int retryinterval; /* in milliseconds */
+ unsigned int nonbackofftries; + unsigned int nonbackofftries;
+ +
/* Locked by lock. */ };
unsigned int references;
bool exiting; #define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
@@ -1617,14 +1622,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) { @@ -1625,14 +1631,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
unsigned int seconds; unsigned int seconds;
unsigned int us; unsigned int us;
@ -3464,7 +3465,7 @@ index 04a58c0..164fc01 100644
/* /*
* Add a fudge factor to the expected rtt based on the current * Add a fudge factor to the expected rtt based on the current
@@ -4481,7 +4484,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, @@ -4494,7 +4498,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
/* /*
* Compute an expiration time for the entire fetch. * Compute an expiration time for the entire fetch.
*/ */
@ -3474,7 +3475,7 @@ index 04a58c0..164fc01 100644
iresult = isc_time_nowplusinterval(&fctx->expires, &interval); iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
if (iresult != ISC_R_SUCCESS) { if (iresult != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__, UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -8965,6 +8969,8 @@ dns_resolver_create(dns_view_t *view, @@ -8983,6 +8988,8 @@ dns_resolver_create(dns_view_t *view,
res->spillattimer = NULL; res->spillattimer = NULL;
res->zspill = 0; res->zspill = 0;
res->zero_no_soa_ttl = false; res->zero_no_soa_ttl = false;
@ -3483,7 +3484,7 @@ index 04a58c0..164fc01 100644
res->query_timeout = DEFAULT_QUERY_TIMEOUT; res->query_timeout = DEFAULT_QUERY_TIMEOUT;
res->maxdepth = DEFAULT_RECURSION_DEPTH; res->maxdepth = DEFAULT_RECURSION_DEPTH;
res->maxqueries = DEFAULT_MAX_QUERIES; res->maxqueries = DEFAULT_MAX_QUERIES;
@@ -10291,17 +10297,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) { @@ -10317,17 +10324,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
} }
void void
@ -3512,7 +3513,7 @@ index 04a58c0..164fc01 100644
} }
void void
@@ -10398,3 +10407,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which) @@ -10424,3 +10434,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
return (resolver->quotaresp[which]); return (resolver->quotaresp[which]);
} }
@ -3578,7 +3579,7 @@ index 0b9620c..331992e 100644
/* /*
diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c
index 35cf21d..bf39545 100644 index 2849775..812f750 100644
--- a/lib/dns/tests/db_test.c --- a/lib/dns/tests/db_test.c
+++ b/lib/dns/tests/db_test.c +++ b/lib/dns/tests/db_test.c
@@ -28,8 +28,9 @@ @@ -28,8 +28,9 @@
@ -3809,7 +3810,7 @@ index 35cf21d..bf39545 100644
_setup, _teardown), _setup, _teardown),
cmocka_unit_test_setup_teardown(dbtype_test, cmocka_unit_test_setup_teardown(dbtype_test,
diff --git a/lib/dns/view.c b/lib/dns/view.c diff --git a/lib/dns/view.c b/lib/dns/view.c
index a1a4301..abf6a4c 100644 index 0fca1d9..55ede81 100644
--- a/lib/dns/view.c --- a/lib/dns/view.c
+++ b/lib/dns/view.c +++ b/lib/dns/view.c
@@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, @@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
@ -3823,7 +3824,7 @@ index a1a4301..abf6a4c 100644
view->maxbits = 0; view->maxbits = 0;
view->v4_aaaa = dns_aaaa_ok; view->v4_aaaa = dns_aaaa_ok;
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 7bad989..bbf4b45 100644 index 91693b5..5771774 100644
--- a/lib/isccfg/namedconf.c --- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c
@@ -1778,6 +1778,7 @@ view_clauses[] = { @@ -1778,6 +1778,7 @@ view_clauses[] = {
@ -3854,5 +3855,5 @@ index 7bad989..bbf4b45 100644
{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP }, { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP },
{ "transfer-format", &cfg_type_transferformat, 0 }, { "transfer-format", &cfg_type_transferformat, 0 },
-- --
2.20.1 2.21.1

View File

@ -1,18 +1,18 @@
From 0430b3ac66169eea7a74aaa8bfca50400d3497cf Mon Sep 17 00:00:00 2001 From 9683a4d2524b870c4cee09259cb5eb7b8075a507 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 18 Dec 2018 16:06:26 +0100 Date: Tue, 18 Dec 2018 16:06:26 +0100
Subject: [PATCH] Make absolute hostname by dns API instead of strings Subject: [PATCH] Make absolute hostname by dns API instead of strings
Duplicate all strings in dc_list. Free allocated memory on each record. Duplicate all strings in dc_list. Free allocated memory on each record.
--- ---
bin/sdb_tools/zone2ldap.c | 71 +++++++++++++++++++++++++-------------- bin/sdb_tools/zone2ldap.c | 70 +++++++++++++++++++++++++--------------
1 file changed, 45 insertions(+), 26 deletions(-) 1 file changed, 45 insertions(+), 25 deletions(-)
diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c
index 76186b5..28df191 100644 index d59936c..9ba73b8 100644
--- a/bin/sdb_tools/zone2ldap.c --- a/bin/sdb_tools/zone2ldap.c
+++ b/bin/sdb_tools/zone2ldap.c +++ b/bin/sdb_tools/zone2ldap.c
@@ -87,6 +87,10 @@ int get_attr_list_size (char **tmp); @@ -84,6 +84,10 @@ int get_attr_list_size (char **tmp);
/* Get a DN */ /* Get a DN */
char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone); char *build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone);
@ -23,7 +23,7 @@ index 76186b5..28df191 100644
/* Add to RR list */ /* Add to RR list */
void add_to_rr_list (char *dn, char *name, char *type, char *data, void add_to_rr_list (char *dn, char *name, char *type, char *data,
unsigned int ttl, unsigned int flags); unsigned int ttl, unsigned int flags);
@@ -123,6 +127,7 @@ static char dNSTTL []="dNSTTL"; @@ -120,6 +124,7 @@ static char dNSTTL []="dNSTTL";
static char zoneName []="zoneName"; static char zoneName []="zoneName";
static char dc []="dc"; static char dc []="dc";
static char sameZone []="@"; static char sameZone []="@";
@ -31,7 +31,7 @@ index 76186b5..28df191 100644
/* LDAPMod mod_values: */ /* LDAPMod mod_values: */
static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL }; static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL };
static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL }; static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL };
@@ -396,6 +401,8 @@ main (int argc, char **argv) @@ -391,6 +396,8 @@ main (int argc, char **argv)
} }
} }
@ -40,7 +40,7 @@ index 76186b5..28df191 100644
} }
else else
{ {
@@ -451,12 +458,18 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl) @@ -446,12 +453,18 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
char data[2048]; char data[2048];
char **dc_list; char **dc_list;
char *dn; char *dn;
@ -59,7 +59,7 @@ index 76186b5..28df191 100644
isc_result_check (result, "dns_name_totext"); isc_result_check (result, "dns_name_totext");
name[isc_buffer_usedlength (&buff)] = 0; name[isc_buffer_usedlength (&buff)] = 0;
@@ -478,6 +491,7 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl) @@ -473,6 +486,7 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
printf ("Adding %s (%s %s) to run queue list.\n", dn, type, data); printf ("Adding %s (%s %s) to run queue list.\n", dn, type, data);
add_to_rr_list (dn, dc_list[len], (char*)type, (char*)data, ttl, DNS_OBJECT); add_to_rr_list (dn, dc_list[len], (char*)type, (char*)data, ttl, DNS_OBJECT);
@ -67,7 +67,7 @@ index 76186b5..28df191 100644
} }
@@ -538,12 +552,9 @@ add_to_rr_list (char *dn, char *name, char *type, @@ -533,12 +547,9 @@ add_to_rr_list (char *dn, char *name, char *type,
if (tmp->attrs == (LDAPMod **) NULL) if (tmp->attrs == (LDAPMod **) NULL)
fatal("calloc"); fatal("calloc");
@ -83,7 +83,7 @@ index 76186b5..28df191 100644
tmp->attrs[0]->mod_op = LDAP_MOD_ADD; tmp->attrs[0]->mod_op = LDAP_MOD_ADD;
tmp->attrs[0]->mod_type = objectClass; tmp->attrs[0]->mod_type = objectClass;
@@ -559,9 +570,18 @@ add_to_rr_list (char *dn, char *name, char *type, @@ -554,9 +565,18 @@ add_to_rr_list (char *dn, char *name, char *type,
return; return;
} }
@ -103,12 +103,11 @@ index 76186b5..28df191 100644
if (tmp->attrs[1]->mod_values == (char **)NULL) if (tmp->attrs[1]->mod_values == (char **)NULL)
fatal("calloc"); fatal("calloc");
@@ -705,25 +725,16 @@ char ** @@ -701,24 +721,16 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
{ {
char *tmp; char *tmp;
- int i = 0; int i = 0;
+ int i = 0, j = 0; + int j = 0;
char *hname=0L, *last=0L; char *hname=0L, *last=0L;
int hlen=strlen(hostname), zlen=(strlen(zone)); int hlen=strlen(hostname), zlen=(strlen(zone));
@ -127,11 +126,11 @@ index 76186b5..28df191 100644
{ {
- if( hname == 0 ) - if( hname == 0 )
- hname=strdup(hostname); - hname=strdup(hostname);
+ hname=strdup(hostname); + hname= strdup(hostname);
last = strdup(sameZone); last = strdup(sameZone);
}else }else
{ {
@@ -731,8 +742,6 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) @@ -726,8 +738,6 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
||( strcmp( hostname + (hlen - zlen), zone ) != 0) ||( strcmp( hostname + (hlen - zlen), zone ) != 0)
) )
{ {
@ -140,7 +139,7 @@ index 76186b5..28df191 100644
hname=(char*)malloc( hlen + zlen + 1); hname=(char*)malloc( hlen + zlen + 1);
if( *zone == '.' ) if( *zone == '.' )
sprintf(hname, "%s%s", hostname, zone); sprintf(hname, "%s%s", hostname, zone);
@@ -740,8 +749,7 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) @@ -735,8 +745,7 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
sprintf(hname,"%s",zone); sprintf(hname,"%s",zone);
}else }else
{ {
@ -150,7 +149,7 @@ index 76186b5..28df191 100644
} }
last = hname; last = hname;
} }
@@ -754,18 +762,21 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) @@ -749,18 +758,21 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
for (tmp = strrchr (hname, '.'); tmp != (char *) 0; for (tmp = strrchr (hname, '.'); tmp != (char *) 0;
tmp = strrchr (hname, '.')) tmp = strrchr (hname, '.'))
{ {
@ -176,7 +175,7 @@ index 76186b5..28df191 100644
if( ( last != hname ) && (tmp != hname) ) if( ( last != hname ) && (tmp != hname) )
dn_buffer[i++] = hname; dn_buffer[i++] = hname;
dn_buffer[i++] = last; dn_buffer[i++] = last;
@@ -825,6 +836,14 @@ build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone) @@ -820,6 +832,14 @@ build_dn_from_dc_list (char **dc_list, unsigned int ttl, int flag, char *zone)
return dn; return dn;
} }
@ -192,5 +191,5 @@ index 76186b5..28df191 100644
/* Initialize LDAP Conn */ /* Initialize LDAP Conn */
void void
-- --
2.20.1 2.21.1

View File

@ -1,5 +1,5 @@
diff --git a/bin/sdb_tools/Makefile.in b/bin/sdb_tools/Makefile.in diff --git a/bin/sdb_tools/Makefile.in b/bin/sdb_tools/Makefile.in
index 95ab742..6069f09 100644 index 95ab742..5059a17 100644
--- a/bin/sdb_tools/Makefile.in --- a/bin/sdb_tools/Makefile.in
+++ b/bin/sdb_tools/Makefile.in +++ b/bin/sdb_tools/Makefile.in
@@ -32,11 +32,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ @@ -32,11 +32,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
@ -7,49 +7,46 @@ index 95ab742..6069f09 100644
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@
-TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@ -TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@
+TARGETS = zone2ldap@EXEEXT@ ldap2zone@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@ +TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@ ldap2zone@EXEEXT@
-OBJS = zone2ldap.@O@ zonetodb.@O@ zone2sqlite.@O@ -OBJS = zone2ldap.@O@ zonetodb.@O@ zone2sqlite.@O@
+OBJS = zone2ldap.@O@ ldap2zone.@O@ zonetodb.@O@ zone2sqlite.@O@ +OBJS = zone2ldap.@O@ zonetodb.@O@ zone2sqlite.@O@ ldap2zone.@O@
-SRCS = zone2ldap.c zonetodb.c zone2sqlite.c -SRCS = zone2ldap.c zonetodb.c zone2sqlite.c
+SRCS = zone2ldap.c ldap2zone.c zonetodb.c zone2sqlite.c +SRCS = zone2ldap.c zonetodb.c zone2sqlite.c ldap2zone.c
MANPAGES = zone2ldap.1 MANPAGES = zone2ldap.1
@@ -53,6 +53,9 @@ zonetodb@EXEEXT@: zonetodb.@O@ ${DEPLIBS} @@ -47,6 +47,9 @@ EXT_CFLAGS =
zone2sqlite@EXEEXT@: zone2sqlite.@O@ ${DEPLIBS} zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ zone2sqlite.@O@ -lsqlite3 -lssl ${LIBS} ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.@O@ -lldap -llber ${LIBS}
+ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS} +ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS}
+ +
clean distclean manclean maintainer-clean:: zonetodb@EXEEXT@: zonetodb.@O@ ${DEPLIBS}
rm -f ${TARGETS} ${OBJS} ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zonetodb.@O@ -lpq ${LIBS}
@@ -62,6 +65,7 @@ installdirs: @@ -64,4 +67,5 @@ install:: ${TARGETS} installdirs
install:: ${TARGETS} installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir} ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb@EXEEXT@ ${DESTDIR}${sbindir} ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb@EXEEXT@ ${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir}
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c
index aa2c711..76186b5 100644 index e0e9207..d59936c 100644
--- a/bin/sdb_tools/zone2ldap.c --- a/bin/sdb_tools/zone2ldap.c
+++ b/bin/sdb_tools/zone2ldap.c +++ b/bin/sdb_tools/zone2ldap.c
@@ -66,6 +66,9 @@ ldap_info; @@ -73,7 +73,7 @@ void add_ldap_values (ldap_info * ldinfo);
/* usage Info */ void init_ldap_conn (void);
void usage (void);
+/* Check for existence of (and possibly add) containing dNSZone objects */ /* Ldap error checking */
+int lookup_dns_zones( ldap_info *ldinfo); -void ldap_result_check (const char *msg, char *dn, int err);
+ +void ldap_result_check (const char *msg, const char *dn, int err);
/* Add to the ldap dit */
void add_ldap_values (ldap_info * ldinfo);
@@ -82,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); /* Put a hostname into a char ** array */
char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
@@ -82,7 +82,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
int get_attr_list_size (char **tmp); int get_attr_list_size (char **tmp);
/* Get a DN */ /* Get a DN */
@ -58,7 +55,7 @@ index aa2c711..76186b5 100644
/* Add to RR list */ /* Add to RR list */
void add_to_rr_list (char *dn, char *name, char *type, char *data, void add_to_rr_list (char *dn, char *name, char *type, char *data,
@@ -104,11 +107,27 @@ void @@ -104,11 +104,26 @@ void
init_ldap_conn (); init_ldap_conn ();
void usage(); void usage();
@ -87,11 +84,19 @@ index aa2c711..76186b5 100644
+static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL }; +static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL };
+static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL }; +static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL };
+static char *dn_buffer [64]={NULL}; +static char *dn_buffer [64]={NULL};
+
LDAP *conn; LDAP *conn;
unsigned int debug = 0; unsigned int debug = 0;
@@ -132,12 +151,12 @@ main (int argc, char **argv) @@ -120,7 +135,7 @@ static void
fatal(const char *msg) {
perror(msg);
if (conn != NULL)
- ldap_unbind_s(conn);
+ ldap_unbind_ext_s(conn, NULL, NULL);
exit(1);
}
@@ -132,12 +147,13 @@ main (int argc, char **argv)
isc_result_t result; isc_result_t result;
char *basedn; char *basedn;
ldap_info *tmp; ldap_info *tmp;
@ -102,12 +107,12 @@ index aa2c711..76186b5 100644
isc_buffer_t buff; isc_buffer_t buff;
char *zonefile=0L; char *zonefile=0L;
char fullbasedn[1024]; char fullbasedn[1024];
- char *ctmp; char *ctmp;
+ char *ctmp, *zn, *dcp[2], *znp[2], *rdn[2]; + char *zn, *dcp[2], *znp[2], *rdn[2];
dns_fixedname_t fixedzone, fixedname; dns_fixedname_t fixedzone, fixedname;
dns_rdataset_t rdataset; dns_rdataset_t rdataset;
char **dc_list; char **dc_list;
@@ -150,7 +169,7 @@ main (int argc, char **argv) @@ -150,7 +166,7 @@ main (int argc, char **argv)
extern char *optarg; extern char *optarg;
extern int optind, opterr, optopt; extern int optind, opterr, optopt;
int create_base = 0; int create_base = 0;
@ -116,7 +121,7 @@ index aa2c711..76186b5 100644
if (argc < 2) if (argc < 2)
{ {
@@ -158,7 +177,7 @@ main (int argc, char **argv) @@ -158,7 +174,7 @@ main (int argc, char **argv)
exit (-1); exit (-1);
} }
@ -125,7 +130,7 @@ index aa2c711..76186b5 100644
{ {
switch (topt) switch (topt)
{ {
@@ -181,6 +200,9 @@ main (int argc, char **argv) @@ -181,6 +197,9 @@ main (int argc, char **argv)
if (bindpw == NULL) if (bindpw == NULL)
fatal("strdup"); fatal("strdup");
break; break;
@ -135,34 +140,26 @@ index aa2c711..76186b5 100644
case 'b': case 'b':
ldapbase = strdup (optarg); ldapbase = strdup (optarg);
if (ldapbase == NULL) if (ldapbase == NULL)
@@ -300,27 +322,62 @@ main (int argc, char **argv) @@ -302,17 +321,51 @@ main (int argc, char **argv)
{
if (debug)
printf ("Creating base zone DN %s\n", argzone); printf ("Creating base zone DN %s\n", argzone);
-
+
dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP); dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP);
- basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC); - basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC);
- for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
+ basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone); + basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone);
+ if (debug) + if (debug)
+ printf ("base DN %s\n", basedn); + printf ("base DN %s\n", basedn);
+
- for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
+ for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--) + for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--)
{ {
- if ((*ctmp == ',') || (ctmp == &basedn[0])) if ((*ctmp == ',') || (ctmp == &basedn[0]))
+ if ((*ctmp == ',') || (ctmp == &basedn[0]))
{ {
+
base.mod_op = LDAP_MOD_ADD; base.mod_op = LDAP_MOD_ADD;
- base.mod_type = (char*)"objectClass"; - base.mod_type = (char*)"objectClass";
- base.mod_values = (char**)topObjectClasses;
+ base.mod_type = objectClass; + base.mod_type = objectClass;
+ base.mod_values = topObjectClasses; base.mod_values = (char**)topObjectClasses;
base_attrs[0] = (void*)&base; base_attrs[0] = (void*)&base;
- base_attrs[1] = NULL; - base_attrs[1] = NULL;
-
+ +
+ dcBase.mod_op = LDAP_MOD_ADD; + dcBase.mod_op = LDAP_MOD_ADD;
+ dcBase.mod_type = dc; + dcBase.mod_type = dc;
@ -196,19 +193,10 @@ index aa2c711..76186b5 100644
+ +
+ base.mod_values = topObjectClasses; + base.mod_values = topObjectClasses;
+ base_attrs[4] = NULL; + base_attrs[4] = NULL;
+
if (ldapbase) if (ldapbase)
{ {
if (ctmp != &basedn[0]) @@ -329,6 +382,10 @@ main (int argc, char **argv)
sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase);
else
- sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
-
+ sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
}
else
{
@@ -329,8 +386,13 @@ main (int argc, char **argv)
else else
sprintf (fullbasedn, "%s", ctmp); sprintf (fullbasedn, "%s", ctmp);
} }
@ -217,12 +205,9 @@ index aa2c711..76186b5 100644
+ printf("Full base dn: %s\n", fullbasedn); + printf("Full base dn: %s\n", fullbasedn);
+ +
result = ldap_add_s (conn, fullbasedn, base_attrs); result = ldap_add_s (conn, fullbasedn, base_attrs);
ldap_result_check ("intial ldap_add_s", fullbasedn, result); ldap_result_check ("initial ldap_add_s", fullbasedn, result);
+
} }
@@ -408,14 +465,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
}
@@ -408,14 +470,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
isc_result_check (result, "dns_rdata_totext"); isc_result_check (result, "dns_rdata_totext");
data[isc_buffer_usedlength (&buff)] = 0; data[isc_buffer_usedlength (&buff)] = 0;
@ -240,7 +225,7 @@ index aa2c711..76186b5 100644
} }
@@ -455,7 +517,8 @@ add_to_rr_list (char *dn, char *name, char *type, @@ -455,7 +512,8 @@ add_to_rr_list (char *dn, char *name, char *type,
int attrlist; int attrlist;
char ldap_type_buffer[128]; char ldap_type_buffer[128];
char charttl[64]; char charttl[64];
@ -250,7 +235,7 @@ index aa2c711..76186b5 100644
if ((tmp = locate_by_dn (dn)) == NULL) if ((tmp = locate_by_dn (dn)) == NULL)
{ {
@@ -482,13 +545,13 @@ add_to_rr_list (char *dn, char *name, char *type, @@ -482,10 +540,10 @@ add_to_rr_list (char *dn, char *name, char *type,
fatal("malloc"); fatal("malloc");
} }
tmp->attrs[0]->mod_op = LDAP_MOD_ADD; tmp->attrs[0]->mod_op = LDAP_MOD_ADD;
@ -262,12 +247,8 @@ index aa2c711..76186b5 100644
+ tmp->attrs[0]->mod_values = objectClasses; + tmp->attrs[0]->mod_values = objectClasses;
else else
{ {
- tmp->attrs[0]->mod_values = (char**)topObjectClasses; tmp->attrs[0]->mod_values = (char**)topObjectClasses;
+ tmp->attrs[0]->mod_values =topObjectClasses; @@ -497,7 +555,7 @@ add_to_rr_list (char *dn, char *name, char *type,
tmp->attrs[1] = NULL;
tmp->attrcnt = 2;
tmp->next = ldap_info_base;
@@ -497,7 +560,7 @@ add_to_rr_list (char *dn, char *name, char *type,
} }
tmp->attrs[1]->mod_op = LDAP_MOD_ADD; tmp->attrs[1]->mod_op = LDAP_MOD_ADD;
@ -276,7 +257,7 @@ index aa2c711..76186b5 100644
tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2); tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2);
if (tmp->attrs[1]->mod_values == (char **)NULL) if (tmp->attrs[1]->mod_values == (char **)NULL)
@@ -526,7 +589,7 @@ add_to_rr_list (char *dn, char *name, char *type, @@ -526,7 +584,7 @@ add_to_rr_list (char *dn, char *name, char *type,
fatal("strdup"); fatal("strdup");
tmp->attrs[3]->mod_op = LDAP_MOD_ADD; tmp->attrs[3]->mod_op = LDAP_MOD_ADD;
@ -285,16 +266,16 @@ index aa2c711..76186b5 100644
tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2); tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2);
if (tmp->attrs[3]->mod_values == (char **)NULL) if (tmp->attrs[3]->mod_values == (char **)NULL)
@@ -539,14 +602,25 @@ add_to_rr_list (char *dn, char *name, char *type, @@ -539,14 +597,25 @@ add_to_rr_list (char *dn, char *name, char *type,
if (tmp->attrs[3]->mod_values[0] == NULL) if (tmp->attrs[3]->mod_values[0] == NULL)
fatal("strdup"); fatal("strdup");
+ znlen=strlen(gbl_zone); + znlen=strlen(gbl_zone);
+ if ( *(gbl_zone + (znlen-1)) == '.' ) + if ( gbl_zone[znlen-1] == '.' )
+ { /* ldapdb MUST search by relative zone name */ + { /* ldapdb MUST search by relative zone name */
+ zn = (char*)malloc(znlen); + zn = (char*)malloc(znlen);
+ strncpy(zn,gbl_zone,znlen-1); + memcpy(zn, gbl_zone, znlen-1);
+ *(zn + (znlen-1))='\0'; + zn[znlen-1]='\0';
+ }else + }else
+ { + {
+ zn = gbl_zone; + zn = gbl_zone;
@ -313,7 +294,7 @@ index aa2c711..76186b5 100644
tmp->attrs[4]->mod_values[1] = NULL; tmp->attrs[4]->mod_values[1] = NULL;
tmp->attrs[5] = NULL; tmp->attrs[5] = NULL;
@@ -557,7 +631,7 @@ add_to_rr_list (char *dn, char *name, char *type, @@ -557,7 +626,7 @@ add_to_rr_list (char *dn, char *name, char *type,
else else
{ {
@ -322,7 +303,7 @@ index aa2c711..76186b5 100644
{ {
sprintf (ldap_type_buffer, "%sRecord", type); sprintf (ldap_type_buffer, "%sRecord", type);
if (!strncmp if (!strncmp
@@ -631,44 +705,70 @@ char ** @@ -631,44 +700,70 @@ char **
hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
{ {
char *tmp; char *tmp;
@ -430,7 +411,7 @@ index aa2c711..76186b5 100644
dn_buffer[i] = NULL; dn_buffer[i] = NULL;
return dn_buffer; return dn_buffer;
@@ -680,24 +780,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) @@ -680,30 +775,38 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
* exception of "@"/SOA. */ * exception of "@"/SOA. */
char * char *
@ -439,19 +420,21 @@ index aa2c711..76186b5 100644
{ {
int size; int size;
- int x; - int x;
- static char dn[1024];
- char tmp[128];
+ int x, znlen; + int x, znlen;
static char dn[1024]; + static char dn[DNS_NAME_MAXTEXT*3/2];
char tmp[128]; + char tmp[DNS_NAME_MAXTEXT*3/2];
+ char zn[DNS_NAME_MAXTEXT+1]; + char zn[DNS_NAME_MAXTEXT+1];
bzero (tmp, sizeof (tmp)); bzero (tmp, sizeof (tmp));
bzero (dn, sizeof (dn)); bzero (dn, sizeof (dn));
size = get_attr_list_size (dc_list); size = get_attr_list_size (dc_list);
+ znlen = strlen(zone); + znlen = strlen(zone);
+ if ( *(zone + (znlen-1)) == '.' ) + if ( zone[znlen-1] == '.' )
+ { /* ldapdb MUST search by relative zone name */ + { /* ldapdb MUST search by relative zone name */
+ memcpy(&(zn[0]),zone,znlen-1); + memcpy(&(zn[0]),zone,znlen-1);
+ *(zn + (znlen-1))='\0'; + zn[znlen-1]='\0';
+ zone = zn; + zone = zn;
+ } + }
for (x = size - 2; x > 0; x--) for (x = size - 2; x > 0; x--)
@ -460,40 +443,47 @@ index aa2c711..76186b5 100644
{ {
if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl)) if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl))
- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%u,", dc_list[x], ttl); - sprintf (tmp, "relativeDomainName=%s + dNSTTL=%u,", dc_list[x], ttl);
+ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); + snprintf (tmp, sizeof(tmp), "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
else if (x == (size - 2)) else if (x == (size - 2))
- sprintf(tmp, "relativeDomainName=%s,",dc_list[x]); - sprintf(tmp, "relativeDomainName=%s,",dc_list[x]);
+ sprintf(tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); + snprintf(tmp, sizeof(tmp), "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
else else
sprintf(tmp,"dc=%s,", dc_list[x]); - sprintf(tmp,"dc=%s,", dc_list[x]);
+ snprintf(tmp, sizeof(tmp), "dc=%s,", dc_list[x]);
} }
@@ -723,6 +831,7 @@ void else
init_ldap_conn ()
{ {
int result; - sprintf(tmp, "dc=%s,", dc_list[x]);
+ char ldb_tag[]="LDAP Bind"; + snprintf(tmp, sizeof(tmp), "dc=%s,", dc_list[x]);
conn = ldap_open (ldapsystem, LDAP_PORT); }
if (conn == NULL)
{
@@ -732,7 +841,7 @@ init_ldap_conn () @@ -732,19 +835,18 @@ init_ldap_conn ()
} }
result = ldap_simple_bind_s (conn, binddn, bindpw); result = ldap_simple_bind_s (conn, binddn, bindpw);
- ldap_result_check ("ldap_simple_bind_s", (char*)"LDAP Bind", result); - ldap_result_check ("ldap_simple_bind_s", (char*)"LDAP Bind", result);
+ ldap_result_check ("ldap_simple_bind_s", ldb_tag , result); + ldap_result_check ("ldap_simple_bind_s", "LDAP Bind", result);
} }
/* Like isc_result_check, only for LDAP */ /* Like isc_result_check, only for LDAP */
@@ -749,8 +858,6 @@ ldap_result_check (const char *msg, char *dn, int err)
}
}
-
-
/* For running the ldap_info run queue. */
void void
add_ldap_values (ldap_info * ldinfo) -ldap_result_check (const char *msg, char *dn, int err)
@@ -758,14 +865,14 @@ add_ldap_values (ldap_info * ldinfo) +ldap_result_check (const char *msg, const char *dn, int err)
{
if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS))
{
- fprintf(stderr, "Error while adding %s (%s):\n",
- dn, msg);
- ldap_perror (conn, dn);
- ldap_unbind_s (conn);
+ fprintf(stderr, "Error while adding %s (%s):\n%s",
+ dn, msg, ldap_err2string(err));
+ ldap_unbind_ext_s (conn, NULL, NULL);
exit (-1);
}
}
@@ -758,16 +860,15 @@ add_ldap_values (ldap_info * ldinfo)
int result; int result;
char dnbuffer[1024]; char dnbuffer[1024];
@ -505,12 +495,14 @@ index aa2c711..76186b5 100644
result = ldap_add_s (conn, dnbuffer, ldinfo->attrs); result = ldap_add_s (conn, dnbuffer, ldinfo->attrs);
- ldap_result_check ("ldap_add_s", dnbuffer, result); - ldap_result_check ("ldap_add_s", dnbuffer, result);
-}
+ ldap_result_check ("ldap_add_s", dnbuffer, result); + ldap_result_check ("ldap_add_s", dnbuffer, result);
+
} +}
@@ -776,5 +883,5 @@ void
@@ -776,5 +877,5 @@ void
usage () usage ()
{ {
fprintf (stderr, fprintf (stderr,

View File

@ -1,7 +1,8 @@
diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolver.c diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
--- bind-9.9.4rc2/lib/dns/resolver.c.rh645544 2013-08-19 10:30:52.000000000 +0200 index ecb3ddb..f7f73cd 100644
+++ bind-9.9.4rc2/lib/dns/resolver.c 2013-09-06 17:58:03.864165823 +0200 --- a/lib/dns/resolver.c
@@ -1138,7 +1138,7 @@ log_edns(fetchctx_t *fctx) { +++ b/lib/dns/resolver.c
@@ -1456,7 +1456,7 @@ log_edns(fetchctx_t *fctx) {
*/ */
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED, isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
@ -10,7 +11,7 @@ diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolve
"success resolving '%s' (in '%s'?) after %s", "success resolving '%s' (in '%s'?) after %s",
fctx->info, domainbuf, fctx->reason); fctx->info, domainbuf, fctx->reason);
@@ -3804,7 +3804,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrin @@ -4667,7 +4667,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf)); isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS, isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
@ -19,12 +20,12 @@ diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolve
"lame server resolving '%s' (in '%s'?): %s", "lame server resolving '%s' (in '%s'?): %s",
namebuf, domainbuf, addrbuf); namebuf, domainbuf, addrbuf);
} }
@@ -3831,7 +3831,7 @@ log_formerr(fetchctx_t *fctx, const char @@ -4685,7 +4685,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) {
} isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
- DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE, - DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1), + DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
"DNS format error from %s resolving %s%s%s: %s", "DNS format error from %s resolving %s for %s: %s",
nsbuf, fctx->info, clmsg, clbuf, msgbuf); nsbuf, fctx->info, fctx->clientstr, msgbuf);
} }

View File

@ -1,2 +1 @@
. 3600 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
. 3600 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= . 3600 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=

View File

@ -19,6 +19,7 @@
%bcond_with LMDB %bcond_with LMDB
%bcond_with DLZ %bcond_with DLZ
%bcond_without EXPORT_LIBS %bcond_without EXPORT_LIBS
%bcond_without BDB
# Legacy GeoIP support # Legacy GeoIP support
%bcond_with GEOIP %bcond_with GEOIP
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8 %if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
@ -26,6 +27,7 @@
%else %else
%bcond_with UNITTEST %bcond_with UNITTEST
%endif %endif
%bcond_with TSAN
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8 %if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
# New MaxMind GeoLite support # New MaxMind GeoLite support
%bcond_without GEOIP2 %bcond_without GEOIP2
@ -54,16 +56,16 @@
# #
# lib*.so.X versions of selected libraries # lib*.so.X versions of selected libraries
%global sover_dns 1107 %global sover_dns 1110
%global sover_isc 1104 %global sover_isc 1105
%global sover_irs 161 %global sover_irs 161
%global sover_isccfg 163 %global sover_isccfg 163
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.11.13 Version: 9.11.20
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
# #
@ -158,9 +160,6 @@ Patch178:bind-9.11-dhcp-time-monotonic.patch
Patch11: bind-9.3.2b2-sdbsrc.patch Patch11: bind-9.3.2b2-sdbsrc.patch
Patch12: bind-9.10-sdb.patch Patch12: bind-9.10-sdb.patch
# export lib patches
Patch135:bind-9.11-export-isc-config.patch
# needs inpection # needs inpection
Patch17: bind-9.3.2b1-fix_sdb_ldap.patch Patch17: bind-9.3.2b1-fix_sdb_ldap.patch
Patch18: bind-9.11-zone2ldap.patch Patch18: bind-9.11-zone2ldap.patch
@ -174,6 +173,7 @@ Requires(post): shadow-utils
Requires(post): glibc-common Requires(post): glibc-common
Requires(post): grep Requires(post): grep
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: bind-config < 30:9.3.2-34.fc6 Obsoletes: bind-config < 30:9.3.2-34.fc6
Provides: bind-config = 30:9.3.2-34.fc6 Provides: bind-config = 30:9.3.2-34.fc6
Obsoletes: caching-nameserver < 31:9.4.1-7.fc8 Obsoletes: caching-nameserver < 31:9.4.1-7.fc8
@ -190,6 +190,8 @@ BuildRequires: python3-ply
BuildRequires: findutils sed BuildRequires: findutils sed
%if %{with SDB} %if %{with SDB}
BuildRequires: openldap-devel, postgresql-devel, sqlite-devel, mariadb-connector-c-devel BuildRequires: openldap-devel, postgresql-devel, sqlite-devel, mariadb-connector-c-devel
%endif
%if %{with BDB}
BuildRequires: libdb-devel BuildRequires: libdb-devel
%endif %endif
%if %{with UNITTEST} %if %{with UNITTEST}
@ -219,6 +221,9 @@ BuildRequires: libmaxminddb-devel
%endif %endif
# Needed to regenerate dig.1 manpage # Needed to regenerate dig.1 manpage
BuildRequires: docbook-style-xsl, libxslt BuildRequires: docbook-style-xsl, libxslt
%if %{with TSAN}
BuildRequires: libtsan
%endif
%description %description
BIND (Berkeley Internet Name Domain) is an implementation of the DNS BIND (Berkeley Internet Name Domain) is an implementation of the DNS
@ -232,6 +237,8 @@ tools for verifying that the DNS server is operating properly.
Summary: Bind with native PKCS#11 functionality for crypto Summary: Bind with native PKCS#11 functionality for crypto
Requires: systemd Requires: systemd
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
Recommends: softhsm Recommends: softhsm
@ -275,6 +282,7 @@ Summary: BIND server with database backends and DLZ support
Requires: systemd Requires: systemd
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release}
%description sdb %description sdb
BIND (Berkeley Internet Name Domain) is an implementation of the DNS BIND (Berkeley Internet Name Domain) is an implementation of the DNS
@ -316,6 +324,7 @@ Contains license of the BIND DNS suite.
%package utils %package utils
Summary: Utilities for querying DNS name servers Summary: Utilities for querying DNS name servers
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release}
Requires: python3-bind = %{epoch}:%{version}-%{release} Requires: python3-bind = %{epoch}:%{version}-%{release}
%description utils %description utils
@ -345,12 +354,6 @@ required for development with ISC BIND 9
Summary: Lite version of header files and libraries needed for BIND DNS development Summary: Lite version of header files and libraries needed for BIND DNS development
Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release}
Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa} Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa}
%if %{with GEOIP}
Requires: GeoIP-devel%{?_isa}
%endif
%if %{with GEOIP2}
Requires: libmaxminddb-devel%{?_isa}
%endif
%description lite-devel %description lite-devel
The bind-lite-devel package contains lite version of the header The bind-lite-devel package contains lite version of the header
@ -384,6 +387,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%if %{with DLZ} %if %{with DLZ}
%if %{with BDB}
%package dlz-bdb %package dlz-bdb
Summary: BIND server bdb DLZ module Summary: BIND server bdb DLZ module
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
@ -391,6 +395,10 @@ Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
%description dlz-bdb %description dlz-bdb
Dynamic Loadable Zones module for BIND server. Dynamic Loadable Zones module for BIND server.
%end
%endif
%package dlz-filesystem %package dlz-filesystem
Summary: BIND server filesystem DLZ module Summary: BIND server filesystem DLZ module
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
@ -431,7 +439,7 @@ Dynamic Loadable Zones module for BIND server.
%package -n python3-bind %package -n python3-bind
Summary: A module allowing rndc commands to be sent from Python programs Summary: A module allowing rndc commands to be sent from Python programs
Requires: bind-license = %{epoch}:%{version}-%{release} Requires: bind-license = %{epoch}:%{version}-%{release}
Requires: %{?__python3} python3-ply %{py3_dist ply} Requires: %{?__python3} python3-ply %{?py3_dist:%py3_dist ply}
BuildArch: noarch BuildArch: noarch
%{?python_provide:%python_provide python3-bind} %{?python_provide:%python_provide python3-bind}
%{?python_provide:%python_provide python3-isc} %{?python_provide:%python_provide python3-isc}
@ -576,10 +584,15 @@ done
cp -Tuav bin/tests "%{1}/bin/tests/" \ cp -Tuav bin/tests "%{1}/bin/tests/" \
cp -uv version "%{1}" \ cp -uv version "%{1}" \
export CFLAGS="$CFLAGS $RPM_OPT_FLAGS" CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
%if %{with TSAN}
CFLAGS+=" -O1 -fsanitize=thread -fPIE -pie"
%endif
export CFLAGS
export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE" export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE"
export STD_CDEFINES="$CPPFLAGS" export STD_CDEFINES="$CPPFLAGS"
sed -i -e \ sed -i -e \
's/RELEASEVER=\(.*\)/RELEASEVER=\1-RedHat-%{version}-%{release}/' \ 's/RELEASEVER=\(.*\)/RELEASEVER=\1-RedHat-%{version}-%{release}/' \
version version
@ -619,6 +632,8 @@ export LIBDIR_SUFFIX
--with-dlz-postgres=yes \ --with-dlz-postgres=yes \
--with-dlz-mysql=yes \ --with-dlz-mysql=yes \
--with-dlz-filesystem=yes \ --with-dlz-filesystem=yes \
%endif
%if %{with BDB}
--with-dlz-bdb=yes \ --with-dlz-bdb=yes \
%endif %endif
%if %{with GSSTSIG} %if %{with GSSTSIG}
@ -656,14 +671,19 @@ popd
%if %{with DLZ} %if %{with DLZ}
pushd contrib/dlz pushd contrib/dlz
pushd modules
for DIR in filesystem ldap mysql mysqldyn sqlite3; do
make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"
done
popd
%if %{with BDB}
pushd bin/dlzbdb pushd bin/dlzbdb
make make
popd popd
pushd modules pushd modules
for DIR in bdbhpt filesystem ldap mysql mysqldyn sqlite3; do make -C bdbhpt CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"
make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"
done
popd popd
%endif
popd popd
%endif %endif
popd # build popd # build
@ -672,6 +692,8 @@ popd # build
%systemtest_prepare_build build %systemtest_prepare_build build
%if %{with EXPORT_LIBS} %if %{with EXPORT_LIBS}
cp isc-config.sh.1 isc-export-config.sh.1
## Create export libs ## ## Create export libs ##
mkdir -p export-libs mkdir -p export-libs
pushd export-libs pushd export-libs
@ -708,8 +730,12 @@ export LIBDIR_SUFFIX
## FIXME this should be in patch instead of SED'ing ## FIXME this should be in patch instead of SED'ing
## but do we really like/want to patch generated files? ## but do we really like/want to patch generated files?
sed -i -e \ mv isc-config.sh isc-export-config.sh
'/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \
sed -i \
-e '/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \
-e 's/isc-config.sh/isc-export-config.sh/g' \
-e 's/bind9-config/bind9-export-config/g' \
Makefile Makefile
sed -i -e \ sed -i -e \
@ -721,9 +747,9 @@ do
find . -name Makefile -exec sed "s/lib${lib}\./lib${lib}-export\./g" -i {} \; find . -name Makefile -exec sed "s/lib${lib}\./lib${lib}-export\./g" -i {} \;
sed -e "s/-l${lib}\([^[:alpha:]]\)/-l${lib}-export\1/g" \ sed -e "s/-l${lib}\([^[:alpha:]]\)/-l${lib}-export\1/g" \
-e "s/lib${lib}\./lib${lib}-export\./g" \ -e "s/lib${lib}\./lib${lib}-export\./g" \
-i isc-config.sh -i isc-export-config.sh
done; done;
%{__patch} -p2 -b --suffix .export-isc-config < %{PATCH135}
make %{?_smp_mflags} make %{?_smp_mflags}
popd popd
@ -749,6 +775,10 @@ sed -e "/^\s*include(/ d" -e 's/^-- use //' \
sh %{SOURCE48} "${SOFTHSM2_CONF}" "`pwd`/softhsm-tokens" sh %{SOURCE48} "${SOFTHSM2_CONF}" "`pwd`/softhsm-tokens"
%endif %endif
%if %{with TSAN}
export TSAN_OPTIONS="log_exe_name=true log_path=ThreadSanitizer exitcode=0"
%endif
%if %{with UNITTEST} %if %{with UNITTEST}
pushd build pushd build
make unit make unit
@ -896,15 +926,20 @@ install -m 644 %{SOURCE12} contrib/sdb/pgsql/
%if %{with DLZ} %if %{with DLZ}
pushd contrib/dlz pushd contrib/dlz
pushd bin/dlzbdb
make DESTDIR=${RPM_BUILD_ROOT} install
popd
pushd modules pushd modules
for DIR in bdbhpt filesystem ldap mysql mysqldyn sqlite3; do for DIR in filesystem ldap mysql mysqldyn sqlite3; do
make -C $DIR DESTDIR=${RPM_BUILD_ROOT} libdir=%{_libdir}/bind install make -C $DIR DESTDIR=${RPM_BUILD_ROOT} libdir=%{_libdir}/bind install
done done
mv mysqldyn/testing/README mysqldyn/testing/README.testing mv mysqldyn/testing/README mysqldyn/testing/README.testing
%if %{with BDB}
make -C bdbhpt DESTDIR=${RPM_BUILD_ROOT} libdir=%{_libdir}/bind install
%endif
popd popd
%if %{with BDB}
pushd bin/dlzbdb
make DESTDIR=${RPM_BUILD_ROOT} install
popd
%endif
popd popd
%endif %endif
@ -942,6 +977,7 @@ pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
ln -s named.8.gz named-pkcs11.8.gz ln -s named.8.gz named-pkcs11.8.gz
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
@ -1448,12 +1484,15 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/bind9-export-config %{_bindir}/bind9-export-config
%endif %endif
%if %{with DLZ} %if %{with DLZ} && %{with BDB}
%files dlz-bdb %files dlz-bdb
%{_sbindir}/dlzbdb %{_sbindir}/dlzbdb
%{_libdir}/bind/dlz_bdbhpt_dynamic.so %{_libdir}/bind/dlz_bdbhpt_dynamic.so
%doc contrib/dlz/modules/bdbhpt/testing/* %doc contrib/dlz/modules/bdbhpt/testing/*
%endif
%if %{with DLZ}
%files dlz-filesystem %files dlz-filesystem
%{_libdir}/bind/dlz_filesystem_dynamic.so %{_libdir}/bind/dlz_filesystem_dynamic.so
@ -1482,6 +1521,38 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog %changelog
* Fri Jun 19 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-3
- Add remaining require to bind package (#1633169)
* Fri Jun 19 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-2
- Add manual page for dnssec-importkey-pkcs11 (#1666785)
- Add versioned depends to all library subpackages
* Wed Jun 17 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-1
- Update to 9.11.20
* Mon Jun 08 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.19-2
- Remove old KSK 19036 from remaining trusted-key.key
* Fri May 15 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.19-1
- Update to 9.11.19 (CVE-2020-8616, CVE-2020-8617)
* Thu Apr 16 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.18-1
- Update to 9.11.18
* Tue Apr 07 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.17-1
- Update to 9.11.17
* Tue Apr 07 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-1
- Update to 9.11.14
- Remove libmaxminddb-devel from devel package dependencies
* Thu Feb 27 2020 Miroslav Lichvar <mlichvar@redhat.com> - 32:9.11.13-3
- Fix rwlock to be thread-safe (#1740511)
* Tue Jan 14 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-2
- Release GeoIP data on reload (#1790879)
* Tue Nov 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-1 * Tue Nov 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-1
- Update to 9.11.13 - Update to 9.11.13