rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update to 9.11.24

Browse Source 
DNS Flag Day 2020 - default ENDS buffer size changed to 1232.

https://downloads.isc.org/isc/bind9/9.11.24/RELEASE-NOTES-bind-9.11.24.html
This commit is contained in:
Petr Menšík 2020-10-23 17:20:10 +02:00
parent 293d93455e
commit 01c5de480b
10 changed files with 251 additions and 807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -116,3 +116,5 @@ bind-9.7.2b1.tar.gz
/bind-9.11.22.tar.gz.asc
/bind-9.11.23.tar.gz
/bind-9.11.23.tar.gz.asc
/bind-9.11.24.tar.gz
/bind-9.11.24.tar.gz.asc

62
bind-9.10-dist-native-pkcs11.patch
View File

@ -1,5 +1,5 @@
diff --git a/bin/Makefile.in b/bin/Makefile.in
index f0c504a..ce7a2da 100644
index a18b222..26a7e4e 100644
--- a/bin/Makefile.in
+++ b/bin/Makefile.in
@@ -11,8 +11,8 @@ srcdir = @srcdir@
@ -14,7 +14,7 @@ index f0c504a..ce7a2da 100644
@BIND9_MAKE_RULES@
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 4b8ca13..32f4470 100644
index 390aa0c..e59a118 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
@ -130,7 +130,7 @@ index 4b8ca13..32f4470 100644
clean distclean::
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 4b8ca13..4175996 100644
index 390aa0c..851a008 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
@ -143,7 +143,7 @@ index 4b8ca13..4175996 100644
CWARNINGS =
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index 70e5571..b5a4a6b 100644
index 7a490fa..1f56836 100644
--- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in
@@ -43,27 +43,27 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
@ -268,7 +268,7 @@ index 70e5571..b5a4a6b 100644
@DLZ_DRIVER_RULES@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 70e5571..4cfed4d 100644
index 7a490fa..3d8655f 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -48,7 +48,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
@ -281,10 +281,10 @@ index 70e5571..4cfed4d 100644
CWARNINGS =
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
index a058c91..d4b689a 100644
index 2c19e7e..8223d5e 100644
--- a/bin/pkcs11/Makefile.in
+++ b/bin/pkcs11/Makefile.in
@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@
@@ -13,13 +13,13 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
@ -302,10 +302,10 @@ index a058c91..d4b689a 100644
DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.ac b/configure.ac
index 9b7d778..59ba20b 100644
index c6715b4..8144268 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1139,12 +1139,14 @@ AC_SUBST(USE_GSSAPI)
@@ -1176,12 +1176,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
@ -320,24 +320,26 @@ index 9b7d778..59ba20b 100644
#
# was --with-randomdev specified?
@@ -1494,11 +1496,11 @@ AC_ARG_ENABLE(openssl-hash,
@@ -1554,12 +1556,12 @@ AC_ARG_ENABLE(openssl-hash,
AC_MSG_CHECKING(for OpenSSL library)
OPENSSL_WARNING=
openssldirs="/usr /usr/local /usr/local/ssl /opt/local /usr/pkg /usr/sfw"
-if test "yes" = "$want_native_pkcs11"
-then
- use_openssl="native_pkcs11"
- want_openssl_hash="no"
- AC_MSG_RESULT(use of native PKCS11 instead)
-fi
+# if test "yes" = "$want_native_pkcs11"
+# then
+# use_openssl="native_pkcs11"
+# AC_MSG_RESULT(use of native PKCS11 instead)
+# fi
+#if test "yes" = "$want_native_pkcs11"
+#then
+# use_openssl="native_pkcs11"
+# want_openssl_hash="no"
+# AC_MSG_RESULT(use of native PKCS11 instead)
+#fi
if test "auto" = "$use_openssl"
then
@@ -1511,6 +1513,7 @@ then
@@ -1572,6 +1574,7 @@ then
fi
done
fi
@ -345,7 +347,7 @@ index 9b7d778..59ba20b 100644
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
@@ -1532,11 +1535,10 @@ case "$with_gost" in
@@ -1593,11 +1596,10 @@ case "$with_gost" in
;;
esac
@ -360,7 +362,7 @@ index 9b7d778..59ba20b 100644
CRYPTOLIB="pkcs11"
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
@@ -1546,7 +1548,9 @@ case "$use_openssl" in
@@ -1607,7 +1609,9 @@ case "$use_openssl" in
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
@ -371,7 +373,7 @@ index 9b7d778..59ba20b 100644
no)
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
@@ -1578,7 +1582,7 @@ case "$use_openssl" in
@@ -1639,7 +1643,7 @@ case "$use_openssl" in
If you do not want OpenSSL, use --without-openssl])
;;
*)
@ -380,7 +382,7 @@ index 9b7d778..59ba20b 100644
then
AC_MSG_RESULT()
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
@@ -2006,6 +2010,7 @@ AC_SUBST(OPENSSL_ED25519)
@@ -2067,6 +2071,7 @@ AC_SUBST(OPENSSL_ED25519)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -388,7 +390,7 @@ index 9b7d778..59ba20b 100644
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
if test "yes" = "$with_aes"
@@ -2291,6 +2296,7 @@ esac
@@ -2353,6 +2358,7 @@ esac
AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO)
@ -396,7 +398,7 @@ index 9b7d778..59ba20b 100644
AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_ED25519)
@@ -5405,8 +5411,11 @@ AC_CONFIG_FILES([
@@ -5501,8 +5507,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -408,7 +410,7 @@ index 9b7d778..59ba20b 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5479,6 +5488,10 @@ AC_CONFIG_FILES([
@@ -5575,6 +5584,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -419,7 +421,7 @@ index 9b7d778..59ba20b 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -5503,6 +5516,24 @@ AC_CONFIG_FILES([
@@ -5599,6 +5612,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile
@ -445,7 +447,7 @@ index 9b7d778..59ba20b 100644
lib/isccc/include/Makefile
lib/isccc/include/isccc/Makefile
diff --git a/lib/Makefile.in b/lib/Makefile.in
index 81270a0..bcb5312 100644
index f089bea..3ed939b 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
@ -458,7 +460,7 @@ index 81270a0..bcb5312 100644
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 7f09bd6..c388d9e 100644
index 8fc4e94..5eefb14 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -26,17 +26,16 @@ VERSION=@BIND9_VERSION@
@ -533,7 +535,7 @@ index 7f09bd6..c388d9e 100644
rm -f include/dns/rdatastruct.h
rm -f dnstap.pb-c.c dnstap.pb-c.h
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
index 8ad54bb..a3ecdfb 100644
index 7e3e9ce..58d7466 100644
--- a/lib/isc-pkcs11/Makefile.in
+++ b/lib/isc-pkcs11/Makefile.in
@@ -23,8 +23,8 @@ CINCLUDES = -I${srcdir}/unix/include \
@ -547,7 +549,7 @@ index 8ad54bb..a3ecdfb 100644
CWARNINGS =
# Alphabetically
@@ -103,40 +103,40 @@ version.@O@: version.c
@@ -107,40 +107,40 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
@ -601,10 +603,10 @@ index 8ad54bb..a3ecdfb 100644
+ rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \
+ libisc-pkcs11-nosymtbl.la timestamp
diff --git a/make/includes.in b/make/includes.in
index fa86ad1..3cfbe9f 100644
index 66efe68..966671f 100644
--- a/make/includes.in
+++ b/make/includes.in
@@ -43,3 +43,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
@@ -41,3 +41,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
TEST_INCLUDES = \
-I${top_srcdir}/lib/tests/include

138
bind-9.11-fips-tests.patch
View File

@ -1,4 +1,4 @@
From da45a97312a63f815b295167c3f3abb9fe8941a3 Mon Sep 17 00:00:00 2001
From 14ad3e0b42bc999072d30268396412bec158a22d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -96,17 +96,15 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/rndc/setup.sh | 2 +-
bin/tests/system/rndc/tests.sh | 23 ++++---
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
bin/tests/system/tsig/setup.sh | 5 ++
bin/tests/system/tsig/tests.sh | 65 +++++++++++-------
bin/tests/system/tsiggss/setup.sh | 2 +-
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +-
44 files changed, 230 insertions(+), 170 deletions(-)
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
43 files changed, 220 insertions(+), 170 deletions(-)
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
index 0ea6502..026db3f 100644
index 9999ada..e3f8d0e 100644
--- a/bin/tests/system/acl/ns2/named1.conf.in
+++ b/bin/tests/system/acl/ns2/named1.conf.in
@@ -33,12 +33,12 @@ options {
@ -125,7 +123,7 @@ index 0ea6502..026db3f 100644
};
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
index b877880..d8f50be 100644
index f8ec34e..d2d6ad3 100644
--- a/bin/tests/system/acl/ns2/named2.conf.in
+++ b/bin/tests/system/acl/ns2/named2.conf.in
@@ -33,12 +33,12 @@ options {
@ -144,7 +142,7 @@ index b877880..d8f50be 100644
};
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
index 0a95062..aa54088 100644
index 2acb813..6a00344 100644
--- a/bin/tests/system/acl/ns2/named3.conf.in
+++ b/bin/tests/system/acl/ns2/named3.conf.in
@@ -33,17 +33,17 @@ options {
@ -169,7 +167,7 @@ index 0a95062..aa54088 100644
};
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
index 7cdcb6e..606a345 100644
index bca3ee1..5913420 100644
--- a/bin/tests/system/acl/ns2/named4.conf.in
+++ b/bin/tests/system/acl/ns2/named4.conf.in
@@ -33,12 +33,12 @@ options {
@ -188,7 +186,7 @@ index 7cdcb6e..606a345 100644
};
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
index 4b4e050..0e679a8 100644
index 9ef8171..5ae8d38 100644
--- a/bin/tests/system/acl/ns2/named5.conf.in
+++ b/bin/tests/system/acl/ns2/named5.conf.in
@@ -34,12 +34,12 @@ options {
@ -207,7 +205,7 @@ index 4b4e050..0e679a8 100644
};
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
index 09f31f2..f88f0d4 100644
index 2ee34a0..a73a54e 100644
--- a/bin/tests/system/acl/tests.sh
+++ b/bin/tests/system/acl/tests.sh
@@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
@ -333,7 +331,7 @@ index 09f31f2..f88f0d4 100644
echo_i "testing allow-query-on ACL processing"
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
index 1569913..e9c5c2d 100644
index a579f32..3b8f853 100644
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
@@ -12,7 +12,7 @@
@ -346,7 +344,7 @@ index 1569913..e9c5c2d 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
index 18ac91c..2b1c873 100644
index 166afa1..997ece9 100644
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
@@ -12,12 +12,12 @@
@ -365,7 +363,7 @@ index 18ac91c..2b1c873 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
index b824844..dd48945 100644
index 25271a5..a9cb65d 100644
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
@@ -12,7 +12,7 @@
@ -378,7 +376,7 @@ index b824844..dd48945 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
index aeb1540..bfce58b 100644
index c7c8254..f165e65 100644
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
@@ -12,7 +12,7 @@
@ -391,7 +389,7 @@ index aeb1540..bfce58b 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
index d4b7432..e0f5252 100644
index 567bbcc..4fd2035 100644
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
@@ -12,12 +12,12 @@
@ -410,7 +408,7 @@ index d4b7432..e0f5252 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
index c025938..87afb3f 100644
index b75161f..7b254e6 100644
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
@@ -12,7 +12,7 @@
@ -423,7 +421,7 @@ index c025938..87afb3f 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
index d83b376..d726b94 100644
index 9e17818..22f5001 100644
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
@ -442,7 +440,7 @@ index d83b376..d726b94 100644
};
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
index fb6059d..f960156 100644
index 791a1a4..95cd971 100644
--- a/bin/tests/system/allow-query/tests.sh
+++ b/bin/tests/system/allow-query/tests.sh
@@ -190,7 +190,7 @@ rndc_reload
@ -527,7 +525,7 @@ index fb6059d..f960156 100644
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
index 74b7d37..c353766 100644
index 6856ec7..0ac1fa3 100644
--- a/bin/tests/system/catz/ns1/named.conf.in
+++ b/bin/tests/system/catz/ns1/named.conf.in
@@ -61,5 +61,5 @@ zone "catalog4.example" {
@ -538,7 +536,7 @@ index 74b7d37..c353766 100644
+ algorithm hmac-sha256;
};
diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in
index ee83efb..35ced08 100644
index dd3a9dc..77b8d96 100644
--- a/bin/tests/system/catz/ns2/named.conf.in
+++ b/bin/tests/system/catz/ns2/named.conf.in
@@ -70,5 +70,5 @@ zone "catalog4.example" {
@ -549,7 +547,7 @@ index ee83efb..35ced08 100644
+ algorithm hmac-sha256;
};
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
index 21be03e..e57c308 100644
index 338dddb..90cd424 100644
--- a/bin/tests/system/checkconf/bad-tsig.conf
+++ b/bin/tests/system/checkconf/bad-tsig.conf
@@ -11,7 +11,7 @@
@ -562,7 +560,7 @@ index 21be03e..e57c308 100644
};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 09d188a..7cf4030 100644
index 2282f87..1359cf3 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -159,6 +159,6 @@ dyndb "name" "library.so" {
@ -574,7 +572,7 @@ index 09d188a..7cf4030 100644
secret "qwertyuiopasdfgh";
};
diff --git a/bin/tests/system/digdelv/ns2/example.db b/bin/tests/system/digdelv/ns2/example.db
index f4e30f5..9f53e31 100644
index b66207a..359b220 100644
--- a/bin/tests/system/digdelv/ns2/example.db
+++ b/bin/tests/system/digdelv/ns2/example.db
@@ -38,12 +38,15 @@ foo SSHFP 2 1 123456789abcdef67890123456789abcdef67890
@ -600,7 +598,7 @@ index f4e30f5..9f53e31 100644
; TTL of 3 weeks
weeks 1814400 A 10.53.0.2
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 3d1010e..fa9eb92 100644
index 2109001..ded5557 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -155,7 +155,7 @@ if [ -x "$DIG" ] ; then
@ -648,7 +646,7 @@ index 3d1010e..fa9eb92 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -799,7 +799,7 @@ if [ -x ${DELV} ] ; then
@@ -827,7 +827,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +rrcomments works for DNSKEY($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -657,7 +655,7 @@ index 3d1010e..fa9eb92 100644
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -808,7 +808,7 @@ if [ -x ${DELV} ] ; then
@@ -836,7 +836,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -666,7 +664,7 @@ index 3d1010e..fa9eb92 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -816,7 +816,7 @@ if [ -x ${DELV} ] ; then
@@ -844,7 +844,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -675,7 +673,7 @@ index 3d1010e..fa9eb92 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -824,7 +824,7 @@ if [ -x ${DELV} ] ; then
@@ -852,7 +852,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -684,7 +682,7 @@ index 3d1010e..fa9eb92 100644
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 14 || ret=1
@@ -835,7 +835,7 @@ if [ -x ${DELV} ] ; then
@@ -863,7 +863,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -694,7 +692,7 @@ index 3d1010e..fa9eb92 100644
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 4 || ret=1
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
index 606e7cc..a3a0d60 100755
index 14ca5db..3f522d0 100755
--- a/bin/tests/system/dlv/ns1/sign.sh
+++ b/bin/tests/system/dlv/ns1/sign.sh
@@ -23,8 +23,8 @@ infile=root.db.in
@ -709,7 +707,7 @@ index 606e7cc..a3a0d60 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
index 9825c57..202c978 100755
index d870798..b0ab372 100755
--- a/bin/tests/system/dlv/ns2/sign.sh
+++ b/bin/tests/system/dlv/ns2/sign.sh
@@ -24,8 +24,8 @@ zonefile=druz.db
@ -724,7 +722,7 @@ index 9825c57..202c978 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
index 1e39862..4ed19ac 100755
index ba39f90..f20a2dd 100755
--- a/bin/tests/system/dlv/ns6/sign.sh
+++ b/bin/tests/system/dlv/ns6/sign.sh
@@ -16,13 +16,15 @@ SYSTESTDIR=dlv
@ -911,7 +909,7 @@ index 1e39862..4ed19ac 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index 7f95c8a..3a9251b 100644
index e28b3f1..29c169b 100644
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
@ -944,7 +942,7 @@ index 7f95c8a..3a9251b 100644
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
index ed30460..e6b1126 100644
index 75cf699..b4d848c 100644
--- a/bin/tests/system/dnssec/ns5/trusted.conf.bad
+++ b/bin/tests/system/dnssec/ns5/trusted.conf.bad
@@ -10,5 +10,5 @@
@ -955,7 +953,7 @@ index ed30460..e6b1126 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
};
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 6f7eaa7..bd2778b 100644
index 3e8e4d5..da692f9 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3257,8 +3257,8 @@ do
@ -970,7 +968,7 @@ index 6f7eaa7..bd2778b 100644
8) size="-b 512";;
10) size="-b 1024";;
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index c1249ed..20a3139 100644
index 5e473ab..b08692e 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -19,6 +19,7 @@
@ -982,14 +980,14 @@ index c1249ed..20a3139 100644
#ifdef WIN32
@@ -47,6 +48,7 @@ usage() {
fprintf(stderr, " --have-geoip2\n");
fprintf(stderr, " --have-libxml2\n");
fprintf(stderr, " --ipv6only=no\n");
+ fprintf(stderr, " --md5\n");
fprintf(stderr, " --rpz-nsdname\n");
fprintf(stderr, " --rpz-nsip\n");
fprintf(stderr, " --with-idn\n");
@@ -155,6 +157,18 @@ main(int argc, char **argv) {
fprintf(stderr, "\t--have-geoip\n");
fprintf(stderr, "\t--have-libxml2\n");
fprintf(stderr, "\t--ipv6only=no\n");
+ fprintf(stderr, "\t--md5\n");
fprintf(stderr, "\t--rpz-log-qtype-qclass\n");
fprintf(stderr, "\t--rpz-nsdname\n");
fprintf(stderr, "\t--rpz-nsip\n");
@@ -194,6 +196,18 @@ main(int argc, char **argv) {
#endif
}
@ -1009,7 +1007,7 @@ index c1249ed..20a3139 100644
#ifdef ENABLE_RPZ_NSIP
return (0);
diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh
index f755581..4a7d890 100755
index 479f98c..4d4a765 100755
--- a/bin/tests/system/filter-aaaa/ns1/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns1/sign.sh
@@ -21,8 +21,8 @@ infile=signed.db.in
@ -1024,7 +1022,7 @@ index f755581..4a7d890 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh
index f755581..4a7d890 100755
index 479f98c..4d4a765 100755
--- a/bin/tests/system/filter-aaaa/ns4/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns4/sign.sh
@@ -21,8 +21,8 @@ infile=signed.db.in
@ -1039,7 +1037,7 @@ index f755581..4a7d890 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
index cfcfe8f..0a1614d 100644
index 157ef16..b802288 100644
--- a/bin/tests/system/notify/ns5/named.conf.in
+++ b/bin/tests/system/notify/ns5/named.conf.in
@@ -10,17 +10,17 @@
@ -1064,7 +1062,7 @@ index cfcfe8f..0a1614d 100644
};
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
index c112d2c..987b6de 100644
index f9fd3f5..916af75 100644
--- a/bin/tests/system/notify/tests.sh
+++ b/bin/tests/system/notify/tests.sh
@@ -212,16 +212,16 @@ ret=0
@ -1088,7 +1086,7 @@ index c112d2c..987b6de 100644
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index e90907a..540a984 100644
index b0ded3a..cb80269 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -32,7 +32,7 @@ controls {
@ -1101,7 +1099,7 @@ index e90907a..540a984 100644
};
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
index 4549184..cb7dccd 100644
index e6e2382..b0a94e0 100644
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
@@ -33,7 +33,7 @@ controls {
@ -1114,7 +1112,7 @@ index 4549184..cb7dccd 100644
};
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index a35b8ee..8383162 100644
index 6fbf1d7..a712b17 100644
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -53,7 +53,12 @@ EOF
@ -1132,10 +1130,10 @@ index a35b8ee..8383162 100644
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 14952c8..5c51972 100755
index 6b2c8f6..96ad95e 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -760,7 +760,14 @@ fi
@@ -788,7 +788,14 @@ fi
n=`expr $n + 1`
ret=0
echo_i "check TSIG key algorithms ($n)"
@ -1151,7 +1149,7 @@ index 14952c8..5c51972 100755
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 ${PORT}
update add ${alg}.keytests.nil. 600 A 10.10.10.3
@@ -768,7 +775,7 @@ send
@@ -796,7 +803,7 @@ send
END
done
sleep 2
@ -1161,7 +1159,7 @@ index 14952c8..5c51972 100755
done
if [ $ret -ne 0 ]; then
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
index 8521ff8..565a1d7 100644
index 2eb2cd5..36f5114 100644
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@@ -35,7 +35,7 @@ make_key () {
@ -1174,7 +1172,7 @@ index 8521ff8..565a1d7 100644
make_key 3 ${EXTRAPORT3} hmac-sha224
make_key 4 ${EXTRAPORT4} hmac-sha256
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index 57e066d..186a723 100644
index 4e25e51..cb8934c 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -348,15 +348,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1208,7 +1206,7 @@ index 57e066d..186a723 100644
n=`expr $n + 1`
echo_i "testing rndc with hmac-sha1 ($n)"
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
index fbf30c6..f61657d 100644
index 4905ffd..958d9fb 100644
--- a/bin/tests/system/tsig/ns1/named.conf.in
+++ b/bin/tests/system/tsig/ns1/named.conf.in
@@ -21,10 +21,7 @@ options {
@ -1235,24 +1233,8 @@ index fbf30c6..f61657d 100644
key "sha1-trunc" {
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
new file mode 100644
index 0000000..0682194
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
@@ -0,0 +1,10 @@
+# Conditionally included when support for MD5 is available
+key "md5" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5;
+};
+
+key "md5-trunc" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5-80;
+};
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
index 9a8ab2e..1311689 100644
index f42aa79..bfcf4a6 100644
--- a/bin/tests/system/tsig/setup.sh
+++ b/bin/tests/system/tsig/setup.sh
@@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
@ -1265,7 +1247,7 @@ index 9a8ab2e..1311689 100644
+ cat ns1/rndc5.conf.in >> ns1/named.conf
+fi
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
index 526dbca..bf359a4 100644
index ed41e1d..98c542e 100644
--- a/bin/tests/system/tsig/tests.sh
+++ b/bin/tests/system/tsig/tests.sh
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
@ -1356,7 +1338,7 @@ index 526dbca..bf359a4 100644
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
index 49510b4..8d8bb2a 100644
index f04c907..09da5f9 100644
--- a/bin/tests/system/tsiggss/setup.sh
+++ b/bin/tests/system/tsiggss/setup.sh
@@ -16,5 +16,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
@ -1367,7 +1349,7 @@ index 49510b4..8d8bb2a 100644
+key=`$KEYGEN -Cq -K ns1 -a DSA -b 1024 -r $RANDFILE -n HOST -T KEY key.example.nil.`
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
index e0a30cd..6a77b1c 100644
index 4ddd7a4..238f52a 100644
--- a/bin/tests/system/upforwd/ns1/named.conf.in
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
@@ -10,7 +10,7 @@
@ -1380,7 +1362,7 @@ index e0a30cd..6a77b1c 100644
};
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
index b0694bb..9adae82 100644
index 1cf8d3b..f4c3216 100644
--- a/bin/tests/system/upforwd/tests.sh
+++ b/bin/tests/system/upforwd/tests.sh
@@ -68,7 +68,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi

288
bind-9.11-rh1624100.patch
View File

@ -1,288 +0,0 @@
From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 25 Apr 2018 14:04:31 +0200
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
Fix the isc_safe_memwipe() usage with (NULL, >0)
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
---
bin/dnssec/dnssec-signzone.c | 2 +-
lib/dns/nsec3.c | 4 +-
lib/dns/spnego.c | 4 +-
lib/isc/Makefile.in | 8 +---
lib/isc/include/isc/safe.h | 18 ++------
lib/isc/safe.c | 83 ------------------------------------
lib/isc/tests/safe_test.c | 18 --------
7 files changed, 11 insertions(+), 126 deletions(-)
delete mode 100644 lib/isc/safe.c
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 6dded0c..a9c5557 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
static int
hashlist_comp(const void *a, const void *b) {
- return (isc_safe_memcompare(a, b, hash_length + 1));
+ return (memcmp(a, b, hash_length + 1));
}
static void
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 6ae7ca8..01426d6 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1963,7 +1963,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
* Work out what this NSEC3 covers.
* Inside (<0) or outside (>=0).
*/
- scope = isc_safe_memcompare(owner, nsec3.next, nsec3.next_length);
+ scope = memcmp(owner, nsec3.next, nsec3.next_length);
/*
* Prepare to compute all the hashes.
@@ -1987,7 +1987,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
return (ISC_R_IGNORE);
}
- order = isc_safe_memcompare(hash, owner, length);
+ order = memcmp(hash, owner, length);
if (first && order == 0) {
/*
* The hashes are the same.
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index ad77f24..670982a 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -371,7 +371,7 @@ gssapi_spnego_decapsulate(OM_uint32 *,
/* mod_auth_kerb.c */
-static int
+static isc_boolean_t
cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
{
unsigned char *p;
@@ -395,7 +395,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
if (((OM_uint32) *p++) != gssoid->length)
return (GSS_S_DEFECTIVE_TOKEN);
- return (isc_safe_memcompare(p, gssoid->elements, gssoid->length));
+ return (!isc_safe_memequal(p, gssoid->elements, gssoid->length));
}
/* accept_sec_context.c */
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 149552a..8529a86 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \
ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
rwlock.@O@ \
- safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
+ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
tm.@O@ timer.@O@ utf8.@O@ version.@O@ \
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
@@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
netaddr.c netscope.c pool.c ondestroy.c \
parseint.c portset.c quota.c radix.c random.c ${CHACHASRCS} \
ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
- safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
+ serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
strtoul.c symtab.c task.c taskpool.c timer.c \
tm.c utf8.c version.c
@@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@
@BIND9_MAKE_RULES@
-safe.@O@: safe.c
- ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} @CCNOOPT@ \
- -c ${srcdir}/safe.c
-
version.@O@: version.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
index 66ed08b..88b8f47 100644
--- a/lib/isc/include/isc/safe.h
+++ b/lib/isc/include/isc/safe.h
@@ -15,29 +15,19 @@
/*! \file isc/safe.h */
-#include <stdbool.h>
-
-#include <isc/types.h>
-#include <stdlib.h>
+#include <isc/lang.h>
+#include <openssl/crypto.h>
ISC_LANG_BEGINDECLS
-bool
-isc_safe_memequal(const void *s1, const void *s2, size_t n);
+#define isc_safe_memequal(s1, s2, n) !CRYPTO_memcmp(s1, s2, n)
/*%<
* Returns true iff. two blocks of memory are equal, otherwise
* false.
*
*/
-int
-isc_safe_memcompare(const void *b1, const void *b2, size_t len);
-/*%<
- * Clone of libc memcmp() which is safe to differential timing attacks.
- */
-
-void
-isc_safe_memwipe(void *ptr, size_t len);
+#define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len)
/*%<
* Clear the memory of length `len` pointed to by `ptr`.
*
diff --git a/lib/isc/safe.c b/lib/isc/safe.c
deleted file mode 100644
index 7a464b6..0000000
--- a/lib/isc/safe.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdbool.h>
-
-#include <isc/safe.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#ifdef WIN32
-#include <windows.h>
-#endif
-
-#ifdef _MSC_VER
-#pragma optimize("", off)
-#endif
-
-bool
-isc_safe_memequal(const void *s1, const void *s2, size_t n) {
- uint8_t acc = 0;
-
- if (n != 0U) {
- const uint8_t *p1 = s1, *p2 = s2;
-
- do {
- acc |= *p1++ ^ *p2++;
- } while (--n != 0U);
- }
- return (acc == 0);
-}
-
-
-int
-isc_safe_memcompare(const void *b1, const void *b2, size_t len) {
- const unsigned char *p1 = b1, *p2 = b2;
- size_t i;
- int res = 0, done = 0;
-
- for (i = 0; i < len; i++) {
- /* lt is -1 if p1[i] < p2[i]; else 0. */
- int lt = (p1[i] - p2[i]) >> CHAR_BIT;
-
- /* gt is -1 if p1[i] > p2[i]; else 0. */
- int gt = (p2[i] - p1[i]) >> CHAR_BIT;
-
- /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
- int cmp = lt - gt;
-
- /* set res = cmp if !done. */
- res |= cmp & ~done;
-
- /* set done if p1[i] != p2[i]. */
- done |= lt | gt;
- }
-
- return (res);
-}
-
-void
-isc_safe_memwipe(void *ptr, size_t len) {
- if (ISC_UNLIKELY(ptr == NULL || len == 0))
- return;
-
-#ifdef WIN32
- SecureZeroMemory(ptr, len);
-#elif HAVE_EXPLICIT_BZERO
- explicit_bzero(ptr, len);
-#else
- memset(ptr, 0, len);
-#endif
-}
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
index 266ac75..60e9181 100644
--- a/lib/isc/tests/safe_test.c
+++ b/lib/isc/tests/safe_test.c
@@ -45,22 +45,6 @@ isc_safe_memequal_test(void **state) {
"\x00\x00\x00\x00", 4));
}
-/* test isc_safe_memcompare() */
-static void
-isc_safe_memcompare_test(void **state) {
- UNUSED(state);
-
- assert_int_equal(isc_safe_memcompare("test", "test", 4), 0);
- assert_true(isc_safe_memcompare("test", "tesc", 4) > 0);
- assert_true(isc_safe_memcompare("test", "tesy", 4) < 0);
- assert_int_equal(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x00", 4), 0);
- assert_true(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x01", 4) < 0);
- assert_true(isc_safe_memcompare("\x00\x00\x00\x02",
- "\x00\x00\x00\x00", 4) > 0);
-}
-
/* test isc_safe_memwipe() */
static void
isc_safe_memwipe_test(void **state) {
@@ -69,7 +53,6 @@ isc_safe_memwipe_test(void **state) {
/* These should pass. */
isc_safe_memwipe(NULL, 0);
isc_safe_memwipe((void *) -1, 0);
- isc_safe_memwipe(NULL, 42);
/*
* isc_safe_memwipe(ptr, size) should function same as
@@ -108,7 +91,6 @@ main(void) {
const struct CMUnitTest tests[] = {
cmocka_unit_test(isc_safe_memequal_test),
cmocka_unit_test(isc_safe_memwipe_test),
- cmocka_unit_test(isc_safe_memcompare_test),
};
return (cmocka_run_group_tests(tests, NULL, NULL));
--
2.26.2

59
bind-9.11-rh1736762-5.patch
View File

@ -1,59 +0,0 @@
From 6257d829c9d7e71ac51bcdc6b5b981c7a19200e2 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 25 Nov 2019 05:46:55 +0000
Subject: [PATCH] Merge branch
'1373-threadsanitizer-data-race-rbtdb-c-5193-in-detachnode' into 'master'
Resolve "ThreadSanitizer: data race rbtdb.c:5193 in detachnode"
Closes #1373
See merge request isc-projects/bind9!2598
---
lib/dns/include/dns/rbt.h | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h
index 67ac3e4d8a..a084bd6193 100644
--- a/lib/dns/include/dns/rbt.h
+++ b/lib/dns/include/dns/rbt.h
@@ -49,10 +49,7 @@ ISC_LANG_BEGINDECLS
#define DNS_RBT_USEMAGIC 1
-/*
- * These should add up to 30.
- */
-#define DNS_RBT_LOCKLENGTH 10
+#define DNS_RBT_LOCKLENGTH (sizeof(((dns_rbtnode_t *)0)->locknum)*8)
#define DNS_RBT_REFLENGTH 20
#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O')
@@ -159,16 +156,15 @@ struct dns_rbtnode {
* separate region of memory.
*/
void *data;
- unsigned int :0; /* start of bitfields c/o node lock */
- unsigned int dirty:1;
- unsigned int wild:1;
- unsigned int locknum:DNS_RBT_LOCKLENGTH;
-#ifndef DNS_RBT_USEISCREFCOUNT
- unsigned int references:DNS_RBT_REFLENGTH;
-#endif
- unsigned int :0; /* end of bitfields c/o node lock */
+ uint8_t :0; /* start of bitfields c/o node lock */
+ uint8_t dirty:1;
+ uint8_t wild:1;
+ uint8_t :0; /* end of bitfields c/o node lock */
+ uint16_t locknum; /* note that this is not in the bitfield */
#ifdef DNS_RBT_USEISCREFCOUNT
- isc_refcount_t references; /* note that this is not in the bitfield */
+ isc_refcount_t references;
+#else
+ unsigned int references:DNS_RBT_REFLENGTH;
#endif
/*@}*/
};
--
2.21.0

109
bind-9.11-rt46047.patch
View File

@ -1,4 +1,4 @@
From 8a064944dc10421a387725a365650d656d2a97f1 Mon Sep 17 00:00:00 2001
From af3b530773231f8cff6548e36962ad1f25e38c5d Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 28 Sep 2017 10:09:22 -0700
Subject: [PATCH] completed and corrected the crypto-random change
@ -45,13 +45,13 @@ Subject: [PATCH] completed and corrected the crypto-random change
lib/dns/include/dst/dst.h | 14 +++++-
lib/dns/openssl_link.c | 3 +-
lib/isc/include/isc/entropy.h | 48 +++++++++++++++------
lib/isc/include/isc/random.h | 28 +++++++-----
lib/isc/include/isc/random.h | 26 +++++++----
lib/isccfg/namedconf.c | 2 +-
23 files changed, 240 insertions(+), 104 deletions(-)
23 files changed, 240 insertions(+), 102 deletions(-)
create mode 100644 doc/arm/notes-rh-changes.xml
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index 295e16f..0f79aa8 100644
index bd269e7..1ac775f 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -161,17 +161,15 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
@ -78,7 +78,7 @@ index 295e16f..0f79aa8 100644
&entropy_source,
randomfile,
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 1826919..96543fc 100644
index bd19e1d..2c09b30 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -349,15 +349,23 @@
@ -114,7 +114,7 @@ index 1826919..96543fc 100644
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 5654435..24c0d5a 100644
index 2a0f9c6..6fcd411 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@ -142,10 +142,10 @@ index 5654435..24c0d5a 100644
usekeyboard);
diff --git a/bin/named/client.c b/bin/named/client.c
index f4a5ff9..58549d3 100644
index 4a50ad9..4d140e8 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
@@ -1768,7 +1768,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_stdtime_get(&now);
@ -156,7 +156,7 @@ index f4a5ff9..58549d3 100644
compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
diff --git a/bin/named/config.c b/bin/named/config.c
index eef8181..ff868b8 100644
index 9b343fa..5e663c6 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -98,7 +98,9 @@ options {\n\
@ -171,10 +171,10 @@ index eef8181..ff868b8 100644
#endif
" recursing-file \"named.recursing\";\n\
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index d955c2f..40621f2 100644
index 9fdf49b..42128dc 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -325,9 +325,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
@@ -327,9 +327,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
static void
control_recvmessage(isc_task_t *task, isc_event_t *event) {
@ -188,7 +188,7 @@ index d955c2f..40621f2 100644
isccc_sexpr_t *request = NULL;
isccc_sexpr_t *response = NULL;
uint32_t algorithm;
@@ -338,16 +339,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
@@ -340,16 +341,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
isc_buffer_t *text;
isc_result_t result;
isc_result_t eresult;
@ -208,7 +208,7 @@ index d955c2f..40621f2 100644
algorithm = DST_ALG_UNKNOWN;
secret.rstart = NULL;
text = NULL;
@@ -458,8 +460,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
@@ -462,8 +464,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
* Establish nonce.
*/
if (conn->nonce == 0) {
@ -223,7 +223,7 @@ index d955c2f..40621f2 100644
} else
eresult = ns_control_docommand(request, listener->readonly, &text);
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 3f96b7b..c92922e 100644
index 4fd0194..0ba2627 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -20,6 +20,7 @@
@ -234,7 +234,7 @@ index 3f96b7b..c92922e 100644
#include <isc/sockaddr.h>
#include <isc/types.h>
#include <isc/xml.h>
@@ -134,6 +135,7 @@ struct ns_server {
@@ -135,6 +136,7 @@ struct ns_server {
char * lockfile;
uint16_t transfer_tcp_message_size;
@ -243,7 +243,7 @@ index 3f96b7b..c92922e 100644
struct ns_altsecret {
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 9dea7c1..272d300 100644
index 93aac31..e12fad9 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -17,6 +17,7 @@
@ -255,22 +255,22 @@ index 9dea7c1..272d300 100644
#include <isc/task.h>
#include <isc/util.h>
diff --git a/bin/named/query.c b/bin/named/query.c
index 203f1e6..25eeced 100644
index 58b5914..edf42d2 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -19,6 +19,7 @@
#include <isc/hex.h>
@@ -20,6 +20,7 @@
#include <isc/mem.h>
#include <isc/platform.h>
#include <isc/print.h>
+#include <isc/random.h>
#include <isc/rwlock.h>
#include <isc/serial.h>
#include <isc/stats.h>
diff --git a/bin/named/server.c b/bin/named/server.c
index 7b3b736..4aaa92f 100644
index b2ae57c..cca7fe8 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8234,21 +8234,32 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8279,21 +8279,32 @@ load_configuration(const char *filename, ns_server_t *server,
* Open the source of entropy.
*/
if (first_time) {
@ -312,7 +312,7 @@ index 7b3b736..4aaa92f 100644
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
level = ISC_LOG_INFO;
@@ -8259,8 +8270,8 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8304,8 +8315,8 @@ load_configuration(const char *filename, ns_server_t *server,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
level,
@ -323,7 +323,7 @@ index 7b3b736..4aaa92f 100644
randomdev,
isc_result_totext(result));
}
@@ -8280,7 +8291,6 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8325,7 +8336,6 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -331,7 +331,7 @@ index 7b3b736..4aaa92f 100644
#endif
}
@@ -9049,6 +9059,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9097,6 +9107,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->in_roothints = NULL;
server->blackholeacl = NULL;
server->keepresporder = NULL;
@ -339,7 +339,7 @@ index 7b3b736..4aaa92f 100644
/* Must be first. */
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
@@ -9075,6 +9086,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9123,6 +9134,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
@ -349,7 +349,7 @@ index 7b3b736..4aaa92f 100644
/*
* Setup the server task, which is responsible for coordinating
@@ -9281,7 +9295,8 @@ ns_server_destroy(ns_server_t **serverp) {
@@ -9329,7 +9343,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr);
@ -359,7 +359,7 @@ index 7b3b736..4aaa92f 100644
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@@ -13316,10 +13331,10 @@ newzone_cfgctx_destroy(void **cfgp) {
@@ -13366,10 +13381,10 @@ newzone_cfgctx_destroy(void **cfgp) {
static isc_result_t
generate_salt(unsigned char *salt, size_t saltlen) {
@ -372,7 +372,7 @@ index 7b3b736..4aaa92f 100644
} rnd;
unsigned char text[512 + 1];
isc_region_t r;
@@ -13329,9 +13344,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
@@ -13379,9 +13394,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
if (saltlen > 256U)
return (ISC_R_RANGE);
@ -387,10 +387,10 @@ index 7b3b736..4aaa92f 100644
memmove(salt, rnd.rnd, saltlen);
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 2436731..6f59456 100644
index 7f15cbc..458aa76 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -284,9 +284,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -289,9 +289,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
}
#ifdef ISC_PLATFORM_CRYPTORANDOM
@ -402,7 +402,7 @@ index 2436731..6f59456 100644
}
#endif
diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
index f0a6ff2..55064f6 100644
index 95b65bf..7a81d4e 100644
--- a/bin/tests/system/pipelined/pipequeries.c
+++ b/bin/tests/system/pipelined/pipequeries.c
@@ -280,9 +280,7 @@ main(int argc, char *argv[]) {
@ -417,7 +417,7 @@ index f0a6ff2..55064f6 100644
}
#endif
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
index fe8698e..937fcc3 100644
index 3236968..4fa77b6 100644
--- a/bin/tests/system/tkey/keycreate.c
+++ b/bin/tests/system/tkey/keycreate.c
@@ -255,9 +255,7 @@ main(int argc, char *argv[]) {
@ -432,7 +432,7 @@ index fe8698e..937fcc3 100644
}
#endif
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
index 2146f9b..64b8e74 100644
index 43fb6b0..105e151 100644
--- a/bin/tests/system/tkey/keydelete.c
+++ b/bin/tests/system/tkey/keydelete.c
@@ -171,6 +171,7 @@ main(int argc, char **argv) {
@ -455,7 +455,7 @@ index 2146f9b..64b8e74 100644
}
#endif
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 1da0565..7eef5b2 100644
index ca98726..1f9df2c 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -5034,22 +5034,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@ -569,10 +569,10 @@ index 0000000..89a4961
+</section>
+
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index adffaa0..2ffe344 100644
index a5e42c0..f8cb1f9 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -45,6 +45,7 @@
@@ -47,6 +47,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/>
@ -581,7 +581,7 @@ index adffaa0..2ffe344 100644
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-thankyou.xml"/>
</section>
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 1eccbe7..1933993 100644
index aa54afc..2156384 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -2017,10 +2017,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
@ -599,7 +599,7 @@ index 1eccbe7..1933993 100644
}
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index 6813c96..665574d 100644
index 3aba028..180c841 100644
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -163,8 +163,18 @@ isc_result_t
@ -624,7 +624,7 @@ index 6813c96..665574d 100644
bool
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index ffe0a69..5e48686 100644
index 3f4f822..cfdc757 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) {
@ -638,7 +638,7 @@ index ffe0a69..5e48686 100644
#ifndef DONT_REQUIRE_DST_LIB_INIT
INSIST(dst__memory_pool != NULL);
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index c40a18c..c7cb17d 100644
index f32c9dc..bed276b 100644
--- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h
@@ -189,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
@ -718,26 +718,21 @@ index c40a18c..c7cb17d 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
index f8aed34..17c551b 100644
index f38e80d..3cb1c56 100644
--- a/lib/isc/include/isc/random.h
+++ b/lib/isc/include/isc/random.h
@@ -9,8 +9,6 @@
* information regarding copyright ownership.
*/
-/* $Id: random.h,v 1.20 2009/01/17 23:47:43 tbox Exp $ */
-
#ifndef ISC_RANDOM_H
#define ISC_RANDOM_H 1
@@ -21,13 +19,23 @@
@@ -19,13 +19,23 @@
#include <isc/mutex.h>
/*! \file isc/random.h
- * \brief Implements a random state pool which will let the caller return a
- * series of possibly non-reproducible random values.
+ * \brief Implements pseudo random number generators.
+ *
*
- * Note that the
- * strength of these numbers is not all that high, and should not be
- * used in cryptography functions. It is useful for jittering values
- * a bit here and there, such as timeouts, etc.
+ * Two pseudo-random number generators are implemented, in isc_random_*
+ * and isc_rng_*. Neither one is very strong; they should not be used
+ * in cryptography functions.
@ -747,11 +742,7 @@ index f8aed34..17c551b 100644
+ * It is useful for jittering values a bit here and there, such as
+ * timeouts, etc, but should not be relied upon to generate
+ * unpredictable sequences (for example, when choosing transaction IDs).
*
- * Note that the
- * strength of these numbers is not all that high, and should not be
- * used in cryptography functions. It is useful for jittering values
- * a bit here and there, such as timeouts, etc.
+ *
+ * isc_rng_* is based on ChaCha20, and is seeded and stirred from the
+ * system entropy source. It is stronger than isc_random_* and can
+ * be used for generating unpredictable sequences. It is still not as
@ -760,7 +751,7 @@ index f8aed34..17c551b 100644
*/
ISC_LANG_BEGINDECLS
@@ -115,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
@@ -113,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
uint16_t
isc_rng_uniformrandom(isc_rng_t *rngctx, uint16_t upper_bound);
/*%<
@ -772,7 +763,7 @@ index f8aed34..17c551b 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 1c45d5c..91693b5 100644
index e74c93b..212194e 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1109,7 +1109,7 @@ options_clauses[] = {

198
bind-9.11-serve-stale.patch
View File

@ -1,4 +1,4 @@
From 5400119bfb19243b37e4f4f27baad4f610fff8da Mon Sep 17 00:00:00 2001
From 95b25d45662f4fad39cbc9ddbc3b4bcdae0a04ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 7 Nov 2019 14:31:03 +0100
Subject: [PATCH] Implement serve-stale in 9.11
@ -276,7 +276,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
create mode 100755 bin/tests/system/serve-stale/tests.sh
diff --git a/bin/named/config.c b/bin/named/config.c
index ff868b8..f23bed1 100644
index 5e663c6..560ef04 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -182,13 +182,14 @@ options {\n\
@ -312,7 +312,7 @@ index ff868b8..f23bed1 100644
transfer-format many-answers;\n\
v6-bias 50;\n\
diff --git a/bin/named/control.c b/bin/named/control.c
index df23c26..8b79850 100644
index 23620b4..0756c73 100644
--- a/bin/named/control.c
+++ b/bin/named/control.c
@@ -282,6 +282,8 @@ ns_control_docommand(isccc_sexpr_t *message, bool readonly,
@ -325,10 +325,10 @@ index df23c26..8b79850 100644
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h
index 8705fdd..1634154 100644
index 56bad8d..37403f1 100644
--- a/bin/named/include/named/control.h
+++ b/bin/named/include/named/control.h
@@ -69,6 +69,7 @@
@@ -67,6 +67,7 @@
#define NS_COMMAND_MKEYS "managed-keys"
#define NS_COMMAND_DNSTAPREOPEN "dnstap-reopen"
#define NS_COMMAND_DNSTAP "dnstap"
@ -337,10 +337,10 @@ index 8705fdd..1634154 100644
isc_result_t
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h
index 56bfcd4..cd8db60 100644
index 76e3a51..0d1d985 100644
--- a/bin/named/include/named/log.h
+++ b/bin/named/include/named/log.h
@@ -32,6 +32,7 @@
@@ -30,6 +30,7 @@
#define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6])
#define NS_LOGCATEGORY_QUERY_ERRORS (&ns_g_categories[7])
#define NS_LOGCATEGORY_TAT (&ns_g_categories[8])
@ -349,7 +349,7 @@ index 56bfcd4..cd8db60 100644
/*
* Backwards compatibility.
diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
index 9661f56..445b578 100644
index ef1b172..53c052b 100644
--- a/bin/named/include/named/query.h
+++ b/bin/named/include/named/query.h
@@ -35,6 +35,18 @@ typedef struct ns_dbversion {
@ -389,10 +389,10 @@ index 9661f56..445b578 100644
bool root_key_sentinel_is_ta;
bool root_key_sentinel_not_ta;
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index c92922e..588bf2d 100644
index 0ba2627..08a02dc 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -226,7 +226,10 @@ enum {
@@ -227,7 +227,10 @@ enum {
dns_nsstatscounter_reclimitdropped = 58,
@ -404,7 +404,7 @@ index c92922e..588bf2d 100644
};
/*%
@@ -765,4 +768,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
@@ -766,4 +769,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
isc_result_t
ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
@ -418,7 +418,7 @@ index c92922e..588bf2d 100644
+ isc_buffer_t **text);
#endif /* NAMED_SERVER_H */
diff --git a/bin/named/log.c b/bin/named/log.c
index 3aa25e9..12f178b 100644
index acfa766..ea6f114 100644
--- a/bin/named/log.c
+++ b/bin/named/log.c
@@ -38,6 +38,7 @@ static isc_logcategory_t categories[] = {
@ -430,10 +430,10 @@ index 3aa25e9..12f178b 100644
};
diff --git a/bin/named/query.c b/bin/named/query.c
index 25eeced..162e4ea 100644
index edf42d2..89cc574 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -125,10 +125,14 @@
@@ -149,10 +149,14 @@ last_cmpxchg(isc_stdtime_t *x, isc_stdtime_t *e, isc_stdtime_t r) {
#define REDIRECT(c) (((c)->query.attributes & \
NS_QUERYATTR_REDIRECT) != 0)
@ -449,7 +449,7 @@ index 25eeced..162e4ea 100644
#ifdef WANT_QUERYTRACE
static inline void
client_trace(ns_client_t *client, int level, const char *message) {
@@ -217,6 +221,10 @@ static bool
@@ -241,6 +245,10 @@ static bool
rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
@ -460,7 +460,7 @@ index 25eeced..162e4ea 100644
/*%
* Increment query statistics counters.
*/
@@ -470,6 +478,7 @@ query_reset(ns_client_t *client, bool everything) {
@@ -494,6 +502,7 @@ query_reset(ns_client_t *client, bool everything) {
client->query.isreferral = false;
client->query.dns64_options = 0;
client->query.dns64_ttl = UINT32_MAX;
@ -468,8 +468,8 @@ index 25eeced..162e4ea 100644
client->query.root_key_sentinel_keyid = 0;
client->query.root_key_sentinel_is_ta = false;
client->query.root_key_sentinel_not_ta = false;
@@ -4254,6 +4263,54 @@ query_prefetch(ns_client_t *client, dns_name_t *qname,
dns_rdataset_clearprefetch(rdataset);
@@ -4305,6 +4314,54 @@ log_quota(ns_client_t *client, isc_stdtime_t *last, isc_stdtime_t now,
}
}
+/*%
@ -523,7 +523,7 @@ index 25eeced..162e4ea 100644
static isc_result_t
query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
dns_name_t *qdomain, dns_rdataset_t *nameservers,
@@ -4263,6 +4320,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
@@ -4314,6 +4371,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
dns_rdataset_t *rdataset, *sigrdataset;
isc_sockaddr_t *peeraddr;
@ -543,7 +543,7 @@ index 25eeced..162e4ea 100644
if (!resuming)
inc_stats(client, dns_nsstatscounter_recursion);
@@ -6780,6 +6850,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -6821,6 +6891,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
int line = -1;
bool dns64_exclude, dns64, rpz;
bool nxrewrite = false;
@ -551,7 +551,7 @@ index 25eeced..162e4ea 100644
bool redirected = false;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
@@ -7089,6 +7160,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7130,6 +7201,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
type = qtype;
restart:
@ -559,7 +559,7 @@ index 25eeced..162e4ea 100644
CTRACE(ISC_LOG_DEBUG(3), "query_find: restart");
want_restart = false;
authoritative = false;
@@ -7233,6 +7305,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7274,6 +7346,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
db_find:
@ -567,7 +567,7 @@ index 25eeced..162e4ea 100644
CTRACE(ISC_LOG_DEBUG(3), "query_find: db_find");
/*
* We'll need some resources...
@@ -7290,6 +7363,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7331,6 +7404,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (!is_zone)
dns_cache_updatestats(client->view->cache, result);
@ -603,7 +603,7 @@ index 25eeced..162e4ea 100644
resume:
CTRACE(ISC_LOG_DEBUG(3), "query_find: resume");
@@ -7635,6 +7737,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7676,6 +7778,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* The cache doesn't even have the root NS. Get them from
* the hints DB.
*/
@ -611,7 +611,7 @@ index 25eeced..162e4ea 100644
INSIST(!is_zone);
if (db != NULL)
dns_db_detach(&db);
@@ -7697,12 +7800,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7738,12 +7841,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
/* FALLTHROUGH */
case DNS_R_DELEGATION:
@ -626,7 +626,7 @@ index 25eeced..162e4ea 100644
if (!RECURSIONOK(client) &&
(options & DNS_GETDB_NOEXACT) != 0 &&
qtype == dns_rdatatype_ds) {
@@ -8089,6 +8194,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8130,6 +8235,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
false, true);
}
}
@ -634,7 +634,7 @@ index 25eeced..162e4ea 100644
if (dns_rdataset_isassociated(rdataset)) {
/*
* If we've got a NSEC record, we need to save the
@@ -8409,7 +8515,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8450,7 +8556,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* If we have a zero ttl from the cache refetch it.
*/
@ -644,7 +644,7 @@ index 25eeced..162e4ea 100644
RECURSIONOK(client))
{
if (dns_rdataset_isassociated(rdataset))
@@ -8627,7 +8734,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8668,7 +8775,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
"query_find: unexpected error after resuming: %s",
isc_result_totext(result));
CTRACE(ISC_LOG_ERROR, errmsg);
@ -657,7 +657,7 @@ index 25eeced..162e4ea 100644
goto cleanup;
}
@@ -8883,7 +8994,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8924,7 +9035,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* If we have a zero ttl from the cache refetch it.
*/
@ -666,7 +666,7 @@ index 25eeced..162e4ea 100644
RECURSIONOK(client))
{
if (dns_rdataset_isassociated(rdataset))
@@ -8894,6 +9005,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8935,6 +9046,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (node != NULL)
dns_db_detachnode(db, &node);
@ -674,7 +674,7 @@ index 25eeced..162e4ea 100644
INSIST(!REDIRECT(client));
result = query_recurse(client, qtype,
client->query.qname,
@@ -9174,6 +9286,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -9215,6 +9327,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
dns_fixedname_name(&wildcardname),
true, false);
cleanup:
@ -682,7 +682,7 @@ index 25eeced..162e4ea 100644
CTRACE(ISC_LOG_DEBUG(3), "query_find: cleanup");
/*
* General cleanup.
@@ -9230,6 +9343,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -9271,6 +9384,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
goto restart;
}
@ -733,7 +733,7 @@ index 25eeced..162e4ea 100644
(!PARTIALANSWER(client) || WANTRECURSION(client)
|| eresult == DNS_R_DROP)) {
diff --git a/bin/named/server.c b/bin/named/server.c
index 1cbb9a0..0c899ba 100644
index 2bdf690..3a5ba91 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1720,7 +1720,8 @@ static bool
@ -843,7 +843,7 @@ index 1cbb9a0..0c899ba 100644
/*
* Set supported DNSSEC algorithms.
*/
@@ -14509,3 +14553,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
@@ -14559,3 +14603,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
return (ISC_R_NOTIMPLEMENTED);
#endif
}
@ -977,7 +977,7 @@ index 1cbb9a0..0c899ba 100644
+ return (result);
+}
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 4b8d972..8c68737 100644
index 12ab048..4938c03 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -300,6 +300,12 @@ init_desc(void) {
@ -994,7 +994,7 @@ index 4b8d972..8c68737 100644
/* Initialize resolver statistics */
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 1b48861..f50635b 100644
index 0acfe3a..2c21c1d 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -160,6 +160,8 @@ command is one of the following:\n\
@ -1007,7 +1007,7 @@ index 1b48861..f50635b 100644
Print a zone's configuration.\n\
sign zone [class [view]]\n\
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index e14a17e..eaf32d3 100644
index 1e3812e..c7fe65f 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -689,6 +689,25 @@
@ -1037,7 +1037,7 @@ index e14a17e..eaf32d3 100644
<term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
<listitem>
diff --git a/bin/tests/system/chain/prereq.sh b/bin/tests/system/chain/prereq.sh
index f3f1939..9ff3f07 100644
index 23bedcd..43385de 100644
--- a/bin/tests/system/chain/prereq.sh
+++ b/bin/tests/system/chain/prereq.sh
@@ -48,3 +48,10 @@ else
@ -1052,7 +1052,7 @@ index f3f1939..9ff3f07 100644
+ exit 1
+fi
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 4c122c8..a2eb833 100644
index c59cfaf..2b3de5f 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \
@ -2039,7 +2039,7 @@ index 0000000..201c996
+echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 7eef5b2..b16b239 100644
index 1f9df2c..78e75ce 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4336,6 +4336,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@ -2140,7 +2140,7 @@ index 7eef5b2..b16b239 100644
</para>
</listitem>
</varlistentry>
@@ -8928,6 +8968,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
@@ -9015,6 +9055,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
@ -2169,7 +2169,7 @@ index 7eef5b2..b16b239 100644
<term><command>min-roots</command></term>
<listitem>
diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml
index e41bd3b..2f505c8 100644
index f0776fe..c4b903a 100644
--- a/doc/arm/logging-categories.xml
+++ b/doc/arm/logging-categories.xml
@@ -311,6 +311,17 @@
@ -2281,7 +2281,7 @@ index e11beed..fde93c7 100644
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index eaac5ba..a89d78f 100644
index bf769fe..6c57fa4 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
@ -2525,7 +2525,7 @@ index eaac5ba..a89d78f 100644
}
diff --git a/lib/dns/cache.c b/lib/dns/cache.c
index 4701ff8..97e427a 100644
index 2965a4f..617737a 100644
--- a/lib/dns/cache.c
+++ b/lib/dns/cache.c
@@ -138,6 +138,7 @@ struct dns_cache {
@ -2595,7 +2595,7 @@ index 4701ff8..97e427a 100644
* The cleaner task is shutting down; do the necessary cleanup.
*/
diff --git a/lib/dns/db.c b/lib/dns/db.c
index ee3e00d..576aa65 100644
index a28a566..c581646 100644
--- a/lib/dns/db.c
+++ b/lib/dns/db.c
@@ -1130,3 +1130,25 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
@ -2625,7 +2625,7 @@ index ee3e00d..576aa65 100644
+ return (ISC_R_NOTIMPLEMENTED);
+}
diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c
index 47994ea..23bfe7d 100644
index fc94ccf..76d0417 100644
--- a/lib/dns/ecdb.c
+++ b/lib/dns/ecdb.c
@@ -588,7 +588,9 @@ static dns_dbmethods_t ecdb_methods = {
@ -2640,7 +2640,7 @@ index 47994ea..23bfe7d 100644
static isc_result_t
diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h
index 62797db..714b78e 100644
index ab4b0b5..e158014 100644
--- a/lib/dns/include/dns/cache.h
+++ b/lib/dns/include/dns/cache.h
@@ -260,6 +260,27 @@ dns_cache_getcachesize(dns_cache_t *cache);
@ -2672,7 +2672,7 @@ index 62797db..714b78e 100644
dns_cache_flush(dns_cache_t *cache);
/*%<
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
index 6f0eed0..e3917f2 100644
index 96f3a8f..452770f 100644
--- a/lib/dns/include/dns/db.h
+++ b/lib/dns/include/dns/db.h
@@ -195,6 +195,8 @@ typedef struct dns_dbmethods {
@ -2732,7 +2732,7 @@ index 6f0eed0..e3917f2 100644
#endif /* DNS_DB_H */
diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h
index 5295d8e..97071ed 100644
index ed9119a..710e97c 100644
--- a/lib/dns/include/dns/rdataset.h
+++ b/lib/dns/include/dns/rdataset.h
@@ -128,6 +128,7 @@ struct dns_rdataset {
@ -2786,7 +2786,7 @@ index 5295d8e..97071ed 100644
/*%
* _OMITDNSSEC:
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 0b66c75..4b4b6bd 100644
index 7b3c047..bd7d225 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name);
@ -2855,12 +2855,12 @@ index 0b66c75..4b4b6bd 100644
dns_resolver_getoptions(dns_resolver_t *resolver);
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
index 567e8a8..7bf2b60 100644
index 2468e3c..934a641 100644
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@@ -385,6 +385,12 @@ typedef enum {
dns_updatemethod_date
} dns_updatemethod_t;
@@ -390,6 +390,12 @@ typedef struct {
size_t count;
} dns_indent_t;
+typedef enum {
+ dns_stale_answer_no,
@ -2872,7 +2872,7 @@ index 567e8a8..7bf2b60 100644
* Functions.
*/
diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
index 09a9725..8e3b3cb 100644
index 53f1db1..96148c7 100644
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@@ -229,6 +229,9 @@ struct dns_view {
@ -2886,7 +2886,7 @@ index 09a9725..8e3b3cb 100644
#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')
diff --git a/lib/dns/master.c b/lib/dns/master.c
index 8edd732..8c9f00e 100644
index 7d26b81..36999b5 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) {
@ -2913,7 +2913,7 @@ index 8edd732..8c9f00e 100644
/*
diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c
index 13d1a3e..873b694 100644
index fa839a0..91b3cab 100644
--- a/lib/dns/masterdump.c
+++ b/lib/dns/masterdump.c
@@ -81,6 +81,9 @@ struct dns_master_style {
@ -2982,10 +2982,10 @@ index 13d1a3e..873b694 100644
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_buffer_usedregion(&buffer, &r);
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index baf7641..a8f4609 100644
index 3b75cad..535202b 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
@@ -511,6 +511,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_NONEXISTENT 0x0001
@ -2993,7 +2993,7 @@ index baf7641..a8f4609 100644
#define RDATASET_ATTR_STALE 0x0002
#define RDATASET_ATTR_IGNORE 0x0004
#define RDATASET_ATTR_RETAIN 0x0008
@@ -502,6 +503,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
@@ -523,6 +524,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_CASESET 0x0400
#define RDATASET_ATTR_ZEROTTL 0x0800
#define RDATASET_ATTR_CASEFULLYLOWER 0x1000
@ -3002,7 +3002,7 @@ index baf7641..a8f4609 100644
typedef struct acache_cbarg {
dns_rdatasetadditional_t type;
@@ -552,6 +555,8 @@ struct acachectl {
@@ -573,6 +576,8 @@ struct acachectl {
(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
#define CASEFULLYLOWER(header) \
(((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0)
@ -3011,7 +3011,7 @@ index baf7641..a8f4609 100644
#define ACTIVE(header, now) \
@@ -611,6 +616,12 @@ typedef enum {
@@ -632,6 +637,12 @@ typedef enum {
expire_flush
} expire_t;
@ -3024,7 +3024,7 @@ index baf7641..a8f4609 100644
typedef struct rbtdb_version {
/* Not locked */
rbtdb_serial_t serial;
@@ -678,6 +689,12 @@ struct dns_rbtdb {
@@ -699,6 +710,12 @@ struct dns_rbtdb {
dns_dbnode_t *soanode;
dns_dbnode_t *nsnode;
@ -3037,7 +3037,7 @@ index baf7641..a8f4609 100644
/*
* This is a linked list used to implement the LRU cache. There will
* be node_lock_count linked lists here. Nodes in bucket 1 will be
@@ -721,6 +738,8 @@ struct dns_rbtdb {
@@ -742,6 +759,8 @@ struct dns_rbtdb {
#define RBTDB_ATTR_LOADED 0x01
#define RBTDB_ATTR_LOADING 0x02
@ -3046,7 +3046,7 @@ index baf7641..a8f4609 100644
/*%
* Search Context
*/
@@ -1791,15 +1810,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
@@ -1816,15 +1835,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
}
static inline void
@ -3066,7 +3066,7 @@ index baf7641..a8f4609 100644
header->node->dirty = 1;
/*
@@ -1840,8 +1859,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
@@ -1865,8 +1884,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
/*
* If current is nonexistent or stale, we can clean it up.
*/
@ -3077,7 +3077,7 @@ index baf7641..a8f4609 100644
if (top_prev != NULL)
top_prev->next = current->next;
else
@@ -2086,6 +2105,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
@@ -2111,6 +2130,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
}
}
@ -3158,7 +3158,7 @@ index baf7641..a8f4609 100644
/*
* Caller must be holding the node lock.
*/
@@ -3318,6 +3411,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -3343,6 +3436,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
rdataset->attributes |= DNS_RDATASETATTR_OPTOUT;
if (PREFETCH(header))
rdataset->attributes |= DNS_RDATASETATTR_PREFETCH;
@ -3171,7 +3171,7 @@ index baf7641..a8f4609 100644
rdataset->private1 = rbtdb;
rdataset->private2 = node;
raw = (unsigned char *)header + sizeof(*header);
@@ -4674,6 +4773,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4699,6 +4798,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
#endif
if (!ACTIVE(header, search->now)) {
@ -3191,7 +3191,7 @@ index baf7641..a8f4609 100644
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we mark
@@ -4713,7 +4825,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4738,7 +4850,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
node->data = header->next;
free_rdataset(search->rbtdb, mctx, header);
} else {
@ -3200,7 +3200,7 @@ index baf7641..a8f4609 100644
*header_prev = header;
}
} else
@@ -5154,7 +5266,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
@@ -5179,7 +5291,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
&locktype, lock, &search,
&header_prev)) {
/* Do nothing. */
@ -3209,7 +3209,7 @@ index baf7641..a8f4609 100644
/*
* We now know that there is at least one active
* non-stale rdataset at this node.
@@ -5637,7 +5749,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5662,7 +5774,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
* refcurrent(rbtnode) must be non-zero. This is so
* because 'node' is an argument to the function.
*/
@ -3218,7 +3218,7 @@ index baf7641..a8f4609 100644
if (log)
isc_log_write(dns_lctx, category, module,
level, "overmem cache: stale %s",
@@ -5645,7 +5757,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5670,7 +5782,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
} else if (force_expire) {
if (! RETAIN(header)) {
set_ttl(rbtdb, header, 0);
@ -3227,7 +3227,7 @@ index baf7641..a8f4609 100644
} else if (log) {
isc_log_write(dns_lctx, category, module,
level, "overmem cache: "
@@ -5904,9 +6016,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
@@ -5929,9 +6041,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
* non-zero. This is so because 'node' is an
* argument to the function.
*/
@ -3239,7 +3239,7 @@ index baf7641..a8f4609 100644
if (header->type == matchtype)
found = header;
else if (header->type == RBTDB_RDATATYPE_NCACHEANY ||
@@ -6206,7 +6318,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6233,7 +6345,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
topheader = topheader->next)
{
set_ttl(rbtdb, topheader, 0);
@ -3248,7 +3248,7 @@ index baf7641..a8f4609 100644
}
goto find_header;
}
@@ -6267,7 +6379,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6294,7 +6406,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* ncache entry.
*/
set_ttl(rbtdb, topheader, 0);
@ -3257,7 +3257,7 @@ index baf7641..a8f4609 100644
topheader = NULL;
goto find_header;
}
@@ -6305,8 +6417,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6332,8 +6444,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
/*
@ -3271,7 +3271,7 @@ index baf7641..a8f4609 100644
*/
if (rbtversion == NULL && trust < header->trust &&
(ACTIVE(header, now) || header_nx)) {
@@ -6336,6 +6451,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6363,6 +6478,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
if ((options & DNS_DBADD_EXACT) != 0)
flags |= DNS_RDATASLAB_EXACT;
@ -3282,7 +3282,7 @@ index baf7641..a8f4609 100644
if ((options & DNS_DBADD_EXACTTTL) != 0 &&
newheader->rdh_ttl != header->rdh_ttl)
result = DNS_R_NOTEXACT;
@@ -6379,11 +6498,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6406,11 +6525,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
}
/*
@ -3300,7 +3300,7 @@ index baf7641..a8f4609 100644
*/
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
@@ -6556,10 +6676,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6583,10 +6703,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
changed->dirty = true;
if (rbtversion == NULL) {
set_ttl(rbtdb, header, 0);
@ -3313,7 +3313,7 @@ index baf7641..a8f4609 100644
}
}
if (rbtversion != NULL && !header_nx) {
@@ -8410,6 +8530,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
@@ -8437,6 +8557,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
return (result);
}
@ -3344,7 +3344,7 @@ index baf7641..a8f4609 100644
static dns_dbmethods_t zone_methods = {
attach,
detach,
@@ -8455,7 +8599,9 @@ static dns_dbmethods_t zone_methods = {
@@ -8482,7 +8626,9 @@ static dns_dbmethods_t zone_methods = {
NULL,
hashsize,
nodefullname,
@ -3355,7 +3355,7 @@ index baf7641..a8f4609 100644
};
static dns_dbmethods_t cache_methods = {
@@ -8503,7 +8649,9 @@ static dns_dbmethods_t cache_methods = {
@@ -8530,7 +8676,9 @@ static dns_dbmethods_t cache_methods = {
setcachestats,
hashsize,
nodefullname,
@ -3366,7 +3366,7 @@ index baf7641..a8f4609 100644
};
isc_result_t
@@ -8774,7 +8922,7 @@ dns_rbtdb_create
@@ -8801,7 +8949,7 @@ dns_rbtdb_create
rbtdb->rpzs = NULL;
rbtdb->load_rpzs = NULL;
rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;
@ -3375,7 +3375,7 @@ index baf7641..a8f4609 100644
/*
* Version Initialization.
*/
@@ -9192,7 +9340,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
@@ -9219,7 +9367,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
* rdatasets to work.
*/
if (NONEXISTENT(header) ||
@ -3385,7 +3385,7 @@ index baf7641..a8f4609 100644
header = NULL;
break;
} else
@@ -10401,7 +10550,7 @@ static inline bool
@@ -10428,7 +10577,7 @@ static inline bool
need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {
if ((header->attributes &
(RDATASET_ATTR_NONEXISTENT |
@ -3394,7 +3394,7 @@ index baf7641..a8f4609 100644
RDATASET_ATTR_ZEROTTL)) != 0)
return (false);
@@ -10507,7 +10656,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
@@ -10534,7 +10683,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
bool tree_locked, expire_t reason)
{
set_ttl(rbtdb, header, 0);
@ -3404,7 +3404,7 @@ index baf7641..a8f4609 100644
/*
* Caller must hold the node (write) lock.
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index f7f73cd..7a77bde 100644
index 5e20783..17a4eee 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -141,16 +141,17 @@
@ -3437,7 +3437,7 @@ index f7f73cd..7a77bde 100644
#endif
/* The default maximum number of recursions to follow before giving up. */
@@ -523,6 +524,11 @@ struct dns_resolver {
@@ -529,6 +530,11 @@ struct dns_resolver {
dns_fetch_t * primefetch;
/* Locked by nlock. */
unsigned int nfctx;
@ -3449,7 +3449,7 @@ index f7f73cd..7a77bde 100644
};
#define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
@@ -1633,14 +1639,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
@@ -1650,14 +1656,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
unsigned int seconds;
unsigned int us;
@ -3468,7 +3468,7 @@ index f7f73cd..7a77bde 100644
/*
* Add a fudge factor to the expected rtt based on the current
@@ -4518,7 +4522,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
@@ -4535,7 +4539,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
/*
* Compute an expiration time for the entire fetch.
*/
@ -3478,7 +3478,7 @@ index f7f73cd..7a77bde 100644
iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
if (iresult != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -9005,6 +9010,8 @@ dns_resolver_create(dns_view_t *view,
@@ -9059,6 +9064,8 @@ dns_resolver_create(dns_view_t *view,
res->spillattimer = NULL;
res->zspill = 0;
res->zero_no_soa_ttl = false;
@ -3487,7 +3487,7 @@ index f7f73cd..7a77bde 100644
res->query_timeout = DEFAULT_QUERY_TIMEOUT;
res->maxdepth = DEFAULT_RECURSION_DEPTH;
res->maxqueries = DEFAULT_MAX_QUERIES;
@@ -10339,17 +10346,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
@@ -10393,17 +10400,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
}
void
@ -3516,7 +3516,7 @@ index f7f73cd..7a77bde 100644
}
void
@@ -10446,3 +10456,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
@@ -10500,3 +10510,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
return (resolver->quotaresp[which]);
}
@ -3552,7 +3552,7 @@ index f7f73cd..7a77bde 100644
+ resolver->nonbackofftries = tries;
+}
diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
index 8afaa52..b370e05 100644
index 477bb74..09cf932 100644
--- a/lib/dns/sdb.c
+++ b/lib/dns/sdb.c
@@ -1370,7 +1370,9 @@ static dns_dbmethods_t sdb_methods = {
@ -3567,7 +3567,7 @@ index 8afaa52..b370e05 100644
static isc_result_t
diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c
index 0b9620c..331992e 100644
index 037d74a..9218fed 100644
--- a/lib/dns/sdlz.c
+++ b/lib/dns/sdlz.c
@@ -1336,7 +1336,9 @@ static dns_dbmethods_t sdlzdb_methods = {
@ -3582,7 +3582,7 @@ index 0b9620c..331992e 100644
/*
diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c
index 2849775..812f750 100644
index bc1cc3f..60fdb81 100644
--- a/lib/dns/tests/db_test.c
+++ b/lib/dns/tests/db_test.c
@@ -28,8 +28,9 @@
@ -3813,7 +3813,7 @@ index 2849775..812f750 100644
_setup, _teardown),
cmocka_unit_test_setup_teardown(dbtype_test,
diff --git a/lib/dns/view.c b/lib/dns/view.c
index 0fca1d9..55ede81 100644
index a7ba613..a644c5f 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
@ -3827,7 +3827,7 @@ index 0fca1d9..55ede81 100644
view->maxbits = 0;
view->v4_aaaa = dns_aaaa_ok;
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 91693b5..5771774 100644
index 212194e..b562f95 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1778,6 +1778,7 @@ view_clauses[] = {

178
bind-9.11.23-atomic.patch
View File

@ -1,178 +0,0 @@
From 1528f231b559670445cfc427937174535981917d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 18 Sep 2020 14:46:02 +0200
Subject: [PATCH] Fix isc_atomic_xadd symbol missing
Squashed commit of the following:
commit d8afe85342f05d8fec8ee0255451568e936b7eb2
Author: Mark Andrews <marka@isc.org>
Date: Mon Sep 7 16:12:31 2020 +1000
Update 'init_count' atomically to silence tsan errors.
(cherry picked from commit 90185b225f4c7acde2fbb04697d857fe496725a2)
commit f166c7fb7cc262a688ed511e40c9b0d551d5992d
Author: Mark Andrews <marka@isc.org>
Date: Thu Sep 3 12:53:53 2020 +1000
The node lock was released too early.
NEGATIVE needs to be call with the node lock held.
WARNING: ThreadSanitizer: data race
Write of size 2 at 0x000000000001 by thread T1 (mutexes: write M1):
#0 mark_stale_header lib/dns/rbtdb.c:1802:21
#1 add32 lib/dns/rbtdb.c:6559:5
#2 addrdataset lib/dns/rbtdb.c:6975:12
#3 dns_db_addrdataset lib/dns/db.c:783:10
#4 cache_name lib/dns/resolver.c:5829:13
#5 cache_message lib/dns/resolver.c:5926:14
#6 resquery_response lib/dns/resolver.c:8618:12
#7 dispatch lib/isc/task.c:1157:7
#8 run lib/isc/task.c:1331:2
Previous read of size 2 at 0x000000000001 by thread T2:
#0 cache_findrdataset lib/dns/rbtdb.c:5932:6
#1 dns_db_findrdataset lib/dns/db.c:739:10
#2 query_addadditional2 bin/named/query.c:2196:11
#3 additionaldata_ns lib/dns/./rdata/generic/ns_2.c:198:10
#4 dns_rdata_additionaldata lib/dns/rdata.c:1246:2
#5 dns_rdataset_additionaldata lib/dns/rdataset.c:629:12
#6 query_addrdataset bin/named/query.c:2411:8
#7 query_addrrset bin/named/query.c:2802:2
#8 query_addbestns bin/named/query.c:3501:2
#9 query_find bin/named/query.c:9165:4
#10 query_resume bin/named/query.c:4164:12
#11 dispatch lib/isc/task.c:1157:7
#12 run lib/isc/task.c:1331:2
(cherry picked from commit a1dcb73f677969d99df3ccff2acf4737e18a72b1)
commit 591a80fa95b8f3f3e716c45ceb9c5e4ccfa551c8
Author: Mark Andrews <marka@isc.org>
Date: Mon Aug 24 17:34:58 2020 +1000
increment header->count atomically
(cherry picked from commit 121837aa75ced489e28f8ce1dd20315487d199fa)
---
lib/dns/rbtdb.c | 43 +++++++++++++++++++++++++++++++++++--------
1 file changed, 35 insertions(+), 8 deletions(-)
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 88c39bf714..31ced8e73a 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -399,6 +399,23 @@ typedef isc_mutex_t nodelock_t;
#define NODE_WEAKDOWNGRADE(l) ((void)0)
#endif
+#if defined(ISC_PLATFORM_HAVESTDATOMIC)
+#if defined(__cplusplus)
+#include <isc/stdatomic.h>
+#else
+#include <stdatomic.h>
+#endif
+#define DNS_RBTDB_STDATOMIC 1
+#define DNS_RBTDB_INC(x) atomic_fetch_add(&(x), (1))
+#define DNS_RBTDB_LOAD(x) atomic_load(&(x))
+#elif defined(ISC_PLATFORM_HAVEXADD)
+#define DNS_RBTDB_INC(x) isc_atomic_xadd((int *)&(x), 1);
+#define DNS_RBTDB_LOAD(x) isc_atomic_xadd((int *)&(x), 0);
+#else
+#define DNS_RBTDB_INC(x) ((x)++)
+#define DNS_RBTDB_LOAD(x) (x)
+#endif
+
/*%
* Whether to rate-limit updating the LRU to avoid possible thread contention.
* Our performance measurement has shown the cost is marginal, so it's defined
@@ -457,7 +474,11 @@ typedef struct rdatasetheader {
* this rdataset.
*/
- uint32_t count;
+#ifdef DNS_RBTDB_STDATOMIC
+ _Atomic(uint32_t) count;
+#else
+ uint32_t count;
+#endif
/*%<
* Monotonously increased every time this rdataset is bound so that
* it is used as the base of the starting point in DNS responses
@@ -952,7 +973,11 @@ static char FILE_VERSION[32] = "\0";
* that indicates that the database does not implement cyclic
* processing.
*/
+#ifdef DNS_RBTDB_STDATOMIC
+static _Atomic(unsigned int) init_count;
+#else
static unsigned int init_count;
+#endif
/*
* Locking
@@ -3322,7 +3347,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
rdataset->private2 = node;
raw = (unsigned char *)header + sizeof(*header);
rdataset->private3 = raw;
- rdataset->count = header->count++;
+ rdataset->count = DNS_RBTDB_INC(header->count);
if (rdataset->count == UINT32_MAX)
rdataset->count = 0;
@@ -5924,10 +5949,10 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
}
}
- NODE_UNLOCK(lock, locktype);
-
- if (found == NULL)
+ if (found == NULL) {
+ NODE_UNLOCK(lock, locktype);
return (ISC_R_NOTFOUND);
+ }
if (NEGATIVE(found)) {
/*
@@ -5939,6 +5964,8 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
result = DNS_R_NCACHENXRRSET;
}
+ NODE_UNLOCK(lock, locktype);
+
update_cachestats(rbtdb, result);
return (result);
@@ -6839,7 +6866,7 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
newheader->attributes |= RDATASET_ATTR_ZEROTTL;
newheader->noqname = NULL;
newheader->closest = NULL;
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
+ newheader->count = DNS_RBTDB_INC(init_count);
newheader->trust = rdataset->trust;
newheader->additional_auth = NULL;
newheader->additional_glue = NULL;
@@ -7035,7 +7062,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
newheader->trust = 0;
newheader->noqname = NULL;
newheader->closest = NULL;
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
+ newheader->count = DNS_RBTDB_INC(init_count);
newheader->additional_auth = NULL;
newheader->additional_glue = NULL;
newheader->last_used = 0;
@@ -7481,7 +7508,7 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
newheader->serial = 1;
newheader->noqname = NULL;
newheader->closest = NULL;
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
+ newheader->count = DNS_RBTDB_INC(init_count);
newheader->additional_auth = NULL;
newheader->additional_glue = NULL;
newheader->last_used = 0;
--
2.26.2

20
bind.spec
View File

@ -58,7 +58,7 @@
#
# lib*.so.X versions of selected libraries
%global sover_dns 1110
%global sover_dns 1112
%global sover_isc 1107
%global sover_irs 161
%global sover_isccfg 163
@ -66,8 +66,8 @@
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.11.23
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Version: 9.11.24
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -145,10 +145,6 @@ Patch157:bind-9.11-fips-tests.patch
Patch158:bind-9.11-rt31459.patch
# [RT #46047] commit 24172bd2eeba91441ab1c65d2717b0692309244a ISC 4724
Patch159:bind-9.11-rt46047.patch
# commit 66ba2fdad583d962a1f4971c85d58381f0849e4d
# commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c
# commit 083461d3329ff6f2410745848a926090586a9846
Patch160:bind-9.11-rh1624100.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/555
Patch161:bind-9.11-host-idn-disable.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e
@ -166,10 +162,6 @@ Patch174:bind-9.11-json-c.patch
Patch175:bind-9.11-fips-disable.patch
Patch177: bind-9.11-serve-stale.patch
Patch178: bind-9.11-serve-stale-dbfix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1736762
Patch183: bind-9.11-rh1736762-5.patch
# https://gitlab.isc.org/isc-projects/bind9/-/issues/2167
Patch184: bind-9.11.23-atomic.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -571,7 +563,6 @@ are used for building ISC DHCP.
%patch157 -p1 -b .fips-tests
%patch158 -p1 -b .rt31459
%patch159 -p1 -b .rt46047
%patch160 -p1 -b .rh1624100
%patch161 -p1 -b .host-idn-disable
%patch163 -p1 -b .rh1663318
%patch164 -p1 -b .rh1666814
@ -584,8 +575,6 @@ are used for building ISC DHCP.
%patch175 -p1 -b .rh1709553
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .rh1770492
%patch183 -p1 -b .rh1736762-5
%patch184 -p1 -b .rbtdb-atomic
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1619,6 +1608,9 @@ fi;
%endif
%changelog
* Fri Oct 23 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-1
- Update to 9.11.24
* Wed Sep 23 2020 Adrian Reber <adrian@lisas.de> - 32:9.11.23-2
- Rebuilt for protobuf 3.13

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.23.tar.gz) = df374dcfdad5c905d5607fd3a5dcfd236f1c9ee448902db520748a738d1ff2f1761603bf62949d38932fcd3ebbf36e693737c40f0a6233af20ee91c3f9a3f462
SHA512 (bind-9.11.23.tar.gz.asc) = afba039f50ad94fffa7891730d2d506a035f7abedeaec2f05abf19d030ffebc271b49e24adb3720f7bdb73318d52ededf0765ee082a6dc7cd9b581facafd411a
SHA512 (bind-9.11.24.tar.gz) = 30b4910be9e59b1df9184ddbd95341494c08a2c530b02077f28492c248af607d7d4c6666459a0e7cc0e9ad6c2b12ff3e7b03f500a720b39d304008f0ab94d5fa
SHA512 (bind-9.11.24.tar.gz.asc) = 7ec9a0fa9cc61ab64c2c2c67fabfe17311253da509dbe658dfe5a63d4fada2d0800a2e6d388d8303ccaa4ef110c5a110569724030df3a34dee58b0a58904bbcb