Update to 9.11.24
DNS Flag Day 2020 - default ENDS buffer size changed to 1232. https://downloads.isc.org/isc/bind9/9.11.24/RELEASE-NOTES-bind-9.11.24.html
This commit is contained in:
parent
293d93455e
commit
01c5de480b
2
.gitignore
vendored
2
.gitignore
vendored
@ -116,3 +116,5 @@ bind-9.7.2b1.tar.gz
|
||||
/bind-9.11.22.tar.gz.asc
|
||||
/bind-9.11.23.tar.gz
|
||||
/bind-9.11.23.tar.gz.asc
|
||||
/bind-9.11.24.tar.gz
|
||||
/bind-9.11.24.tar.gz.asc
|
||||
|
@ -1,5 +1,5 @@
|
||||
diff --git a/bin/Makefile.in b/bin/Makefile.in
|
||||
index f0c504a..ce7a2da 100644
|
||||
index a18b222..26a7e4e 100644
|
||||
--- a/bin/Makefile.in
|
||||
+++ b/bin/Makefile.in
|
||||
@@ -11,8 +11,8 @@ srcdir = @srcdir@
|
||||
@ -14,7 +14,7 @@ index f0c504a..ce7a2da 100644
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
|
||||
index 4b8ca13..32f4470 100644
|
||||
index 390aa0c..e59a118 100644
|
||||
--- a/bin/dnssec-pkcs11/Makefile.in
|
||||
+++ b/bin/dnssec-pkcs11/Makefile.in
|
||||
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
|
||||
@ -130,7 +130,7 @@ index 4b8ca13..32f4470 100644
|
||||
|
||||
clean distclean::
|
||||
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
|
||||
index 4b8ca13..4175996 100644
|
||||
index 390aa0c..851a008 100644
|
||||
--- a/bin/dnssec/Makefile.in
|
||||
+++ b/bin/dnssec/Makefile.in
|
||||
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
|
||||
@ -143,7 +143,7 @@ index 4b8ca13..4175996 100644
|
||||
CWARNINGS =
|
||||
|
||||
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
|
||||
index 70e5571..b5a4a6b 100644
|
||||
index 7a490fa..1f56836 100644
|
||||
--- a/bin/named-pkcs11/Makefile.in
|
||||
+++ b/bin/named-pkcs11/Makefile.in
|
||||
@@ -43,27 +43,27 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
|
||||
@ -268,7 +268,7 @@ index 70e5571..b5a4a6b 100644
|
||||
@DLZ_DRIVER_RULES@
|
||||
|
||||
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
|
||||
index 70e5571..4cfed4d 100644
|
||||
index 7a490fa..3d8655f 100644
|
||||
--- a/bin/named/Makefile.in
|
||||
+++ b/bin/named/Makefile.in
|
||||
@@ -48,7 +48,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
|
||||
@ -281,10 +281,10 @@ index 70e5571..4cfed4d 100644
|
||||
CWARNINGS =
|
||||
|
||||
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
|
||||
index a058c91..d4b689a 100644
|
||||
index 2c19e7e..8223d5e 100644
|
||||
--- a/bin/pkcs11/Makefile.in
|
||||
+++ b/bin/pkcs11/Makefile.in
|
||||
@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@
|
||||
@@ -13,13 +13,13 @@ top_srcdir = @top_srcdir@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
@ -302,10 +302,10 @@ index a058c91..d4b689a 100644
|
||||
DEPLIBS = ${ISCDEPLIBS}
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 9b7d778..59ba20b 100644
|
||||
index c6715b4..8144268 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1139,12 +1139,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
@@ -1176,12 +1176,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
AC_SUBST(DST_GSSAPI_INC)
|
||||
AC_SUBST(DNS_GSSAPI_LIBS)
|
||||
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
|
||||
@ -320,24 +320,26 @@ index 9b7d778..59ba20b 100644
|
||||
|
||||
#
|
||||
# was --with-randomdev specified?
|
||||
@@ -1494,11 +1496,11 @@ AC_ARG_ENABLE(openssl-hash,
|
||||
@@ -1554,12 +1556,12 @@ AC_ARG_ENABLE(openssl-hash,
|
||||
AC_MSG_CHECKING(for OpenSSL library)
|
||||
OPENSSL_WARNING=
|
||||
openssldirs="/usr /usr/local /usr/local/ssl /opt/local /usr/pkg /usr/sfw"
|
||||
-if test "yes" = "$want_native_pkcs11"
|
||||
-then
|
||||
- use_openssl="native_pkcs11"
|
||||
- want_openssl_hash="no"
|
||||
- AC_MSG_RESULT(use of native PKCS11 instead)
|
||||
-fi
|
||||
+# if test "yes" = "$want_native_pkcs11"
|
||||
+# then
|
||||
+# use_openssl="native_pkcs11"
|
||||
+# AC_MSG_RESULT(use of native PKCS11 instead)
|
||||
+# fi
|
||||
+#if test "yes" = "$want_native_pkcs11"
|
||||
+#then
|
||||
+# use_openssl="native_pkcs11"
|
||||
+# want_openssl_hash="no"
|
||||
+# AC_MSG_RESULT(use of native PKCS11 instead)
|
||||
+#fi
|
||||
|
||||
if test "auto" = "$use_openssl"
|
||||
then
|
||||
@@ -1511,6 +1513,7 @@ then
|
||||
@@ -1572,6 +1574,7 @@ then
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@ -345,7 +347,7 @@ index 9b7d778..59ba20b 100644
|
||||
OPENSSL_ECDSA=""
|
||||
OPENSSL_GOST=""
|
||||
OPENSSL_ED25519=""
|
||||
@@ -1532,11 +1535,10 @@ case "$with_gost" in
|
||||
@@ -1593,11 +1596,10 @@ case "$with_gost" in
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -360,7 +362,7 @@ index 9b7d778..59ba20b 100644
|
||||
CRYPTOLIB="pkcs11"
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
@@ -1546,7 +1548,9 @@ case "$use_openssl" in
|
||||
@@ -1607,7 +1609,9 @@ case "$use_openssl" in
|
||||
OPENSSLGOSTLINKSRCS=""
|
||||
OPENSSLLINKOBJS=""
|
||||
OPENSSLLINKSRCS=""
|
||||
@ -371,7 +373,7 @@ index 9b7d778..59ba20b 100644
|
||||
no)
|
||||
AC_MSG_RESULT(no)
|
||||
DST_OPENSSL_INC=""
|
||||
@@ -1578,7 +1582,7 @@ case "$use_openssl" in
|
||||
@@ -1639,7 +1643,7 @@ case "$use_openssl" in
|
||||
If you do not want OpenSSL, use --without-openssl])
|
||||
;;
|
||||
*)
|
||||
@ -380,7 +382,7 @@ index 9b7d778..59ba20b 100644
|
||||
then
|
||||
AC_MSG_RESULT()
|
||||
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
|
||||
@@ -2006,6 +2010,7 @@ AC_SUBST(OPENSSL_ED25519)
|
||||
@@ -2067,6 +2071,7 @@ AC_SUBST(OPENSSL_ED25519)
|
||||
AC_SUBST(OPENSSL_GOST)
|
||||
|
||||
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
|
||||
@ -388,7 +390,7 @@ index 9b7d778..59ba20b 100644
|
||||
|
||||
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
|
||||
if test "yes" = "$with_aes"
|
||||
@@ -2291,6 +2296,7 @@ esac
|
||||
@@ -2353,6 +2358,7 @@ esac
|
||||
AC_SUBST(PKCS11LINKOBJS)
|
||||
AC_SUBST(PKCS11LINKSRCS)
|
||||
AC_SUBST(CRYPTO)
|
||||
@ -396,7 +398,7 @@ index 9b7d778..59ba20b 100644
|
||||
AC_SUBST(PKCS11_ECDSA)
|
||||
AC_SUBST(PKCS11_GOST)
|
||||
AC_SUBST(PKCS11_ED25519)
|
||||
@@ -5405,8 +5411,11 @@ AC_CONFIG_FILES([
|
||||
@@ -5501,8 +5507,11 @@ AC_CONFIG_FILES([
|
||||
bin/delv/Makefile
|
||||
bin/dig/Makefile
|
||||
bin/dnssec/Makefile
|
||||
@ -408,7 +410,7 @@ index 9b7d778..59ba20b 100644
|
||||
bin/nsupdate/Makefile
|
||||
bin/pkcs11/Makefile
|
||||
bin/python/Makefile
|
||||
@@ -5479,6 +5488,10 @@ AC_CONFIG_FILES([
|
||||
@@ -5575,6 +5584,10 @@ AC_CONFIG_FILES([
|
||||
lib/dns/include/dns/Makefile
|
||||
lib/dns/include/dst/Makefile
|
||||
lib/dns/tests/Makefile
|
||||
@ -419,7 +421,7 @@ index 9b7d778..59ba20b 100644
|
||||
lib/irs/Makefile
|
||||
lib/irs/include/Makefile
|
||||
lib/irs/include/irs/Makefile
|
||||
@@ -5503,6 +5516,24 @@ AC_CONFIG_FILES([
|
||||
@@ -5599,6 +5612,24 @@ AC_CONFIG_FILES([
|
||||
lib/isc/unix/include/Makefile
|
||||
lib/isc/unix/include/isc/Makefile
|
||||
lib/isc/unix/include/pkcs11/Makefile
|
||||
@ -445,7 +447,7 @@ index 9b7d778..59ba20b 100644
|
||||
lib/isccc/include/Makefile
|
||||
lib/isccc/include/isccc/Makefile
|
||||
diff --git a/lib/Makefile.in b/lib/Makefile.in
|
||||
index 81270a0..bcb5312 100644
|
||||
index f089bea..3ed939b 100644
|
||||
--- a/lib/Makefile.in
|
||||
+++ b/lib/Makefile.in
|
||||
@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
|
||||
@ -458,7 +460,7 @@ index 81270a0..bcb5312 100644
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
|
||||
index 7f09bd6..c388d9e 100644
|
||||
index 8fc4e94..5eefb14 100644
|
||||
--- a/lib/dns-pkcs11/Makefile.in
|
||||
+++ b/lib/dns-pkcs11/Makefile.in
|
||||
@@ -26,17 +26,16 @@ VERSION=@BIND9_VERSION@
|
||||
@ -533,7 +535,7 @@ index 7f09bd6..c388d9e 100644
|
||||
rm -f include/dns/rdatastruct.h
|
||||
rm -f dnstap.pb-c.c dnstap.pb-c.h
|
||||
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
|
||||
index 8ad54bb..a3ecdfb 100644
|
||||
index 7e3e9ce..58d7466 100644
|
||||
--- a/lib/isc-pkcs11/Makefile.in
|
||||
+++ b/lib/isc-pkcs11/Makefile.in
|
||||
@@ -23,8 +23,8 @@ CINCLUDES = -I${srcdir}/unix/include \
|
||||
@ -547,7 +549,7 @@ index 8ad54bb..a3ecdfb 100644
|
||||
CWARNINGS =
|
||||
|
||||
# Alphabetically
|
||||
@@ -103,40 +103,40 @@ version.@O@: version.c
|
||||
@@ -107,40 +107,40 @@ version.@O@: version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
@ -601,10 +603,10 @@ index 8ad54bb..a3ecdfb 100644
|
||||
+ rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \
|
||||
+ libisc-pkcs11-nosymtbl.la timestamp
|
||||
diff --git a/make/includes.in b/make/includes.in
|
||||
index fa86ad1..3cfbe9f 100644
|
||||
index 66efe68..966671f 100644
|
||||
--- a/make/includes.in
|
||||
+++ b/make/includes.in
|
||||
@@ -43,3 +43,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
|
||||
@@ -41,3 +41,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
|
||||
|
||||
TEST_INCLUDES = \
|
||||
-I${top_srcdir}/lib/tests/include
|
||||
|
@ -1,4 +1,4 @@
|
||||
From da45a97312a63f815b295167c3f3abb9fe8941a3 Mon Sep 17 00:00:00 2001
|
||||
From 14ad3e0b42bc999072d30268396412bec158a22d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
@ -96,17 +96,15 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
bin/tests/system/rndc/setup.sh | 2 +-
|
||||
bin/tests/system/rndc/tests.sh | 23 ++++---
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 65 +++++++++++-------
|
||||
bin/tests/system/tsiggss/setup.sh | 2 +-
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
44 files changed, 230 insertions(+), 170 deletions(-)
|
||||
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
43 files changed, 220 insertions(+), 170 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 0ea6502..026db3f 100644
|
||||
index 9999ada..e3f8d0e 100644
|
||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@ -125,7 +123,7 @@ index 0ea6502..026db3f 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
index b877880..d8f50be 100644
|
||||
index f8ec34e..d2d6ad3 100644
|
||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@ -144,7 +142,7 @@ index b877880..d8f50be 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
index 0a95062..aa54088 100644
|
||||
index 2acb813..6a00344 100644
|
||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
@@ -33,17 +33,17 @@ options {
|
||||
@ -169,7 +167,7 @@ index 0a95062..aa54088 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
index 7cdcb6e..606a345 100644
|
||||
index bca3ee1..5913420 100644
|
||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@ -188,7 +186,7 @@ index 7cdcb6e..606a345 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index 4b4e050..0e679a8 100644
|
||||
index 9ef8171..5ae8d38 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -34,12 +34,12 @@ options {
|
||||
@ -207,7 +205,7 @@ index 4b4e050..0e679a8 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
||||
index 09f31f2..f88f0d4 100644
|
||||
index 2ee34a0..a73a54e 100644
|
||||
--- a/bin/tests/system/acl/tests.sh
|
||||
+++ b/bin/tests/system/acl/tests.sh
|
||||
@@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
|
||||
@ -333,7 +331,7 @@ index 09f31f2..f88f0d4 100644
|
||||
|
||||
echo_i "testing allow-query-on ACL processing"
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
index 1569913..e9c5c2d 100644
|
||||
index a579f32..3b8f853 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -346,7 +344,7 @@ index 1569913..e9c5c2d 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
index 18ac91c..2b1c873 100644
|
||||
index 166afa1..997ece9 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
@@ -12,12 +12,12 @@
|
||||
@ -365,7 +363,7 @@ index 18ac91c..2b1c873 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
index b824844..dd48945 100644
|
||||
index 25271a5..a9cb65d 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -378,7 +376,7 @@ index b824844..dd48945 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
index aeb1540..bfce58b 100644
|
||||
index c7c8254..f165e65 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -391,7 +389,7 @@ index aeb1540..bfce58b 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
index d4b7432..e0f5252 100644
|
||||
index 567bbcc..4fd2035 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
@@ -12,12 +12,12 @@
|
||||
@ -410,7 +408,7 @@ index d4b7432..e0f5252 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
index c025938..87afb3f 100644
|
||||
index b75161f..7b254e6 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -423,7 +421,7 @@ index c025938..87afb3f 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
index d83b376..d726b94 100644
|
||||
index 9e17818..22f5001 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
||||
@ -442,7 +440,7 @@ index d83b376..d726b94 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
|
||||
index fb6059d..f960156 100644
|
||||
index 791a1a4..95cd971 100644
|
||||
--- a/bin/tests/system/allow-query/tests.sh
|
||||
+++ b/bin/tests/system/allow-query/tests.sh
|
||||
@@ -190,7 +190,7 @@ rndc_reload
|
||||
@ -527,7 +525,7 @@ index fb6059d..f960156 100644
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
||||
index 74b7d37..c353766 100644
|
||||
index 6856ec7..0ac1fa3 100644
|
||||
--- a/bin/tests/system/catz/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
||||
@@ -61,5 +61,5 @@ zone "catalog4.example" {
|
||||
@ -538,7 +536,7 @@ index 74b7d37..c353766 100644
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in
|
||||
index ee83efb..35ced08 100644
|
||||
index dd3a9dc..77b8d96 100644
|
||||
--- a/bin/tests/system/catz/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns2/named.conf.in
|
||||
@@ -70,5 +70,5 @@ zone "catalog4.example" {
|
||||
@ -549,7 +547,7 @@ index ee83efb..35ced08 100644
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
index 21be03e..e57c308 100644
|
||||
index 338dddb..90cd424 100644
|
||||
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
||||
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
@@ -11,7 +11,7 @@
|
||||
@ -562,7 +560,7 @@ index 21be03e..e57c308 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
||||
index 09d188a..7cf4030 100644
|
||||
index 2282f87..1359cf3 100644
|
||||
--- a/bin/tests/system/checkconf/good.conf
|
||||
+++ b/bin/tests/system/checkconf/good.conf
|
||||
@@ -159,6 +159,6 @@ dyndb "name" "library.so" {
|
||||
@ -574,7 +572,7 @@ index 09d188a..7cf4030 100644
|
||||
secret "qwertyuiopasdfgh";
|
||||
};
|
||||
diff --git a/bin/tests/system/digdelv/ns2/example.db b/bin/tests/system/digdelv/ns2/example.db
|
||||
index f4e30f5..9f53e31 100644
|
||||
index b66207a..359b220 100644
|
||||
--- a/bin/tests/system/digdelv/ns2/example.db
|
||||
+++ b/bin/tests/system/digdelv/ns2/example.db
|
||||
@@ -38,12 +38,15 @@ foo SSHFP 2 1 123456789abcdef67890123456789abcdef67890
|
||||
@ -600,7 +598,7 @@ index f4e30f5..9f53e31 100644
|
||||
; TTL of 3 weeks
|
||||
weeks 1814400 A 10.53.0.2
|
||||
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
|
||||
index 3d1010e..fa9eb92 100644
|
||||
index 2109001..ded5557 100644
|
||||
--- a/bin/tests/system/digdelv/tests.sh
|
||||
+++ b/bin/tests/system/digdelv/tests.sh
|
||||
@@ -155,7 +155,7 @@ if [ -x "$DIG" ] ; then
|
||||
@ -648,7 +646,7 @@ index 3d1010e..fa9eb92 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -799,7 +799,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -827,7 +827,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +rrcomments works for DNSKEY($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -657,7 +655,7 @@ index 3d1010e..fa9eb92 100644
|
||||
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
@@ -808,7 +808,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -836,7 +836,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -666,7 +664,7 @@ index 3d1010e..fa9eb92 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -816,7 +816,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -844,7 +844,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +rrcomments works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -675,7 +673,7 @@ index 3d1010e..fa9eb92 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -824,7 +824,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -852,7 +852,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +nosplit works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -684,7 +682,7 @@ index 3d1010e..fa9eb92 100644
|
||||
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
|
||||
f=`awk '{print NF}' < delv.out.test$n`
|
||||
test "${f:-0}" -eq 14 || ret=1
|
||||
@@ -835,7 +835,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -863,7 +863,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -694,7 +692,7 @@ index 3d1010e..fa9eb92 100644
|
||||
f=`awk '{print NF}' < delv.out.test$n`
|
||||
test "${f:-0}" -eq 4 || ret=1
|
||||
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
|
||||
index 606e7cc..a3a0d60 100755
|
||||
index 14ca5db..3f522d0 100755
|
||||
--- a/bin/tests/system/dlv/ns1/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns1/sign.sh
|
||||
@@ -23,8 +23,8 @@ infile=root.db.in
|
||||
@ -709,7 +707,7 @@ index 606e7cc..a3a0d60 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
|
||||
index 9825c57..202c978 100755
|
||||
index d870798..b0ab372 100755
|
||||
--- a/bin/tests/system/dlv/ns2/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns2/sign.sh
|
||||
@@ -24,8 +24,8 @@ zonefile=druz.db
|
||||
@ -724,7 +722,7 @@ index 9825c57..202c978 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
|
||||
index 1e39862..4ed19ac 100755
|
||||
index ba39f90..f20a2dd 100755
|
||||
--- a/bin/tests/system/dlv/ns6/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns6/sign.sh
|
||||
@@ -16,13 +16,15 @@ SYSTESTDIR=dlv
|
||||
@ -911,7 +909,7 @@ index 1e39862..4ed19ac 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
|
||||
index 7f95c8a..3a9251b 100644
|
||||
index e28b3f1..29c169b 100644
|
||||
--- a/bin/tests/system/dnssec/ns2/sign.sh
|
||||
+++ b/bin/tests/system/dnssec/ns2/sign.sh
|
||||
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
|
||||
@ -944,7 +942,7 @@ index 7f95c8a..3a9251b 100644
|
||||
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
|
||||
|
||||
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
index ed30460..e6b1126 100644
|
||||
index 75cf699..b4d848c 100644
|
||||
--- a/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
+++ b/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
@@ -10,5 +10,5 @@
|
||||
@ -955,7 +953,7 @@ index ed30460..e6b1126 100644
|
||||
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
|
||||
};
|
||||
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
|
||||
index 6f7eaa7..bd2778b 100644
|
||||
index 3e8e4d5..da692f9 100644
|
||||
--- a/bin/tests/system/dnssec/tests.sh
|
||||
+++ b/bin/tests/system/dnssec/tests.sh
|
||||
@@ -3257,8 +3257,8 @@ do
|
||||
@ -970,7 +968,7 @@ index 6f7eaa7..bd2778b 100644
|
||||
8) size="-b 512";;
|
||||
10) size="-b 1024";;
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index c1249ed..20a3139 100644
|
||||
index 5e473ab..b08692e 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -19,6 +19,7 @@
|
||||
@ -982,14 +980,14 @@ index c1249ed..20a3139 100644
|
||||
|
||||
#ifdef WIN32
|
||||
@@ -47,6 +48,7 @@ usage() {
|
||||
fprintf(stderr, " --have-geoip2\n");
|
||||
fprintf(stderr, " --have-libxml2\n");
|
||||
fprintf(stderr, " --ipv6only=no\n");
|
||||
+ fprintf(stderr, " --md5\n");
|
||||
fprintf(stderr, " --rpz-nsdname\n");
|
||||
fprintf(stderr, " --rpz-nsip\n");
|
||||
fprintf(stderr, " --with-idn\n");
|
||||
@@ -155,6 +157,18 @@ main(int argc, char **argv) {
|
||||
fprintf(stderr, "\t--have-geoip\n");
|
||||
fprintf(stderr, "\t--have-libxml2\n");
|
||||
fprintf(stderr, "\t--ipv6only=no\n");
|
||||
+ fprintf(stderr, "\t--md5\n");
|
||||
fprintf(stderr, "\t--rpz-log-qtype-qclass\n");
|
||||
fprintf(stderr, "\t--rpz-nsdname\n");
|
||||
fprintf(stderr, "\t--rpz-nsip\n");
|
||||
@@ -194,6 +196,18 @@ main(int argc, char **argv) {
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -1009,7 +1007,7 @@ index c1249ed..20a3139 100644
|
||||
#ifdef ENABLE_RPZ_NSIP
|
||||
return (0);
|
||||
diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh
|
||||
index f755581..4a7d890 100755
|
||||
index 479f98c..4d4a765 100755
|
||||
--- a/bin/tests/system/filter-aaaa/ns1/sign.sh
|
||||
+++ b/bin/tests/system/filter-aaaa/ns1/sign.sh
|
||||
@@ -21,8 +21,8 @@ infile=signed.db.in
|
||||
@ -1024,7 +1022,7 @@ index f755581..4a7d890 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh
|
||||
index f755581..4a7d890 100755
|
||||
index 479f98c..4d4a765 100755
|
||||
--- a/bin/tests/system/filter-aaaa/ns4/sign.sh
|
||||
+++ b/bin/tests/system/filter-aaaa/ns4/sign.sh
|
||||
@@ -21,8 +21,8 @@ infile=signed.db.in
|
||||
@ -1039,7 +1037,7 @@ index f755581..4a7d890 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
||||
index cfcfe8f..0a1614d 100644
|
||||
index 157ef16..b802288 100644
|
||||
--- a/bin/tests/system/notify/ns5/named.conf.in
|
||||
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
||||
@@ -10,17 +10,17 @@
|
||||
@ -1064,7 +1062,7 @@ index cfcfe8f..0a1614d 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
||||
index c112d2c..987b6de 100644
|
||||
index f9fd3f5..916af75 100644
|
||||
--- a/bin/tests/system/notify/tests.sh
|
||||
+++ b/bin/tests/system/notify/tests.sh
|
||||
@@ -212,16 +212,16 @@ ret=0
|
||||
@ -1088,7 +1086,7 @@ index c112d2c..987b6de 100644
|
||||
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
|
||||
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
|
||||
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
index e90907a..540a984 100644
|
||||
index b0ded3a..cb80269 100644
|
||||
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
@@ -32,7 +32,7 @@ controls {
|
||||
@ -1101,7 +1099,7 @@ index e90907a..540a984 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
index 4549184..cb7dccd 100644
|
||||
index e6e2382..b0a94e0 100644
|
||||
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
@@ -33,7 +33,7 @@ controls {
|
||||
@ -1114,7 +1112,7 @@ index 4549184..cb7dccd 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||
index a35b8ee..8383162 100644
|
||||
index 6fbf1d7..a712b17 100644
|
||||
--- a/bin/tests/system/nsupdate/setup.sh
|
||||
+++ b/bin/tests/system/nsupdate/setup.sh
|
||||
@@ -53,7 +53,12 @@ EOF
|
||||
@ -1132,10 +1130,10 @@ index a35b8ee..8383162 100644
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index 14952c8..5c51972 100755
|
||||
index 6b2c8f6..96ad95e 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -760,7 +760,14 @@ fi
|
||||
@@ -788,7 +788,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms ($n)"
|
||||
@ -1151,7 +1149,7 @@ index 14952c8..5c51972 100755
|
||||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -768,7 +775,7 @@ send
|
||||
@@ -796,7 +803,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
@ -1161,7 +1159,7 @@ index 14952c8..5c51972 100755
|
||||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
||||
index 8521ff8..565a1d7 100644
|
||||
index 2eb2cd5..36f5114 100644
|
||||
--- a/bin/tests/system/rndc/setup.sh
|
||||
+++ b/bin/tests/system/rndc/setup.sh
|
||||
@@ -35,7 +35,7 @@ make_key () {
|
||||
@ -1174,7 +1172,7 @@ index 8521ff8..565a1d7 100644
|
||||
make_key 3 ${EXTRAPORT3} hmac-sha224
|
||||
make_key 4 ${EXTRAPORT4} hmac-sha256
|
||||
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
||||
index 57e066d..186a723 100644
|
||||
index 4e25e51..cb8934c 100644
|
||||
--- a/bin/tests/system/rndc/tests.sh
|
||||
+++ b/bin/tests/system/rndc/tests.sh
|
||||
@@ -348,15 +348,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@ -1208,7 +1206,7 @@ index 57e066d..186a723 100644
|
||||
n=`expr $n + 1`
|
||||
echo_i "testing rndc with hmac-sha1 ($n)"
|
||||
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
index fbf30c6..f61657d 100644
|
||||
index 4905ffd..958d9fb 100644
|
||||
--- a/bin/tests/system/tsig/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
@@ -21,10 +21,7 @@ options {
|
||||
@ -1235,24 +1233,8 @@ index fbf30c6..f61657d 100644
|
||||
|
||||
key "sha1-trunc" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
new file mode 100644
|
||||
index 0000000..0682194
|
||||
--- /dev/null
|
||||
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Conditionally included when support for MD5 is available
|
||||
+key "md5" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5;
|
||||
+};
|
||||
+
|
||||
+key "md5-trunc" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5-80;
|
||||
+};
|
||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||
index 9a8ab2e..1311689 100644
|
||||
index f42aa79..bfcf4a6 100644
|
||||
--- a/bin/tests/system/tsig/setup.sh
|
||||
+++ b/bin/tests/system/tsig/setup.sh
|
||||
@@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
|
||||
@ -1265,7 +1247,7 @@ index 9a8ab2e..1311689 100644
|
||||
+ cat ns1/rndc5.conf.in >> ns1/named.conf
|
||||
+fi
|
||||
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
||||
index 526dbca..bf359a4 100644
|
||||
index ed41e1d..98c542e 100644
|
||||
--- a/bin/tests/system/tsig/tests.sh
|
||||
+++ b/bin/tests/system/tsig/tests.sh
|
||||
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
@ -1356,7 +1338,7 @@ index 526dbca..bf359a4 100644
|
||||
|
||||
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
||||
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
|
||||
index 49510b4..8d8bb2a 100644
|
||||
index f04c907..09da5f9 100644
|
||||
--- a/bin/tests/system/tsiggss/setup.sh
|
||||
+++ b/bin/tests/system/tsiggss/setup.sh
|
||||
@@ -16,5 +16,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
|
||||
@ -1367,7 +1349,7 @@ index 49510b4..8d8bb2a 100644
|
||||
+key=`$KEYGEN -Cq -K ns1 -a DSA -b 1024 -r $RANDFILE -n HOST -T KEY key.example.nil.`
|
||||
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
|
||||
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
index e0a30cd..6a77b1c 100644
|
||||
index 4ddd7a4..238f52a 100644
|
||||
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@ -1380,7 +1362,7 @@ index e0a30cd..6a77b1c 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
||||
index b0694bb..9adae82 100644
|
||||
index 1cf8d3b..f4c3216 100644
|
||||
--- a/bin/tests/system/upforwd/tests.sh
|
||||
+++ b/bin/tests/system/upforwd/tests.sh
|
||||
@@ -68,7 +68,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
|
@ -1,288 +0,0 @@
|
||||
From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
|
||||
Date: Wed, 25 Apr 2018 14:04:31 +0200
|
||||
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
|
||||
|
||||
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
|
||||
|
||||
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
|
||||
|
||||
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
|
||||
|
||||
Fix the isc_safe_memwipe() usage with (NULL, >0)
|
||||
|
||||
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
|
||||
---
|
||||
bin/dnssec/dnssec-signzone.c | 2 +-
|
||||
lib/dns/nsec3.c | 4 +-
|
||||
lib/dns/spnego.c | 4 +-
|
||||
lib/isc/Makefile.in | 8 +---
|
||||
lib/isc/include/isc/safe.h | 18 ++------
|
||||
lib/isc/safe.c | 83 ------------------------------------
|
||||
lib/isc/tests/safe_test.c | 18 --------
|
||||
7 files changed, 11 insertions(+), 126 deletions(-)
|
||||
delete mode 100644 lib/isc/safe.c
|
||||
|
||||
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
|
||||
index 6dded0c..a9c5557 100644
|
||||
--- a/bin/dnssec/dnssec-signzone.c
|
||||
+++ b/bin/dnssec/dnssec-signzone.c
|
||||
@@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
|
||||
|
||||
static int
|
||||
hashlist_comp(const void *a, const void *b) {
|
||||
- return (isc_safe_memcompare(a, b, hash_length + 1));
|
||||
+ return (memcmp(a, b, hash_length + 1));
|
||||
}
|
||||
|
||||
static void
|
||||
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
|
||||
index 6ae7ca8..01426d6 100644
|
||||
--- a/lib/dns/nsec3.c
|
||||
+++ b/lib/dns/nsec3.c
|
||||
@@ -1963,7 +1963,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
|
||||
* Work out what this NSEC3 covers.
|
||||
* Inside (<0) or outside (>=0).
|
||||
*/
|
||||
- scope = isc_safe_memcompare(owner, nsec3.next, nsec3.next_length);
|
||||
+ scope = memcmp(owner, nsec3.next, nsec3.next_length);
|
||||
|
||||
/*
|
||||
* Prepare to compute all the hashes.
|
||||
@@ -1987,7 +1987,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
|
||||
return (ISC_R_IGNORE);
|
||||
}
|
||||
|
||||
- order = isc_safe_memcompare(hash, owner, length);
|
||||
+ order = memcmp(hash, owner, length);
|
||||
if (first && order == 0) {
|
||||
/*
|
||||
* The hashes are the same.
|
||||
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
|
||||
index ad77f24..670982a 100644
|
||||
--- a/lib/dns/spnego.c
|
||||
+++ b/lib/dns/spnego.c
|
||||
@@ -371,7 +371,7 @@ gssapi_spnego_decapsulate(OM_uint32 *,
|
||||
|
||||
/* mod_auth_kerb.c */
|
||||
|
||||
-static int
|
||||
+static isc_boolean_t
|
||||
cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
|
||||
{
|
||||
unsigned char *p;
|
||||
@@ -395,7 +395,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
|
||||
if (((OM_uint32) *p++) != gssoid->length)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
|
||||
- return (isc_safe_memcompare(p, gssoid->elements, gssoid->length));
|
||||
+ return (!isc_safe_memequal(p, gssoid->elements, gssoid->length));
|
||||
}
|
||||
|
||||
/* accept_sec_context.c */
|
||||
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
|
||||
index 149552a..8529a86 100644
|
||||
--- a/lib/isc/Makefile.in
|
||||
+++ b/lib/isc/Makefile.in
|
||||
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
|
||||
parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \
|
||||
ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
|
||||
rwlock.@O@ \
|
||||
- safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
|
||||
+ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
|
||||
string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
|
||||
tm.@O@ timer.@O@ utf8.@O@ version.@O@ \
|
||||
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
|
||||
@@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
|
||||
netaddr.c netscope.c pool.c ondestroy.c \
|
||||
parseint.c portset.c quota.c radix.c random.c ${CHACHASRCS} \
|
||||
ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
|
||||
- safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
|
||||
+ serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
|
||||
strtoul.c symtab.c task.c taskpool.c timer.c \
|
||||
tm.c utf8.c version.c
|
||||
|
||||
@@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
-safe.@O@: safe.c
|
||||
- ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} @CCNOOPT@ \
|
||||
- -c ${srcdir}/safe.c
|
||||
-
|
||||
version.@O@: version.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
-DVERSION=\"${VERSION}\" \
|
||||
diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
|
||||
index 66ed08b..88b8f47 100644
|
||||
--- a/lib/isc/include/isc/safe.h
|
||||
+++ b/lib/isc/include/isc/safe.h
|
||||
@@ -15,29 +15,19 @@
|
||||
|
||||
/*! \file isc/safe.h */
|
||||
|
||||
-#include <stdbool.h>
|
||||
-
|
||||
-#include <isc/types.h>
|
||||
-#include <stdlib.h>
|
||||
+#include <isc/lang.h>
|
||||
+#include <openssl/crypto.h>
|
||||
|
||||
ISC_LANG_BEGINDECLS
|
||||
|
||||
-bool
|
||||
-isc_safe_memequal(const void *s1, const void *s2, size_t n);
|
||||
+#define isc_safe_memequal(s1, s2, n) !CRYPTO_memcmp(s1, s2, n)
|
||||
/*%<
|
||||
* Returns true iff. two blocks of memory are equal, otherwise
|
||||
* false.
|
||||
*
|
||||
*/
|
||||
|
||||
-int
|
||||
-isc_safe_memcompare(const void *b1, const void *b2, size_t len);
|
||||
-/*%<
|
||||
- * Clone of libc memcmp() which is safe to differential timing attacks.
|
||||
- */
|
||||
-
|
||||
-void
|
||||
-isc_safe_memwipe(void *ptr, size_t len);
|
||||
+#define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len)
|
||||
/*%<
|
||||
* Clear the memory of length `len` pointed to by `ptr`.
|
||||
*
|
||||
diff --git a/lib/isc/safe.c b/lib/isc/safe.c
|
||||
deleted file mode 100644
|
||||
index 7a464b6..0000000
|
||||
--- a/lib/isc/safe.c
|
||||
+++ /dev/null
|
||||
@@ -1,83 +0,0 @@
|
||||
-/*
|
||||
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
- *
|
||||
- * This Source Code Form is subject to the terms of the Mozilla Public
|
||||
- * License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
- *
|
||||
- * See the COPYRIGHT file distributed with this work for additional
|
||||
- * information regarding copyright ownership.
|
||||
- */
|
||||
-
|
||||
-/*! \file */
|
||||
-
|
||||
-#include <config.h>
|
||||
-
|
||||
-#include <stdbool.h>
|
||||
-
|
||||
-#include <isc/safe.h>
|
||||
-#include <isc/string.h>
|
||||
-#include <isc/util.h>
|
||||
-
|
||||
-#ifdef WIN32
|
||||
-#include <windows.h>
|
||||
-#endif
|
||||
-
|
||||
-#ifdef _MSC_VER
|
||||
-#pragma optimize("", off)
|
||||
-#endif
|
||||
-
|
||||
-bool
|
||||
-isc_safe_memequal(const void *s1, const void *s2, size_t n) {
|
||||
- uint8_t acc = 0;
|
||||
-
|
||||
- if (n != 0U) {
|
||||
- const uint8_t *p1 = s1, *p2 = s2;
|
||||
-
|
||||
- do {
|
||||
- acc |= *p1++ ^ *p2++;
|
||||
- } while (--n != 0U);
|
||||
- }
|
||||
- return (acc == 0);
|
||||
-}
|
||||
-
|
||||
-
|
||||
-int
|
||||
-isc_safe_memcompare(const void *b1, const void *b2, size_t len) {
|
||||
- const unsigned char *p1 = b1, *p2 = b2;
|
||||
- size_t i;
|
||||
- int res = 0, done = 0;
|
||||
-
|
||||
- for (i = 0; i < len; i++) {
|
||||
- /* lt is -1 if p1[i] < p2[i]; else 0. */
|
||||
- int lt = (p1[i] - p2[i]) >> CHAR_BIT;
|
||||
-
|
||||
- /* gt is -1 if p1[i] > p2[i]; else 0. */
|
||||
- int gt = (p2[i] - p1[i]) >> CHAR_BIT;
|
||||
-
|
||||
- /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
|
||||
- int cmp = lt - gt;
|
||||
-
|
||||
- /* set res = cmp if !done. */
|
||||
- res |= cmp & ~done;
|
||||
-
|
||||
- /* set done if p1[i] != p2[i]. */
|
||||
- done |= lt | gt;
|
||||
- }
|
||||
-
|
||||
- return (res);
|
||||
-}
|
||||
-
|
||||
-void
|
||||
-isc_safe_memwipe(void *ptr, size_t len) {
|
||||
- if (ISC_UNLIKELY(ptr == NULL || len == 0))
|
||||
- return;
|
||||
-
|
||||
-#ifdef WIN32
|
||||
- SecureZeroMemory(ptr, len);
|
||||
-#elif HAVE_EXPLICIT_BZERO
|
||||
- explicit_bzero(ptr, len);
|
||||
-#else
|
||||
- memset(ptr, 0, len);
|
||||
-#endif
|
||||
-}
|
||||
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
|
||||
index 266ac75..60e9181 100644
|
||||
--- a/lib/isc/tests/safe_test.c
|
||||
+++ b/lib/isc/tests/safe_test.c
|
||||
@@ -45,22 +45,6 @@ isc_safe_memequal_test(void **state) {
|
||||
"\x00\x00\x00\x00", 4));
|
||||
}
|
||||
|
||||
-/* test isc_safe_memcompare() */
|
||||
-static void
|
||||
-isc_safe_memcompare_test(void **state) {
|
||||
- UNUSED(state);
|
||||
-
|
||||
- assert_int_equal(isc_safe_memcompare("test", "test", 4), 0);
|
||||
- assert_true(isc_safe_memcompare("test", "tesc", 4) > 0);
|
||||
- assert_true(isc_safe_memcompare("test", "tesy", 4) < 0);
|
||||
- assert_int_equal(isc_safe_memcompare("\x00\x00\x00\x00",
|
||||
- "\x00\x00\x00\x00", 4), 0);
|
||||
- assert_true(isc_safe_memcompare("\x00\x00\x00\x00",
|
||||
- "\x00\x00\x00\x01", 4) < 0);
|
||||
- assert_true(isc_safe_memcompare("\x00\x00\x00\x02",
|
||||
- "\x00\x00\x00\x00", 4) > 0);
|
||||
-}
|
||||
-
|
||||
/* test isc_safe_memwipe() */
|
||||
static void
|
||||
isc_safe_memwipe_test(void **state) {
|
||||
@@ -69,7 +53,6 @@ isc_safe_memwipe_test(void **state) {
|
||||
/* These should pass. */
|
||||
isc_safe_memwipe(NULL, 0);
|
||||
isc_safe_memwipe((void *) -1, 0);
|
||||
- isc_safe_memwipe(NULL, 42);
|
||||
|
||||
/*
|
||||
* isc_safe_memwipe(ptr, size) should function same as
|
||||
@@ -108,7 +91,6 @@ main(void) {
|
||||
const struct CMUnitTest tests[] = {
|
||||
cmocka_unit_test(isc_safe_memequal_test),
|
||||
cmocka_unit_test(isc_safe_memwipe_test),
|
||||
- cmocka_unit_test(isc_safe_memcompare_test),
|
||||
};
|
||||
|
||||
return (cmocka_run_group_tests(tests, NULL, NULL));
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,59 +0,0 @@
|
||||
From 6257d829c9d7e71ac51bcdc6b5b981c7a19200e2 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Andrews <marka@isc.org>
|
||||
Date: Mon, 25 Nov 2019 05:46:55 +0000
|
||||
Subject: [PATCH] Merge branch
|
||||
'1373-threadsanitizer-data-race-rbtdb-c-5193-in-detachnode' into 'master'
|
||||
|
||||
Resolve "ThreadSanitizer: data race rbtdb.c:5193 in detachnode"
|
||||
|
||||
Closes #1373
|
||||
|
||||
See merge request isc-projects/bind9!2598
|
||||
---
|
||||
lib/dns/include/dns/rbt.h | 22 +++++++++-------------
|
||||
1 file changed, 9 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h
|
||||
index 67ac3e4d8a..a084bd6193 100644
|
||||
--- a/lib/dns/include/dns/rbt.h
|
||||
+++ b/lib/dns/include/dns/rbt.h
|
||||
@@ -49,10 +49,7 @@ ISC_LANG_BEGINDECLS
|
||||
|
||||
#define DNS_RBT_USEMAGIC 1
|
||||
|
||||
-/*
|
||||
- * These should add up to 30.
|
||||
- */
|
||||
-#define DNS_RBT_LOCKLENGTH 10
|
||||
+#define DNS_RBT_LOCKLENGTH (sizeof(((dns_rbtnode_t *)0)->locknum)*8)
|
||||
#define DNS_RBT_REFLENGTH 20
|
||||
|
||||
#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O')
|
||||
@@ -159,16 +156,15 @@ struct dns_rbtnode {
|
||||
* separate region of memory.
|
||||
*/
|
||||
void *data;
|
||||
- unsigned int :0; /* start of bitfields c/o node lock */
|
||||
- unsigned int dirty:1;
|
||||
- unsigned int wild:1;
|
||||
- unsigned int locknum:DNS_RBT_LOCKLENGTH;
|
||||
-#ifndef DNS_RBT_USEISCREFCOUNT
|
||||
- unsigned int references:DNS_RBT_REFLENGTH;
|
||||
-#endif
|
||||
- unsigned int :0; /* end of bitfields c/o node lock */
|
||||
+ uint8_t :0; /* start of bitfields c/o node lock */
|
||||
+ uint8_t dirty:1;
|
||||
+ uint8_t wild:1;
|
||||
+ uint8_t :0; /* end of bitfields c/o node lock */
|
||||
+ uint16_t locknum; /* note that this is not in the bitfield */
|
||||
#ifdef DNS_RBT_USEISCREFCOUNT
|
||||
- isc_refcount_t references; /* note that this is not in the bitfield */
|
||||
+ isc_refcount_t references;
|
||||
+#else
|
||||
+ unsigned int references:DNS_RBT_REFLENGTH;
|
||||
#endif
|
||||
/*@}*/
|
||||
};
|
||||
--
|
||||
2.21.0
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 8a064944dc10421a387725a365650d656d2a97f1 Mon Sep 17 00:00:00 2001
|
||||
From af3b530773231f8cff6548e36962ad1f25e38c5d Mon Sep 17 00:00:00 2001
|
||||
From: Evan Hunt <each@isc.org>
|
||||
Date: Thu, 28 Sep 2017 10:09:22 -0700
|
||||
Subject: [PATCH] completed and corrected the crypto-random change
|
||||
@ -45,13 +45,13 @@ Subject: [PATCH] completed and corrected the crypto-random change
|
||||
lib/dns/include/dst/dst.h | 14 +++++-
|
||||
lib/dns/openssl_link.c | 3 +-
|
||||
lib/isc/include/isc/entropy.h | 48 +++++++++++++++------
|
||||
lib/isc/include/isc/random.h | 28 +++++++-----
|
||||
lib/isc/include/isc/random.h | 26 +++++++----
|
||||
lib/isccfg/namedconf.c | 2 +-
|
||||
23 files changed, 240 insertions(+), 104 deletions(-)
|
||||
23 files changed, 240 insertions(+), 102 deletions(-)
|
||||
create mode 100644 doc/arm/notes-rh-changes.xml
|
||||
|
||||
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
|
||||
index 295e16f..0f79aa8 100644
|
||||
index bd269e7..1ac775f 100644
|
||||
--- a/bin/confgen/keygen.c
|
||||
+++ b/bin/confgen/keygen.c
|
||||
@@ -161,17 +161,15 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
|
||||
@ -78,7 +78,7 @@ index 295e16f..0f79aa8 100644
|
||||
&entropy_source,
|
||||
randomfile,
|
||||
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
|
||||
index 1826919..96543fc 100644
|
||||
index bd19e1d..2c09b30 100644
|
||||
--- a/bin/dnssec/dnssec-keygen.docbook
|
||||
+++ b/bin/dnssec/dnssec-keygen.docbook
|
||||
@@ -349,15 +349,23 @@
|
||||
@ -114,7 +114,7 @@ index 1826919..96543fc 100644
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
|
||||
index 5654435..24c0d5a 100644
|
||||
index 2a0f9c6..6fcd411 100644
|
||||
--- a/bin/dnssec/dnssectool.c
|
||||
+++ b/bin/dnssec/dnssectool.c
|
||||
@@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@ -142,10 +142,10 @@ index 5654435..24c0d5a 100644
|
||||
usekeyboard);
|
||||
|
||||
diff --git a/bin/named/client.c b/bin/named/client.c
|
||||
index f4a5ff9..58549d3 100644
|
||||
index 4a50ad9..4d140e8 100644
|
||||
--- a/bin/named/client.c
|
||||
+++ b/bin/named/client.c
|
||||
@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
|
||||
@@ -1768,7 +1768,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
|
||||
|
||||
isc_buffer_init(&buf, cookie, sizeof(cookie));
|
||||
isc_stdtime_get(&now);
|
||||
@ -156,7 +156,7 @@ index f4a5ff9..58549d3 100644
|
||||
compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
|
||||
|
||||
diff --git a/bin/named/config.c b/bin/named/config.c
|
||||
index eef8181..ff868b8 100644
|
||||
index 9b343fa..5e663c6 100644
|
||||
--- a/bin/named/config.c
|
||||
+++ b/bin/named/config.c
|
||||
@@ -98,7 +98,9 @@ options {\n\
|
||||
@ -171,10 +171,10 @@ index eef8181..ff868b8 100644
|
||||
#endif
|
||||
" recursing-file \"named.recursing\";\n\
|
||||
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
|
||||
index d955c2f..40621f2 100644
|
||||
index 9fdf49b..42128dc 100644
|
||||
--- a/bin/named/controlconf.c
|
||||
+++ b/bin/named/controlconf.c
|
||||
@@ -325,9 +325,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
|
||||
@@ -327,9 +327,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
|
||||
|
||||
static void
|
||||
control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
@ -188,7 +188,7 @@ index d955c2f..40621f2 100644
|
||||
isccc_sexpr_t *request = NULL;
|
||||
isccc_sexpr_t *response = NULL;
|
||||
uint32_t algorithm;
|
||||
@@ -338,16 +339,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
@@ -340,16 +341,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
isc_buffer_t *text;
|
||||
isc_result_t result;
|
||||
isc_result_t eresult;
|
||||
@ -208,7 +208,7 @@ index d955c2f..40621f2 100644
|
||||
algorithm = DST_ALG_UNKNOWN;
|
||||
secret.rstart = NULL;
|
||||
text = NULL;
|
||||
@@ -458,8 +460,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
@@ -462,8 +464,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
* Establish nonce.
|
||||
*/
|
||||
if (conn->nonce == 0) {
|
||||
@ -223,7 +223,7 @@ index d955c2f..40621f2 100644
|
||||
} else
|
||||
eresult = ns_control_docommand(request, listener->readonly, &text);
|
||||
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
|
||||
index 3f96b7b..c92922e 100644
|
||||
index 4fd0194..0ba2627 100644
|
||||
--- a/bin/named/include/named/server.h
|
||||
+++ b/bin/named/include/named/server.h
|
||||
@@ -20,6 +20,7 @@
|
||||
@ -234,7 +234,7 @@ index 3f96b7b..c92922e 100644
|
||||
#include <isc/sockaddr.h>
|
||||
#include <isc/types.h>
|
||||
#include <isc/xml.h>
|
||||
@@ -134,6 +135,7 @@ struct ns_server {
|
||||
@@ -135,6 +136,7 @@ struct ns_server {
|
||||
char * lockfile;
|
||||
|
||||
uint16_t transfer_tcp_message_size;
|
||||
@ -243,7 +243,7 @@ index 3f96b7b..c92922e 100644
|
||||
|
||||
struct ns_altsecret {
|
||||
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
|
||||
index 9dea7c1..272d300 100644
|
||||
index 93aac31..e12fad9 100644
|
||||
--- a/bin/named/interfacemgr.c
|
||||
+++ b/bin/named/interfacemgr.c
|
||||
@@ -17,6 +17,7 @@
|
||||
@ -255,22 +255,22 @@ index 9dea7c1..272d300 100644
|
||||
#include <isc/task.h>
|
||||
#include <isc/util.h>
|
||||
diff --git a/bin/named/query.c b/bin/named/query.c
|
||||
index 203f1e6..25eeced 100644
|
||||
index 58b5914..edf42d2 100644
|
||||
--- a/bin/named/query.c
|
||||
+++ b/bin/named/query.c
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <isc/hex.h>
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <isc/mem.h>
|
||||
#include <isc/platform.h>
|
||||
#include <isc/print.h>
|
||||
+#include <isc/random.h>
|
||||
#include <isc/rwlock.h>
|
||||
#include <isc/serial.h>
|
||||
#include <isc/stats.h>
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index 7b3b736..4aaa92f 100644
|
||||
index b2ae57c..cca7fe8 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -8234,21 +8234,32 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8279,21 +8279,32 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
* Open the source of entropy.
|
||||
*/
|
||||
if (first_time) {
|
||||
@ -312,7 +312,7 @@ index 7b3b736..4aaa92f 100644
|
||||
#ifdef PATH_RANDOMDEV
|
||||
if (ns_g_fallbackentropy != NULL) {
|
||||
level = ISC_LOG_INFO;
|
||||
@@ -8259,8 +8270,8 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8304,8 +8315,8 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_SERVER,
|
||||
level,
|
||||
@ -323,7 +323,7 @@ index 7b3b736..4aaa92f 100644
|
||||
randomdev,
|
||||
isc_result_totext(result));
|
||||
}
|
||||
@@ -8280,7 +8291,6 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8325,7 +8336,6 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
}
|
||||
isc_entropy_detach(&ns_g_fallbackentropy);
|
||||
}
|
||||
@ -331,7 +331,7 @@ index 7b3b736..4aaa92f 100644
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -9049,6 +9059,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
@@ -9097,6 +9107,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
server->in_roothints = NULL;
|
||||
server->blackholeacl = NULL;
|
||||
server->keepresporder = NULL;
|
||||
@ -339,7 +339,7 @@ index 7b3b736..4aaa92f 100644
|
||||
|
||||
/* Must be first. */
|
||||
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
|
||||
@@ -9075,6 +9086,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
@@ -9123,6 +9134,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
|
||||
&server->tkeyctx),
|
||||
"creating TKEY context");
|
||||
@ -349,7 +349,7 @@ index 7b3b736..4aaa92f 100644
|
||||
|
||||
/*
|
||||
* Setup the server task, which is responsible for coordinating
|
||||
@@ -9281,7 +9295,8 @@ ns_server_destroy(ns_server_t **serverp) {
|
||||
@@ -9329,7 +9343,8 @@ ns_server_destroy(ns_server_t **serverp) {
|
||||
|
||||
if (server->zonemgr != NULL)
|
||||
dns_zonemgr_detach(&server->zonemgr);
|
||||
@ -359,7 +359,7 @@ index 7b3b736..4aaa92f 100644
|
||||
if (server->tkeyctx != NULL)
|
||||
dns_tkeyctx_destroy(&server->tkeyctx);
|
||||
|
||||
@@ -13316,10 +13331,10 @@ newzone_cfgctx_destroy(void **cfgp) {
|
||||
@@ -13366,10 +13381,10 @@ newzone_cfgctx_destroy(void **cfgp) {
|
||||
|
||||
static isc_result_t
|
||||
generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
@ -372,7 +372,7 @@ index 7b3b736..4aaa92f 100644
|
||||
} rnd;
|
||||
unsigned char text[512 + 1];
|
||||
isc_region_t r;
|
||||
@@ -13329,9 +13344,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
@@ -13379,9 +13394,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
if (saltlen > 256U)
|
||||
return (ISC_R_RANGE);
|
||||
|
||||
@ -387,10 +387,10 @@ index 7b3b736..4aaa92f 100644
|
||||
memmove(salt, rnd.rnd, saltlen);
|
||||
|
||||
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
|
||||
index 2436731..6f59456 100644
|
||||
index 7f15cbc..458aa76 100644
|
||||
--- a/bin/nsupdate/nsupdate.c
|
||||
+++ b/bin/nsupdate/nsupdate.c
|
||||
@@ -284,9 +284,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@@ -289,9 +289,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
}
|
||||
|
||||
#ifdef ISC_PLATFORM_CRYPTORANDOM
|
||||
@ -402,7 +402,7 @@ index 2436731..6f59456 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
|
||||
index f0a6ff2..55064f6 100644
|
||||
index 95b65bf..7a81d4e 100644
|
||||
--- a/bin/tests/system/pipelined/pipequeries.c
|
||||
+++ b/bin/tests/system/pipelined/pipequeries.c
|
||||
@@ -280,9 +280,7 @@ main(int argc, char *argv[]) {
|
||||
@ -417,7 +417,7 @@ index f0a6ff2..55064f6 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
|
||||
index fe8698e..937fcc3 100644
|
||||
index 3236968..4fa77b6 100644
|
||||
--- a/bin/tests/system/tkey/keycreate.c
|
||||
+++ b/bin/tests/system/tkey/keycreate.c
|
||||
@@ -255,9 +255,7 @@ main(int argc, char *argv[]) {
|
||||
@ -432,7 +432,7 @@ index fe8698e..937fcc3 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
|
||||
index 2146f9b..64b8e74 100644
|
||||
index 43fb6b0..105e151 100644
|
||||
--- a/bin/tests/system/tkey/keydelete.c
|
||||
+++ b/bin/tests/system/tkey/keydelete.c
|
||||
@@ -171,6 +171,7 @@ main(int argc, char **argv) {
|
||||
@ -455,7 +455,7 @@ index 2146f9b..64b8e74 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
|
||||
index 1da0565..7eef5b2 100644
|
||||
index ca98726..1f9df2c 100644
|
||||
--- a/doc/arm/Bv9ARM-book.xml
|
||||
+++ b/doc/arm/Bv9ARM-book.xml
|
||||
@@ -5034,22 +5034,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
@ -569,10 +569,10 @@ index 0000000..89a4961
|
||||
+</section>
|
||||
+
|
||||
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
|
||||
index adffaa0..2ffe344 100644
|
||||
index a5e42c0..f8cb1f9 100644
|
||||
--- a/doc/arm/notes.xml
|
||||
+++ b/doc/arm/notes.xml
|
||||
@@ -45,6 +45,7 @@
|
||||
@@ -47,6 +47,7 @@
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/>
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/>
|
||||
|
||||
@ -581,7 +581,7 @@ index adffaa0..2ffe344 100644
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-thankyou.xml"/>
|
||||
</section>
|
||||
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
|
||||
index 1eccbe7..1933993 100644
|
||||
index aa54afc..2156384 100644
|
||||
--- a/lib/dns/dst_api.c
|
||||
+++ b/lib/dns/dst_api.c
|
||||
@@ -2017,10 +2017,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
|
||||
@ -599,7 +599,7 @@ index 1eccbe7..1933993 100644
|
||||
}
|
||||
|
||||
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
|
||||
index 6813c96..665574d 100644
|
||||
index 3aba028..180c841 100644
|
||||
--- a/lib/dns/include/dst/dst.h
|
||||
+++ b/lib/dns/include/dst/dst.h
|
||||
@@ -163,8 +163,18 @@ isc_result_t
|
||||
@ -624,7 +624,7 @@ index 6813c96..665574d 100644
|
||||
|
||||
bool
|
||||
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
|
||||
index ffe0a69..5e48686 100644
|
||||
index 3f4f822..cfdc757 100644
|
||||
--- a/lib/dns/openssl_link.c
|
||||
+++ b/lib/dns/openssl_link.c
|
||||
@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) {
|
||||
@ -638,7 +638,7 @@ index ffe0a69..5e48686 100644
|
||||
#ifndef DONT_REQUIRE_DST_LIB_INIT
|
||||
INSIST(dst__memory_pool != NULL);
|
||||
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
|
||||
index c40a18c..c7cb17d 100644
|
||||
index f32c9dc..bed276b 100644
|
||||
--- a/lib/isc/include/isc/entropy.h
|
||||
+++ b/lib/isc/include/isc/entropy.h
|
||||
@@ -189,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
|
||||
@ -718,26 +718,21 @@ index c40a18c..c7cb17d 100644
|
||||
|
||||
ISC_LANG_ENDDECLS
|
||||
diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
|
||||
index f8aed34..17c551b 100644
|
||||
index f38e80d..3cb1c56 100644
|
||||
--- a/lib/isc/include/isc/random.h
|
||||
+++ b/lib/isc/include/isc/random.h
|
||||
@@ -9,8 +9,6 @@
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
-/* $Id: random.h,v 1.20 2009/01/17 23:47:43 tbox Exp $ */
|
||||
-
|
||||
#ifndef ISC_RANDOM_H
|
||||
#define ISC_RANDOM_H 1
|
||||
|
||||
@@ -21,13 +19,23 @@
|
||||
@@ -19,13 +19,23 @@
|
||||
#include <isc/mutex.h>
|
||||
|
||||
/*! \file isc/random.h
|
||||
- * \brief Implements a random state pool which will let the caller return a
|
||||
- * series of possibly non-reproducible random values.
|
||||
+ * \brief Implements pseudo random number generators.
|
||||
+ *
|
||||
*
|
||||
- * Note that the
|
||||
- * strength of these numbers is not all that high, and should not be
|
||||
- * used in cryptography functions. It is useful for jittering values
|
||||
- * a bit here and there, such as timeouts, etc.
|
||||
+ * Two pseudo-random number generators are implemented, in isc_random_*
|
||||
+ * and isc_rng_*. Neither one is very strong; they should not be used
|
||||
+ * in cryptography functions.
|
||||
@ -747,11 +742,7 @@ index f8aed34..17c551b 100644
|
||||
+ * It is useful for jittering values a bit here and there, such as
|
||||
+ * timeouts, etc, but should not be relied upon to generate
|
||||
+ * unpredictable sequences (for example, when choosing transaction IDs).
|
||||
*
|
||||
- * Note that the
|
||||
- * strength of these numbers is not all that high, and should not be
|
||||
- * used in cryptography functions. It is useful for jittering values
|
||||
- * a bit here and there, such as timeouts, etc.
|
||||
+ *
|
||||
+ * isc_rng_* is based on ChaCha20, and is seeded and stirred from the
|
||||
+ * system entropy source. It is stronger than isc_random_* and can
|
||||
+ * be used for generating unpredictable sequences. It is still not as
|
||||
@ -760,7 +751,7 @@ index f8aed34..17c551b 100644
|
||||
*/
|
||||
|
||||
ISC_LANG_BEGINDECLS
|
||||
@@ -115,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
|
||||
@@ -113,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
|
||||
uint16_t
|
||||
isc_rng_uniformrandom(isc_rng_t *rngctx, uint16_t upper_bound);
|
||||
/*%<
|
||||
@ -772,7 +763,7 @@ index f8aed34..17c551b 100644
|
||||
|
||||
ISC_LANG_ENDDECLS
|
||||
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
|
||||
index 1c45d5c..91693b5 100644
|
||||
index e74c93b..212194e 100644
|
||||
--- a/lib/isccfg/namedconf.c
|
||||
+++ b/lib/isccfg/namedconf.c
|
||||
@@ -1109,7 +1109,7 @@ options_clauses[] = {
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 5400119bfb19243b37e4f4f27baad4f610fff8da Mon Sep 17 00:00:00 2001
|
||||
From 95b25d45662f4fad39cbc9ddbc3b4bcdae0a04ec Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 7 Nov 2019 14:31:03 +0100
|
||||
Subject: [PATCH] Implement serve-stale in 9.11
|
||||
@ -276,7 +276,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
|
||||
create mode 100755 bin/tests/system/serve-stale/tests.sh
|
||||
|
||||
diff --git a/bin/named/config.c b/bin/named/config.c
|
||||
index ff868b8..f23bed1 100644
|
||||
index 5e663c6..560ef04 100644
|
||||
--- a/bin/named/config.c
|
||||
+++ b/bin/named/config.c
|
||||
@@ -182,13 +182,14 @@ options {\n\
|
||||
@ -312,7 +312,7 @@ index ff868b8..f23bed1 100644
|
||||
transfer-format many-answers;\n\
|
||||
v6-bias 50;\n\
|
||||
diff --git a/bin/named/control.c b/bin/named/control.c
|
||||
index df23c26..8b79850 100644
|
||||
index 23620b4..0756c73 100644
|
||||
--- a/bin/named/control.c
|
||||
+++ b/bin/named/control.c
|
||||
@@ -282,6 +282,8 @@ ns_control_docommand(isccc_sexpr_t *message, bool readonly,
|
||||
@ -325,10 +325,10 @@ index df23c26..8b79850 100644
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
|
||||
diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h
|
||||
index 8705fdd..1634154 100644
|
||||
index 56bad8d..37403f1 100644
|
||||
--- a/bin/named/include/named/control.h
|
||||
+++ b/bin/named/include/named/control.h
|
||||
@@ -69,6 +69,7 @@
|
||||
@@ -67,6 +67,7 @@
|
||||
#define NS_COMMAND_MKEYS "managed-keys"
|
||||
#define NS_COMMAND_DNSTAPREOPEN "dnstap-reopen"
|
||||
#define NS_COMMAND_DNSTAP "dnstap"
|
||||
@ -337,10 +337,10 @@ index 8705fdd..1634154 100644
|
||||
isc_result_t
|
||||
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
|
||||
diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h
|
||||
index 56bfcd4..cd8db60 100644
|
||||
index 76e3a51..0d1d985 100644
|
||||
--- a/bin/named/include/named/log.h
|
||||
+++ b/bin/named/include/named/log.h
|
||||
@@ -32,6 +32,7 @@
|
||||
@@ -30,6 +30,7 @@
|
||||
#define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6])
|
||||
#define NS_LOGCATEGORY_QUERY_ERRORS (&ns_g_categories[7])
|
||||
#define NS_LOGCATEGORY_TAT (&ns_g_categories[8])
|
||||
@ -349,7 +349,7 @@ index 56bfcd4..cd8db60 100644
|
||||
/*
|
||||
* Backwards compatibility.
|
||||
diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
|
||||
index 9661f56..445b578 100644
|
||||
index ef1b172..53c052b 100644
|
||||
--- a/bin/named/include/named/query.h
|
||||
+++ b/bin/named/include/named/query.h
|
||||
@@ -35,6 +35,18 @@ typedef struct ns_dbversion {
|
||||
@ -389,10 +389,10 @@ index 9661f56..445b578 100644
|
||||
bool root_key_sentinel_is_ta;
|
||||
bool root_key_sentinel_not_ta;
|
||||
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
|
||||
index c92922e..588bf2d 100644
|
||||
index 0ba2627..08a02dc 100644
|
||||
--- a/bin/named/include/named/server.h
|
||||
+++ b/bin/named/include/named/server.h
|
||||
@@ -226,7 +226,10 @@ enum {
|
||||
@@ -227,7 +227,10 @@ enum {
|
||||
|
||||
dns_nsstatscounter_reclimitdropped = 58,
|
||||
|
||||
@ -404,7 +404,7 @@ index c92922e..588bf2d 100644
|
||||
};
|
||||
|
||||
/*%
|
||||
@@ -765,4 +768,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
|
||||
@@ -766,4 +769,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
|
||||
isc_result_t
|
||||
ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
|
||||
|
||||
@ -418,7 +418,7 @@ index c92922e..588bf2d 100644
|
||||
+ isc_buffer_t **text);
|
||||
#endif /* NAMED_SERVER_H */
|
||||
diff --git a/bin/named/log.c b/bin/named/log.c
|
||||
index 3aa25e9..12f178b 100644
|
||||
index acfa766..ea6f114 100644
|
||||
--- a/bin/named/log.c
|
||||
+++ b/bin/named/log.c
|
||||
@@ -38,6 +38,7 @@ static isc_logcategory_t categories[] = {
|
||||
@ -430,10 +430,10 @@ index 3aa25e9..12f178b 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/named/query.c b/bin/named/query.c
|
||||
index 25eeced..162e4ea 100644
|
||||
index edf42d2..89cc574 100644
|
||||
--- a/bin/named/query.c
|
||||
+++ b/bin/named/query.c
|
||||
@@ -125,10 +125,14 @@
|
||||
@@ -149,10 +149,14 @@ last_cmpxchg(isc_stdtime_t *x, isc_stdtime_t *e, isc_stdtime_t r) {
|
||||
#define REDIRECT(c) (((c)->query.attributes & \
|
||||
NS_QUERYATTR_REDIRECT) != 0)
|
||||
|
||||
@ -449,7 +449,7 @@ index 25eeced..162e4ea 100644
|
||||
#ifdef WANT_QUERYTRACE
|
||||
static inline void
|
||||
client_trace(ns_client_t *client, int level, const char *message) {
|
||||
@@ -217,6 +221,10 @@ static bool
|
||||
@@ -241,6 +245,10 @@ static bool
|
||||
rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
|
||||
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
|
||||
|
||||
@ -460,7 +460,7 @@ index 25eeced..162e4ea 100644
|
||||
/*%
|
||||
* Increment query statistics counters.
|
||||
*/
|
||||
@@ -470,6 +478,7 @@ query_reset(ns_client_t *client, bool everything) {
|
||||
@@ -494,6 +502,7 @@ query_reset(ns_client_t *client, bool everything) {
|
||||
client->query.isreferral = false;
|
||||
client->query.dns64_options = 0;
|
||||
client->query.dns64_ttl = UINT32_MAX;
|
||||
@ -468,8 +468,8 @@ index 25eeced..162e4ea 100644
|
||||
client->query.root_key_sentinel_keyid = 0;
|
||||
client->query.root_key_sentinel_is_ta = false;
|
||||
client->query.root_key_sentinel_not_ta = false;
|
||||
@@ -4254,6 +4263,54 @@ query_prefetch(ns_client_t *client, dns_name_t *qname,
|
||||
dns_rdataset_clearprefetch(rdataset);
|
||||
@@ -4305,6 +4314,54 @@ log_quota(ns_client_t *client, isc_stdtime_t *last, isc_stdtime_t now,
|
||||
}
|
||||
}
|
||||
|
||||
+/*%
|
||||
@ -523,7 +523,7 @@ index 25eeced..162e4ea 100644
|
||||
static isc_result_t
|
||||
query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
dns_name_t *qdomain, dns_rdataset_t *nameservers,
|
||||
@@ -4263,6 +4320,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
@@ -4314,6 +4371,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
dns_rdataset_t *rdataset, *sigrdataset;
|
||||
isc_sockaddr_t *peeraddr;
|
||||
|
||||
@ -543,7 +543,7 @@ index 25eeced..162e4ea 100644
|
||||
if (!resuming)
|
||||
inc_stats(client, dns_nsstatscounter_recursion);
|
||||
|
||||
@@ -6780,6 +6850,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -6821,6 +6891,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
int line = -1;
|
||||
bool dns64_exclude, dns64, rpz;
|
||||
bool nxrewrite = false;
|
||||
@ -551,7 +551,7 @@ index 25eeced..162e4ea 100644
|
||||
bool redirected = false;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
@@ -7089,6 +7160,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7130,6 +7201,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
type = qtype;
|
||||
|
||||
restart:
|
||||
@ -559,7 +559,7 @@ index 25eeced..162e4ea 100644
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: restart");
|
||||
want_restart = false;
|
||||
authoritative = false;
|
||||
@@ -7233,6 +7305,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7274,6 +7346,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
}
|
||||
|
||||
db_find:
|
||||
@ -567,7 +567,7 @@ index 25eeced..162e4ea 100644
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: db_find");
|
||||
/*
|
||||
* We'll need some resources...
|
||||
@@ -7290,6 +7363,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7331,6 +7404,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
if (!is_zone)
|
||||
dns_cache_updatestats(client->view->cache, result);
|
||||
|
||||
@ -603,7 +603,7 @@ index 25eeced..162e4ea 100644
|
||||
resume:
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: resume");
|
||||
|
||||
@@ -7635,6 +7737,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7676,6 +7778,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
* The cache doesn't even have the root NS. Get them from
|
||||
* the hints DB.
|
||||
*/
|
||||
@ -611,7 +611,7 @@ index 25eeced..162e4ea 100644
|
||||
INSIST(!is_zone);
|
||||
if (db != NULL)
|
||||
dns_db_detach(&db);
|
||||
@@ -7697,12 +7800,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7738,12 +7841,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
*/
|
||||
/* FALLTHROUGH */
|
||||
case DNS_R_DELEGATION:
|
||||
@ -626,7 +626,7 @@ index 25eeced..162e4ea 100644
|
||||
if (!RECURSIONOK(client) &&
|
||||
(options & DNS_GETDB_NOEXACT) != 0 &&
|
||||
qtype == dns_rdatatype_ds) {
|
||||
@@ -8089,6 +8194,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8130,6 +8235,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
false, true);
|
||||
}
|
||||
}
|
||||
@ -634,7 +634,7 @@ index 25eeced..162e4ea 100644
|
||||
if (dns_rdataset_isassociated(rdataset)) {
|
||||
/*
|
||||
* If we've got a NSEC record, we need to save the
|
||||
@@ -8409,7 +8515,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8450,7 +8556,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
@ -644,7 +644,7 @@ index 25eeced..162e4ea 100644
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
@@ -8627,7 +8734,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8668,7 +8775,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
"query_find: unexpected error after resuming: %s",
|
||||
isc_result_totext(result));
|
||||
CTRACE(ISC_LOG_ERROR, errmsg);
|
||||
@ -657,7 +657,7 @@ index 25eeced..162e4ea 100644
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -8883,7 +8994,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8924,7 +9035,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
@ -666,7 +666,7 @@ index 25eeced..162e4ea 100644
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
@@ -8894,6 +9005,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8935,6 +9046,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
if (node != NULL)
|
||||
dns_db_detachnode(db, &node);
|
||||
|
||||
@ -674,7 +674,7 @@ index 25eeced..162e4ea 100644
|
||||
INSIST(!REDIRECT(client));
|
||||
result = query_recurse(client, qtype,
|
||||
client->query.qname,
|
||||
@@ -9174,6 +9286,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -9215,6 +9327,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
dns_fixedname_name(&wildcardname),
|
||||
true, false);
|
||||
cleanup:
|
||||
@ -682,7 +682,7 @@ index 25eeced..162e4ea 100644
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: cleanup");
|
||||
/*
|
||||
* General cleanup.
|
||||
@@ -9230,6 +9343,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -9271,6 +9384,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
goto restart;
|
||||
}
|
||||
|
||||
@ -733,7 +733,7 @@ index 25eeced..162e4ea 100644
|
||||
(!PARTIALANSWER(client) || WANTRECURSION(client)
|
||||
|| eresult == DNS_R_DROP)) {
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index 1cbb9a0..0c899ba 100644
|
||||
index 2bdf690..3a5ba91 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -1720,7 +1720,8 @@ static bool
|
||||
@ -843,7 +843,7 @@ index 1cbb9a0..0c899ba 100644
|
||||
/*
|
||||
* Set supported DNSSEC algorithms.
|
||||
*/
|
||||
@@ -14509,3 +14553,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
|
||||
@@ -14559,3 +14603,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
|
||||
return (ISC_R_NOTIMPLEMENTED);
|
||||
#endif
|
||||
}
|
||||
@ -977,7 +977,7 @@ index 1cbb9a0..0c899ba 100644
|
||||
+ return (result);
|
||||
+}
|
||||
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
|
||||
index 4b8d972..8c68737 100644
|
||||
index 12ab048..4938c03 100644
|
||||
--- a/bin/named/statschannel.c
|
||||
+++ b/bin/named/statschannel.c
|
||||
@@ -300,6 +300,12 @@ init_desc(void) {
|
||||
@ -994,7 +994,7 @@ index 4b8d972..8c68737 100644
|
||||
|
||||
/* Initialize resolver statistics */
|
||||
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
|
||||
index 1b48861..f50635b 100644
|
||||
index 0acfe3a..2c21c1d 100644
|
||||
--- a/bin/rndc/rndc.c
|
||||
+++ b/bin/rndc/rndc.c
|
||||
@@ -160,6 +160,8 @@ command is one of the following:\n\
|
||||
@ -1007,7 +1007,7 @@ index 1b48861..f50635b 100644
|
||||
Print a zone's configuration.\n\
|
||||
sign zone [class [view]]\n\
|
||||
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
|
||||
index e14a17e..eaf32d3 100644
|
||||
index 1e3812e..c7fe65f 100644
|
||||
--- a/bin/rndc/rndc.docbook
|
||||
+++ b/bin/rndc/rndc.docbook
|
||||
@@ -689,6 +689,25 @@
|
||||
@ -1037,7 +1037,7 @@ index e14a17e..eaf32d3 100644
|
||||
<term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
|
||||
<listitem>
|
||||
diff --git a/bin/tests/system/chain/prereq.sh b/bin/tests/system/chain/prereq.sh
|
||||
index f3f1939..9ff3f07 100644
|
||||
index 23bedcd..43385de 100644
|
||||
--- a/bin/tests/system/chain/prereq.sh
|
||||
+++ b/bin/tests/system/chain/prereq.sh
|
||||
@@ -48,3 +48,10 @@ else
|
||||
@ -1052,7 +1052,7 @@ index f3f1939..9ff3f07 100644
|
||||
+ exit 1
|
||||
+fi
|
||||
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
||||
index 4c122c8..a2eb833 100644
|
||||
index c59cfaf..2b3de5f 100644
|
||||
--- a/bin/tests/system/conf.sh.in
|
||||
+++ b/bin/tests/system/conf.sh.in
|
||||
@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \
|
||||
@ -2039,7 +2039,7 @@ index 0000000..201c996
|
||||
+echo "I:exit status: $status"
|
||||
+[ $status -eq 0 ] || exit 1
|
||||
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
|
||||
index 7eef5b2..b16b239 100644
|
||||
index 1f9df2c..78e75ce 100644
|
||||
--- a/doc/arm/Bv9ARM-book.xml
|
||||
+++ b/doc/arm/Bv9ARM-book.xml
|
||||
@@ -4336,6 +4336,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
@ -2140,7 +2140,7 @@ index 7eef5b2..b16b239 100644
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@@ -8928,6 +8968,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
@@ -9015,6 +9055,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2169,7 +2169,7 @@ index 7eef5b2..b16b239 100644
|
||||
<term><command>min-roots</command></term>
|
||||
<listitem>
|
||||
diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml
|
||||
index e41bd3b..2f505c8 100644
|
||||
index f0776fe..c4b903a 100644
|
||||
--- a/doc/arm/logging-categories.xml
|
||||
+++ b/doc/arm/logging-categories.xml
|
||||
@@ -311,6 +311,17 @@
|
||||
@ -2281,7 +2281,7 @@ index e11beed..fde93c7 100644
|
||||
topology { <address_match_element>; ... }; // not implemented
|
||||
transfer-format ( many-answers | one-answer );
|
||||
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
|
||||
index eaac5ba..a89d78f 100644
|
||||
index bf769fe..6c57fa4 100644
|
||||
--- a/lib/bind9/check.c
|
||||
+++ b/lib/bind9/check.c
|
||||
@@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
|
||||
@ -2525,7 +2525,7 @@ index eaac5ba..a89d78f 100644
|
||||
}
|
||||
|
||||
diff --git a/lib/dns/cache.c b/lib/dns/cache.c
|
||||
index 4701ff8..97e427a 100644
|
||||
index 2965a4f..617737a 100644
|
||||
--- a/lib/dns/cache.c
|
||||
+++ b/lib/dns/cache.c
|
||||
@@ -138,6 +138,7 @@ struct dns_cache {
|
||||
@ -2595,7 +2595,7 @@ index 4701ff8..97e427a 100644
|
||||
* The cleaner task is shutting down; do the necessary cleanup.
|
||||
*/
|
||||
diff --git a/lib/dns/db.c b/lib/dns/db.c
|
||||
index ee3e00d..576aa65 100644
|
||||
index a28a566..c581646 100644
|
||||
--- a/lib/dns/db.c
|
||||
+++ b/lib/dns/db.c
|
||||
@@ -1130,3 +1130,25 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
|
||||
@ -2625,7 +2625,7 @@ index ee3e00d..576aa65 100644
|
||||
+ return (ISC_R_NOTIMPLEMENTED);
|
||||
+}
|
||||
diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c
|
||||
index 47994ea..23bfe7d 100644
|
||||
index fc94ccf..76d0417 100644
|
||||
--- a/lib/dns/ecdb.c
|
||||
+++ b/lib/dns/ecdb.c
|
||||
@@ -588,7 +588,9 @@ static dns_dbmethods_t ecdb_methods = {
|
||||
@ -2640,7 +2640,7 @@ index 47994ea..23bfe7d 100644
|
||||
|
||||
static isc_result_t
|
||||
diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h
|
||||
index 62797db..714b78e 100644
|
||||
index ab4b0b5..e158014 100644
|
||||
--- a/lib/dns/include/dns/cache.h
|
||||
+++ b/lib/dns/include/dns/cache.h
|
||||
@@ -260,6 +260,27 @@ dns_cache_getcachesize(dns_cache_t *cache);
|
||||
@ -2672,7 +2672,7 @@ index 62797db..714b78e 100644
|
||||
dns_cache_flush(dns_cache_t *cache);
|
||||
/*%<
|
||||
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
|
||||
index 6f0eed0..e3917f2 100644
|
||||
index 96f3a8f..452770f 100644
|
||||
--- a/lib/dns/include/dns/db.h
|
||||
+++ b/lib/dns/include/dns/db.h
|
||||
@@ -195,6 +195,8 @@ typedef struct dns_dbmethods {
|
||||
@ -2732,7 +2732,7 @@ index 6f0eed0..e3917f2 100644
|
||||
|
||||
#endif /* DNS_DB_H */
|
||||
diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h
|
||||
index 5295d8e..97071ed 100644
|
||||
index ed9119a..710e97c 100644
|
||||
--- a/lib/dns/include/dns/rdataset.h
|
||||
+++ b/lib/dns/include/dns/rdataset.h
|
||||
@@ -128,6 +128,7 @@ struct dns_rdataset {
|
||||
@ -2786,7 +2786,7 @@ index 5295d8e..97071ed 100644
|
||||
/*%
|
||||
* _OMITDNSSEC:
|
||||
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
|
||||
index 0b66c75..4b4b6bd 100644
|
||||
index 7b3c047..bd7d225 100644
|
||||
--- a/lib/dns/include/dns/resolver.h
|
||||
+++ b/lib/dns/include/dns/resolver.h
|
||||
@@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name);
|
||||
@ -2855,12 +2855,12 @@ index 0b66c75..4b4b6bd 100644
|
||||
dns_resolver_getoptions(dns_resolver_t *resolver);
|
||||
|
||||
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
|
||||
index 567e8a8..7bf2b60 100644
|
||||
index 2468e3c..934a641 100644
|
||||
--- a/lib/dns/include/dns/types.h
|
||||
+++ b/lib/dns/include/dns/types.h
|
||||
@@ -385,6 +385,12 @@ typedef enum {
|
||||
dns_updatemethod_date
|
||||
} dns_updatemethod_t;
|
||||
@@ -390,6 +390,12 @@ typedef struct {
|
||||
size_t count;
|
||||
} dns_indent_t;
|
||||
|
||||
+typedef enum {
|
||||
+ dns_stale_answer_no,
|
||||
@ -2872,7 +2872,7 @@ index 567e8a8..7bf2b60 100644
|
||||
* Functions.
|
||||
*/
|
||||
diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
|
||||
index 09a9725..8e3b3cb 100644
|
||||
index 53f1db1..96148c7 100644
|
||||
--- a/lib/dns/include/dns/view.h
|
||||
+++ b/lib/dns/include/dns/view.h
|
||||
@@ -229,6 +229,9 @@ struct dns_view {
|
||||
@ -2886,7 +2886,7 @@ index 09a9725..8e3b3cb 100644
|
||||
|
||||
#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')
|
||||
diff --git a/lib/dns/master.c b/lib/dns/master.c
|
||||
index 8edd732..8c9f00e 100644
|
||||
index 7d26b81..36999b5 100644
|
||||
--- a/lib/dns/master.c
|
||||
+++ b/lib/dns/master.c
|
||||
@@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) {
|
||||
@ -2913,7 +2913,7 @@ index 8edd732..8c9f00e 100644
|
||||
|
||||
/*
|
||||
diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c
|
||||
index 13d1a3e..873b694 100644
|
||||
index fa839a0..91b3cab 100644
|
||||
--- a/lib/dns/masterdump.c
|
||||
+++ b/lib/dns/masterdump.c
|
||||
@@ -81,6 +81,9 @@ struct dns_master_style {
|
||||
@ -2982,10 +2982,10 @@ index 13d1a3e..873b694 100644
|
||||
RUNTIME_CHECK(result == ISC_R_SUCCESS);
|
||||
isc_buffer_usedregion(&buffer, &r);
|
||||
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
|
||||
index baf7641..a8f4609 100644
|
||||
index 3b75cad..535202b 100644
|
||||
--- a/lib/dns/rbtdb.c
|
||||
+++ b/lib/dns/rbtdb.c
|
||||
@@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
|
||||
@@ -511,6 +511,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
|
||||
typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
|
||||
|
||||
#define RDATASET_ATTR_NONEXISTENT 0x0001
|
||||
@ -2993,7 +2993,7 @@ index baf7641..a8f4609 100644
|
||||
#define RDATASET_ATTR_STALE 0x0002
|
||||
#define RDATASET_ATTR_IGNORE 0x0004
|
||||
#define RDATASET_ATTR_RETAIN 0x0008
|
||||
@@ -502,6 +503,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
|
||||
@@ -523,6 +524,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
|
||||
#define RDATASET_ATTR_CASESET 0x0400
|
||||
#define RDATASET_ATTR_ZEROTTL 0x0800
|
||||
#define RDATASET_ATTR_CASEFULLYLOWER 0x1000
|
||||
@ -3002,7 +3002,7 @@ index baf7641..a8f4609 100644
|
||||
|
||||
typedef struct acache_cbarg {
|
||||
dns_rdatasetadditional_t type;
|
||||
@@ -552,6 +555,8 @@ struct acachectl {
|
||||
@@ -573,6 +576,8 @@ struct acachectl {
|
||||
(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
|
||||
#define CASEFULLYLOWER(header) \
|
||||
(((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0)
|
||||
@ -3011,7 +3011,7 @@ index baf7641..a8f4609 100644
|
||||
|
||||
|
||||
#define ACTIVE(header, now) \
|
||||
@@ -611,6 +616,12 @@ typedef enum {
|
||||
@@ -632,6 +637,12 @@ typedef enum {
|
||||
expire_flush
|
||||
} expire_t;
|
||||
|
||||
@ -3024,7 +3024,7 @@ index baf7641..a8f4609 100644
|
||||
typedef struct rbtdb_version {
|
||||
/* Not locked */
|
||||
rbtdb_serial_t serial;
|
||||
@@ -678,6 +689,12 @@ struct dns_rbtdb {
|
||||
@@ -699,6 +710,12 @@ struct dns_rbtdb {
|
||||
dns_dbnode_t *soanode;
|
||||
dns_dbnode_t *nsnode;
|
||||
|
||||
@ -3037,7 +3037,7 @@ index baf7641..a8f4609 100644
|
||||
/*
|
||||
* This is a linked list used to implement the LRU cache. There will
|
||||
* be node_lock_count linked lists here. Nodes in bucket 1 will be
|
||||
@@ -721,6 +738,8 @@ struct dns_rbtdb {
|
||||
@@ -742,6 +759,8 @@ struct dns_rbtdb {
|
||||
#define RBTDB_ATTR_LOADED 0x01
|
||||
#define RBTDB_ATTR_LOADING 0x02
|
||||
|
||||
@ -3046,7 +3046,7 @@ index baf7641..a8f4609 100644
|
||||
/*%
|
||||
* Search Context
|
||||
*/
|
||||
@@ -1791,15 +1810,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
|
||||
@@ -1816,15 +1835,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
|
||||
}
|
||||
|
||||
static inline void
|
||||
@ -3066,7 +3066,7 @@ index baf7641..a8f4609 100644
|
||||
header->node->dirty = 1;
|
||||
|
||||
/*
|
||||
@@ -1840,8 +1859,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
@@ -1865,8 +1884,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
/*
|
||||
* If current is nonexistent or stale, we can clean it up.
|
||||
*/
|
||||
@ -3077,7 +3077,7 @@ index baf7641..a8f4609 100644
|
||||
if (top_prev != NULL)
|
||||
top_prev->next = current->next;
|
||||
else
|
||||
@@ -2086,6 +2105,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
@@ -2111,6 +2130,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -3158,7 +3158,7 @@ index baf7641..a8f4609 100644
|
||||
/*
|
||||
* Caller must be holding the node lock.
|
||||
*/
|
||||
@@ -3318,6 +3411,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
@@ -3343,6 +3436,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
rdataset->attributes |= DNS_RDATASETATTR_OPTOUT;
|
||||
if (PREFETCH(header))
|
||||
rdataset->attributes |= DNS_RDATASETATTR_PREFETCH;
|
||||
@ -3171,7 +3171,7 @@ index baf7641..a8f4609 100644
|
||||
rdataset->private1 = rbtdb;
|
||||
rdataset->private2 = node;
|
||||
raw = (unsigned char *)header + sizeof(*header);
|
||||
@@ -4674,6 +4773,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
@@ -4699,6 +4798,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
#endif
|
||||
|
||||
if (!ACTIVE(header, search->now)) {
|
||||
@ -3191,7 +3191,7 @@ index baf7641..a8f4609 100644
|
||||
/*
|
||||
* This rdataset is stale. If no one else is using the
|
||||
* node, we can clean it up right now, otherwise we mark
|
||||
@@ -4713,7 +4825,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
@@ -4738,7 +4850,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
node->data = header->next;
|
||||
free_rdataset(search->rbtdb, mctx, header);
|
||||
} else {
|
||||
@ -3200,7 +3200,7 @@ index baf7641..a8f4609 100644
|
||||
*header_prev = header;
|
||||
}
|
||||
} else
|
||||
@@ -5154,7 +5266,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
|
||||
@@ -5179,7 +5291,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
|
||||
&locktype, lock, &search,
|
||||
&header_prev)) {
|
||||
/* Do nothing. */
|
||||
@ -3209,7 +3209,7 @@ index baf7641..a8f4609 100644
|
||||
/*
|
||||
* We now know that there is at least one active
|
||||
* non-stale rdataset at this node.
|
||||
@@ -5637,7 +5749,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
@@ -5662,7 +5774,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
* refcurrent(rbtnode) must be non-zero. This is so
|
||||
* because 'node' is an argument to the function.
|
||||
*/
|
||||
@ -3218,7 +3218,7 @@ index baf7641..a8f4609 100644
|
||||
if (log)
|
||||
isc_log_write(dns_lctx, category, module,
|
||||
level, "overmem cache: stale %s",
|
||||
@@ -5645,7 +5757,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
@@ -5670,7 +5782,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
} else if (force_expire) {
|
||||
if (! RETAIN(header)) {
|
||||
set_ttl(rbtdb, header, 0);
|
||||
@ -3227,7 +3227,7 @@ index baf7641..a8f4609 100644
|
||||
} else if (log) {
|
||||
isc_log_write(dns_lctx, category, module,
|
||||
level, "overmem cache: "
|
||||
@@ -5904,9 +6016,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
@@ -5929,9 +6041,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
* non-zero. This is so because 'node' is an
|
||||
* argument to the function.
|
||||
*/
|
||||
@ -3239,7 +3239,7 @@ index baf7641..a8f4609 100644
|
||||
if (header->type == matchtype)
|
||||
found = header;
|
||||
else if (header->type == RBTDB_RDATATYPE_NCACHEANY ||
|
||||
@@ -6206,7 +6318,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6233,7 +6345,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
topheader = topheader->next)
|
||||
{
|
||||
set_ttl(rbtdb, topheader, 0);
|
||||
@ -3248,7 +3248,7 @@ index baf7641..a8f4609 100644
|
||||
}
|
||||
goto find_header;
|
||||
}
|
||||
@@ -6267,7 +6379,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6294,7 +6406,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
* ncache entry.
|
||||
*/
|
||||
set_ttl(rbtdb, topheader, 0);
|
||||
@ -3257,7 +3257,7 @@ index baf7641..a8f4609 100644
|
||||
topheader = NULL;
|
||||
goto find_header;
|
||||
}
|
||||
@@ -6305,8 +6417,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6332,8 +6444,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
}
|
||||
|
||||
/*
|
||||
@ -3271,7 +3271,7 @@ index baf7641..a8f4609 100644
|
||||
*/
|
||||
if (rbtversion == NULL && trust < header->trust &&
|
||||
(ACTIVE(header, now) || header_nx)) {
|
||||
@@ -6336,6 +6451,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6363,6 +6478,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
|
||||
if ((options & DNS_DBADD_EXACT) != 0)
|
||||
flags |= DNS_RDATASLAB_EXACT;
|
||||
@ -3282,7 +3282,7 @@ index baf7641..a8f4609 100644
|
||||
if ((options & DNS_DBADD_EXACTTTL) != 0 &&
|
||||
newheader->rdh_ttl != header->rdh_ttl)
|
||||
result = DNS_R_NOTEXACT;
|
||||
@@ -6379,11 +6498,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6406,11 +6525,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
}
|
||||
}
|
||||
/*
|
||||
@ -3300,7 +3300,7 @@ index baf7641..a8f4609 100644
|
||||
*/
|
||||
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
|
||||
header->type == dns_rdatatype_ns &&
|
||||
@@ -6556,10 +6676,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6583,10 +6703,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
changed->dirty = true;
|
||||
if (rbtversion == NULL) {
|
||||
set_ttl(rbtdb, header, 0);
|
||||
@ -3313,7 +3313,7 @@ index baf7641..a8f4609 100644
|
||||
}
|
||||
}
|
||||
if (rbtversion != NULL && !header_nx) {
|
||||
@@ -8410,6 +8530,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
|
||||
@@ -8437,6 +8557,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
|
||||
return (result);
|
||||
}
|
||||
|
||||
@ -3344,7 +3344,7 @@ index baf7641..a8f4609 100644
|
||||
static dns_dbmethods_t zone_methods = {
|
||||
attach,
|
||||
detach,
|
||||
@@ -8455,7 +8599,9 @@ static dns_dbmethods_t zone_methods = {
|
||||
@@ -8482,7 +8626,9 @@ static dns_dbmethods_t zone_methods = {
|
||||
NULL,
|
||||
hashsize,
|
||||
nodefullname,
|
||||
@ -3355,7 +3355,7 @@ index baf7641..a8f4609 100644
|
||||
};
|
||||
|
||||
static dns_dbmethods_t cache_methods = {
|
||||
@@ -8503,7 +8649,9 @@ static dns_dbmethods_t cache_methods = {
|
||||
@@ -8530,7 +8676,9 @@ static dns_dbmethods_t cache_methods = {
|
||||
setcachestats,
|
||||
hashsize,
|
||||
nodefullname,
|
||||
@ -3366,7 +3366,7 @@ index baf7641..a8f4609 100644
|
||||
};
|
||||
|
||||
isc_result_t
|
||||
@@ -8774,7 +8922,7 @@ dns_rbtdb_create
|
||||
@@ -8801,7 +8949,7 @@ dns_rbtdb_create
|
||||
rbtdb->rpzs = NULL;
|
||||
rbtdb->load_rpzs = NULL;
|
||||
rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;
|
||||
@ -3375,7 +3375,7 @@ index baf7641..a8f4609 100644
|
||||
/*
|
||||
* Version Initialization.
|
||||
*/
|
||||
@@ -9192,7 +9340,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
|
||||
@@ -9219,7 +9367,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
|
||||
* rdatasets to work.
|
||||
*/
|
||||
if (NONEXISTENT(header) ||
|
||||
@ -3385,7 +3385,7 @@ index baf7641..a8f4609 100644
|
||||
header = NULL;
|
||||
break;
|
||||
} else
|
||||
@@ -10401,7 +10550,7 @@ static inline bool
|
||||
@@ -10428,7 +10577,7 @@ static inline bool
|
||||
need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {
|
||||
if ((header->attributes &
|
||||
(RDATASET_ATTR_NONEXISTENT |
|
||||
@ -3394,7 +3394,7 @@ index baf7641..a8f4609 100644
|
||||
RDATASET_ATTR_ZEROTTL)) != 0)
|
||||
return (false);
|
||||
|
||||
@@ -10507,7 +10656,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
|
||||
@@ -10534,7 +10683,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
|
||||
bool tree_locked, expire_t reason)
|
||||
{
|
||||
set_ttl(rbtdb, header, 0);
|
||||
@ -3404,7 +3404,7 @@ index baf7641..a8f4609 100644
|
||||
/*
|
||||
* Caller must hold the node (write) lock.
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index f7f73cd..7a77bde 100644
|
||||
index 5e20783..17a4eee 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -141,16 +141,17 @@
|
||||
@ -3437,7 +3437,7 @@ index f7f73cd..7a77bde 100644
|
||||
#endif
|
||||
|
||||
/* The default maximum number of recursions to follow before giving up. */
|
||||
@@ -523,6 +524,11 @@ struct dns_resolver {
|
||||
@@ -529,6 +530,11 @@ struct dns_resolver {
|
||||
dns_fetch_t * primefetch;
|
||||
/* Locked by nlock. */
|
||||
unsigned int nfctx;
|
||||
@ -3449,7 +3449,7 @@ index f7f73cd..7a77bde 100644
|
||||
};
|
||||
|
||||
#define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
|
||||
@@ -1633,14 +1639,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
|
||||
@@ -1650,14 +1656,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
|
||||
unsigned int seconds;
|
||||
unsigned int us;
|
||||
|
||||
@ -3468,7 +3468,7 @@ index f7f73cd..7a77bde 100644
|
||||
|
||||
/*
|
||||
* Add a fudge factor to the expected rtt based on the current
|
||||
@@ -4518,7 +4522,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
|
||||
@@ -4535,7 +4539,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
|
||||
/*
|
||||
* Compute an expiration time for the entire fetch.
|
||||
*/
|
||||
@ -3478,7 +3478,7 @@ index f7f73cd..7a77bde 100644
|
||||
iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
|
||||
if (iresult != ISC_R_SUCCESS) {
|
||||
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
||||
@@ -9005,6 +9010,8 @@ dns_resolver_create(dns_view_t *view,
|
||||
@@ -9059,6 +9064,8 @@ dns_resolver_create(dns_view_t *view,
|
||||
res->spillattimer = NULL;
|
||||
res->zspill = 0;
|
||||
res->zero_no_soa_ttl = false;
|
||||
@ -3487,7 +3487,7 @@ index f7f73cd..7a77bde 100644
|
||||
res->query_timeout = DEFAULT_QUERY_TIMEOUT;
|
||||
res->maxdepth = DEFAULT_RECURSION_DEPTH;
|
||||
res->maxqueries = DEFAULT_MAX_QUERIES;
|
||||
@@ -10339,17 +10346,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
|
||||
@@ -10393,17 +10400,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
|
||||
}
|
||||
|
||||
void
|
||||
@ -3516,7 +3516,7 @@ index f7f73cd..7a77bde 100644
|
||||
}
|
||||
|
||||
void
|
||||
@@ -10446,3 +10456,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
|
||||
@@ -10500,3 +10510,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
|
||||
|
||||
return (resolver->quotaresp[which]);
|
||||
}
|
||||
@ -3552,7 +3552,7 @@ index f7f73cd..7a77bde 100644
|
||||
+ resolver->nonbackofftries = tries;
|
||||
+}
|
||||
diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
|
||||
index 8afaa52..b370e05 100644
|
||||
index 477bb74..09cf932 100644
|
||||
--- a/lib/dns/sdb.c
|
||||
+++ b/lib/dns/sdb.c
|
||||
@@ -1370,7 +1370,9 @@ static dns_dbmethods_t sdb_methods = {
|
||||
@ -3567,7 +3567,7 @@ index 8afaa52..b370e05 100644
|
||||
|
||||
static isc_result_t
|
||||
diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c
|
||||
index 0b9620c..331992e 100644
|
||||
index 037d74a..9218fed 100644
|
||||
--- a/lib/dns/sdlz.c
|
||||
+++ b/lib/dns/sdlz.c
|
||||
@@ -1336,7 +1336,9 @@ static dns_dbmethods_t sdlzdb_methods = {
|
||||
@ -3582,7 +3582,7 @@ index 0b9620c..331992e 100644
|
||||
|
||||
/*
|
||||
diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c
|
||||
index 2849775..812f750 100644
|
||||
index bc1cc3f..60fdb81 100644
|
||||
--- a/lib/dns/tests/db_test.c
|
||||
+++ b/lib/dns/tests/db_test.c
|
||||
@@ -28,8 +28,9 @@
|
||||
@ -3813,7 +3813,7 @@ index 2849775..812f750 100644
|
||||
_setup, _teardown),
|
||||
cmocka_unit_test_setup_teardown(dbtype_test,
|
||||
diff --git a/lib/dns/view.c b/lib/dns/view.c
|
||||
index 0fca1d9..55ede81 100644
|
||||
index a7ba613..a644c5f 100644
|
||||
--- a/lib/dns/view.c
|
||||
+++ b/lib/dns/view.c
|
||||
@@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
|
||||
@ -3827,7 +3827,7 @@ index 0fca1d9..55ede81 100644
|
||||
view->maxbits = 0;
|
||||
view->v4_aaaa = dns_aaaa_ok;
|
||||
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
|
||||
index 91693b5..5771774 100644
|
||||
index 212194e..b562f95 100644
|
||||
--- a/lib/isccfg/namedconf.c
|
||||
+++ b/lib/isccfg/namedconf.c
|
||||
@@ -1778,6 +1778,7 @@ view_clauses[] = {
|
||||
|
@ -1,178 +0,0 @@
|
||||
From 1528f231b559670445cfc427937174535981917d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Fri, 18 Sep 2020 14:46:02 +0200
|
||||
Subject: [PATCH] Fix isc_atomic_xadd symbol missing
|
||||
|
||||
Squashed commit of the following:
|
||||
|
||||
commit d8afe85342f05d8fec8ee0255451568e936b7eb2
|
||||
Author: Mark Andrews <marka@isc.org>
|
||||
Date: Mon Sep 7 16:12:31 2020 +1000
|
||||
|
||||
Update 'init_count' atomically to silence tsan errors.
|
||||
|
||||
(cherry picked from commit 90185b225f4c7acde2fbb04697d857fe496725a2)
|
||||
|
||||
commit f166c7fb7cc262a688ed511e40c9b0d551d5992d
|
||||
Author: Mark Andrews <marka@isc.org>
|
||||
Date: Thu Sep 3 12:53:53 2020 +1000
|
||||
|
||||
The node lock was released too early.
|
||||
|
||||
NEGATIVE needs to be call with the node lock held.
|
||||
|
||||
WARNING: ThreadSanitizer: data race
|
||||
Write of size 2 at 0x000000000001 by thread T1 (mutexes: write M1):
|
||||
#0 mark_stale_header lib/dns/rbtdb.c:1802:21
|
||||
#1 add32 lib/dns/rbtdb.c:6559:5
|
||||
#2 addrdataset lib/dns/rbtdb.c:6975:12
|
||||
#3 dns_db_addrdataset lib/dns/db.c:783:10
|
||||
#4 cache_name lib/dns/resolver.c:5829:13
|
||||
#5 cache_message lib/dns/resolver.c:5926:14
|
||||
#6 resquery_response lib/dns/resolver.c:8618:12
|
||||
#7 dispatch lib/isc/task.c:1157:7
|
||||
#8 run lib/isc/task.c:1331:2
|
||||
|
||||
Previous read of size 2 at 0x000000000001 by thread T2:
|
||||
#0 cache_findrdataset lib/dns/rbtdb.c:5932:6
|
||||
#1 dns_db_findrdataset lib/dns/db.c:739:10
|
||||
#2 query_addadditional2 bin/named/query.c:2196:11
|
||||
#3 additionaldata_ns lib/dns/./rdata/generic/ns_2.c:198:10
|
||||
#4 dns_rdata_additionaldata lib/dns/rdata.c:1246:2
|
||||
#5 dns_rdataset_additionaldata lib/dns/rdataset.c:629:12
|
||||
#6 query_addrdataset bin/named/query.c:2411:8
|
||||
#7 query_addrrset bin/named/query.c:2802:2
|
||||
#8 query_addbestns bin/named/query.c:3501:2
|
||||
#9 query_find bin/named/query.c:9165:4
|
||||
#10 query_resume bin/named/query.c:4164:12
|
||||
#11 dispatch lib/isc/task.c:1157:7
|
||||
#12 run lib/isc/task.c:1331:2
|
||||
|
||||
(cherry picked from commit a1dcb73f677969d99df3ccff2acf4737e18a72b1)
|
||||
|
||||
commit 591a80fa95b8f3f3e716c45ceb9c5e4ccfa551c8
|
||||
Author: Mark Andrews <marka@isc.org>
|
||||
Date: Mon Aug 24 17:34:58 2020 +1000
|
||||
|
||||
increment header->count atomically
|
||||
|
||||
(cherry picked from commit 121837aa75ced489e28f8ce1dd20315487d199fa)
|
||||
---
|
||||
lib/dns/rbtdb.c | 43 +++++++++++++++++++++++++++++++++++--------
|
||||
1 file changed, 35 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
|
||||
index 88c39bf714..31ced8e73a 100644
|
||||
--- a/lib/dns/rbtdb.c
|
||||
+++ b/lib/dns/rbtdb.c
|
||||
@@ -399,6 +399,23 @@ typedef isc_mutex_t nodelock_t;
|
||||
#define NODE_WEAKDOWNGRADE(l) ((void)0)
|
||||
#endif
|
||||
|
||||
+#if defined(ISC_PLATFORM_HAVESTDATOMIC)
|
||||
+#if defined(__cplusplus)
|
||||
+#include <isc/stdatomic.h>
|
||||
+#else
|
||||
+#include <stdatomic.h>
|
||||
+#endif
|
||||
+#define DNS_RBTDB_STDATOMIC 1
|
||||
+#define DNS_RBTDB_INC(x) atomic_fetch_add(&(x), (1))
|
||||
+#define DNS_RBTDB_LOAD(x) atomic_load(&(x))
|
||||
+#elif defined(ISC_PLATFORM_HAVEXADD)
|
||||
+#define DNS_RBTDB_INC(x) isc_atomic_xadd((int *)&(x), 1);
|
||||
+#define DNS_RBTDB_LOAD(x) isc_atomic_xadd((int *)&(x), 0);
|
||||
+#else
|
||||
+#define DNS_RBTDB_INC(x) ((x)++)
|
||||
+#define DNS_RBTDB_LOAD(x) (x)
|
||||
+#endif
|
||||
+
|
||||
/*%
|
||||
* Whether to rate-limit updating the LRU to avoid possible thread contention.
|
||||
* Our performance measurement has shown the cost is marginal, so it's defined
|
||||
@@ -457,7 +474,11 @@ typedef struct rdatasetheader {
|
||||
* this rdataset.
|
||||
*/
|
||||
|
||||
- uint32_t count;
|
||||
+#ifdef DNS_RBTDB_STDATOMIC
|
||||
+ _Atomic(uint32_t) count;
|
||||
+#else
|
||||
+ uint32_t count;
|
||||
+#endif
|
||||
/*%<
|
||||
* Monotonously increased every time this rdataset is bound so that
|
||||
* it is used as the base of the starting point in DNS responses
|
||||
@@ -952,7 +973,11 @@ static char FILE_VERSION[32] = "\0";
|
||||
* that indicates that the database does not implement cyclic
|
||||
* processing.
|
||||
*/
|
||||
+#ifdef DNS_RBTDB_STDATOMIC
|
||||
+static _Atomic(unsigned int) init_count;
|
||||
+#else
|
||||
static unsigned int init_count;
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Locking
|
||||
@@ -3322,7 +3347,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
rdataset->private2 = node;
|
||||
raw = (unsigned char *)header + sizeof(*header);
|
||||
rdataset->private3 = raw;
|
||||
- rdataset->count = header->count++;
|
||||
+ rdataset->count = DNS_RBTDB_INC(header->count);
|
||||
if (rdataset->count == UINT32_MAX)
|
||||
rdataset->count = 0;
|
||||
|
||||
@@ -5924,10 +5949,10 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
}
|
||||
}
|
||||
|
||||
- NODE_UNLOCK(lock, locktype);
|
||||
-
|
||||
- if (found == NULL)
|
||||
+ if (found == NULL) {
|
||||
+ NODE_UNLOCK(lock, locktype);
|
||||
return (ISC_R_NOTFOUND);
|
||||
+ }
|
||||
|
||||
if (NEGATIVE(found)) {
|
||||
/*
|
||||
@@ -5939,6 +5964,8 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
result = DNS_R_NCACHENXRRSET;
|
||||
}
|
||||
|
||||
+ NODE_UNLOCK(lock, locktype);
|
||||
+
|
||||
update_cachestats(rbtdb, result);
|
||||
|
||||
return (result);
|
||||
@@ -6839,7 +6866,7 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
newheader->attributes |= RDATASET_ATTR_ZEROTTL;
|
||||
newheader->noqname = NULL;
|
||||
newheader->closest = NULL;
|
||||
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
|
||||
+ newheader->count = DNS_RBTDB_INC(init_count);
|
||||
newheader->trust = rdataset->trust;
|
||||
newheader->additional_auth = NULL;
|
||||
newheader->additional_glue = NULL;
|
||||
@@ -7035,7 +7062,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
newheader->trust = 0;
|
||||
newheader->noqname = NULL;
|
||||
newheader->closest = NULL;
|
||||
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
|
||||
+ newheader->count = DNS_RBTDB_INC(init_count);
|
||||
newheader->additional_auth = NULL;
|
||||
newheader->additional_glue = NULL;
|
||||
newheader->last_used = 0;
|
||||
@@ -7481,7 +7508,7 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
|
||||
newheader->serial = 1;
|
||||
newheader->noqname = NULL;
|
||||
newheader->closest = NULL;
|
||||
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
|
||||
+ newheader->count = DNS_RBTDB_INC(init_count);
|
||||
newheader->additional_auth = NULL;
|
||||
newheader->additional_glue = NULL;
|
||||
newheader->last_used = 0;
|
||||
--
|
||||
2.26.2
|
||||
|
20
bind.spec
20
bind.spec
@ -58,7 +58,7 @@
|
||||
#
|
||||
|
||||
# lib*.so.X versions of selected libraries
|
||||
%global sover_dns 1110
|
||||
%global sover_dns 1112
|
||||
%global sover_isc 1107
|
||||
%global sover_irs 161
|
||||
%global sover_isccfg 163
|
||||
@ -66,8 +66,8 @@
|
||||
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.11.23
|
||||
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Version: 9.11.24
|
||||
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
@ -145,10 +145,6 @@ Patch157:bind-9.11-fips-tests.patch
|
||||
Patch158:bind-9.11-rt31459.patch
|
||||
# [RT #46047] commit 24172bd2eeba91441ab1c65d2717b0692309244a ISC 4724
|
||||
Patch159:bind-9.11-rt46047.patch
|
||||
# commit 66ba2fdad583d962a1f4971c85d58381f0849e4d
|
||||
# commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c
|
||||
# commit 083461d3329ff6f2410745848a926090586a9846
|
||||
Patch160:bind-9.11-rh1624100.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/issues/555
|
||||
Patch161:bind-9.11-host-idn-disable.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e
|
||||
@ -166,10 +162,6 @@ Patch174:bind-9.11-json-c.patch
|
||||
Patch175:bind-9.11-fips-disable.patch
|
||||
Patch177: bind-9.11-serve-stale.patch
|
||||
Patch178: bind-9.11-serve-stale-dbfix.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1736762
|
||||
Patch183: bind-9.11-rh1736762-5.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/issues/2167
|
||||
Patch184: bind-9.11.23-atomic.patch
|
||||
|
||||
# SDB patches
|
||||
Patch11: bind-9.3.2b2-sdbsrc.patch
|
||||
@ -571,7 +563,6 @@ are used for building ISC DHCP.
|
||||
%patch157 -p1 -b .fips-tests
|
||||
%patch158 -p1 -b .rt31459
|
||||
%patch159 -p1 -b .rt46047
|
||||
%patch160 -p1 -b .rh1624100
|
||||
%patch161 -p1 -b .host-idn-disable
|
||||
%patch163 -p1 -b .rh1663318
|
||||
%patch164 -p1 -b .rh1666814
|
||||
@ -584,8 +575,6 @@ are used for building ISC DHCP.
|
||||
%patch175 -p1 -b .rh1709553
|
||||
%patch177 -p1 -b .serve-stale
|
||||
%patch178 -p1 -b .rh1770492
|
||||
%patch183 -p1 -b .rh1736762-5
|
||||
%patch184 -p1 -b .rbtdb-atomic
|
||||
|
||||
mkdir lib/dns/tests/testdata/dstrandom
|
||||
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
|
||||
@ -1619,6 +1608,9 @@ fi;
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Oct 23 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-1
|
||||
- Update to 9.11.24
|
||||
|
||||
* Wed Sep 23 2020 Adrian Reber <adrian@lisas.de> - 32:9.11.23-2
|
||||
- Rebuilt for protobuf 3.13
|
||||
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (bind-9.11.23.tar.gz) = df374dcfdad5c905d5607fd3a5dcfd236f1c9ee448902db520748a738d1ff2f1761603bf62949d38932fcd3ebbf36e693737c40f0a6233af20ee91c3f9a3f462
|
||||
SHA512 (bind-9.11.23.tar.gz.asc) = afba039f50ad94fffa7891730d2d506a035f7abedeaec2f05abf19d030ffebc271b49e24adb3720f7bdb73318d52ededf0765ee082a6dc7cd9b581facafd411a
|
||||
SHA512 (bind-9.11.24.tar.gz) = 30b4910be9e59b1df9184ddbd95341494c08a2c530b02077f28492c248af607d7d4c6666459a0e7cc0e9ad6c2b12ff3e7b03f500a720b39d304008f0ab94d5fa
|
||||
SHA512 (bind-9.11.24.tar.gz.asc) = 7ec9a0fa9cc61ab64c2c2c67fabfe17311253da509dbe658dfe5a63d4fada2d0800a2e6d388d8303ccaa4ef110c5a110569724030df3a34dee58b0a58904bbcb
|
||||
|
Loading…
Reference in New Issue
Block a user