import bind-9.11.26-3.el8
This commit is contained in:
parent
d620463052
commit
13a88ee223
@ -1,2 +1,2 @@
|
||||
ff6ad0d3f9282a77786e93eb889154008ef1ccdf SOURCES/bind-9.11.20.tar.gz
|
||||
14064c865920842e48f444be2bda9dc91770e439 SOURCES/bind-9.11.26.tar.gz
|
||||
a164fcad1d64d6b5fab5034928cb7260f1fa8fdd SOURCES/random.data
|
||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/bind-9.11.20.tar.gz
|
||||
SOURCES/bind-9.11.26.tar.gz
|
||||
SOURCES/random.data
|
||||
|
@ -1,5 +1,5 @@
|
||||
diff --git a/bin/Makefile.in b/bin/Makefile.in
|
||||
index f0c504a..ce7a2da 100644
|
||||
index a18b222..26a7e4e 100644
|
||||
--- a/bin/Makefile.in
|
||||
+++ b/bin/Makefile.in
|
||||
@@ -11,8 +11,8 @@ srcdir = @srcdir@
|
||||
@ -14,7 +14,7 @@ index f0c504a..ce7a2da 100644
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
|
||||
index 4b8ca13..32f4470 100644
|
||||
index 390aa0c..e59a118 100644
|
||||
--- a/bin/dnssec-pkcs11/Makefile.in
|
||||
+++ b/bin/dnssec-pkcs11/Makefile.in
|
||||
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
|
||||
@ -130,7 +130,7 @@ index 4b8ca13..32f4470 100644
|
||||
|
||||
clean distclean::
|
||||
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
|
||||
index 4b8ca13..4175996 100644
|
||||
index 390aa0c..851a008 100644
|
||||
--- a/bin/dnssec/Makefile.in
|
||||
+++ b/bin/dnssec/Makefile.in
|
||||
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
|
||||
@ -273,10 +273,10 @@ index 3166368..890574f 100644
|
||||
CWARNINGS =
|
||||
|
||||
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
|
||||
index a058c91..d4b689a 100644
|
||||
index 2c19e7e..8223d5e 100644
|
||||
--- a/bin/pkcs11/Makefile.in
|
||||
+++ b/bin/pkcs11/Makefile.in
|
||||
@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@
|
||||
@@ -13,13 +13,13 @@ top_srcdir = @top_srcdir@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
@ -294,10 +294,10 @@ index a058c91..d4b689a 100644
|
||||
DEPLIBS = ${ISCDEPLIBS}
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 9b7d778..59ba20b 100644
|
||||
index c6715b4..8144268 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1139,12 +1139,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
@@ -1176,12 +1176,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
AC_SUBST(DST_GSSAPI_INC)
|
||||
AC_SUBST(DNS_GSSAPI_LIBS)
|
||||
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
|
||||
@ -312,24 +312,26 @@ index 9b7d778..59ba20b 100644
|
||||
|
||||
#
|
||||
# was --with-randomdev specified?
|
||||
@@ -1494,11 +1496,11 @@ AC_ARG_ENABLE(openssl-hash,
|
||||
@@ -1554,12 +1556,12 @@ AC_ARG_ENABLE(openssl-hash,
|
||||
AC_MSG_CHECKING(for OpenSSL library)
|
||||
OPENSSL_WARNING=
|
||||
openssldirs="/usr /usr/local /usr/local/ssl /opt/local /usr/pkg /usr/sfw"
|
||||
-if test "yes" = "$want_native_pkcs11"
|
||||
-then
|
||||
- use_openssl="native_pkcs11"
|
||||
- want_openssl_hash="no"
|
||||
- AC_MSG_RESULT(use of native PKCS11 instead)
|
||||
-fi
|
||||
+# if test "yes" = "$want_native_pkcs11"
|
||||
+# then
|
||||
+# use_openssl="native_pkcs11"
|
||||
+# AC_MSG_RESULT(use of native PKCS11 instead)
|
||||
+# fi
|
||||
+#if test "yes" = "$want_native_pkcs11"
|
||||
+#then
|
||||
+# use_openssl="native_pkcs11"
|
||||
+# want_openssl_hash="no"
|
||||
+# AC_MSG_RESULT(use of native PKCS11 instead)
|
||||
+#fi
|
||||
|
||||
if test "auto" = "$use_openssl"
|
||||
then
|
||||
@@ -1511,6 +1513,7 @@ then
|
||||
@@ -1572,6 +1574,7 @@ then
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@ -337,7 +339,7 @@ index 9b7d778..59ba20b 100644
|
||||
OPENSSL_ECDSA=""
|
||||
OPENSSL_GOST=""
|
||||
OPENSSL_ED25519=""
|
||||
@@ -1532,11 +1535,10 @@ case "$with_gost" in
|
||||
@@ -1593,11 +1596,10 @@ case "$with_gost" in
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -352,7 +354,7 @@ index 9b7d778..59ba20b 100644
|
||||
CRYPTOLIB="pkcs11"
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
@@ -1546,7 +1548,9 @@ case "$use_openssl" in
|
||||
@@ -1607,7 +1609,9 @@ case "$use_openssl" in
|
||||
OPENSSLGOSTLINKSRCS=""
|
||||
OPENSSLLINKOBJS=""
|
||||
OPENSSLLINKSRCS=""
|
||||
@ -363,7 +365,7 @@ index 9b7d778..59ba20b 100644
|
||||
no)
|
||||
AC_MSG_RESULT(no)
|
||||
DST_OPENSSL_INC=""
|
||||
@@ -1578,7 +1582,7 @@ case "$use_openssl" in
|
||||
@@ -1639,7 +1643,7 @@ case "$use_openssl" in
|
||||
If you do not want OpenSSL, use --without-openssl])
|
||||
;;
|
||||
*)
|
||||
@ -372,7 +374,7 @@ index 9b7d778..59ba20b 100644
|
||||
then
|
||||
AC_MSG_RESULT()
|
||||
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
|
||||
@@ -2006,6 +2010,7 @@ AC_SUBST(OPENSSL_ED25519)
|
||||
@@ -2067,6 +2071,7 @@ AC_SUBST(OPENSSL_ED25519)
|
||||
AC_SUBST(OPENSSL_GOST)
|
||||
|
||||
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
|
||||
@ -380,7 +382,7 @@ index 9b7d778..59ba20b 100644
|
||||
|
||||
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
|
||||
if test "yes" = "$with_aes"
|
||||
@@ -2291,6 +2296,7 @@ esac
|
||||
@@ -2353,6 +2358,7 @@ esac
|
||||
AC_SUBST(PKCS11LINKOBJS)
|
||||
AC_SUBST(PKCS11LINKSRCS)
|
||||
AC_SUBST(CRYPTO)
|
||||
@ -388,7 +390,7 @@ index 9b7d778..59ba20b 100644
|
||||
AC_SUBST(PKCS11_ECDSA)
|
||||
AC_SUBST(PKCS11_GOST)
|
||||
AC_SUBST(PKCS11_ED25519)
|
||||
@@ -5405,8 +5411,11 @@ AC_CONFIG_FILES([
|
||||
@@ -5501,8 +5507,11 @@ AC_CONFIG_FILES([
|
||||
bin/delv/Makefile
|
||||
bin/dig/Makefile
|
||||
bin/dnssec/Makefile
|
||||
@ -400,7 +402,7 @@ index 9b7d778..59ba20b 100644
|
||||
bin/nsupdate/Makefile
|
||||
bin/pkcs11/Makefile
|
||||
bin/python/Makefile
|
||||
@@ -5479,6 +5488,10 @@ AC_CONFIG_FILES([
|
||||
@@ -5575,6 +5584,10 @@ AC_CONFIG_FILES([
|
||||
lib/dns/include/dns/Makefile
|
||||
lib/dns/include/dst/Makefile
|
||||
lib/dns/tests/Makefile
|
||||
@ -411,7 +413,7 @@ index 9b7d778..59ba20b 100644
|
||||
lib/irs/Makefile
|
||||
lib/irs/include/Makefile
|
||||
lib/irs/include/irs/Makefile
|
||||
@@ -5503,6 +5516,24 @@ AC_CONFIG_FILES([
|
||||
@@ -5599,6 +5612,24 @@ AC_CONFIG_FILES([
|
||||
lib/isc/unix/include/Makefile
|
||||
lib/isc/unix/include/isc/Makefile
|
||||
lib/isc/unix/include/pkcs11/Makefile
|
||||
@ -437,7 +439,7 @@ index 9b7d778..59ba20b 100644
|
||||
lib/isccc/include/Makefile
|
||||
lib/isccc/include/isccc/Makefile
|
||||
diff --git a/lib/Makefile.in b/lib/Makefile.in
|
||||
index 81270a0..bcb5312 100644
|
||||
index f089bea..3ed939b 100644
|
||||
--- a/lib/Makefile.in
|
||||
+++ b/lib/Makefile.in
|
||||
@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
|
||||
@ -450,7 +452,7 @@ index 81270a0..bcb5312 100644
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
|
||||
index 7f09bd6..c388d9e 100644
|
||||
index 8fc4e94..5eefb14 100644
|
||||
--- a/lib/dns-pkcs11/Makefile.in
|
||||
+++ b/lib/dns-pkcs11/Makefile.in
|
||||
@@ -26,17 +26,16 @@ VERSION=@BIND9_VERSION@
|
||||
@ -525,7 +527,7 @@ index 7f09bd6..c388d9e 100644
|
||||
rm -f include/dns/rdatastruct.h
|
||||
rm -f dnstap.pb-c.c dnstap.pb-c.h
|
||||
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
|
||||
index 8ad54bb..a3ecdfb 100644
|
||||
index 7e3e9ce..58d7466 100644
|
||||
--- a/lib/isc-pkcs11/Makefile.in
|
||||
+++ b/lib/isc-pkcs11/Makefile.in
|
||||
@@ -23,8 +23,8 @@ CINCLUDES = -I${srcdir}/unix/include \
|
||||
@ -539,7 +541,7 @@ index 8ad54bb..a3ecdfb 100644
|
||||
CWARNINGS =
|
||||
|
||||
# Alphabetically
|
||||
@@ -103,40 +103,40 @@ version.@O@: version.c
|
||||
@@ -107,40 +107,40 @@ version.@O@: version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
@ -593,10 +595,10 @@ index 8ad54bb..a3ecdfb 100644
|
||||
+ rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \
|
||||
+ libisc-pkcs11-nosymtbl.la timestamp
|
||||
diff --git a/make/includes.in b/make/includes.in
|
||||
index fa86ad1..3cfbe9f 100644
|
||||
index 66efe68..966671f 100644
|
||||
--- a/make/includes.in
|
||||
+++ b/make/includes.in
|
||||
@@ -43,3 +43,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
|
||||
@@ -41,3 +41,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
|
||||
|
||||
TEST_INCLUDES = \
|
||||
-I${top_srcdir}/lib/tests/include
|
||||
|
27
SOURCES/bind-9.11-CVE-2020-8625.patch
Normal file
27
SOURCES/bind-9.11-CVE-2020-8625.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 9f331a945071365ccc0cfba24241c4af6919af30 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Mon, 15 Feb 2021 12:18:14 +0100
|
||||
Subject: [PATCH] CVE-2020-8625
|
||||
|
||||
5562. [security] Fix off-by-one bug in ISC SPNEGO implementation.
|
||||
(CVE-2020-8625) [GL #2354]
|
||||
---
|
||||
lib/dns/spnego.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
|
||||
index dea108b..13cf15d 100644
|
||||
--- a/lib/dns/spnego.c
|
||||
+++ b/lib/dns/spnego.c
|
||||
@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
|
||||
return (ASN1_OVERRUN);
|
||||
}
|
||||
|
||||
- data->components = malloc(len * sizeof(*data->components));
|
||||
+ data->components = malloc((len + 1) * sizeof(*data->components));
|
||||
if (data->components == NULL) {
|
||||
return (ENOMEM);
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 68baeb7211ba2fcd4eff53d987e9b70ba38294cb Mon Sep 17 00:00:00 2001
|
||||
From c928591eb2a3b17c5be0cad56c8e061ebba11a95 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 20 Dec 2018 11:52:12 +0100
|
||||
Subject: [PATCH] Fix implicit declaration warning
|
||||
@ -11,7 +11,7 @@ header providing it in files that use it.
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
|
||||
index 36ee6c7..6051cd2 100644
|
||||
index 4b5b901..a3dd450 100644
|
||||
--- a/bin/tests/system/tkey/keydelete.c
|
||||
+++ b/bin/tests/system/tkey/keydelete.c
|
||||
@@ -21,6 +21,7 @@
|
||||
@ -23,7 +23,7 @@ index 36ee6c7..6051cd2 100644
|
||||
#include <isc/sockaddr.h>
|
||||
#include <isc/socket.h>
|
||||
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
|
||||
index 70805bb..33870f3 100644
|
||||
index c37b235..7786801 100644
|
||||
--- a/lib/dns/tsig.c
|
||||
+++ b/lib/dns/tsig.c
|
||||
@@ -18,6 +18,7 @@
|
||||
@ -31,9 +31,9 @@ index 70805bb..33870f3 100644
|
||||
#include <isc/buffer.h>
|
||||
#include <isc/mem.h>
|
||||
+#include <isc/md5.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/refcount.h>
|
||||
#include <isc/serial.h>
|
||||
--
|
||||
2.14.5
|
||||
2.26.2
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c23daf334d5487fa53fef88c82312e439a2d8523 Mon Sep 17 00:00:00 2001
|
||||
From 14ad3e0b42bc999072d30268396412bec158a22d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
@ -80,7 +80,7 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
bin/tests/system/digdelv/tests.sh | 20 +++---
|
||||
bin/tests/system/dlv/ns1/sign.sh | 4 +-
|
||||
bin/tests/system/dlv/ns2/sign.sh | 4 +-
|
||||
bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++---------
|
||||
bin/tests/system/dlv/ns6/sign.sh | 66 ++++++++++---------
|
||||
bin/tests/system/dnssec/ns2/sign.sh | 8 +--
|
||||
bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +-
|
||||
bin/tests/system/dnssec/tests.sh | 4 +-
|
||||
@ -92,22 +92,19 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/setup.sh | 7 +-
|
||||
bin/tests/system/nsupdate/tests.sh | 11 ++-
|
||||
bin/tests/system/nsupdate/tests.sh | 11 +++-
|
||||
bin/tests/system/rndc/setup.sh | 2 +-
|
||||
bin/tests/system/rndc/tests.sh | 23 ++++---
|
||||
bin/tests/system/tsig/clean.sh | 1 +
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
||||
bin/tests/system/tsig/tests.sh | 65 +++++++++++-------
|
||||
bin/tests/system/tsiggss/setup.sh | 2 +-
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
||||
45 files changed, 232 insertions(+), 171 deletions(-)
|
||||
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
43 files changed, 220 insertions(+), 170 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 0ea6502..026db3f 100644
|
||||
index 9999ada..e3f8d0e 100644
|
||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@ -126,7 +123,7 @@ index 0ea6502..026db3f 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
index b877880..d8f50be 100644
|
||||
index f8ec34e..d2d6ad3 100644
|
||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@ -145,7 +142,7 @@ index b877880..d8f50be 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
index 0a95062..aa54088 100644
|
||||
index 2acb813..6a00344 100644
|
||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
@@ -33,17 +33,17 @@ options {
|
||||
@ -170,7 +167,7 @@ index 0a95062..aa54088 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
index 7cdcb6e..606a345 100644
|
||||
index bca3ee1..5913420 100644
|
||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@ -189,7 +186,7 @@ index 7cdcb6e..606a345 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index 4b4e050..0e679a8 100644
|
||||
index 9ef8171..5ae8d38 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -34,12 +34,12 @@ options {
|
||||
@ -208,7 +205,7 @@ index 4b4e050..0e679a8 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
||||
index 09f31f2..f88f0d4 100644
|
||||
index 2ee34a0..a73a54e 100644
|
||||
--- a/bin/tests/system/acl/tests.sh
|
||||
+++ b/bin/tests/system/acl/tests.sh
|
||||
@@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
|
||||
@ -334,7 +331,7 @@ index 09f31f2..f88f0d4 100644
|
||||
|
||||
echo_i "testing allow-query-on ACL processing"
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
index 1569913..e9c5c2d 100644
|
||||
index a579f32..3b8f853 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -347,7 +344,7 @@ index 1569913..e9c5c2d 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
index 18ac91c..2b1c873 100644
|
||||
index 166afa1..997ece9 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
@@ -12,12 +12,12 @@
|
||||
@ -366,7 +363,7 @@ index 18ac91c..2b1c873 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
index b824844..dd48945 100644
|
||||
index 25271a5..a9cb65d 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -379,7 +376,7 @@ index b824844..dd48945 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
index aeb1540..bfce58b 100644
|
||||
index c7c8254..f165e65 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -392,7 +389,7 @@ index aeb1540..bfce58b 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
index d4b7432..e0f5252 100644
|
||||
index 567bbcc..4fd2035 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
@@ -12,12 +12,12 @@
|
||||
@ -411,7 +408,7 @@ index d4b7432..e0f5252 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
index c025938..87afb3f 100644
|
||||
index b75161f..7b254e6 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
@@ -12,7 +12,7 @@
|
||||
@ -424,7 +421,7 @@ index c025938..87afb3f 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
index d83b376..d726b94 100644
|
||||
index 9e17818..22f5001 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
||||
@ -443,7 +440,7 @@ index d83b376..d726b94 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
|
||||
index fb6059d..f960156 100644
|
||||
index 791a1a4..95cd971 100644
|
||||
--- a/bin/tests/system/allow-query/tests.sh
|
||||
+++ b/bin/tests/system/allow-query/tests.sh
|
||||
@@ -190,7 +190,7 @@ rndc_reload
|
||||
@ -528,7 +525,7 @@ index fb6059d..f960156 100644
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
||||
index 74b7d37..c353766 100644
|
||||
index 6856ec7..0ac1fa3 100644
|
||||
--- a/bin/tests/system/catz/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
||||
@@ -61,5 +61,5 @@ zone "catalog4.example" {
|
||||
@ -539,7 +536,7 @@ index 74b7d37..c353766 100644
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in
|
||||
index ee83efb..35ced08 100644
|
||||
index dd3a9dc..77b8d96 100644
|
||||
--- a/bin/tests/system/catz/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns2/named.conf.in
|
||||
@@ -70,5 +70,5 @@ zone "catalog4.example" {
|
||||
@ -550,7 +547,7 @@ index ee83efb..35ced08 100644
|
||||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
index 21be03e..e57c308 100644
|
||||
index 338dddb..90cd424 100644
|
||||
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
||||
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
@@ -11,7 +11,7 @@
|
||||
@ -563,10 +560,10 @@ index 21be03e..e57c308 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
||||
index 9ab35b3..486551a 100644
|
||||
index 2282f87..1359cf3 100644
|
||||
--- a/bin/tests/system/checkconf/good.conf
|
||||
+++ b/bin/tests/system/checkconf/good.conf
|
||||
@@ -153,6 +153,6 @@ dyndb "name" "library.so" {
|
||||
@@ -159,6 +159,6 @@ dyndb "name" "library.so" {
|
||||
system;
|
||||
};
|
||||
key "mykey" {
|
||||
@ -575,7 +572,7 @@ index 9ab35b3..486551a 100644
|
||||
secret "qwertyuiopasdfgh";
|
||||
};
|
||||
diff --git a/bin/tests/system/digdelv/ns2/example.db b/bin/tests/system/digdelv/ns2/example.db
|
||||
index f4e30f5..9f53e31 100644
|
||||
index b66207a..359b220 100644
|
||||
--- a/bin/tests/system/digdelv/ns2/example.db
|
||||
+++ b/bin/tests/system/digdelv/ns2/example.db
|
||||
@@ -38,12 +38,15 @@ foo SSHFP 2 1 123456789abcdef67890123456789abcdef67890
|
||||
@ -601,10 +598,10 @@ index f4e30f5..9f53e31 100644
|
||||
; TTL of 3 weeks
|
||||
weeks 1814400 A 10.53.0.2
|
||||
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
|
||||
index ade45ce..d3aff24 100644
|
||||
index 2109001..ded5557 100644
|
||||
--- a/bin/tests/system/digdelv/tests.sh
|
||||
+++ b/bin/tests/system/digdelv/tests.sh
|
||||
@@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then
|
||||
@@ -155,7 +155,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +rrcomments works for DNSKEY($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -613,7 +610,7 @@ index ade45ce..d3aff24 100644
|
||||
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
@@ -115,7 +115,7 @@ if [ -x "$DIG" ] ; then
|
||||
@@ -164,7 +164,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +rrcomments works for DNSKEY ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -622,7 +619,7 @@ index ade45ce..d3aff24 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -123,7 +123,7 @@ if [ -x "$DIG" ] ; then
|
||||
@@ -172,7 +172,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +nosplit works($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -631,7 +628,7 @@ index ade45ce..d3aff24 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -131,7 +131,7 @@ if [ -x "$DIG" ] ; then
|
||||
@@ -180,7 +180,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +rrcomments works($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -640,7 +637,7 @@ index ade45ce..d3aff24 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -148,7 +148,7 @@ if [ -x "$DIG" ] ; then
|
||||
@@ -197,7 +197,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +rrcomments works($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -649,7 +646,7 @@ index ade45ce..d3aff24 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -695,7 +695,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -827,7 +827,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +rrcomments works for DNSKEY($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -658,7 +655,7 @@ index ade45ce..d3aff24 100644
|
||||
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
@@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -836,7 +836,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -667,7 +664,7 @@ index ade45ce..d3aff24 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -712,7 +712,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -844,7 +844,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +rrcomments works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -676,7 +673,7 @@ index ade45ce..d3aff24 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -720,7 +720,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -852,7 +852,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +nosplit works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -685,7 +682,7 @@ index ade45ce..d3aff24 100644
|
||||
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
|
||||
f=`awk '{print NF}' < delv.out.test$n`
|
||||
test "${f:-0}" -eq 14 || ret=1
|
||||
@@ -731,7 +731,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -863,7 +863,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -695,7 +692,7 @@ index ade45ce..d3aff24 100644
|
||||
f=`awk '{print NF}' < delv.out.test$n`
|
||||
test "${f:-0}" -eq 4 || ret=1
|
||||
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
|
||||
index 606e7cc..a3a0d60 100755
|
||||
index 14ca5db..3f522d0 100755
|
||||
--- a/bin/tests/system/dlv/ns1/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns1/sign.sh
|
||||
@@ -23,8 +23,8 @@ infile=root.db.in
|
||||
@ -710,7 +707,7 @@ index 606e7cc..a3a0d60 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
|
||||
index 9825c57..202c978 100755
|
||||
index d870798..b0ab372 100755
|
||||
--- a/bin/tests/system/dlv/ns2/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns2/sign.sh
|
||||
@@ -24,8 +24,8 @@ zonefile=druz.db
|
||||
@ -725,7 +722,7 @@ index 9825c57..202c978 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
|
||||
index 1e39862..4ed19ac 100755
|
||||
index ba39f90..f20a2dd 100755
|
||||
--- a/bin/tests/system/dlv/ns6/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns6/sign.sh
|
||||
@@ -16,13 +16,15 @@ SYSTESTDIR=dlv
|
||||
@ -912,7 +909,7 @@ index 1e39862..4ed19ac 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
|
||||
index 13fb924..1ffa279 100644
|
||||
index e28b3f1..29c169b 100644
|
||||
--- a/bin/tests/system/dnssec/ns2/sign.sh
|
||||
+++ b/bin/tests/system/dnssec/ns2/sign.sh
|
||||
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
|
||||
@ -945,7 +942,7 @@ index 13fb924..1ffa279 100644
|
||||
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
|
||||
|
||||
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
index ed30460..e6b1126 100644
|
||||
index 75cf699..b4d848c 100644
|
||||
--- a/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
+++ b/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
@@ -10,5 +10,5 @@
|
||||
@ -956,10 +953,10 @@ index ed30460..e6b1126 100644
|
||||
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
|
||||
};
|
||||
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
|
||||
index b31c1b4..a5e237b 100644
|
||||
index 3e8e4d5..da692f9 100644
|
||||
--- a/bin/tests/system/dnssec/tests.sh
|
||||
+++ b/bin/tests/system/dnssec/tests.sh
|
||||
@@ -3235,8 +3235,8 @@ do
|
||||
@@ -3257,8 +3257,8 @@ do
|
||||
alg=`expr $alg + 1`
|
||||
continue;;
|
||||
3) size="-b 512";;
|
||||
@ -971,7 +968,7 @@ index b31c1b4..a5e237b 100644
|
||||
8) size="-b 512";;
|
||||
10) size="-b 1024";;
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index c1249ed..20a3139 100644
|
||||
index 5e473ab..b08692e 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -19,6 +19,7 @@
|
||||
@ -983,14 +980,14 @@ index c1249ed..20a3139 100644
|
||||
|
||||
#ifdef WIN32
|
||||
@@ -47,6 +48,7 @@ usage() {
|
||||
fprintf(stderr, " --have-geoip2\n");
|
||||
fprintf(stderr, " --have-libxml2\n");
|
||||
fprintf(stderr, " --ipv6only=no\n");
|
||||
+ fprintf(stderr, " --md5\n");
|
||||
fprintf(stderr, " --rpz-nsdname\n");
|
||||
fprintf(stderr, " --rpz-nsip\n");
|
||||
fprintf(stderr, " --with-idn\n");
|
||||
@@ -155,6 +157,18 @@ main(int argc, char **argv) {
|
||||
fprintf(stderr, "\t--have-geoip\n");
|
||||
fprintf(stderr, "\t--have-libxml2\n");
|
||||
fprintf(stderr, "\t--ipv6only=no\n");
|
||||
+ fprintf(stderr, "\t--md5\n");
|
||||
fprintf(stderr, "\t--rpz-log-qtype-qclass\n");
|
||||
fprintf(stderr, "\t--rpz-nsdname\n");
|
||||
fprintf(stderr, "\t--rpz-nsip\n");
|
||||
@@ -194,6 +196,18 @@ main(int argc, char **argv) {
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -1010,7 +1007,7 @@ index c1249ed..20a3139 100644
|
||||
#ifdef ENABLE_RPZ_NSIP
|
||||
return (0);
|
||||
diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh
|
||||
index f755581..4a7d890 100755
|
||||
index 479f98c..4d4a765 100755
|
||||
--- a/bin/tests/system/filter-aaaa/ns1/sign.sh
|
||||
+++ b/bin/tests/system/filter-aaaa/ns1/sign.sh
|
||||
@@ -21,8 +21,8 @@ infile=signed.db.in
|
||||
@ -1025,7 +1022,7 @@ index f755581..4a7d890 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh
|
||||
index f755581..4a7d890 100755
|
||||
index 479f98c..4d4a765 100755
|
||||
--- a/bin/tests/system/filter-aaaa/ns4/sign.sh
|
||||
+++ b/bin/tests/system/filter-aaaa/ns4/sign.sh
|
||||
@@ -21,8 +21,8 @@ infile=signed.db.in
|
||||
@ -1040,7 +1037,7 @@ index f755581..4a7d890 100755
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
||||
index cfcfe8f..0a1614d 100644
|
||||
index 157ef16..b802288 100644
|
||||
--- a/bin/tests/system/notify/ns5/named.conf.in
|
||||
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
||||
@@ -10,17 +10,17 @@
|
||||
@ -1065,7 +1062,7 @@ index cfcfe8f..0a1614d 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
||||
index 1f6e6d0..c08bd25 100644
|
||||
index f9fd3f5..916af75 100644
|
||||
--- a/bin/tests/system/notify/tests.sh
|
||||
+++ b/bin/tests/system/notify/tests.sh
|
||||
@@ -212,16 +212,16 @@ ret=0
|
||||
@ -1089,7 +1086,7 @@ index 1f6e6d0..c08bd25 100644
|
||||
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
|
||||
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
|
||||
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
index 1d999ad..26b6b7c 100644
|
||||
index b0ded3a..cb80269 100644
|
||||
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
@@ -32,7 +32,7 @@ controls {
|
||||
@ -1102,7 +1099,7 @@ index 1d999ad..26b6b7c 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
index 4549184..cb7dccd 100644
|
||||
index e6e2382..b0a94e0 100644
|
||||
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
@@ -33,7 +33,7 @@ controls {
|
||||
@ -1115,10 +1112,10 @@ index 4549184..cb7dccd 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||
index 21805c5..0d3d85c 100644
|
||||
index 6fbf1d7..a712b17 100644
|
||||
--- a/bin/tests/system/nsupdate/setup.sh
|
||||
+++ b/bin/tests/system/nsupdate/setup.sh
|
||||
@@ -58,7 +58,12 @@ EOF
|
||||
@@ -53,7 +53,12 @@ EOF
|
||||
|
||||
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
|
||||
|
||||
@ -1133,10 +1130,10 @@ index 21805c5..0d3d85c 100644
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index 4da4849..b3bc807 100755
|
||||
index 6b2c8f6..96ad95e 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -708,7 +708,14 @@ fi
|
||||
@@ -788,7 +788,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms ($n)"
|
||||
@ -1152,7 +1149,7 @@ index 4da4849..b3bc807 100755
|
||||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -716,7 +723,7 @@ send
|
||||
@@ -796,7 +803,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
@ -1162,10 +1159,10 @@ index 4da4849..b3bc807 100755
|
||||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
||||
index 343869e..c30efb0 100644
|
||||
index 2eb2cd5..36f5114 100644
|
||||
--- a/bin/tests/system/rndc/setup.sh
|
||||
+++ b/bin/tests/system/rndc/setup.sh
|
||||
@@ -37,7 +37,7 @@ make_key () {
|
||||
@@ -35,7 +35,7 @@ make_key () {
|
||||
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
||||
}
|
||||
|
||||
@ -1175,7 +1172,7 @@ index 343869e..c30efb0 100644
|
||||
make_key 3 ${EXTRAPORT3} hmac-sha224
|
||||
make_key 4 ${EXTRAPORT4} hmac-sha256
|
||||
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
||||
index 57e066d..186a723 100644
|
||||
index 4e25e51..cb8934c 100644
|
||||
--- a/bin/tests/system/rndc/tests.sh
|
||||
+++ b/bin/tests/system/rndc/tests.sh
|
||||
@@ -348,15 +348,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@ -1208,17 +1205,8 @@ index 57e066d..186a723 100644
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo_i "testing rndc with hmac-sha1 ($n)"
|
||||
diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh
|
||||
index 576ec70..cb7a852 100644
|
||||
--- a/bin/tests/system/tsig/clean.sh
|
||||
+++ b/bin/tests/system/tsig/clean.sh
|
||||
@@ -20,3 +20,4 @@ rm -f */named.run
|
||||
rm -f ns*/named.lock
|
||||
rm -f Kexample.net.+163+*
|
||||
rm -f keygen.out?
|
||||
+rm -f ns1/named.conf
|
||||
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
index fbf30c6..f61657d 100644
|
||||
index 4905ffd..958d9fb 100644
|
||||
--- a/bin/tests/system/tsig/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
@@ -21,10 +21,7 @@ options {
|
||||
@ -1246,10 +1234,10 @@ index fbf30c6..f61657d 100644
|
||||
key "sha1-trunc" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||
index 4dd4a25..aa0f966 100644
|
||||
index f42aa79..bfcf4a6 100644
|
||||
--- a/bin/tests/system/tsig/setup.sh
|
||||
+++ b/bin/tests/system/tsig/setup.sh
|
||||
@@ -17,3 +17,8 @@ $SHELL clean.sh
|
||||
@@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
|
||||
@ -1259,7 +1247,7 @@ index 4dd4a25..aa0f966 100644
|
||||
+ cat ns1/rndc5.conf.in >> ns1/named.conf
|
||||
+fi
|
||||
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
||||
index f731fa6..cade35b 100644
|
||||
index ed41e1d..98c542e 100644
|
||||
--- a/bin/tests/system/tsig/tests.sh
|
||||
+++ b/bin/tests/system/tsig/tests.sh
|
||||
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
@ -1273,13 +1261,6 @@ index f731fa6..cade35b 100644
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
-fi
|
||||
-
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5 (old form)"
|
||||
@ -1289,7 +1270,13 @@ index f731fa6..cade35b 100644
|
||||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
+
|
||||
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+ echo_i "fetching using hmac-md5 (new form)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
@ -1351,10 +1338,10 @@ index f731fa6..cade35b 100644
|
||||
|
||||
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
||||
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
|
||||
index 0d21c7b..dbcb7b4 100644
|
||||
index f04c907..09da5f9 100644
|
||||
--- a/bin/tests/system/tsiggss/setup.sh
|
||||
+++ b/bin/tests/system/tsiggss/setup.sh
|
||||
@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
|
||||
@@ -16,5 +16,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
|
||||
@ -1362,7 +1349,7 @@ index 0d21c7b..dbcb7b4 100644
|
||||
+key=`$KEYGEN -Cq -K ns1 -a DSA -b 1024 -r $RANDFILE -n HOST -T KEY key.example.nil.`
|
||||
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
|
||||
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
index e0a30cd..6a77b1c 100644
|
||||
index 4ddd7a4..238f52a 100644
|
||||
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@ -1375,7 +1362,7 @@ index e0a30cd..6a77b1c 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
||||
index b0694bb..9adae82 100644
|
||||
index 1cf8d3b..f4c3216 100644
|
||||
--- a/bin/tests/system/upforwd/tests.sh
|
||||
+++ b/bin/tests/system/upforwd/tests.sh
|
||||
@@ -68,7 +68,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
@ -1387,22 +1374,6 @@ index b0694bb..9adae82 100644
|
||||
server 10.53.0.3 ${PORT}
|
||||
update add updated.example. 600 A 10.10.10.1
|
||||
update add updated.example. 600 TXT Foo
|
||||
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
new file mode 100644
|
||||
index 0000000..0682194
|
||||
--- /dev/null
|
||||
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Conditionally included when support for MD5 is available
|
||||
+key "md5" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5;
|
||||
+};
|
||||
+
|
||||
+key "md5-trunc" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5-80;
|
||||
+};
|
||||
--
|
||||
2.20.1
|
||||
2.26.2
|
||||
|
||||
|
@ -1,288 +0,0 @@
|
||||
From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
|
||||
Date: Wed, 25 Apr 2018 14:04:31 +0200
|
||||
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
|
||||
|
||||
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
|
||||
|
||||
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
|
||||
|
||||
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
|
||||
|
||||
Fix the isc_safe_memwipe() usage with (NULL, >0)
|
||||
|
||||
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
|
||||
---
|
||||
bin/dnssec/dnssec-signzone.c | 2 +-
|
||||
lib/dns/nsec3.c | 4 +-
|
||||
lib/dns/spnego.c | 4 +-
|
||||
lib/isc/Makefile.in | 8 +---
|
||||
lib/isc/include/isc/safe.h | 18 ++------
|
||||
lib/isc/safe.c | 83 ------------------------------------
|
||||
lib/isc/tests/safe_test.c | 18 --------
|
||||
7 files changed, 11 insertions(+), 126 deletions(-)
|
||||
delete mode 100644 lib/isc/safe.c
|
||||
|
||||
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
|
||||
index 6dded0c..a9c5557 100644
|
||||
--- a/bin/dnssec/dnssec-signzone.c
|
||||
+++ b/bin/dnssec/dnssec-signzone.c
|
||||
@@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
|
||||
|
||||
static int
|
||||
hashlist_comp(const void *a, const void *b) {
|
||||
- return (isc_safe_memcompare(a, b, hash_length + 1));
|
||||
+ return (memcmp(a, b, hash_length + 1));
|
||||
}
|
||||
|
||||
static void
|
||||
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
|
||||
index 6ae7ca8..01426d6 100644
|
||||
--- a/lib/dns/nsec3.c
|
||||
+++ b/lib/dns/nsec3.c
|
||||
@@ -1963,7 +1963,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
|
||||
* Work out what this NSEC3 covers.
|
||||
* Inside (<0) or outside (>=0).
|
||||
*/
|
||||
- scope = isc_safe_memcompare(owner, nsec3.next, nsec3.next_length);
|
||||
+ scope = memcmp(owner, nsec3.next, nsec3.next_length);
|
||||
|
||||
/*
|
||||
* Prepare to compute all the hashes.
|
||||
@@ -1987,7 +1987,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
|
||||
return (ISC_R_IGNORE);
|
||||
}
|
||||
|
||||
- order = isc_safe_memcompare(hash, owner, length);
|
||||
+ order = memcmp(hash, owner, length);
|
||||
if (first && order == 0) {
|
||||
/*
|
||||
* The hashes are the same.
|
||||
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
|
||||
index ad77f24..670982a 100644
|
||||
--- a/lib/dns/spnego.c
|
||||
+++ b/lib/dns/spnego.c
|
||||
@@ -371,7 +371,7 @@ gssapi_spnego_decapsulate(OM_uint32 *,
|
||||
|
||||
/* mod_auth_kerb.c */
|
||||
|
||||
-static int
|
||||
+static isc_boolean_t
|
||||
cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
|
||||
{
|
||||
unsigned char *p;
|
||||
@@ -395,7 +395,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
|
||||
if (((OM_uint32) *p++) != gssoid->length)
|
||||
return (GSS_S_DEFECTIVE_TOKEN);
|
||||
|
||||
- return (isc_safe_memcompare(p, gssoid->elements, gssoid->length));
|
||||
+ return (!isc_safe_memequal(p, gssoid->elements, gssoid->length));
|
||||
}
|
||||
|
||||
/* accept_sec_context.c */
|
||||
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
|
||||
index 149552a..8529a86 100644
|
||||
--- a/lib/isc/Makefile.in
|
||||
+++ b/lib/isc/Makefile.in
|
||||
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
|
||||
parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \
|
||||
ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
|
||||
rwlock.@O@ \
|
||||
- safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
|
||||
+ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
|
||||
string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
|
||||
tm.@O@ timer.@O@ utf8.@O@ version.@O@ \
|
||||
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
|
||||
@@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
|
||||
netaddr.c netscope.c pool.c ondestroy.c \
|
||||
parseint.c portset.c quota.c radix.c random.c ${CHACHASRCS} \
|
||||
ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
|
||||
- safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
|
||||
+ serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
|
||||
strtoul.c symtab.c task.c taskpool.c timer.c \
|
||||
tm.c utf8.c version.c
|
||||
|
||||
@@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
-safe.@O@: safe.c
|
||||
- ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} @CCNOOPT@ \
|
||||
- -c ${srcdir}/safe.c
|
||||
-
|
||||
version.@O@: version.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
-DVERSION=\"${VERSION}\" \
|
||||
diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
|
||||
index 66ed08b..88b8f47 100644
|
||||
--- a/lib/isc/include/isc/safe.h
|
||||
+++ b/lib/isc/include/isc/safe.h
|
||||
@@ -15,29 +15,19 @@
|
||||
|
||||
/*! \file isc/safe.h */
|
||||
|
||||
-#include <stdbool.h>
|
||||
-
|
||||
-#include <isc/types.h>
|
||||
-#include <stdlib.h>
|
||||
+#include <isc/lang.h>
|
||||
+#include <openssl/crypto.h>
|
||||
|
||||
ISC_LANG_BEGINDECLS
|
||||
|
||||
-bool
|
||||
-isc_safe_memequal(const void *s1, const void *s2, size_t n);
|
||||
+#define isc_safe_memequal(s1, s2, n) !CRYPTO_memcmp(s1, s2, n)
|
||||
/*%<
|
||||
* Returns true iff. two blocks of memory are equal, otherwise
|
||||
* false.
|
||||
*
|
||||
*/
|
||||
|
||||
-int
|
||||
-isc_safe_memcompare(const void *b1, const void *b2, size_t len);
|
||||
-/*%<
|
||||
- * Clone of libc memcmp() which is safe to differential timing attacks.
|
||||
- */
|
||||
-
|
||||
-void
|
||||
-isc_safe_memwipe(void *ptr, size_t len);
|
||||
+#define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len)
|
||||
/*%<
|
||||
* Clear the memory of length `len` pointed to by `ptr`.
|
||||
*
|
||||
diff --git a/lib/isc/safe.c b/lib/isc/safe.c
|
||||
deleted file mode 100644
|
||||
index 7a464b6..0000000
|
||||
--- a/lib/isc/safe.c
|
||||
+++ /dev/null
|
||||
@@ -1,83 +0,0 @@
|
||||
-/*
|
||||
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
- *
|
||||
- * This Source Code Form is subject to the terms of the Mozilla Public
|
||||
- * License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
- *
|
||||
- * See the COPYRIGHT file distributed with this work for additional
|
||||
- * information regarding copyright ownership.
|
||||
- */
|
||||
-
|
||||
-/*! \file */
|
||||
-
|
||||
-#include <config.h>
|
||||
-
|
||||
-#include <stdbool.h>
|
||||
-
|
||||
-#include <isc/safe.h>
|
||||
-#include <isc/string.h>
|
||||
-#include <isc/util.h>
|
||||
-
|
||||
-#ifdef WIN32
|
||||
-#include <windows.h>
|
||||
-#endif
|
||||
-
|
||||
-#ifdef _MSC_VER
|
||||
-#pragma optimize("", off)
|
||||
-#endif
|
||||
-
|
||||
-bool
|
||||
-isc_safe_memequal(const void *s1, const void *s2, size_t n) {
|
||||
- uint8_t acc = 0;
|
||||
-
|
||||
- if (n != 0U) {
|
||||
- const uint8_t *p1 = s1, *p2 = s2;
|
||||
-
|
||||
- do {
|
||||
- acc |= *p1++ ^ *p2++;
|
||||
- } while (--n != 0U);
|
||||
- }
|
||||
- return (acc == 0);
|
||||
-}
|
||||
-
|
||||
-
|
||||
-int
|
||||
-isc_safe_memcompare(const void *b1, const void *b2, size_t len) {
|
||||
- const unsigned char *p1 = b1, *p2 = b2;
|
||||
- size_t i;
|
||||
- int res = 0, done = 0;
|
||||
-
|
||||
- for (i = 0; i < len; i++) {
|
||||
- /* lt is -1 if p1[i] < p2[i]; else 0. */
|
||||
- int lt = (p1[i] - p2[i]) >> CHAR_BIT;
|
||||
-
|
||||
- /* gt is -1 if p1[i] > p2[i]; else 0. */
|
||||
- int gt = (p2[i] - p1[i]) >> CHAR_BIT;
|
||||
-
|
||||
- /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
|
||||
- int cmp = lt - gt;
|
||||
-
|
||||
- /* set res = cmp if !done. */
|
||||
- res |= cmp & ~done;
|
||||
-
|
||||
- /* set done if p1[i] != p2[i]. */
|
||||
- done |= lt | gt;
|
||||
- }
|
||||
-
|
||||
- return (res);
|
||||
-}
|
||||
-
|
||||
-void
|
||||
-isc_safe_memwipe(void *ptr, size_t len) {
|
||||
- if (ISC_UNLIKELY(ptr == NULL || len == 0))
|
||||
- return;
|
||||
-
|
||||
-#ifdef WIN32
|
||||
- SecureZeroMemory(ptr, len);
|
||||
-#elif HAVE_EXPLICIT_BZERO
|
||||
- explicit_bzero(ptr, len);
|
||||
-#else
|
||||
- memset(ptr, 0, len);
|
||||
-#endif
|
||||
-}
|
||||
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
|
||||
index 266ac75..60e9181 100644
|
||||
--- a/lib/isc/tests/safe_test.c
|
||||
+++ b/lib/isc/tests/safe_test.c
|
||||
@@ -45,22 +45,6 @@ isc_safe_memequal_test(void **state) {
|
||||
"\x00\x00\x00\x00", 4));
|
||||
}
|
||||
|
||||
-/* test isc_safe_memcompare() */
|
||||
-static void
|
||||
-isc_safe_memcompare_test(void **state) {
|
||||
- UNUSED(state);
|
||||
-
|
||||
- assert_int_equal(isc_safe_memcompare("test", "test", 4), 0);
|
||||
- assert_true(isc_safe_memcompare("test", "tesc", 4) > 0);
|
||||
- assert_true(isc_safe_memcompare("test", "tesy", 4) < 0);
|
||||
- assert_int_equal(isc_safe_memcompare("\x00\x00\x00\x00",
|
||||
- "\x00\x00\x00\x00", 4), 0);
|
||||
- assert_true(isc_safe_memcompare("\x00\x00\x00\x00",
|
||||
- "\x00\x00\x00\x01", 4) < 0);
|
||||
- assert_true(isc_safe_memcompare("\x00\x00\x00\x02",
|
||||
- "\x00\x00\x00\x00", 4) > 0);
|
||||
-}
|
||||
-
|
||||
/* test isc_safe_memwipe() */
|
||||
static void
|
||||
isc_safe_memwipe_test(void **state) {
|
||||
@@ -69,7 +53,6 @@ isc_safe_memwipe_test(void **state) {
|
||||
/* These should pass. */
|
||||
isc_safe_memwipe(NULL, 0);
|
||||
isc_safe_memwipe((void *) -1, 0);
|
||||
- isc_safe_memwipe(NULL, 42);
|
||||
|
||||
/*
|
||||
* isc_safe_memwipe(ptr, size) should function same as
|
||||
@@ -108,7 +91,6 @@ main(void) {
|
||||
const struct CMUnitTest tests[] = {
|
||||
cmocka_unit_test(isc_safe_memequal_test),
|
||||
cmocka_unit_test(isc_safe_memwipe_test),
|
||||
- cmocka_unit_test(isc_safe_memcompare_test),
|
||||
};
|
||||
|
||||
return (cmocka_run_group_tests(tests, NULL, NULL));
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001
|
||||
From 63d1fe9e1ac0db37f89cf31b40c35d6d22578ded Mon Sep 17 00:00:00 2001
|
||||
From: Evan Hunt <each@isc.org>
|
||||
Date: Tue, 12 Sep 2017 19:05:46 -0700
|
||||
Subject: [PATCH] rebased rt31459c
|
||||
@ -53,7 +53,7 @@ Include new unit test
|
||||
create mode 100644 lib/dns/tests/dstrandom_test.c
|
||||
|
||||
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
|
||||
index 5015abb..295e16f 100644
|
||||
index 40cf74c..bd269e7 100644
|
||||
--- a/bin/confgen/keygen.c
|
||||
+++ b/bin/confgen/keygen.c
|
||||
@@ -165,6 +165,13 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
|
||||
@ -71,7 +71,7 @@ index 5015abb..295e16f 100644
|
||||
&entropy_source,
|
||||
randomfile,
|
||||
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
|
||||
index d9d6bb9..de4b15f 100644
|
||||
index 4420f2d..9cb63a8 100644
|
||||
--- a/bin/dnssec/dnssec-dsfromkey.c
|
||||
+++ b/bin/dnssec/dnssec-dsfromkey.c
|
||||
@@ -498,14 +498,14 @@ main(int argc, char **argv) {
|
||||
@ -103,7 +103,7 @@ index d9d6bb9..de4b15f 100644
|
||||
dns_name_destroy();
|
||||
if (verbose > 10)
|
||||
diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c
|
||||
index d65a514..04b3094 100644
|
||||
index dc9a293..52863a1 100644
|
||||
--- a/bin/dnssec/dnssec-importkey.c
|
||||
+++ b/bin/dnssec/dnssec-importkey.c
|
||||
@@ -404,14 +404,14 @@ main(int argc, char **argv) {
|
||||
@ -135,7 +135,7 @@ index d65a514..04b3094 100644
|
||||
dns_name_destroy();
|
||||
if (verbose > 10)
|
||||
diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c
|
||||
index 7d82dbf..10f9359 100644
|
||||
index 0121a34..74a99b0 100644
|
||||
--- a/bin/dnssec/dnssec-revoke.c
|
||||
+++ b/bin/dnssec/dnssec-revoke.c
|
||||
@@ -184,14 +184,14 @@ main(int argc, char **argv) {
|
||||
@ -167,10 +167,10 @@ index 7d82dbf..10f9359 100644
|
||||
if (verbose > 10)
|
||||
isc_mem_stats(mctx, stdout);
|
||||
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
|
||||
index 7afcaee..1cfa511 100644
|
||||
index f017895..2c568fc 100644
|
||||
--- a/bin/dnssec/dnssec-settime.c
|
||||
+++ b/bin/dnssec/dnssec-settime.c
|
||||
@@ -380,14 +380,14 @@ main(int argc, char **argv) {
|
||||
@@ -391,14 +391,14 @@ main(int argc, char **argv) {
|
||||
|
||||
if (ectx == NULL)
|
||||
setup_entropy(mctx, NULL, &ectx);
|
||||
@ -188,7 +188,7 @@ index 7afcaee..1cfa511 100644
|
||||
isc_entropy_stopcallbacksources(ectx);
|
||||
|
||||
if (predecessor != NULL) {
|
||||
@@ -672,8 +672,8 @@ main(int argc, char **argv) {
|
||||
@@ -683,8 +683,8 @@ main(int argc, char **argv) {
|
||||
if (prevkey != NULL)
|
||||
dst_key_free(&prevkey);
|
||||
dst_key_free(&key);
|
||||
@ -199,10 +199,10 @@ index 7afcaee..1cfa511 100644
|
||||
if (verbose > 10)
|
||||
isc_mem_stats(mctx, stdout);
|
||||
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
|
||||
index 319a805..27ae4d4 100644
|
||||
index dde1b2f..7308fc6 100644
|
||||
--- a/bin/dnssec/dnssec-signzone.c
|
||||
+++ b/bin/dnssec/dnssec-signzone.c
|
||||
@@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) {
|
||||
@@ -3465,14 +3465,15 @@ main(int argc, char *argv[]) {
|
||||
if (!pseudorandom)
|
||||
eflags |= ISC_ENTROPY_GOODONLY;
|
||||
|
||||
@ -222,7 +222,7 @@ index 319a805..27ae4d4 100644
|
||||
isc_stdtime_get(&now);
|
||||
|
||||
if (startstr != NULL) {
|
||||
@@ -3879,8 +3880,8 @@ main(int argc, char *argv[]) {
|
||||
@@ -3884,8 +3885,8 @@ main(int argc, char *argv[]) {
|
||||
dns_master_styledestroy(&dsstyle, mctx);
|
||||
|
||||
cleanup_logging(&log);
|
||||
@ -233,7 +233,7 @@ index 319a805..27ae4d4 100644
|
||||
dns_name_destroy();
|
||||
if (verbose > 10)
|
||||
diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c
|
||||
index 4c293bf..3263cbc 100644
|
||||
index 087cd5d..07c7294 100644
|
||||
--- a/bin/dnssec/dnssec-verify.c
|
||||
+++ b/bin/dnssec/dnssec-verify.c
|
||||
@@ -281,15 +281,15 @@ main(int argc, char *argv[]) {
|
||||
@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644
|
||||
|
||||
rdclass = strtoclass(classname);
|
||||
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
|
||||
index 618ec5b..5654435 100644
|
||||
index 7f045e8..2a0f9c6 100644
|
||||
--- a/bin/dnssec/dnssectool.c
|
||||
+++ b/bin/dnssec/dnssectool.c
|
||||
@@ -34,6 +34,7 @@
|
||||
@ -293,7 +293,7 @@ index 618ec5b..5654435 100644
|
||||
usekeyboard);
|
||||
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index 4e503e5..f27071f 100644
|
||||
index 30d38be..b2ae57c 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -36,6 +36,7 @@
|
||||
@ -304,7 +304,7 @@ index 4e503e5..f27071f 100644
|
||||
#include <isc/portset.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/random.h>
|
||||
@@ -8217,6 +8218,10 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8286,6 +8287,10 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
"no source of entropy found");
|
||||
} else {
|
||||
const char *randomdev = cfg_obj_asstring(obj);
|
||||
@ -315,7 +315,7 @@ index 4e503e5..f27071f 100644
|
||||
int level = ISC_LOG_ERROR;
|
||||
result = isc_entropy_createfilesource(ns_g_entropy,
|
||||
randomdev);
|
||||
@@ -8251,6 +8256,7 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8320,6 +8325,7 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
}
|
||||
isc_entropy_detach(&ns_g_fallbackentropy);
|
||||
}
|
||||
@ -324,10 +324,10 @@ index 4e503e5..f27071f 100644
|
||||
}
|
||||
|
||||
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
|
||||
index bbb3936..0286987 100644
|
||||
index 5a2c660..7f15cbc 100644
|
||||
--- a/bin/nsupdate/nsupdate.c
|
||||
+++ b/bin/nsupdate/nsupdate.c
|
||||
@@ -272,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@@ -278,7 +278,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
if (*ectx == NULL) {
|
||||
result = isc_entropy_create(mctx, ectx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
@ -337,7 +337,7 @@ index bbb3936..0286987 100644
|
||||
ISC_LIST_INIT(sources);
|
||||
}
|
||||
|
||||
@@ -281,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@@ -287,6 +288,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
randomfile = NULL;
|
||||
}
|
||||
|
||||
@ -351,7 +351,7 @@ index bbb3936..0286987 100644
|
||||
result = isc_entropy_usebestsource(*ectx, &source, randomfile,
|
||||
usekeyboard);
|
||||
|
||||
@@ -979,11 +987,11 @@ setup_system(void) {
|
||||
@@ -989,11 +997,11 @@ setup_system(void) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -366,7 +366,7 @@ index bbb3936..0286987 100644
|
||||
result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr);
|
||||
check_result(result, "dns_dispatchmgr_create");
|
||||
diff --git a/bin/tests/makejournal.c b/bin/tests/makejournal.c
|
||||
index 61a41b0..acc71a1 100644
|
||||
index 68b5e5a..cd54c8d 100644
|
||||
--- a/bin/tests/makejournal.c
|
||||
+++ b/bin/tests/makejournal.c
|
||||
@@ -102,12 +102,12 @@ main(int argc, char **argv) {
|
||||
@ -386,7 +386,7 @@ index 61a41b0..acc71a1 100644
|
||||
isc_log_registercategories(lctx, categories);
|
||||
isc_log_setcontext(lctx);
|
||||
diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
|
||||
index c6ab7f8..f0a6ff2 100644
|
||||
index e16ec11..95b65bf 100644
|
||||
--- a/bin/tests/system/pipelined/pipequeries.c
|
||||
+++ b/bin/tests/system/pipelined/pipequeries.c
|
||||
@@ -204,6 +204,7 @@ sendqueries(isc_task_t *task, isc_event_t *event) {
|
||||
@ -448,7 +448,7 @@ index c6ab7f8..f0a6ff2 100644
|
||||
|
||||
isc_log_destroy(&lctx);
|
||||
diff --git a/bin/tests/system/pipelined/tests.sh b/bin/tests/system/pipelined/tests.sh
|
||||
index 61f1ff7..ed1302a 100644
|
||||
index c0a99a2..0245527 100644
|
||||
--- a/bin/tests/system/pipelined/tests.sh
|
||||
+++ b/bin/tests/system/pipelined/tests.sh
|
||||
@@ -19,7 +19,7 @@ status=0
|
||||
@ -470,7 +470,7 @@ index 61f1ff7..ed1302a 100644
|
||||
$DIFF refb outputb || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c
|
||||
index 4462f2e..f06268d 100644
|
||||
index abf12ed..fa5182c 100644
|
||||
--- a/bin/tests/system/rsabigexponent/bigkey.c
|
||||
+++ b/bin/tests/system/rsabigexponent/bigkey.c
|
||||
@@ -20,6 +20,7 @@
|
||||
@ -492,7 +492,7 @@ index 4462f2e..f06268d 100644
|
||||
"../random.data",
|
||||
ISC_ENTROPY_KEYBOARDNO),
|
||||
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
|
||||
index 653c951..fe8698e 100644
|
||||
index 34360aa..3236968 100644
|
||||
--- a/bin/tests/system/tkey/keycreate.c
|
||||
+++ b/bin/tests/system/tkey/keycreate.c
|
||||
@@ -206,6 +206,7 @@ sendquery(isc_task_t *task, isc_event_t *event) {
|
||||
@ -561,7 +561,7 @@ index 653c951..fe8698e 100644
|
||||
|
||||
isc_mem_destroy(&mctx);
|
||||
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
|
||||
index 70a40c3..2146f9b 100644
|
||||
index 4b5b901..43fb6b0 100644
|
||||
--- a/bin/tests/system/tkey/keydelete.c
|
||||
+++ b/bin/tests/system/tkey/keydelete.c
|
||||
@@ -136,6 +136,7 @@ sendquery(isc_task_t *task, isc_event_t *event) {
|
||||
@ -630,50 +630,50 @@ index 70a40c3..2146f9b 100644
|
||||
|
||||
isc_mem_destroy(&mctx);
|
||||
diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh
|
||||
index 9f90dd7..fad6c83 100644
|
||||
index b265156..bcd60a6 100644
|
||||
--- a/bin/tests/system/tkey/tests.sh
|
||||
+++ b/bin/tests/system/tkey/tests.sh
|
||||
@@ -33,7 +33,7 @@ for owner in . foo.example.
|
||||
do
|
||||
echo "I:creating new key using owner name \"$owner\""
|
||||
echo_i "creating new key using owner name \"$owner\" ($n)"
|
||||
ret=0
|
||||
- keyname=`$KEYCREATE $dhkeyname $owner` || ret=1
|
||||
+ keyname=`$KEYCREATE -r $RANDFILE $dhkeyname $owner` || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
@@ -55,7 +55,7 @@ do
|
||||
echo_i "failed"
|
||||
status=$((status+ret))
|
||||
@@ -57,7 +57,7 @@ do
|
||||
|
||||
echo "I:deleting new key"
|
||||
echo_i "deleting new key ($n)"
|
||||
ret=0
|
||||
- $KEYDELETE $keyname || ret=1
|
||||
+ $KEYDELETE -r $RANDFILE $keyname || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
echo_i "failed"
|
||||
fi
|
||||
@@ -75,7 +75,7 @@ done
|
||||
@@ -79,7 +79,7 @@ done
|
||||
|
||||
echo "I:creating new key using owner name bar.example."
|
||||
echo_i "creating new key using owner name bar.example. ($n)"
|
||||
ret=0
|
||||
-keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
|
||||
+keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
@@ -116,7 +116,7 @@ status=`expr $status + $ret`
|
||||
echo_i "failed"
|
||||
status=$((status+ret))
|
||||
@@ -124,7 +124,7 @@ n=$((n+1))
|
||||
|
||||
echo "I:recreating the bar.example. key"
|
||||
echo_i "recreating the bar.example. key ($n)"
|
||||
ret=0
|
||||
-keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
|
||||
+keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
echo_i "failed"
|
||||
status=$((status+ret))
|
||||
diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c
|
||||
index bf6dbb6..0416b21 100644
|
||||
index 26fa609..fb34aa0 100644
|
||||
--- a/bin/tools/mdig.c
|
||||
+++ b/bin/tools/mdig.c
|
||||
@@ -1972,12 +1972,11 @@ main(int argc, char *argv[]) {
|
||||
@@ -2005,12 +2005,11 @@ main(int argc, char *argv[]) {
|
||||
|
||||
ectx = NULL;
|
||||
RUNCHECK(isc_entropy_create(mctx, &ectx));
|
||||
@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644
|
||||
parse_args(false, argc, argv);
|
||||
if (server == NULL)
|
||||
diff --git a/configure b/configure
|
||||
index 6d05371..33689c9 100755
|
||||
index 0faca65..d5ffc87 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -640,6 +640,7 @@ ac_includes_default="\
|
||||
@ -723,7 +723,7 @@ index 6d05371..33689c9 100755
|
||||
--enable-largefile 64-bit file support
|
||||
--enable-backtrace log stack backtrace on abort [default=yes]
|
||||
--enable-symtable use internal symbol table for backtrace
|
||||
@@ -17144,6 +17148,7 @@ case "$use_openssl" in
|
||||
@@ -17205,6 +17209,7 @@ case "$use_openssl" in
|
||||
$as_echo "disabled because of native PKCS11" >&6; }
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO="-DPKCS11CRYPTO"
|
||||
@ -731,7 +731,7 @@ index 6d05371..33689c9 100755
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
|
||||
@@ -17219,6 +17224,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
|
||||
$as_echo "no" >&6; }
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -739,7 +739,7 @@ index 6d05371..33689c9 100755
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -17170,6 +17176,7 @@ $as_echo "no" >&6; }
|
||||
@@ -17231,6 +17237,7 @@ $as_echo "no" >&6; }
|
||||
auto)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -747,7 +747,7 @@ index 6d05371..33689c9 100755
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -17179,7 +17186,7 @@ $as_echo "no" >&6; }
|
||||
@@ -17240,7 +17247,7 @@ $as_echo "no" >&6; }
|
||||
OPENSSLLINKOBJS=""
|
||||
OPENSSLLINKSRCS=""
|
||||
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
|
||||
@ -756,7 +756,7 @@ index 6d05371..33689c9 100755
|
||||
;;
|
||||
*)
|
||||
if test "yes" = "$want_native_pkcs11"
|
||||
@@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; }
|
||||
@@ -17271,6 +17278,7 @@ $as_echo "not found" >&6; }
|
||||
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
|
||||
fi
|
||||
CRYPTO='-DOPENSSL'
|
||||
@ -764,7 +764,7 @@ index 6d05371..33689c9 100755
|
||||
if test "/usr" = "$use_openssl"
|
||||
then
|
||||
DST_OPENSSL_INC=""
|
||||
@@ -17835,8 +17843,6 @@ fi
|
||||
@@ -17897,8 +17905,6 @@ fi
|
||||
# Use OpenSSL for hash functions
|
||||
#
|
||||
|
||||
@ -773,7 +773,7 @@ index 6d05371..33689c9 100755
|
||||
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
|
||||
case $want_openssl_hash in
|
||||
yes)
|
||||
@@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then
|
||||
@@ -18273,6 +18279,86 @@ if test "rt" = "$have_clock_gt"; then
|
||||
LIBS="-lrt $LIBS"
|
||||
fi
|
||||
|
||||
@ -860,7 +860,7 @@ index 6d05371..33689c9 100755
|
||||
#
|
||||
# was --with-lmdb specified?
|
||||
#
|
||||
@@ -20441,9 +20527,12 @@ _ACEOF
|
||||
@@ -20549,9 +20635,12 @@ _ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
|
||||
$as_echo "size_t for buflen; int for flags" >&6; }
|
||||
@ -875,7 +875,7 @@ index 6d05371..33689c9 100755
|
||||
|
||||
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
|
||||
|
||||
@@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
@@ -21877,12 +21966,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
|
||||
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
|
||||
if test "yes" = "$use_atomic"; then
|
||||
@ -889,7 +889,7 @@ index 6d05371..33689c9 100755
|
||||
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
|
||||
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
|
||||
# This bug is HP SR number 8606223364.
|
||||
@@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF
|
||||
@@ -21915,6 +21999,11 @@ cat >>confdefs.h <<_ACEOF
|
||||
_ACEOF
|
||||
|
||||
|
||||
@ -901,7 +901,7 @@ index 6d05371..33689c9 100755
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -21804,39 +21893,6 @@ _ACEOF
|
||||
@@ -21923,39 +22012,6 @@ _ACEOF
|
||||
fi
|
||||
;;
|
||||
x86_64-*|amd64-*)
|
||||
@ -941,7 +941,7 @@ index 6d05371..33689c9 100755
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
|
||||
@@ -21986,6 +22042,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
|
||||
$as_echo "$arch" >&6; }
|
||||
fi
|
||||
|
||||
@ -952,7 +952,7 @@ index 6d05371..33689c9 100755
|
||||
if test "yes" = "$have_atomic"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
|
||||
$as_echo_n "checking compiler support for inline assembly code... " >&6; }
|
||||
@@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
|
||||
@@ -24567,6 +24627,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
|
||||
#
|
||||
dlzdir='${DLZ_DRIVER_DIR}'
|
||||
|
||||
@ -983,7 +983,7 @@ index 6d05371..33689c9 100755
|
||||
#
|
||||
# Private autoconf macro to simplify configuring drivers:
|
||||
#
|
||||
@@ -24751,11 +24835,11 @@ $as_echo "no" >&6; }
|
||||
@@ -24897,11 +24981,11 @@ $as_echo "no" >&6; }
|
||||
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
|
||||
;;
|
||||
*)
|
||||
@ -998,7 +998,7 @@ index 6d05371..33689c9 100755
|
||||
fi
|
||||
|
||||
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
|
||||
@@ -24840,7 +24924,7 @@ $as_echo "" >&6; }
|
||||
@@ -24986,7 +25070,7 @@ $as_echo "" >&6; }
|
||||
# Check other locations for includes.
|
||||
# Order is important (sigh).
|
||||
|
||||
@ -1007,7 +1007,7 @@ index 6d05371..33689c9 100755
|
||||
# include a blank element first
|
||||
for d in "" $bdb_incdirs
|
||||
do
|
||||
@@ -24865,57 +24949,9 @@ $as_echo "" >&6; }
|
||||
@@ -25011,57 +25095,9 @@ $as_echo "" >&6; }
|
||||
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
|
||||
for d in $bdb_libnames
|
||||
do
|
||||
@ -1067,7 +1067,7 @@ index 6d05371..33689c9 100755
|
||||
break
|
||||
fi
|
||||
done
|
||||
@@ -25074,10 +25110,10 @@ $as_echo "no" >&6; }
|
||||
@@ -25220,10 +25256,10 @@ $as_echo "no" >&6; }
|
||||
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
|
||||
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
|
||||
fi
|
||||
@ -1081,7 +1081,7 @@ index 6d05371..33689c9 100755
|
||||
fi
|
||||
|
||||
|
||||
@@ -25163,11 +25199,11 @@ fi
|
||||
@@ -25309,11 +25345,11 @@ fi
|
||||
odbcdirs="/usr /usr/local /usr/pkg"
|
||||
for d in $odbcdirs
|
||||
do
|
||||
@ -1095,7 +1095,7 @@ index 6d05371..33689c9 100755
|
||||
break
|
||||
fi
|
||||
done
|
||||
@@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
|
||||
@@ -25588,6 +25624,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
|
||||
|
||||
|
||||
|
||||
@ -1104,7 +1104,7 @@ index 6d05371..33689c9 100755
|
||||
#
|
||||
# Commands to run at the end of config.status.
|
||||
# Don't just put these into configure, it won't work right if somebody
|
||||
@@ -27819,6 +27857,8 @@ report() {
|
||||
@@ -27966,6 +28004,8 @@ report() {
|
||||
echo " IPv6 support (--enable-ipv6)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
|
||||
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
|
||||
@ -1113,7 +1113,7 @@ index 6d05371..33689c9 100755
|
||||
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
|
||||
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
|
||||
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
|
||||
@@ -27859,6 +27899,8 @@ report() {
|
||||
@@ -28006,6 +28046,8 @@ report() {
|
||||
echo " Very verbose query trace logging (--enable-querytrace)"
|
||||
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
|
||||
|
||||
@ -1122,7 +1122,7 @@ index 6d05371..33689c9 100755
|
||||
echo " Dynamically loadable zone (DLZ) drivers:"
|
||||
test "no" = "$use_dlz_bdb" || \
|
||||
echo " Berkeley DB (--with-dlz-bdb)"
|
||||
@@ -27906,6 +27948,8 @@ report() {
|
||||
@@ -28053,6 +28095,8 @@ report() {
|
||||
echo " ECDSA algorithm support (--with-ecdsa)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
|
||||
echo " EDDSA algorithm support (--with-eddsa)"
|
||||
@ -1132,10 +1132,10 @@ index 6d05371..33689c9 100755
|
||||
test "yes" = "$enable_seccomp" || \
|
||||
echo " Use libseccomp system call filtering (--enable-seccomp)"
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index d10cde5..68bead8 100644
|
||||
index 78535bd..faef2e8 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1550,6 +1550,7 @@ case "$use_openssl" in
|
||||
@@ -1598,6 +1598,7 @@ case "$use_openssl" in
|
||||
AC_MSG_RESULT(disabled because of native PKCS11)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO="-DPKCS11CRYPTO"
|
||||
@ -1143,7 +1143,7 @@ index d10cde5..68bead8 100644
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -1563,6 +1564,7 @@ case "$use_openssl" in
|
||||
@@ -1611,6 +1612,7 @@ case "$use_openssl" in
|
||||
AC_MSG_RESULT(no)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -1151,7 +1151,7 @@ index d10cde5..68bead8 100644
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -1575,6 +1577,7 @@ case "$use_openssl" in
|
||||
@@ -1623,6 +1625,7 @@ case "$use_openssl" in
|
||||
auto)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -1159,7 +1159,7 @@ index d10cde5..68bead8 100644
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -1585,7 +1588,7 @@ case "$use_openssl" in
|
||||
@@ -1633,7 +1636,7 @@ case "$use_openssl" in
|
||||
OPENSSLLINKSRCS=""
|
||||
AC_MSG_ERROR(
|
||||
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
|
||||
@ -1168,7 +1168,7 @@ index d10cde5..68bead8 100644
|
||||
;;
|
||||
*)
|
||||
if test "yes" = "$want_native_pkcs11"
|
||||
@@ -1615,6 +1618,7 @@ If you don't want OpenSSL, use --without-openssl])
|
||||
@@ -1663,6 +1666,7 @@ If you don't want OpenSSL, use --without-openssl])
|
||||
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
|
||||
fi
|
||||
CRYPTO='-DOPENSSL'
|
||||
@ -1176,7 +1176,7 @@ index d10cde5..68bead8 100644
|
||||
if test "/usr" = "$use_openssl"
|
||||
then
|
||||
DST_OPENSSL_INC=""
|
||||
@@ -2050,7 +2054,6 @@ fi
|
||||
@@ -2099,7 +2103,6 @@ fi
|
||||
# Use OpenSSL for hash functions
|
||||
#
|
||||
|
||||
@ -1184,7 +1184,7 @@ index d10cde5..68bead8 100644
|
||||
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
|
||||
case $want_openssl_hash in
|
||||
yes)
|
||||
@@ -2322,6 +2325,67 @@ if test "rt" = "$have_clock_gt"; then
|
||||
@@ -2371,6 +2374,67 @@ if test "rt" = "$have_clock_gt"; then
|
||||
LIBS="-lrt $LIBS"
|
||||
fi
|
||||
|
||||
@ -1252,7 +1252,7 @@ index d10cde5..68bead8 100644
|
||||
#
|
||||
# was --with-lmdb specified?
|
||||
#
|
||||
@@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
@@ -4188,12 +4252,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
|
||||
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
|
||||
if test "yes" = "$use_atomic"; then
|
||||
@ -1266,7 +1266,7 @@ index d10cde5..68bead8 100644
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then
|
||||
@@ -4202,7 +4266,6 @@ if test "yes" = "$use_atomic"; then
|
||||
fi
|
||||
;;
|
||||
x86_64-*|amd64-*)
|
||||
@ -1274,7 +1274,7 @@ index d10cde5..68bead8 100644
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -5518,6 +5581,8 @@ report() {
|
||||
@@ -5635,6 +5698,8 @@ report() {
|
||||
echo " IPv6 support (--enable-ipv6)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
|
||||
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
|
||||
@ -1283,7 +1283,7 @@ index d10cde5..68bead8 100644
|
||||
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
|
||||
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
|
||||
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
|
||||
@@ -5558,6 +5623,8 @@ report() {
|
||||
@@ -5675,6 +5740,8 @@ report() {
|
||||
echo " Very verbose query trace logging (--enable-querytrace)"
|
||||
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
|
||||
|
||||
@ -1292,7 +1292,7 @@ index d10cde5..68bead8 100644
|
||||
echo " Dynamically loadable zone (DLZ) drivers:"
|
||||
test "no" = "$use_dlz_bdb" || \
|
||||
echo " Berkeley DB (--with-dlz-bdb)"
|
||||
@@ -5605,6 +5672,8 @@ report() {
|
||||
@@ -5722,6 +5789,8 @@ report() {
|
||||
echo " ECDSA algorithm support (--with-ecdsa)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
|
||||
echo " EDDSA algorithm support (--with-eddsa)"
|
||||
@ -1302,7 +1302,7 @@ index d10cde5..68bead8 100644
|
||||
test "yes" = "$enable_seccomp" || \
|
||||
echo " Use libseccomp system call filtering (--enable-seccomp)"
|
||||
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
|
||||
index 65bf25d..1eccbe7 100644
|
||||
index 7a86506..aa54afc 100644
|
||||
--- a/lib/dns/dst_api.c
|
||||
+++ b/lib/dns/dst_api.c
|
||||
@@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
|
||||
@ -1366,7 +1366,7 @@ index 65bf25d..1eccbe7 100644
|
||||
#endif
|
||||
}
|
||||
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
|
||||
index 1924e74..6813c96 100644
|
||||
index 5b42ab4..3aba028 100644
|
||||
--- a/lib/dns/include/dst/dst.h
|
||||
+++ b/lib/dns/include/dst/dst.h
|
||||
@@ -159,6 +159,14 @@ dst_lib_destroy(void);
|
||||
@ -1385,10 +1385,10 @@ index 1924e74..6813c96 100644
|
||||
dst_algorithm_supported(unsigned int alg);
|
||||
/*%<
|
||||
diff --git a/lib/dns/lib.c b/lib/dns/lib.c
|
||||
index 304814b..60543c4 100644
|
||||
index d9417de..0dc935d 100644
|
||||
--- a/lib/dns/lib.c
|
||||
+++ b/lib/dns/lib.c
|
||||
@@ -18,6 +18,7 @@
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <stdbool.h>
|
||||
#include <stddef.h>
|
||||
|
||||
@ -1396,7 +1396,7 @@ index 304814b..60543c4 100644
|
||||
#include <isc/hash.h>
|
||||
#include <isc/mem.h>
|
||||
#include <isc/msgcat.h>
|
||||
@@ -78,6 +79,7 @@ static unsigned int references = 0;
|
||||
@@ -76,6 +77,7 @@ static unsigned int references = 0;
|
||||
static void
|
||||
initialize(void) {
|
||||
isc_result_t result;
|
||||
@ -1404,7 +1404,7 @@ index 304814b..60543c4 100644
|
||||
|
||||
REQUIRE(initialize_done == false);
|
||||
|
||||
@@ -88,11 +90,14 @@ initialize(void) {
|
||||
@@ -86,11 +88,14 @@ initialize(void) {
|
||||
result = dns_ecdb_register(dns_g_mctx, &dbimp);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_mctx;
|
||||
@ -1421,7 +1421,7 @@ index 304814b..60543c4 100644
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_hash;
|
||||
|
||||
@@ -100,11 +105,17 @@ initialize(void) {
|
||||
@@ -98,11 +103,17 @@ initialize(void) {
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_dst;
|
||||
|
||||
@ -1440,7 +1440,7 @@ index 304814b..60543c4 100644
|
||||
isc_hash_destroy();
|
||||
cleanup_db:
|
||||
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
|
||||
index 13e838f..ffe0a69 100644
|
||||
index 1e57c71..3f4f822 100644
|
||||
--- a/lib/dns/openssl_link.c
|
||||
+++ b/lib/dns/openssl_link.c
|
||||
@@ -31,6 +31,7 @@
|
||||
@ -1624,7 +1624,7 @@ index 13e838f..ffe0a69 100644
|
||||
#endif /* OPENSSL */
|
||||
/*! \file */
|
||||
diff --git a/lib/dns/pkcs11.c b/lib/dns/pkcs11.c
|
||||
index 5a2c502..8eaef53 100644
|
||||
index 6b30309..20552fa 100644
|
||||
--- a/lib/dns/pkcs11.c
|
||||
+++ b/lib/dns/pkcs11.c
|
||||
@@ -13,12 +13,15 @@
|
||||
@ -1692,7 +1692,7 @@ index 937b548..f3c0e38 100644
|
||||
tap_test_program{name='gost_test'}
|
||||
tap_test_program{name='keytable_test'}
|
||||
diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in
|
||||
index 90dc3a6..7671e1d 100644
|
||||
index 4126372..30cab17 100644
|
||||
--- a/lib/dns/tests/Makefile.in
|
||||
+++ b/lib/dns/tests/Makefile.in
|
||||
@@ -37,6 +37,7 @@ SRCS = acl_test.c \
|
||||
@ -1845,10 +1845,10 @@ index 0000000..bd3d164
|
||||
+
|
||||
+#endif
|
||||
diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
|
||||
index 63be973..40b21fa 100644
|
||||
index 9c2ef79..f597049 100644
|
||||
--- a/lib/dns/win32/libdns.def.in
|
||||
+++ b/lib/dns/win32/libdns.def.in
|
||||
@@ -1485,6 +1485,13 @@ dst_lib_destroy
|
||||
@@ -1487,6 +1487,13 @@ dst_lib_destroy
|
||||
dst_lib_init
|
||||
dst_lib_init2
|
||||
dst_lib_initmsgcat
|
||||
@ -1863,7 +1863,7 @@ index 63be973..40b21fa 100644
|
||||
dst_region_computerid
|
||||
dst_result_register
|
||||
diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c
|
||||
index 907e470..451544d 100644
|
||||
index 0c1f3ed..fdd17d7 100644
|
||||
--- a/lib/isc/entropy.c
|
||||
+++ b/lib/isc/entropy.c
|
||||
@@ -104,11 +104,15 @@ struct isc_entropy {
|
||||
@ -1921,7 +1921,7 @@ index 907e470..451544d 100644
|
||||
+ hook = myhook;
|
||||
+}
|
||||
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
|
||||
index e8733db..c40a18c 100644
|
||||
index b5bc956..f32c9dc 100644
|
||||
--- a/lib/isc/include/isc/entropy.h
|
||||
+++ b/lib/isc/include/isc/entropy.h
|
||||
@@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
|
||||
@ -1944,7 +1944,7 @@ index e8733db..c40a18c 100644
|
||||
|
||||
#endif /* ISC_ENTROPY_H */
|
||||
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
|
||||
index 61960f1..d22993d 100644
|
||||
index 2bf8758..f4c684e 100644
|
||||
--- a/lib/isc/include/isc/platform.h.in
|
||||
+++ b/lib/isc/include/isc/platform.h.in
|
||||
@@ -359,6 +359,11 @@
|
||||
@ -1960,10 +1960,10 @@ index 61960f1..d22993d 100644
|
||||
* Define if the hash functions must be provided by OpenSSL.
|
||||
*/
|
||||
diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h
|
||||
index da9d66f..4205400 100644
|
||||
index 3bdd54f..d5acd39 100644
|
||||
--- a/lib/isc/include/isc/types.h
|
||||
+++ b/lib/isc/include/isc/types.h
|
||||
@@ -97,6 +97,8 @@ typedef struct isc_time isc_time_t; /*%< Time */
|
||||
@@ -95,6 +95,8 @@ typedef struct isc_time isc_time_t; /*%< Time */
|
||||
typedef struct isc_timer isc_timer_t; /*%< Timer */
|
||||
typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */
|
||||
|
||||
@ -1973,7 +1973,7 @@ index da9d66f..4205400 100644
|
||||
typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int);
|
||||
|
||||
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
|
||||
index 68aebdc..4b85527 100644
|
||||
index 227f807..4a63fdf 100644
|
||||
--- a/lib/isc/pk11.c
|
||||
+++ b/lib/isc/pk11.c
|
||||
@@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) {
|
||||
@ -1999,7 +1999,7 @@ index 68aebdc..4b85527 100644
|
||||
cleanup:
|
||||
if (stream != NULL)
|
||||
diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in
|
||||
index 8ade705..fa72f9d 100644
|
||||
index 1f785e0..f9051c3 100644
|
||||
--- a/lib/isc/win32/include/isc/platform.h.in
|
||||
+++ b/lib/isc/win32/include/isc/platform.h.in
|
||||
@@ -73,6 +73,11 @@
|
||||
@ -2015,7 +2015,7 @@ index 8ade705..fa72f9d 100644
|
||||
* Define if the hash functions must be provided by OpenSSL.
|
||||
*/
|
||||
diff --git a/win32utils/Configure b/win32utils/Configure
|
||||
index 79d682e..6c78cb2 100644
|
||||
index 5f66a82..ff39910 100644
|
||||
--- a/win32utils/Configure
|
||||
+++ b/win32utils/Configure
|
||||
@@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
|
||||
@ -2054,7 +2054,7 @@ index 79d682e..6c78cb2 100644
|
||||
my $enable_openssl_hash = "auto";
|
||||
my $enable_filter_aaaa = "yes";
|
||||
my $enable_isc_spnego = "yes";
|
||||
@@ -847,6 +852,10 @@ sub myenable {
|
||||
@@ -848,6 +853,10 @@ sub myenable {
|
||||
if ($val =~ /^yes$/i) {
|
||||
$enable_native_pkcs11 = "yes";
|
||||
}
|
||||
@ -2065,7 +2065,7 @@ index 79d682e..6c78cb2 100644
|
||||
} elsif ($key =~ /^openssl-hash$/i) {
|
||||
if ($val =~ /^yes$/i) {
|
||||
$enable_openssl_hash = "yes";
|
||||
@@ -1153,6 +1162,11 @@ if ($verbose) {
|
||||
@@ -1154,6 +1163,11 @@ if ($verbose) {
|
||||
} else {
|
||||
print "native-pkcs11: disabled\n";
|
||||
}
|
||||
@ -2077,7 +2077,7 @@ index 79d682e..6c78cb2 100644
|
||||
if ($enable_openssl_hash eq "yes") {
|
||||
print "openssl-hash: enabled\n";
|
||||
} else {
|
||||
@@ -1510,6 +1524,7 @@ if ($enable_intrinsics eq "yes") {
|
||||
@@ -1511,6 +1525,7 @@ if ($enable_intrinsics eq "yes") {
|
||||
|
||||
# enable-native-pkcs11
|
||||
if ($enable_native_pkcs11 eq "yes") {
|
||||
@ -2085,7 +2085,7 @@ index 79d682e..6c78cb2 100644
|
||||
if ($use_openssl eq "auto") {
|
||||
$use_openssl = "no";
|
||||
}
|
||||
@@ -1719,6 +1734,7 @@ if ($use_openssl eq "yes") {
|
||||
@@ -1720,6 +1735,7 @@ if ($use_openssl eq "yes") {
|
||||
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
|
||||
}
|
||||
|
||||
@ -2093,7 +2093,7 @@ index 79d682e..6c78cb2 100644
|
||||
$configcond{"OPENSSL"} = 1;
|
||||
$configdefd{"CRYPTO"} = "OPENSSL";
|
||||
$configvar{"OPENSSL_PATH"} = "$openssl_path";
|
||||
@@ -2290,6 +2306,15 @@ if ($use_aes eq "yes") {
|
||||
@@ -2291,6 +2307,15 @@ if ($use_aes eq "yes") {
|
||||
}
|
||||
|
||||
|
||||
@ -2109,7 +2109,7 @@ index 79d682e..6c78cb2 100644
|
||||
# enable-openssl-hash
|
||||
if ($enable_openssl_hash eq "yes") {
|
||||
if ($use_openssl eq "no") {
|
||||
@@ -3665,6 +3690,7 @@ exit 0;
|
||||
@@ -3673,6 +3698,7 @@ exit 0;
|
||||
# --enable-developer partially supported
|
||||
# --enable-newstats (9.9/9.9sub only)
|
||||
# --enable-native-pkcs11 supported
|
||||
@ -2118,5 +2118,5 @@ index 79d682e..6c78cb2 100644
|
||||
# --enable-openssl-hash supported
|
||||
# --enable-threads included without a way to disable it
|
||||
--
|
||||
2.21.1
|
||||
2.26.2
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 344c19ad4b3f058e65a4b41650bb0ee20692cc5c Mon Sep 17 00:00:00 2001
|
||||
From af3b530773231f8cff6548e36962ad1f25e38c5d Mon Sep 17 00:00:00 2001
|
||||
From: Evan Hunt <each@isc.org>
|
||||
Date: Thu, 28 Sep 2017 10:09:22 -0700
|
||||
Subject: [PATCH] completed and corrected the crypto-random change
|
||||
@ -45,13 +45,13 @@ Subject: [PATCH] completed and corrected the crypto-random change
|
||||
lib/dns/include/dst/dst.h | 14 +++++-
|
||||
lib/dns/openssl_link.c | 3 +-
|
||||
lib/isc/include/isc/entropy.h | 48 +++++++++++++++------
|
||||
lib/isc/include/isc/random.h | 28 +++++++-----
|
||||
lib/isc/include/isc/random.h | 26 +++++++----
|
||||
lib/isccfg/namedconf.c | 2 +-
|
||||
23 files changed, 240 insertions(+), 104 deletions(-)
|
||||
23 files changed, 240 insertions(+), 102 deletions(-)
|
||||
create mode 100644 doc/arm/notes-rh-changes.xml
|
||||
|
||||
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
|
||||
index 295e16f..0f79aa8 100644
|
||||
index bd269e7..1ac775f 100644
|
||||
--- a/bin/confgen/keygen.c
|
||||
+++ b/bin/confgen/keygen.c
|
||||
@@ -161,17 +161,15 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
|
||||
@ -78,7 +78,7 @@ index 295e16f..0f79aa8 100644
|
||||
&entropy_source,
|
||||
randomfile,
|
||||
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
|
||||
index 1826919..96543fc 100644
|
||||
index bd19e1d..2c09b30 100644
|
||||
--- a/bin/dnssec/dnssec-keygen.docbook
|
||||
+++ b/bin/dnssec/dnssec-keygen.docbook
|
||||
@@ -349,15 +349,23 @@
|
||||
@ -114,7 +114,7 @@ index 1826919..96543fc 100644
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
|
||||
index 5654435..24c0d5a 100644
|
||||
index 2a0f9c6..6fcd411 100644
|
||||
--- a/bin/dnssec/dnssectool.c
|
||||
+++ b/bin/dnssec/dnssectool.c
|
||||
@@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@ -142,10 +142,10 @@ index 5654435..24c0d5a 100644
|
||||
usekeyboard);
|
||||
|
||||
diff --git a/bin/named/client.c b/bin/named/client.c
|
||||
index 9a0d3c8..c573177 100644
|
||||
index 4a50ad9..4d140e8 100644
|
||||
--- a/bin/named/client.c
|
||||
+++ b/bin/named/client.c
|
||||
@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
|
||||
@@ -1768,7 +1768,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
|
||||
|
||||
isc_buffer_init(&buf, cookie, sizeof(cookie));
|
||||
isc_stdtime_get(&now);
|
||||
@ -156,7 +156,7 @@ index 9a0d3c8..c573177 100644
|
||||
compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
|
||||
|
||||
diff --git a/bin/named/config.c b/bin/named/config.c
|
||||
index dbdff64..63da4b0 100644
|
||||
index 9b343fa..5e663c6 100644
|
||||
--- a/bin/named/config.c
|
||||
+++ b/bin/named/config.c
|
||||
@@ -98,7 +98,9 @@ options {\n\
|
||||
@ -171,10 +171,10 @@ index dbdff64..63da4b0 100644
|
||||
#endif
|
||||
" recursing-file \"named.recursing\";\n\
|
||||
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
|
||||
index d955c2f..40621f2 100644
|
||||
index 9fdf49b..42128dc 100644
|
||||
--- a/bin/named/controlconf.c
|
||||
+++ b/bin/named/controlconf.c
|
||||
@@ -325,9 +325,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
|
||||
@@ -327,9 +327,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
|
||||
|
||||
static void
|
||||
control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
@ -188,7 +188,7 @@ index d955c2f..40621f2 100644
|
||||
isccc_sexpr_t *request = NULL;
|
||||
isccc_sexpr_t *response = NULL;
|
||||
uint32_t algorithm;
|
||||
@@ -338,16 +339,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
@@ -340,16 +341,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
isc_buffer_t *text;
|
||||
isc_result_t result;
|
||||
isc_result_t eresult;
|
||||
@ -208,7 +208,7 @@ index d955c2f..40621f2 100644
|
||||
algorithm = DST_ALG_UNKNOWN;
|
||||
secret.rstart = NULL;
|
||||
text = NULL;
|
||||
@@ -458,8 +460,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
@@ -462,8 +464,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
|
||||
* Establish nonce.
|
||||
*/
|
||||
if (conn->nonce == 0) {
|
||||
@ -223,7 +223,7 @@ index d955c2f..40621f2 100644
|
||||
} else
|
||||
eresult = ns_control_docommand(request, listener->readonly, &text);
|
||||
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
|
||||
index 3f96b7b..c92922e 100644
|
||||
index 4fd0194..0ba2627 100644
|
||||
--- a/bin/named/include/named/server.h
|
||||
+++ b/bin/named/include/named/server.h
|
||||
@@ -20,6 +20,7 @@
|
||||
@ -234,7 +234,7 @@ index 3f96b7b..c92922e 100644
|
||||
#include <isc/sockaddr.h>
|
||||
#include <isc/types.h>
|
||||
#include <isc/xml.h>
|
||||
@@ -134,6 +135,7 @@ struct ns_server {
|
||||
@@ -135,6 +136,7 @@ struct ns_server {
|
||||
char * lockfile;
|
||||
|
||||
uint16_t transfer_tcp_message_size;
|
||||
@ -243,7 +243,7 @@ index 3f96b7b..c92922e 100644
|
||||
|
||||
struct ns_altsecret {
|
||||
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
|
||||
index 9dea7c1..272d300 100644
|
||||
index 93aac31..e12fad9 100644
|
||||
--- a/bin/named/interfacemgr.c
|
||||
+++ b/bin/named/interfacemgr.c
|
||||
@@ -17,6 +17,7 @@
|
||||
@ -255,22 +255,22 @@ index 9dea7c1..272d300 100644
|
||||
#include <isc/task.h>
|
||||
#include <isc/util.h>
|
||||
diff --git a/bin/named/query.c b/bin/named/query.c
|
||||
index 203f1e6..25eeced 100644
|
||||
index 58b5914..edf42d2 100644
|
||||
--- a/bin/named/query.c
|
||||
+++ b/bin/named/query.c
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <isc/hex.h>
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <isc/mem.h>
|
||||
#include <isc/platform.h>
|
||||
#include <isc/print.h>
|
||||
+#include <isc/random.h>
|
||||
#include <isc/rwlock.h>
|
||||
#include <isc/serial.h>
|
||||
#include <isc/stats.h>
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index f27071f..f132c19 100644
|
||||
index b2ae57c..cca7fe8 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -8210,21 +8210,32 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8279,21 +8279,32 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
* Open the source of entropy.
|
||||
*/
|
||||
if (first_time) {
|
||||
@ -312,7 +312,7 @@ index f27071f..f132c19 100644
|
||||
#ifdef PATH_RANDOMDEV
|
||||
if (ns_g_fallbackentropy != NULL) {
|
||||
level = ISC_LOG_INFO;
|
||||
@@ -8235,8 +8246,8 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8304,8 +8315,8 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_SERVER,
|
||||
level,
|
||||
@ -323,7 +323,7 @@ index f27071f..f132c19 100644
|
||||
randomdev,
|
||||
isc_result_totext(result));
|
||||
}
|
||||
@@ -8256,7 +8267,6 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8325,7 +8336,6 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
}
|
||||
isc_entropy_detach(&ns_g_fallbackentropy);
|
||||
}
|
||||
@ -331,7 +331,7 @@ index f27071f..f132c19 100644
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -9025,6 +9035,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
@@ -9097,6 +9107,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
server->in_roothints = NULL;
|
||||
server->blackholeacl = NULL;
|
||||
server->keepresporder = NULL;
|
||||
@ -339,7 +339,7 @@ index f27071f..f132c19 100644
|
||||
|
||||
/* Must be first. */
|
||||
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
|
||||
@@ -9051,6 +9062,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
@@ -9123,6 +9134,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
|
||||
&server->tkeyctx),
|
||||
"creating TKEY context");
|
||||
@ -349,7 +349,7 @@ index f27071f..f132c19 100644
|
||||
|
||||
/*
|
||||
* Setup the server task, which is responsible for coordinating
|
||||
@@ -9257,7 +9271,8 @@ ns_server_destroy(ns_server_t **serverp) {
|
||||
@@ -9329,7 +9343,8 @@ ns_server_destroy(ns_server_t **serverp) {
|
||||
|
||||
if (server->zonemgr != NULL)
|
||||
dns_zonemgr_detach(&server->zonemgr);
|
||||
@ -359,7 +359,7 @@ index f27071f..f132c19 100644
|
||||
if (server->tkeyctx != NULL)
|
||||
dns_tkeyctx_destroy(&server->tkeyctx);
|
||||
|
||||
@@ -13263,10 +13278,10 @@ newzone_cfgctx_destroy(void **cfgp) {
|
||||
@@ -13366,10 +13381,10 @@ newzone_cfgctx_destroy(void **cfgp) {
|
||||
|
||||
static isc_result_t
|
||||
generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
@ -372,7 +372,7 @@ index f27071f..f132c19 100644
|
||||
} rnd;
|
||||
unsigned char text[512 + 1];
|
||||
isc_region_t r;
|
||||
@@ -13276,9 +13291,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
@@ -13379,9 +13394,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
if (saltlen > 256U)
|
||||
return (ISC_R_RANGE);
|
||||
|
||||
@ -387,10 +387,10 @@ index f27071f..f132c19 100644
|
||||
memmove(salt, rnd.rnd, saltlen);
|
||||
|
||||
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
|
||||
index 0286987..0376377 100644
|
||||
index 7f15cbc..458aa76 100644
|
||||
--- a/bin/nsupdate/nsupdate.c
|
||||
+++ b/bin/nsupdate/nsupdate.c
|
||||
@@ -283,9 +283,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@@ -289,9 +289,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
}
|
||||
|
||||
#ifdef ISC_PLATFORM_CRYPTORANDOM
|
||||
@ -402,7 +402,7 @@ index 0286987..0376377 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
|
||||
index f0a6ff2..55064f6 100644
|
||||
index 95b65bf..7a81d4e 100644
|
||||
--- a/bin/tests/system/pipelined/pipequeries.c
|
||||
+++ b/bin/tests/system/pipelined/pipequeries.c
|
||||
@@ -280,9 +280,7 @@ main(int argc, char *argv[]) {
|
||||
@ -417,7 +417,7 @@ index f0a6ff2..55064f6 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
|
||||
index fe8698e..937fcc3 100644
|
||||
index 3236968..4fa77b6 100644
|
||||
--- a/bin/tests/system/tkey/keycreate.c
|
||||
+++ b/bin/tests/system/tkey/keycreate.c
|
||||
@@ -255,9 +255,7 @@ main(int argc, char *argv[]) {
|
||||
@ -432,7 +432,7 @@ index fe8698e..937fcc3 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
|
||||
index 2146f9b..64b8e74 100644
|
||||
index 43fb6b0..105e151 100644
|
||||
--- a/bin/tests/system/tkey/keydelete.c
|
||||
+++ b/bin/tests/system/tkey/keydelete.c
|
||||
@@ -171,6 +171,7 @@ main(int argc, char **argv) {
|
||||
@ -455,22 +455,22 @@ index 2146f9b..64b8e74 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
|
||||
index 93c7a08..bb1e81d 100644
|
||||
index ca98726..1f9df2c 100644
|
||||
--- a/doc/arm/Bv9ARM-book.xml
|
||||
+++ b/doc/arm/Bv9ARM-book.xml
|
||||
@@ -5081,22 +5081,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
@@ -5034,22 +5034,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<term><command>random-device</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
- The source of entropy to be used by the server. Entropy is
|
||||
- This specifies a source of entropy to be used by the server. Entropy is
|
||||
- primarily needed
|
||||
- for DNSSEC operations, such as TKEY transactions and dynamic
|
||||
- update of signed
|
||||
- zones. This options specifies the device (or file) from which
|
||||
- zones. This option specifies the device (or file) from which
|
||||
- to read
|
||||
- entropy. If this is a file, operations requiring entropy will
|
||||
- entropy. If it is a file, operations requiring entropy will
|
||||
- fail when the
|
||||
- file has been exhausted. If not specified, the default value
|
||||
- file has been exhausted. If <command>random-device</command> is not specified, the default value
|
||||
- is
|
||||
- <filename>/dev/random</filename>
|
||||
- (or equivalent) when present, and none otherwise. The
|
||||
@ -569,10 +569,10 @@ index 0000000..89a4961
|
||||
+</section>
|
||||
+
|
||||
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
|
||||
index 589a347..052a0bd 100644
|
||||
index a5e42c0..f8cb1f9 100644
|
||||
--- a/doc/arm/notes.xml
|
||||
+++ b/doc/arm/notes.xml
|
||||
@@ -40,6 +40,7 @@
|
||||
@@ -47,6 +47,7 @@
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/>
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/>
|
||||
|
||||
@ -581,7 +581,7 @@ index 589a347..052a0bd 100644
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-thankyou.xml"/>
|
||||
</section>
|
||||
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
|
||||
index 1eccbe7..1933993 100644
|
||||
index aa54afc..2156384 100644
|
||||
--- a/lib/dns/dst_api.c
|
||||
+++ b/lib/dns/dst_api.c
|
||||
@@ -2017,10 +2017,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
|
||||
@ -599,7 +599,7 @@ index 1eccbe7..1933993 100644
|
||||
}
|
||||
|
||||
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
|
||||
index 6813c96..665574d 100644
|
||||
index 3aba028..180c841 100644
|
||||
--- a/lib/dns/include/dst/dst.h
|
||||
+++ b/lib/dns/include/dst/dst.h
|
||||
@@ -163,8 +163,18 @@ isc_result_t
|
||||
@ -624,7 +624,7 @@ index 6813c96..665574d 100644
|
||||
|
||||
bool
|
||||
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
|
||||
index ffe0a69..5e48686 100644
|
||||
index 3f4f822..cfdc757 100644
|
||||
--- a/lib/dns/openssl_link.c
|
||||
+++ b/lib/dns/openssl_link.c
|
||||
@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) {
|
||||
@ -638,7 +638,7 @@ index ffe0a69..5e48686 100644
|
||||
#ifndef DONT_REQUIRE_DST_LIB_INIT
|
||||
INSIST(dst__memory_pool != NULL);
|
||||
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
|
||||
index c40a18c..c7cb17d 100644
|
||||
index f32c9dc..bed276b 100644
|
||||
--- a/lib/isc/include/isc/entropy.h
|
||||
+++ b/lib/isc/include/isc/entropy.h
|
||||
@@ -189,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
|
||||
@ -718,26 +718,21 @@ index c40a18c..c7cb17d 100644
|
||||
|
||||
ISC_LANG_ENDDECLS
|
||||
diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
|
||||
index f8aed34..17c551b 100644
|
||||
index f38e80d..3cb1c56 100644
|
||||
--- a/lib/isc/include/isc/random.h
|
||||
+++ b/lib/isc/include/isc/random.h
|
||||
@@ -9,8 +9,6 @@
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
-/* $Id: random.h,v 1.20 2009/01/17 23:47:43 tbox Exp $ */
|
||||
-
|
||||
#ifndef ISC_RANDOM_H
|
||||
#define ISC_RANDOM_H 1
|
||||
|
||||
@@ -21,13 +19,23 @@
|
||||
@@ -19,13 +19,23 @@
|
||||
#include <isc/mutex.h>
|
||||
|
||||
/*! \file isc/random.h
|
||||
- * \brief Implements a random state pool which will let the caller return a
|
||||
- * series of possibly non-reproducible random values.
|
||||
+ * \brief Implements pseudo random number generators.
|
||||
+ *
|
||||
*
|
||||
- * Note that the
|
||||
- * strength of these numbers is not all that high, and should not be
|
||||
- * used in cryptography functions. It is useful for jittering values
|
||||
- * a bit here and there, such as timeouts, etc.
|
||||
+ * Two pseudo-random number generators are implemented, in isc_random_*
|
||||
+ * and isc_rng_*. Neither one is very strong; they should not be used
|
||||
+ * in cryptography functions.
|
||||
@ -747,11 +742,7 @@ index f8aed34..17c551b 100644
|
||||
+ * It is useful for jittering values a bit here and there, such as
|
||||
+ * timeouts, etc, but should not be relied upon to generate
|
||||
+ * unpredictable sequences (for example, when choosing transaction IDs).
|
||||
*
|
||||
- * Note that the
|
||||
- * strength of these numbers is not all that high, and should not be
|
||||
- * used in cryptography functions. It is useful for jittering values
|
||||
- * a bit here and there, such as timeouts, etc.
|
||||
+ *
|
||||
+ * isc_rng_* is based on ChaCha20, and is seeded and stirred from the
|
||||
+ * system entropy source. It is stronger than isc_random_* and can
|
||||
+ * be used for generating unpredictable sequences. It is still not as
|
||||
@ -760,7 +751,7 @@ index f8aed34..17c551b 100644
|
||||
*/
|
||||
|
||||
ISC_LANG_BEGINDECLS
|
||||
@@ -115,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
|
||||
@@ -113,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
|
||||
uint16_t
|
||||
isc_rng_uniformrandom(isc_rng_t *rngctx, uint16_t upper_bound);
|
||||
/*%<
|
||||
@ -772,7 +763,7 @@ index f8aed34..17c551b 100644
|
||||
|
||||
ISC_LANG_ENDDECLS
|
||||
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
|
||||
index 1c45d5c..91693b5 100644
|
||||
index e74c93b..212194e 100644
|
||||
--- a/lib/isccfg/namedconf.c
|
||||
+++ b/lib/isccfg/namedconf.c
|
||||
@@ -1109,7 +1109,7 @@ options_clauses[] = {
|
||||
@ -785,5 +776,5 @@ index 1c45d5c..91693b5 100644
|
||||
{ "recursive-clients", &cfg_type_uint32, 0 },
|
||||
{ "reserved-sockets", &cfg_type_uint32, 0 },
|
||||
--
|
||||
2.21.1
|
||||
2.26.2
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 521fc8dcc0ac064ae8bc521418f5b03f0ceec657 Mon Sep 17 00:00:00 2001
|
||||
From d55a57427ee696dec51149950478394e43019607 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 7 Nov 2019 14:31:03 +0100
|
||||
Subject: [PATCH] Implement serve-stale in 9.11
|
||||
@ -240,7 +240,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
|
||||
bin/tests/system/serve-stale/prereq.sh | 38 ++
|
||||
bin/tests/system/serve-stale/setup.sh | 13 +
|
||||
bin/tests/system/serve-stale/tests.sh | 536 ++++++++++++++++++
|
||||
doc/arm/Bv9ARM-book.xml | 69 ++-
|
||||
doc/arm/Bv9ARM-book.xml | 77 ++-
|
||||
doc/arm/logging-categories.xml | 11 +
|
||||
doc/arm/notes-rh-changes.xml | 14 +-
|
||||
doc/misc/options | 10 +
|
||||
@ -263,7 +263,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
|
||||
lib/dns/tests/db_test.c | 198 ++++++-
|
||||
lib/dns/view.c | 3 +
|
||||
lib/isccfg/namedconf.c | 5 +
|
||||
48 files changed, 2122 insertions(+), 102 deletions(-)
|
||||
48 files changed, 2126 insertions(+), 106 deletions(-)
|
||||
create mode 100644 bin/tests/system/serve-stale/.gitignore
|
||||
create mode 100644 bin/tests/system/serve-stale/ans2/ans.pl.in
|
||||
create mode 100644 bin/tests/system/serve-stale/clean.sh
|
||||
@ -276,7 +276,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
|
||||
create mode 100755 bin/tests/system/serve-stale/tests.sh
|
||||
|
||||
diff --git a/bin/named/config.c b/bin/named/config.c
|
||||
index 63da4b0..b598f9b 100644
|
||||
index 9e071bb..d2cd3bc 100644
|
||||
--- a/bin/named/config.c
|
||||
+++ b/bin/named/config.c
|
||||
@@ -182,13 +182,14 @@ options {\n\
|
||||
@ -291,7 +291,7 @@ index 63da4b0..b598f9b 100644
|
||||
max-clients-per-query 100;\n\
|
||||
max-ncache-ttl 10800; /* 3 hours */\n\
|
||||
max-recursion-depth 7;\n\
|
||||
max-recursion-queries 75;\n\
|
||||
max-recursion-queries 100;\n\
|
||||
+ max-stale-ttl 604800; /* 1 week */\n\
|
||||
message-compression yes;\n\
|
||||
# min-roots <obsolete>;\n\
|
||||
@ -312,7 +312,7 @@ index 63da4b0..b598f9b 100644
|
||||
transfer-format many-answers;\n\
|
||||
v6-bias 50;\n\
|
||||
diff --git a/bin/named/control.c b/bin/named/control.c
|
||||
index df23c26..8b79850 100644
|
||||
index 23620b4..0756c73 100644
|
||||
--- a/bin/named/control.c
|
||||
+++ b/bin/named/control.c
|
||||
@@ -282,6 +282,8 @@ ns_control_docommand(isccc_sexpr_t *message, bool readonly,
|
||||
@ -325,10 +325,10 @@ index df23c26..8b79850 100644
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
|
||||
diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h
|
||||
index 8705fdd..1634154 100644
|
||||
index 56bad8d..37403f1 100644
|
||||
--- a/bin/named/include/named/control.h
|
||||
+++ b/bin/named/include/named/control.h
|
||||
@@ -69,6 +69,7 @@
|
||||
@@ -67,6 +67,7 @@
|
||||
#define NS_COMMAND_MKEYS "managed-keys"
|
||||
#define NS_COMMAND_DNSTAPREOPEN "dnstap-reopen"
|
||||
#define NS_COMMAND_DNSTAP "dnstap"
|
||||
@ -337,10 +337,10 @@ index 8705fdd..1634154 100644
|
||||
isc_result_t
|
||||
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
|
||||
diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h
|
||||
index 56bfcd4..cd8db60 100644
|
||||
index 76e3a51..0d1d985 100644
|
||||
--- a/bin/named/include/named/log.h
|
||||
+++ b/bin/named/include/named/log.h
|
||||
@@ -32,6 +32,7 @@
|
||||
@@ -30,6 +30,7 @@
|
||||
#define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6])
|
||||
#define NS_LOGCATEGORY_QUERY_ERRORS (&ns_g_categories[7])
|
||||
#define NS_LOGCATEGORY_TAT (&ns_g_categories[8])
|
||||
@ -349,7 +349,7 @@ index 56bfcd4..cd8db60 100644
|
||||
/*
|
||||
* Backwards compatibility.
|
||||
diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
|
||||
index 9661f56..445b578 100644
|
||||
index ef1b172..53c052b 100644
|
||||
--- a/bin/named/include/named/query.h
|
||||
+++ b/bin/named/include/named/query.h
|
||||
@@ -35,6 +35,18 @@ typedef struct ns_dbversion {
|
||||
@ -389,10 +389,10 @@ index 9661f56..445b578 100644
|
||||
bool root_key_sentinel_is_ta;
|
||||
bool root_key_sentinel_not_ta;
|
||||
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
|
||||
index c92922e..588bf2d 100644
|
||||
index 0ba2627..08a02dc 100644
|
||||
--- a/bin/named/include/named/server.h
|
||||
+++ b/bin/named/include/named/server.h
|
||||
@@ -226,7 +226,10 @@ enum {
|
||||
@@ -227,7 +227,10 @@ enum {
|
||||
|
||||
dns_nsstatscounter_reclimitdropped = 58,
|
||||
|
||||
@ -404,7 +404,7 @@ index c92922e..588bf2d 100644
|
||||
};
|
||||
|
||||
/*%
|
||||
@@ -765,4 +768,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
|
||||
@@ -766,4 +769,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
|
||||
isc_result_t
|
||||
ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
|
||||
|
||||
@ -418,7 +418,7 @@ index c92922e..588bf2d 100644
|
||||
+ isc_buffer_t **text);
|
||||
#endif /* NAMED_SERVER_H */
|
||||
diff --git a/bin/named/log.c b/bin/named/log.c
|
||||
index 3aa25e9..12f178b 100644
|
||||
index acfa766..ea6f114 100644
|
||||
--- a/bin/named/log.c
|
||||
+++ b/bin/named/log.c
|
||||
@@ -38,6 +38,7 @@ static isc_logcategory_t categories[] = {
|
||||
@ -430,10 +430,10 @@ index 3aa25e9..12f178b 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/named/query.c b/bin/named/query.c
|
||||
index 25eeced..162e4ea 100644
|
||||
index b14f081..a95f5ad 100644
|
||||
--- a/bin/named/query.c
|
||||
+++ b/bin/named/query.c
|
||||
@@ -125,10 +125,14 @@
|
||||
@@ -149,10 +149,14 @@ last_cmpxchg(isc_stdtime_t *x, isc_stdtime_t *e, isc_stdtime_t r) {
|
||||
#define REDIRECT(c) (((c)->query.attributes & \
|
||||
NS_QUERYATTR_REDIRECT) != 0)
|
||||
|
||||
@ -449,7 +449,7 @@ index 25eeced..162e4ea 100644
|
||||
#ifdef WANT_QUERYTRACE
|
||||
static inline void
|
||||
client_trace(ns_client_t *client, int level, const char *message) {
|
||||
@@ -217,6 +221,10 @@ static bool
|
||||
@@ -241,6 +245,10 @@ static bool
|
||||
rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
|
||||
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
|
||||
|
||||
@ -460,7 +460,7 @@ index 25eeced..162e4ea 100644
|
||||
/*%
|
||||
* Increment query statistics counters.
|
||||
*/
|
||||
@@ -470,6 +478,7 @@ query_reset(ns_client_t *client, bool everything) {
|
||||
@@ -494,6 +502,7 @@ query_reset(ns_client_t *client, bool everything) {
|
||||
client->query.isreferral = false;
|
||||
client->query.dns64_options = 0;
|
||||
client->query.dns64_ttl = UINT32_MAX;
|
||||
@ -468,8 +468,8 @@ index 25eeced..162e4ea 100644
|
||||
client->query.root_key_sentinel_keyid = 0;
|
||||
client->query.root_key_sentinel_is_ta = false;
|
||||
client->query.root_key_sentinel_not_ta = false;
|
||||
@@ -4254,6 +4263,54 @@ query_prefetch(ns_client_t *client, dns_name_t *qname,
|
||||
dns_rdataset_clearprefetch(rdataset);
|
||||
@@ -4305,6 +4314,54 @@ log_quota(ns_client_t *client, isc_stdtime_t *last, isc_stdtime_t now,
|
||||
}
|
||||
}
|
||||
|
||||
+/*%
|
||||
@ -523,7 +523,7 @@ index 25eeced..162e4ea 100644
|
||||
static isc_result_t
|
||||
query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
dns_name_t *qdomain, dns_rdataset_t *nameservers,
|
||||
@@ -4263,6 +4320,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
@@ -4314,6 +4371,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
dns_rdataset_t *rdataset, *sigrdataset;
|
||||
isc_sockaddr_t *peeraddr;
|
||||
|
||||
@ -543,7 +543,7 @@ index 25eeced..162e4ea 100644
|
||||
if (!resuming)
|
||||
inc_stats(client, dns_nsstatscounter_recursion);
|
||||
|
||||
@@ -6780,6 +6850,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -6821,6 +6891,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
int line = -1;
|
||||
bool dns64_exclude, dns64, rpz;
|
||||
bool nxrewrite = false;
|
||||
@ -551,7 +551,7 @@ index 25eeced..162e4ea 100644
|
||||
bool redirected = false;
|
||||
dns_clientinfomethods_t cm;
|
||||
dns_clientinfo_t ci;
|
||||
@@ -7089,6 +7160,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7130,6 +7201,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
type = qtype;
|
||||
|
||||
restart:
|
||||
@ -559,7 +559,7 @@ index 25eeced..162e4ea 100644
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: restart");
|
||||
want_restart = false;
|
||||
authoritative = false;
|
||||
@@ -7233,6 +7305,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7274,6 +7346,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
}
|
||||
|
||||
db_find:
|
||||
@ -567,7 +567,7 @@ index 25eeced..162e4ea 100644
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: db_find");
|
||||
/*
|
||||
* We'll need some resources...
|
||||
@@ -7290,6 +7363,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7331,6 +7404,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
if (!is_zone)
|
||||
dns_cache_updatestats(client->view->cache, result);
|
||||
|
||||
@ -603,7 +603,7 @@ index 25eeced..162e4ea 100644
|
||||
resume:
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: resume");
|
||||
|
||||
@@ -7635,6 +7737,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7676,6 +7778,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
* The cache doesn't even have the root NS. Get them from
|
||||
* the hints DB.
|
||||
*/
|
||||
@ -611,7 +611,7 @@ index 25eeced..162e4ea 100644
|
||||
INSIST(!is_zone);
|
||||
if (db != NULL)
|
||||
dns_db_detach(&db);
|
||||
@@ -7697,12 +7800,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -7738,12 +7841,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
*/
|
||||
/* FALLTHROUGH */
|
||||
case DNS_R_DELEGATION:
|
||||
@ -626,7 +626,7 @@ index 25eeced..162e4ea 100644
|
||||
if (!RECURSIONOK(client) &&
|
||||
(options & DNS_GETDB_NOEXACT) != 0 &&
|
||||
qtype == dns_rdatatype_ds) {
|
||||
@@ -8089,6 +8194,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8130,6 +8235,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
false, true);
|
||||
}
|
||||
}
|
||||
@ -634,7 +634,7 @@ index 25eeced..162e4ea 100644
|
||||
if (dns_rdataset_isassociated(rdataset)) {
|
||||
/*
|
||||
* If we've got a NSEC record, we need to save the
|
||||
@@ -8409,7 +8515,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8450,7 +8556,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
@ -644,7 +644,7 @@ index 25eeced..162e4ea 100644
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
@@ -8627,7 +8734,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8676,7 +8783,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
"query_find: unexpected error after resuming: %s",
|
||||
isc_result_totext(result));
|
||||
CTRACE(ISC_LOG_ERROR, errmsg);
|
||||
@ -657,7 +657,7 @@ index 25eeced..162e4ea 100644
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -8883,7 +8994,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8932,7 +9043,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
/*
|
||||
* If we have a zero ttl from the cache refetch it.
|
||||
*/
|
||||
@ -666,7 +666,7 @@ index 25eeced..162e4ea 100644
|
||||
RECURSIONOK(client))
|
||||
{
|
||||
if (dns_rdataset_isassociated(rdataset))
|
||||
@@ -8894,6 +9005,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -8943,6 +9054,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
if (node != NULL)
|
||||
dns_db_detachnode(db, &node);
|
||||
|
||||
@ -674,7 +674,7 @@ index 25eeced..162e4ea 100644
|
||||
INSIST(!REDIRECT(client));
|
||||
result = query_recurse(client, qtype,
|
||||
client->query.qname,
|
||||
@@ -9174,6 +9286,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -9223,6 +9335,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
dns_fixedname_name(&wildcardname),
|
||||
true, false);
|
||||
cleanup:
|
||||
@ -682,7 +682,7 @@ index 25eeced..162e4ea 100644
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_find: cleanup");
|
||||
/*
|
||||
* General cleanup.
|
||||
@@ -9230,6 +9343,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
@@ -9279,6 +9392,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
goto restart;
|
||||
}
|
||||
|
||||
@ -733,7 +733,7 @@ index 25eeced..162e4ea 100644
|
||||
(!PARTIALANSWER(client) || WANTRECURSION(client)
|
||||
|| eresult == DNS_R_DROP)) {
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index 1f23cf0..1fa836f 100644
|
||||
index 2bdf690..3a5ba91 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -1720,7 +1720,8 @@ static bool
|
||||
@ -843,7 +843,7 @@ index 1f23cf0..1fa836f 100644
|
||||
/*
|
||||
* Set supported DNSSEC algorithms.
|
||||
*/
|
||||
@@ -14456,3 +14500,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
|
||||
@@ -14559,3 +14603,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
|
||||
return (ISC_R_NOTIMPLEMENTED);
|
||||
#endif
|
||||
}
|
||||
@ -977,7 +977,7 @@ index 1f23cf0..1fa836f 100644
|
||||
+ return (result);
|
||||
+}
|
||||
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
|
||||
index 4b8d972..8c68737 100644
|
||||
index 12ab048..4938c03 100644
|
||||
--- a/bin/named/statschannel.c
|
||||
+++ b/bin/named/statschannel.c
|
||||
@@ -300,6 +300,12 @@ init_desc(void) {
|
||||
@ -994,7 +994,7 @@ index 4b8d972..8c68737 100644
|
||||
|
||||
/* Initialize resolver statistics */
|
||||
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
|
||||
index 8083654..d519983 100644
|
||||
index 0acfe3a..2c21c1d 100644
|
||||
--- a/bin/rndc/rndc.c
|
||||
+++ b/bin/rndc/rndc.c
|
||||
@@ -160,6 +160,8 @@ command is one of the following:\n\
|
||||
@ -1007,7 +1007,7 @@ index 8083654..d519983 100644
|
||||
Print a zone's configuration.\n\
|
||||
sign zone [class [view]]\n\
|
||||
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
|
||||
index e14a17e..eaf32d3 100644
|
||||
index 159ded9..12a7208 100644
|
||||
--- a/bin/rndc/rndc.docbook
|
||||
+++ b/bin/rndc/rndc.docbook
|
||||
@@ -689,6 +689,25 @@
|
||||
@ -1037,7 +1037,7 @@ index e14a17e..eaf32d3 100644
|
||||
<term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
|
||||
<listitem>
|
||||
diff --git a/bin/tests/system/chain/prereq.sh b/bin/tests/system/chain/prereq.sh
|
||||
index f3f1939..9ff3f07 100644
|
||||
index 23bedcd..43385de 100644
|
||||
--- a/bin/tests/system/chain/prereq.sh
|
||||
+++ b/bin/tests/system/chain/prereq.sh
|
||||
@@ -48,3 +48,10 @@ else
|
||||
@ -1052,7 +1052,7 @@ index f3f1939..9ff3f07 100644
|
||||
+ exit 1
|
||||
+fi
|
||||
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
||||
index 22749b9..a247fd5 100644
|
||||
index f6412f6..26c8901 100644
|
||||
--- a/bin/tests/system/conf.sh.in
|
||||
+++ b/bin/tests/system/conf.sh.in
|
||||
@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \
|
||||
@ -2039,10 +2039,10 @@ index 0000000..201c996
|
||||
+echo "I:exit status: $status"
|
||||
+[ $status -eq 0 ] || exit 1
|
||||
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
|
||||
index bb1e81d..6dbbfad 100644
|
||||
index 99c8680..5fbabfe 100644
|
||||
--- a/doc/arm/Bv9ARM-book.xml
|
||||
+++ b/doc/arm/Bv9ARM-book.xml
|
||||
@@ -4381,6 +4381,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
@@ -4336,6 +4336,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
statement in the <filename>named.conf</filename> file:
|
||||
</para>
|
||||
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="options.grammar.xml"/>
|
||||
@ -2052,7 +2052,7 @@ index bb1e81d..6dbbfad 100644
|
||||
</section>
|
||||
|
||||
<section xml:id="options"><info><title><command>options</command> Statement Definition and
|
||||
@@ -4474,6 +4477,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
@@ -4429,6 +4432,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<command>dnssec-validation</command>,
|
||||
<command>max-cache-ttl</command>,
|
||||
<command>max-ncache-ttl</command>,
|
||||
@ -2060,7 +2060,7 @@ index bb1e81d..6dbbfad 100644
|
||||
<command>max-cache-size</command>, and
|
||||
<command>zero-no-soa-ttl</command>.
|
||||
</para>
|
||||
@@ -5485,7 +5489,6 @@ options {
|
||||
@@ -5438,7 +5442,6 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2068,7 +2068,7 @@ index bb1e81d..6dbbfad 100644
|
||||
<varlistentry>
|
||||
<term><command>max-zone-ttl</command></term>
|
||||
<listitem>
|
||||
@@ -5521,6 +5524,21 @@ options {
|
||||
@@ -5474,6 +5477,21 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2090,7 +2090,7 @@ index bb1e81d..6dbbfad 100644
|
||||
<varlistentry>
|
||||
<term><command>serial-update-method</command></term>
|
||||
<listitem>
|
||||
@@ -6280,6 +6298,22 @@ options {
|
||||
@@ -6227,6 +6245,22 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2113,31 +2113,34 @@ index bb1e81d..6dbbfad 100644
|
||||
<varlistentry>
|
||||
<term><command>nocookie-udp-size</command></term>
|
||||
<listitem>
|
||||
@@ -7501,14 +7535,20 @@ options {
|
||||
@@ -7449,13 +7483,19 @@ options {
|
||||
<term><command>resolver-query-timeout</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
- The amount of time in seconds that the resolver
|
||||
+ The amount of time in milliseconds that the resolver
|
||||
will spend attempting to resolve a recursive
|
||||
query before failing. The default and minimum
|
||||
- This is the amount of time in seconds that the
|
||||
- resolver spends attempting to resolve a recursive
|
||||
- query before failing. The default and minimum
|
||||
- is <literal>10</literal> and the maximum is
|
||||
- <literal>30</literal>. Setting it to
|
||||
- <literal>0</literal> results in the default
|
||||
- being used.
|
||||
+ The amount of time in milliseconds that the resolver
|
||||
+ will spend attempting to resolve a recursive
|
||||
+ query before failing. The default and minimum
|
||||
+ is <literal>10000</literal> and the maximum is
|
||||
+ <literal>30000</literal>. Setting it to
|
||||
<literal>0</literal> will result in the default
|
||||
being used.
|
||||
</para>
|
||||
+ <literal>0</literal> will result in the default
|
||||
+ being used.
|
||||
+ </para>
|
||||
+ <para>
|
||||
+ This value was originally specified in seconds.
|
||||
+ Values less than or equal to 300 will be be treated
|
||||
+ as seconds and converted to milliseconds before
|
||||
+ applying the above limits.
|
||||
+ </para>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@@ -8994,6 +9034,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
@@ -9016,6 +9056,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2166,7 +2169,7 @@ index bb1e81d..6dbbfad 100644
|
||||
<term><command>min-roots</command></term>
|
||||
<listitem>
|
||||
diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml
|
||||
index 181def7..59f6afb 100644
|
||||
index 56d05e8..098342b 100644
|
||||
--- a/doc/arm/logging-categories.xml
|
||||
+++ b/doc/arm/logging-categories.xml
|
||||
@@ -311,6 +311,17 @@
|
||||
@ -2278,7 +2281,7 @@ index e11beed..fde93c7 100644
|
||||
topology { <address_match_element>; ... }; // not implemented
|
||||
transfer-format ( many-answers | one-answer );
|
||||
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
|
||||
index eaac5ba..a89d78f 100644
|
||||
index bf769fe..6c57fa4 100644
|
||||
--- a/lib/bind9/check.c
|
||||
+++ b/lib/bind9/check.c
|
||||
@@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
|
||||
@ -2522,7 +2525,7 @@ index eaac5ba..a89d78f 100644
|
||||
}
|
||||
|
||||
diff --git a/lib/dns/cache.c b/lib/dns/cache.c
|
||||
index 4701ff8..97e427a 100644
|
||||
index 2965a4f..617737a 100644
|
||||
--- a/lib/dns/cache.c
|
||||
+++ b/lib/dns/cache.c
|
||||
@@ -138,6 +138,7 @@ struct dns_cache {
|
||||
@ -2592,7 +2595,7 @@ index 4701ff8..97e427a 100644
|
||||
* The cleaner task is shutting down; do the necessary cleanup.
|
||||
*/
|
||||
diff --git a/lib/dns/db.c b/lib/dns/db.c
|
||||
index ee3e00d..576aa65 100644
|
||||
index a28a566..c581646 100644
|
||||
--- a/lib/dns/db.c
|
||||
+++ b/lib/dns/db.c
|
||||
@@ -1130,3 +1130,25 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
|
||||
@ -2622,7 +2625,7 @@ index ee3e00d..576aa65 100644
|
||||
+ return (ISC_R_NOTIMPLEMENTED);
|
||||
+}
|
||||
diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c
|
||||
index 47994ea..23bfe7d 100644
|
||||
index fc94ccf..76d0417 100644
|
||||
--- a/lib/dns/ecdb.c
|
||||
+++ b/lib/dns/ecdb.c
|
||||
@@ -588,7 +588,9 @@ static dns_dbmethods_t ecdb_methods = {
|
||||
@ -2637,7 +2640,7 @@ index 47994ea..23bfe7d 100644
|
||||
|
||||
static isc_result_t
|
||||
diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h
|
||||
index 62797db..714b78e 100644
|
||||
index ab4b0b5..e158014 100644
|
||||
--- a/lib/dns/include/dns/cache.h
|
||||
+++ b/lib/dns/include/dns/cache.h
|
||||
@@ -260,6 +260,27 @@ dns_cache_getcachesize(dns_cache_t *cache);
|
||||
@ -2669,7 +2672,7 @@ index 62797db..714b78e 100644
|
||||
dns_cache_flush(dns_cache_t *cache);
|
||||
/*%<
|
||||
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
|
||||
index 6f0eed0..e3917f2 100644
|
||||
index 96f3a8f..452770f 100644
|
||||
--- a/lib/dns/include/dns/db.h
|
||||
+++ b/lib/dns/include/dns/db.h
|
||||
@@ -195,6 +195,8 @@ typedef struct dns_dbmethods {
|
||||
@ -2729,7 +2732,7 @@ index 6f0eed0..e3917f2 100644
|
||||
|
||||
#endif /* DNS_DB_H */
|
||||
diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h
|
||||
index 5295d8e..97071ed 100644
|
||||
index ed9119a..710e97c 100644
|
||||
--- a/lib/dns/include/dns/rdataset.h
|
||||
+++ b/lib/dns/include/dns/rdataset.h
|
||||
@@ -128,6 +128,7 @@ struct dns_rdataset {
|
||||
@ -2783,7 +2786,7 @@ index 5295d8e..97071ed 100644
|
||||
/*%
|
||||
* _OMITDNSSEC:
|
||||
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
|
||||
index 0b66c75..4b4b6bd 100644
|
||||
index 7b3c047..bd7d225 100644
|
||||
--- a/lib/dns/include/dns/resolver.h
|
||||
+++ b/lib/dns/include/dns/resolver.h
|
||||
@@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name);
|
||||
@ -2852,12 +2855,12 @@ index 0b66c75..4b4b6bd 100644
|
||||
dns_resolver_getoptions(dns_resolver_t *resolver);
|
||||
|
||||
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
|
||||
index 567e8a8..7bf2b60 100644
|
||||
index 2468e3c..934a641 100644
|
||||
--- a/lib/dns/include/dns/types.h
|
||||
+++ b/lib/dns/include/dns/types.h
|
||||
@@ -385,6 +385,12 @@ typedef enum {
|
||||
dns_updatemethod_date
|
||||
} dns_updatemethod_t;
|
||||
@@ -390,6 +390,12 @@ typedef struct {
|
||||
size_t count;
|
||||
} dns_indent_t;
|
||||
|
||||
+typedef enum {
|
||||
+ dns_stale_answer_no,
|
||||
@ -2869,7 +2872,7 @@ index 567e8a8..7bf2b60 100644
|
||||
* Functions.
|
||||
*/
|
||||
diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
|
||||
index c849dec..647ca2a 100644
|
||||
index 53f1db1..96148c7 100644
|
||||
--- a/lib/dns/include/dns/view.h
|
||||
+++ b/lib/dns/include/dns/view.h
|
||||
@@ -229,6 +229,9 @@ struct dns_view {
|
||||
@ -2883,7 +2886,7 @@ index c849dec..647ca2a 100644
|
||||
|
||||
#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')
|
||||
diff --git a/lib/dns/master.c b/lib/dns/master.c
|
||||
index 8edd732..8c9f00e 100644
|
||||
index 7d26b81..36999b5 100644
|
||||
--- a/lib/dns/master.c
|
||||
+++ b/lib/dns/master.c
|
||||
@@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) {
|
||||
@ -2910,7 +2913,7 @@ index 8edd732..8c9f00e 100644
|
||||
|
||||
/*
|
||||
diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c
|
||||
index 13d1a3e..873b694 100644
|
||||
index fa839a0..91b3cab 100644
|
||||
--- a/lib/dns/masterdump.c
|
||||
+++ b/lib/dns/masterdump.c
|
||||
@@ -81,6 +81,9 @@ struct dns_master_style {
|
||||
@ -2979,10 +2982,10 @@ index 13d1a3e..873b694 100644
|
||||
RUNTIME_CHECK(result == ISC_R_SUCCESS);
|
||||
isc_buffer_usedregion(&buffer, &r);
|
||||
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
|
||||
index 02f2c84..fda991d 100644
|
||||
index 3a60bcf..8ea4d47 100644
|
||||
--- a/lib/dns/rbtdb.c
|
||||
+++ b/lib/dns/rbtdb.c
|
||||
@@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
|
||||
@@ -511,6 +511,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
|
||||
typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
|
||||
|
||||
#define RDATASET_ATTR_NONEXISTENT 0x0001
|
||||
@ -2990,7 +2993,7 @@ index 02f2c84..fda991d 100644
|
||||
#define RDATASET_ATTR_STALE 0x0002
|
||||
#define RDATASET_ATTR_IGNORE 0x0004
|
||||
#define RDATASET_ATTR_RETAIN 0x0008
|
||||
@@ -502,6 +503,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
|
||||
@@ -523,6 +524,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
|
||||
#define RDATASET_ATTR_CASESET 0x0400
|
||||
#define RDATASET_ATTR_ZEROTTL 0x0800
|
||||
#define RDATASET_ATTR_CASEFULLYLOWER 0x1000
|
||||
@ -2999,7 +3002,7 @@ index 02f2c84..fda991d 100644
|
||||
|
||||
typedef struct acache_cbarg {
|
||||
dns_rdatasetadditional_t type;
|
||||
@@ -552,6 +555,8 @@ struct acachectl {
|
||||
@@ -573,6 +576,8 @@ struct acachectl {
|
||||
(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
|
||||
#define CASEFULLYLOWER(header) \
|
||||
(((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0)
|
||||
@ -3008,7 +3011,7 @@ index 02f2c84..fda991d 100644
|
||||
|
||||
|
||||
#define ACTIVE(header, now) \
|
||||
@@ -611,6 +616,12 @@ typedef enum {
|
||||
@@ -632,6 +637,12 @@ typedef enum {
|
||||
expire_flush
|
||||
} expire_t;
|
||||
|
||||
@ -3021,7 +3024,7 @@ index 02f2c84..fda991d 100644
|
||||
typedef struct rbtdb_version {
|
||||
/* Not locked */
|
||||
rbtdb_serial_t serial;
|
||||
@@ -678,6 +689,12 @@ struct dns_rbtdb {
|
||||
@@ -699,6 +710,12 @@ struct dns_rbtdb {
|
||||
dns_dbnode_t *soanode;
|
||||
dns_dbnode_t *nsnode;
|
||||
|
||||
@ -3034,7 +3037,7 @@ index 02f2c84..fda991d 100644
|
||||
/*
|
||||
* This is a linked list used to implement the LRU cache. There will
|
||||
* be node_lock_count linked lists here. Nodes in bucket 1 will be
|
||||
@@ -721,6 +738,8 @@ struct dns_rbtdb {
|
||||
@@ -742,6 +759,8 @@ struct dns_rbtdb {
|
||||
#define RBTDB_ATTR_LOADED 0x01
|
||||
#define RBTDB_ATTR_LOADING 0x02
|
||||
|
||||
@ -3043,7 +3046,7 @@ index 02f2c84..fda991d 100644
|
||||
/*%
|
||||
* Search Context
|
||||
*/
|
||||
@@ -1791,15 +1810,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
|
||||
@@ -1816,15 +1835,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
|
||||
}
|
||||
|
||||
static inline void
|
||||
@ -3063,7 +3066,7 @@ index 02f2c84..fda991d 100644
|
||||
header->node->dirty = 1;
|
||||
|
||||
/*
|
||||
@@ -1840,8 +1859,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
@@ -1865,8 +1884,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
/*
|
||||
* If current is nonexistent or stale, we can clean it up.
|
||||
*/
|
||||
@ -3074,7 +3077,7 @@ index 02f2c84..fda991d 100644
|
||||
if (top_prev != NULL)
|
||||
top_prev->next = current->next;
|
||||
else
|
||||
@@ -2086,6 +2105,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
@@ -2111,6 +2130,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -3155,7 +3158,7 @@ index 02f2c84..fda991d 100644
|
||||
/*
|
||||
* Caller must be holding the node lock.
|
||||
*/
|
||||
@@ -3313,6 +3406,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
|
||||
@@ -3343,6 +3436,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
rdataset->attributes |= DNS_RDATASETATTR_OPTOUT;
|
||||
if (PREFETCH(header))
|
||||
rdataset->attributes |= DNS_RDATASETATTR_PREFETCH;
|
||||
@ -3168,7 +3171,7 @@ index 02f2c84..fda991d 100644
|
||||
rdataset->private1 = rbtdb;
|
||||
rdataset->private2 = node;
|
||||
raw = (unsigned char *)header + sizeof(*header);
|
||||
@@ -4653,6 +4752,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
@@ -4698,6 +4797,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
#endif
|
||||
|
||||
if (!ACTIVE(header, search->now)) {
|
||||
@ -3188,7 +3191,7 @@ index 02f2c84..fda991d 100644
|
||||
/*
|
||||
* This rdataset is stale. If no one else is using the
|
||||
* node, we can clean it up right now, otherwise we mark
|
||||
@@ -4692,7 +4804,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
@@ -4737,7 +4849,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
|
||||
node->data = header->next;
|
||||
free_rdataset(search->rbtdb, mctx, header);
|
||||
} else {
|
||||
@ -3197,7 +3200,7 @@ index 02f2c84..fda991d 100644
|
||||
*header_prev = header;
|
||||
}
|
||||
} else
|
||||
@@ -5130,7 +5242,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
|
||||
@@ -5178,7 +5290,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
|
||||
&locktype, lock, &search,
|
||||
&header_prev)) {
|
||||
/* Do nothing. */
|
||||
@ -3206,7 +3209,7 @@ index 02f2c84..fda991d 100644
|
||||
/*
|
||||
* We now know that there is at least one active
|
||||
* non-stale rdataset at this node.
|
||||
@@ -5608,7 +5720,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
@@ -5661,7 +5773,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
* refcurrent(rbtnode) must be non-zero. This is so
|
||||
* because 'node' is an argument to the function.
|
||||
*/
|
||||
@ -3215,7 +3218,7 @@ index 02f2c84..fda991d 100644
|
||||
if (log)
|
||||
isc_log_write(dns_lctx, category, module,
|
||||
level, "overmem cache: stale %s",
|
||||
@@ -5616,7 +5728,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
@@ -5669,7 +5781,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
|
||||
} else if (force_expire) {
|
||||
if (! RETAIN(header)) {
|
||||
set_ttl(rbtdb, header, 0);
|
||||
@ -3224,7 +3227,7 @@ index 02f2c84..fda991d 100644
|
||||
} else if (log) {
|
||||
isc_log_write(dns_lctx, category, module,
|
||||
level, "overmem cache: "
|
||||
@@ -5873,9 +5985,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
@@ -5928,9 +6040,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
|
||||
* non-zero. This is so because 'node' is an
|
||||
* argument to the function.
|
||||
*/
|
||||
@ -3236,7 +3239,7 @@ index 02f2c84..fda991d 100644
|
||||
if (header->type == matchtype)
|
||||
found = header;
|
||||
else if (header->type == RBTDB_RDATATYPE_NCACHEANY ||
|
||||
@@ -6167,7 +6279,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6232,7 +6344,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
topheader = topheader->next)
|
||||
{
|
||||
set_ttl(rbtdb, topheader, 0);
|
||||
@ -3245,7 +3248,7 @@ index 02f2c84..fda991d 100644
|
||||
}
|
||||
goto find_header;
|
||||
}
|
||||
@@ -6225,7 +6337,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6293,7 +6405,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
* ncache entry.
|
||||
*/
|
||||
set_ttl(rbtdb, topheader, 0);
|
||||
@ -3254,7 +3257,7 @@ index 02f2c84..fda991d 100644
|
||||
topheader = NULL;
|
||||
goto find_header;
|
||||
}
|
||||
@@ -6263,8 +6375,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6331,8 +6443,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
}
|
||||
|
||||
/*
|
||||
@ -3268,7 +3271,7 @@ index 02f2c84..fda991d 100644
|
||||
*/
|
||||
if (rbtversion == NULL && trust < header->trust &&
|
||||
(ACTIVE(header, now) || header_nx)) {
|
||||
@@ -6293,6 +6408,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6362,6 +6477,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
|
||||
if ((options & DNS_DBADD_EXACT) != 0)
|
||||
flags |= DNS_RDATASLAB_EXACT;
|
||||
@ -3279,7 +3282,7 @@ index 02f2c84..fda991d 100644
|
||||
if ((options & DNS_DBADD_EXACTTTL) != 0 &&
|
||||
newheader->rdh_ttl != header->rdh_ttl)
|
||||
result = DNS_R_NOTEXACT;
|
||||
@@ -6336,11 +6455,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6405,11 +6524,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
}
|
||||
}
|
||||
/*
|
||||
@ -3297,7 +3300,7 @@ index 02f2c84..fda991d 100644
|
||||
*/
|
||||
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
|
||||
header->type == dns_rdatatype_ns &&
|
||||
@@ -6511,10 +6631,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
@@ -6582,10 +6702,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
|
||||
changed->dirty = true;
|
||||
if (rbtversion == NULL) {
|
||||
set_ttl(rbtdb, header, 0);
|
||||
@ -3310,7 +3313,7 @@ index 02f2c84..fda991d 100644
|
||||
}
|
||||
}
|
||||
if (rbtversion != NULL && !header_nx) {
|
||||
@@ -8331,6 +8451,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
|
||||
@@ -8436,6 +8556,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
|
||||
return (result);
|
||||
}
|
||||
|
||||
@ -3341,7 +3344,7 @@ index 02f2c84..fda991d 100644
|
||||
static dns_dbmethods_t zone_methods = {
|
||||
attach,
|
||||
detach,
|
||||
@@ -8376,7 +8520,9 @@ static dns_dbmethods_t zone_methods = {
|
||||
@@ -8481,7 +8625,9 @@ static dns_dbmethods_t zone_methods = {
|
||||
NULL,
|
||||
hashsize,
|
||||
nodefullname,
|
||||
@ -3352,7 +3355,7 @@ index 02f2c84..fda991d 100644
|
||||
};
|
||||
|
||||
static dns_dbmethods_t cache_methods = {
|
||||
@@ -8424,7 +8570,9 @@ static dns_dbmethods_t cache_methods = {
|
||||
@@ -8529,7 +8675,9 @@ static dns_dbmethods_t cache_methods = {
|
||||
setcachestats,
|
||||
hashsize,
|
||||
nodefullname,
|
||||
@ -3363,7 +3366,7 @@ index 02f2c84..fda991d 100644
|
||||
};
|
||||
|
||||
isc_result_t
|
||||
@@ -8695,7 +8843,7 @@ dns_rbtdb_create
|
||||
@@ -8800,7 +8948,7 @@ dns_rbtdb_create
|
||||
rbtdb->rpzs = NULL;
|
||||
rbtdb->load_rpzs = NULL;
|
||||
rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;
|
||||
@ -3372,7 +3375,7 @@ index 02f2c84..fda991d 100644
|
||||
/*
|
||||
* Version Initialization.
|
||||
*/
|
||||
@@ -9113,7 +9261,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
|
||||
@@ -9218,7 +9366,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
|
||||
* rdatasets to work.
|
||||
*/
|
||||
if (NONEXISTENT(header) ||
|
||||
@ -3382,7 +3385,7 @@ index 02f2c84..fda991d 100644
|
||||
header = NULL;
|
||||
break;
|
||||
} else
|
||||
@@ -10322,7 +10471,7 @@ static inline bool
|
||||
@@ -10427,7 +10576,7 @@ static inline bool
|
||||
need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {
|
||||
if ((header->attributes &
|
||||
(RDATASET_ATTR_NONEXISTENT |
|
||||
@ -3391,7 +3394,7 @@ index 02f2c84..fda991d 100644
|
||||
RDATASET_ATTR_ZEROTTL)) != 0)
|
||||
return (false);
|
||||
|
||||
@@ -10428,7 +10577,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
|
||||
@@ -10533,7 +10682,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
|
||||
bool tree_locked, expire_t reason)
|
||||
{
|
||||
set_ttl(rbtdb, header, 0);
|
||||
@ -3401,7 +3404,7 @@ index 02f2c84..fda991d 100644
|
||||
/*
|
||||
* Caller must hold the node (write) lock.
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index 337a2f3..24e14d2 100644
|
||||
index 49ec49c..2de70a6 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -141,16 +141,17 @@
|
||||
@ -3434,7 +3437,7 @@ index 337a2f3..24e14d2 100644
|
||||
#endif
|
||||
|
||||
/* The default maximum number of recursions to follow before giving up. */
|
||||
@@ -515,6 +516,11 @@ struct dns_resolver {
|
||||
@@ -529,6 +530,11 @@ struct dns_resolver {
|
||||
dns_fetch_t * primefetch;
|
||||
/* Locked by nlock. */
|
||||
unsigned int nfctx;
|
||||
@ -3446,7 +3449,7 @@ index 337a2f3..24e14d2 100644
|
||||
};
|
||||
|
||||
#define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
|
||||
@@ -1625,14 +1631,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
|
||||
@@ -1650,14 +1656,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
|
||||
unsigned int seconds;
|
||||
unsigned int us;
|
||||
|
||||
@ -3465,7 +3468,7 @@ index 337a2f3..24e14d2 100644
|
||||
|
||||
/*
|
||||
* Add a fudge factor to the expected rtt based on the current
|
||||
@@ -4494,7 +4498,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
|
||||
@@ -4542,7 +4546,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
|
||||
/*
|
||||
* Compute an expiration time for the entire fetch.
|
||||
*/
|
||||
@ -3475,7 +3478,7 @@ index 337a2f3..24e14d2 100644
|
||||
iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
|
||||
if (iresult != ISC_R_SUCCESS) {
|
||||
UNEXPECTED_ERROR(__FILE__, __LINE__,
|
||||
@@ -8983,6 +8988,8 @@ dns_resolver_create(dns_view_t *view,
|
||||
@@ -9105,6 +9110,8 @@ dns_resolver_create(dns_view_t *view,
|
||||
res->spillattimer = NULL;
|
||||
res->zspill = 0;
|
||||
res->zero_no_soa_ttl = false;
|
||||
@ -3484,7 +3487,7 @@ index 337a2f3..24e14d2 100644
|
||||
res->query_timeout = DEFAULT_QUERY_TIMEOUT;
|
||||
res->maxdepth = DEFAULT_RECURSION_DEPTH;
|
||||
res->maxqueries = DEFAULT_MAX_QUERIES;
|
||||
@@ -10317,17 +10324,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
|
||||
@@ -10439,17 +10446,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
|
||||
}
|
||||
|
||||
void
|
||||
@ -3513,7 +3516,7 @@ index 337a2f3..24e14d2 100644
|
||||
}
|
||||
|
||||
void
|
||||
@@ -10424,3 +10434,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
|
||||
@@ -10546,3 +10556,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
|
||||
|
||||
return (resolver->quotaresp[which]);
|
||||
}
|
||||
@ -3549,10 +3552,10 @@ index 337a2f3..24e14d2 100644
|
||||
+ resolver->nonbackofftries = tries;
|
||||
+}
|
||||
diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
|
||||
index d4c8c67..ee9be79 100644
|
||||
index 477bb74..09cf932 100644
|
||||
--- a/lib/dns/sdb.c
|
||||
+++ b/lib/dns/sdb.c
|
||||
@@ -1368,7 +1368,9 @@ static dns_dbmethods_t sdb_methods = {
|
||||
@@ -1370,7 +1370,9 @@ static dns_dbmethods_t sdb_methods = {
|
||||
NULL, /* setcachestats */
|
||||
NULL, /* hashsize */
|
||||
NULL, /* nodefullname */
|
||||
@ -3564,7 +3567,7 @@ index d4c8c67..ee9be79 100644
|
||||
|
||||
static isc_result_t
|
||||
diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c
|
||||
index 0b9620c..331992e 100644
|
||||
index 037d74a..9218fed 100644
|
||||
--- a/lib/dns/sdlz.c
|
||||
+++ b/lib/dns/sdlz.c
|
||||
@@ -1336,7 +1336,9 @@ static dns_dbmethods_t sdlzdb_methods = {
|
||||
@ -3579,7 +3582,7 @@ index 0b9620c..331992e 100644
|
||||
|
||||
/*
|
||||
diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c
|
||||
index 2849775..812f750 100644
|
||||
index bc1cc3f..60fdb81 100644
|
||||
--- a/lib/dns/tests/db_test.c
|
||||
+++ b/lib/dns/tests/db_test.c
|
||||
@@ -28,8 +28,9 @@
|
||||
@ -3810,7 +3813,7 @@ index 2849775..812f750 100644
|
||||
_setup, _teardown),
|
||||
cmocka_unit_test_setup_teardown(dbtype_test,
|
||||
diff --git a/lib/dns/view.c b/lib/dns/view.c
|
||||
index 0fca1d9..55ede81 100644
|
||||
index a7ba613..a644c5f 100644
|
||||
--- a/lib/dns/view.c
|
||||
+++ b/lib/dns/view.c
|
||||
@@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
|
||||
@ -3824,7 +3827,7 @@ index 0fca1d9..55ede81 100644
|
||||
view->maxbits = 0;
|
||||
view->v4_aaaa = dns_aaaa_ok;
|
||||
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
|
||||
index 91693b5..5771774 100644
|
||||
index 212194e..b562f95 100644
|
||||
--- a/lib/isccfg/namedconf.c
|
||||
+++ b/lib/isccfg/namedconf.c
|
||||
@@ -1778,6 +1778,7 @@ view_clauses[] = {
|
||||
@ -3855,5 +3858,5 @@ index 91693b5..5771774 100644
|
||||
{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP },
|
||||
{ "transfer-format", &cfg_type_transferformat, 0 },
|
||||
--
|
||||
2.21.1
|
||||
2.26.2
|
||||
|
||||
|
@ -1,62 +1,98 @@
|
||||
diff --git a/bin/named/named.8 b/bin/named/named.8
|
||||
index cd990a9..890be36 100644
|
||||
--- a/bin/named/named.8
|
||||
+++ b/bin/named/named.8
|
||||
@@ -358,6 +358,57 @@ The default configuration file\&.
|
||||
/var/run/named/named\&.pid
|
||||
.RS 4
|
||||
The default process\-id file\&.
|
||||
+.PP
|
||||
+.SH "NOTES"
|
||||
+.PP
|
||||
+.TP
|
||||
+\fBRed Hat SELinux BIND Security Profile:\fR
|
||||
+.PP
|
||||
+By default, Red Hat ships BIND with the most secure SELinux policy
|
||||
+that will not prevent normal BIND operation and will prevent exploitation
|
||||
+of all known BIND security vulnerabilities . See the selinux(8) man page
|
||||
+for information about SElinux.
|
||||
+.PP
|
||||
+It is not necessary to run named in a chroot environment if the Red Hat
|
||||
+SELinux policy for named is enabled. When enabled, this policy is far
|
||||
+more secure than a chroot environment. Users are recommended to enable
|
||||
+SELinux and remove the bind-chroot package.
|
||||
+.PP
|
||||
+With this extra security comes some restrictions:
|
||||
+.PP
|
||||
+By default, the SELinux policy does not allow named to write any master
|
||||
+zone database files. Only the root user may create files in the $ROOTDIR/var/named
|
||||
+zone database file directory (the options { "directory" } option), where
|
||||
+$ROOTDIR is set in /etc/sysconfig/named.
|
||||
+.PP
|
||||
+The "named" group must be granted read privelege to
|
||||
+these files in order for named to be enabled to read them.
|
||||
+.PP
|
||||
+Any file created in the zone database file directory is automatically assigned
|
||||
+the SELinux file context named_zone_t .
|
||||
+.PP
|
||||
+By default, SELinux prevents any role from modifying named_zone_t files; this
|
||||
+means that files in the zone database directory cannot be modified by dynamic
|
||||
+DNS (DDNS) updates or zone transfers.
|
||||
+.PP
|
||||
+The Red Hat BIND distribution and SELinux policy creates three directories where
|
||||
+named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
|
||||
+/var/named/data. By placing files you want named to modify, such as
|
||||
+slave or DDNS updateable zone files and database / statistics dump files in
|
||||
+these directories, named will work normally and no further operator action is
|
||||
+required. Files in these directories are automatically assigned the 'named_cache_t'
|
||||
+file context, which SELinux allows named to write.
|
||||
+.PP
|
||||
+\fBRed Hat BIND SDB support:\fR
|
||||
+.PP
|
||||
+Red Hat ships named with compiled in Simplified Database Backend modules that ISC
|
||||
+provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them
|
||||
+.PP
|
||||
+The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb.
|
||||
+.PP
|
||||
+See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
|
||||
+.br
|
||||
+.PP
|
||||
.RE
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
From facdbb0f2a266c6a3a1fa823afaa09cbd3fc38a5 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 26 Nov 2020 12:13:10 +0100
|
||||
Subject: [PATCH] Note specific Red Hat changes in manual page
|
||||
|
||||
Change docbook template instead of generated manual page. Remove
|
||||
system-config-bind reference, package were discontinued.
|
||||
---
|
||||
bin/named/named.docbook | 73 +++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 73 insertions(+)
|
||||
|
||||
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
|
||||
index 7e743a9..802bec3 100644
|
||||
--- a/bin/named/named.docbook
|
||||
+++ b/bin/named/named.docbook
|
||||
@@ -516,6 +516,79 @@
|
||||
|
||||
</refsection>
|
||||
|
||||
+ <refsection><info><title>NOTES</title></info>
|
||||
+ <refsection><info><title>Red Hat SELinux BIND Security Profile</title></info>
|
||||
+
|
||||
+ <para>
|
||||
+ By default, Red Hat ships BIND with the most secure SELinux policy
|
||||
+ that will not prevent normal BIND operation and will prevent exploitation
|
||||
+ of all known BIND security vulnerabilities . See the selinux(8) man page
|
||||
+ for information about SElinux.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ It is not necessary to run named in a chroot environment if the Red Hat
|
||||
+ SELinux policy for named is enabled. When enabled, this policy is far
|
||||
+ more secure than a chroot environment. Users are recommended to enable
|
||||
+ SELinux and remove the bind-chroot package.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ With this extra security comes some restrictions:
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ By default, the SELinux policy allows named to write any master
|
||||
+ zone database files. Only the root user may create files in the $ROOTDIR/var/named
|
||||
+ zone database file directory (the options { "directory" } option), where
|
||||
+ $ROOTDIR is set in /etc/sysconfig/named.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ The "named" group must be granted read privelege to
|
||||
+ these files in order for named to be enabled to read them.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ Any file created in the zone database file directory is automatically assigned
|
||||
+ the SELinux file context named_zone_t .
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ By default, SELinux prevents any role from modifying named_zone_t files; this
|
||||
+ means that files in the zone database directory cannot be modified by dynamic
|
||||
+ DNS (DDNS) updates or zone transfers.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ The Red Hat BIND distribution and SELinux policy creates three directories where
|
||||
+ named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
|
||||
+ /var/named/data. By placing files you want named to modify, such as
|
||||
+ slave or DDNS updateable zone files and database / statistics dump files in
|
||||
+ these directories, named will work normally and no further operator action is
|
||||
+ required. Files in these directories are automatically assigned the 'named_cache_t'
|
||||
+ file context, which SELinux allows named to write.
|
||||
+ </para>
|
||||
+ </refsection>
|
||||
+
|
||||
+ <refsection><info><title>Red Hat BIND SDB support</title></info>
|
||||
+
|
||||
+ <para>
|
||||
+ Red Hat ships named with compiled in Simplified Database Backend modules that ISC
|
||||
+ provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into <command>named-sdb</command>.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
|
||||
+ </para>
|
||||
+ </refsection>
|
||||
+
|
||||
+ </refsection>
|
||||
+
|
||||
<refsection><info><title>SEE ALSO</title></info>
|
||||
|
||||
<para><citetitle>RFC 1033</citetitle>,
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
155
SPECS/bind.spec
155
SPECS/bind.spec
@ -15,13 +15,15 @@
|
||||
# it is not possible to build the package without PKCS11 sub-package
|
||||
# due to extensive changes to Makefiles
|
||||
%bcond_without PKCS11
|
||||
%bcond_without DEVEL
|
||||
%bcond_without JSON
|
||||
%bcond_with LMDB
|
||||
%bcond_without DNSTAP
|
||||
%bcond_with DLZ
|
||||
%bcond_without EXPORT_LIBS
|
||||
%bcond_without BDB
|
||||
# Legacy GeoIP support
|
||||
%bcond_with GEOIP
|
||||
%bcond_with DOC
|
||||
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
|
||||
%bcond_without UNITTEST
|
||||
%else
|
||||
@ -37,6 +39,7 @@
|
||||
|
||||
%{?!bind_uid: %global bind_uid 25}
|
||||
%{?!bind_gid: %global bind_gid 25}
|
||||
%{!?_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||
%global bind_dir /var/named
|
||||
%global chroot_prefix %{bind_dir}/chroot
|
||||
%if %{with SDB}
|
||||
@ -56,18 +59,18 @@
|
||||
#
|
||||
|
||||
# lib*.so.X versions of selected libraries
|
||||
%global sover_dns 1110
|
||||
%global sover_isc 1105
|
||||
%global sover_dns 1112
|
||||
%global sover_isc 1107
|
||||
%global sover_irs 161
|
||||
%global sover_isccfg 163
|
||||
|
||||
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.11.20
|
||||
Version: 9.11.26
|
||||
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Epoch: 32
|
||||
Url: http://www.isc.org/products/BIND/
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
Source: https://ftp.isc.org/isc/bind9/%{BINDVERSION}/bind-%{BINDVERSION}.tar.gz
|
||||
Source1: named.sysconfig
|
||||
@ -137,10 +140,6 @@ Patch154:bind-9.11-oot-manual.patch
|
||||
Patch155:bind-9.11-pk11.patch
|
||||
Patch156:bind-9.11-fips-code.patch
|
||||
Patch157:bind-9.11-fips-tests.patch
|
||||
# commit 66ba2fdad583d962a1f4971c85d58381f0849e4d
|
||||
# commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c
|
||||
# commit 083461d3329ff6f2410745848a926090586a9846
|
||||
Patch158:bind-9.11-rh1624100.patch
|
||||
Patch159:bind-9.11-host-idn-disable.patch
|
||||
Patch164:bind-9.11-fips-code-includes.patch
|
||||
# [RT #31459] commit 06a8051d2476fb526fe6960832209392c763a9af
|
||||
@ -155,6 +154,7 @@ Patch174:bind-9.11-fips-disable.patch
|
||||
Patch175:bind-9.11-json-c.patch
|
||||
Patch177:bind-9.11-serve-stale.patch
|
||||
Patch178:bind-9.11-dhcp-time-monotonic.patch
|
||||
Patch179:bind-9.11-CVE-2020-8625.patch
|
||||
|
||||
# SDB patches
|
||||
Patch11: bind-9.3.2b2-sdbsrc.patch
|
||||
@ -213,14 +213,20 @@ BuildRequires: krb5-devel
|
||||
%if %{with LMDB}
|
||||
BuildRequires: lmdb-devel
|
||||
%endif
|
||||
%if %{with JSON}
|
||||
BuildRequires: json-c-devel
|
||||
%endif
|
||||
%if %{with GEOIP}
|
||||
BuildRequires: GeoIP-devel
|
||||
%endif
|
||||
%if %{with GEOIP2}
|
||||
BuildRequires: libmaxminddb-devel
|
||||
%endif
|
||||
%if %{with DNSTAP}
|
||||
BuildRequires: fstrm-devel protobuf-c-devel
|
||||
%endif
|
||||
# Needed to regenerate dig.1 manpage
|
||||
BuildRequires: docbook-style-xsl, libxslt
|
||||
BuildRequires: docbook-style-xsl, libxslt
|
||||
%if %{with TSAN}
|
||||
BuildRequires: libtsan
|
||||
%endif
|
||||
@ -337,7 +343,6 @@ network addresses.
|
||||
You should install bind-utils if you need to get information from DNS name
|
||||
servers.
|
||||
|
||||
%if %{with DEVEL}
|
||||
%package devel
|
||||
Summary: Header files and libraries needed for BIND DNS development
|
||||
Obsoletes:bind-libbind-devel < 31:9.3.3-4.fc7
|
||||
@ -348,12 +353,25 @@ Requires: bind-lite-devel%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
%description devel
|
||||
The bind-devel package contains full version of the header files and libraries
|
||||
required for development with ISC BIND 9
|
||||
%endif
|
||||
|
||||
%package lite-devel
|
||||
Summary: Lite version of header files and libraries needed for BIND DNS development
|
||||
Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa}
|
||||
# Not required by headers, but "isc-config.sh --libs isc" requires it
|
||||
Requires: libcap-devel%{?_isa}
|
||||
%if %{with GSSTSIG}
|
||||
Requires: krb5-devel%{?_isa}
|
||||
%endif
|
||||
%if %{with LMDB}
|
||||
Requires: lmdb-devel%{?_isa}
|
||||
%endif
|
||||
%if %{with JSON}
|
||||
Requires: json-c-devel%{?_isa}
|
||||
%endif
|
||||
%if %{with DNSTAP}
|
||||
Requires: fstrm-devel%{?_isa} protobuf-c-devel%{?_isa}
|
||||
%endif
|
||||
|
||||
%description lite-devel
|
||||
The bind-lite-devel package contains lite version of the header
|
||||
@ -447,6 +465,25 @@ BuildArch: noarch
|
||||
%description -n python3-bind
|
||||
This package provides a module which allows commands to be sent to rndc directly from Python programs.
|
||||
|
||||
%if %{with DOC}
|
||||
%package doc
|
||||
Summary: BIND 9 Administrator Reference Manual
|
||||
Requires: bind-license = %{epoch}:%{version}-%{release}
|
||||
BuildArch: noarch
|
||||
|
||||
%description doc
|
||||
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
|
||||
(Domain Name System) protocols. BIND includes a DNS server (named),
|
||||
which resolves host names to IP addresses; a resolver library
|
||||
(routines for applications to use when interfacing with DNS); and
|
||||
tools for verifying that the DNS server is operating properly.
|
||||
|
||||
This package contains BIND 9 Administrator Reference Manual
|
||||
in HTML and PDF format.
|
||||
%end
|
||||
|
||||
%endif
|
||||
|
||||
%if %{with EXPORT_LIBS}
|
||||
%package export-libs
|
||||
Summary: ISC libs for DHCP application
|
||||
@ -502,7 +539,6 @@ are used for building ISC DHCP.
|
||||
%patch155 -p1 -b .pk11-internal
|
||||
%patch156 -p1 -b .fips-code
|
||||
%patch157 -p1 -b .fips-tests
|
||||
%patch158 -p1 -b .rh1624100
|
||||
%patch159 -p1 -b .host-idn-disable
|
||||
%patch164 -p1 -b .fips-includes
|
||||
%patch165 -p1 -b .rt31459
|
||||
@ -513,10 +549,21 @@ are used for building ISC DHCP.
|
||||
%patch175 -p1 -b .json-c
|
||||
%patch177 -p1 -b .serve-stale
|
||||
%patch178 -p1 -b .time-monotonic
|
||||
%patch179 -p1 -b .CVE-2020-8625
|
||||
|
||||
mkdir lib/dns/tests/testdata/dstrandom
|
||||
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
|
||||
|
||||
# Avoid having [FIXME: manual] on top of generated manual pages
|
||||
# Alternative approach due missing docbook5 style sheets.
|
||||
# Remove namespace, so docbook is threated as version 4.
|
||||
# Spaces should be fine.
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4524
|
||||
find bin lib/lwres/man -name '*.docbook' -exec \
|
||||
sed -e 's|<refmiscinfo>BIND9|<refmiscinfo class="manual">BIND9|' \
|
||||
-e 's|xmlns="http://docbook.org/ns/docbook"\sversion="5.0"\s||' \
|
||||
-i '{}' ';'
|
||||
|
||||
%if %{with PKCS11}
|
||||
cp -r bin/named{,-pkcs11}
|
||||
cp -r bin/dnssec{,-pkcs11}
|
||||
@ -645,6 +692,14 @@ export LIBDIR_SUFFIX
|
||||
%else
|
||||
--with-lmdb=no \
|
||||
%endif
|
||||
%if %{with JSON}
|
||||
--with-libjson \
|
||||
%endif
|
||||
%if %{with DNSTAP}
|
||||
--enable-dnstap \
|
||||
%else
|
||||
--disable-dnstap \
|
||||
%endif
|
||||
%if %{with UNITTEST}
|
||||
--with-cmocka \
|
||||
%endif
|
||||
@ -652,6 +707,15 @@ export LIBDIR_SUFFIX
|
||||
--with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \
|
||||
--enable-full-report \
|
||||
;
|
||||
%if %{with DNSTAP}
|
||||
pushd lib
|
||||
SRCLIB="../../../lib"
|
||||
(cd dns && ln -s ${SRCLIB}/dns/dnstap.proto)
|
||||
%if %{with PKCS11}
|
||||
(cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto)
|
||||
%endif
|
||||
popd
|
||||
%endif
|
||||
make %{?_smp_mflags}
|
||||
|
||||
### FIXME hack!!!
|
||||
@ -669,6 +733,11 @@ pushd bin/python
|
||||
make man
|
||||
popd
|
||||
|
||||
%if %{with DOC}
|
||||
# Does not work. Use upstream generated documentation instead.
|
||||
# make doc
|
||||
%endif
|
||||
|
||||
%if %{with DLZ}
|
||||
pushd contrib/dlz
|
||||
pushd modules
|
||||
@ -954,14 +1023,6 @@ popd
|
||||
# Remove libtool .la files:
|
||||
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
|
||||
|
||||
# Remove -devel files out of buildroot if not needed
|
||||
%if !%{with DEVEL}
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_libdir}/bind9/*so
|
||||
rm -rf ${RPM_BUILD_ROOT}/%{_includedir}/bind9
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_mandir}/man1/isc-config.sh.1*
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_mandir}/man3/lwres*
|
||||
rm -f ${RPM_BUILD_ROOT}/%{_bindir}/isc-config.sh
|
||||
%endif
|
||||
|
||||
# SDB manpages
|
||||
%if %{with SDB}
|
||||
@ -987,6 +1048,11 @@ ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
|
||||
popd
|
||||
%endif
|
||||
|
||||
%if %{with DOC}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
cp -a doc/arm/*.html doc/arm/*.pdf ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
%endif
|
||||
|
||||
# Ghost config files:
|
||||
touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
|
||||
|
||||
@ -1212,8 +1278,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_mandir}/man8/rndc-confgen.8*
|
||||
%{_mandir}/man8/named-journalprint.8*
|
||||
%doc CHANGES README named.conf.default
|
||||
%doc doc/arm/*html doc/arm/*pdf
|
||||
%doc sample/
|
||||
%if %{without DOC}
|
||||
%doc doc/arm/*.html doc/arm/*.pdf
|
||||
%endif
|
||||
|
||||
# Hide configuration
|
||||
%defattr(0640,root,named,0750)
|
||||
@ -1292,9 +1360,17 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_sbindir}/isc-hmac-fixup
|
||||
%{_sbindir}/named-checkzone
|
||||
%{_sbindir}/named-compilezone
|
||||
%if %{with DNSTAP}
|
||||
%{_bindir}/dnstap-read
|
||||
%{_mandir}/man1/dnstap-read.1*
|
||||
%endif
|
||||
%if %{with LMDB}
|
||||
%{_sbindir}/named-nzd2nzf
|
||||
%endif
|
||||
%if %{with DNSTAP}
|
||||
%{_bindir}/dnstap-read
|
||||
%{_mandir}/man1/dnstap-read.1*
|
||||
%endif
|
||||
%{_mandir}/man1/host.1*
|
||||
%{_mandir}/man1/nsupdate.1*
|
||||
%{_mandir}/man1/dig.1*
|
||||
@ -1317,7 +1393,6 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%endif
|
||||
%{_sysconfdir}/trusted-key.key
|
||||
|
||||
%if %{with DEVEL}
|
||||
%files devel
|
||||
%{_libdir}/libbind9.so
|
||||
%{_libdir}/libisccc.so
|
||||
@ -1331,7 +1406,6 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_mandir}/man3/lwres*
|
||||
%{_bindir}/isc-config.sh
|
||||
%{_bindir}/bind9-config
|
||||
%endif
|
||||
|
||||
%files lite-devel
|
||||
%{_libdir}/libdns.so
|
||||
@ -1519,8 +1593,41 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{python3_sitelib}/*.egg-info
|
||||
%{python3_sitelib}/isc/
|
||||
|
||||
%if %{with DOC}
|
||||
%files doc
|
||||
%dir %{_pkgdocdir}
|
||||
%doc %{_pkgdocdir}/*.html
|
||||
%doc %{_pkgdocdir}/*.pdf
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Feb 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-3
|
||||
- Fix off-by-one bug in ISC SPNEGO implementation (CVE-2020-8625)
|
||||
|
||||
* Tue Jan 05 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-2
|
||||
- Add DNSTAP support (#1854148), new dnstap-read tool
|
||||
- Add JSON support in statistics-channel (#1899257)
|
||||
|
||||
* Mon Jan 04 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-1
|
||||
- Update to 9.11.26
|
||||
|
||||
* Thu Nov 26 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.25-1
|
||||
- Update to 9.11.25
|
||||
- Require libcap from devel package
|
||||
- Fix crash on NTA recheck failure (#1893761)
|
||||
|
||||
* Fri Sep 25 2020 Tomas Korbar <tkorbar@redhat.com> - 32:9.11.20-6
|
||||
- Do not ignore RPZ wildcard passthru (#1876492)
|
||||
|
||||
* Tue Aug 18 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-5
|
||||
- Fix tsig-request verify (CVE-2020-8622)
|
||||
- Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623)
|
||||
- Correct update-policy type subdomain to match documentation (CVE-2020-8624)
|
||||
- Include available test
|
||||
|
||||
* Wed Jul 22 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-4
|
||||
- Prevent crash on dstlib initialization failure (#1859454)
|
||||
|
||||
* Fri Jun 19 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-3
|
||||
- Add remaining require to bind package (#1633169)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user