rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Adapted patches for new version 

Removed merged upstream.
This commit is contained in:
Petr Menšík 2019-03-05 21:49:26 +01:00
parent 2aa49f0cec
commit 1e4169114f
22 changed files with 655 additions and 1103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
bind-9.10-dist-native-pkcs11.patch
View File

@ -1,22 +1,3 @@
From c6c0dc7addd8b27718247aa9c67e3cf3f80a8be3 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 1 Mar 2019 11:10:03 +0100
Subject: [PATCH] bind-9.10-dist-native-pkcs11.patch
---
bin/Makefile.in | 4 +--
bin/dnssec-pkcs11/Makefile.in | 44 ++++++++++++++---------------
bin/dnssec/Makefile.in | 2 +-
bin/named-pkcs11/Makefile.in | 45 +++++++++++++----------------
bin/named/Makefile.in | 2 +-
bin/pkcs11/Makefile.in | 6 ++--
configure.in | 53 +++++++++++++++++++++++++++--------
lib/Makefile.in | 2 +-
lib/dns-pkcs11/Makefile.in | 30 ++++++++++----------
lib/isc-pkcs11/Makefile.in | 28 +++++++++---------
make/includes.in | 10 +++++++
11 files changed, 129 insertions(+), 97 deletions(-)
diff --git a/bin/Makefile.in b/bin/Makefile.in
index f0c504a..ce7a2da 100644
--- a/bin/Makefile.in
@ -318,11 +299,11 @@ index a058c91..d4b689a 100644
DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.in b/configure.in
index b2bb268..d9e0797 100644
--- a/configure.in
+++ b/configure.in
@@ -1109,12 +1109,14 @@ AC_SUBST(USE_GSSAPI)
diff --git a/configure.ac b/configure.ac
index 5e1ba8c..7aff0e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1070,12 +1070,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
@ -337,7 +318,7 @@ index b2bb268..d9e0797 100644
#
# was --with-randomdev specified?
@@ -1499,11 +1501,11 @@ fi
@@ -1460,11 +1462,11 @@ fi
AC_MSG_CHECKING(for OpenSSL library)
OPENSSL_WARNING=
openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
@ -354,7 +335,7 @@ index b2bb268..d9e0797 100644
if test "auto" = "$use_openssl"
then
@@ -1516,6 +1518,7 @@ then
@@ -1477,6 +1479,7 @@ then
fi
done
fi
@ -362,7 +343,7 @@ index b2bb268..d9e0797 100644
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
@@ -1537,11 +1540,10 @@ case "$with_gost" in
@@ -1498,11 +1501,10 @@ case "$with_gost" in
;;
esac
@ -377,7 +358,7 @@ index b2bb268..d9e0797 100644
CRYPTOLIB="pkcs11"
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
@@ -1551,7 +1553,9 @@ case "$use_openssl" in
@@ -1512,7 +1514,9 @@ case "$use_openssl" in
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
@ -388,7 +369,7 @@ index b2bb268..d9e0797 100644
no)
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
@@ -1583,7 +1587,7 @@ case "$use_openssl" in
@@ -1544,7 +1548,7 @@ case "$use_openssl" in
If you do not want OpenSSL, use --without-openssl])
;;
*)
@ -397,7 +378,7 @@ index b2bb268..d9e0797 100644
then
AC_MSG_RESULT()
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
@@ -2016,6 +2020,7 @@ AC_SUBST(OPENSSL_ED25519)
@@ -1972,6 +1976,7 @@ AC_SUBST(OPENSSL_ED25519)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -405,7 +386,7 @@ index b2bb268..d9e0797 100644
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
if test "yes" = "$with_aes"
@@ -2334,6 +2339,7 @@ esac
@@ -2295,6 +2300,7 @@ esac
AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO)
@ -413,7 +394,7 @@ index b2bb268..d9e0797 100644
AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_ED25519)
@@ -5406,8 +5412,11 @@ AC_CONFIG_FILES([
@@ -5425,8 +5431,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -425,7 +406,7 @@ index b2bb268..d9e0797 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5480,6 +5489,10 @@ AC_CONFIG_FILES([
@@ -5499,6 +5508,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -436,7 +417,7 @@ index b2bb268..d9e0797 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -5504,6 +5517,24 @@ AC_CONFIG_FILES([
@@ -5523,6 +5536,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile
@ -475,7 +456,7 @@ index 81270a0..bcb5312 100644
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 4a8549e..6a19906 100644
index 068bbac..d7f3d95 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@
@ -638,6 +619,3 @@ index fa86ad1..3cfbe9f 100644
+
+DNS_PKCS11_INCLUDES = @BIND9_DNS_BUILDINCLUDE@ \
+ -I${top_srcdir}/lib/dns-pkcs11/include
--
2.20.1

31
bind-9.10-sdb.patch
View File

@ -1,17 +1,3 @@
From 09b71a1994d7ea3b299746167b6bcf24021edd76 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 28 Feb 2019 18:37:01 +0100
Subject: [PATCH] bind-9.10-sdb.patch
---
bin/Makefile.in | 4 +-
bin/named-sdb/Makefile.in | 25 +++++-------
bin/named-sdb/main.c | 83 +++++++++++++++++++++++++++++++++++++++
bin/named/Makefile.in | 16 +++-----
bin/sdb_tools/Makefile.in | 10 +++--
configure.in | 3 ++
6 files changed, 110 insertions(+), 31 deletions(-)
diff --git a/bin/Makefile.in b/bin/Makefile.in
index ce7a2da..4e6a824 100644
--- a/bin/Makefile.in
@ -102,7 +88,7 @@ index 04dea99..4ff053e 100644
@DLZ_DRIVER_RULES@
diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c
index 8cec1ad..de5e5bb 100644
index 17f2daa..1bb9d79 100644
--- a/bin/named-sdb/main.c
+++ b/bin/named-sdb/main.c
@@ -93,6 +93,10 @@
@ -309,11 +295,11 @@ index c7e0868..95ab742 100644
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/configure.in b/configure.in
index c09c21a..e48bd2e 100644
--- a/configure.in
+++ b/configure.in
@@ -5417,6 +5417,8 @@ AC_CONFIG_FILES([
diff --git a/configure.ac b/configure.ac
index 8374385..0af9b71 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5436,6 +5436,8 @@ AC_CONFIG_FILES([
bin/named/unix/Makefile
bin/named-pkcs11/Makefile
bin/named-pkcs11/unix/Makefile
@ -322,7 +308,7 @@ index c09c21a..e48bd2e 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5441,6 +5443,7 @@ AC_CONFIG_FILES([
@@ -5460,6 +5462,7 @@ AC_CONFIG_FILES([
bin/python/isc/tests/dnskey_test.py
bin/python/isc/tests/policy_test.py
bin/rndc/Makefile
@ -330,6 +316,3 @@ index c09c21a..e48bd2e 100644
bin/tests/Makefile
bin/tests/headerdep_test.sh
bin/tests/optional/Makefile
--
2.20.1

41
bind-9.11-ed448-disable.patch
View File

@ -1,41 +0,0 @@
From e6bad0789c731f06de781997e33e864c71510ff2 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 21 Feb 2019 12:36:17 +0100
Subject: [PATCH] Disable autodetected ED448 algorithm support
Implementation is broken in bind, disabled also in more recent versions.
Makes bin/tests/system/dnssec fail.
---
configure.in | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/configure.in b/configure.in
index ca84ff3239..da4dd5f249 100644
--- a/configure.in
+++ b/configure.in
@@ -1917,6 +1917,9 @@ int main() {
}
],
[AC_MSG_RESULT(yes)
+ # ED448 support is broken in BIND
+ # https://gitlab.isc.org/isc-projects/bind9/issues/225
+ # disable if autodetected, can be enabled by --with-eddsa=all
have_ed448="yes"],
[AC_MSG_RESULT(no)
have_ed448="no"],
@@ -1929,8 +1932,10 @@ int main() {
esac
case $have_ed448 in
yes)
- AC_DEFINE(HAVE_OPENSSL_ED448, 1,
- [Define if your OpenSSL version supports Ed448.])
+ # ED448 support is broken in BIND
+ # https://gitlab.isc.org/isc-projects/bind9/issues/225
+ # AC_DEFINE(HAVE_OPENSSL_ED448, 1,
+ # [Define if your OpenSSL version supports Ed448.])
;;
*)
;;
--
2.20.1

14
bind-9.11-export-suffix.patch
View File

@ -1,8 +1,8 @@
diff --git a/configure.in b/configure.in
index e6cd6a4..988b0a7 100644
--- a/configure.in
+++ b/configure.in
@@ -5116,6 +5116,8 @@ AC_SUBST(BUILD_CPPFLAGS)
diff --git a/configure.ac b/configure.ac
index c1bfd62..7c5ad51 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5333,6 +5333,8 @@ AC_SUBST(BUILD_CPPFLAGS)
AC_SUBST(BUILD_LDFLAGS)
AC_SUBST(BUILD_LIBS)
@ -12,10 +12,10 @@ index e6cd6a4..988b0a7 100644
# Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody
diff --git a/isc-config.sh.in b/isc-config.sh.in
index 110191a..5a64004 100644
index b5e94ed..d2857e0 100644
--- a/isc-config.sh.in
+++ b/isc-config.sh.in
@@ -12,16 +12,17 @@ prefix=@prefix@
@@ -13,16 +13,17 @@ prefix=@prefix@
exec_prefix=@exec_prefix@
exec_prefix_set=
includedir=@includedir@

16
bind-9.11-feature-test-dlz.patch
View File

@ -1,4 +1,4 @@
From fe4074d27f642dd93afb5988a2edc7c173b22520 Mon Sep 17 00:00:00 2001
From 71627db6c8852d7805ec559506f5f3cb8d89a131 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 30 Jan 2019 15:12:54 +0100
Subject: [PATCH] Support DLZ filesystem detection in feature-test
@ -8,7 +8,7 @@ Do not use variable from configure to detect the feature.
bin/tests/system/Makefile.in | 2 +-
bin/tests/system/dlz/{prereq.sh.in => prereq.sh} | 2 +-
bin/tests/system/feature-test.c | 9 +++++++++
configure.in | 1 -
configure.ac | 1 -
4 files changed, 11 insertions(+), 3 deletions(-)
rename bin/tests/system/dlz/{prereq.sh.in => prereq.sh} (91%)
@ -42,7 +42,7 @@ index afec653..fb3328e 100644
exit 255
fi
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index 5eee6aa..78bd3b9 100644
index 11863a3..428d107 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -51,6 +51,7 @@ usage() {
@ -68,11 +68,11 @@ index 5eee6aa..78bd3b9 100644
if (strcmp(argv[1], "--ipv6only=no") == 0) {
#ifdef WIN32
return (0);
diff --git a/configure.in b/configure.in
index fc1ad41..b2bb268 100644
--- a/configure.in
+++ b/configure.in
@@ -5439,7 +5439,6 @@ AC_CONFIG_FILES([
diff --git a/configure.ac b/configure.ac
index fddc63a..5e1ba8c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5458,7 +5458,6 @@ AC_CONFIG_FILES([
bin/tests/pkcs11/benchmarks/Makefile
bin/tests/system/Makefile
bin/tests/system/conf.sh

226
bind-9.11-fips-code.patch
View File

@ -1,4 +1,4 @@
From 9fa0831af989818eb6f908815967590e56a19ab1 Mon Sep 17 00:00:00 2001
From 9ff202072b286ef57e0ffcd7c55777f2994d3985 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:34:45 +0200
Subject: [PATCH] FIPS code changes
@ -96,36 +96,36 @@ Date: Mon Jan 22 07:21:04 2018 +0100
Add runtime detection whether MD5 is useable.
---
bin/confgen/keygen.c | 10 ++++-
bin/confgen/rndc-confgen.c | 32 ++++------------
bin/dig/dig.c | 7 ++--
bin/dig/dighost.c | 14 +++++--
bin/dnssec/dnssec-keygen.c | 14 +++++++
bin/named/config.c | 25 ++++++++++++-
bin/nsupdate/nsupdate.c | 24 +++++++-----
bin/confgen/keygen.c | 10 +++-
bin/confgen/rndc-confgen.c | 32 ++++---------
bin/dig/dig.c | 7 +--
bin/dig/dighost.c | 14 ++++--
bin/dnssec/dnssec-keygen.c | 14 ++++++
bin/named/config.c | 25 +++++++++-
bin/nsupdate/nsupdate.c | 24 ++++++----
bin/rndc/rndc.c | 3 +-
bin/tests/optional/hash_test.c | 78 ++++++++++++++++++++-------------------
bin/tests/optional/hash_test.c | 78 ++++++++++++++++---------------
bin/tests/system/tkey/keycreate.c | 3 ++
bin/tests/system/tkey/keydelete.c | 17 ++++++---
lib/bind9/check.c | 10 +++++
lib/dns/dst_api.c | 23 ++++++++----
bin/tests/system/tkey/keydelete.c | 17 ++++---
lib/bind9/check.c | 10 ++++
lib/dns/dst_api.c | 23 ++++++---
lib/dns/dst_internal.h | 3 +-
lib/dns/dst_parse.c | 18 +++++++--
lib/dns/hmac_link.c | 18 ++-------
lib/dns/dst_parse.c | 18 +++++--
lib/dns/hmac_link.c | 18 ++-----
lib/dns/opensslrsa_link.c | 6 +++
lib/dns/pkcs11rsa_link.c | 33 +++++++++++++++--
lib/dns/rcode.c | 21 ++++++++++-
lib/dns/tests/rsa_test.c | 29 ++++++++-------
lib/dns/pkcs11rsa_link.c | 33 +++++++++++--
lib/dns/rcode.c | 21 ++++++++-
lib/dns/tests/rsa_test.c | 4 ++
lib/dns/tests/tsig_test.c | 1 +
lib/dns/tkey.c | 9 +++++
lib/dns/tkey.c | 9 ++++
lib/dns/tsec.c | 8 +++-
lib/dns/tsig.c | 17 +++++----
lib/dns/tsig.c | 17 ++++---
lib/isc/include/isc/md5.h | 3 ++
lib/isc/md5.c | 59 +++++++++++++++++++++++++++++
lib/isc/pk11.c | 44 +++++++++++++++-------
lib/isc/tests/hash_test.c | 9 +++--
lib/isccc/cc.c | 42 +++++++++++++--------
29 files changed, 409 insertions(+), 171 deletions(-)
lib/isc/md5.c | 59 +++++++++++++++++++++++
lib/isc/pk11.c | 44 +++++++++++------
lib/isc/tests/hash_test.c | 9 ++++
lib/isccc/cc.c | 42 +++++++++++------
29 files changed, 400 insertions(+), 155 deletions(-)
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index 8931ad5..5015abb 100644
@ -241,7 +241,7 @@ index 5ca3d76..6b7790a 100644
port = DEFAULT_PORT;
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 39f74be..597e830 100644
index 2063a3b..8e856c5 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -20,6 +20,7 @@
@ -252,7 +252,7 @@ index 39f74be..597e830 100644
#include <isc/netaddr.h>
#include <isc/parseint.h>
#include <isc/platform.h>
@@ -1760,10 +1761,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
@@ -1767,10 +1768,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
ptr = ptr2;
ptr2 = ptr3;
} else {
@ -267,7 +267,7 @@ index 39f74be..597e830 100644
digestbits = 0;
}
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 1fa711a..341ed80 100644
index 011b118..5eabc1f 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -80,6 +80,7 @@
@ -339,7 +339,7 @@ index 1476d0d..f5c9316 100644
alg = DST_ALG_HMACMD5;
#else
diff --git a/bin/named/config.c b/bin/named/config.c
index 2732a8f..2c4c93c 100644
index 7584efb..a153172 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -18,6 +18,7 @@
@ -350,7 +350,7 @@ index 2732a8f..2c4c93c 100644
#include <isc/mem.h>
#include <isc/parseint.h>
#include <isc/region.h>
@@ -967,6 +968,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
@@ -969,6 +970,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits));
}
@ -372,7 +372,7 @@ index 2732a8f..2c4c93c 100644
isc_result_t
ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
unsigned int *typep, uint16_t *digestbits)
@@ -976,7 +992,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
@@ -978,7 +994,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
uint16_t bits;
isc_result_t result;
@ -381,7 +381,7 @@ index 2732a8f..2c4c93c 100644
len = strlen(algorithms[i].str);
if (strncasecmp(algorithms[i].str, str, len) == 0 &&
(str[len] == '\0' ||
@@ -999,7 +1015,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
@@ -1001,7 +1017,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
if (name != NULL) {
switch (algorithms[i].hmac) {
#ifndef PK11_MD5_DISABLE
@ -396,7 +396,7 @@ index 2732a8f..2c4c93c 100644
case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 8d1da3b..5eefc57 100644
index 548e0ce..509784c 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -31,6 +31,7 @@
@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644
dst_key_free(&dstkey);
CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index d32a5a1..c749c27 100644
index d6fba22..ac60ba8 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -23,6 +23,7 @@
@ -633,7 +633,7 @@ index d32a5a1..c749c27 100644
#include <isc/mem.h>
#include <isc/netaddr.h>
#include <isc/parseint.h>
@@ -2592,6 +2593,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
@@ -2589,6 +2590,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
}
algorithm = cfg_obj_asstring(algobj);
@ -650,7 +650,7 @@ index d32a5a1..c749c27 100644
len = strlen(algorithms[i].name);
if (strncasecmp(algorithms[i].name, algorithm, len) == 0 &&
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 97fee68..5703f9c 100644
index e3c47a9..320c0f8 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -192,6 +192,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
@ -766,7 +766,7 @@ index f31c33d..87023a6 100644
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c
index 94e73b1..d904075 100644
index 3b6579b..4bdce2f 100644
--- a/lib/dns/hmac_link.c
+++ b/lib/dns/hmac_link.c
@@ -340,20 +340,10 @@ static dst_func_t hmacmd5_functions = {
@ -792,13 +792,13 @@ index 94e73b1..d904075 100644
+ if (!isc_md5_available())
+ return (ISC_R_SUCCESS);
#if PK11_FLAVOR != PK11_UTIMACO_FLAVOR
/*
* Prevent use of incorrect crypto
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index c03fd72..49b66fc 100644
index ec35f50..c80fabe 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -1802,6 +1802,12 @@ dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) {
@@ -1812,6 +1812,12 @@ dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) {
if (*funcp == NULL) {
switch (algorithm) {
@ -812,7 +812,7 @@ index c03fd72..49b66fc 100644
#if defined(HAVE_EVP_SHA256) || !USE_EVP
*funcp = &opensslrsa_functions;
diff --git a/lib/dns/pkcs11rsa_link.c b/lib/dns/pkcs11rsa_link.c
index eb782c8..46fd844 100644
index 096c1a8..6c280bf 100644
--- a/lib/dns/pkcs11rsa_link.c
+++ b/lib/dns/pkcs11rsa_link.c
@@ -96,10 +96,15 @@ pkcs11rsa_createctx_sign(dst_key_t *key, dst_context_t *dctx) {
@ -832,7 +832,7 @@ index eb782c8..46fd844 100644
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
/* From RFC 3110 */
@@ -636,6 +641,9 @@ pkcs11rsa_createctx(dst_key_t *key, dst_context_t *dctx) {
@@ -641,6 +646,9 @@ pkcs11rsa_createctx(dst_key_t *key, dst_context_t *dctx) {
switch (key->key_alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_RSAMD5:
@ -842,7 +842,7 @@ index eb782c8..46fd844 100644
mech.mechanism = CKM_MD5;
break;
#endif
@@ -792,6 +800,9 @@ pkcs11rsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
@@ -799,6 +807,9 @@ pkcs11rsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
switch (key->key_alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_RSAMD5:
@ -852,7 +852,7 @@ index eb782c8..46fd844 100644
der = md5_der;
derlen = sizeof(md5_der);
hashlen = ISC_MD5_DIGESTLENGTH;
@@ -1016,6 +1027,9 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
@@ -1024,6 +1035,9 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
switch (key->key_alg) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_RSAMD5:
@ -862,7 +862,7 @@ index eb782c8..46fd844 100644
der = md5_der;
derlen = sizeof(md5_der);
hashlen = ISC_MD5_DIGESTLENGTH;
@@ -2219,11 +2233,22 @@ static dst_func_t pkcs11rsa_functions = {
@@ -2231,11 +2245,22 @@ static dst_func_t pkcs11rsa_functions = {
};
isc_result_t
@ -889,7 +889,7 @@ index eb782c8..46fd844 100644
}
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index 6a5948e..010dd1b 100644
index 9c42c50..f51d548 100644
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -16,6 +16,7 @@
@ -900,7 +900,7 @@ index 6a5948e..010dd1b 100644
#include <isc/parseint.h>
#include <isc/print.h>
#include <isc/region.h>
@@ -349,17 +350,33 @@ dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
@@ -357,17 +358,33 @@ dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
return (dns_mnemonic_totext(cert, target, certs));
}
@ -937,70 +937,48 @@ index 6a5948e..010dd1b 100644
void
diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c
index fb207ef..3ef0a4e 100644
index 16214c6..9b235ba 100644
--- a/lib/dns/tests/rsa_test.c
+++ b/lib/dns/tests/rsa_test.c
@@ -19,6 +19,7 @@
#include <stdio.h>
#include <string.h>
@@ -26,6 +26,7 @@
#define UNIT_TESTING
#include <cmocka.h>
+#include <isc/md5.h>
#include <isc/util.h>
#include <isc/print.h>
@@ -225,23 +226,25 @@ ATF_TC_BODY(isc_rsa_verify, tc) {
@@ -247,6 +248,8 @@ isc_rsa_verify_test(void **state) {
/* RSAMD5 */
#ifndef PK11_MD5_DISABLE
- key->key_alg = DST_ALG_RSAMD5;
+ if (isc_md5_available()) {
+ key->key_alg = DST_ALG_RSAMD5;
+ /* wrong indentation is kept for diff minimization */
key->key_alg = DST_ALG_RSAMD5;
- ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
- false, &ctx);
- ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
+ ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
+ false, &ctx);
+ ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
@@ -264,6 +267,7 @@ isc_rsa_verify_test(void **state) {
assert_int_equal(ret, ISC_R_SUCCESS);
- r.base = d;
- r.length = 10;
- ret = dst_context_adddata(ctx, &r);
- ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
+ r.base = d;
+ r.length = 10;
+ ret = dst_context_adddata(ctx, &r);
+ ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
- r.base = sigmd5;
- r.length = 256;
- ret = dst_context_verify(ctx, &r);
- ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
+ r.base = sigmd5;
+ r.length = 256;
+ ret = dst_context_verify(ctx, &r);
+ ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
- dst_context_destroy(&ctx);
+ dst_context_destroy(&ctx);
dst_context_destroy(&ctx);
+ }
#endif
/* RSASHA256 */
diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c
index 443fb36..f003ff3 100644
index 4d6847e..1a208b5 100644
--- a/lib/dns/tests/tsig_test.c
+++ b/lib/dns/tests/tsig_test.c
@@ -14,6 +14,7 @@
#include <config.h>
#include <atf-c.h>
@@ -24,6 +24,7 @@
#define UNIT_TESTING
#include <cmocka.h>
+#include <isc/md5.h>
#include <isc/mem.h>
#include <isc/print.h>
#include <isc/util.h>
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 5b4ffd9..cc3469d 100644
index 89cfc79..d07364a 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -245,6 +245,9 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
@ -1027,7 +1005,7 @@ index 5b4ffd9..cc3469d 100644
tkey_log("process_dhtkey: algorithms other than "
"hmac-md5 are not supported");
diff --git a/lib/dns/tsec.c b/lib/dns/tsec.c
index c5eca0e..19b9002 100644
index 9d8ead4..0c82f65 100644
--- a/lib/dns/tsec.c
+++ b/lib/dns/tsec.c
@@ -11,6 +11,7 @@
@ -1053,7 +1031,7 @@ index c5eca0e..19b9002 100644
#endif
case DST_ALG_HMACSHA1:
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index a94ec69..f74c831 100644
index 58c1104..00ee1e1 100644
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -273,7 +273,8 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm,
@ -1086,7 +1064,7 @@ index a94ec69..f74c831 100644
if (secret != NULL) {
isc_buffer_t b;
@@ -1283,7 +1286,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
@@ -1291,7 +1294,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
return (ret);
if (
#ifndef PK11_MD5_DISABLE
@ -1095,7 +1073,7 @@ index a94ec69..f74c831 100644
#endif
alg == DST_ALG_HMACSHA1 ||
alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 ||
@@ -1452,7 +1455,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
@@ -1460,7 +1463,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
if (
#ifndef PK11_MD5_DISABLE
@ -1104,7 +1082,7 @@ index a94ec69..f74c831 100644
#endif
alg == DST_ALG_HMACSHA1 ||
alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 ||
@@ -1593,7 +1596,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
@@ -1601,7 +1604,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
goto cleanup_querystruct;
if (
#ifndef PK11_MD5_DISABLE
@ -1113,7 +1091,7 @@ index a94ec69..f74c831 100644
#endif
alg == DST_ALG_HMACSHA1 ||
alg == DST_ALG_HMACSHA224 ||
@@ -1772,7 +1775,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
@@ -1780,7 +1783,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
goto cleanup_context;
if (
#ifndef PK11_MD5_DISABLE
@ -1137,7 +1115,7 @@ index 4d29398..e3f5cec 100644
#endif /* !PK11_MD5_DISABLE */
diff --git a/lib/isc/md5.c b/lib/isc/md5.c
index 25c71a2..934a70c 100644
index 920aed5..a086a57 100644
--- a/lib/isc/md5.c
+++ b/lib/isc/md5.c
@@ -37,6 +37,7 @@
@ -1237,7 +1215,7 @@ index 25c71a2..934a70c 100644
/*
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index c5d2310..a01e698 100644
index 0d5b009..bb9912b 100644
--- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c
@@ -197,8 +197,6 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
@ -1356,39 +1334,39 @@ index c5d2310..a01e698 100644
/* ECDSA requires digest */
diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c
index 8f12342..7eb1552 100644
index 8ddfe70..9c4d299 100644
--- a/lib/isc/tests/hash_test.c
+++ b/lib/isc/tests/hash_test.c
@@ -2009,7 +2009,8 @@ ATF_TP_ADD_TCS(tp) {
* various cryptographic hashes.
*/
#ifndef PK11_MD5_DISABLE
- ATF_TP_ADD_TC(tp, md5_check);
+ if (isc_md5_available())
+ ATF_TP_ADD_TC(tp, md5_check);
#endif
ATF_TP_ADD_TC(tp, sha1_check);
@@ -776,6 +776,9 @@ isc_md5_test(void **state) {
UNUSED(state);
+ if (!isc_md5_available())
+ return;
+
/*
* These are the various test vectors. All of these are passed
* through the hash function and the results are compared to the
@@ -1631,6 +1634,9 @@ isc_hmacmd5_test(void **state) {
UNUSED(state);
+ if (!isc_md5_available())
+ return;
+
/*
* These are the various test vectors. All of these are passed
* through the hash function and the results are compared to the
@@ -1941,6 +1947,9 @@ static void
md5_check_test(void **state) {
UNUSED(state);
+ if (!isc_md5_available())
+ return;
+
assert_true(isc_md5_check(false));
assert_false(isc_md5_check(true));
@@ -2017,7 +2018,8 @@ ATF_TP_ADD_TCS(tp) {
ATF_TP_ADD_TC(tp, isc_hash_function_reverse);
ATF_TP_ADD_TC(tp, isc_hash_initializer);
#ifndef PK11_MD5_DISABLE
- ATF_TP_ADD_TC(tp, isc_hmacmd5);
+ if (isc_md5_available())
+ ATF_TP_ADD_TC(tp, isc_hmacmd5);
#endif
ATF_TP_ADD_TC(tp, isc_hmacsha1);
ATF_TP_ADD_TC(tp, isc_hmacsha224);
@@ -2025,7 +2027,8 @@ ATF_TP_ADD_TCS(tp) {
ATF_TP_ADD_TC(tp, isc_hmacsha384);
ATF_TP_ADD_TC(tp, isc_hmacsha512);
#ifndef PK11_MD5_DISABLE
- ATF_TP_ADD_TC(tp, isc_md5);
+ if (isc_md5_available())
+ ATF_TP_ADD_TC(tp, isc_md5);
#endif
ATF_TP_ADD_TC(tp, isc_sha1);
ATF_TP_ADD_TC(tp, isc_sha224);
diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
index c2740cb..c314d76 100644
--- a/lib/isccc/cc.c
@ -1477,5 +1455,5 @@ index c2740cb..c314d76 100644
case ISCCC_ALG_HMACSHA1:
--
2.14.4
2.20.1

186
bind-9.11-fips-tests.patch
View File

@ -1,4 +1,4 @@
From 07876a60a9c2537f536901b214349d67f6b25666 Mon Sep 17 00:00:00 2001
From 4e6888c1d32071ead4b7faeeb0f1774a6d8a1120 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -58,56 +58,54 @@ Date: Wed Mar 7 10:44:23 2018 +0100
Use hmac-sha256 instead of default hmac-md5 for allow-query
---
bin/tests/system/acl/ns2/named1.conf.in | 4 +-
bin/tests/system/acl/ns2/named2.conf.in | 4 +-
bin/tests/system/acl/ns2/named3.conf.in | 6 +--
bin/tests/system/acl/ns2/named4.conf.in | 4 +-
bin/tests/system/acl/ns2/named5.conf.in | 4 +-
bin/tests/system/acl/tests.sh | 32 +++++------
bin/tests/system/allow-query/ns2/named10.conf.in | 2 +-
bin/tests/system/allow-query/ns2/named11.conf.in | 4 +-
bin/tests/system/allow-query/ns2/named12.conf.in | 2 +-
bin/tests/system/allow-query/ns2/named30.conf.in | 2 +-
bin/tests/system/allow-query/ns2/named31.conf.in | 4 +-
bin/tests/system/allow-query/ns2/named32.conf.in | 2 +-
bin/tests/system/allow-query/ns2/named40.conf.in | 4 +-
bin/tests/system/allow-query/tests.sh | 18 +++----
bin/tests/system/catz/ns1/named.conf.in | 2 +-
bin/tests/system/catz/ns2/named.conf.in | 2 +-
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
bin/tests/system/checkconf/good.conf | 2 +-
bin/tests/system/digdelv/ns2/example.db | 15 +++---
bin/tests/system/digdelv/tests.sh | 28 +++++-----
bin/tests/system/dlv/ns1/sign.sh | 4 +-
bin/tests/system/dlv/ns2/sign.sh | 4 +-
bin/tests/system/dlv/ns3/sign.sh | 69 ++++++++++++------------
bin/tests/system/dlv/ns6/sign.sh | 66 ++++++++++++-----------
bin/tests/system/dnssec/ns1/sign.sh | 4 +-
bin/tests/system/dnssec/ns2/sign.sh | 12 ++---
bin/tests/system/dnssec/ns3/sign.sh | 20 +++----
bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +-
bin/tests/system/dnssec/tests.sh | 8 +--
bin/tests/system/feature-test.c | 14 +++++
bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +-
bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +-
bin/tests/system/notify/ns5/named.conf.in | 6 +--
bin/tests/system/notify/tests.sh | 6 +--
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
bin/tests/system/nsupdate/setup.sh | 7 ++-
bin/tests/system/nsupdate/tests.sh | 11 +++-
bin/tests/system/rndc/setup.sh | 2 +-
bin/tests/system/rndc/tests.sh | 23 ++++----
bin/tests/system/tsig/clean.sh | 1 +
bin/tests/system/tsig/ns1/named.conf.in | 10 +---
bin/tests/system/tsig/ns1/rndc5.conf.in | 11 ++++
bin/tests/system/tsig/setup.sh | 4 ++
bin/tests/system/tsig/tests.sh | 67 ++++++++++++++---------
bin/tests/system/tsiggss/setup.sh | 2 +-
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +-
48 files changed, 287 insertions(+), 225 deletions(-)
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
bin/tests/system/acl/ns2/named1.conf.in | 4 +-
bin/tests/system/acl/ns2/named2.conf.in | 4 +-
bin/tests/system/acl/ns2/named3.conf.in | 6 +-
bin/tests/system/acl/ns2/named4.conf.in | 4 +-
bin/tests/system/acl/ns2/named5.conf.in | 4 +-
bin/tests/system/acl/tests.sh | 32 ++++-----
.../system/allow-query/ns2/named10.conf.in | 2 +-
.../system/allow-query/ns2/named11.conf.in | 4 +-
.../system/allow-query/ns2/named12.conf.in | 2 +-
.../system/allow-query/ns2/named30.conf.in | 2 +-
.../system/allow-query/ns2/named31.conf.in | 4 +-
.../system/allow-query/ns2/named32.conf.in | 2 +-
.../system/allow-query/ns2/named40.conf.in | 4 +-
bin/tests/system/allow-query/tests.sh | 18 ++---
bin/tests/system/catz/ns1/named.conf.in | 2 +-
bin/tests/system/catz/ns2/named.conf.in | 2 +-
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
bin/tests/system/checkconf/good.conf | 2 +-
bin/tests/system/digdelv/ns2/example.db | 15 ++--
bin/tests/system/digdelv/tests.sh | 28 ++++----
bin/tests/system/dlv/ns1/sign.sh | 4 +-
bin/tests/system/dlv/ns2/sign.sh | 4 +-
bin/tests/system/dlv/ns3/sign.sh | 69 ++++++++++---------
bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++---------
bin/tests/system/dnssec/ns1/sign.sh | 4 +-
bin/tests/system/dnssec/ns2/sign.sh | 12 ++--
bin/tests/system/dnssec/ns3/sign.sh | 20 +++---
bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +-
bin/tests/system/dnssec/tests.sh | 8 +--
bin/tests/system/feature-test.c | 14 ++++
bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +-
bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +-
bin/tests/system/notify/ns5/named.conf.in | 6 +-
bin/tests/system/notify/tests.sh | 6 +-
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
bin/tests/system/nsupdate/setup.sh | 7 +-
bin/tests/system/nsupdate/tests.sh | 11 ++-
bin/tests/system/rndc/setup.sh | 2 +-
bin/tests/system/rndc/tests.sh | 23 ++++---
bin/tests/system/tsig/clean.sh | 1 +
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
bin/tests/system/tsig/setup.sh | 5 ++
bin/tests/system/tsig/tests.sh | 67 +++++++++++-------
bin/tests/system/tsiggss/setup.sh | 2 +-
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +-
47 files changed, 277 insertions(+), 225 deletions(-)
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
index 0ea6502..026db3f 100644
@ -604,7 +602,7 @@ index f4e30f5..9f53e31 100644
; TTL of 3 weeks
weeks 1814400 A 10.53.0.2
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 95bd074..b566ecb 100644
index 24aa7b3..54a3e2a 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -61,7 +61,7 @@ if [ -x ${DIG} ] ; then
@ -670,7 +668,7 @@ index 95bd074..b566ecb 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -555,7 +555,7 @@ if [ -x ${DELV} ] ; then
@@ -564,7 +564,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -679,7 +677,7 @@ index 95bd074..b566ecb 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -563,7 +563,7 @@ if [ -x ${DELV} ] ; then
@@ -572,7 +572,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1
@ -688,7 +686,7 @@ index 95bd074..b566ecb 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -571,7 +571,7 @@ if [ -x ${DELV} ] ; then
@@ -580,7 +580,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +rrcomments works for DNSKEY($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -697,7 +695,7 @@ index 95bd074..b566ecb 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -579,7 +579,7 @@ if [ -x ${DELV} ] ; then
@@ -588,7 +588,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -706,7 +704,7 @@ index 95bd074..b566ecb 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -587,7 +587,7 @@ if [ -x ${DELV} ] ; then
@@ -596,7 +596,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -715,7 +713,7 @@ index 95bd074..b566ecb 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -595,7 +595,7 @@ if [ -x ${DELV} ] ; then
@@ -604,7 +604,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -724,7 +722,7 @@ index 95bd074..b566ecb 100644
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 14 || ret=1
@@ -606,7 +606,7 @@ if [ -x ${DELV} ] ; then
@@ -615,7 +615,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -1171,10 +1169,10 @@ index 198d60a..d89a539 100644
keyid=`expr $keyid + 0`
echo "$keyid" > managed.key.id
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index 9078459..9dcd028 100644
index ca18608..25b6cab 100644
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -29,8 +29,8 @@ do
@@ -30,8 +30,8 @@ do
cp ../ns3/dsset-$subdomain.example$TP .
done
@ -1185,7 +1183,7 @@ index 9078459..9dcd028 100644
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -89,8 +89,8 @@ zone=in-addr.arpa.
@@ -91,8 +91,8 @@ zone=in-addr.arpa.
infile=in-addr.arpa.db.in
zonefile=in-addr.arpa.db
@ -1196,7 +1194,7 @@ index 9078459..9dcd028 100644
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
@@ -101,7 +101,7 @@ privzone=private.secure.example.
@@ -103,7 +103,7 @@ privzone=private.secure.example.
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
@ -1205,7 +1203,7 @@ index 9078459..9dcd028 100644
cat $privinfile $privkeyname.key >$privzonefile
@@ -115,7 +115,7 @@ dlvinfile=dlv.db.in
@@ -117,7 +117,7 @@ dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
@ -1215,7 +1213,7 @@ index 9078459..9dcd028 100644
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index 330abf7..f95a6b7 100644
index ff55d84..4f6a251 100644
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -28,7 +28,7 @@ zone=bogus.example.
@ -1292,7 +1290,7 @@ index 330abf7..f95a6b7 100644
cat $infile $keyname.key >$zonefile
@@ -498,7 +498,7 @@ zone=badds.example.
@@ -533,7 +533,7 @@ zone=badds.example.
infile=bogus.example.db.in
zonefile=badds.example.db
@ -1313,10 +1311,10 @@ index ed30460..e6b1126 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
};
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index bb2315f..3156668 100644
index 646434f..9a10f9f 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1690,7 +1690,7 @@ ret=0
@@ -1688,7 +1688,7 @@ ret=0
$RNDCCMD 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
keyid=`cat ns1/managed.key.id`
cp ns4/named.secroots named.secroots.test$n
@ -1325,7 +1323,7 @@ index bb2315f..3156668 100644
[ "$linecount" -eq 1 ] || ret=1
linecount=`cat named.secroots.test$n | wc -l`
[ "$linecount" -eq 10 ] || ret=1
@@ -3018,7 +3018,7 @@ echo_i "check dig's +nocrypto flag ($n)"
@@ -3016,7 +3016,7 @@ echo_i "check dig's +nocrypto flag ($n)"
ret=0
$DIG $DIGOPTS +norec +nocrypto DNSKEY . \
@10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1
@ -1334,7 +1332,7 @@ index bb2315f..3156668 100644
grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
$DIG $DIGOPTS +norec +nocrypto DS example \
@10.53.0.1 > dig.out.ds.ns1.test$n || ret=1
@@ -3130,8 +3130,8 @@ do
@@ -3128,8 +3128,8 @@ do
alg=`expr $alg + 1`
continue;;
3) size="-b 512";;
@ -1346,7 +1344,7 @@ index bb2315f..3156668 100644
8) size="-b 512";;
10) size="-b 1024";;
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index 9612450..5eee6aa 100644
index f934b63..11863a3 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -19,6 +19,7 @@
@ -1440,10 +1438,10 @@ index cfcfe8f..0a1614d 100644
};
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
index ad20e3e..5a9ce46 100644
index 1f6e6d0..c08bd25 100644
--- a/bin/tests/system/notify/tests.sh
+++ b/bin/tests/system/notify/tests.sh
@@ -186,16 +186,16 @@ ret=0
@@ -212,16 +212,16 @@ ret=0
$NSUPDATE << EOF
server 10.53.0.5 ${PORT}
zone x21
@ -1477,10 +1475,10 @@ index 1d999ad..26b6b7c 100644
};
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
index b4ecf96..1adb33e 100644
index 4549184..cb7dccd 100644
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
@@ -24,7 +24,7 @@ options {
@@ -33,7 +33,7 @@ controls {
};
key altkey {
@ -1490,7 +1488,7 @@ index b4ecf96..1adb33e 100644
};
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index d6647fa..715314b 100644
index 45dfeeb..594db77 100644
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -63,7 +63,12 @@ EOF
@ -1508,7 +1506,7 @@ index d6647fa..715314b 100644
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 9f26572..fd0383f 100755
index 901cd22..b72b59c 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -700,7 +700,14 @@ fi
@ -1537,7 +1535,7 @@ index 9f26572..fd0383f 100755
done
if [ $ret -ne 0 ]; then
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
index 850c4d2..09a3e0f 100644
index 343869e..c30efb0 100644
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@@ -37,7 +37,7 @@ make_key () {
@ -1550,7 +1548,7 @@ index 850c4d2..09a3e0f 100644
make_key 3 ${EXTRAPORT3} hmac-sha224
make_key 4 ${EXTRAPORT4} hmac-sha256
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index 647730e..7df752d 100644
index b00056c..f7fad91 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -356,15 +356,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1620,31 +1618,15 @@ index fbf30c6..f61657d 100644
key "sha1-trunc" {
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
new file mode 100644
index 0000000..4117830
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
@@ -0,0 +1,11 @@
+
+key "md5" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5;
+};
+
+key "md5-trunc" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5-80;
+};
+
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
index 656e9bb..628c5bb 100644
index 4dd4a25..aa0f966 100644
--- a/bin/tests/system/tsig/setup.sh
+++ b/bin/tests/system/tsig/setup.sh
@@ -17,3 +17,7 @@ $SHELL clean.sh
@@ -17,3 +17,8 @@ $SHELL clean.sh
copy_setports ns1/named.conf.in ns1/named.conf
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
+
+if $FEATURETEST --md5
+then
+ cat ns1/rndc5.conf.in >> ns1/named.conf
@ -1742,10 +1724,10 @@ index f731fa6..cade35b 100644
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
index 5da33cf..fb108b0 100644
index 0d21c7b..dbcb7b4 100644
--- a/bin/tests/system/tsiggss/setup.sh
+++ b/bin/tests/system/tsiggss/setup.sh
@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
copy_setports ns1/named.conf.in ns1/named.conf
@ -1779,5 +1761,5 @@ index b0694bb..9adae82 100644
update add updated.example. 600 A 10.10.10.1
update add updated.example. 600 TXT Foo
--
2.14.4
2.20.1

34
bind-9.11-host-idn-disable.patch
View File

@ -1,4 +1,4 @@
From ed26f0f0eb4242706d2012e4abe0152071bb305b Mon Sep 17 00:00:00 2001
From ec50eff97c259b5bfbfa4e050d69fe7b39b0f15a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 25 Sep 2018 18:08:46 +0200
Subject: [PATCH] Disable IDN from environment as documented
@ -12,16 +12,16 @@ Support variable CHARSET=ASCII to disable IDN, supported in downstream
RH patch since RHEL 5.
---
bin/dig/dig.docbook | 4 +++-
bin/dig/dighost.c | 9 +++++++--
bin/dig/dighost.c | 5 +++++
bin/dig/host.docbook | 2 +-
bin/dig/nslookup.docbook | 15 +++++++++++++++
4 files changed, 26 insertions(+), 4 deletions(-)
4 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index bd7510e..5cc696f 100644
index 5d19301..933af79 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1288,7 +1288,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
@@ -1312,7 +1312,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
reply from the server.
If you'd like to turn off the IDN support for some reason, use
parameters <parameter>+noidnin</parameter> and
@ -33,15 +33,13 @@ index bd7510e..5cc696f 100644
</refsection>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 341ed80..bb8702c 100644
index 5eabc1f..73aaab8 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -825,12 +825,17 @@ make_empty_lookup(void) {
looknew->seenbadcookie = false;
@@ -826,6 +826,11 @@ make_empty_lookup(void) {
looknew->badcookie = true;
#ifdef WITH_IDN_SUPPORT
- looknew->idnin = true;
+ looknew->idnin = (getenv("IDN_DISABLE") == NULL);
looknew->idnin = isatty(1)?(getenv("IDN_DISABLE") == NULL):false;
+ if (looknew->idnin) {
+ const char *charset = getenv("CHARSET");
+ if (charset && !strcmp(charset, "ASCII"))
@ -50,17 +48,11 @@ index 341ed80..bb8702c 100644
#else
looknew->idnin = false;
#endif
#ifdef WITH_IDN_OUT_SUPPORT
- looknew->idnout = true;
+ looknew->idnout = looknew->idnin;
#else
looknew->idnout = false;
#endif
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
index 9c3aeaa..42cbbf9 100644
index da0f8fb..9689b5a 100644
--- a/bin/dig/host.docbook
+++ b/bin/dig/host.docbook
@@ -378,7 +378,7 @@
@@ -379,7 +379,7 @@
<command>host</command> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
@ -70,10 +62,10 @@ index 9c3aeaa..42cbbf9 100644
The IDN support is disabled if the variable is set when
<command>host</command> runs.
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index 3aff4e9..86a09c6 100644
index d46fc2d..6d7d181 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -478,6 +478,21 @@ nslookup -query=hinfo -timeout=10
@@ -495,6 +495,21 @@ nslookup -query=hinfo -timeout=10
</para>
</refsection>
@ -96,5 +88,5 @@ index 3aff4e9..86a09c6 100644
<para><filename>/etc/resolv.conf</filename>
--
2.14.4
2.20.1

90
bind-9.11-kyua-pkcs11.patch
View File

@ -1,4 +1,4 @@
From 3474d13bbf08c441783bd72afbc8cec8857baf46 Mon Sep 17 00:00:00 2001
From 17998f4feb9590522a0b50943075d9e8c97ec69d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 2 Jan 2018 18:13:07 +0100
Subject: [PATCH] Fix pkcs11 variants atf tests
@ -7,20 +7,19 @@ Add dns-pkcs11 tests Makefile to configure
Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
---
configure.in | 1 +
lib/Atffile | 2 ++
configure.ac | 1 +
lib/Kyuafile | 2 ++
lib/dns-pkcs11/tests/Makefile.in | 10 +++++-----
lib/dns-pkcs11/tests/dh_test.c | 3 ++-
lib/isc-pkcs11/tests/Makefile.in | 6 +++---
lib/isc-pkcs11/tests/hash_test.c | 32 +++++++++++++++++++++++++-------
7 files changed, 40 insertions(+), 16 deletions(-)
6 files changed, 38 insertions(+), 16 deletions(-)
diff --git a/configure.in b/configure.in
index 1edafd1..5466de1 100644
--- a/configure.in
+++ b/configure.in
@@ -5489,6 +5489,7 @@ AC_CONFIG_FILES([
diff --git a/configure.ac b/configure.ac
index 7aff0e6..8374385 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5512,6 +5512,7 @@ AC_CONFIG_FILES([
lib/dns-pkcs11/include/Makefile
lib/dns-pkcs11/include/dns/Makefile
lib/dns-pkcs11/include/dst/Makefile
@ -28,25 +27,11 @@ index 1edafd1..5466de1 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
diff --git a/lib/Atffile b/lib/Atffile
index 93bbb01..4db3dce 100644
--- a/lib/Atffile
+++ b/lib/Atffile
@@ -3,7 +3,9 @@ Content-Type: application/X-atf-atffile; version="1"
prop: test-suite = bind9
tp: dns
+tp: dns-pkcs11
tp: irs
tp: isc
+tp: isc-pkcs11
tp: isccfg
tp: lwres
diff --git a/lib/Kyuafile b/lib/Kyuafile
index ff9fc56..eaaf0dc 100644
index 7c8bab0..eec9564 100644
--- a/lib/Kyuafile
+++ b/lib/Kyuafile
@@ -2,7 +2,9 @@ syntax(2)
@@ -2,8 +2,10 @@ syntax(2)
test_suite('bind9')
include('dns/Kyuafile')
@ -54,18 +39,19 @@ index ff9fc56..eaaf0dc 100644
include('irs/Kyuafile')
include('isc/Kyuafile')
+include('isc-pkcs11/Kyuafile')
include('isccc/Kyuafile')
include('isccfg/Kyuafile')
include('lwres/Kyuafile')
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
index 625e809..6fd4e36 100644
index 9f1781a..e50463d 100644
--- a/lib/dns-pkcs11/tests/Makefile.in
+++ b/lib/dns-pkcs11/tests/Makefile.in
@@ -21,12 +21,12 @@ VERSION=@BIND9_VERSION@
@@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@
CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
@DST_OPENSSL_INC@
-CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\""
+CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
+CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
-ISCLIBS = ../../isc/libisc.@A@
-ISCDEPLIBS = ../../isc/libisc.@A@
@ -76,45 +62,45 @@ index 625e809..6fd4e36 100644
+DNSLIBS = ../libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
+DNSDEPLIBS = ../libdns-pkcs11.@A@
LIBS = @LIBS@ @ATFLIBS@
LIBS = @LIBS@ @CMOCKA_LIBS@
CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@
diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c
index 6216b4e..dd74e58 100644
index 4dbfd82..a383b8e 100644
--- a/lib/dns-pkcs11/tests/dh_test.c
+++ b/lib/dns-pkcs11/tests/dh_test.c
@@ -64,7 +64,8 @@ ATF_TC_BODY(isc_dh_computesecret, tc) {
ret = dst_key_computesecret(key, key, &buf);
ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY);
ret = key->func->computesecret(key, key, &buf);
- ATF_REQUIRE_EQ(ret, DST_R_COMPUTESECRETFAILURE);
@@ -86,7 +86,8 @@ dh_computesecret(void **state) {
result = dst_key_computesecret(key, key, &buf);
assert_int_equal(result, DST_R_NOTPRIVATEKEY);
result = key->func->computesecret(key, key, &buf);
- assert_int_equal(result, DST_R_COMPUTESECRETFAILURE);
+ /* PKCS11 variant gives different result, accept both */
+ ATF_REQUIRE(ret == DST_R_COMPUTESECRETFAILURE || ret == DST_R_INVALIDPRIVATEKEY);
+ assert_true(result == DST_R_COMPUTESECRETFAILURE || result == DST_R_INVALIDPRIVATEKEY);
dst_key_free(&key);
dns_test_end();
}
diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in
index add8068..a928dcf 100644
index 2fdee0b..a263b35 100644
--- a/lib/isc-pkcs11/tests/Makefile.in
+++ b/lib/isc-pkcs11/tests/Makefile.in
@@ -20,10 +20,10 @@ VERSION=@BIND9_VERSION@
@@ -16,10 +16,10 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = -I. -Iinclude ${ISC_INCLUDES} @ISC_OPENSSL_INC@
-CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc/tests/\""
+CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\""
+CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\""
-ISCLIBS = ../libisc.@A@ @ISC_OPENSSL_LIBS@
-ISCDEPLIBS = ../libisc.@A@
+ISCLIBS = ../libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@
+ISCDEPLIBS = ../libisc-pkcs11.@A@
LIBS = @LIBS@ @ATFLIBS@
LIBS = @LIBS@ @CMOCKA_LIBS@
CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@
diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c
index 7eb1552..048ae9d 100644
index 9c4d299..d9deba2 100644
--- a/lib/isc-pkcs11/tests/hash_test.c
+++ b/lib/isc-pkcs11/tests/hash_test.c
@@ -78,7 +78,7 @@ typedef struct hash_testcase {
@@ -85,7 +85,7 @@ typedef struct hash_testcase {
typedef struct hash_test_key {
const char *key;
@ -123,7 +109,7 @@ index 7eb1552..048ae9d 100644
} hash_test_key_t;
/* non-hmac tests */
@@ -961,8 +961,11 @@ ATF_TC_BODY(isc_hmacsha1, tc) {
@@ -956,8 +956,11 @@ isc_hmacsha1_test(void **state) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -136,7 +122,7 @@ index 7eb1552..048ae9d 100644
isc_hmacsha1_update(&hmacsha1,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1124,8 +1127,11 @@ ATF_TC_BODY(isc_hmacsha224, tc) {
@@ -1116,8 +1119,11 @@ isc_hmacsha224_test(void **state) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -149,7 +135,7 @@ index 7eb1552..048ae9d 100644
isc_hmacsha224_update(&hmacsha224,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1287,8 +1293,11 @@ ATF_TC_BODY(isc_hmacsha256, tc) {
@@ -1277,8 +1283,11 @@ isc_hmacsha256_test(void **state) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -162,7 +148,7 @@ index 7eb1552..048ae9d 100644
isc_hmacsha256_update(&hmacsha256,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1456,8 +1465,11 @@ ATF_TC_BODY(isc_hmacsha384, tc) {
@@ -1444,8 +1453,11 @@ isc_hmacsha384_test(void **state) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -175,7 +161,7 @@ index 7eb1552..048ae9d 100644
isc_hmacsha384_update(&hmacsha384,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1625,8 +1637,11 @@ ATF_TC_BODY(isc_hmacsha512, tc) {
@@ -1611,8 +1623,11 @@ isc_hmacsha512_test(void **state) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -188,7 +174,7 @@ index 7eb1552..048ae9d 100644
isc_hmacsha512_update(&hmacsha512,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1769,8 +1784,11 @@ ATF_TC_BODY(isc_hmacmd5, tc) {
@@ -1755,8 +1770,11 @@ isc_hmacmd5_test(void **state) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -202,5 +188,5 @@ index 7eb1552..048ae9d 100644
(const uint8_t *) testcase->input,
testcase->input_len);
--
2.14.4
2.20.1

209
bind-9.11-kyua.patch
View File

@ -1,209 +0,0 @@
From b93950dff6b3bf02225ad64d7c3e02e6b04917fd Mon Sep 17 00:00:00 2001
From: Tinderbox User <tbox@isc.org>
Date: Fri, 29 Dec 2017 02:23:11 +0000
Subject: [PATCH] regen v9_11
---
Kyuafile | 4 ++++
lib/Kyuafile | 8 ++++++++
lib/dns/Kyuafile | 4 ++++
lib/dns/tests/Kyuafile | 30 ++++++++++++++++++++++++++++++
lib/irs/Kyuafile | 4 ++++
lib/irs/tests/Kyuafile | 4 ++++
lib/isc/Kyuafile | 4 ++++
lib/isc/tests/Kyuafile | 28 ++++++++++++++++++++++++++++
lib/isccfg/Kyuafile | 4 ++++
lib/isccfg/tests/Kyuafile | 4 ++++
lib/lwres/Kyuafile | 4 ++++
lib/lwres/tests/Kyuafile | 4 ++++
12 files changed, 102 insertions(+)
create mode 100644 Kyuafile
create mode 100644 lib/Kyuafile
create mode 100644 lib/dns/Kyuafile
create mode 100644 lib/dns/tests/Kyuafile
create mode 100644 lib/irs/Kyuafile
create mode 100644 lib/irs/tests/Kyuafile
create mode 100644 lib/isc/Kyuafile
create mode 100644 lib/isc/tests/Kyuafile
create mode 100644 lib/isccfg/Kyuafile
create mode 100644 lib/isccfg/tests/Kyuafile
create mode 100644 lib/lwres/Kyuafile
create mode 100644 lib/lwres/tests/Kyuafile
diff --git a/Kyuafile b/Kyuafile
new file mode 100644
index 0000000..70b2cff
--- /dev/null
+++ b/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('lib/Kyuafile')
diff --git a/lib/Kyuafile b/lib/Kyuafile
new file mode 100644
index 0000000..ff9fc56
--- /dev/null
+++ b/lib/Kyuafile
@@ -0,0 +1,8 @@
+syntax(2)
+test_suite('bind9')
+
+include('dns/Kyuafile')
+include('irs/Kyuafile')
+include('isc/Kyuafile')
+include('isccfg/Kyuafile')
+include('lwres/Kyuafile')
diff --git a/lib/dns/Kyuafile b/lib/dns/Kyuafile
new file mode 100644
index 0000000..0739e3a
--- /dev/null
+++ b/lib/dns/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('tests/Kyuafile')
diff --git a/lib/dns/tests/Kyuafile b/lib/dns/tests/Kyuafile
new file mode 100644
index 0000000..72a581b
--- /dev/null
+++ b/lib/dns/tests/Kyuafile
@@ -0,0 +1,30 @@
+syntax(2)
+test_suite('bind9')
+
+atf_test_program{name='acl_test'}
+atf_test_program{name='db_test'}
+atf_test_program{name='dbdiff_test'}
+atf_test_program{name='dbiterator_test'}
+atf_test_program{name='dbversion_test'}
+atf_test_program{name='dh_test'}
+atf_test_program{name='dispatch_test'}
+atf_test_program{name='dnstap_test'}
+atf_test_program{name='geoip_test'}
+atf_test_program{name='gost_test'}
+atf_test_program{name='keytable_test'}
+atf_test_program{name='master_test'}
+atf_test_program{name='name_test'}
+atf_test_program{name='nsec3_test'}
+atf_test_program{name='peer_test'}
+atf_test_program{name='private_test'}
+atf_test_program{name='rbt_serialize_test'}
+atf_test_program{name='rbt_test'}
+atf_test_program{name='rdata_test'}
+atf_test_program{name='rdataset_test'}
+atf_test_program{name='rdatasetstats_test'}
+atf_test_program{name='rsa_test'}
+atf_test_program{name='time_test'}
+atf_test_program{name='tsig_test'}
+atf_test_program{name='update_test'}
+atf_test_program{name='zonemgr_test'}
+atf_test_program{name='zt_test'}
diff --git a/lib/irs/Kyuafile b/lib/irs/Kyuafile
new file mode 100644
index 0000000..0739e3a
--- /dev/null
+++ b/lib/irs/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('tests/Kyuafile')
diff --git a/lib/irs/tests/Kyuafile b/lib/irs/tests/Kyuafile
new file mode 100644
index 0000000..4ef7136
--- /dev/null
+++ b/lib/irs/tests/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+atf_test_program{name='resconf_test'}
diff --git a/lib/isc/Kyuafile b/lib/isc/Kyuafile
new file mode 100644
index 0000000..0739e3a
--- /dev/null
+++ b/lib/isc/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('tests/Kyuafile')
diff --git a/lib/isc/tests/Kyuafile b/lib/isc/tests/Kyuafile
new file mode 100644
index 0000000..c558cbc
--- /dev/null
+++ b/lib/isc/tests/Kyuafile
@@ -0,0 +1,28 @@
+syntax(2)
+test_suite('bind9')
+
+atf_test_program{name='aes_test'}
+atf_test_program{name='buffer_test'}
+atf_test_program{name='counter_test'}
+atf_test_program{name='errno_test'}
+atf_test_program{name='file_test'}
+atf_test_program{name='hash_test'}
+atf_test_program{name='ht_test'}
+atf_test_program{name='lex_test'}
+atf_test_program{name='mem_test'}
+atf_test_program{name='netaddr_test'}
+atf_test_program{name='parse_test'}
+atf_test_program{name='pool_test'}
+atf_test_program{name='print_test'}
+atf_test_program{name='queue_test'}
+atf_test_program{name='radix_test'}
+atf_test_program{name='random_test'}
+atf_test_program{name='regex_test'}
+atf_test_program{name='result_test'}
+atf_test_program{name='safe_test'}
+atf_test_program{name='sockaddr_test'}
+atf_test_program{name='socket_test'}
+atf_test_program{name='symtab_test'}
+atf_test_program{name='task_test'}
+atf_test_program{name='taskpool_test'}
+atf_test_program{name='time_test'}
diff --git a/lib/isccfg/Kyuafile b/lib/isccfg/Kyuafile
new file mode 100644
index 0000000..0739e3a
--- /dev/null
+++ b/lib/isccfg/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('tests/Kyuafile')
diff --git a/lib/isccfg/tests/Kyuafile b/lib/isccfg/tests/Kyuafile
new file mode 100644
index 0000000..342d25f
--- /dev/null
+++ b/lib/isccfg/tests/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+atf_test_program{name='parser_test'}
diff --git a/lib/lwres/Kyuafile b/lib/lwres/Kyuafile
new file mode 100644
index 0000000..0739e3a
--- /dev/null
+++ b/lib/lwres/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('tests/Kyuafile')
diff --git a/lib/lwres/tests/Kyuafile b/lib/lwres/tests/Kyuafile
new file mode 100644
index 0000000..6d373e8
--- /dev/null
+++ b/lib/lwres/tests/Kyuafile
@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+atf_test_program{name='config_test'}
--
2.9.5

14
bind-9.11-rh1410433.patch
View File

@ -1,14 +1,16 @@
diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c
index 0ce5e42..556d920 100644
index 15561ce..e4449b0 100644
--- a/lib/dns/dyndb.c
+++ b/lib/dns/dyndb.c
@@ -130,9 +130,6 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname,
@@ -133,8 +133,11 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname,
instname, filename);
flags = RTLD_NOW|RTLD_LOCAL;
-#ifdef RTLD_DEEPBIND
- flags |= RTLD_DEEPBIND;
-#endif
+#if 0
+ /* Shared global namespace is required for dns-pkcs11 library */
#if defined(RTLD_DEEPBIND) && !__SANITIZE_ADDRESS__
flags |= RTLD_DEEPBIND;
+#endif
#endif
handle = dlopen(filename, flags);
if (handle == NULL)

82
bind-9.11-rh1624100.patch
View File

@ -1,4 +1,4 @@
From 4fc49ad102fd00343665273caf4349d4edb5e5ac Mon Sep 17 00:00:00 2001
From 292a0ca28f2e8a49f8c7e62c39ad7160234ce23d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 25 Apr 2018 14:04:31 +0200
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
@ -14,13 +14,13 @@ Fix the isc_safe_memwipe() usage with (NULL, >0)
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
---
bin/dnssec/dnssec-signzone.c | 2 +-
lib/dns/nsec3.c | 4 +--
lib/dns/spnego.c | 4 +--
lib/isc/Makefile.in | 8 ++---
lib/isc/include/isc/safe.h | 18 +++-------
lib/isc/safe.c | 83 --------------------------------------------
lib/isc/tests/safe_test.c | 20 -----------
7 files changed, 11 insertions(+), 128 deletions(-)
lib/dns/nsec3.c | 4 +-
lib/dns/spnego.c | 4 +-
lib/isc/Makefile.in | 8 +---
lib/isc/include/isc/safe.h | 18 ++------
lib/isc/safe.c | 83 ------------------------------------
lib/isc/tests/safe_test.c | 18 --------
7 files changed, 11 insertions(+), 126 deletions(-)
delete mode 100644 lib/isc/safe.c
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
@ -37,10 +37,10 @@ index 6ddaebe..d921870 100644
static void
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index e127893..895519e 100644
index 6ae7ca8..01426d6 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1953,7 +1953,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
@@ -1963,7 +1963,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
* Work out what this NSEC3 covers.
* Inside (<0) or outside (>=0).
*/
@ -49,7 +49,7 @@ index e127893..895519e 100644
/*
* Prepare to compute all the hashes.
@@ -1977,7 +1977,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
@@ -1987,7 +1987,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
return (ISC_R_IGNORE);
}
@ -241,35 +241,33 @@ index 7a464b6..0000000
-#endif
-}
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
index f721cd1..ea3e61f 100644
index 5775b6e..3451b5d 100644
--- a/lib/isc/tests/safe_test.c
+++ b/lib/isc/tests/safe_test.c
@@ -39,24 +39,6 @@ ATF_TC_BODY(isc_safe_memequal, tc) {
"\x00\x00\x00\x00", 4));
@@ -44,22 +44,6 @@ isc_safe_memequal_test(void **state) {
"\x00\x00\x00\x00", 4));
}
-ATF_TC(isc_safe_memcompare);
-ATF_TC_HEAD(isc_safe_memcompare, tc) {
- atf_tc_set_md_var(tc, "descr", "safe memcompare()");
-}
-ATF_TC_BODY(isc_safe_memcompare, tc) {
- UNUSED(tc);
-/* test isc_safe_memcompare() */
-static void
-isc_safe_memcompare_test(void **state) {
- UNUSED(state);
-
- ATF_CHECK(isc_safe_memcompare("test", "test", 4) == 0);
- ATF_CHECK(isc_safe_memcompare("test", "tesc", 4) > 0);
- ATF_CHECK(isc_safe_memcompare("test", "tesy", 4) < 0);
- ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x00", 4) == 0);
- ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x01", 4) < 0);
- ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x02",
- "\x00\x00\x00\x00", 4) > 0);
- assert_int_equal(isc_safe_memcompare("test", "test", 4), 0);
- assert_true(isc_safe_memcompare("test", "tesc", 4) > 0);
- assert_true(isc_safe_memcompare("test", "tesy", 4) < 0);
- assert_int_equal(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x00", 4), 0);
- assert_true(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x01", 4) < 0);
- assert_true(isc_safe_memcompare("\x00\x00\x00\x02",
- "\x00\x00\x00\x00", 4) > 0);
-}
-
ATF_TC(isc_safe_memwipe);
ATF_TC_HEAD(isc_safe_memwipe, tc) {
atf_tc_set_md_var(tc, "descr", "isc_safe_memwipe()");
@@ -67,7 +49,6 @@ ATF_TC_BODY(isc_safe_memwipe, tc) {
/* test isc_safe_memwipe() */
static void
isc_safe_memwipe_test(void **state) {
@@ -68,7 +52,6 @@ isc_safe_memwipe_test(void **state) {
/* These should pass. */
isc_safe_memwipe(NULL, 0);
isc_safe_memwipe((void *) -1, 0);
@ -277,14 +275,14 @@ index f721cd1..ea3e61f 100644
/*
* isc_safe_memwipe(ptr, size) should function same as
@@ -106,7 +87,6 @@ ATF_TC_BODY(isc_safe_memwipe, tc) {
*/
ATF_TP_ADD_TCS(tp) {
ATF_TP_ADD_TC(tp, isc_safe_memequal);
- ATF_TP_ADD_TC(tp, isc_safe_memcompare);
ATF_TP_ADD_TC(tp, isc_safe_memwipe);
return (atf_no_error());
}
@@ -107,7 +90,6 @@ main(void) {
const struct CMUnitTest tests[] = {
cmocka_unit_test(isc_safe_memequal_test),
cmocka_unit_test(isc_safe_memwipe_test),
- cmocka_unit_test(isc_safe_memcompare_test),
};
return (cmocka_run_group_tests(tests, NULL, NULL));
--
2.14.4
2.20.1

96
bind-9.11-rh1647829-2.patch
View File

@ -1,28 +1,86 @@
From 58e1af6ca75d035b6391708be2c2272bb8d04620 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Sun, 4 Nov 2018 02:20:41 +0700
Subject: [PATCH] Enable IDN processing (both idnin and idnout) only on tty,
disable it when the stdout is not a tty
From fdfc8ad6a1069eea6b012972c972798003d58312 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 29 Jan 2019 18:07:44 +0100
Subject: [PATCH] Fallback to ASCII on output IDN conversion error
(cherry picked from commit 0e1bf7d017e4f6d787cbeb72cc2aa74e7f30122e)
(cherry picked from commit 8e1cc95c943b7dfaaaaf2d9a4971861735cc3fb2)
It is possible dig used ACE encoded name in locale, which does not
support converting it to unicode. Instead of fatal error, fallback to
ACE name on output.
(cherry picked from commit 7f4cb8f9584597fea16de6557124ac8b1bd47440)
Modify idna test to fallback to ACE
Test valid A-label on input would be displayed as A-label on output if
locale does not allow U-label.
(cherry picked from commit 4ce232f8605bdbe0594ebe5a71383c9d4e6f263b)
Emit warning on IDN output failure
Warning is emitted before any dig headers.
(cherry picked from commit 4b410038c531fbb902cd5fb83174eed1f06cb7d7)
---
bin/dig/dighost.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
bin/dig/dighost.c | 15 +++++++++++++--
bin/tests/system/idna/tests.sh | 17 +++++++++++++++++
2 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 74791d671e..3b722ba0ff 100644
index 73aaab8..375f99f 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -825,7 +825,7 @@ make_empty_lookup(void) {
looknew->seenbadcookie = false;
looknew->badcookie = true;
#ifdef WITH_IDN_SUPPORT
- looknew->idnin = (getenv("IDN_DISABLE") == NULL);
+ looknew->idnin = isatty(1)?(getenv("IDN_DISABLE") == NULL):false;
if (looknew->idnin) {
const char *charset = getenv("CHARSET");
if (charset && !strcmp(charset, "ASCII"))
@@ -4877,9 +4877,20 @@ idn_ace_to_locale(const char *from, char *to, size_t tolen) {
*/
res = idn2_to_unicode_8zlz(utf8_src, &tmp_str, 0);
if (res != IDN2_OK) {
- fatal("Cannot represent '%s' in the current locale (%s), "
- "use +noidnout or a different locale",
+ static bool warned = false;
+
+ res = idn2_to_ascii_8z(utf8_src, &tmp_str, 0);
+ if (res != IDN2_OK) {
+ fatal("Cannot represent '%s' "
+ "in the current locale nor ascii (%s), "
+ "use +noidnout or a different locale",
from, idn2_strerror(res));
+ } else if (!warned) {
+ fprintf(stderr, ";; Warning: cannot represent '%s' "
+ "in the current locale",
+ tmp_str);
+ warned = true;
+ }
}
/*
diff --git a/bin/tests/system/idna/tests.sh b/bin/tests/system/idna/tests.sh
index 7acb0fa..0269bcd 100644
--- a/bin/tests/system/idna/tests.sh
+++ b/bin/tests/system/idna/tests.sh
@@ -244,6 +244,23 @@ idna_enabled_test() {
idna_test "$text" "+idnin +noidnout" "xn--nxasmq6b.com" "xn--nxasmq6b.com."
idna_test "$text" "+idnin +idnout" "xn--nxasmq6b.com" "βόλοσ.com."
+ # Test of valid A-label in locale that cannot display it
+ #
+ # +noidnout: The string is sent as-is to the server and the returned qname
+ # is displayed in the same form.
+ # +idnout: The string is sent as-is to the server and the returned qname
+ # is displayed as the corresponding A-label.
+ #
+ # The "+[no]idnout" flag has no effect in these cases.
+ text="Checking valid A-label in C locale"
+ label="xn--nxasmq6b.com"
+ LC_ALL=C idna_test "$text" "" "$label" "$label."
+ LC_ALL=C idna_test "$text" "+noidnin +noidnout" "$label" "$label."
+ LC_ALL=C idna_test "$text" "+noidnin +idnout" "$label" "$label."
+ LC_ALL=C idna_test "$text" "+idnin +noidnout" "$label" "$label."
+ LC_ALL=C idna_test "$text" "+idnin +idnout" "$label" "$label."
+ LC_ALL=C idna_test "$text" "+noidnin +idnout" "$label" "$label."
+
# Tests of invalid A-labels
--
2.20.1

365
bind-9.11-rt31459.patch
View File

@ -1,4 +1,4 @@
From 45209f5153693339c4582795714b6859693673fc Mon Sep 17 00:00:00 2001
From 99fc89de7b96713a7c82ea9b98d5bc0c70ad1f6e Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 12 Sep 2017 19:05:46 -0700
Subject: [PATCH] rebased rt31459c
@ -22,27 +22,25 @@ Include new unit test
bin/dnssec/dnssec-verify.c | 8 +-
bin/dnssec/dnssectool.c | 11 +-
bin/named/server.c | 6 +
bin/nsupdate/nsupdate.c | 18 ++-
bin/nsupdate/nsupdate.c | 18 +-
bin/tests/makejournal.c | 6 +-
bin/tests/system/pipelined/pipequeries.c | 21 ++-
bin/tests/system/pipelined/pipequeries.c | 21 +-
bin/tests/system/pipelined/tests.sh | 4 +-
bin/tests/system/rsabigexponent/bigkey.c | 4 +
bin/tests/system/tkey/keycreate.c | 26 +++-
bin/tests/system/tkey/keydelete.c | 26 +++-
bin/tests/system/tkey/keycreate.c | 26 ++-
bin/tests/system/tkey/keydelete.c | 26 ++-
bin/tests/system/tkey/tests.sh | 8 +-
bin/tools/mdig.c | 3 +-
configure | 250 ++++++++++++++++++-------------
configure.in | 77 +++++++++-
lib/dns/dst_api.c | 21 ++-
configure | 250 +++++++++++++----------
configure.ac | 77 ++++++-
lib/dns/dst_api.c | 21 +-
lib/dns/include/dst/dst.h | 8 +
lib/dns/lib.c | 15 +-
lib/dns/openssl_link.c | 72 ++++++++-
lib/dns/pkcs11.c | 29 +++-
lib/dns/tests/Atffile | 1 +
lib/dns/openssl_link.c | 72 ++++++-
lib/dns/pkcs11.c | 29 ++-
lib/dns/tests/Kyuafile | 1 +
lib/dns/tests/Makefile.in | 7 +
lib/dns/tests/dnstest.c | 14 +-
lib/dns/tests/dstrandom_test.c | 99 ++++++++++++
lib/dns/tests/dstrandom_test.c | 115 +++++++++++
lib/dns/win32/libdns.def.in | 7 +
lib/isc/entropy.c | 24 +++
lib/isc/include/isc/entropy.h | 12 ++
@ -50,8 +48,8 @@ Include new unit test
lib/isc/include/isc/types.h | 2 +
lib/isc/pk11.c | 12 +-
lib/isc/win32/include/isc/platform.h.in | 5 +
win32utils/Configure | 29 +++-
38 files changed, 699 insertions(+), 182 deletions(-)
win32utils/Configure | 29 ++-
36 files changed, 707 insertions(+), 175 deletions(-)
create mode 100644 lib/dns/tests/dstrandom_test.c
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
@ -73,10 +71,10 @@ index 5015abb..295e16f 100644
&entropy_source,
randomfile,
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
index 65fdaaa..6612189 100644
index 931d5de..864f2ad 100644
--- a/bin/dnssec/dnssec-dsfromkey.c
+++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -497,14 +497,14 @@ main(int argc, char **argv) {
@@ -494,14 +494,14 @@ main(int argc, char **argv) {
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
@ -94,7 +92,7 @@ index 65fdaaa..6612189 100644
isc_entropy_stopcallbacksources(ectx);
setup_logging(mctx, &log);
@@ -566,8 +566,8 @@ main(int argc, char **argv) {
@@ -563,8 +563,8 @@ main(int argc, char **argv) {
if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log);
@ -137,7 +135,7 @@ index 0d1e7f8..79c4d74 100644
dns_name_destroy();
if (verbose > 10)
diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c
index 1a2b545..e33cb8b 100644
index 7d82dbf..10f9359 100644
--- a/bin/dnssec/dnssec-revoke.c
+++ b/bin/dnssec/dnssec-revoke.c
@@ -184,14 +184,14 @@ main(int argc, char **argv) {
@ -295,7 +293,7 @@ index fbc7ece..31a99e7 100644
usekeyboard);
diff --git a/bin/named/server.c b/bin/named/server.c
index 7f87ccf..9258e7f 100644
index b63a386..30e7eac 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -36,6 +36,7 @@
@ -306,7 +304,7 @@ index 7f87ccf..9258e7f 100644
#include <isc/portset.h>
#include <isc/print.h>
#include <isc/random.h>
@@ -8171,6 +8172,10 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8210,6 +8211,10 @@ load_configuration(const char *filename, ns_server_t *server,
"no source of entropy found");
} else {
const char *randomdev = cfg_obj_asstring(obj);
@ -317,7 +315,7 @@ index 7f87ccf..9258e7f 100644
int level = ISC_LOG_ERROR;
result = isc_entropy_createfilesource(ns_g_entropy,
randomdev);
@@ -8205,6 +8210,7 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8244,6 +8249,7 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -326,7 +324,7 @@ index 7f87ccf..9258e7f 100644
}
}
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 5eefc57..1559a33 100644
index 509784c..6d7a02e 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -35,6 +35,7 @@
@ -469,7 +467,7 @@ index 2fcc064..7b4f617 100644
isc_log_destroy(&lctx);
diff --git a/bin/tests/system/pipelined/tests.sh b/bin/tests/system/pipelined/tests.sh
index a6720ce..9063b1f 100644
index 61f1ff7..ed1302a 100644
--- a/bin/tests/system/pipelined/tests.sh
+++ b/bin/tests/system/pipelined/tests.sh
@@ -19,7 +19,7 @@ status=0
@ -480,7 +478,7 @@ index a6720ce..9063b1f 100644
+$PIPEQUERIES -p ${PORT} -r $RANDFILE < input > raw || ret=1
awk '{ print $1 " " $5 }' < raw > output
sort < output > output-sorted
diff ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; }
$DIFF ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; }
@@ -43,7 +43,7 @@ status=`expr $status + $ret`
echo_i "check keep-response-order"
@ -488,7 +486,7 @@ index a6720ce..9063b1f 100644
-$PIPEQUERIES -p ${PORT} ++ < inputb > rawb || ret=1
+$PIPEQUERIES -p ${PORT} -r $RANDFILE ++ < inputb > rawb || ret=1
awk '{ print $1 " " $5 }' < rawb > outputb
diff refb outputb || ret=1
$DIFF refb outputb || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c
index 4462f2e..f06268d 100644
@ -691,10 +689,10 @@ index 9f90dd7..fad6c83 100644
echo "I:failed"
status=`expr $status + $ret`
diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c
index 4876875..e46653a 100644
index b27fc1d..e28871b 100644
--- a/bin/tools/mdig.c
+++ b/bin/tools/mdig.c
@@ -1955,12 +1955,11 @@ main(int argc, char *argv[]) {
@@ -1969,12 +1969,11 @@ main(int argc, char *argv[]) {
ectx = NULL;
RUNCHECK(isc_entropy_create(mctx, &ectx));
@ -709,7 +707,7 @@ index 4876875..e46653a 100644
parse_args(false, argc, argv);
if (server == NULL)
diff --git a/configure b/configure
index 4394755..2e0af33 100755
index e425720..4f09c96 100755
--- a/configure
+++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\
@ -720,7 +718,7 @@ index 4394755..2e0af33 100755
BUILD_LIBS
BUILD_LDFLAGS
BUILD_CPPFLAGS
@@ -823,6 +824,7 @@ XMLSTATS
@@ -824,6 +825,7 @@ XMLSTATS
NZDTARGETS
NZDSRCS
NZD_TOOLS
@ -728,7 +726,7 @@ index 4394755..2e0af33 100755
PKCS11_TEST
PKCS11_ED25519
PKCS11_GOST
@@ -1035,6 +1037,7 @@ with_eddsa
@@ -1039,6 +1041,7 @@ with_eddsa
with_aes
enable_openssl_hash
with_cc_alg
@ -736,7 +734,7 @@ index 4394755..2e0af33 100755
with_lmdb
with_libxml2
with_libjson
@@ -1728,6 +1731,7 @@ Optional Features:
@@ -1735,6 +1738,7 @@ Optional Features:
--enable-threads enable multithreading
--enable-native-pkcs11 use native PKCS11 for all crypto [default=no]
--enable-openssl-hash use OpenSSL for hash functions [default=no]
@ -744,7 +742,7 @@ index 4394755..2e0af33 100755
--enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace
@@ -16631,6 +16635,7 @@ case "$use_openssl" in
@@ -16684,6 +16688,7 @@ case "$use_openssl" in
$as_echo "disabled because of native PKCS11" >&6; }
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -752,7 +750,7 @@ index 4394755..2e0af33 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16645,6 +16650,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
@@ -16698,6 +16703,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
$as_echo "no" >&6; }
DST_OPENSSL_INC=""
CRYPTO=""
@ -760,7 +758,7 @@ index 4394755..2e0af33 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16657,6 +16663,7 @@ $as_echo "no" >&6; }
@@ -16710,6 +16716,7 @@ $as_echo "no" >&6; }
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -768,7 +766,7 @@ index 4394755..2e0af33 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16666,7 +16673,7 @@ $as_echo "no" >&6; }
@@ -16719,7 +16726,7 @@ $as_echo "no" >&6; }
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -777,7 +775,7 @@ index 4394755..2e0af33 100755
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -16697,6 +16704,7 @@ $as_echo "not found" >&6; }
@@ -16750,6 +16757,7 @@ $as_echo "not found" >&6; }
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
fi
CRYPTO='-DOPENSSL'
@ -785,7 +783,7 @@ index 4394755..2e0af33 100755
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -17358,8 +17366,6 @@ fi
@@ -17411,8 +17419,6 @@ fi
# Use OpenSSL for hash functions
#
@ -794,7 +792,7 @@ index 4394755..2e0af33 100755
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -17728,6 +17734,86 @@ if test "rt" = "$have_clock_gt"; then
@@ -17787,6 +17793,86 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -881,7 +879,7 @@ index 4394755..2e0af33 100755
#
# was --with-lmdb specified?
#
@@ -19810,9 +19896,12 @@ _ACEOF
@@ -19869,9 +19955,12 @@ _ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
$as_echo "size_t for buflen; int for flags" >&6; }
@ -896,7 +894,7 @@ index 4394755..2e0af33 100755
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
@@ -21123,12 +21212,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -21186,12 +21275,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -910,7 +908,7 @@ index 4394755..2e0af33 100755
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364.
@@ -21161,6 +21245,11 @@ cat >>confdefs.h <<_ACEOF
@@ -21224,6 +21308,11 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
@ -922,7 +920,7 @@ index 4394755..2e0af33 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21169,39 +21258,6 @@ _ACEOF
@@ -21232,39 +21321,6 @@ _ACEOF
fi
;;
x86_64-*|amd64-*)
@ -962,7 +960,7 @@ index 4394755..2e0af33 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21232,6 +21288,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
@@ -21295,6 +21351,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
$as_echo "$arch" >&6; }
fi
@ -973,7 +971,7 @@ index 4394755..2e0af33 100755
if test "yes" = "$have_atomic"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
$as_echo_n "checking compiler support for inline assembly code... " >&6; }
@@ -23519,6 +23579,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
@@ -23848,6 +23908,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
#
dlzdir='${DLZ_DRIVER_DIR}'
@ -1004,7 +1002,7 @@ index 4394755..2e0af33 100755
#
# Private autoconf macro to simplify configuring drivers:
#
@@ -23849,11 +23933,11 @@ $as_echo "no" >&6; }
@@ -24178,11 +24262,11 @@ $as_echo "no" >&6; }
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
;;
*)
@ -1019,7 +1017,7 @@ index 4394755..2e0af33 100755
fi
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
@@ -23938,7 +24022,7 @@ $as_echo "" >&6; }
@@ -24267,7 +24351,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
@ -1028,7 +1026,7 @@ index 4394755..2e0af33 100755
# include a blank element first
for d in "" $bdb_incdirs
do
@@ -23963,57 +24047,9 @@ $as_echo "" >&6; }
@@ -24292,57 +24376,9 @@ $as_echo "" >&6; }
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
for d in $bdb_libnames
do
@ -1088,7 +1086,7 @@ index 4394755..2e0af33 100755
break
fi
done
@@ -24172,10 +24208,10 @@ $as_echo "no" >&6; }
@@ -24501,10 +24537,10 @@ $as_echo "no" >&6; }
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
fi
@ -1102,7 +1100,7 @@ index 4394755..2e0af33 100755
fi
@@ -24261,11 +24297,11 @@ fi
@@ -24590,11 +24626,11 @@ fi
odbcdirs="/usr /usr/local /usr/pkg"
for d in $odbcdirs
do
@ -1116,7 +1114,7 @@ index 4394755..2e0af33 100755
break
fi
done
@@ -24540,6 +24576,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@@ -24869,6 +24905,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1125,7 +1123,7 @@ index 4394755..2e0af33 100755
#
# Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody
@@ -26930,6 +26968,8 @@ report() {
@@ -27248,6 +27286,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1134,16 +1132,16 @@ index 4394755..2e0af33 100755
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -26970,6 +27010,8 @@ report() {
@@ -27288,6 +27328,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$atf" || echo " Automated Testing Framework (--with-atf)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
+ echo " Cryptographic library for DNSSEC: $CRYPTOLIB"
+
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -27017,6 +27059,8 @@ report() {
@@ -27335,6 +27377,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1152,11 +1150,11 @@ index 4394755..2e0af33 100755
test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/configure.in b/configure.in
index b07895f..898b4ac 100644
--- a/configure.in
+++ b/configure.in
@@ -1542,6 +1542,7 @@ case "$use_openssl" in
diff --git a/configure.ac b/configure.ac
index 7c5ad51..fddc63a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1503,6 +1503,7 @@ case "$use_openssl" in
AC_MSG_RESULT(disabled because of native PKCS11)
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -1164,7 +1162,7 @@ index b07895f..898b4ac 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1555,6 +1556,7 @@ case "$use_openssl" in
@@ -1516,6 +1517,7 @@ case "$use_openssl" in
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1172,7 +1170,7 @@ index b07895f..898b4ac 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1567,6 +1569,7 @@ case "$use_openssl" in
@@ -1528,6 +1530,7 @@ case "$use_openssl" in
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1180,7 +1178,7 @@ index b07895f..898b4ac 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1577,7 +1580,7 @@ case "$use_openssl" in
@@ -1538,7 +1541,7 @@ case "$use_openssl" in
OPENSSLLINKSRCS=""
AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -1189,7 +1187,7 @@ index b07895f..898b4ac 100644
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -1607,6 +1610,7 @@ If you don't want OpenSSL, use --without-openssl])
@@ -1568,6 +1571,7 @@ If you don't want OpenSSL, use --without-openssl])
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
fi
CRYPTO='-DOPENSSL'
@ -1197,7 +1195,7 @@ index b07895f..898b4ac 100644
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -2080,7 +2084,6 @@ fi
@@ -2041,7 +2045,6 @@ fi
# Use OpenSSL for hash functions
#
@ -1205,7 +1203,7 @@ index b07895f..898b4ac 100644
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -2347,6 +2350,67 @@ if test "rt" = "$have_clock_gt"; then
@@ -2313,6 +2316,67 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -1273,7 +1271,7 @@ index b07895f..898b4ac 100644
#
# was --with-lmdb specified?
#
@@ -4139,12 +4203,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -4109,12 +4173,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -1287,7 +1285,7 @@ index b07895f..898b4ac 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -4153,7 +4217,6 @@ if test "yes" = "$use_atomic"; then
@@ -4123,7 +4187,6 @@ if test "yes" = "$use_atomic"; then
fi
;;
x86_64-*|amd64-*)
@ -1295,7 +1293,7 @@ index b07895f..898b4ac 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -5517,6 +5580,8 @@ report() {
@@ -5541,6 +5604,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1304,16 +1302,16 @@ index b07895f..898b4ac 100644
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -5557,6 +5622,8 @@ report() {
@@ -5581,6 +5646,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$atf" || echo " Automated Testing Framework (--with-atf)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
+ echo " Cryptographic library for DNSSEC: $CRYPTOLIB"
+
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -5604,6 +5671,8 @@ report() {
@@ -5628,6 +5695,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1323,7 +1321,7 @@ index b07895f..898b4ac 100644
test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 5703f9c..afb4d80 100644
index 320c0f8..b55ebe0 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -276,6 +276,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
@ -1359,7 +1357,7 @@ index 5703f9c..afb4d80 100644
if (dst__memory_pool != NULL)
isc_mem_detach(&dst__memory_pool);
if (dst_entropy_pool != NULL)
@@ -1998,13 +2012,17 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
@@ -2001,13 +2015,17 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
flags &= ~ISC_ENTROPY_GOODONLY;
else
flags |= ISC_ENTROPY_BLOCKING;
@ -1378,7 +1376,7 @@ index 5703f9c..afb4d80 100644
#ifdef GSSAPI
unsigned int flags = dst_entropy_flags;
isc_result_t ret;
@@ -2027,6 +2045,7 @@ dst__entropy_status(void) {
@@ -2030,6 +2048,7 @@ dst__entropy_status(void) {
#endif
return (isc_entropy_status(dst_entropy_pool));
#else
@ -1387,10 +1385,10 @@ index 5703f9c..afb4d80 100644
#endif
}
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index 32b0742..78e1277 100644
index 1924e74..6813c96 100644
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -160,6 +160,14 @@ dst_lib_destroy(void);
@@ -159,6 +159,14 @@ dst_lib_destroy(void);
* Releases all resources allocated by DST.
*/
@ -1461,7 +1459,7 @@ index 304814b..60543c4 100644
isc_hash_destroy();
cleanup_db:
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index a30a2ab..d88d643 100644
index d65ce26..6849732 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -31,6 +31,7 @@
@ -1499,7 +1497,7 @@ index a30a2ab..d88d643 100644
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
@@ -190,7 +193,7 @@ _set_thread_id(CRYPTO_THREADID *id)
@@ -192,7 +195,7 @@ _set_thread_id(CRYPTO_THREADID *id)
isc_result_t
dst__openssl_init(const char *engine) {
isc_result_t result;
@ -1508,7 +1506,7 @@ index a30a2ab..d88d643 100644
ENGINE *re;
#else
UNUSED(engine);
@@ -220,6 +223,7 @@ dst__openssl_init(const char *engine) {
@@ -222,6 +225,7 @@ dst__openssl_init(const char *engine) {
ERR_load_crypto_strings();
#endif
@ -1516,7 +1514,7 @@ index a30a2ab..d88d643 100644
rm = mem_alloc(sizeof(RAND_METHOD) FILELINE);
if (rm == NULL) {
result = ISC_R_NOMEMORY;
@@ -231,6 +235,7 @@ dst__openssl_init(const char *engine) {
@@ -233,6 +237,7 @@ dst__openssl_init(const char *engine) {
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
@ -1524,7 +1522,7 @@ index a30a2ab..d88d643 100644
#if !defined(OPENSSL_NO_ENGINE)
#if !defined(CONF_MFLAGS_DEFAULT_SECTION)
@@ -264,6 +269,7 @@ dst__openssl_init(const char *engine) {
@@ -266,6 +271,7 @@ dst__openssl_init(const char *engine) {
}
}
@ -1532,7 +1530,7 @@ index a30a2ab..d88d643 100644
re = ENGINE_get_default_RAND();
if (re == NULL) {
re = ENGINE_new();
@@ -276,9 +282,21 @@ dst__openssl_init(const char *engine) {
@@ -278,9 +284,21 @@ dst__openssl_init(const char *engine) {
ENGINE_free(re);
} else
ENGINE_finish(re);
@ -1554,7 +1552,7 @@ index a30a2ab..d88d643 100644
return (ISC_R_SUCCESS);
#if !defined(OPENSSL_NO_ENGINE)
@@ -286,10 +304,14 @@ dst__openssl_init(const char *engine) {
@@ -288,10 +306,14 @@ dst__openssl_init(const char *engine) {
if (e != NULL)
ENGINE_free(e);
e = NULL;
@ -1569,7 +1567,7 @@ index a30a2ab..d88d643 100644
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
@@ -304,14 +326,17 @@ void
@@ -306,14 +328,17 @@ void
dst__openssl_destroy(void) {
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
OPENSSL_cleanup();
@ -1587,7 +1585,7 @@ index a30a2ab..d88d643 100644
if (rm != NULL) {
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
RAND_cleanup();
@@ -319,6 +344,7 @@ dst__openssl_destroy(void) {
@@ -321,6 +346,7 @@ dst__openssl_destroy(void) {
mem_free(rm FILELINE);
rm = NULL;
}
@ -1595,7 +1593,7 @@ index a30a2ab..d88d643 100644
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
CONF_modules_free();
#endif
@@ -454,11 +480,45 @@ dst__openssl_getengine(const char *engine) {
@@ -456,11 +482,45 @@ dst__openssl_getengine(const char *engine) {
}
#endif
@ -1700,35 +1698,23 @@ index 5a2c502..8eaef53 100644
#endif /* PKCS11CRYPTO */
/*! \file */
diff --git a/lib/dns/tests/Atffile b/lib/dns/tests/Atffile
index 953082d..603c4b5 100644
--- a/lib/dns/tests/Atffile
+++ b/lib/dns/tests/Atffile
@@ -10,6 +10,7 @@ tp: dbversion_test
tp: dh_test
tp: dispatch_test
tp: dnstap_test
+tp: dstrandom_test
tp: dst_test
tp: geoip_test
tp: gost_test
diff --git a/lib/dns/tests/Kyuafile b/lib/dns/tests/Kyuafile
index 0353a73..cb2324d 100644
index 937b548..f3c0e38 100644
--- a/lib/dns/tests/Kyuafile
+++ b/lib/dns/tests/Kyuafile
@@ -10,6 +10,7 @@ atf_test_program{name='dh_test'}
atf_test_program{name='dispatch_test'}
atf_test_program{name='dnstap_test'}
atf_test_program{name='dst_test'}
+atf_test_program{name='dstrandom_test'}
atf_test_program{name='geoip_test'}
atf_test_program{name='gost_test'}
atf_test_program{name='keytable_test'}
@@ -10,6 +10,7 @@ tap_test_program{name='dh_test'}
tap_test_program{name='dispatch_test'}
tap_test_program{name='dnstap_test'}
tap_test_program{name='dst_test'}
+tap_test_program{name='dstrandom_test'}
tap_test_program{name='geoip_test'}
tap_test_program{name='gost_test'}
tap_test_program{name='keytable_test'}
diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in
index 58fa872..625e809 100644
index 0897579..9f1781a 100644
--- a/lib/dns/tests/Makefile.in
+++ b/lib/dns/tests/Makefile.in
@@ -40,6 +40,7 @@ SRCS = acl_test.c \
@@ -37,6 +37,7 @@ SRCS = acl_test.c \
dnstap_test.c \
dst_test.c \
dnstest.c \
@ -1736,7 +1722,7 @@ index 58fa872..625e809 100644
geoip_test.c \
gost_test.c \
keytable_test.c \
@@ -71,6 +72,7 @@ TARGETS = acl_test@EXEEXT@ \
@@ -69,6 +70,7 @@ TARGETS = acl_test@EXEEXT@ \
dh_test@EXEEXT@ \
dispatch_test@EXEEXT@ \
dnstap_test@EXEEXT@ \
@ -1744,9 +1730,9 @@ index 58fa872..625e809 100644
dst_test@EXEEXT@ \
geoip_test@EXEEXT@ \
gost_test@EXEEXT@ \
@@ -255,6 +257,11 @@ tsig_test@EXEEXT@: tsig_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
tsig_test.@O@ dnstest.@O@ ${DNSLIBS} \
${ISCLIBS} ${LIBS}
@@ -258,6 +260,11 @@ zt_test@EXEEXT@: zt_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LDFLAGS} -o $@ zt_test.@O@ dnstest.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
+dstrandom_test@EXEEXT@: dstrandom_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
@ -1756,51 +1742,12 @@ index 58fa872..625e809 100644
unit::
sh ${top_builddir}/unit/unittest.sh
diff --git a/lib/dns/tests/dnstest.c b/lib/dns/tests/dnstest.c
index 51bb90b..1b25b90 100644
--- a/lib/dns/tests/dnstest.c
+++ b/lib/dns/tests/dnstest.c
@@ -122,12 +122,12 @@ dns_test_begin(FILE *logfile, bool start_managers) {
CHECK(isc_mem_create(0, 0, &mctx));
CHECK(isc_entropy_create(mctx, &ectx));
- CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE));
- hash_active = true;
-
CHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING));
dst_active = true;
+ CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE));
+ hash_active = true;
+
if (logfile != NULL) {
isc_logdestination_t destination;
isc_logconfig_t *logconfig = NULL;
@@ -171,14 +171,14 @@ dns_test_begin(FILE *logfile, bool start_managers) {
void
dns_test_end(void) {
- if (dst_active) {
- dst_lib_destroy();
- dst_active = false;
- }
if (hash_active) {
isc_hash_destroy();
hash_active = false;
}
+ if (dst_active) {
+ dst_lib_destroy();
+ dst_active = false;
+ }
if (ectx != NULL)
isc_entropy_detach(&ectx);
diff --git a/lib/dns/tests/dstrandom_test.c b/lib/dns/tests/dstrandom_test.c
new file mode 100644
index 0000000..b980d8a
index 0000000..bd3d164
--- /dev/null
+++ b/lib/dns/tests/dstrandom_test.c
@@ -0,0 +1,99 @@
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
@ -1812,18 +1759,25 @@ index 0000000..b980d8a
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+#if HAVE_CMOCKA
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/platform.h>
+#include <isc/util.h>
+
@ -1833,26 +1787,23 @@ index 0000000..b980d8a
+isc_entropy_t *ectx = NULL;
+unsigned char buffer[128];
+
+ATF_TC(isc_entropy_getdata);
+ATF_TC_HEAD(isc_entropy_getdata, tc) {
+ atf_tc_set_md_var(tc, "descr",
+ "isc_entropy_getdata() examples");
+ atf_tc_set_md_var(tc, "X-randomfile",
+ "testdata/dstrandom/random.data");
+}
+ATF_TC_BODY(isc_entropy_getdata, tc) {
+/* isc_entropy_getdata() examples */
+static void
+isc_entropy_getdata_test(void **state) {
+ isc_result_t result;
+ unsigned int returned, status;
+ const char *randomfile = "testdata/dstrandom/random.data";
+ int ret;
+ const char *randomfile = atf_tc_get_md_var(tc, "X-randomfile");
+
+ UNUSED(state);
+
+ isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
+ result = isc_mem_create(0, 0, &mctx);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = isc_entropy_create(mctx, &ectx);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dst_lib_init(mctx, ectx, 0);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+#ifdef ISC_PLATFORM_CRYPTORANDOM
+ isc_entropy_usehook(ectx, true);
@ -1860,51 +1811,63 @@ index 0000000..b980d8a
+ returned = 0;
+ result = isc_entropy_getdata(ectx, buffer, sizeof(buffer),
+ &returned, 0);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ ATF_REQUIRE(returned == sizeof(buffer));
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(returned, sizeof(buffer));
+
+ status = isc_entropy_status(ectx);
+ ATF_REQUIRE_EQ(status, 0);
+ assert_int_equal(status, 0);
+
+ isc_entropy_usehook(ectx, false);
+#endif
+
+ ret = chdir(TESTS);
+ ATF_REQUIRE_EQ(ret, 0);
+ assert_int_equal(ret, 0);
+
+ result = isc_entropy_createfilesource(ectx, randomfile);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ returned = 0;
+ result = isc_entropy_getdata(ectx, buffer, sizeof(buffer),
+ &returned, 0);
+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+ ATF_REQUIRE(returned == sizeof(buffer));
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(returned, sizeof(buffer));
+
+ status = isc_entropy_status(ectx);
+ ATF_REQUIRE(status > 0);
+ assert_true(status > 0);
+
+ dst_lib_destroy();
+ isc_entropy_detach(&ectx);
+ ATF_REQUIRE(ectx == NULL);
+ assert_null(ectx);
+
+ isc_mem_destroy(&mctx);
+ ATF_REQUIRE(mctx == NULL);
+ assert_null(mctx);
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+ ATF_TP_ADD_TC(tp, isc_entropy_getdata);
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(isc_entropy_getdata_test),
+ };
+
+ return (atf_no_error());
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (0);
+}
+
+#endif
diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index 62a156c..bf83fe5 100644
index 5c45d59..34b660c 100644
--- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in
@@ -1483,6 +1483,13 @@ dst_lib_destroy
@@ -1484,6 +1484,13 @@ dst_lib_destroy
dst_lib_init
dst_lib_init2
dst_lib_initmsgcat
@ -2029,7 +1992,7 @@ index 42ff7e0..8d87c44 100644
typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int);
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index a01e698..875c232 100644
index bb9912b..1f583a3 100644
--- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c
@@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) {
@ -2071,7 +2034,7 @@ index 5b8a2c9..913a2ce 100644
* Define if the hash functions must be provided by OpenSSL.
*/
diff --git a/win32utils/Configure b/win32utils/Configure
index ff596b7..09b476f 100644
index ad99f89..2c55946 100644
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -381,6 +381,7 @@ my @substdefh = ("AES_CC",
@ -2082,7 +2045,7 @@ index ff596b7..09b476f 100644
"ISC_PLATFORM_HAVEATOMICSTORE",
"ISC_PLATFORM_HAVEATOMICSTOREQ",
"ISC_PLATFORM_HAVECMPXCHG",
@@ -509,7 +510,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
@@ -510,7 +511,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
# enable-xxx/disable-xxx
@ -2092,7 +2055,7 @@ index ff596b7..09b476f 100644
"fixed-rrset",
"intrinsics",
"isc-spnego",
@@ -571,6 +573,7 @@ my @help = (
@@ -573,6 +575,7 @@ my @help = (
"\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
@ -2100,7 +2063,7 @@ index ff596b7..09b476f 100644
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n",
@@ -614,7 +617,9 @@ my $want_clean = "no";
@@ -617,7 +620,9 @@ my $want_clean = "no";
my $want_unknown = "no";
my $unknown_value;
my $enable_intrinsics = "yes";
@ -2110,7 +2073,7 @@ index ff596b7..09b476f 100644
my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "yes";
my $enable_isc_spnego = "yes";
@@ -823,6 +828,10 @@ sub myenable {
@@ -828,6 +833,10 @@ sub myenable {
if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes";
}
@ -2121,7 +2084,7 @@ index ff596b7..09b476f 100644
} elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes";
@@ -1106,6 +1115,11 @@ if ($verbose) {
@@ -1119,6 +1128,11 @@ if ($verbose) {
} else {
print "native-pkcs11: disabled\n";
}
@ -2133,7 +2096,7 @@ index ff596b7..09b476f 100644
if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n";
} else {
@@ -1454,6 +1468,7 @@ if ($enable_intrinsics eq "yes") {
@@ -1472,6 +1486,7 @@ if ($enable_intrinsics eq "yes") {
# enable-native-pkcs11
if ($enable_native_pkcs11 eq "yes") {
@ -2141,7 +2104,7 @@ index ff596b7..09b476f 100644
if ($use_openssl eq "auto") {
$use_openssl = "no";
}
@@ -1663,6 +1678,7 @@ if ($use_openssl eq "yes") {
@@ -1681,6 +1696,7 @@ if ($use_openssl eq "yes") {
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
}
@ -2149,7 +2112,7 @@ index ff596b7..09b476f 100644
$configcond{"OPENSSL"} = 1;
$configdefd{"CRYPTO"} = "OPENSSL";
$configvar{"OPENSSL_PATH"} = "$openssl_path";
@@ -2214,6 +2230,15 @@ if ($cookie_algorithm eq "sha1") {
@@ -2232,6 +2248,15 @@ if ($cookie_algorithm eq "sha1") {
die "Unrecognized cookie algorithm: $cookie_algorithm\n";
}
@ -2165,7 +2128,7 @@ index ff596b7..09b476f 100644
# enable-openssl-hash
if ($enable_openssl_hash eq "yes") {
if ($use_openssl eq "no") {
@@ -3536,6 +3561,7 @@ exit 0;
@@ -3558,6 +3583,7 @@ exit 0;
# --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported
@ -2173,7 +2136,7 @@ index ff596b7..09b476f 100644
# --enable-openssl-version-check included without a way to disable it
# --enable-openssl-hash supported
# --enable-threads included without a way to disable it
@@ -3561,6 +3587,7 @@ exit 0;
@@ -3583,6 +3609,7 @@ exit 0;
# --with-gost supported
# --with-aes supported
# --with-cc-alg supported
@ -2182,5 +2145,5 @@ index ff596b7..09b476f 100644
# --with-gssapi supported with MIT (K)erberos (f)or (W)indows
# --with-lmdb no supported on WIN32 (port is not reliable)
--
2.14.4
2.20.1

125
bind-9.11-rt46047.patch
View File

@ -1,4 +1,4 @@
From 9a074d5cd6c6276d95bc1cce3a14afaabc88c6c5 Mon Sep 17 00:00:00 2001
From 2b7a633f29c2ae8fe801f2a98541013837ebaeaa Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 28 Sep 2017 10:09:22 -0700
Subject: [PATCH] completed and corrected the crypto-random change
@ -24,29 +24,29 @@ Subject: [PATCH] completed and corrected the crypto-random change
"configure --disable-crypto-rand".
[RT #31459] [RT #46047]
---
bin/confgen/keygen.c | 12 +++----
bin/dnssec/dnssec-keygen.docbook | 24 +++++++++-----
bin/dnssec/dnssectool.c | 12 +++----
bin/confgen/keygen.c | 12 +++---
bin/dnssec/dnssec-keygen.docbook | 24 +++++++----
bin/dnssec/dnssectool.c | 12 +++---
bin/named/client.c | 3 +-
bin/named/config.c | 4 ++-
bin/named/controlconf.c | 19 +++++++----
bin/named/include/named/server.h | 2 ++
bin/named/config.c | 4 +-
bin/named/controlconf.c | 19 +++++---
bin/named/include/named/server.h | 2 +
bin/named/interfacemgr.c | 1 +
bin/named/query.c | 1 +
bin/named/server.c | 53 ++++++++++++++++++------------
bin/nsupdate/nsupdate.c | 4 +--
bin/tests/system/pipelined/pipequeries.c | 4 +--
bin/tests/system/tkey/keycreate.c | 4 +--
bin/tests/system/tkey/keydelete.c | 4 +--
doc/arm/Bv9ARM-book.xml | 55 ++++++++++++++++++++++----------
doc/arm/notes.xml | 26 +++++++++++++++
lib/dns/dst_api.c | 4 ++-
lib/dns/include/dst/dst.h | 14 ++++++--
bin/named/server.c | 51 ++++++++++++++--------
bin/nsupdate/nsupdate.c | 4 +-
bin/tests/system/pipelined/pipequeries.c | 4 +-
bin/tests/system/tkey/keycreate.c | 4 +-
bin/tests/system/tkey/keydelete.c | 4 +-
doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++-------
doc/arm/notes.xml | 26 +++++++++++
lib/dns/dst_api.c | 4 +-
lib/dns/include/dst/dst.h | 14 +++++-
lib/dns/openssl_link.c | 3 +-
lib/isc/include/isc/entropy.h | 50 +++++++++++++++++++++--------
lib/isc/include/isc/random.h | 28 ++++++++++------
lib/isc/include/isc/entropy.h | 50 +++++++++++++++------
lib/isc/include/isc/random.h | 28 +++++++-----
lib/isccfg/namedconf.c | 2 +-
22 files changed, 221 insertions(+), 108 deletions(-)
22 files changed, 220 insertions(+), 107 deletions(-)
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index 295e16f..0f79aa8 100644
@ -76,10 +76,10 @@ index 295e16f..0f79aa8 100644
&entropy_source,
randomfile,
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 96dfef6..1c84b06 100644
index ee6a489..17dddb6 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -349,15 +349,23 @@
@@ -350,15 +350,23 @@
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
@ -140,10 +140,10 @@ index 31a99e7..38c83ed 100644
usekeyboard);
diff --git a/bin/named/client.c b/bin/named/client.c
index 0f6e162..5e39b82 100644
index d425df2..7ab3dec 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1608,7 +1608,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
@@ -1609,7 +1609,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_stdtime_get(&now);
@ -154,7 +154,7 @@ index 0f6e162..5e39b82 100644
compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
diff --git a/bin/named/config.c b/bin/named/config.c
index 2c4c93c..16ed248 100644
index a153172..8d46bc3 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -93,7 +93,9 @@ options {\n\
@ -253,7 +253,7 @@ index 419927b..d721f47 100644
#include <isc/task.h>
#include <isc/util.h>
diff --git a/bin/named/query.c b/bin/named/query.c
index f8dbef2..2f3c0ca 100644
index 1d3edbc..193efde 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -19,6 +19,7 @@
@ -265,10 +265,10 @@ index f8dbef2..2f3c0ca 100644
#include <isc/serial.h>
#include <isc/stats.h>
diff --git a/bin/named/server.c b/bin/named/server.c
index 9258e7f..f4320df 100644
index 30e7eac..27ea3bf 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8164,21 +8164,30 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8203,21 +8203,30 @@ load_configuration(const char *filename, ns_server_t *server,
* Open the source of entropy.
*/
if (first_time) {
@ -277,11 +277,6 @@ index 9258e7f..f4320df 100644
obj = NULL;
result = ns_config_get(maps, "random-device", &obj);
- if (result != ISC_R_SUCCESS) {
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_SERVER, ISC_LOG_INFO,
- "no source of entropy found");
- } else {
- const char *randomdev = cfg_obj_asstring(obj);
+ if (result == ISC_R_SUCCESS) {
+ if (!cfg_obj_isvoid(obj)) {
+ level = ISC_LOG_INFO;
@ -289,28 +284,32 @@ index 9258e7f..f4320df 100644
+ }
+ }
+ if (randomdev == NULL) {
#ifdef ISC_PLATFORM_CRYPTORANDOM
- if (strcmp(randomdev, ISC_PLATFORM_CRYPTORANDOM) == 0)
- isc_entropy_usehook(ns_g_entropy, true);
+#ifdef ISC_PLATFORM_CRYPTORANDOM
+ isc_entropy_usehook(ns_g_entropy, true);
#else
- int level = ISC_LOG_ERROR;
- result = isc_entropy_createfilesource(ns_g_entropy,
- randomdev);
+#else
+ if ((obj != NULL) && !cfg_obj_isvoid(obj))
+ level = ISC_LOG_INFO;
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ NS_LOGMODULE_SERVER, level,
+ "no source of entropy found");
"no source of entropy found");
+ if ((obj == NULL) || cfg_obj_isvoid(obj)) {
+ CHECK(ISC_R_FAILURE);
+ }
+#endif
+ } else {
} else {
- const char *randomdev = cfg_obj_asstring(obj);
-#ifdef ISC_PLATFORM_CRYPTORANDOM
- if (strcmp(randomdev, ISC_PLATFORM_CRYPTORANDOM) == 0)
- isc_entropy_usehook(ns_g_entropy, true);
-#else
- int level = ISC_LOG_ERROR;
- result = isc_entropy_createfilesource(ns_g_entropy,
- randomdev);
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
level = ISC_LOG_INFO;
@@ -8189,8 +8198,8 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8228,8 +8237,8 @@ load_configuration(const char *filename, ns_server_t *server,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
level,
@ -321,7 +320,7 @@ index 9258e7f..f4320df 100644
randomdev,
isc_result_totext(result));
}
@@ -8210,7 +8219,6 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8249,7 +8258,6 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -329,7 +328,7 @@ index 9258e7f..f4320df 100644
#endif
}
}
@@ -8998,6 +9006,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9040,6 +9048,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
@ -339,7 +338,7 @@ index 9258e7f..f4320df 100644
/*
* Setup the server task, which is responsible for coordinating
@@ -9204,7 +9215,8 @@ ns_server_destroy(ns_server_t **serverp) {
@@ -9246,7 +9257,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr);
@ -349,7 +348,7 @@ index 9258e7f..f4320df 100644
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@@ -13105,10 +13117,10 @@ newzone_cfgctx_destroy(void **cfgp) {
@@ -13197,10 +13209,10 @@ newzone_cfgctx_destroy(void **cfgp) {
static isc_result_t
generate_salt(unsigned char *salt, size_t saltlen) {
@ -362,7 +361,7 @@ index 9258e7f..f4320df 100644
} rnd;
unsigned char text[512 + 1];
isc_region_t r;
@@ -13118,9 +13130,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
@@ -13210,9 +13222,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
if (saltlen > 256U)
return (ISC_R_RANGE);
@ -377,7 +376,7 @@ index 9258e7f..f4320df 100644
memmove(salt, rnd.rnd, saltlen);
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 1559a33..68b9a99 100644
index 6d7a02e..626b1cf 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -283,9 +283,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@ -437,10 +436,10 @@ index 2146f9b..ac2c311 100644
}
#endif
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index baff8d3..00a50e4 100644
index dd5365c..1a463b0 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -5070,22 +5070,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -5071,22 +5071,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<term><command>random-device</command></term>
<listitem>
<para>
@ -503,11 +502,11 @@ index baff8d3..00a50e4 100644
</listitem>
</varlistentry>
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index d9537a3..5c2cc13 100644
index ad4b34c..2685b8e 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -180,6 +180,32 @@
option. [GL #105]
@@ -229,6 +229,32 @@
is used from the shell scripts.
</para>
</listitem>
+ <listitem>
@ -535,15 +534,15 @@ index d9537a3..5c2cc13 100644
+ case <filename>/dev/random</filename> will be the default
+ entropy source. [RT #31459] [RT #46047]
+ </para>
+ </listitem>
+ </listitem>
</itemizedlist>
</section>
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index afb4d80..4e62a97 100644
index b55ebe0..d2b43d3 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -2013,10 +2013,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
@@ -2016,10 +2016,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
else
flags |= ISC_ENTROPY_BLOCKING;
#ifdef ISC_PLATFORM_CRYPTORANDOM
@ -558,10 +557,10 @@ index afb4d80..4e62a97 100644
}
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index 78e1277..10293d0 100644
index 6813c96..665574d 100644
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -164,8 +164,18 @@ isc_result_t
@@ -163,8 +163,18 @@ isc_result_t
dst_random_getdata(void *data, unsigned int length,
unsigned int *returned, unsigned int flags);
/*%<
@ -583,10 +582,10 @@ index 78e1277..10293d0 100644
bool
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index d88d643..7a233dd 100644
index 6849732..e00a0e4 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -482,7 +482,8 @@ dst__openssl_getengine(const char *engine) {
@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) {
isc_result_t
dst_random_getdata(void *data, unsigned int length,
@ -740,7 +739,7 @@ index f8aed34..17c551b 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index cd797a6..589da07 100644
index fbc62cc..9cad61d 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1109,7 +1109,7 @@ options_clauses[] = {
@ -753,5 +752,5 @@ index cd797a6..589da07 100644
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reserved-sockets", &cfg_type_uint32, 0 },
--
2.14.4
2.20.1

14
bind-9.11-tests-variants.patch
View File

@ -1,4 +1,4 @@
From 118c70ab26f54f8ecd38da36f3e7d7ed66e2e764 Mon Sep 17 00:00:00 2001
From 7d689f77714430a4ef6cead040ec304dca0b8bd3 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 1 Mar 2019 15:48:20 +0100
Subject: [PATCH] Make alternative named builds testable in system tests
@ -17,19 +17,19 @@ export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 0b9706a..a446c18 100644
index b072af8..d2cb8ed 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -20,7 +20,7 @@ TOP=${SYSTEMTESTTOP:=.}/../../..
# Make it absolute so that it continues to work after we cd.
TOP=`cd $TOP && pwd`
@@ -27,7 +27,7 @@ ALTERNATIVE_ALGORITHM=RSASHA1
ALTERNATIVE_ALGORITHM_NUMBER=5
ALTERNATIVE_BITS=1280
-NAMED=$TOP/bin/named/named
+NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT}
# We must use "named -l" instead of "lwresd" because argv[0] is lost
# if the program is libtoolized.
LWRESD="$TOP/bin/named/named -l"
@@ -31,13 +31,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
@@ -38,13 +38,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
@ -51,7 +51,7 @@ index 0b9706a..a446c18 100644
CHECKDS=$TOP/bin/python/dnssec-checkds
COVERAGE=$TOP/bin/python/dnssec-coverage
KEYMGR=$TOP/bin/python/dnssec-keymgr
@@ -57,7 +58,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
@@ -64,7 +65,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
MDIG=$TOP/bin/tools/mdig
NZD2NZF=$TOP/bin/tools/named-nzd2nzf
FSTRM_CAPTURE=@FSTRM_CAPTURE@

39
bind-9.11-unit-disable-random.patch
View File

@ -1,4 +1,4 @@
From c89b0e288f923af69b97e8acc29250b262be7d1e Mon Sep 17 00:00:00 2001
From 373f07148217a8e70e33446f5108fb42d1079ba6 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 21 Feb 2019 22:42:27 +0100
Subject: [PATCH] Disable random_test
@ -9,37 +9,22 @@ subtests can occasionally fail, stop it.
It can be used again by defining 'unstable' variable in Kyuafile.
---
lib/isc/tests/Atffile | 3 ++-
lib/isc/tests/Kyuafile | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/isc/tests/Atffile b/lib/isc/tests/Atffile
index 8681844..74a4a77 100644
--- a/lib/isc/tests/Atffile
+++ b/lib/isc/tests/Atffile
@@ -20,7 +20,8 @@ tp: pool_test
tp: print_test
tp: queue_test
tp: radix_test
-tp: random_test
+# random test fails too often
+#tp: random_test
tp: regex_test
tp: result_test
tp: safe_test
diff --git a/lib/isc/tests/Kyuafile b/lib/isc/tests/Kyuafile
index 1c510c1..a86824a 100644
index 4cd2574..9df2340 100644
--- a/lib/isc/tests/Kyuafile
+++ b/lib/isc/tests/Kyuafile
@@ -19,7 +19,7 @@ atf_test_program{name='pool_test'}
atf_test_program{name='print_test'}
atf_test_program{name='queue_test'}
atf_test_program{name='radix_test'}
-atf_test_program{name='random_test'}
+atf_test_program{name='random_test', required_configs='unstable'}
atf_test_program{name='regex_test'}
atf_test_program{name='result_test'}
atf_test_program{name='safe_test'}
@@ -19,7 +19,7 @@ tap_test_program{name='pool_test'}
tap_test_program{name='print_test'}
tap_test_program{name='queue_test'}
tap_test_program{name='radix_test'}
-tap_test_program{name='random_test'}
+tap_test_program{name='random_test', required_configs='unstable'}
tap_test_program{name='regex_test'}
tap_test_program{name='result_test'}
tap_test_program{name='safe_test'}
--
2.20.1

24
bind-9.11-unit-dnstap-pkcs11.patch
View File

@ -1,24 +0,0 @@
diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c
index 56e3da4..1f31542 100644
--- a/lib/dns/tests/dnstap_test.c
+++ b/lib/dns/tests/dnstap_test.c
@@ -297,6 +297,9 @@ ATF_TC_BODY(totext, tc) {
UNUSED(tc);
+ /* make sure text conversion gets the right local time */
+ setenv("TZ", "PST8", 1);
+
result = dns_test_begin(NULL, true);
ATF_REQUIRE(result == ISC_R_SUCCESS);
@@ -306,9 +309,6 @@ ATF_TC_BODY(totext, tc) {
result = isc_stdio_open(TAPTEXT, "r", &fp);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
- /* make sure text conversion gets the right local time */
- setenv("TZ", "PST8", 1);
-
while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) {
dns_dtdata_t *dtdata = NULL;
isc_buffer_t *b = NULL;

37
bind-9.9.1-P2-multlib-conflict.patch
View File

@ -1,8 +1,8 @@
diff --git a/config.h.in b/config.h.in
index e1364dd921..1dc65cfb21 100644
index 4ecaa8f..2f65ccc 100644
--- a/config.h.in
+++ b/config.h.in
@@ -588,7 +588,7 @@ int sigwait(const unsigned int *set, int *sig);
@@ -600,7 +600,7 @@ int sigwait(const unsigned int *set, int *sig);
#undef PREFER_GOSTASN1
/* The size of `void *', as computed by sizeof. */
@ -11,39 +11,8 @@ index e1364dd921..1dc65cfb21 100644
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
diff --git a/configure.in b/configure.in
index 73b1c8ccbb..129fc3f311 100644
--- a/configure.in
+++ b/configure.in
@@ -3523,14 +3523,14 @@ AC_TRY_COMPILE([
#include <sys/socket.h>
#include <netdb.h>
int getnameinfo(const struct sockaddr *, socklen_t, char *,
- socklen_t, char *, socklen_t, unsigned int);],
+ socklen_t, char *, socklen_t, int);],
[ return (0);],
- [AC_MSG_RESULT(socklen_t for buflen; u_int for flags)
+ [AC_MSG_RESULT(socklen_t for buflen; int for flags)
AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, socklen_t,
[Define to the sockaddr length type used by getnameinfo(3).])
AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, socklen_t,
[Define to the buffer length type used by getnameinfo(3).])
- AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, unsigned int,
+ AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, int,
[Define to the flags type used by getnameinfo(3).])],
[AC_TRY_COMPILE([
#include <sys/types.h>
@@ -3557,7 +3557,7 @@ int getnameinfo(const struct sockaddr *, size_t, char *,
[AC_MSG_RESULT(not match any subspecies; assume standard definition)
AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, socklen_t)
AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, socklen_t)
-AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, int)])])])
+AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, unsigned int)])])])
#
# ...and same for gai_strerror().
diff --git a/isc-config.sh.in b/isc-config.sh.in
index a8a0a89e88..b5e94ed13e 100644
index a8a0a89..b5e94ed 100644
--- a/isc-config.sh.in
+++ b/isc-config.sh.in
@@ -13,7 +13,18 @@ prefix=@prefix@

9
bind.spec
View File

@ -128,18 +128,12 @@ Patch159:bind-9.11-rt46047.patch
Patch160:bind-9.11-rh1624100.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/555
Patch161:bind-9.11-host-idn-disable.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/624
Patch162:bind-9.11-unit-dnstap-pkcs11.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e
Patch163:bind-9.11-rh1663318.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/819
Patch164:bind-9.11-rh1666814.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1647829
Patch165:bind-9.11-rh1647829.patch
# commit 8e1cc95c943b7dfaaaaf2d9a4971861735cc3fb2
Patch166:bind-9.11-rh1647829-2.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/225
Patch167:bind-9.11-ed448-disable.patch
# random_test fails too often by random, disable it
Patch168:bind-9.11-unit-disable-random.patch
Patch169:bind-9.11-feature-test-dlz.patch
@ -520,12 +514,9 @@ are used for building ISC DHCP.
%patch159 -p1 -b .rt46047
%patch160 -p1 -b .rh1624100
%patch161 -p1 -b .host-idn-disable
%patch162 -p1 -b .dnstap-pkcs11
%patch163 -p1 -b .rh1663318
%patch164 -p1 -b .rh1666814
%patch165 -p1 -b .rh1647829
%patch166 -p1 -b .rh1647829-2
%patch167 -p1 -b .noed448
%patch168 -p1 -b .random_test-disable
%patch169 -p1 -b .featuretest-dlz
%patch170 -p1 -b .featuretest-named

14
bind97-rh478718.patch
View File

@ -1,8 +1,8 @@
diff --git a/configure.in b/configure.in
index 896e81c1ce..73b1c8ccbb 100644
--- a/configure.in
+++ b/configure.in
@@ -4275,6 +4275,10 @@ if test "yes" = "$use_atomic"; then
diff --git a/configure.ac b/configure.ac
index 26c509e..c1bfd62 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4152,6 +4152,10 @@ if test "yes" = "$use_atomic"; then
AC_MSG_RESULT($arch)
fi
@ -14,10 +14,10 @@ index 896e81c1ce..73b1c8ccbb 100644
AC_MSG_CHECKING([compiler support for inline assembly code])
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
index 2ff522342f..58df86adb3 100644
index c902d46..9c7c342 100644
--- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in
@@ -289,19 +289,25 @@
@@ -284,19 +284,25 @@
* If the "xaddq" operation (64bit xadd) is available on this architecture,
* ISC_PLATFORM_HAVEXADDQ will be defined.
*/

38
bind98-rh735103.patch
View File

@ -1,38 +0,0 @@
diff -up bind-9.10.1b1/lib/isc/unix/socket.c.rh735103 bind-9.10.1b1/lib/isc/unix/socket.c
--- bind-9.10.1b1/lib/isc/unix/socket.c.rh735103 2014-06-23 06:47:35.000000000 +0200
+++ bind-9.10.1b1/lib/isc/unix/socket.c 2014-07-29 16:25:27.172818662 +0200
@@ -67,6 +67,20 @@
#include <isc/util.h>
#include <isc/xml.h>
+/* See task.c about the following definition: */
+#ifdef BIND9
+#ifdef ISC_PLATFORM_USETHREADS
+#define USE_WATCHER_THREAD
+#else
+#define USE_SHARED_MANAGER
+#endif /* ISC_PLATFORM_USETHREADS */
+#else /* BIND9 */
+#undef ISC_PLATFORM_HAVESYSUNH
+#undef ISC_PLATFORM_HAVEKQUEUE
+#undef ISC_PLATFORM_HAVEEPOLL
+#undef ISC_PLATFORM_HAVEDEVPOLL
+#endif /* BIND9 */
+
#ifdef ISC_PLATFORM_HAVESYSUNH
#include <sys/un.h>
#endif
@@ -86,13 +100,6 @@
#include "errno2result.h"
-/* See task.c about the following definition: */
-#ifdef ISC_PLATFORM_USETHREADS
-#define USE_WATCHER_THREAD
-#else
-#define USE_SHARED_MANAGER
-#endif /* ISC_PLATFORM_USETHREADS */
-
#ifndef USE_WATCHER_THREAD
#include "socket_p.h"
#include "../task_p.h"