From 23657868e6bb83f937ac145c9576cbf618253d0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 19 Dec 2019 18:39:21 +0100 Subject: [PATCH] Update to 9.11.14 Includes ThreadSanitizer fixes already included as downstream patches. Adjusts serve-stale patch, one new statistics. --- .gitignore | 2 + bind-9.11-rh1736762-1.patch | 56 -------------- bind-9.11-rh1736762-2.patch | 38 --------- bind-9.11-rh1736762-3.patch | 105 ------------------------- bind-9.11-rh1736762-4.patch | 110 --------------------------- bind-9.11-rt31459.patch | 148 ++++++++++++++++++------------------ bind-9.11-serve-stale.patch | 138 ++++++++++++++++----------------- bind.spec | 15 ++-- sources | 4 +- 9 files changed, 152 insertions(+), 464 deletions(-) delete mode 100644 bind-9.11-rh1736762-1.patch delete mode 100644 bind-9.11-rh1736762-2.patch delete mode 100644 bind-9.11-rh1736762-3.patch delete mode 100644 bind-9.11-rh1736762-4.patch diff --git a/.gitignore b/.gitignore index 39aba1c..d72777d 100644 --- a/.gitignore +++ b/.gitignore @@ -100,3 +100,5 @@ bind-9.7.2b1.tar.gz /bind-9.11.12.tar.gz /bind-9.11.13.tar.gz /bind-9.11.13.tar.gz.asc +/bind-9.11.14.tar.gz +/bind-9.11.14.tar.gz.asc diff --git a/bind-9.11-rh1736762-1.patch b/bind-9.11-rh1736762-1.patch deleted file mode 100644 index 272177f..0000000 --- a/bind-9.11-rh1736762-1.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 312bd133f75c54d51196060c573e29aabbb0b842 Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Tue, 26 Nov 2019 02:30:14 +0000 -Subject: [PATCH 1/4] Merge branch - '1367-threadsanitizer-data-race-dispatch-c-901-in-free_buffer-v9_11' into - 'v9_11' - -Resolve "ThreadSanitizer: data race dispatch.c:901 in free_buffer" - -See merge request isc-projects/bind9!2628 - -(cherry picked from commit 0455351802cb915e7961dad9cf14977a19162d38) ---- - lib/dns/dispatch.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c -index 3278db4a07..ea5cf102f2 100644 ---- a/lib/dns/dispatch.c -+++ b/lib/dns/dispatch.c -@@ -927,6 +927,10 @@ allocate_udp_buffer(dns_dispatch_t *disp) { - void *temp; - - LOCK(&disp->mgr->buffer_lock); -+ if (disp->mgr->buffers >= disp->mgr->maxbuffers) { -+ UNLOCK(&disp->mgr->buffer_lock); -+ return (NULL); -+ } - bpool = disp->mgr->bpool; - disp->mgr->buffers++; - UNLOCK(&disp->mgr->buffer_lock); -@@ -1058,9 +1062,11 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) { - mgr = disp->mgr; - qid = mgr->qid; - -+ LOCK(&disp->mgr->buffer_lock); - dispatch_log(disp, LVL(90), - "got packet: requests %d, buffers %d, recvs %d", - disp->requests, disp->mgr->buffers, disp->recv_pending); -+ UNLOCK(&disp->mgr->buffer_lock); - - if (dispsock == NULL && ev->ev_type == ISC_SOCKEVENT_RECVDONE) { - /* -@@ -1511,9 +1517,6 @@ startrecv(dns_dispatch_t *disp, dispsocket_t *dispsock) { - if (disp->recv_pending != 0 && dispsock == NULL) - return (ISC_R_SUCCESS); - -- if (disp->mgr->buffers >= disp->mgr->maxbuffers) -- return (ISC_R_NOMEMORY); -- - if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0 && - dispsock == NULL) - return (ISC_R_SUCCESS); --- -2.21.0 - diff --git a/bind-9.11-rh1736762-2.patch b/bind-9.11-rh1736762-2.patch deleted file mode 100644 index 7d16138..0000000 --- a/bind-9.11-rh1736762-2.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 8e1900b79d854e22ec6b5cea152ff363ce9a461c Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Fri, 22 Nov 2019 21:48:12 +0000 -Subject: [PATCH 2/4] Merge branch - '1334-threadsanitizer-data-race-dispatch-c-1339-in-tcp_recv-v9_11' into - 'v9_11' - -lock dispatch before reporting state - -See merge request isc-projects/bind9!2619 - -(cherry picked from commit e36730076af3190fe5930a6406dd414b87e1e178) ---- - lib/dns/dispatch.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c -index ea5cf102f2..94df6bab9a 100644 ---- a/lib/dns/dispatch.c -+++ b/lib/dns/dispatch.c -@@ -1353,12 +1353,12 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { - - qid = disp->qid; - -+ LOCK(&disp->lock); -+ - dispatch_log(disp, LVL(90), - "got TCP packet: requests %d, buffers %d, recvs %d", - disp->requests, disp->tcpbuffers, disp->recv_pending); - -- LOCK(&disp->lock); -- - INSIST(disp->recv_pending != 0); - disp->recv_pending = 0; - --- -2.21.0 - diff --git a/bind-9.11-rh1736762-3.patch b/bind-9.11-rh1736762-3.patch deleted file mode 100644 index ed4dc93..0000000 --- a/bind-9.11-rh1736762-3.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 651fc773a6e154466998424e975bce3fdb8566d8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= -Date: Wed, 27 Nov 2019 17:06:28 +0000 -Subject: [PATCH 3/4] Merge branch - '1350-threadsanitizer-data-race-rbt-c-1312-in-dns_rbt_addnode-v9_11' into - 'v9_11' - -Resolve "ThreadSanitizer: data race rbt.c:1312 in dns_rbt_addnode" - -See merge request isc-projects/bind9!2651 - -(cherry picked from commit a5fb8c812728cb5fc923f60d6707d953d704719f) ---- - lib/dns/rbtdb.c | 24 +++++++++++++++++++++--- - 1 file changed, 21 insertions(+), 3 deletions(-) - -diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c -index 738aa203ec..d3bb8d7fe7 100644 ---- a/lib/dns/rbtdb.c -+++ b/lib/dns/rbtdb.c -@@ -1972,6 +1972,9 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, - node->dirty = 0; - } - -+/* -+ * tree_lock(write) must be held. -+ */ - static void - delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { - dns_rbtnode_t *nsecnode; -@@ -2955,6 +2958,8 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, bool commit) { - * E.g. if the wildcard name is "*.sub.example." then we - * must ensure that "sub.example." exists and is marked as - * a wildcard level. -+ * -+ * tree_lock(write) must be held. - */ - static isc_result_t - add_wildcard_magic(dns_rbtdb_t *rbtdb, dns_name_t *name) { -@@ -2979,6 +2984,9 @@ add_wildcard_magic(dns_rbtdb_t *rbtdb, dns_name_t *name) { - return (ISC_R_SUCCESS); - } - -+/* -+ * tree_lock(write) must be held. -+ */ - static isc_result_t - add_empty_wildcards(dns_rbtdb_t *rbtdb, dns_name_t *name) { - isc_result_t result; -@@ -6756,13 +6764,16 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - REQUIRE(VALID_RBTDB(rbtdb)); - INSIST(rbtversion == NULL || rbtversion->rbtdb == rbtdb); - -- if (rbtdb->common.methods == &zone_methods) -+ if (rbtdb->common.methods == &zone_methods) { -+ RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); - REQUIRE(((rbtnode->nsec == DNS_RBT_NSEC_NSEC3 && - (rdataset->type == dns_rdatatype_nsec3 || - rdataset->covers == dns_rdatatype_nsec3)) || - (rbtnode->nsec != DNS_RBT_NSEC_NSEC3 && - rdataset->type != dns_rdatatype_nsec3 && - rdataset->covers != dns_rdatatype_nsec3))); -+ RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); -+ } - - if (rbtversion == NULL) { - if (now == 0) -@@ -6854,11 +6865,15 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - /* - * Add to the auxiliary NSEC tree if we're adding an NSEC record. - */ -+ RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); - if (rbtnode->nsec != DNS_RBT_NSEC_HAS_NSEC && - rdataset->type == dns_rdatatype_nsec) -+ { - newnsec = true; -- else -+ } else { - newnsec = false; -+ } -+ RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); - - /* - * If we're adding a delegation type, adding to the auxiliary NSEC tree, -@@ -6959,13 +6974,16 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - REQUIRE(VALID_RBTDB(rbtdb)); - REQUIRE(rbtversion != NULL && rbtversion->rbtdb == rbtdb); - -- if (rbtdb->common.methods == &zone_methods) -+ if (rbtdb->common.methods == &zone_methods) { -+ RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); - REQUIRE(((rbtnode->nsec == DNS_RBT_NSEC_NSEC3 && - (rdataset->type == dns_rdatatype_nsec3 || - rdataset->covers == dns_rdatatype_nsec3)) || - (rbtnode->nsec != DNS_RBT_NSEC_NSEC3 && - rdataset->type != dns_rdatatype_nsec3 && - rdataset->covers != dns_rdatatype_nsec3))); -+ RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); -+ } - - result = dns_rdataslab_fromrdataset(rdataset, rbtdb->common.mctx, - ®ion, sizeof(rdatasetheader_t)); --- -2.21.0 - diff --git a/bind-9.11-rh1736762-4.patch b/bind-9.11-rh1736762-4.patch deleted file mode 100644 index 61afe9d..0000000 --- a/bind-9.11-rh1736762-4.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 9c1f74400c04267dea4f1bd7f62de8ba5e8d2b0e Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Thu, 28 Nov 2019 10:24:12 +1100 -Subject: [PATCH 4/4] rdataset_setownercase and rdataset_getownercase need to - obtain a node lock - -(cherry picked from commit 637b2c4e517b466900a8c00b52f7a15727e12ae9) -(cherry picked from commit 1c61f129c3b12071723a2154d33f74628bf80998) ---- - lib/dns/rbtdb.c | 35 ++++++++++++++++++++++++++++------- - 1 file changed, 28 insertions(+), 7 deletions(-) - -diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c -index d3bb8d7fe7..199ff08011 100644 ---- a/lib/dns/rbtdb.c -+++ b/lib/dns/rbtdb.c -@@ -10109,11 +10109,18 @@ setownercase(rdatasetheader_t *header, const dns_name_t *name) { - - static void - rdataset_setownercase(dns_rdataset_t *rdataset, const dns_name_t *name) { -+ dns_rbtdb_t *rbtdb = rdataset->private1; -+ dns_rbtnode_t *rbtnode = rdataset->private2; - unsigned char *raw = rdataset->private3; /* RDATASLAB */ - rdatasetheader_t *header; - - header = (struct rdatasetheader *)(raw - sizeof(*header)); -+ -+ NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, -+ isc_rwlocktype_write); - setownercase(header, name); -+ NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, -+ isc_rwlocktype_write); - } - - static const unsigned char charmask[] = { -@@ -10188,6 +10195,8 @@ static unsigned char maptolower[] = { - - static void - rdataset_getownercase(const dns_rdataset_t *rdataset, dns_name_t *name) { -+ dns_rbtdb_t *rbtdb = rdataset->private1; -+ dns_rbtnode_t *rbtnode = rdataset->private2; - const unsigned char *raw = rdataset->private3; /* RDATASLAB */ - const rdatasetheader_t *header; - unsigned int i, j; -@@ -10196,8 +10205,12 @@ rdataset_getownercase(const dns_rdataset_t *rdataset, dns_name_t *name) { - - header = (const struct rdatasetheader *)(raw - sizeof(*header)); - -- if (!CASESET(header)) -- return; -+ NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, -+ isc_rwlocktype_read); -+ -+ if (!CASESET(header)) { -+ goto unlock; -+ } - - #if 0 - /* -@@ -10210,10 +10223,13 @@ rdataset_getownercase(const dns_rdataset_t *rdataset, dns_name_t *name) { - */ - if (name->ndata[i] >= 0x61 && name->ndata[i] <= 0x7a && - (header->upper[i/8] & (1 << (i%8))) != 0) -+ { - name->ndata[i] &= ~0x20; /* clear the lower case bit */ -- else if (name->ndata[i] >= 0x41 && name->ndata[i] <= 0x5a && -- (header->upper[i/8] & (1 << (i%8))) == 0) -+ } else if (name->ndata[i] >= 0x41 && name->ndata[i] <= 0x5a && -+ (header->upper[i/8] & (1 << (i%8))) == 0) -+ { - name->ndata[i] |= 0x20; /* set the lower case bit */ -+ } - } - #else - if (ISC_LIKELY(CASEFULLYLOWER(header))) { -@@ -10236,7 +10252,7 @@ rdataset_getownercase(const dns_rdataset_t *rdataset, dns_name_t *name) { - c = *bp; - *bp++ = maptolower[c]; - } -- return; -+ goto unlock; - } - - i = 0; -@@ -10257,8 +10273,9 @@ rdataset_getownercase(const dns_rdataset_t *rdataset, dns_name_t *name) { - } - } - -- if (ISC_UNLIKELY(i == name->length)) -- return; -+ if (ISC_UNLIKELY(i == name->length)) { -+ goto unlock; -+ } - - bits = ~(header->upper[j]); - -@@ -10272,6 +10289,10 @@ rdataset_getownercase(const dns_rdataset_t *rdataset, dns_name_t *name) { - bits >>= 1; - } - #endif -+ -+ unlock: -+ NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, -+ isc_rwlocktype_read); - } - - /*% --- -2.21.0 - diff --git a/bind-9.11-rt31459.patch b/bind-9.11-rt31459.patch index ea25abe..efcc6fa 100644 --- a/bind-9.11-rt31459.patch +++ b/bind-9.11-rt31459.patch @@ -1,4 +1,4 @@ -From 7e61714a5d1509ec79af42391e41eb1afc53063a Mon Sep 17 00:00:00 2001 +From e83a6723d84e4c4400ca646077393a24b092c623 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 12 Sep 2017 19:05:46 -0700 Subject: [PATCH] rebased rt31459c @@ -71,10 +71,10 @@ index 5015abb..295e16f 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c -index 2c0c308..3e585af 100644 +index d9d6bb9..de4b15f 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c -@@ -494,14 +494,14 @@ main(int argc, char **argv) { +@@ -498,14 +498,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -92,7 +92,7 @@ index 2c0c308..3e585af 100644 isc_entropy_stopcallbacksources(ectx); setup_logging(mctx, &log); -@@ -571,8 +571,8 @@ main(int argc, char **argv) { +@@ -574,8 +574,8 @@ main(int argc, char **argv) { if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); cleanup_logging(&log); @@ -103,10 +103,10 @@ index 2c0c308..3e585af 100644 dns_name_destroy(); if (verbose > 10) diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c -index 0d1e7f8..79c4d74 100644 +index d65a514..04b3094 100644 --- a/bin/dnssec/dnssec-importkey.c +++ b/bin/dnssec/dnssec-importkey.c -@@ -407,14 +407,14 @@ main(int argc, char **argv) { +@@ -404,14 +404,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -124,7 +124,7 @@ index 0d1e7f8..79c4d74 100644 isc_entropy_stopcallbacksources(ectx); setup_logging(mctx, &log); -@@ -458,8 +458,8 @@ main(int argc, char **argv) { +@@ -455,8 +455,8 @@ main(int argc, char **argv) { if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); cleanup_logging(&log); @@ -167,10 +167,10 @@ index 7d82dbf..10f9359 100644 if (verbose > 10) isc_mem_stats(mctx, stdout); diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c -index f355903..6a2ca59 100644 +index 7afcaee..1cfa511 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c -@@ -382,14 +382,14 @@ main(int argc, char **argv) { +@@ -380,14 +380,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -188,7 +188,7 @@ index f355903..6a2ca59 100644 isc_entropy_stopcallbacksources(ectx); if (predecessor != NULL) { -@@ -674,8 +674,8 @@ main(int argc, char **argv) { +@@ -672,8 +672,8 @@ main(int argc, char **argv) { if (prevkey != NULL) dst_key_free(&prevkey); dst_key_free(&key); @@ -199,7 +199,7 @@ index f355903..6a2ca59 100644 if (verbose > 10) isc_mem_stats(mctx, stdout); diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c -index c6a0313..6ddaebe 100644 +index 71f5672..9b100ca 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) { @@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644 rdclass = strtoclass(classname); diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c -index fbc7ece..31a99e7 100644 +index 9d2a016..a9f90b6 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -34,6 +34,7 @@ @@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644 usekeyboard); diff --git a/bin/named/server.c b/bin/named/server.c -index 7d85d3b..c782073 100644 +index 5a860e4..21c340c 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -36,6 +36,7 @@ @@ -304,7 +304,7 @@ index 7d85d3b..c782073 100644 #include #include #include -@@ -8211,6 +8212,10 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8217,6 +8218,10 @@ load_configuration(const char *filename, ns_server_t *server, "no source of entropy found"); } else { const char *randomdev = cfg_obj_asstring(obj); @@ -315,7 +315,7 @@ index 7d85d3b..c782073 100644 int level = ISC_LOG_ERROR; result = isc_entropy_createfilesource(ns_g_entropy, randomdev); -@@ -8245,6 +8250,7 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8251,6 +8256,7 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644 parse_args(false, argc, argv); if (server == NULL) diff --git a/configure b/configure -index ed002e0..a578874 100755 +index aab472a..b686178 100755 --- a/configure +++ b/configure @@ -640,6 +640,7 @@ ac_includes_default="\ @@ -715,7 +715,7 @@ index ed002e0..a578874 100755 with_lmdb with_libxml2 with_libjson -@@ -1744,6 +1747,7 @@ Optional Features: +@@ -1745,6 +1748,7 @@ Optional Features: --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=no] @@ -723,7 +723,7 @@ index ed002e0..a578874 100755 --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace -@@ -17115,6 +17119,7 @@ case "$use_openssl" in +@@ -17135,6 +17139,7 @@ case "$use_openssl" in $as_echo "disabled because of native PKCS11" >&6; } DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -731,7 +731,7 @@ index ed002e0..a578874 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17129,6 +17134,7 @@ $as_echo "disabled because of native PKCS11" >&6; } +@@ -17149,6 +17154,7 @@ $as_echo "disabled because of native PKCS11" >&6; } $as_echo "no" >&6; } DST_OPENSSL_INC="" CRYPTO="" @@ -739,7 +739,7 @@ index ed002e0..a578874 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17141,6 +17147,7 @@ $as_echo "no" >&6; } +@@ -17161,6 +17167,7 @@ $as_echo "no" >&6; } auto) DST_OPENSSL_INC="" CRYPTO="" @@ -747,7 +747,7 @@ index ed002e0..a578874 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17150,7 +17157,7 @@ $as_echo "no" >&6; } +@@ -17170,7 +17177,7 @@ $as_echo "no" >&6; } OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -756,7 +756,7 @@ index ed002e0..a578874 100755 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -17181,6 +17188,7 @@ $as_echo "not found" >&6; } +@@ -17201,6 +17208,7 @@ $as_echo "not found" >&6; } as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi CRYPTO='-DOPENSSL' @@ -764,7 +764,7 @@ index ed002e0..a578874 100755 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -17806,8 +17814,6 @@ fi +@@ -17826,8 +17834,6 @@ fi # Use OpenSSL for hash functions # @@ -773,7 +773,7 @@ index ed002e0..a578874 100755 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -18182,6 +18188,86 @@ if test "rt" = "$have_clock_gt"; then +@@ -18202,6 +18208,86 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -860,7 +860,7 @@ index ed002e0..a578874 100755 # # was --with-lmdb specified? # -@@ -20264,9 +20350,12 @@ _ACEOF +@@ -20284,9 +20370,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 $as_echo "size_t for buflen; int for flags" >&6; } @@ -875,7 +875,7 @@ index ed002e0..a578874 100755 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h -@@ -21581,12 +21670,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -21601,12 +21690,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -889,7 +889,7 @@ index ed002e0..a578874 100755 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -@@ -21619,6 +21703,11 @@ cat >>confdefs.h <<_ACEOF +@@ -21639,6 +21723,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF @@ -901,7 +901,7 @@ index ed002e0..a578874 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21627,39 +21716,6 @@ _ACEOF +@@ -21647,39 +21736,6 @@ _ACEOF fi ;; x86_64-*|amd64-*) @@ -941,7 +941,7 @@ index ed002e0..a578874 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21690,6 +21746,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } +@@ -21710,6 +21766,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } $as_echo "$arch" >&6; } fi @@ -952,7 +952,7 @@ index ed002e0..a578874 100755 if test "yes" = "$have_atomic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 $as_echo_n "checking compiler support for inline assembly code... " >&6; } -@@ -24244,6 +24304,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" +@@ -24264,6 +24324,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" # dlzdir='${DLZ_DRIVER_DIR}' @@ -983,7 +983,7 @@ index ed002e0..a578874 100755 # # Private autoconf macro to simplify configuring drivers: # -@@ -24574,11 +24658,11 @@ $as_echo "no" >&6; } +@@ -24594,11 +24678,11 @@ $as_echo "no" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } ;; *) @@ -998,7 +998,7 @@ index ed002e0..a578874 100755 fi CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" -@@ -24663,7 +24747,7 @@ $as_echo "" >&6; } +@@ -24683,7 +24767,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). @@ -1007,7 +1007,7 @@ index ed002e0..a578874 100755 # include a blank element first for d in "" $bdb_incdirs do -@@ -24688,57 +24772,9 @@ $as_echo "" >&6; } +@@ -24708,57 +24792,9 @@ $as_echo "" >&6; } bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" for d in $bdb_libnames do @@ -1067,7 +1067,7 @@ index ed002e0..a578874 100755 break fi done -@@ -24897,10 +24933,10 @@ $as_echo "no" >&6; } +@@ -24917,10 +24953,10 @@ $as_echo "no" >&6; } DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" fi @@ -1081,7 +1081,7 @@ index ed002e0..a578874 100755 fi -@@ -24986,11 +25022,11 @@ fi +@@ -25006,11 +25042,11 @@ fi odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do @@ -1095,7 +1095,7 @@ index ed002e0..a578874 100755 break fi done -@@ -25265,6 +25301,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" +@@ -25285,6 +25321,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -1104,7 +1104,7 @@ index ed002e0..a578874 100755 # # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody -@@ -27644,6 +27682,8 @@ report() { +@@ -27661,6 +27699,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1113,7 +1113,7 @@ index ed002e0..a578874 100755 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -27684,6 +27724,8 @@ report() { +@@ -27701,6 +27741,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1122,7 +1122,7 @@ index ed002e0..a578874 100755 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -27731,6 +27773,8 @@ report() { +@@ -27748,6 +27790,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1132,10 +1132,10 @@ index ed002e0..a578874 100755 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/configure.ac b/configure.ac -index 45a8126..bb1345b 100644 +index 0e16cc8..dd0055d 100644 --- a/configure.ac +++ b/configure.ac -@@ -1537,6 +1537,7 @@ case "$use_openssl" in +@@ -1550,6 +1550,7 @@ case "$use_openssl" in AC_MSG_RESULT(disabled because of native PKCS11) DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -1143,7 +1143,7 @@ index 45a8126..bb1345b 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1550,6 +1551,7 @@ case "$use_openssl" in +@@ -1563,6 +1564,7 @@ case "$use_openssl" in AC_MSG_RESULT(no) DST_OPENSSL_INC="" CRYPTO="" @@ -1151,7 +1151,7 @@ index 45a8126..bb1345b 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1562,6 +1564,7 @@ case "$use_openssl" in +@@ -1575,6 +1577,7 @@ case "$use_openssl" in auto) DST_OPENSSL_INC="" CRYPTO="" @@ -1159,7 +1159,7 @@ index 45a8126..bb1345b 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1572,7 +1575,7 @@ case "$use_openssl" in +@@ -1585,7 +1588,7 @@ case "$use_openssl" in OPENSSLLINKSRCS="" AC_MSG_ERROR( [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -1168,7 +1168,7 @@ index 45a8126..bb1345b 100644 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -1602,6 +1605,7 @@ If you don't want OpenSSL, use --without-openssl]) +@@ -1615,6 +1618,7 @@ If you don't want OpenSSL, use --without-openssl]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) fi CRYPTO='-DOPENSSL' @@ -1176,7 +1176,7 @@ index 45a8126..bb1345b 100644 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -2037,7 +2041,6 @@ fi +@@ -2050,7 +2054,6 @@ fi # Use OpenSSL for hash functions # @@ -1184,7 +1184,7 @@ index 45a8126..bb1345b 100644 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -2309,6 +2312,67 @@ if test "rt" = "$have_clock_gt"; then +@@ -2322,6 +2325,67 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -1252,7 +1252,7 @@ index 45a8126..bb1345b 100644 # # was --with-lmdb specified? # -@@ -4105,12 +4169,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -4118,12 +4182,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -1266,7 +1266,7 @@ index 45a8126..bb1345b 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -4119,7 +4183,6 @@ if test "yes" = "$use_atomic"; then +@@ -4132,7 +4196,6 @@ if test "yes" = "$use_atomic"; then fi ;; x86_64-*|amd64-*) @@ -1274,7 +1274,7 @@ index 45a8126..bb1345b 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -5527,6 +5590,8 @@ report() { +@@ -5537,6 +5600,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1283,7 +1283,7 @@ index 45a8126..bb1345b 100644 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -5567,6 +5632,8 @@ report() { +@@ -5577,6 +5642,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1292,7 +1292,7 @@ index 45a8126..bb1345b 100644 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -5614,6 +5681,8 @@ report() { +@@ -5624,6 +5691,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1302,7 +1302,7 @@ index 45a8126..bb1345b 100644 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c -index ec6e00e..1614afa 100644 +index 65bf25d..1eccbe7 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx, @@ -1440,7 +1440,7 @@ index 304814b..60543c4 100644 isc_hash_destroy(); cleanup_db: diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c -index d65ce26..6849732 100644 +index 13e838f..ffe0a69 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -31,6 +31,7 @@ @@ -1476,7 +1476,7 @@ index d65ce26..6849732 100644 #endif +#endif /* !ISC_PLATFORM_CRYPTORANDOM */ - #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) static void @@ -192,7 +195,7 @@ _set_thread_id(CRYPTO_THREADID *id) isc_result_t @@ -1845,10 +1845,10 @@ index 0000000..bd3d164 + +#endif diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in -index 5c45d59..34b660c 100644 +index 63be973..40b21fa 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in -@@ -1484,6 +1484,13 @@ dst_lib_destroy +@@ -1485,6 +1485,13 @@ dst_lib_destroy dst_lib_init dst_lib_init2 dst_lib_initmsgcat @@ -1944,10 +1944,10 @@ index 4bba8e1..632166a 100644 #endif /* ISC_ENTROPY_H */ diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in -index 9c7c342..ee8dc3e 100644 +index 4192946..dbd1560 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in -@@ -341,6 +341,11 @@ +@@ -359,6 +359,11 @@ */ @ISC_PLATFORM_HAVESTRINGSH@ @@ -1960,10 +1960,10 @@ index 9c7c342..ee8dc3e 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h -index 42ff7e0..8d87c44 100644 +index da9d66f..4205400 100644 --- a/lib/isc/include/isc/types.h +++ b/lib/isc/include/isc/types.h -@@ -93,6 +93,8 @@ typedef struct isc_time isc_time_t; /*%< Time */ +@@ -97,6 +97,8 @@ typedef struct isc_time isc_time_t; /*%< Time */ typedef struct isc_timer isc_timer_t; /*%< Timer */ typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */ @@ -1973,7 +1973,7 @@ index 42ff7e0..8d87c44 100644 typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int); diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c -index 8e6ed93..ceb5a2c 100644 +index 68aebdc..4b85527 100644 --- a/lib/isc/pk11.c +++ b/lib/isc/pk11.c @@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) { @@ -1999,10 +1999,10 @@ index 8e6ed93..ceb5a2c 100644 cleanup: if (stream != NULL) diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in -index 5b8a2c9..913a2ce 100644 +index 8ade705..fa72f9d 100644 --- a/lib/isc/win32/include/isc/platform.h.in +++ b/lib/isc/win32/include/isc/platform.h.in -@@ -69,6 +69,11 @@ +@@ -73,6 +73,11 @@ #define ISC_PLATFORM_NORETURN_PRE __declspec(noreturn) #define ISC_PLATFORM_NORETURN_POST @@ -2015,7 +2015,7 @@ index 5b8a2c9..913a2ce 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure -index ccaf067..240fb80 100644 +index 953f2aa..55cc929 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA", @@ -2036,7 +2036,7 @@ index ccaf067..240fb80 100644 "fixed-rrset", "intrinsics", "isc-spnego", -@@ -581,6 +583,7 @@ my @help = ( +@@ -580,6 +582,7 @@ my @help = ( "\nOptional Features:\n", " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", @@ -2044,7 +2044,7 @@ index ccaf067..240fb80 100644 " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", -@@ -630,7 +633,9 @@ my $want_clean = "no"; +@@ -628,7 +631,9 @@ my $want_clean = "no"; my $want_unknown = "no"; my $unknown_value; my $enable_intrinsics = "yes"; @@ -2054,7 +2054,7 @@ index ccaf067..240fb80 100644 my $enable_openssl_hash = "auto"; my $enable_filter_aaaa = "yes"; my $enable_isc_spnego = "yes"; -@@ -850,6 +855,10 @@ sub myenable { +@@ -847,6 +852,10 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_native_pkcs11 = "yes"; } @@ -2065,7 +2065,7 @@ index ccaf067..240fb80 100644 } elsif ($key =~ /^openssl-hash$/i) { if ($val =~ /^yes$/i) { $enable_openssl_hash = "yes"; -@@ -1158,6 +1167,11 @@ if ($verbose) { +@@ -1153,6 +1162,11 @@ if ($verbose) { } else { print "native-pkcs11: disabled\n"; } @@ -2077,7 +2077,7 @@ index ccaf067..240fb80 100644 if ($enable_openssl_hash eq "yes") { print "openssl-hash: enabled\n"; } else { -@@ -1516,6 +1530,7 @@ if ($enable_intrinsics eq "yes") { +@@ -1510,6 +1524,7 @@ if ($enable_intrinsics eq "yes") { # enable-native-pkcs11 if ($enable_native_pkcs11 eq "yes") { @@ -2085,7 +2085,7 @@ index ccaf067..240fb80 100644 if ($use_openssl eq "auto") { $use_openssl = "no"; } -@@ -1725,6 +1740,7 @@ if ($use_openssl eq "yes") { +@@ -1719,6 +1734,7 @@ if ($use_openssl eq "yes") { $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); } @@ -2093,7 +2093,7 @@ index ccaf067..240fb80 100644 $configcond{"OPENSSL"} = 1; $configdefd{"CRYPTO"} = "OPENSSL"; $configvar{"OPENSSL_PATH"} = "$openssl_path"; -@@ -2296,6 +2312,15 @@ if ($use_aes eq "yes") { +@@ -2290,6 +2306,15 @@ if ($use_aes eq "yes") { } @@ -2109,7 +2109,7 @@ index ccaf067..240fb80 100644 # enable-openssl-hash if ($enable_openssl_hash eq "yes") { if ($use_openssl eq "no") { -@@ -3671,6 +3696,7 @@ exit 0; +@@ -3665,6 +3690,7 @@ exit 0; # --enable-developer partially supported # --enable-newstats (9.9/9.9sub only) # --enable-native-pkcs11 supported @@ -2118,5 +2118,5 @@ index ccaf067..240fb80 100644 # --enable-openssl-hash supported # --enable-threads included without a way to disable it -- -2.20.1 +2.21.0 diff --git a/bind-9.11-serve-stale.patch b/bind-9.11-serve-stale.patch index 350fe62..6baa4a7 100644 --- a/bind-9.11-serve-stale.patch +++ b/bind-9.11-serve-stale.patch @@ -1,4 +1,4 @@ -From 2bdcb7159b1ac097355e95864e979b4f68bc1a4e Mon Sep 17 00:00:00 2001 +From 3829de3d5caba113d5a8560c5ff0d2a32b57a7fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 7 Nov 2019 14:31:03 +0100 Subject: [PATCH] Implement serve-stale in 9.11 @@ -389,22 +389,22 @@ index 9661f56..445b578 100644 bool root_key_sentinel_is_ta; bool root_key_sentinel_not_ta; diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h -index 8982d26..919ac28 100644 +index c92922e..588bf2d 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h -@@ -224,7 +224,10 @@ enum { +@@ -226,7 +226,10 @@ enum { - dns_nsstatscounter_tcphighwater = 57, + dns_nsstatscounter_reclimitdropped = 58, -- dns_nsstatscounter_max = 58 -+ dns_nsstatscounter_trystale = 58, -+ dns_nsstatscounter_usedstale = 59, +- dns_nsstatscounter_max = 59 ++ dns_nsstatscounter_trystale = 59, ++ dns_nsstatscounter_usedstale = 60, + -+ dns_nsstatscounter_max = 60 ++ dns_nsstatscounter_max = 61 }; /*% -@@ -763,4 +766,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text); +@@ -765,4 +768,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text); isc_result_t ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text); @@ -733,10 +733,10 @@ index 0940714..882d69c 100644 (!PARTIALANSWER(client) || WANTRECURSION(client) || eresult == DNS_R_DROP)) { diff --git a/bin/named/server.c b/bin/named/server.c -index 0c1f08b..d195bca 100644 +index 36e0227..73c2b47 100644 --- a/bin/named/server.c +++ b/bin/named/server.c -@@ -1722,7 +1722,8 @@ static bool +@@ -1720,7 +1720,8 @@ static bool cache_sharable(dns_view_t *originview, dns_view_t *view, bool new_zero_no_soattl, unsigned int new_cleaning_interval, @@ -746,7 +746,7 @@ index 0c1f08b..d195bca 100644 { /* * If the cache cannot even reused for the same view, it cannot be -@@ -1737,6 +1738,7 @@ cache_sharable(dns_view_t *originview, dns_view_t *view, +@@ -1735,6 +1736,7 @@ cache_sharable(dns_view_t *originview, dns_view_t *view, */ if (dns_cache_getcleaninginterval(originview->cache) != new_cleaning_interval || @@ -754,7 +754,7 @@ index 0c1f08b..d195bca 100644 dns_cache_getcachesize(originview->cache) != new_max_cache_size) { return (false); } -@@ -3292,6 +3294,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, +@@ -3290,6 +3292,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, size_t max_acache_size; size_t max_adb_size; uint32_t lame_ttl, fail_ttl; @@ -762,7 +762,7 @@ index 0c1f08b..d195bca 100644 dns_tsig_keyring_t *ring = NULL; dns_view_t *pview = NULL; /* Production view */ isc_mem_t *cmctx = NULL, *hmctx = NULL; -@@ -3320,6 +3323,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, +@@ -3318,6 +3321,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, bool old_rpz_ok = false; isc_dscp_t dscp4 = -1, dscp6 = -1; dns_dyndbctx_t *dctx = NULL; @@ -770,7 +770,7 @@ index 0c1f08b..d195bca 100644 REQUIRE(DNS_VIEW_VALID(view)); -@@ -3734,6 +3738,24 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, +@@ -3732,6 +3736,24 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, if (view->maxncachettl > 7 * 24 * 3600) view->maxncachettl = 7 * 24 * 3600; @@ -795,7 +795,7 @@ index 0c1f08b..d195bca 100644 /* * Configure the view's cache. * -@@ -3767,7 +3789,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, +@@ -3765,7 +3787,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, nsc = cachelist_find(cachelist, cachename, view->rdclass); if (nsc != NULL) { if (!cache_sharable(nsc->primaryview, view, zero_no_soattl, @@ -805,7 +805,7 @@ index 0c1f08b..d195bca 100644 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "views %s and %s can't share the cache " -@@ -3866,9 +3889,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, +@@ -3864,9 +3887,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, dns_cache_setcleaninginterval(cache, cleaning_interval); dns_cache_setcachesize(cache, max_cache_size); @@ -821,7 +821,7 @@ index 0c1f08b..d195bca 100644 /* * Resolver. * -@@ -4057,6 +4086,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, +@@ -4055,6 +4084,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, maxbits = 4096; view->maxbits = maxbits; @@ -843,7 +843,7 @@ index 0c1f08b..d195bca 100644 /* * Set supported DNSSEC algorithms. */ -@@ -14423,3 +14467,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) { +@@ -14434,3 +14478,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) { return (ISC_R_NOTIMPLEMENTED); #endif } @@ -977,13 +977,13 @@ index 0c1f08b..d195bca 100644 + return (result); +} diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c -index 4cdf7d6..5b413e7 100644 +index 6292bcb..fb034a7 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c -@@ -297,6 +297,12 @@ init_desc(void) { - "QryNXRedirRLookup"); - SET_NSSTATDESC(badcookie, "sent badcookie response", "QryBADCOOKIE"); - SET_NSSTATDESC(keytagopt, "Keytag option received", "KeyTagOpt"); +@@ -300,6 +300,12 @@ init_desc(void) { + SET_NSSTATDESC(reclimitdropped, + "queries dropped due to recursive client limit", + "RecLimitDropped"); + SET_NSSTATDESC(trystale, + "attempts to use stale cache data after lookup failure", + "QryTryStale"); @@ -1052,10 +1052,10 @@ index f3f1939..9ff3f07 100644 + exit 1 +fi diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in -index f781966..d20a830 100644 +index 1e5f221..96ee63e 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in -@@ -125,7 +125,7 @@ PARALLELDIRS="dnssec rpzrecurse \ +@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \ reclimit redirect resolver rndc rootkeysentinel rpz \ rrchecker rrl rrsetorder rsabigexponent runtime \ sfcache smartsign sortlist \ @@ -2278,7 +2278,7 @@ index e11beed..fde93c7 100644 topology { ; ... }; // not implemented transfer-format ( many-answers | one-answer ); diff --git a/lib/bind9/check.c b/lib/bind9/check.c -index 5c057a4..7b82618 100644 +index bd16aec..91cedb7 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) { @@ -2379,7 +2379,7 @@ index 5c057a4..7b82618 100644 } } } -@@ -1267,7 +1276,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1271,7 +1280,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "auto-dnssec may only be activated at the " "zone level"); @@ -2389,7 +2389,7 @@ index 5c057a4..7b82618 100644 } } -@@ -1287,7 +1297,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1291,7 +1301,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, { obj = cfg_listelt_value(element); tresult = mustbesecure(obj, symtab, logctx, mctx); @@ -2398,7 +2398,7 @@ index 5c057a4..7b82618 100644 result = tresult; } if (symtab != NULL) -@@ -1306,7 +1316,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1310,7 +1320,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "%s: invalid name '%s'", server_contact[i], str); @@ -2408,7 +2408,7 @@ index 5c057a4..7b82618 100644 } } } -@@ -1326,7 +1337,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1330,7 +1341,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "disable-empty-zone: invalid name '%s'", str); @@ -2418,7 +2418,7 @@ index 5c057a4..7b82618 100644 } } -@@ -1340,11 +1352,12 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1344,11 +1356,12 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, strlen(cfg_obj_asstring(obj)) > 1024U) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "'server-id' too big (>1024 bytes)"); @@ -2433,7 +2433,7 @@ index 5c057a4..7b82618 100644 result = tresult; obj = NULL; -@@ -1354,11 +1367,13 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1358,11 +1371,13 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, if (lifetime > 604800) { /* 7 days */ cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "'nta-lifetime' cannot exceed one week"); @@ -2449,7 +2449,7 @@ index 5c057a4..7b82618 100644 } } -@@ -1369,7 +1384,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1373,7 +1388,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, if (recheck > 604800) { /* 7 days */ cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "'nta-recheck' cannot exceed one week"); @@ -2459,7 +2459,7 @@ index 5c057a4..7b82618 100644 } if (recheck > lifetime) -@@ -1387,7 +1403,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1391,7 +1407,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, if (strcasecmp(ccalg, "aes") == 0) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "cookie-algorithm: '%s' not supported", ccalg); @@ -2469,7 +2469,7 @@ index 5c057a4..7b82618 100644 } #endif -@@ -1476,7 +1493,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1480,7 +1497,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "%s out of range (%u < %u)", fstrm[i].name, value, fstrm[i].min); @@ -2479,7 +2479,7 @@ index 5c057a4..7b82618 100644 } if (strcmp(fstrm[i].name, "fstrm-set-input-queue-size") == 0) { -@@ -1490,7 +1508,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1494,7 +1512,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, "%s '%u' not a power-of-2", fstrm[i].name, cfg_obj_asuint32(obj)); @@ -2489,7 +2489,7 @@ index 5c057a4..7b82618 100644 } } } -@@ -1508,7 +1527,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1512,7 +1531,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, "%" PRId64 "' " "is too small", mapsize); @@ -2499,7 +2499,7 @@ index 5c057a4..7b82618 100644 } else if (mapsize > (1ULL << 40)) { /* 1 terabyte */ cfg_obj_log(obj, logctx, ISC_LOG_ERROR, -@@ -1516,10 +1536,20 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, +@@ -1520,10 +1540,20 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, "%" PRId64 "' " "is too large", mapsize); @@ -2979,7 +2979,7 @@ index 13d1a3e..873b694 100644 RUNTIME_CHECK(result == ISC_R_SUCCESS); isc_buffer_usedregion(&buffer, &r); diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c -index 738aa20..5055fcb 100644 +index 68e6a89..d8b5c60 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -488,6 +488,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t; @@ -3074,7 +3074,7 @@ index 738aa20..5055fcb 100644 if (top_prev != NULL) top_prev->next = current->next; else -@@ -2076,6 +2095,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { +@@ -2079,6 +2098,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { } } @@ -3155,7 +3155,7 @@ index 738aa20..5055fcb 100644 /* * Caller must be holding the node lock. */ -@@ -3308,6 +3401,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, +@@ -3316,6 +3409,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdataset->attributes |= DNS_RDATASETATTR_OPTOUT; if (PREFETCH(header)) rdataset->attributes |= DNS_RDATASETATTR_PREFETCH; @@ -3168,7 +3168,7 @@ index 738aa20..5055fcb 100644 rdataset->private1 = rbtdb; rdataset->private2 = node; raw = (unsigned char *)header + sizeof(*header); -@@ -4648,6 +4747,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, +@@ -4656,6 +4755,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, #endif if (!ACTIVE(header, search->now)) { @@ -3188,7 +3188,7 @@ index 738aa20..5055fcb 100644 /* * This rdataset is stale. If no one else is using the * node, we can clean it up right now, otherwise we mark -@@ -4687,7 +4799,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, +@@ -4695,7 +4807,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, node->data = header->next; free_rdataset(search->rbtdb, mctx, header); } else { @@ -3197,7 +3197,7 @@ index 738aa20..5055fcb 100644 *header_prev = header; } } else -@@ -5125,7 +5237,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, +@@ -5133,7 +5245,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, &locktype, lock, &search, &header_prev)) { /* Do nothing. */ @@ -3206,7 +3206,7 @@ index 738aa20..5055fcb 100644 /* * We now know that there is at least one active * non-stale rdataset at this node. -@@ -5603,7 +5715,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { +@@ -5611,7 +5723,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { * refcurrent(rbtnode) must be non-zero. This is so * because 'node' is an argument to the function. */ @@ -3215,7 +3215,7 @@ index 738aa20..5055fcb 100644 if (log) isc_log_write(dns_lctx, category, module, level, "overmem cache: stale %s", -@@ -5611,7 +5723,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { +@@ -5619,7 +5731,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { } else if (force_expire) { if (! RETAIN(header)) { set_ttl(rbtdb, header, 0); @@ -3224,7 +3224,7 @@ index 738aa20..5055fcb 100644 } else if (log) { isc_log_write(dns_lctx, category, module, level, "overmem cache: " -@@ -5868,9 +5980,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, +@@ -5876,9 +5988,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * non-zero. This is so because 'node' is an * argument to the function. */ @@ -3236,7 +3236,7 @@ index 738aa20..5055fcb 100644 if (header->type == matchtype) found = header; else if (header->type == RBTDB_RDATATYPE_NCACHEANY || -@@ -6160,7 +6272,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6170,7 +6282,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, topheader = topheader->next) { set_ttl(rbtdb, topheader, 0); @@ -3245,7 +3245,7 @@ index 738aa20..5055fcb 100644 } goto find_header; } -@@ -6218,7 +6330,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6228,7 +6340,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * ncache entry. */ set_ttl(rbtdb, topheader, 0); @@ -3254,7 +3254,7 @@ index 738aa20..5055fcb 100644 topheader = NULL; goto find_header; } -@@ -6256,8 +6368,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6266,8 +6378,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, } /* @@ -3268,7 +3268,7 @@ index 738aa20..5055fcb 100644 */ if (rbtversion == NULL && trust < header->trust && (ACTIVE(header, now) || header_nx)) { -@@ -6286,6 +6401,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6296,6 +6411,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, if ((options & DNS_DBADD_EXACT) != 0) flags |= DNS_RDATASLAB_EXACT; @@ -3279,7 +3279,7 @@ index 738aa20..5055fcb 100644 if ((options & DNS_DBADD_EXACTTTL) != 0 && newheader->rdh_ttl != header->rdh_ttl) result = DNS_R_NOTEXACT; -@@ -6329,11 +6448,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6339,11 +6458,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, } } /* @@ -3297,7 +3297,7 @@ index 738aa20..5055fcb 100644 */ if (IS_CACHE(rbtdb) && ACTIVE(header, now) && header->type == dns_rdatatype_ns && -@@ -6508,10 +6628,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6514,10 +6634,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, changed->dirty = true; if (rbtversion == NULL) { set_ttl(rbtdb, header, 0); @@ -3310,7 +3310,7 @@ index 738aa20..5055fcb 100644 } } if (rbtversion != NULL && !header_nx) { -@@ -8310,6 +8430,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) { +@@ -8334,6 +8454,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) { return (result); } @@ -3341,7 +3341,7 @@ index 738aa20..5055fcb 100644 static dns_dbmethods_t zone_methods = { attach, detach, -@@ -8355,7 +8499,9 @@ static dns_dbmethods_t zone_methods = { +@@ -8379,7 +8523,9 @@ static dns_dbmethods_t zone_methods = { NULL, hashsize, nodefullname, @@ -3352,7 +3352,7 @@ index 738aa20..5055fcb 100644 }; static dns_dbmethods_t cache_methods = { -@@ -8403,7 +8549,9 @@ static dns_dbmethods_t cache_methods = { +@@ -8427,7 +8573,9 @@ static dns_dbmethods_t cache_methods = { setcachestats, hashsize, nodefullname, @@ -3363,7 +3363,7 @@ index 738aa20..5055fcb 100644 }; isc_result_t -@@ -8674,7 +8822,7 @@ dns_rbtdb_create +@@ -8698,7 +8846,7 @@ dns_rbtdb_create rbtdb->rpzs = NULL; rbtdb->load_rpzs = NULL; rbtdb->rpz_num = DNS_RPZ_INVALID_NUM; @@ -3372,7 +3372,7 @@ index 738aa20..5055fcb 100644 /* * Version Initialization. */ -@@ -9092,7 +9240,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { +@@ -9116,7 +9264,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { * rdatasets to work. */ if (NONEXISTENT(header) || @@ -3382,7 +3382,7 @@ index 738aa20..5055fcb 100644 header = NULL; break; } else -@@ -10280,7 +10429,7 @@ static inline bool +@@ -10325,7 +10474,7 @@ static inline bool need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) { if ((header->attributes & (RDATASET_ATTR_NONEXISTENT | @@ -3391,7 +3391,7 @@ index 738aa20..5055fcb 100644 RDATASET_ATTR_ZEROTTL)) != 0) return (false); -@@ -10386,7 +10535,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, +@@ -10431,7 +10580,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked, expire_t reason) { set_ttl(rbtdb, header, 0); @@ -3401,7 +3401,7 @@ index 738aa20..5055fcb 100644 /* * Caller must hold the node (write) lock. diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 04a58c0..164fc01 100644 +index 8db9845..9f65c05 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -141,16 +141,17 @@ @@ -3434,7 +3434,7 @@ index 04a58c0..164fc01 100644 #endif /* The default maximum number of recursions to follow before giving up. */ -@@ -496,6 +497,10 @@ struct dns_resolver { +@@ -497,6 +498,10 @@ struct dns_resolver { unsigned int maxqueries; isc_result_t quotaresp[2]; @@ -3445,7 +3445,7 @@ index 04a58c0..164fc01 100644 /* Locked by lock. */ unsigned int references; bool exiting; -@@ -1617,14 +1622,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) { +@@ -1620,14 +1625,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) { unsigned int seconds; unsigned int us; @@ -3464,7 +3464,7 @@ index 04a58c0..164fc01 100644 /* * Add a fudge factor to the expected rtt based on the current -@@ -4481,7 +4484,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, +@@ -4489,7 +4492,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, /* * Compute an expiration time for the entire fetch. */ @@ -3474,7 +3474,7 @@ index 04a58c0..164fc01 100644 iresult = isc_time_nowplusinterval(&fctx->expires, &interval); if (iresult != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, -@@ -8965,6 +8969,8 @@ dns_resolver_create(dns_view_t *view, +@@ -8977,6 +8981,8 @@ dns_resolver_create(dns_view_t *view, res->spillattimer = NULL; res->zspill = 0; res->zero_no_soa_ttl = false; @@ -3483,7 +3483,7 @@ index 04a58c0..164fc01 100644 res->query_timeout = DEFAULT_QUERY_TIMEOUT; res->maxdepth = DEFAULT_RECURSION_DEPTH; res->maxqueries = DEFAULT_MAX_QUERIES; -@@ -10291,17 +10297,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) { +@@ -10304,17 +10310,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) { } void @@ -3512,7 +3512,7 @@ index 04a58c0..164fc01 100644 } void -@@ -10398,3 +10407,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which) +@@ -10411,3 +10420,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which) return (resolver->quotaresp[which]); } @@ -3854,5 +3854,5 @@ index 7bad989..bbf4b45 100644 { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP }, { "transfer-format", &cfg_type_transferformat, 0 }, -- -2.20.1 +2.21.0 diff --git a/bind.spec b/bind.spec index e076859..a88c81a 100644 --- a/bind.spec +++ b/bind.spec @@ -63,8 +63,8 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.11.13 -Release: 4%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Version: 9.11.14 +Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -164,10 +164,6 @@ Patch175:bind-9.11-fips-disable.patch Patch177: bind-9.11-serve-stale.patch Patch178: bind-9.11-serve-stale-dbfix.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1736762 -Patch179: bind-9.11-rh1736762-1.patch -Patch180: bind-9.11-rh1736762-2.patch -Patch181: bind-9.11-rh1736762-3.patch -Patch182: bind-9.11-rh1736762-4.patch Patch183: bind-9.11-rh1736762-5.patch # SDB patches @@ -574,10 +570,6 @@ are used for building ISC DHCP. %patch175 -p1 -b .rh1709553 %patch177 -p1 -b .serve-stale %patch178 -p1 -b .rh1770492 -%patch179 -p1 -b .rh1736762-1 -%patch180 -p1 -b .rh1736762-2 -%patch181 -p1 -b .rh1736762-3 -%patch182 -p1 -b .rh1736762-4 %patch183 -p1 -b .rh1736762-5 mkdir lib/dns/tests/testdata/dstrandom @@ -1615,6 +1607,9 @@ fi; %changelog +* Thu Dec 19 2019 Petr Menšík - 32:9.11.14-1 +- Update to 9.11.14 + * Tue Dec 03 2019 Petr Menšík - 32:9.11.13-4 - Disable Berkeley DB support (#1779190) diff --git a/sources b/sources index d213c25..d7c9b81 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.11.13.tar.gz) = 6e5289ff231b8d7d2f02ae02a1cf43abff3e507e1d96d8ec002dc71097fc77dc5514762ff1ea5918159c88319b1d5eed78c6dc1a7835173db234d4ee887644bc -SHA512 (bind-9.11.13.tar.gz.asc) = 5b32adee7d45cdd2921126e898824839f6a0a5574c0ae5a441fc7df78681ebf872a276d6e434e8043cf9ec504f57c2b8fdf79fdb141e32dac5c4fa57c18d52f4 +SHA512 (bind-9.11.14.tar.gz) = fc7729e780e44c3c4e50059032fdae2af3d0e07b492b5088b2fefc15354829d3c9a83fab4f2ecaa9323cd7a37b1f7eb94890c149ba1df5c4fbea7a145095cbe9 +SHA512 (bind-9.11.14.tar.gz.asc) = fd28a1ebd4adf8c2854de434cc6f5f4d47d982eaad73fbb42dce8df97f7b069feb6e7c374178e203a07fff83f2cd021dfd10fb77dd6e8c5201ee4d299df98b89