rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update patches to new sources 

Modify current and remove already merged patches.
Adjust versions of so libs.
This commit is contained in:
Petr Menšík 2019-06-11 11:34:52 +02:00
parent 625ca235be
commit 2a466330c5
11 changed files with 171 additions and 844 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
bind-9.10-dist-native-pkcs11.patch
View File

@ -300,10 +300,10 @@ index a058c91..d4b689a 100644
DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.ac b/configure.ac
index 5e1ba8c..7aff0e6 100644
index 5e4e839..0ef2c8f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1070,12 +1070,14 @@ AC_SUBST(USE_GSSAPI)
@@ -1081,12 +1081,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
@ -318,7 +318,7 @@ index 5e1ba8c..7aff0e6 100644
#
# was --with-randomdev specified?
@@ -1460,11 +1462,11 @@ fi
@@ -1471,11 +1473,11 @@ fi
AC_MSG_CHECKING(for OpenSSL library)
OPENSSL_WARNING=
openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
@ -335,7 +335,7 @@ index 5e1ba8c..7aff0e6 100644
if test "auto" = "$use_openssl"
then
@@ -1477,6 +1479,7 @@ then
@@ -1488,6 +1490,7 @@ then
fi
done
fi
@ -343,7 +343,7 @@ index 5e1ba8c..7aff0e6 100644
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
@@ -1498,11 +1501,10 @@ case "$with_gost" in
@@ -1509,11 +1512,10 @@ case "$with_gost" in
;;
esac
@ -358,7 +358,7 @@ index 5e1ba8c..7aff0e6 100644
CRYPTOLIB="pkcs11"
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
@@ -1512,7 +1514,9 @@ case "$use_openssl" in
@@ -1523,7 +1525,9 @@ case "$use_openssl" in
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
@ -369,7 +369,7 @@ index 5e1ba8c..7aff0e6 100644
no)
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
@@ -1544,7 +1548,7 @@ case "$use_openssl" in
@@ -1555,7 +1559,7 @@ case "$use_openssl" in
If you do not want OpenSSL, use --without-openssl])
;;
*)
@ -378,7 +378,7 @@ index 5e1ba8c..7aff0e6 100644
then
AC_MSG_RESULT()
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
@@ -1972,6 +1976,7 @@ AC_SUBST(OPENSSL_ED25519)
@@ -1983,6 +1987,7 @@ AC_SUBST(OPENSSL_ED25519)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -386,7 +386,7 @@ index 5e1ba8c..7aff0e6 100644
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
if test "yes" = "$with_aes"
@@ -2295,6 +2300,7 @@ esac
@@ -2306,6 +2311,7 @@ esac
AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO)
@ -394,7 +394,7 @@ index 5e1ba8c..7aff0e6 100644
AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_ED25519)
@@ -5425,8 +5431,11 @@ AC_CONFIG_FILES([
@@ -5428,8 +5434,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -406,7 +406,7 @@ index 5e1ba8c..7aff0e6 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5499,6 +5508,10 @@ AC_CONFIG_FILES([
@@ -5502,6 +5511,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -417,7 +417,7 @@ index 5e1ba8c..7aff0e6 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -5523,6 +5536,24 @@ AC_CONFIG_FILES([
@@ -5526,6 +5539,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile
@ -456,7 +456,7 @@ index 81270a0..bcb5312 100644
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 068bbac..d7f3d95 100644
index 56dd259..f9aa782 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@
@ -501,12 +501,8 @@ index 068bbac..d7f3d95 100644
include: gen
${MAKE} include/dns/enumtype.h
@@ -180,25 +180,25 @@ code.h: gen
./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; }
gen: gen.c
- ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
+ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \
@@ -183,22 +183,22 @@ gen: gen.c
${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
-timestamp: include libdns.@A@
@ -532,7 +528,7 @@ index 068bbac..d7f3d95 100644
+ rm -f libdns-pkcs11.@A@ timestamp
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
rm -f include/dns/rdatastruct.h
rm -f dnstap.pb-c.c dnstap.pb-c.h include/dns/dnstap.pb-c.h
rm -f dnstap.pb-c.c dnstap.pb-c.h
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
index 98acfff..2fd6981 100644
--- a/lib/isc-pkcs11/Makefile.in

132
bind-9.11-CVE-2018-5741-atomic.patch
View File

@ -1,132 +0,0 @@
From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 17 Apr 2019 15:22:27 +0200
Subject: [PATCH] Replace atomic operations in bin/named/client.c with
isc_refcount reference counting
---
bin/named/client.c | 18 +++++++-----------
bin/named/include/named/interfacemgr.h | 5 +++--
bin/named/interfacemgr.c | 7 +++++--
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/bin/named/client.c b/bin/named/client.c
index 845326abc0..29fecadca8 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) {
static void
mark_tcp_active(ns_client_t *client, bool active) {
if (active && !client->tcpactive) {
- isc_atomic_xadd(&client->interface->ntcpactive, 1);
+ isc_refcount_increment0(&client->interface->ntcpactive, NULL);
client->tcpactive = active;
} else if (!active && client->tcpactive) {
- uint32_t old =
- isc_atomic_xadd(&client->interface->ntcpactive, -1);
- INSIST(old > 0);
+ isc_refcount_decrement(&client->interface->ntcpactive, NULL);
client->tcpactive = active;
}
}
@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) {
if (client->mortal && TCP_CLIENT(client) &&
client->newstate != NS_CLIENTSTATE_FREED &&
!ns_g_clienttest &&
- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
+ isc_refcount_current(&client->interface->ntcpaccepting) == 0)
{
/* Nobody else is accepting */
client->mortal = false;
@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
ns_client_t *client = event->ev_arg;
isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
- uint32_t old;
REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
REQUIRE(NS_CLIENT_VALID(client));
@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
INSIST(client->naccepts == 1);
client->naccepts--;
- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
- INSIST(old > 0);
+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
/*
* We must take ownership of the new socket before the exit
@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) {
* quota is tcp-clients plus the number of listening
* interfaces plus 1.)
*/
- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
- (client->tcpactive ? 1 : 0));
+ exit = (isc_refcount_current(&client->interface->ntcpactive) >
+ (client->tcpactive ? 1U : 0U));
if (exit) {
client->newstate = NS_CLIENTSTATE_INACTIVE;
(void)exit_check(client);
@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) {
* listening for connections itself to prevent the interface
* going dead.
*/
- isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
}
static void
diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
index 3535ef22a8..6e10f210fd 100644
--- a/bin/named/include/named/interfacemgr.h
+++ b/bin/named/include/named/interfacemgr.h
@@ -45,6 +45,7 @@
#include <isc/magic.h>
#include <isc/mem.h>
#include <isc/socket.h>
+#include <isc/refcount.h>
#include <dns/result.h>
@@ -75,11 +76,11 @@ struct ns_interface {
/*%< UDP dispatchers. */
isc_socket_t * tcpsocket; /*%< TCP socket. */
isc_dscp_t dscp; /*%< "listen-on" DSCP value */
- int32_t ntcpaccepting; /*%< Number of clients
+ isc_refcount_t ntcpaccepting; /*%< Number of clients
ready to accept new
TCP connections on this
interface */
- int32_t ntcpactive; /*%< Number of clients
+ isc_refcount_t ntcpactive; /*%< Number of clients
servicing TCP queries
(whether accepting or
connected) */
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index d9f6df5802..135533be6b 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
* connections will be handled in parallel even though there is
* only one client initially.
*/
- ifp->ntcpaccepting = 0;
- ifp->ntcpactive = 0;
+ isc_refcount_init(&ifp->ntcpaccepting, 0);
+ isc_refcount_init(&ifp->ntcpactive, 0);
ifp->nudpdispatch = 0;
@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
ns_interfacemgr_detach(&ifp->mgr);
+ isc_refcount_destroy(&ifp->ntcpactive);
+ isc_refcount_destroy(&ifp->ntcpaccepting);
+
ifp->magic = 0;
isc_mem_put(mctx, ifp, sizeof(*ifp));
}
--
2.18.1

85
bind-9.11-feature-test-dlz.patch
View File

@ -1,85 +0,0 @@
From 71627db6c8852d7805ec559506f5f3cb8d89a131 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 30 Jan 2019 15:12:54 +0100
Subject: [PATCH] Support DLZ filesystem detection in feature-test
Do not use variable from configure to detect the feature.
---
bin/tests/system/Makefile.in | 2 +-
bin/tests/system/dlz/{prereq.sh.in => prereq.sh} | 2 +-
bin/tests/system/feature-test.c | 9 +++++++++
configure.ac | 1 -
4 files changed, 11 insertions(+), 3 deletions(-)
rename bin/tests/system/dlz/{prereq.sh.in => prereq.sh} (91%)
diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in
index c18b4c5..dea2f75 100644
--- a/bin/tests/system/Makefile.in
+++ b/bin/tests/system/Makefile.in
@@ -19,7 +19,7 @@ SUBDIRS = dlzexternal dyndb lwresd pipelined rndc rsabigexponent tkey
CINCLUDES = ${ISC_INCLUDES} ${DNS_INCLUDES}
-CDEFINES = @USE_GSSAPI@
+CDEFINES = @USE_GSSAPI@ @CONTRIB_DLZ@
CWARNINGS =
DNSLIBS =
diff --git a/bin/tests/system/dlz/prereq.sh.in b/bin/tests/system/dlz/prereq.sh
similarity index 91%
rename from bin/tests/system/dlz/prereq.sh.in
rename to bin/tests/system/dlz/prereq.sh
index afec653..fb3328e 100644
--- a/bin/tests/system/dlz/prereq.sh.in
+++ b/bin/tests/system/dlz/prereq.sh
@@ -12,7 +12,7 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
-if [ "@DLZ_SYSTEM_TEST@" != "filesystem" ]; then
+if ! $FEATURETEST --with-dlz-filesystem; then
echo_i "DLZ filesystem driver not supported"
exit 255
fi
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index 11863a3..428d107 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -51,6 +51,7 @@ usage() {
fprintf(stderr, " --rpz-nsip\n");
fprintf(stderr, " --with-idn\n");
fprintf(stderr, " --with-lmdb\n");
+ fprintf(stderr, " --with-dlz-filesystem\n");
}
int
@@ -182,6 +183,14 @@ main(int argc, char **argv) {
#endif
}
+ if (strcmp(argv[1], "--with-dlz-filesystem") == 0) {
+#ifdef DLZ_FILESYSTEM
+ return (0);
+#else
+ return (1);
+#endif
+ }
+
if (strcmp(argv[1], "--ipv6only=no") == 0) {
#ifdef WIN32
return (0);
diff --git a/configure.ac b/configure.ac
index fddc63a..5e1ba8c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5458,7 +5458,6 @@ AC_CONFIG_FILES([
bin/tests/pkcs11/benchmarks/Makefile
bin/tests/system/Makefile
bin/tests/system/conf.sh
- bin/tests/system/dlz/prereq.sh
bin/tests/system/dlzexternal/Makefile
bin/tests/system/dlzexternal/ns1/dlzs.conf
bin/tests/system/dyndb/Makefile
--
2.20.1

32
bind-9.11-fips-code.patch
View File

@ -1,4 +1,4 @@
From 9ff202072b286ef57e0ffcd7c55777f2994d3985 Mon Sep 17 00:00:00 2001
From b8485528f5098e3360560d5b85c9ffc592619c55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:34:45 +0200
Subject: [PATCH] FIPS code changes
@ -267,7 +267,7 @@ index 2063a3b..8e856c5 100644
digestbits = 0;
}
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 011b118..5eabc1f 100644
index e75b8b7..9234d35 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -80,6 +80,7 @@
@ -396,7 +396,7 @@ index 7584efb..a153172 100644
case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 548e0ce..509784c 100644
index de60313..bbb3936 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -31,6 +31,7 @@
@ -406,8 +406,8 @@ index 548e0ce..509784c 100644
+#include <isc/md5.h>
#include <isc/mem.h>
#include <isc/parseint.h>
#include <isc/print.h>
@@ -476,9 +477,10 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len,
#include <isc/portset.h>
@@ -477,9 +478,10 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len,
strlcpy(buf, hmacstr, ISC_MIN(len + 1, sizeof(buf)));
#ifndef PK11_MD5_DISABLE
@ -420,7 +420,7 @@ index 548e0ce..509784c 100644
*hmac = DNS_TSIG_HMACMD5_NAME;
result = isc_parse_uint16(&digestbits, &buf[9], 10);
if (result != ISC_R_SUCCESS || digestbits > 128) {
@@ -591,10 +593,10 @@ setup_keystr(void) {
@@ -592,10 +594,10 @@ setup_keystr(void) {
exit(1);
}
} else {
@ -434,7 +434,7 @@ index 548e0ce..509784c 100644
#endif
name = keystr;
n = s;
@@ -731,7 +733,8 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) {
@@ -732,7 +734,8 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) {
switch (dst_key_alg(dstkey)) {
#ifndef PK11_MD5_DISABLE
case DST_ALG_HMACMD5:
@ -444,7 +444,7 @@ index 548e0ce..509784c 100644
break;
#endif
case DST_ALG_HMACSHA1:
@@ -1606,12 +1609,13 @@ evaluate_key(char *cmdline) {
@@ -1637,12 +1640,13 @@ evaluate_key(char *cmdline) {
return (STATUS_SYNTAX);
}
namestr = n + 1;
@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644
dst_key_free(&dstkey);
CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index d6fba22..ac60ba8 100644
index 2a0e735..dc80018 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -23,6 +23,7 @@
@ -633,7 +633,7 @@ index d6fba22..ac60ba8 100644
#include <isc/mem.h>
#include <isc/netaddr.h>
#include <isc/parseint.h>
@@ -2589,6 +2590,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
@@ -2590,6 +2591,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
}
algorithm = cfg_obj_asstring(algobj);
@ -966,7 +966,7 @@ index 16214c6..9b235ba 100644
/* RSASHA256 */
diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c
index 4d6847e..1a208b5 100644
index 8e5250e..9accc53 100644
--- a/lib/dns/tests/tsig_test.c
+++ b/lib/dns/tests/tsig_test.c
@@ -24,6 +24,7 @@
@ -1115,7 +1115,7 @@ index 4d29398..e3f5cec 100644
#endif /* !PK11_MD5_DISABLE */
diff --git a/lib/isc/md5.c b/lib/isc/md5.c
index 920aed5..a086a57 100644
index 249f3da..628a414 100644
--- a/lib/isc/md5.c
+++ b/lib/isc/md5.c
@@ -37,6 +37,7 @@
@ -1126,7 +1126,7 @@ index 920aed5..a086a57 100644
#include <isc/platform.h>
#include <isc/safe.h>
#include <isc/string.h>
@@ -55,6 +56,9 @@
@@ -54,6 +55,9 @@
#define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr)
#endif
@ -1136,7 +1136,7 @@ index 920aed5..a086a57 100644
void
isc_md5_init(isc_md5_t *ctx) {
ctx->ctx = EVP_MD_CTX_new();
@@ -86,8 +90,33 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
@@ -85,8 +89,33 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
ctx->ctx = NULL;
}
@ -1170,7 +1170,7 @@ index 920aed5..a086a57 100644
void
isc_md5_init(isc_md5_t *ctx) {
CK_RV rv;
@@ -130,6 +159,31 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
@@ -129,6 +158,31 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
pk11_return_session(ctx);
}
@ -1202,7 +1202,7 @@ index 920aed5..a086a57 100644
#else
static void
@@ -339,6 +393,11 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
@@ -338,6 +392,11 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
memmove(digest, ctx->buf, 16);
isc_safe_memwipe(ctx, sizeof(*ctx)); /* In case it's sensitive */
}

429
bind-9.11-fips-tests.patch
View File

@ -1,4 +1,4 @@
From 4e6888c1d32071ead4b7faeeb0f1774a6d8a1120 Mon Sep 17 00:00:00 2001
From 230ca0ddbc95a043933c36c1d182f85cf0dcc971 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -76,17 +76,14 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/catz/ns2/named.conf.in | 2 +-
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
bin/tests/system/checkconf/good.conf | 2 +-
bin/tests/system/digdelv/ns2/example.db | 15 ++--
bin/tests/system/digdelv/ns2/example.db | 15 +++--
bin/tests/system/digdelv/tests.sh | 28 ++++----
bin/tests/system/dlv/ns1/sign.sh | 4 +-
bin/tests/system/dlv/ns2/sign.sh | 4 +-
bin/tests/system/dlv/ns3/sign.sh | 69 ++++++++++---------
bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++---------
bin/tests/system/dnssec/ns1/sign.sh | 4 +-
bin/tests/system/dnssec/ns2/sign.sh | 12 ++--
bin/tests/system/dnssec/ns3/sign.sh | 20 +++---
bin/tests/system/dnssec/ns2/sign.sh | 8 +--
bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +-
bin/tests/system/dnssec/tests.sh | 8 +--
bin/tests/system/dnssec/tests.sh | 4 +-
bin/tests/system/feature-test.c | 14 ++++
bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +-
bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +-
@ -101,11 +98,11 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/tsig/clean.sh | 1 +
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
bin/tests/system/tsig/setup.sh | 5 ++
bin/tests/system/tsig/tests.sh | 67 +++++++++++-------
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
bin/tests/system/tsiggss/setup.sh | 2 +-
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +-
47 files changed, 277 insertions(+), 225 deletions(-)
44 files changed, 226 insertions(+), 175 deletions(-)
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
index 0ea6502..026db3f 100644
@ -602,37 +599,37 @@ index f4e30f5..9f53e31 100644
; TTL of 3 weeks
weeks 1814400 A 10.53.0.2
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 24aa7b3..54a3e2a 100644
index 1657dfd..299ba94 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -61,7 +61,7 @@ if [ -x ${DIG} ] ; then
@@ -88,7 +88,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -69,7 +69,7 @@ if [ -x ${DIG} ] ; then
@@ -97,7 +97,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +multi +norrcomments works for soa (when default is rrcomments)($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > dig.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -77,7 +77,7 @@ if [ -x ${DIG} ] ; then
@@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +rrcomments works for DNSKEY($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null || ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895$" < dig.out.test$n > /dev/null || ret=1
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -85,7 +85,7 @@ if [ -x ${DIG} ] ; then
@@ -115,7 +115,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +rrcomments works for DNSKEY ($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -641,7 +638,7 @@ index 24aa7b3..54a3e2a 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -93,7 +93,7 @@ if [ -x ${DIG} ] ; then
@@ -123,7 +123,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +nosplit works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -650,7 +647,7 @@ index 24aa7b3..54a3e2a 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -101,7 +101,7 @@ if [ -x ${DIG} ] ; then
@@ -131,7 +131,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +rrcomments works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -659,7 +656,7 @@ index 24aa7b3..54a3e2a 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -117,7 +117,7 @@ if [ -x ${DIG} ] ; then
@@ -148,7 +148,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +rrcomments works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -668,34 +665,34 @@ index 24aa7b3..54a3e2a 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -564,7 +564,7 @@ if [ -x ${DELV} ] ; then
@@ -661,7 +661,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -572,7 +572,7 @@ if [ -x ${DELV} ] ; then
@@ -670,7 +670,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1
check_ttl_range delv.out.test$n "SOA" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -580,7 +580,7 @@ if [ -x ${DELV} ] ; then
@@ -679,7 +679,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +rrcomments works for DNSKEY($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null || ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null || ret=1
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -588,7 +588,7 @@ if [ -x ${DELV} ] ; then
@@ -688,7 +688,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -704,7 +701,7 @@ index 24aa7b3..54a3e2a 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -596,7 +596,7 @@ if [ -x ${DELV} ] ; then
@@ -696,7 +696,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -713,7 +710,7 @@ index 24aa7b3..54a3e2a 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -604,7 +604,7 @@ if [ -x ${DELV} ] ; then
@@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -722,7 +719,7 @@ index 24aa7b3..54a3e2a 100644
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 14 || ret=1
@@ -615,7 +615,7 @@ if [ -x ${DELV} ] ; then
@@ -715,7 +715,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -732,22 +729,22 @@ index 24aa7b3..54a3e2a 100644
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 4 || ret=1
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
index b815162..2a62e58 100755
index 606e7cc..a3a0d60 100755
--- a/bin/tests/system/dlv/ns1/sign.sh
+++ b/bin/tests/system/dlv/ns1/sign.sh
@@ -23,8 +23,8 @@ infile=root.db.in
zonefile=root.db
outfile=root.signed
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
index 6f84d7a..e128303 100755
index 9825c57..202c978 100755
--- a/bin/tests/system/dlv/ns2/sign.sh
+++ b/bin/tests/system/dlv/ns2/sign.sh
@@ -24,8 +24,8 @@ zonefile=druz.db
@ -761,205 +758,6 @@ index 6f84d7a..e128303 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh
index bcc9922..846dbcc 100755
--- a/bin/tests/system/dlv/ns3/sign.sh
+++ b/bin/tests/system/dlv/ns3/sign.sh
@@ -19,6 +19,7 @@ echo_i "dlv/ns3/sign.sh"
dlvzone=dlv.utld.
dlvsets=
dssets=
+bits=1024
zone=child1.utld.
infile=child.db.in
@@ -26,8 +27,8 @@ zonefile=child1.utld.db
outfile=child1.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -42,8 +43,8 @@ zonefile=child3.utld.db
outfile=child3.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -58,8 +59,8 @@ zonefile=child4.utld.db
outfile=child4.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -73,8 +74,8 @@ zonefile=child5.utld.db
outfile=child5.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -88,8 +89,8 @@ infile=child.db.in
zonefile=child7.utld.db
outfile=child7.signed
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -103,8 +104,8 @@ infile=child.db.in
zonefile=child8.utld.db
outfile=child8.signed
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -118,8 +119,8 @@ zonefile=child9.utld.db
outfile=child9.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -132,8 +133,8 @@ zonefile=child10.utld.db
outfile=child10.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -147,8 +148,8 @@ outfile=child1.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -164,8 +165,8 @@ outfile=child3.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -181,8 +182,8 @@ outfile=child4.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -197,8 +198,8 @@ outfile=child5.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -213,8 +214,8 @@ zonefile=child7.druz.db
outfile=child7.druz.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
@@ -228,8 +229,8 @@ infile=child.db.in
zonefile=child8.druz.db
outfile=child8.druz.signed
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -243,8 +244,8 @@ zonefile=child9.druz.db
outfile=child9.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -258,8 +259,8 @@ outfile=child10.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -272,8 +273,8 @@ infile=dlv.db.in
zonefile=dlv.utld.db
outfile=dlv.signed
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
index 1e39862..4ed19ac 100755
--- a/bin/tests/system/dlv/ns6/sign.sh
@ -1147,43 +945,11 @@ index 1e39862..4ed19ac 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh
index 198d60a..d89a539 100644
--- a/bin/tests/system/dnssec/ns1/sign.sh
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -27,7 +27,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
cp ../ns6/dsset-optout-tld$TP .
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat $infile $keyname.key > $zonefile
@@ -48,6 +48,6 @@ cp managed.conf ../ns4/managed.conf
#
# Save keyid for managed key id test.
#
-keyid=`expr $keyname : 'K.+001+\(.*\)'`
+keyid=`expr $keyname : 'K.+008+\([0-9]*\)'`
keyid=`expr $keyid + 0`
echo "$keyid" > managed.key.id
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index ca18608..25b6cab 100644
index b93651a..09b12ba 100644
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -30,8 +30,8 @@ do
cp ../ns3/dsset-$subdomain.example$TP .
done
-keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -91,8 +91,8 @@ zone=in-addr.arpa.
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
infile=in-addr.arpa.db.in
zonefile=in-addr.arpa.db
@ -1194,7 +960,7 @@ index ca18608..25b6cab 100644
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
@@ -103,7 +103,7 @@ privzone=private.secure.example.
@@ -138,7 +138,7 @@ privzone=private.secure.example
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
@ -1203,102 +969,15 @@ index ca18608..25b6cab 100644
cat $privinfile $privkeyname.key >$privzonefile
@@ -117,7 +117,7 @@ dlvinfile=dlv.db.in
@@ -152,7 +152,7 @@ dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
dlvsetfile=dlvset-${privzone}${TP}
-dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
+dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $dlvzone`
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index ff55d84..4f6a251 100644
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -28,7 +28,7 @@ zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -38,8 +38,8 @@ zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db
-keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
+keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone -f KSK $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
@@ -49,7 +49,7 @@ zone=keyless.example.
infile=generic.example.db.in
zonefile=keyless.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -69,7 +69,7 @@ zone=secure.nsec3.example.
infile=secure.nsec3.example.db.in
zonefile=secure.nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -82,7 +82,7 @@ zone=nsec3.nsec3.example.
infile=nsec3.nsec3.example.db.in
zonefile=nsec3.nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -95,7 +95,7 @@ zone=optout.nsec3.example.
infile=optout.nsec3.example.db.in
zonefile=optout.nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -108,7 +108,7 @@ zone=nsec3.example.
infile=nsec3.example.db.in
zonefile=nsec3.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -121,7 +121,7 @@ zone=secure.optout.example.
infile=secure.optout.example.db.in
zonefile=secure.optout.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
cat $infile $keyname.key >$zonefile
@@ -533,7 +533,7 @@ zone=badds.example.
infile=bogus.example.db.in
zonefile=badds.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
cat $infile $keyname.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
index ed30460..e6b1126 100644
--- a/bin/tests/system/dnssec/ns5/trusted.conf.bad
@ -1311,28 +990,10 @@ index ed30460..e6b1126 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
};
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 646434f..9a10f9f 100644
index 51dc117..48cb34b 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1688,7 +1688,7 @@ ret=0
$RNDCCMD 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
keyid=`cat ns1/managed.key.id`
cp ns4/named.secroots named.secroots.test$n
-linecount=`grep "./RSAMD5/$keyid ; trusted" named.secroots.test$n | wc -l`
+linecount=`grep "./RSASHA256/$keyid ; trusted" named.secroots.test$n | wc -l`
[ "$linecount" -eq 1 ] || ret=1
linecount=`cat named.secroots.test$n | wc -l`
[ "$linecount" -eq 10 ] || ret=1
@@ -3016,7 +3016,7 @@ echo_i "check dig's +nocrypto flag ($n)"
ret=0
$DIG $DIGOPTS +norec +nocrypto DNSKEY . \
@10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1
-grep '256 3 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
+grep '256 3 8 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
$DIG $DIGOPTS +norec +nocrypto DS example \
@10.53.0.1 > dig.out.ds.ns1.test$n || ret=1
@@ -3128,8 +3128,8 @@ do
@@ -3227,8 +3227,8 @@ do
alg=`expr $alg + 1`
continue;;
3) size="-b 512";;
@ -1344,7 +1005,7 @@ index 646434f..9a10f9f 100644
8) size="-b 512";;
10) size="-b 1024";;
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index f934b63..11863a3 100644
index 3ac34e8..428d107 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -19,6 +19,7 @@
@ -1363,7 +1024,7 @@ index f934b63..11863a3 100644
fprintf(stderr, " --rpz-nsdname\n");
fprintf(stderr, " --rpz-nsip\n");
fprintf(stderr, " --with-idn\n");
@@ -136,6 +138,18 @@ main(int argc, char **argv) {
@@ -137,6 +139,18 @@ main(int argc, char **argv) {
#endif
}
@ -1488,10 +1149,10 @@ index 4549184..cb7dccd 100644
};
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index 45dfeeb..594db77 100644
index 21805c5..0d3d85c 100644
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -63,7 +63,12 @@ EOF
@@ -58,7 +58,12 @@ EOF
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
@ -1506,10 +1167,10 @@ index 45dfeeb..594db77 100644
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 901cd22..b72b59c 100755
index 4da4849..b3bc807 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -700,7 +700,14 @@ fi
@@ -708,7 +708,14 @@ fi
n=`expr $n + 1`
ret=0
echo_i "check TSIG key algorithms ($n)"
@ -1525,7 +1186,7 @@ index 901cd22..b72b59c 100755
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 ${PORT}
update add ${alg}.keytests.nil. 600 A 10.10.10.3
@@ -708,7 +715,7 @@ send
@@ -716,7 +723,7 @@ send
END
done
sleep 2

138
bind-9.11-rt31459.patch
View File

@ -1,4 +1,4 @@
From 99fc89de7b96713a7c82ea9b98d5bc0c70ad1f6e Mon Sep 17 00:00:00 2001
From 255fdf0b549ab2f138443ead0ac81bf864612217 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 12 Sep 2017 19:05:46 -0700
Subject: [PATCH] rebased rt31459c
@ -22,7 +22,7 @@ Include new unit test
bin/dnssec/dnssec-verify.c | 8 +-
bin/dnssec/dnssectool.c | 11 +-
bin/named/server.c | 6 +
bin/nsupdate/nsupdate.c | 18 +-
bin/nsupdate/nsupdate.c | 14 +-
bin/tests/makejournal.c | 6 +-
bin/tests/system/pipelined/pipequeries.c | 21 +-
bin/tests/system/pipelined/tests.sh | 4 +-
@ -49,7 +49,7 @@ Include new unit test
lib/isc/pk11.c | 12 +-
lib/isc/win32/include/isc/platform.h.in | 5 +
win32utils/Configure | 29 ++-
36 files changed, 707 insertions(+), 175 deletions(-)
36 files changed, 703 insertions(+), 175 deletions(-)
create mode 100644 lib/dns/tests/dstrandom_test.c
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
@ -71,7 +71,7 @@ index 5015abb..295e16f 100644
&entropy_source,
randomfile,
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
index 931d5de..864f2ad 100644
index 060892b..c2cc9c7 100644
--- a/bin/dnssec/dnssec-dsfromkey.c
+++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -494,14 +494,14 @@ main(int argc, char **argv) {
@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644
usekeyboard);
diff --git a/bin/named/server.c b/bin/named/server.c
index b63a386..30e7eac 100644
index 0abbbed..405ff71 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -36,6 +36,7 @@
@ -324,18 +324,10 @@ index b63a386..30e7eac 100644
}
}
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 509784c..6d7a02e 100644
index bbb3936..0286987 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -35,6 +35,7 @@
#include <isc/mem.h>
#include <isc/parseint.h>
#include <isc/print.h>
+#include <isc/platform.h>
#include <isc/random.h>
#include <isc/region.h>
#include <isc/sockaddr.h>
@@ -271,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -272,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
if (*ectx == NULL) {
result = isc_entropy_create(mctx, ectx);
if (result != ISC_R_SUCCESS)
@ -345,7 +337,7 @@ index 509784c..6d7a02e 100644
ISC_LIST_INIT(sources);
}
@@ -280,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -281,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
randomfile = NULL;
}
@ -359,7 +351,7 @@ index 509784c..6d7a02e 100644
result = isc_entropy_usebestsource(*ectx, &source, randomfile,
usekeyboard);
@@ -950,11 +959,11 @@ setup_system(void) {
@@ -979,11 +987,11 @@ setup_system(void) {
}
}
@ -373,16 +365,6 @@ index 509784c..6d7a02e 100644
result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr);
check_result(result, "dns_dispatchmgr_create");
@@ -978,6 +987,9 @@ setup_system(void) {
check_result(result, "dst_lib_init");
is_dst_up = true;
+ /* moved after dst_lib_init() */
+ isc_hash_init();
+
attrmask = DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP;
attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6;
diff --git a/bin/tests/makejournal.c b/bin/tests/makejournal.c
index 61a41b0..acc71a1 100644
--- a/bin/tests/makejournal.c
@ -707,7 +689,7 @@ index b27fc1d..e28871b 100644
parse_args(false, argc, argv);
if (server == NULL)
diff --git a/configure b/configure
index e425720..4f09c96 100755
index b219e16..4da30b9 100755
--- a/configure
+++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\
@ -718,7 +700,7 @@ index e425720..4f09c96 100755
BUILD_LIBS
BUILD_LDFLAGS
BUILD_CPPFLAGS
@@ -824,6 +825,7 @@ XMLSTATS
@@ -823,6 +824,7 @@ XMLSTATS
NZDTARGETS
NZDSRCS
NZD_TOOLS
@ -726,7 +708,7 @@ index e425720..4f09c96 100755
PKCS11_TEST
PKCS11_ED25519
PKCS11_GOST
@@ -1039,6 +1041,7 @@ with_eddsa
@@ -1038,6 +1040,7 @@ with_eddsa
with_aes
enable_openssl_hash
with_cc_alg
@ -734,7 +716,7 @@ index e425720..4f09c96 100755
with_lmdb
with_libxml2
with_libjson
@@ -1735,6 +1738,7 @@ Optional Features:
@@ -1734,6 +1737,7 @@ Optional Features:
--enable-threads enable multithreading
--enable-native-pkcs11 use native PKCS11 for all crypto [default=no]
--enable-openssl-hash use OpenSSL for hash functions [default=no]
@ -742,7 +724,7 @@ index e425720..4f09c96 100755
--enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace
@@ -16684,6 +16688,7 @@ case "$use_openssl" in
@@ -16686,6 +16690,7 @@ case "$use_openssl" in
$as_echo "disabled because of native PKCS11" >&6; }
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -750,7 +732,7 @@ index e425720..4f09c96 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16698,6 +16703,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
@@ -16700,6 +16705,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
$as_echo "no" >&6; }
DST_OPENSSL_INC=""
CRYPTO=""
@ -758,7 +740,7 @@ index e425720..4f09c96 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16710,6 +16716,7 @@ $as_echo "no" >&6; }
@@ -16712,6 +16718,7 @@ $as_echo "no" >&6; }
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -766,7 +748,7 @@ index e425720..4f09c96 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16719,7 +16726,7 @@ $as_echo "no" >&6; }
@@ -16721,7 +16728,7 @@ $as_echo "no" >&6; }
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -775,7 +757,7 @@ index e425720..4f09c96 100755
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -16750,6 +16757,7 @@ $as_echo "not found" >&6; }
@@ -16752,6 +16759,7 @@ $as_echo "not found" >&6; }
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
fi
CRYPTO='-DOPENSSL'
@ -783,7 +765,7 @@ index e425720..4f09c96 100755
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -17411,8 +17419,6 @@ fi
@@ -17413,8 +17421,6 @@ fi
# Use OpenSSL for hash functions
#
@ -792,7 +774,7 @@ index e425720..4f09c96 100755
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -17787,6 +17793,86 @@ if test "rt" = "$have_clock_gt"; then
@@ -17789,6 +17795,86 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -879,7 +861,7 @@ index e425720..4f09c96 100755
#
# was --with-lmdb specified?
#
@@ -19869,9 +19955,12 @@ _ACEOF
@@ -19871,9 +19957,12 @@ _ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
$as_echo "size_t for buflen; int for flags" >&6; }
@ -894,7 +876,7 @@ index e425720..4f09c96 100755
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
@@ -21186,12 +21275,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -21188,12 +21277,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -908,7 +890,7 @@ index e425720..4f09c96 100755
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364.
@@ -21224,6 +21308,11 @@ cat >>confdefs.h <<_ACEOF
@@ -21226,6 +21310,11 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
@ -920,7 +902,7 @@ index e425720..4f09c96 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21232,39 +21321,6 @@ _ACEOF
@@ -21234,39 +21323,6 @@ _ACEOF
fi
;;
x86_64-*|amd64-*)
@ -960,7 +942,7 @@ index e425720..4f09c96 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21295,6 +21351,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
@@ -21297,6 +21353,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
$as_echo "$arch" >&6; }
fi
@ -971,7 +953,7 @@ index e425720..4f09c96 100755
if test "yes" = "$have_atomic"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
$as_echo_n "checking compiler support for inline assembly code... " >&6; }
@@ -23848,6 +23908,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
@@ -23896,6 +23956,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
#
dlzdir='${DLZ_DRIVER_DIR}'
@ -1002,7 +984,7 @@ index e425720..4f09c96 100755
#
# Private autoconf macro to simplify configuring drivers:
#
@@ -24178,11 +24262,11 @@ $as_echo "no" >&6; }
@@ -24226,11 +24310,11 @@ $as_echo "no" >&6; }
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
;;
*)
@ -1017,7 +999,7 @@ index e425720..4f09c96 100755
fi
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
@@ -24267,7 +24351,7 @@ $as_echo "" >&6; }
@@ -24315,7 +24399,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
@ -1026,7 +1008,7 @@ index e425720..4f09c96 100755
# include a blank element first
for d in "" $bdb_incdirs
do
@@ -24292,57 +24376,9 @@ $as_echo "" >&6; }
@@ -24340,57 +24424,9 @@ $as_echo "" >&6; }
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
for d in $bdb_libnames
do
@ -1086,7 +1068,7 @@ index e425720..4f09c96 100755
break
fi
done
@@ -24501,10 +24537,10 @@ $as_echo "no" >&6; }
@@ -24549,10 +24585,10 @@ $as_echo "no" >&6; }
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
fi
@ -1100,7 +1082,7 @@ index e425720..4f09c96 100755
fi
@@ -24590,11 +24626,11 @@ fi
@@ -24638,11 +24674,11 @@ fi
odbcdirs="/usr /usr/local /usr/pkg"
for d in $odbcdirs
do
@ -1114,7 +1096,7 @@ index e425720..4f09c96 100755
break
fi
done
@@ -24869,6 +24905,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@@ -24917,6 +24953,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1123,7 +1105,7 @@ index e425720..4f09c96 100755
#
# Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody
@@ -27248,6 +27286,8 @@ report() {
@@ -27295,6 +27333,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1132,7 +1114,7 @@ index e425720..4f09c96 100755
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -27288,6 +27328,8 @@ report() {
@@ -27335,6 +27375,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1141,7 +1123,7 @@ index e425720..4f09c96 100755
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -27335,6 +27377,8 @@ report() {
@@ -27382,6 +27424,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1151,10 +1133,10 @@ index e425720..4f09c96 100755
test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/configure.ac b/configure.ac
index 7c5ad51..fddc63a 100644
index 7fd192c..5e4e839 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1503,6 +1503,7 @@ case "$use_openssl" in
@@ -1514,6 +1514,7 @@ case "$use_openssl" in
AC_MSG_RESULT(disabled because of native PKCS11)
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -1162,7 +1144,7 @@ index 7c5ad51..fddc63a 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1516,6 +1517,7 @@ case "$use_openssl" in
@@ -1527,6 +1528,7 @@ case "$use_openssl" in
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1170,7 +1152,7 @@ index 7c5ad51..fddc63a 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1528,6 +1530,7 @@ case "$use_openssl" in
@@ -1539,6 +1541,7 @@ case "$use_openssl" in
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1178,7 +1160,7 @@ index 7c5ad51..fddc63a 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1538,7 +1541,7 @@ case "$use_openssl" in
@@ -1549,7 +1552,7 @@ case "$use_openssl" in
OPENSSLLINKSRCS=""
AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -1187,7 +1169,7 @@ index 7c5ad51..fddc63a 100644
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -1568,6 +1571,7 @@ If you don't want OpenSSL, use --without-openssl])
@@ -1579,6 +1582,7 @@ If you don't want OpenSSL, use --without-openssl])
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
fi
CRYPTO='-DOPENSSL'
@ -1195,7 +1177,7 @@ index 7c5ad51..fddc63a 100644
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -2041,7 +2045,6 @@ fi
@@ -2052,7 +2056,6 @@ fi
# Use OpenSSL for hash functions
#
@ -1203,7 +1185,7 @@ index 7c5ad51..fddc63a 100644
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -2313,6 +2316,67 @@ if test "rt" = "$have_clock_gt"; then
@@ -2324,6 +2327,67 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -1271,7 +1253,7 @@ index 7c5ad51..fddc63a 100644
#
# was --with-lmdb specified?
#
@@ -4109,12 +4173,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -4120,12 +4184,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -1285,7 +1267,7 @@ index 7c5ad51..fddc63a 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -4123,7 +4187,6 @@ if test "yes" = "$use_atomic"; then
@@ -4134,7 +4198,6 @@ if test "yes" = "$use_atomic"; then
fi
;;
x86_64-*|amd64-*)
@ -1293,7 +1275,7 @@ index 7c5ad51..fddc63a 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -5541,6 +5604,8 @@ report() {
@@ -5543,6 +5606,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1302,7 +1284,7 @@ index 7c5ad51..fddc63a 100644
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -5581,6 +5646,8 @@ report() {
@@ -5583,6 +5648,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1311,7 +1293,7 @@ index 7c5ad51..fddc63a 100644
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -5628,6 +5695,8 @@ report() {
@@ -5630,6 +5697,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -2034,10 +2016,10 @@ index 5b8a2c9..913a2ce 100644
* Define if the hash functions must be provided by OpenSSL.
*/
diff --git a/win32utils/Configure b/win32utils/Configure
index ad99f89..2c55946 100644
index 27b00af..7e35d60 100644
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -381,6 +381,7 @@ my @substdefh = ("AES_CC",
@@ -380,6 +380,7 @@ my @substdefh = ("AES_CC",
my %configdefp;
my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP",
@ -2045,7 +2027,7 @@ index ad99f89..2c55946 100644
"ISC_PLATFORM_HAVEATOMICSTORE",
"ISC_PLATFORM_HAVEATOMICSTOREQ",
"ISC_PLATFORM_HAVECMPXCHG",
@@ -510,7 +511,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
@@ -509,7 +510,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
# enable-xxx/disable-xxx
@ -2055,7 +2037,7 @@ index ad99f89..2c55946 100644
"fixed-rrset",
"intrinsics",
"isc-spnego",
@@ -573,6 +575,7 @@ my @help = (
@@ -572,6 +574,7 @@ my @help = (
"\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
@ -2063,7 +2045,7 @@ index ad99f89..2c55946 100644
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n",
@@ -617,7 +620,9 @@ my $want_clean = "no";
@@ -616,7 +619,9 @@ my $want_clean = "no";
my $want_unknown = "no";
my $unknown_value;
my $enable_intrinsics = "yes";
@ -2073,7 +2055,7 @@ index ad99f89..2c55946 100644
my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "yes";
my $enable_isc_spnego = "yes";
@@ -828,6 +833,10 @@ sub myenable {
@@ -834,6 +839,10 @@ sub myenable {
if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes";
}
@ -2084,7 +2066,7 @@ index ad99f89..2c55946 100644
} elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes";
@@ -1119,6 +1128,11 @@ if ($verbose) {
@@ -1125,6 +1134,11 @@ if ($verbose) {
} else {
print "native-pkcs11: disabled\n";
}
@ -2096,7 +2078,7 @@ index ad99f89..2c55946 100644
if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n";
} else {
@@ -1472,6 +1486,7 @@ if ($enable_intrinsics eq "yes") {
@@ -1478,6 +1492,7 @@ if ($enable_intrinsics eq "yes") {
# enable-native-pkcs11
if ($enable_native_pkcs11 eq "yes") {
@ -2104,7 +2086,7 @@ index ad99f89..2c55946 100644
if ($use_openssl eq "auto") {
$use_openssl = "no";
}
@@ -1681,6 +1696,7 @@ if ($use_openssl eq "yes") {
@@ -1687,6 +1702,7 @@ if ($use_openssl eq "yes") {
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
}
@ -2112,7 +2094,7 @@ index ad99f89..2c55946 100644
$configcond{"OPENSSL"} = 1;
$configdefd{"CRYPTO"} = "OPENSSL";
$configvar{"OPENSSL_PATH"} = "$openssl_path";
@@ -2232,6 +2248,15 @@ if ($cookie_algorithm eq "sha1") {
@@ -2238,6 +2254,15 @@ if ($cookie_algorithm eq "sha1") {
die "Unrecognized cookie algorithm: $cookie_algorithm\n";
}
@ -2128,7 +2110,7 @@ index ad99f89..2c55946 100644
# enable-openssl-hash
if ($enable_openssl_hash eq "yes") {
if ($use_openssl eq "no") {
@@ -3558,6 +3583,7 @@ exit 0;
@@ -3564,6 +3589,7 @@ exit 0;
# --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported
@ -2136,7 +2118,7 @@ index ad99f89..2c55946 100644
# --enable-openssl-version-check included without a way to disable it
# --enable-openssl-hash supported
# --enable-threads included without a way to disable it
@@ -3583,6 +3609,7 @@ exit 0;
@@ -3589,6 +3615,7 @@ exit 0;
# --with-gost supported
# --with-aes supported
# --with-cc-alg supported

14
bind-9.11-tests-variants.patch
View File

@ -1,4 +1,4 @@
From 7d689f77714430a4ef6cead040ec304dca0b8bd3 Mon Sep 17 00:00:00 2001
From 06a22ff20ac3d68fa1f995c91068b43392425e43 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 1 Mar 2019 15:48:20 +0100
Subject: [PATCH] Make alternative named builds testable in system tests
@ -17,19 +17,19 @@ export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index b072af8..d2cb8ed 100644
index 4b0fe39..f135af6 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -27,7 +27,7 @@ ALTERNATIVE_ALGORITHM=RSASHA1
ALTERNATIVE_ALGORITHM_NUMBER=5
ALTERNATIVE_BITS=1280
@@ -34,7 +34,7 @@ DISABLED_ALGORITHM=ECDSAP384SHA384
DISABLED_ALGORITHM_NUMBER=14
DISABLED_BITS=384
-NAMED=$TOP/bin/named/named
+NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT}
# We must use "named -l" instead of "lwresd" because argv[0] is lost
# if the program is libtoolized.
LWRESD="$TOP/bin/named/named -l"
@@ -38,13 +38,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
@@ -45,13 +45,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
@ -51,7 +51,7 @@ index b072af8..d2cb8ed 100644
CHECKDS=$TOP/bin/python/dnssec-checkds
COVERAGE=$TOP/bin/python/dnssec-coverage
KEYMGR=$TOP/bin/python/dnssec-keymgr
@@ -64,7 +65,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
@@ -71,7 +72,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
MDIG=$TOP/bin/tools/mdig
NZD2NZF=$TOP/bin/tools/named-nzd2nzf
FSTRM_CAPTURE=@FSTRM_CAPTURE@

38
bind-9.11-unit-dnstap-pkcs11.patch
View File

@ -1,38 +0,0 @@
From dca9eea70cb33062905aefc389266da931e9d0d6 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 14 Mar 2019 15:48:37 +0100
Subject: [PATCH] Set TZ again before dns library is initialized
PKCS11 uses it, initializes TZ offset from dst init. Setting environment
in test is too late since use of cmocka.
---
lib/dns/tests/dnstap_test.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c
index 22d6dc3..5a60b12 100644
--- a/lib/dns/tests/dnstap_test.c
+++ b/lib/dns/tests/dnstap_test.c
@@ -309,9 +309,6 @@ totext_test(void **state) {
UNUSED(state);
- /* make sure text conversion gets the right local time */
- setenv("TZ", "PST8", 1);
-
result = dns_dt_open(TAPSAVED, dns_dtmode_file, mctx, &handle);
assert_int_equal(result, ISC_R_SUCCESS);
@@ -378,6 +375,9 @@ main(void) {
cmocka_unit_test_setup_teardown(totext_test, _setup, _teardown),
};
+ /* make sure text conversion gets the right local time */
+ setenv("TZ", "PST8", 1);
+
return (cmocka_run_group_tests(tests, dns_test_init, dns_test_final));
#else
print_message("1..0 # Skip dnstap not enabled\n");
--
2.20.1

49
bind-9.11-unit-timer-nothread.patch
View File

@ -1,49 +0,0 @@
From c88ba11ced1311e91a73ffdf42114ed14a805725 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 14 Mar 2019 21:05:34 +0100
Subject: [PATCH] Workaround to kyua bug
Kyua 0.13 is not able to correctly handle whole test skipping.
Make workaround to it, include skipping message.
---
lib/isc/tests/timer_test.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/lib/isc/tests/timer_test.c b/lib/isc/tests/timer_test.c
index f69f2b3..050cf6d 100644
--- a/lib/isc/tests/timer_test.c
+++ b/lib/isc/tests/timer_test.c
@@ -573,14 +573,13 @@ purge(void **state) {
int
main(int argc, char **argv) {
- const struct CMUnitTest tests[] = {
#ifdef ISC_PLATFORM_USETHREADS
+ const struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(ticker, _setup, _teardown),
cmocka_unit_test_setup_teardown(once_life, _setup, _teardown),
cmocka_unit_test_setup_teardown(once_idle, _setup, _teardown),
cmocka_unit_test_setup_teardown(reset, _setup, _teardown),
cmocka_unit_test_setup_teardown(purge, _setup, _teardown),
-#endif
};
int c;
@@ -595,6 +594,14 @@ main(int argc, char **argv) {
}
return (cmocka_run_group_tests(tests, NULL, NULL));
+#else
+ UNUSED(argc);
+ UNUSED(argv);
+ UNUSED(verbose);
+
+ printf("1..0 # Skipped: threads disabled\n");
+ return (0);
+#endif
}
#else /* HAVE_CMOCKA */
--
2.20.1

50
bind-9.3.2b1-fix_sdb_ldap.patch
View File

@ -36,10 +36,10 @@ index 95ab742..6069f09 100644
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c
index 23dd873..d56bc56 100644
index aa2c711..76186b5 100644
--- a/bin/sdb_tools/zone2ldap.c
+++ b/bin/sdb_tools/zone2ldap.c
@@ -65,6 +66,9 @@ ldap_info;
@@ -66,6 +66,9 @@ ldap_info;
/* usage Info */
void usage (void);
@ -49,7 +49,7 @@ index 23dd873..d56bc56 100644
/* Add to the ldap dit */
void add_ldap_values (ldap_info * ldinfo);
@@ -81,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
@@ -82,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
int get_attr_list_size (char **tmp);
/* Get a DN */
@ -58,7 +58,7 @@ index 23dd873..d56bc56 100644
/* Add to RR list */
void add_to_rr_list (char *dn, char *name, char *type, char *data,
@@ -103,11 +107,27 @@ void
@@ -104,11 +107,27 @@ void
init_ldap_conn ();
void usage();
@ -91,7 +91,7 @@ index 23dd873..d56bc56 100644
LDAP *conn;
unsigned int debug = 0;
@@ -131,12 +151,12 @@ main (int argc, char **argv)
@@ -132,12 +151,12 @@ main (int argc, char **argv)
isc_result_t result;
char *basedn;
ldap_info *tmp;
@ -107,7 +107,7 @@ index 23dd873..d56bc56 100644
dns_fixedname_t fixedzone, fixedname;
dns_rdataset_t rdataset;
char **dc_list;
@@ -149,7 +169,7 @@ main (int argc, char **argv)
@@ -150,7 +169,7 @@ main (int argc, char **argv)
extern char *optarg;
extern int optind, opterr, optopt;
int create_base = 0;
@ -116,7 +116,7 @@ index 23dd873..d56bc56 100644
if (argc < 2)
{
@@ -157,7 +177,7 @@ main (int argc, char **argv)
@@ -158,7 +177,7 @@ main (int argc, char **argv)
exit (-1);
}
@ -125,7 +125,7 @@ index 23dd873..d56bc56 100644
{
switch (topt)
{
@@ -180,6 +200,9 @@ main (int argc, char **argv)
@@ -181,6 +200,9 @@ main (int argc, char **argv)
if (bindpw == NULL)
fatal("strdup");
break;
@ -135,7 +135,7 @@ index 23dd873..d56bc56 100644
case 'b':
ldapbase = strdup (optarg);
if (ldapbase == NULL)
@@ -301,27 +324,62 @@ main (int argc, char **argv)
@@ -300,27 +322,62 @@ main (int argc, char **argv)
{
if (debug)
printf ("Creating base zone DN %s\n", argzone);
@ -208,7 +208,7 @@ index 23dd873..d56bc56 100644
}
else
{
@@ -330,8 +388,13 @@ main (int argc, char **argv)
@@ -329,8 +386,13 @@ main (int argc, char **argv)
else
sprintf (fullbasedn, "%s", ctmp);
}
@ -222,7 +222,7 @@ index 23dd873..d56bc56 100644
}
}
@@ -409,14 +472,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
@@ -408,14 +470,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
isc_result_check (result, "dns_rdata_totext");
data[isc_buffer_usedlength (&buff)] = 0;
@ -240,7 +240,7 @@ index 23dd873..d56bc56 100644
}
@@ -456,7 +519,8 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -455,7 +517,8 @@ add_to_rr_list (char *dn, char *name, char *type,
int attrlist;
char ldap_type_buffer[128];
char charttl[64];
@ -250,7 +250,7 @@ index 23dd873..d56bc56 100644
if ((tmp = locate_by_dn (dn)) == NULL)
{
@@ -483,13 +547,13 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -482,13 +545,13 @@ add_to_rr_list (char *dn, char *name, char *type,
fatal("malloc");
}
tmp->attrs[0]->mod_op = LDAP_MOD_ADD;
@ -267,7 +267,7 @@ index 23dd873..d56bc56 100644
tmp->attrs[1] = NULL;
tmp->attrcnt = 2;
tmp->next = ldap_info_base;
@@ -498,7 +562,7 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -497,7 +560,7 @@ add_to_rr_list (char *dn, char *name, char *type,
}
tmp->attrs[1]->mod_op = LDAP_MOD_ADD;
@ -276,7 +276,7 @@ index 23dd873..d56bc56 100644
tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2);
if (tmp->attrs[1]->mod_values == (char **)NULL)
@@ -527,7 +591,7 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -526,7 +589,7 @@ add_to_rr_list (char *dn, char *name, char *type,
fatal("strdup");
tmp->attrs[3]->mod_op = LDAP_MOD_ADD;
@ -285,7 +285,7 @@ index 23dd873..d56bc56 100644
tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2);
if (tmp->attrs[3]->mod_values == (char **)NULL)
@@ -540,14 +604,25 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -539,14 +602,25 @@ add_to_rr_list (char *dn, char *name, char *type,
if (tmp->attrs[3]->mod_values[0] == NULL)
fatal("strdup");
@ -313,7 +313,7 @@ index 23dd873..d56bc56 100644
tmp->attrs[4]->mod_values[1] = NULL;
tmp->attrs[5] = NULL;
@@ -558,7 +633,7 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -557,7 +631,7 @@ add_to_rr_list (char *dn, char *name, char *type,
else
{
@ -322,7 +322,7 @@ index 23dd873..d56bc56 100644
{
sprintf (ldap_type_buffer, "%sRecord", type);
if (!strncmp
@@ -632,44 +707,70 @@ char **
@@ -631,44 +705,70 @@ char **
hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
{
char *tmp;
@ -430,7 +430,7 @@ index 23dd873..d56bc56 100644
dn_buffer[i] = NULL;
return dn_buffer;
@@ -681,24 +782,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
@@ -680,24 +780,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
* exception of "@"/SOA. */
char *
@ -459,7 +459,7 @@ index 23dd873..d56bc56 100644
if (flag == WI_SPEC)
{
if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl))
- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%d,", dc_list[x], ttl);
- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%u,", dc_list[x], ttl);
+ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
else if (x == (size - 2))
- sprintf(tmp, "relativeDomainName=%s,",dc_list[x]);
@ -467,7 +467,7 @@ index 23dd873..d56bc56 100644
else
sprintf(tmp,"dc=%s,", dc_list[x]);
}
@@ -724,6 +833,7 @@ void
@@ -723,6 +831,7 @@ void
init_ldap_conn ()
{
int result;
@ -475,7 +475,7 @@ index 23dd873..d56bc56 100644
conn = ldap_open (ldapsystem, LDAP_PORT);
if (conn == NULL)
{
@@ -733,7 +843,7 @@ init_ldap_conn ()
@@ -732,7 +841,7 @@ init_ldap_conn ()
}
result = ldap_simple_bind_s (conn, binddn, bindpw);
@ -484,7 +484,7 @@ index 23dd873..d56bc56 100644
}
/* Like isc_result_check, only for LDAP */
@@ -750,8 +860,6 @@ ldap_result_check (const char *msg, char *dn, int err)
@@ -749,8 +858,6 @@ ldap_result_check (const char *msg, char *dn, int err)
}
}
@ -493,7 +493,7 @@ index 23dd873..d56bc56 100644
/* For running the ldap_info run queue. */
void
add_ldap_values (ldap_info * ldinfo)
@@ -759,14 +867,14 @@ add_ldap_values (ldap_info * ldinfo)
@@ -758,14 +865,14 @@ add_ldap_values (ldap_info * ldinfo)
int result;
char dnbuffer[1024];
@ -510,7 +510,7 @@ index 23dd873..d56bc56 100644
}
@@ -777,5 +885,5 @@ void
@@ -776,5 +883,5 @@ void
usage ()
{
fprintf (stderr,

12
bind.spec
View File

@ -44,8 +44,8 @@
#
# lib*.so.X versions of selected libraries
%global sover_dns 1105
%global sover_isc 1100
%global sover_dns 1106
%global sover_isc 1102
%global sover_irs 161
%global sover_isccfg 163
@ -135,13 +135,9 @@ Patch164:bind-9.11-rh1666814.patch
Patch165:bind-9.11-rh1647829.patch
# random_test fails too often by random, disable it
Patch168:bind-9.11-unit-disable-random.patch
Patch169:bind-9.11-feature-test-dlz.patch
Patch170:bind-9.11-feature-test-named.patch
Patch171:bind-9.11-tests-variants.patch
Patch172:bind-9.11-tests-pkcs11.patch
Patch173: bind-9.11-unit-dnstap-pkcs11.patch
Patch174: bind-9.11-unit-timer-nothread.patch
Patch175: bind-9.11-CVE-2018-5741-atomic.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -518,13 +514,9 @@ are used for building ISC DHCP.
%patch164 -p1 -b .rh1666814
%patch165 -p1 -b .rh1647829
%patch168 -p1 -b .random_test-disable
%patch169 -p1 -b .featuretest-dlz
%patch170 -p1 -b .featuretest-named
%patch171 -p1 -b .test-variant
%patch172 -p1 -b .test-pkcs11
%patch173 -p1 -b .unit-dnstap
%patch174 -p1 -b .unit-timer
%patch175 -p1 -b .CVE-2018-5741-atomic
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data