Update patches to new sources
Modify current and remove already merged patches. Adjust versions of so libs.
This commit is contained in:
parent
625ca235be
commit
2a466330c5
@ -300,10 +300,10 @@ index a058c91..d4b689a 100644
|
||||
DEPLIBS = ${ISCDEPLIBS}
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 5e1ba8c..7aff0e6 100644
|
||||
index 5e4e839..0ef2c8f 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1070,12 +1070,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
@@ -1081,12 +1081,14 @@ AC_SUBST(USE_GSSAPI)
|
||||
AC_SUBST(DST_GSSAPI_INC)
|
||||
AC_SUBST(DNS_GSSAPI_LIBS)
|
||||
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
|
||||
@ -318,7 +318,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
|
||||
#
|
||||
# was --with-randomdev specified?
|
||||
@@ -1460,11 +1462,11 @@ fi
|
||||
@@ -1471,11 +1473,11 @@ fi
|
||||
AC_MSG_CHECKING(for OpenSSL library)
|
||||
OPENSSL_WARNING=
|
||||
openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
|
||||
@ -335,7 +335,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
|
||||
if test "auto" = "$use_openssl"
|
||||
then
|
||||
@@ -1477,6 +1479,7 @@ then
|
||||
@@ -1488,6 +1490,7 @@ then
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@ -343,7 +343,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
OPENSSL_ECDSA=""
|
||||
OPENSSL_GOST=""
|
||||
OPENSSL_ED25519=""
|
||||
@@ -1498,11 +1501,10 @@ case "$with_gost" in
|
||||
@@ -1509,11 +1512,10 @@ case "$with_gost" in
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -358,7 +358,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
CRYPTOLIB="pkcs11"
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
@@ -1512,7 +1514,9 @@ case "$use_openssl" in
|
||||
@@ -1523,7 +1525,9 @@ case "$use_openssl" in
|
||||
OPENSSLGOSTLINKSRCS=""
|
||||
OPENSSLLINKOBJS=""
|
||||
OPENSSLLINKSRCS=""
|
||||
@ -369,7 +369,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
no)
|
||||
AC_MSG_RESULT(no)
|
||||
DST_OPENSSL_INC=""
|
||||
@@ -1544,7 +1548,7 @@ case "$use_openssl" in
|
||||
@@ -1555,7 +1559,7 @@ case "$use_openssl" in
|
||||
If you do not want OpenSSL, use --without-openssl])
|
||||
;;
|
||||
*)
|
||||
@ -378,7 +378,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
then
|
||||
AC_MSG_RESULT()
|
||||
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
|
||||
@@ -1972,6 +1976,7 @@ AC_SUBST(OPENSSL_ED25519)
|
||||
@@ -1983,6 +1987,7 @@ AC_SUBST(OPENSSL_ED25519)
|
||||
AC_SUBST(OPENSSL_GOST)
|
||||
|
||||
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
|
||||
@ -386,7 +386,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
|
||||
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
|
||||
if test "yes" = "$with_aes"
|
||||
@@ -2295,6 +2300,7 @@ esac
|
||||
@@ -2306,6 +2311,7 @@ esac
|
||||
AC_SUBST(PKCS11LINKOBJS)
|
||||
AC_SUBST(PKCS11LINKSRCS)
|
||||
AC_SUBST(CRYPTO)
|
||||
@ -394,7 +394,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
AC_SUBST(PKCS11_ECDSA)
|
||||
AC_SUBST(PKCS11_GOST)
|
||||
AC_SUBST(PKCS11_ED25519)
|
||||
@@ -5425,8 +5431,11 @@ AC_CONFIG_FILES([
|
||||
@@ -5428,8 +5434,11 @@ AC_CONFIG_FILES([
|
||||
bin/delv/Makefile
|
||||
bin/dig/Makefile
|
||||
bin/dnssec/Makefile
|
||||
@ -406,7 +406,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
bin/nsupdate/Makefile
|
||||
bin/pkcs11/Makefile
|
||||
bin/python/Makefile
|
||||
@@ -5499,6 +5508,10 @@ AC_CONFIG_FILES([
|
||||
@@ -5502,6 +5511,10 @@ AC_CONFIG_FILES([
|
||||
lib/dns/include/dns/Makefile
|
||||
lib/dns/include/dst/Makefile
|
||||
lib/dns/tests/Makefile
|
||||
@ -417,7 +417,7 @@ index 5e1ba8c..7aff0e6 100644
|
||||
lib/irs/Makefile
|
||||
lib/irs/include/Makefile
|
||||
lib/irs/include/irs/Makefile
|
||||
@@ -5523,6 +5536,24 @@ AC_CONFIG_FILES([
|
||||
@@ -5526,6 +5539,24 @@ AC_CONFIG_FILES([
|
||||
lib/isc/unix/include/Makefile
|
||||
lib/isc/unix/include/isc/Makefile
|
||||
lib/isc/unix/include/pkcs11/Makefile
|
||||
@ -456,7 +456,7 @@ index 81270a0..bcb5312 100644
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
|
||||
index 068bbac..d7f3d95 100644
|
||||
index 56dd259..f9aa782 100644
|
||||
--- a/lib/dns-pkcs11/Makefile.in
|
||||
+++ b/lib/dns-pkcs11/Makefile.in
|
||||
@@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@
|
||||
@ -501,12 +501,8 @@ index 068bbac..d7f3d95 100644
|
||||
|
||||
include: gen
|
||||
${MAKE} include/dns/enumtype.h
|
||||
@@ -180,25 +180,25 @@ code.h: gen
|
||||
./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; }
|
||||
|
||||
gen: gen.c
|
||||
- ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
|
||||
+ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \
|
||||
@@ -183,22 +183,22 @@ gen: gen.c
|
||||
${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
|
||||
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
|
||||
|
||||
-timestamp: include libdns.@A@
|
||||
@ -532,7 +528,7 @@ index 068bbac..d7f3d95 100644
|
||||
+ rm -f libdns-pkcs11.@A@ timestamp
|
||||
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
|
||||
rm -f include/dns/rdatastruct.h
|
||||
rm -f dnstap.pb-c.c dnstap.pb-c.h include/dns/dnstap.pb-c.h
|
||||
rm -f dnstap.pb-c.c dnstap.pb-c.h
|
||||
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
|
||||
index 98acfff..2fd6981 100644
|
||||
--- a/lib/isc-pkcs11/Makefile.in
|
||||
|
@ -1,132 +0,0 @@
|
||||
From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
|
||||
Date: Wed, 17 Apr 2019 15:22:27 +0200
|
||||
Subject: [PATCH] Replace atomic operations in bin/named/client.c with
|
||||
isc_refcount reference counting
|
||||
|
||||
---
|
||||
bin/named/client.c | 18 +++++++-----------
|
||||
bin/named/include/named/interfacemgr.h | 5 +++--
|
||||
bin/named/interfacemgr.c | 7 +++++--
|
||||
3 files changed, 15 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/bin/named/client.c b/bin/named/client.c
|
||||
index 845326abc0..29fecadca8 100644
|
||||
--- a/bin/named/client.c
|
||||
+++ b/bin/named/client.c
|
||||
@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) {
|
||||
static void
|
||||
mark_tcp_active(ns_client_t *client, bool active) {
|
||||
if (active && !client->tcpactive) {
|
||||
- isc_atomic_xadd(&client->interface->ntcpactive, 1);
|
||||
+ isc_refcount_increment0(&client->interface->ntcpactive, NULL);
|
||||
client->tcpactive = active;
|
||||
} else if (!active && client->tcpactive) {
|
||||
- uint32_t old =
|
||||
- isc_atomic_xadd(&client->interface->ntcpactive, -1);
|
||||
- INSIST(old > 0);
|
||||
+ isc_refcount_decrement(&client->interface->ntcpactive, NULL);
|
||||
client->tcpactive = active;
|
||||
}
|
||||
}
|
||||
@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) {
|
||||
if (client->mortal && TCP_CLIENT(client) &&
|
||||
client->newstate != NS_CLIENTSTATE_FREED &&
|
||||
!ns_g_clienttest &&
|
||||
- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
|
||||
+ isc_refcount_current(&client->interface->ntcpaccepting) == 0)
|
||||
{
|
||||
/* Nobody else is accepting */
|
||||
client->mortal = false;
|
||||
@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
|
||||
isc_result_t result;
|
||||
ns_client_t *client = event->ev_arg;
|
||||
isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
|
||||
- uint32_t old;
|
||||
|
||||
REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
|
||||
REQUIRE(NS_CLIENT_VALID(client));
|
||||
@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
|
||||
INSIST(client->naccepts == 1);
|
||||
client->naccepts--;
|
||||
|
||||
- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
|
||||
- INSIST(old > 0);
|
||||
+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
|
||||
|
||||
/*
|
||||
* We must take ownership of the new socket before the exit
|
||||
@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) {
|
||||
* quota is tcp-clients plus the number of listening
|
||||
* interfaces plus 1.)
|
||||
*/
|
||||
- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
|
||||
- (client->tcpactive ? 1 : 0));
|
||||
+ exit = (isc_refcount_current(&client->interface->ntcpactive) >
|
||||
+ (client->tcpactive ? 1U : 0U));
|
||||
if (exit) {
|
||||
client->newstate = NS_CLIENTSTATE_INACTIVE;
|
||||
(void)exit_check(client);
|
||||
@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) {
|
||||
* listening for connections itself to prevent the interface
|
||||
* going dead.
|
||||
*/
|
||||
- isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
|
||||
+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
|
||||
}
|
||||
|
||||
static void
|
||||
diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
|
||||
index 3535ef22a8..6e10f210fd 100644
|
||||
--- a/bin/named/include/named/interfacemgr.h
|
||||
+++ b/bin/named/include/named/interfacemgr.h
|
||||
@@ -45,6 +45,7 @@
|
||||
#include <isc/magic.h>
|
||||
#include <isc/mem.h>
|
||||
#include <isc/socket.h>
|
||||
+#include <isc/refcount.h>
|
||||
|
||||
#include <dns/result.h>
|
||||
|
||||
@@ -75,11 +76,11 @@ struct ns_interface {
|
||||
/*%< UDP dispatchers. */
|
||||
isc_socket_t * tcpsocket; /*%< TCP socket. */
|
||||
isc_dscp_t dscp; /*%< "listen-on" DSCP value */
|
||||
- int32_t ntcpaccepting; /*%< Number of clients
|
||||
+ isc_refcount_t ntcpaccepting; /*%< Number of clients
|
||||
ready to accept new
|
||||
TCP connections on this
|
||||
interface */
|
||||
- int32_t ntcpactive; /*%< Number of clients
|
||||
+ isc_refcount_t ntcpactive; /*%< Number of clients
|
||||
servicing TCP queries
|
||||
(whether accepting or
|
||||
connected) */
|
||||
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
|
||||
index d9f6df5802..135533be6b 100644
|
||||
--- a/bin/named/interfacemgr.c
|
||||
+++ b/bin/named/interfacemgr.c
|
||||
@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
|
||||
* connections will be handled in parallel even though there is
|
||||
* only one client initially.
|
||||
*/
|
||||
- ifp->ntcpaccepting = 0;
|
||||
- ifp->ntcpactive = 0;
|
||||
+ isc_refcount_init(&ifp->ntcpaccepting, 0);
|
||||
+ isc_refcount_init(&ifp->ntcpactive, 0);
|
||||
|
||||
ifp->nudpdispatch = 0;
|
||||
|
||||
@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
|
||||
|
||||
ns_interfacemgr_detach(&ifp->mgr);
|
||||
|
||||
+ isc_refcount_destroy(&ifp->ntcpactive);
|
||||
+ isc_refcount_destroy(&ifp->ntcpaccepting);
|
||||
+
|
||||
ifp->magic = 0;
|
||||
isc_mem_put(mctx, ifp, sizeof(*ifp));
|
||||
}
|
||||
--
|
||||
2.18.1
|
||||
|
@ -1,85 +0,0 @@
|
||||
From 71627db6c8852d7805ec559506f5f3cb8d89a131 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Wed, 30 Jan 2019 15:12:54 +0100
|
||||
Subject: [PATCH] Support DLZ filesystem detection in feature-test
|
||||
|
||||
Do not use variable from configure to detect the feature.
|
||||
---
|
||||
bin/tests/system/Makefile.in | 2 +-
|
||||
bin/tests/system/dlz/{prereq.sh.in => prereq.sh} | 2 +-
|
||||
bin/tests/system/feature-test.c | 9 +++++++++
|
||||
configure.ac | 1 -
|
||||
4 files changed, 11 insertions(+), 3 deletions(-)
|
||||
rename bin/tests/system/dlz/{prereq.sh.in => prereq.sh} (91%)
|
||||
|
||||
diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in
|
||||
index c18b4c5..dea2f75 100644
|
||||
--- a/bin/tests/system/Makefile.in
|
||||
+++ b/bin/tests/system/Makefile.in
|
||||
@@ -19,7 +19,7 @@ SUBDIRS = dlzexternal dyndb lwresd pipelined rndc rsabigexponent tkey
|
||||
|
||||
CINCLUDES = ${ISC_INCLUDES} ${DNS_INCLUDES}
|
||||
|
||||
-CDEFINES = @USE_GSSAPI@
|
||||
+CDEFINES = @USE_GSSAPI@ @CONTRIB_DLZ@
|
||||
CWARNINGS =
|
||||
|
||||
DNSLIBS =
|
||||
diff --git a/bin/tests/system/dlz/prereq.sh.in b/bin/tests/system/dlz/prereq.sh
|
||||
similarity index 91%
|
||||
rename from bin/tests/system/dlz/prereq.sh.in
|
||||
rename to bin/tests/system/dlz/prereq.sh
|
||||
index afec653..fb3328e 100644
|
||||
--- a/bin/tests/system/dlz/prereq.sh.in
|
||||
+++ b/bin/tests/system/dlz/prereq.sh
|
||||
@@ -12,7 +12,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
-if [ "@DLZ_SYSTEM_TEST@" != "filesystem" ]; then
|
||||
+if ! $FEATURETEST --with-dlz-filesystem; then
|
||||
echo_i "DLZ filesystem driver not supported"
|
||||
exit 255
|
||||
fi
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index 11863a3..428d107 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -51,6 +51,7 @@ usage() {
|
||||
fprintf(stderr, " --rpz-nsip\n");
|
||||
fprintf(stderr, " --with-idn\n");
|
||||
fprintf(stderr, " --with-lmdb\n");
|
||||
+ fprintf(stderr, " --with-dlz-filesystem\n");
|
||||
}
|
||||
|
||||
int
|
||||
@@ -182,6 +183,14 @@ main(int argc, char **argv) {
|
||||
#endif
|
||||
}
|
||||
|
||||
+ if (strcmp(argv[1], "--with-dlz-filesystem") == 0) {
|
||||
+#ifdef DLZ_FILESYSTEM
|
||||
+ return (0);
|
||||
+#else
|
||||
+ return (1);
|
||||
+#endif
|
||||
+ }
|
||||
+
|
||||
if (strcmp(argv[1], "--ipv6only=no") == 0) {
|
||||
#ifdef WIN32
|
||||
return (0);
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index fddc63a..5e1ba8c 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -5458,7 +5458,6 @@ AC_CONFIG_FILES([
|
||||
bin/tests/pkcs11/benchmarks/Makefile
|
||||
bin/tests/system/Makefile
|
||||
bin/tests/system/conf.sh
|
||||
- bin/tests/system/dlz/prereq.sh
|
||||
bin/tests/system/dlzexternal/Makefile
|
||||
bin/tests/system/dlzexternal/ns1/dlzs.conf
|
||||
bin/tests/system/dyndb/Makefile
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 9ff202072b286ef57e0ffcd7c55777f2994d3985 Mon Sep 17 00:00:00 2001
|
||||
From b8485528f5098e3360560d5b85c9ffc592619c55 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:34:45 +0200
|
||||
Subject: [PATCH] FIPS code changes
|
||||
@ -267,7 +267,7 @@ index 2063a3b..8e856c5 100644
|
||||
digestbits = 0;
|
||||
}
|
||||
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
|
||||
index 011b118..5eabc1f 100644
|
||||
index e75b8b7..9234d35 100644
|
||||
--- a/bin/dig/dighost.c
|
||||
+++ b/bin/dig/dighost.c
|
||||
@@ -80,6 +80,7 @@
|
||||
@ -396,7 +396,7 @@ index 7584efb..a153172 100644
|
||||
case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
|
||||
case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
|
||||
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
|
||||
index 548e0ce..509784c 100644
|
||||
index de60313..bbb3936 100644
|
||||
--- a/bin/nsupdate/nsupdate.c
|
||||
+++ b/bin/nsupdate/nsupdate.c
|
||||
@@ -31,6 +31,7 @@
|
||||
@ -406,8 +406,8 @@ index 548e0ce..509784c 100644
|
||||
+#include <isc/md5.h>
|
||||
#include <isc/mem.h>
|
||||
#include <isc/parseint.h>
|
||||
#include <isc/print.h>
|
||||
@@ -476,9 +477,10 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len,
|
||||
#include <isc/portset.h>
|
||||
@@ -477,9 +478,10 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len,
|
||||
strlcpy(buf, hmacstr, ISC_MIN(len + 1, sizeof(buf)));
|
||||
|
||||
#ifndef PK11_MD5_DISABLE
|
||||
@ -420,7 +420,7 @@ index 548e0ce..509784c 100644
|
||||
*hmac = DNS_TSIG_HMACMD5_NAME;
|
||||
result = isc_parse_uint16(&digestbits, &buf[9], 10);
|
||||
if (result != ISC_R_SUCCESS || digestbits > 128) {
|
||||
@@ -591,10 +593,10 @@ setup_keystr(void) {
|
||||
@@ -592,10 +594,10 @@ setup_keystr(void) {
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
@ -434,7 +434,7 @@ index 548e0ce..509784c 100644
|
||||
#endif
|
||||
name = keystr;
|
||||
n = s;
|
||||
@@ -731,7 +733,8 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) {
|
||||
@@ -732,7 +734,8 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) {
|
||||
switch (dst_key_alg(dstkey)) {
|
||||
#ifndef PK11_MD5_DISABLE
|
||||
case DST_ALG_HMACMD5:
|
||||
@ -444,7 +444,7 @@ index 548e0ce..509784c 100644
|
||||
break;
|
||||
#endif
|
||||
case DST_ALG_HMACSHA1:
|
||||
@@ -1606,12 +1609,13 @@ evaluate_key(char *cmdline) {
|
||||
@@ -1637,12 +1640,13 @@ evaluate_key(char *cmdline) {
|
||||
return (STATUS_SYNTAX);
|
||||
}
|
||||
namestr = n + 1;
|
||||
@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644
|
||||
dst_key_free(&dstkey);
|
||||
CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
|
||||
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
|
||||
index d6fba22..ac60ba8 100644
|
||||
index 2a0e735..dc80018 100644
|
||||
--- a/lib/bind9/check.c
|
||||
+++ b/lib/bind9/check.c
|
||||
@@ -23,6 +23,7 @@
|
||||
@ -633,7 +633,7 @@ index d6fba22..ac60ba8 100644
|
||||
#include <isc/mem.h>
|
||||
#include <isc/netaddr.h>
|
||||
#include <isc/parseint.h>
|
||||
@@ -2589,6 +2590,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
|
||||
@@ -2590,6 +2591,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
|
||||
}
|
||||
|
||||
algorithm = cfg_obj_asstring(algobj);
|
||||
@ -966,7 +966,7 @@ index 16214c6..9b235ba 100644
|
||||
|
||||
/* RSASHA256 */
|
||||
diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c
|
||||
index 4d6847e..1a208b5 100644
|
||||
index 8e5250e..9accc53 100644
|
||||
--- a/lib/dns/tests/tsig_test.c
|
||||
+++ b/lib/dns/tests/tsig_test.c
|
||||
@@ -24,6 +24,7 @@
|
||||
@ -1115,7 +1115,7 @@ index 4d29398..e3f5cec 100644
|
||||
|
||||
#endif /* !PK11_MD5_DISABLE */
|
||||
diff --git a/lib/isc/md5.c b/lib/isc/md5.c
|
||||
index 920aed5..a086a57 100644
|
||||
index 249f3da..628a414 100644
|
||||
--- a/lib/isc/md5.c
|
||||
+++ b/lib/isc/md5.c
|
||||
@@ -37,6 +37,7 @@
|
||||
@ -1126,7 +1126,7 @@ index 920aed5..a086a57 100644
|
||||
#include <isc/platform.h>
|
||||
#include <isc/safe.h>
|
||||
#include <isc/string.h>
|
||||
@@ -55,6 +56,9 @@
|
||||
@@ -54,6 +55,9 @@
|
||||
#define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr)
|
||||
#endif
|
||||
|
||||
@ -1136,7 +1136,7 @@ index 920aed5..a086a57 100644
|
||||
void
|
||||
isc_md5_init(isc_md5_t *ctx) {
|
||||
ctx->ctx = EVP_MD_CTX_new();
|
||||
@@ -86,8 +90,33 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
||||
@@ -85,8 +89,33 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
||||
ctx->ctx = NULL;
|
||||
}
|
||||
|
||||
@ -1170,7 +1170,7 @@ index 920aed5..a086a57 100644
|
||||
void
|
||||
isc_md5_init(isc_md5_t *ctx) {
|
||||
CK_RV rv;
|
||||
@@ -130,6 +159,31 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
||||
@@ -129,6 +158,31 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
||||
pk11_return_session(ctx);
|
||||
}
|
||||
|
||||
@ -1202,7 +1202,7 @@ index 920aed5..a086a57 100644
|
||||
#else
|
||||
|
||||
static void
|
||||
@@ -339,6 +393,11 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
||||
@@ -338,6 +392,11 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
|
||||
memmove(digest, ctx->buf, 16);
|
||||
isc_safe_memwipe(ctx, sizeof(*ctx)); /* In case it's sensitive */
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 4e6888c1d32071ead4b7faeeb0f1774a6d8a1120 Mon Sep 17 00:00:00 2001
|
||||
From 230ca0ddbc95a043933c36c1d182f85cf0dcc971 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
@ -76,17 +76,14 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
bin/tests/system/catz/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
||||
bin/tests/system/checkconf/good.conf | 2 +-
|
||||
bin/tests/system/digdelv/ns2/example.db | 15 ++--
|
||||
bin/tests/system/digdelv/ns2/example.db | 15 +++--
|
||||
bin/tests/system/digdelv/tests.sh | 28 ++++----
|
||||
bin/tests/system/dlv/ns1/sign.sh | 4 +-
|
||||
bin/tests/system/dlv/ns2/sign.sh | 4 +-
|
||||
bin/tests/system/dlv/ns3/sign.sh | 69 ++++++++++---------
|
||||
bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++---------
|
||||
bin/tests/system/dnssec/ns1/sign.sh | 4 +-
|
||||
bin/tests/system/dnssec/ns2/sign.sh | 12 ++--
|
||||
bin/tests/system/dnssec/ns3/sign.sh | 20 +++---
|
||||
bin/tests/system/dnssec/ns2/sign.sh | 8 +--
|
||||
bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +-
|
||||
bin/tests/system/dnssec/tests.sh | 8 +--
|
||||
bin/tests/system/dnssec/tests.sh | 4 +-
|
||||
bin/tests/system/feature-test.c | 14 ++++
|
||||
bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +-
|
||||
bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +-
|
||||
@ -101,11 +98,11 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
bin/tests/system/tsig/clean.sh | 1 +
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 67 +++++++++++-------
|
||||
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
||||
bin/tests/system/tsiggss/setup.sh | 2 +-
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
47 files changed, 277 insertions(+), 225 deletions(-)
|
||||
44 files changed, 226 insertions(+), 175 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 0ea6502..026db3f 100644
|
||||
@ -602,37 +599,37 @@ index f4e30f5..9f53e31 100644
|
||||
; TTL of 3 weeks
|
||||
weeks 1814400 A 10.53.0.2
|
||||
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
|
||||
index 24aa7b3..54a3e2a 100644
|
||||
index 1657dfd..299ba94 100644
|
||||
--- a/bin/tests/system/digdelv/tests.sh
|
||||
+++ b/bin/tests/system/digdelv/tests.sh
|
||||
@@ -61,7 +61,7 @@ if [ -x ${DIG} ] ; then
|
||||
@@ -88,7 +88,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1
|
||||
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1
|
||||
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -69,7 +69,7 @@ if [ -x ${DIG} ] ; then
|
||||
@@ -97,7 +97,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +multi +norrcomments works for soa (when default is rrcomments)($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > dig.out.test$n || ret=1
|
||||
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1
|
||||
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1
|
||||
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -77,7 +77,7 @@ if [ -x ${DIG} ] ; then
|
||||
@@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +rrcomments works for DNSKEY($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null || ret=1
|
||||
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895$" < dig.out.test$n > /dev/null || ret=1
|
||||
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -85,7 +85,7 @@ if [ -x ${DIG} ] ; then
|
||||
@@ -115,7 +115,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +rrcomments works for DNSKEY ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -641,7 +638,7 @@ index 24aa7b3..54a3e2a 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -93,7 +93,7 @@ if [ -x ${DIG} ] ; then
|
||||
@@ -123,7 +123,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +nosplit works($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -650,7 +647,7 @@ index 24aa7b3..54a3e2a 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -101,7 +101,7 @@ if [ -x ${DIG} ] ; then
|
||||
@@ -131,7 +131,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +rrcomments works($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -659,7 +656,7 @@ index 24aa7b3..54a3e2a 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -117,7 +117,7 @@ if [ -x ${DIG} ] ; then
|
||||
@@ -148,7 +148,7 @@ if [ -x "$DIG" ] ; then
|
||||
echo_i "checking dig +short +rrcomments works($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
||||
@ -668,34 +665,34 @@ index 24aa7b3..54a3e2a 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -564,7 +564,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -661,7 +661,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1
|
||||
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1
|
||||
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -572,7 +572,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -670,7 +670,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1
|
||||
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1
|
||||
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1
|
||||
check_ttl_range delv.out.test$n "SOA" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -580,7 +580,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -679,7 +679,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +rrcomments works for DNSKEY($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null || ret=1
|
||||
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null || ret=1
|
||||
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -588,7 +588,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -688,7 +688,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -704,7 +701,7 @@ index 24aa7b3..54a3e2a 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -596,7 +596,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -696,7 +696,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +rrcomments works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -713,7 +710,7 @@ index 24aa7b3..54a3e2a 100644
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
@@ -604,7 +604,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +nosplit works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -722,7 +719,7 @@ index 24aa7b3..54a3e2a 100644
|
||||
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
|
||||
f=`awk '{print NF}' < delv.out.test$n`
|
||||
test "${f:-0}" -eq 14 || ret=1
|
||||
@@ -615,7 +615,7 @@ if [ -x ${DELV} ] ; then
|
||||
@@ -715,7 +715,7 @@ if [ -x ${DELV} ] ; then
|
||||
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
|
||||
ret=0
|
||||
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
||||
@ -732,22 +729,22 @@ index 24aa7b3..54a3e2a 100644
|
||||
f=`awk '{print NF}' < delv.out.test$n`
|
||||
test "${f:-0}" -eq 4 || ret=1
|
||||
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
|
||||
index b815162..2a62e58 100755
|
||||
index 606e7cc..a3a0d60 100755
|
||||
--- a/bin/tests/system/dlv/ns1/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns1/sign.sh
|
||||
@@ -23,8 +23,8 @@ infile=root.db.in
|
||||
zonefile=root.db
|
||||
outfile=root.signed
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
|
||||
index 6f84d7a..e128303 100755
|
||||
index 9825c57..202c978 100755
|
||||
--- a/bin/tests/system/dlv/ns2/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns2/sign.sh
|
||||
@@ -24,8 +24,8 @@ zonefile=druz.db
|
||||
@ -761,205 +758,6 @@ index 6f84d7a..e128303 100755
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh
|
||||
index bcc9922..846dbcc 100755
|
||||
--- a/bin/tests/system/dlv/ns3/sign.sh
|
||||
+++ b/bin/tests/system/dlv/ns3/sign.sh
|
||||
@@ -19,6 +19,7 @@ echo_i "dlv/ns3/sign.sh"
|
||||
dlvzone=dlv.utld.
|
||||
dlvsets=
|
||||
dssets=
|
||||
+bits=1024
|
||||
|
||||
zone=child1.utld.
|
||||
infile=child.db.in
|
||||
@@ -26,8 +27,8 @@ zonefile=child1.utld.db
|
||||
outfile=child1.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -42,8 +43,8 @@ zonefile=child3.utld.db
|
||||
outfile=child3.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -58,8 +59,8 @@ zonefile=child4.utld.db
|
||||
outfile=child4.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -73,8 +74,8 @@ zonefile=child5.utld.db
|
||||
outfile=child5.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -88,8 +89,8 @@ infile=child.db.in
|
||||
zonefile=child7.utld.db
|
||||
outfile=child7.signed
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -103,8 +104,8 @@ infile=child.db.in
|
||||
zonefile=child8.utld.db
|
||||
outfile=child8.signed
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -118,8 +119,8 @@ zonefile=child9.utld.db
|
||||
outfile=child9.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -132,8 +133,8 @@ zonefile=child10.utld.db
|
||||
outfile=child10.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -147,8 +148,8 @@ outfile=child1.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -164,8 +165,8 @@ outfile=child3.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -181,8 +182,8 @@ outfile=child4.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -197,8 +198,8 @@ outfile=child5.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -213,8 +214,8 @@ zonefile=child7.druz.db
|
||||
outfile=child7.druz.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
@@ -228,8 +229,8 @@ infile=child.db.in
|
||||
zonefile=child8.druz.db
|
||||
outfile=child8.druz.signed
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -243,8 +244,8 @@ zonefile=child9.druz.db
|
||||
outfile=child9.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -258,8 +259,8 @@ outfile=child10.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -272,8 +273,8 @@ infile=dlv.db.in
|
||||
zonefile=dlv.utld.db
|
||||
outfile=dlv.signed
|
||||
|
||||
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
|
||||
index 1e39862..4ed19ac 100755
|
||||
--- a/bin/tests/system/dlv/ns6/sign.sh
|
||||
@ -1147,43 +945,11 @@ index 1e39862..4ed19ac 100755
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh
|
||||
index 198d60a..d89a539 100644
|
||||
--- a/bin/tests/system/dnssec/ns1/sign.sh
|
||||
+++ b/bin/tests/system/dnssec/ns1/sign.sh
|
||||
@@ -27,7 +27,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
|
||||
grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
|
||||
cp ../ns6/dsset-optout-tld$TP .
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
@@ -48,6 +48,6 @@ cp managed.conf ../ns4/managed.conf
|
||||
#
|
||||
# Save keyid for managed key id test.
|
||||
#
|
||||
-keyid=`expr $keyname : 'K.+001+\(.*\)'`
|
||||
+keyid=`expr $keyname : 'K.+008+\([0-9]*\)'`
|
||||
keyid=`expr $keyid + 0`
|
||||
echo "$keyid" > managed.key.id
|
||||
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
|
||||
index ca18608..25b6cab 100644
|
||||
index b93651a..09b12ba 100644
|
||||
--- a/bin/tests/system/dnssec/ns2/sign.sh
|
||||
+++ b/bin/tests/system/dnssec/ns2/sign.sh
|
||||
@@ -30,8 +30,8 @@ do
|
||||
cp ../ns3/dsset-$subdomain.example$TP .
|
||||
done
|
||||
|
||||
-keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
-keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
+keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone`
|
||||
+keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -91,8 +91,8 @@ zone=in-addr.arpa.
|
||||
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
|
||||
infile=in-addr.arpa.db.in
|
||||
zonefile=in-addr.arpa.db
|
||||
|
||||
@ -1194,7 +960,7 @@ index ca18608..25b6cab 100644
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
@@ -103,7 +103,7 @@ privzone=private.secure.example.
|
||||
@@ -138,7 +138,7 @@ privzone=private.secure.example
|
||||
privinfile=private.secure.example.db.in
|
||||
privzonefile=private.secure.example.db
|
||||
|
||||
@ -1203,102 +969,15 @@ index ca18608..25b6cab 100644
|
||||
|
||||
cat $privinfile $privkeyname.key >$privzonefile
|
||||
|
||||
@@ -117,7 +117,7 @@ dlvinfile=dlv.db.in
|
||||
@@ -152,7 +152,7 @@ dlvinfile=dlv.db.in
|
||||
dlvzonefile=dlv.db
|
||||
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
|
||||
dlvsetfile=dlvset-${privzone}${TP}
|
||||
|
||||
-dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
|
||||
+dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $dlvzone`
|
||||
|
||||
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
|
||||
|
||||
diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
|
||||
index ff55d84..4f6a251 100644
|
||||
--- a/bin/tests/system/dnssec/ns3/sign.sh
|
||||
+++ b/bin/tests/system/dnssec/ns3/sign.sh
|
||||
@@ -28,7 +28,7 @@ zone=bogus.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=bogus.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -38,8 +38,8 @@ zone=dynamic.example.
|
||||
infile=dynamic.example.db.in
|
||||
zonefile=dynamic.example.db
|
||||
|
||||
-keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
-keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
|
||||
+keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
|
||||
+keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone -f KSK $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
@@ -49,7 +49,7 @@ zone=keyless.example.
|
||||
infile=generic.example.db.in
|
||||
zonefile=keyless.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -69,7 +69,7 @@ zone=secure.nsec3.example.
|
||||
infile=secure.nsec3.example.db.in
|
||||
zonefile=secure.nsec3.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -82,7 +82,7 @@ zone=nsec3.nsec3.example.
|
||||
infile=nsec3.nsec3.example.db.in
|
||||
zonefile=nsec3.nsec3.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -95,7 +95,7 @@ zone=optout.nsec3.example.
|
||||
infile=optout.nsec3.example.db.in
|
||||
zonefile=optout.nsec3.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -108,7 +108,7 @@ zone=nsec3.example.
|
||||
infile=nsec3.example.db.in
|
||||
zonefile=nsec3.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -121,7 +121,7 @@ zone=secure.optout.example.
|
||||
infile=secure.optout.example.db.in
|
||||
zonefile=secure.optout.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -533,7 +533,7 @@ zone=badds.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=badds.example.db
|
||||
|
||||
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
index ed30460..e6b1126 100644
|
||||
--- a/bin/tests/system/dnssec/ns5/trusted.conf.bad
|
||||
@ -1311,28 +990,10 @@ index ed30460..e6b1126 100644
|
||||
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
|
||||
};
|
||||
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
|
||||
index 646434f..9a10f9f 100644
|
||||
index 51dc117..48cb34b 100644
|
||||
--- a/bin/tests/system/dnssec/tests.sh
|
||||
+++ b/bin/tests/system/dnssec/tests.sh
|
||||
@@ -1688,7 +1688,7 @@ ret=0
|
||||
$RNDCCMD 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
|
||||
keyid=`cat ns1/managed.key.id`
|
||||
cp ns4/named.secroots named.secroots.test$n
|
||||
-linecount=`grep "./RSAMD5/$keyid ; trusted" named.secroots.test$n | wc -l`
|
||||
+linecount=`grep "./RSASHA256/$keyid ; trusted" named.secroots.test$n | wc -l`
|
||||
[ "$linecount" -eq 1 ] || ret=1
|
||||
linecount=`cat named.secroots.test$n | wc -l`
|
||||
[ "$linecount" -eq 10 ] || ret=1
|
||||
@@ -3016,7 +3016,7 @@ echo_i "check dig's +nocrypto flag ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +norec +nocrypto DNSKEY . \
|
||||
@10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1
|
||||
-grep '256 3 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
|
||||
+grep '256 3 8 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
|
||||
grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +norec +nocrypto DS example \
|
||||
@10.53.0.1 > dig.out.ds.ns1.test$n || ret=1
|
||||
@@ -3128,8 +3128,8 @@ do
|
||||
@@ -3227,8 +3227,8 @@ do
|
||||
alg=`expr $alg + 1`
|
||||
continue;;
|
||||
3) size="-b 512";;
|
||||
@ -1344,7 +1005,7 @@ index 646434f..9a10f9f 100644
|
||||
8) size="-b 512";;
|
||||
10) size="-b 1024";;
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index f934b63..11863a3 100644
|
||||
index 3ac34e8..428d107 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -19,6 +19,7 @@
|
||||
@ -1363,7 +1024,7 @@ index f934b63..11863a3 100644
|
||||
fprintf(stderr, " --rpz-nsdname\n");
|
||||
fprintf(stderr, " --rpz-nsip\n");
|
||||
fprintf(stderr, " --with-idn\n");
|
||||
@@ -136,6 +138,18 @@ main(int argc, char **argv) {
|
||||
@@ -137,6 +139,18 @@ main(int argc, char **argv) {
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -1488,10 +1149,10 @@ index 4549184..cb7dccd 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||
index 45dfeeb..594db77 100644
|
||||
index 21805c5..0d3d85c 100644
|
||||
--- a/bin/tests/system/nsupdate/setup.sh
|
||||
+++ b/bin/tests/system/nsupdate/setup.sh
|
||||
@@ -63,7 +63,12 @@ EOF
|
||||
@@ -58,7 +58,12 @@ EOF
|
||||
|
||||
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
|
||||
|
||||
@ -1506,10 +1167,10 @@ index 45dfeeb..594db77 100644
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index 901cd22..b72b59c 100755
|
||||
index 4da4849..b3bc807 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -700,7 +700,14 @@ fi
|
||||
@@ -708,7 +708,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms ($n)"
|
||||
@ -1525,7 +1186,7 @@ index 901cd22..b72b59c 100755
|
||||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -708,7 +715,7 @@ send
|
||||
@@ -716,7 +723,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 99fc89de7b96713a7c82ea9b98d5bc0c70ad1f6e Mon Sep 17 00:00:00 2001
|
||||
From 255fdf0b549ab2f138443ead0ac81bf864612217 Mon Sep 17 00:00:00 2001
|
||||
From: Evan Hunt <each@isc.org>
|
||||
Date: Tue, 12 Sep 2017 19:05:46 -0700
|
||||
Subject: [PATCH] rebased rt31459c
|
||||
@ -22,7 +22,7 @@ Include new unit test
|
||||
bin/dnssec/dnssec-verify.c | 8 +-
|
||||
bin/dnssec/dnssectool.c | 11 +-
|
||||
bin/named/server.c | 6 +
|
||||
bin/nsupdate/nsupdate.c | 18 +-
|
||||
bin/nsupdate/nsupdate.c | 14 +-
|
||||
bin/tests/makejournal.c | 6 +-
|
||||
bin/tests/system/pipelined/pipequeries.c | 21 +-
|
||||
bin/tests/system/pipelined/tests.sh | 4 +-
|
||||
@ -49,7 +49,7 @@ Include new unit test
|
||||
lib/isc/pk11.c | 12 +-
|
||||
lib/isc/win32/include/isc/platform.h.in | 5 +
|
||||
win32utils/Configure | 29 ++-
|
||||
36 files changed, 707 insertions(+), 175 deletions(-)
|
||||
36 files changed, 703 insertions(+), 175 deletions(-)
|
||||
create mode 100644 lib/dns/tests/dstrandom_test.c
|
||||
|
||||
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
|
||||
@ -71,7 +71,7 @@ index 5015abb..295e16f 100644
|
||||
&entropy_source,
|
||||
randomfile,
|
||||
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
|
||||
index 931d5de..864f2ad 100644
|
||||
index 060892b..c2cc9c7 100644
|
||||
--- a/bin/dnssec/dnssec-dsfromkey.c
|
||||
+++ b/bin/dnssec/dnssec-dsfromkey.c
|
||||
@@ -494,14 +494,14 @@ main(int argc, char **argv) {
|
||||
@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644
|
||||
usekeyboard);
|
||||
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index b63a386..30e7eac 100644
|
||||
index 0abbbed..405ff71 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -36,6 +36,7 @@
|
||||
@ -324,18 +324,10 @@ index b63a386..30e7eac 100644
|
||||
}
|
||||
}
|
||||
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
|
||||
index 509784c..6d7a02e 100644
|
||||
index bbb3936..0286987 100644
|
||||
--- a/bin/nsupdate/nsupdate.c
|
||||
+++ b/bin/nsupdate/nsupdate.c
|
||||
@@ -35,6 +35,7 @@
|
||||
#include <isc/mem.h>
|
||||
#include <isc/parseint.h>
|
||||
#include <isc/print.h>
|
||||
+#include <isc/platform.h>
|
||||
#include <isc/random.h>
|
||||
#include <isc/region.h>
|
||||
#include <isc/sockaddr.h>
|
||||
@@ -271,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@@ -272,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
if (*ectx == NULL) {
|
||||
result = isc_entropy_create(mctx, ectx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
@ -345,7 +337,7 @@ index 509784c..6d7a02e 100644
|
||||
ISC_LIST_INIT(sources);
|
||||
}
|
||||
|
||||
@@ -280,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@@ -281,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
randomfile = NULL;
|
||||
}
|
||||
|
||||
@ -359,7 +351,7 @@ index 509784c..6d7a02e 100644
|
||||
result = isc_entropy_usebestsource(*ectx, &source, randomfile,
|
||||
usekeyboard);
|
||||
|
||||
@@ -950,11 +959,11 @@ setup_system(void) {
|
||||
@@ -979,11 +987,11 @@ setup_system(void) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -373,16 +365,6 @@ index 509784c..6d7a02e 100644
|
||||
|
||||
result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr);
|
||||
check_result(result, "dns_dispatchmgr_create");
|
||||
@@ -978,6 +987,9 @@ setup_system(void) {
|
||||
check_result(result, "dst_lib_init");
|
||||
is_dst_up = true;
|
||||
|
||||
+ /* moved after dst_lib_init() */
|
||||
+ isc_hash_init();
|
||||
+
|
||||
attrmask = DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP;
|
||||
attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6;
|
||||
|
||||
diff --git a/bin/tests/makejournal.c b/bin/tests/makejournal.c
|
||||
index 61a41b0..acc71a1 100644
|
||||
--- a/bin/tests/makejournal.c
|
||||
@ -707,7 +689,7 @@ index b27fc1d..e28871b 100644
|
||||
parse_args(false, argc, argv);
|
||||
if (server == NULL)
|
||||
diff --git a/configure b/configure
|
||||
index e425720..4f09c96 100755
|
||||
index b219e16..4da30b9 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -640,6 +640,7 @@ ac_includes_default="\
|
||||
@ -718,7 +700,7 @@ index e425720..4f09c96 100755
|
||||
BUILD_LIBS
|
||||
BUILD_LDFLAGS
|
||||
BUILD_CPPFLAGS
|
||||
@@ -824,6 +825,7 @@ XMLSTATS
|
||||
@@ -823,6 +824,7 @@ XMLSTATS
|
||||
NZDTARGETS
|
||||
NZDSRCS
|
||||
NZD_TOOLS
|
||||
@ -726,7 +708,7 @@ index e425720..4f09c96 100755
|
||||
PKCS11_TEST
|
||||
PKCS11_ED25519
|
||||
PKCS11_GOST
|
||||
@@ -1039,6 +1041,7 @@ with_eddsa
|
||||
@@ -1038,6 +1040,7 @@ with_eddsa
|
||||
with_aes
|
||||
enable_openssl_hash
|
||||
with_cc_alg
|
||||
@ -734,7 +716,7 @@ index e425720..4f09c96 100755
|
||||
with_lmdb
|
||||
with_libxml2
|
||||
with_libjson
|
||||
@@ -1735,6 +1738,7 @@ Optional Features:
|
||||
@@ -1734,6 +1737,7 @@ Optional Features:
|
||||
--enable-threads enable multithreading
|
||||
--enable-native-pkcs11 use native PKCS11 for all crypto [default=no]
|
||||
--enable-openssl-hash use OpenSSL for hash functions [default=no]
|
||||
@ -742,7 +724,7 @@ index e425720..4f09c96 100755
|
||||
--enable-largefile 64-bit file support
|
||||
--enable-backtrace log stack backtrace on abort [default=yes]
|
||||
--enable-symtable use internal symbol table for backtrace
|
||||
@@ -16684,6 +16688,7 @@ case "$use_openssl" in
|
||||
@@ -16686,6 +16690,7 @@ case "$use_openssl" in
|
||||
$as_echo "disabled because of native PKCS11" >&6; }
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO="-DPKCS11CRYPTO"
|
||||
@ -750,7 +732,7 @@ index e425720..4f09c96 100755
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -16698,6 +16703,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
|
||||
@@ -16700,6 +16705,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
|
||||
$as_echo "no" >&6; }
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -758,7 +740,7 @@ index e425720..4f09c96 100755
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -16710,6 +16716,7 @@ $as_echo "no" >&6; }
|
||||
@@ -16712,6 +16718,7 @@ $as_echo "no" >&6; }
|
||||
auto)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -766,7 +748,7 @@ index e425720..4f09c96 100755
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -16719,7 +16726,7 @@ $as_echo "no" >&6; }
|
||||
@@ -16721,7 +16728,7 @@ $as_echo "no" >&6; }
|
||||
OPENSSLLINKOBJS=""
|
||||
OPENSSLLINKSRCS=""
|
||||
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
|
||||
@ -775,7 +757,7 @@ index e425720..4f09c96 100755
|
||||
;;
|
||||
*)
|
||||
if test "yes" = "$want_native_pkcs11"
|
||||
@@ -16750,6 +16757,7 @@ $as_echo "not found" >&6; }
|
||||
@@ -16752,6 +16759,7 @@ $as_echo "not found" >&6; }
|
||||
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
|
||||
fi
|
||||
CRYPTO='-DOPENSSL'
|
||||
@ -783,7 +765,7 @@ index e425720..4f09c96 100755
|
||||
if test "/usr" = "$use_openssl"
|
||||
then
|
||||
DST_OPENSSL_INC=""
|
||||
@@ -17411,8 +17419,6 @@ fi
|
||||
@@ -17413,8 +17421,6 @@ fi
|
||||
# Use OpenSSL for hash functions
|
||||
#
|
||||
|
||||
@ -792,7 +774,7 @@ index e425720..4f09c96 100755
|
||||
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
|
||||
case $want_openssl_hash in
|
||||
yes)
|
||||
@@ -17787,6 +17793,86 @@ if test "rt" = "$have_clock_gt"; then
|
||||
@@ -17789,6 +17795,86 @@ if test "rt" = "$have_clock_gt"; then
|
||||
LIBS="-lrt $LIBS"
|
||||
fi
|
||||
|
||||
@ -879,7 +861,7 @@ index e425720..4f09c96 100755
|
||||
#
|
||||
# was --with-lmdb specified?
|
||||
#
|
||||
@@ -19869,9 +19955,12 @@ _ACEOF
|
||||
@@ -19871,9 +19957,12 @@ _ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
|
||||
$as_echo "size_t for buflen; int for flags" >&6; }
|
||||
@ -894,7 +876,7 @@ index e425720..4f09c96 100755
|
||||
|
||||
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
|
||||
|
||||
@@ -21186,12 +21275,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
@@ -21188,12 +21277,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
|
||||
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
|
||||
if test "yes" = "$use_atomic"; then
|
||||
@ -908,7 +890,7 @@ index e425720..4f09c96 100755
|
||||
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
|
||||
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
|
||||
# This bug is HP SR number 8606223364.
|
||||
@@ -21224,6 +21308,11 @@ cat >>confdefs.h <<_ACEOF
|
||||
@@ -21226,6 +21310,11 @@ cat >>confdefs.h <<_ACEOF
|
||||
_ACEOF
|
||||
|
||||
|
||||
@ -920,7 +902,7 @@ index e425720..4f09c96 100755
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -21232,39 +21321,6 @@ _ACEOF
|
||||
@@ -21234,39 +21323,6 @@ _ACEOF
|
||||
fi
|
||||
;;
|
||||
x86_64-*|amd64-*)
|
||||
@ -960,7 +942,7 @@ index e425720..4f09c96 100755
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -21295,6 +21351,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
|
||||
@@ -21297,6 +21353,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
|
||||
$as_echo "$arch" >&6; }
|
||||
fi
|
||||
|
||||
@ -971,7 +953,7 @@ index e425720..4f09c96 100755
|
||||
if test "yes" = "$have_atomic"; then
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
|
||||
$as_echo_n "checking compiler support for inline assembly code... " >&6; }
|
||||
@@ -23848,6 +23908,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
|
||||
@@ -23896,6 +23956,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
|
||||
#
|
||||
dlzdir='${DLZ_DRIVER_DIR}'
|
||||
|
||||
@ -1002,7 +984,7 @@ index e425720..4f09c96 100755
|
||||
#
|
||||
# Private autoconf macro to simplify configuring drivers:
|
||||
#
|
||||
@@ -24178,11 +24262,11 @@ $as_echo "no" >&6; }
|
||||
@@ -24226,11 +24310,11 @@ $as_echo "no" >&6; }
|
||||
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
|
||||
;;
|
||||
*)
|
||||
@ -1017,7 +999,7 @@ index e425720..4f09c96 100755
|
||||
fi
|
||||
|
||||
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
|
||||
@@ -24267,7 +24351,7 @@ $as_echo "" >&6; }
|
||||
@@ -24315,7 +24399,7 @@ $as_echo "" >&6; }
|
||||
# Check other locations for includes.
|
||||
# Order is important (sigh).
|
||||
|
||||
@ -1026,7 +1008,7 @@ index e425720..4f09c96 100755
|
||||
# include a blank element first
|
||||
for d in "" $bdb_incdirs
|
||||
do
|
||||
@@ -24292,57 +24376,9 @@ $as_echo "" >&6; }
|
||||
@@ -24340,57 +24424,9 @@ $as_echo "" >&6; }
|
||||
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
|
||||
for d in $bdb_libnames
|
||||
do
|
||||
@ -1086,7 +1068,7 @@ index e425720..4f09c96 100755
|
||||
break
|
||||
fi
|
||||
done
|
||||
@@ -24501,10 +24537,10 @@ $as_echo "no" >&6; }
|
||||
@@ -24549,10 +24585,10 @@ $as_echo "no" >&6; }
|
||||
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
|
||||
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
|
||||
fi
|
||||
@ -1100,7 +1082,7 @@ index e425720..4f09c96 100755
|
||||
fi
|
||||
|
||||
|
||||
@@ -24590,11 +24626,11 @@ fi
|
||||
@@ -24638,11 +24674,11 @@ fi
|
||||
odbcdirs="/usr /usr/local /usr/pkg"
|
||||
for d in $odbcdirs
|
||||
do
|
||||
@ -1114,7 +1096,7 @@ index e425720..4f09c96 100755
|
||||
break
|
||||
fi
|
||||
done
|
||||
@@ -24869,6 +24905,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
|
||||
@@ -24917,6 +24953,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
|
||||
|
||||
|
||||
|
||||
@ -1123,7 +1105,7 @@ index e425720..4f09c96 100755
|
||||
#
|
||||
# Commands to run at the end of config.status.
|
||||
# Don't just put these into configure, it won't work right if somebody
|
||||
@@ -27248,6 +27286,8 @@ report() {
|
||||
@@ -27295,6 +27333,8 @@ report() {
|
||||
echo " IPv6 support (--enable-ipv6)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
|
||||
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
|
||||
@ -1132,7 +1114,7 @@ index e425720..4f09c96 100755
|
||||
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
|
||||
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
|
||||
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
|
||||
@@ -27288,6 +27328,8 @@ report() {
|
||||
@@ -27335,6 +27375,8 @@ report() {
|
||||
echo " Very verbose query trace logging (--enable-querytrace)"
|
||||
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
|
||||
|
||||
@ -1141,7 +1123,7 @@ index e425720..4f09c96 100755
|
||||
echo " Dynamically loadable zone (DLZ) drivers:"
|
||||
test "no" = "$use_dlz_bdb" || \
|
||||
echo " Berkeley DB (--with-dlz-bdb)"
|
||||
@@ -27335,6 +27377,8 @@ report() {
|
||||
@@ -27382,6 +27424,8 @@ report() {
|
||||
echo " ECDSA algorithm support (--with-ecdsa)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
|
||||
echo " EDDSA algorithm support (--with-eddsa)"
|
||||
@ -1151,10 +1133,10 @@ index e425720..4f09c96 100755
|
||||
test "yes" = "$enable_seccomp" || \
|
||||
echo " Use libseccomp system call filtering (--enable-seccomp)"
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 7c5ad51..fddc63a 100644
|
||||
index 7fd192c..5e4e839 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1503,6 +1503,7 @@ case "$use_openssl" in
|
||||
@@ -1514,6 +1514,7 @@ case "$use_openssl" in
|
||||
AC_MSG_RESULT(disabled because of native PKCS11)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO="-DPKCS11CRYPTO"
|
||||
@ -1162,7 +1144,7 @@ index 7c5ad51..fddc63a 100644
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -1516,6 +1517,7 @@ case "$use_openssl" in
|
||||
@@ -1527,6 +1528,7 @@ case "$use_openssl" in
|
||||
AC_MSG_RESULT(no)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -1170,7 +1152,7 @@ index 7c5ad51..fddc63a 100644
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -1528,6 +1530,7 @@ case "$use_openssl" in
|
||||
@@ -1539,6 +1541,7 @@ case "$use_openssl" in
|
||||
auto)
|
||||
DST_OPENSSL_INC=""
|
||||
CRYPTO=""
|
||||
@ -1178,7 +1160,7 @@ index 7c5ad51..fddc63a 100644
|
||||
OPENSSLECDSALINKOBJS=""
|
||||
OPENSSLECDSALINKSRCS=""
|
||||
OPENSSLEDDSALINKOBJS=""
|
||||
@@ -1538,7 +1541,7 @@ case "$use_openssl" in
|
||||
@@ -1549,7 +1552,7 @@ case "$use_openssl" in
|
||||
OPENSSLLINKSRCS=""
|
||||
AC_MSG_ERROR(
|
||||
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
|
||||
@ -1187,7 +1169,7 @@ index 7c5ad51..fddc63a 100644
|
||||
;;
|
||||
*)
|
||||
if test "yes" = "$want_native_pkcs11"
|
||||
@@ -1568,6 +1571,7 @@ If you don't want OpenSSL, use --without-openssl])
|
||||
@@ -1579,6 +1582,7 @@ If you don't want OpenSSL, use --without-openssl])
|
||||
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
|
||||
fi
|
||||
CRYPTO='-DOPENSSL'
|
||||
@ -1195,7 +1177,7 @@ index 7c5ad51..fddc63a 100644
|
||||
if test "/usr" = "$use_openssl"
|
||||
then
|
||||
DST_OPENSSL_INC=""
|
||||
@@ -2041,7 +2045,6 @@ fi
|
||||
@@ -2052,7 +2056,6 @@ fi
|
||||
# Use OpenSSL for hash functions
|
||||
#
|
||||
|
||||
@ -1203,7 +1185,7 @@ index 7c5ad51..fddc63a 100644
|
||||
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
|
||||
case $want_openssl_hash in
|
||||
yes)
|
||||
@@ -2313,6 +2316,67 @@ if test "rt" = "$have_clock_gt"; then
|
||||
@@ -2324,6 +2327,67 @@ if test "rt" = "$have_clock_gt"; then
|
||||
LIBS="-lrt $LIBS"
|
||||
fi
|
||||
|
||||
@ -1271,7 +1253,7 @@ index 7c5ad51..fddc63a 100644
|
||||
#
|
||||
# was --with-lmdb specified?
|
||||
#
|
||||
@@ -4109,12 +4173,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
@@ -4120,12 +4184,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
|
||||
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
|
||||
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
|
||||
if test "yes" = "$use_atomic"; then
|
||||
@ -1285,7 +1267,7 @@ index 7c5ad51..fddc63a 100644
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -4123,7 +4187,6 @@ if test "yes" = "$use_atomic"; then
|
||||
@@ -4134,7 +4198,6 @@ if test "yes" = "$use_atomic"; then
|
||||
fi
|
||||
;;
|
||||
x86_64-*|amd64-*)
|
||||
@ -1293,7 +1275,7 @@ index 7c5ad51..fddc63a 100644
|
||||
if test $ac_cv_sizeof_void_p = 8; then
|
||||
arch=x86_64
|
||||
have_xaddq=yes
|
||||
@@ -5541,6 +5604,8 @@ report() {
|
||||
@@ -5543,6 +5606,8 @@ report() {
|
||||
echo " IPv6 support (--enable-ipv6)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
|
||||
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
|
||||
@ -1302,7 +1284,7 @@ index 7c5ad51..fddc63a 100644
|
||||
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
|
||||
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
|
||||
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
|
||||
@@ -5581,6 +5646,8 @@ report() {
|
||||
@@ -5583,6 +5648,8 @@ report() {
|
||||
echo " Very verbose query trace logging (--enable-querytrace)"
|
||||
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
|
||||
|
||||
@ -1311,7 +1293,7 @@ index 7c5ad51..fddc63a 100644
|
||||
echo " Dynamically loadable zone (DLZ) drivers:"
|
||||
test "no" = "$use_dlz_bdb" || \
|
||||
echo " Berkeley DB (--with-dlz-bdb)"
|
||||
@@ -5628,6 +5695,8 @@ report() {
|
||||
@@ -5630,6 +5697,8 @@ report() {
|
||||
echo " ECDSA algorithm support (--with-ecdsa)"
|
||||
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
|
||||
echo " EDDSA algorithm support (--with-eddsa)"
|
||||
@ -2034,10 +2016,10 @@ index 5b8a2c9..913a2ce 100644
|
||||
* Define if the hash functions must be provided by OpenSSL.
|
||||
*/
|
||||
diff --git a/win32utils/Configure b/win32utils/Configure
|
||||
index ad99f89..2c55946 100644
|
||||
index 27b00af..7e35d60 100644
|
||||
--- a/win32utils/Configure
|
||||
+++ b/win32utils/Configure
|
||||
@@ -381,6 +381,7 @@ my @substdefh = ("AES_CC",
|
||||
@@ -380,6 +380,7 @@ my @substdefh = ("AES_CC",
|
||||
my %configdefp;
|
||||
|
||||
my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP",
|
||||
@ -2045,7 +2027,7 @@ index ad99f89..2c55946 100644
|
||||
"ISC_PLATFORM_HAVEATOMICSTORE",
|
||||
"ISC_PLATFORM_HAVEATOMICSTOREQ",
|
||||
"ISC_PLATFORM_HAVECMPXCHG",
|
||||
@@ -510,7 +511,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
|
||||
@@ -509,7 +510,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
|
||||
|
||||
# enable-xxx/disable-xxx
|
||||
|
||||
@ -2055,7 +2037,7 @@ index ad99f89..2c55946 100644
|
||||
"fixed-rrset",
|
||||
"intrinsics",
|
||||
"isc-spnego",
|
||||
@@ -573,6 +575,7 @@ my @help = (
|
||||
@@ -572,6 +574,7 @@ my @help = (
|
||||
"\nOptional Features:\n",
|
||||
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
|
||||
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
|
||||
@ -2063,7 +2045,7 @@ index ad99f89..2c55946 100644
|
||||
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
|
||||
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
|
||||
" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n",
|
||||
@@ -617,7 +620,9 @@ my $want_clean = "no";
|
||||
@@ -616,7 +619,9 @@ my $want_clean = "no";
|
||||
my $want_unknown = "no";
|
||||
my $unknown_value;
|
||||
my $enable_intrinsics = "yes";
|
||||
@ -2073,7 +2055,7 @@ index ad99f89..2c55946 100644
|
||||
my $enable_openssl_hash = "auto";
|
||||
my $enable_filter_aaaa = "yes";
|
||||
my $enable_isc_spnego = "yes";
|
||||
@@ -828,6 +833,10 @@ sub myenable {
|
||||
@@ -834,6 +839,10 @@ sub myenable {
|
||||
if ($val =~ /^yes$/i) {
|
||||
$enable_native_pkcs11 = "yes";
|
||||
}
|
||||
@ -2084,7 +2066,7 @@ index ad99f89..2c55946 100644
|
||||
} elsif ($key =~ /^openssl-hash$/i) {
|
||||
if ($val =~ /^yes$/i) {
|
||||
$enable_openssl_hash = "yes";
|
||||
@@ -1119,6 +1128,11 @@ if ($verbose) {
|
||||
@@ -1125,6 +1134,11 @@ if ($verbose) {
|
||||
} else {
|
||||
print "native-pkcs11: disabled\n";
|
||||
}
|
||||
@ -2096,7 +2078,7 @@ index ad99f89..2c55946 100644
|
||||
if ($enable_openssl_hash eq "yes") {
|
||||
print "openssl-hash: enabled\n";
|
||||
} else {
|
||||
@@ -1472,6 +1486,7 @@ if ($enable_intrinsics eq "yes") {
|
||||
@@ -1478,6 +1492,7 @@ if ($enable_intrinsics eq "yes") {
|
||||
|
||||
# enable-native-pkcs11
|
||||
if ($enable_native_pkcs11 eq "yes") {
|
||||
@ -2104,7 +2086,7 @@ index ad99f89..2c55946 100644
|
||||
if ($use_openssl eq "auto") {
|
||||
$use_openssl = "no";
|
||||
}
|
||||
@@ -1681,6 +1696,7 @@ if ($use_openssl eq "yes") {
|
||||
@@ -1687,6 +1702,7 @@ if ($use_openssl eq "yes") {
|
||||
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
|
||||
}
|
||||
|
||||
@ -2112,7 +2094,7 @@ index ad99f89..2c55946 100644
|
||||
$configcond{"OPENSSL"} = 1;
|
||||
$configdefd{"CRYPTO"} = "OPENSSL";
|
||||
$configvar{"OPENSSL_PATH"} = "$openssl_path";
|
||||
@@ -2232,6 +2248,15 @@ if ($cookie_algorithm eq "sha1") {
|
||||
@@ -2238,6 +2254,15 @@ if ($cookie_algorithm eq "sha1") {
|
||||
die "Unrecognized cookie algorithm: $cookie_algorithm\n";
|
||||
}
|
||||
|
||||
@ -2128,7 +2110,7 @@ index ad99f89..2c55946 100644
|
||||
# enable-openssl-hash
|
||||
if ($enable_openssl_hash eq "yes") {
|
||||
if ($use_openssl eq "no") {
|
||||
@@ -3558,6 +3583,7 @@ exit 0;
|
||||
@@ -3564,6 +3589,7 @@ exit 0;
|
||||
# --enable-developer partially supported
|
||||
# --enable-newstats (9.9/9.9sub only)
|
||||
# --enable-native-pkcs11 supported
|
||||
@ -2136,7 +2118,7 @@ index ad99f89..2c55946 100644
|
||||
# --enable-openssl-version-check included without a way to disable it
|
||||
# --enable-openssl-hash supported
|
||||
# --enable-threads included without a way to disable it
|
||||
@@ -3583,6 +3609,7 @@ exit 0;
|
||||
@@ -3589,6 +3615,7 @@ exit 0;
|
||||
# --with-gost supported
|
||||
# --with-aes supported
|
||||
# --with-cc-alg supported
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 7d689f77714430a4ef6cead040ec304dca0b8bd3 Mon Sep 17 00:00:00 2001
|
||||
From 06a22ff20ac3d68fa1f995c91068b43392425e43 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 1 Mar 2019 15:48:20 +0100
|
||||
Subject: [PATCH] Make alternative named builds testable in system tests
|
||||
@ -17,19 +17,19 @@ export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11
|
||||
1 file changed, 10 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
||||
index b072af8..d2cb8ed 100644
|
||||
index 4b0fe39..f135af6 100644
|
||||
--- a/bin/tests/system/conf.sh.in
|
||||
+++ b/bin/tests/system/conf.sh.in
|
||||
@@ -27,7 +27,7 @@ ALTERNATIVE_ALGORITHM=RSASHA1
|
||||
ALTERNATIVE_ALGORITHM_NUMBER=5
|
||||
ALTERNATIVE_BITS=1280
|
||||
@@ -34,7 +34,7 @@ DISABLED_ALGORITHM=ECDSAP384SHA384
|
||||
DISABLED_ALGORITHM_NUMBER=14
|
||||
DISABLED_BITS=384
|
||||
|
||||
-NAMED=$TOP/bin/named/named
|
||||
+NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT}
|
||||
# We must use "named -l" instead of "lwresd" because argv[0] is lost
|
||||
# if the program is libtoolized.
|
||||
LWRESD="$TOP/bin/named/named -l"
|
||||
@@ -38,13 +38,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
|
||||
@@ -45,13 +45,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
|
||||
DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
|
||||
TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
|
||||
RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
|
||||
@ -51,7 +51,7 @@ index b072af8..d2cb8ed 100644
|
||||
CHECKDS=$TOP/bin/python/dnssec-checkds
|
||||
COVERAGE=$TOP/bin/python/dnssec-coverage
|
||||
KEYMGR=$TOP/bin/python/dnssec-keymgr
|
||||
@@ -64,7 +65,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
|
||||
@@ -71,7 +72,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
|
||||
MDIG=$TOP/bin/tools/mdig
|
||||
NZD2NZF=$TOP/bin/tools/named-nzd2nzf
|
||||
FSTRM_CAPTURE=@FSTRM_CAPTURE@
|
||||
|
@ -1,38 +0,0 @@
|
||||
From dca9eea70cb33062905aefc389266da931e9d0d6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 14 Mar 2019 15:48:37 +0100
|
||||
Subject: [PATCH] Set TZ again before dns library is initialized
|
||||
|
||||
PKCS11 uses it, initializes TZ offset from dst init. Setting environment
|
||||
in test is too late since use of cmocka.
|
||||
---
|
||||
lib/dns/tests/dnstap_test.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c
|
||||
index 22d6dc3..5a60b12 100644
|
||||
--- a/lib/dns/tests/dnstap_test.c
|
||||
+++ b/lib/dns/tests/dnstap_test.c
|
||||
@@ -309,9 +309,6 @@ totext_test(void **state) {
|
||||
|
||||
UNUSED(state);
|
||||
|
||||
- /* make sure text conversion gets the right local time */
|
||||
- setenv("TZ", "PST8", 1);
|
||||
-
|
||||
result = dns_dt_open(TAPSAVED, dns_dtmode_file, mctx, &handle);
|
||||
assert_int_equal(result, ISC_R_SUCCESS);
|
||||
|
||||
@@ -378,6 +375,9 @@ main(void) {
|
||||
cmocka_unit_test_setup_teardown(totext_test, _setup, _teardown),
|
||||
};
|
||||
|
||||
+ /* make sure text conversion gets the right local time */
|
||||
+ setenv("TZ", "PST8", 1);
|
||||
+
|
||||
return (cmocka_run_group_tests(tests, dns_test_init, dns_test_final));
|
||||
#else
|
||||
print_message("1..0 # Skip dnstap not enabled\n");
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,49 +0,0 @@
|
||||
From c88ba11ced1311e91a73ffdf42114ed14a805725 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 14 Mar 2019 21:05:34 +0100
|
||||
Subject: [PATCH] Workaround to kyua bug
|
||||
|
||||
Kyua 0.13 is not able to correctly handle whole test skipping.
|
||||
Make workaround to it, include skipping message.
|
||||
---
|
||||
lib/isc/tests/timer_test.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/isc/tests/timer_test.c b/lib/isc/tests/timer_test.c
|
||||
index f69f2b3..050cf6d 100644
|
||||
--- a/lib/isc/tests/timer_test.c
|
||||
+++ b/lib/isc/tests/timer_test.c
|
||||
@@ -573,14 +573,13 @@ purge(void **state) {
|
||||
|
||||
int
|
||||
main(int argc, char **argv) {
|
||||
- const struct CMUnitTest tests[] = {
|
||||
#ifdef ISC_PLATFORM_USETHREADS
|
||||
+ const struct CMUnitTest tests[] = {
|
||||
cmocka_unit_test_setup_teardown(ticker, _setup, _teardown),
|
||||
cmocka_unit_test_setup_teardown(once_life, _setup, _teardown),
|
||||
cmocka_unit_test_setup_teardown(once_idle, _setup, _teardown),
|
||||
cmocka_unit_test_setup_teardown(reset, _setup, _teardown),
|
||||
cmocka_unit_test_setup_teardown(purge, _setup, _teardown),
|
||||
-#endif
|
||||
};
|
||||
int c;
|
||||
|
||||
@@ -595,6 +594,14 @@ main(int argc, char **argv) {
|
||||
}
|
||||
|
||||
return (cmocka_run_group_tests(tests, NULL, NULL));
|
||||
+#else
|
||||
+ UNUSED(argc);
|
||||
+ UNUSED(argv);
|
||||
+ UNUSED(verbose);
|
||||
+
|
||||
+ printf("1..0 # Skipped: threads disabled\n");
|
||||
+ return (0);
|
||||
+#endif
|
||||
}
|
||||
|
||||
#else /* HAVE_CMOCKA */
|
||||
--
|
||||
2.20.1
|
||||
|
@ -36,10 +36,10 @@ index 95ab742..6069f09 100644
|
||||
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
|
||||
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
|
||||
diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c
|
||||
index 23dd873..d56bc56 100644
|
||||
index aa2c711..76186b5 100644
|
||||
--- a/bin/sdb_tools/zone2ldap.c
|
||||
+++ b/bin/sdb_tools/zone2ldap.c
|
||||
@@ -65,6 +66,9 @@ ldap_info;
|
||||
@@ -66,6 +66,9 @@ ldap_info;
|
||||
/* usage Info */
|
||||
void usage (void);
|
||||
|
||||
@ -49,7 +49,7 @@ index 23dd873..d56bc56 100644
|
||||
/* Add to the ldap dit */
|
||||
void add_ldap_values (ldap_info * ldinfo);
|
||||
|
||||
@@ -81,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
|
||||
@@ -82,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
|
||||
int get_attr_list_size (char **tmp);
|
||||
|
||||
/* Get a DN */
|
||||
@ -58,7 +58,7 @@ index 23dd873..d56bc56 100644
|
||||
|
||||
/* Add to RR list */
|
||||
void add_to_rr_list (char *dn, char *name, char *type, char *data,
|
||||
@@ -103,11 +107,27 @@ void
|
||||
@@ -104,11 +107,27 @@ void
|
||||
init_ldap_conn ();
|
||||
void usage();
|
||||
|
||||
@ -91,7 +91,7 @@ index 23dd873..d56bc56 100644
|
||||
LDAP *conn;
|
||||
unsigned int debug = 0;
|
||||
|
||||
@@ -131,12 +151,12 @@ main (int argc, char **argv)
|
||||
@@ -132,12 +151,12 @@ main (int argc, char **argv)
|
||||
isc_result_t result;
|
||||
char *basedn;
|
||||
ldap_info *tmp;
|
||||
@ -107,7 +107,7 @@ index 23dd873..d56bc56 100644
|
||||
dns_fixedname_t fixedzone, fixedname;
|
||||
dns_rdataset_t rdataset;
|
||||
char **dc_list;
|
||||
@@ -149,7 +169,7 @@ main (int argc, char **argv)
|
||||
@@ -150,7 +169,7 @@ main (int argc, char **argv)
|
||||
extern char *optarg;
|
||||
extern int optind, opterr, optopt;
|
||||
int create_base = 0;
|
||||
@ -116,7 +116,7 @@ index 23dd873..d56bc56 100644
|
||||
|
||||
if (argc < 2)
|
||||
{
|
||||
@@ -157,7 +177,7 @@ main (int argc, char **argv)
|
||||
@@ -158,7 +177,7 @@ main (int argc, char **argv)
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
@ -125,7 +125,7 @@ index 23dd873..d56bc56 100644
|
||||
{
|
||||
switch (topt)
|
||||
{
|
||||
@@ -180,6 +200,9 @@ main (int argc, char **argv)
|
||||
@@ -181,6 +200,9 @@ main (int argc, char **argv)
|
||||
if (bindpw == NULL)
|
||||
fatal("strdup");
|
||||
break;
|
||||
@ -135,7 +135,7 @@ index 23dd873..d56bc56 100644
|
||||
case 'b':
|
||||
ldapbase = strdup (optarg);
|
||||
if (ldapbase == NULL)
|
||||
@@ -301,27 +324,62 @@ main (int argc, char **argv)
|
||||
@@ -300,27 +322,62 @@ main (int argc, char **argv)
|
||||
{
|
||||
if (debug)
|
||||
printf ("Creating base zone DN %s\n", argzone);
|
||||
@ -208,7 +208,7 @@ index 23dd873..d56bc56 100644
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -330,8 +388,13 @@ main (int argc, char **argv)
|
||||
@@ -329,8 +386,13 @@ main (int argc, char **argv)
|
||||
else
|
||||
sprintf (fullbasedn, "%s", ctmp);
|
||||
}
|
||||
@ -222,7 +222,7 @@ index 23dd873..d56bc56 100644
|
||||
}
|
||||
|
||||
}
|
||||
@@ -409,14 +472,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
|
||||
@@ -408,14 +470,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
|
||||
isc_result_check (result, "dns_rdata_totext");
|
||||
data[isc_buffer_usedlength (&buff)] = 0;
|
||||
|
||||
@ -240,7 +240,7 @@ index 23dd873..d56bc56 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -456,7 +519,8 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
@@ -455,7 +517,8 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
int attrlist;
|
||||
char ldap_type_buffer[128];
|
||||
char charttl[64];
|
||||
@ -250,7 +250,7 @@ index 23dd873..d56bc56 100644
|
||||
|
||||
if ((tmp = locate_by_dn (dn)) == NULL)
|
||||
{
|
||||
@@ -483,13 +547,13 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
@@ -482,13 +545,13 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
fatal("malloc");
|
||||
}
|
||||
tmp->attrs[0]->mod_op = LDAP_MOD_ADD;
|
||||
@ -267,7 +267,7 @@ index 23dd873..d56bc56 100644
|
||||
tmp->attrs[1] = NULL;
|
||||
tmp->attrcnt = 2;
|
||||
tmp->next = ldap_info_base;
|
||||
@@ -498,7 +562,7 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
@@ -497,7 +560,7 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
}
|
||||
|
||||
tmp->attrs[1]->mod_op = LDAP_MOD_ADD;
|
||||
@ -276,7 +276,7 @@ index 23dd873..d56bc56 100644
|
||||
tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2);
|
||||
|
||||
if (tmp->attrs[1]->mod_values == (char **)NULL)
|
||||
@@ -527,7 +591,7 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
@@ -526,7 +589,7 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
fatal("strdup");
|
||||
|
||||
tmp->attrs[3]->mod_op = LDAP_MOD_ADD;
|
||||
@ -285,7 +285,7 @@ index 23dd873..d56bc56 100644
|
||||
tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2);
|
||||
|
||||
if (tmp->attrs[3]->mod_values == (char **)NULL)
|
||||
@@ -540,14 +604,25 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
@@ -539,14 +602,25 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
if (tmp->attrs[3]->mod_values[0] == NULL)
|
||||
fatal("strdup");
|
||||
|
||||
@ -313,7 +313,7 @@ index 23dd873..d56bc56 100644
|
||||
tmp->attrs[4]->mod_values[1] = NULL;
|
||||
|
||||
tmp->attrs[5] = NULL;
|
||||
@@ -558,7 +633,7 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
@@ -557,7 +631,7 @@ add_to_rr_list (char *dn, char *name, char *type,
|
||||
else
|
||||
{
|
||||
|
||||
@ -322,7 +322,7 @@ index 23dd873..d56bc56 100644
|
||||
{
|
||||
sprintf (ldap_type_buffer, "%sRecord", type);
|
||||
if (!strncmp
|
||||
@@ -632,44 +707,70 @@ char **
|
||||
@@ -631,44 +705,70 @@ char **
|
||||
hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
|
||||
{
|
||||
char *tmp;
|
||||
@ -430,7 +430,7 @@ index 23dd873..d56bc56 100644
|
||||
dn_buffer[i] = NULL;
|
||||
|
||||
return dn_buffer;
|
||||
@@ -681,24 +782,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
|
||||
@@ -680,24 +780,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
|
||||
* exception of "@"/SOA. */
|
||||
|
||||
char *
|
||||
@ -459,7 +459,7 @@ index 23dd873..d56bc56 100644
|
||||
if (flag == WI_SPEC)
|
||||
{
|
||||
if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl))
|
||||
- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%d,", dc_list[x], ttl);
|
||||
- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%u,", dc_list[x], ttl);
|
||||
+ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
|
||||
else if (x == (size - 2))
|
||||
- sprintf(tmp, "relativeDomainName=%s,",dc_list[x]);
|
||||
@ -467,7 +467,7 @@ index 23dd873..d56bc56 100644
|
||||
else
|
||||
sprintf(tmp,"dc=%s,", dc_list[x]);
|
||||
}
|
||||
@@ -724,6 +833,7 @@ void
|
||||
@@ -723,6 +831,7 @@ void
|
||||
init_ldap_conn ()
|
||||
{
|
||||
int result;
|
||||
@ -475,7 +475,7 @@ index 23dd873..d56bc56 100644
|
||||
conn = ldap_open (ldapsystem, LDAP_PORT);
|
||||
if (conn == NULL)
|
||||
{
|
||||
@@ -733,7 +843,7 @@ init_ldap_conn ()
|
||||
@@ -732,7 +841,7 @@ init_ldap_conn ()
|
||||
}
|
||||
|
||||
result = ldap_simple_bind_s (conn, binddn, bindpw);
|
||||
@ -484,7 +484,7 @@ index 23dd873..d56bc56 100644
|
||||
}
|
||||
|
||||
/* Like isc_result_check, only for LDAP */
|
||||
@@ -750,8 +860,6 @@ ldap_result_check (const char *msg, char *dn, int err)
|
||||
@@ -749,8 +858,6 @@ ldap_result_check (const char *msg, char *dn, int err)
|
||||
}
|
||||
}
|
||||
|
||||
@ -493,7 +493,7 @@ index 23dd873..d56bc56 100644
|
||||
/* For running the ldap_info run queue. */
|
||||
void
|
||||
add_ldap_values (ldap_info * ldinfo)
|
||||
@@ -759,14 +867,14 @@ add_ldap_values (ldap_info * ldinfo)
|
||||
@@ -758,14 +865,14 @@ add_ldap_values (ldap_info * ldinfo)
|
||||
int result;
|
||||
char dnbuffer[1024];
|
||||
|
||||
@ -510,7 +510,7 @@ index 23dd873..d56bc56 100644
|
||||
}
|
||||
|
||||
|
||||
@@ -777,5 +885,5 @@ void
|
||||
@@ -776,5 +883,5 @@ void
|
||||
usage ()
|
||||
{
|
||||
fprintf (stderr,
|
||||
|
12
bind.spec
12
bind.spec
@ -44,8 +44,8 @@
|
||||
#
|
||||
|
||||
# lib*.so.X versions of selected libraries
|
||||
%global sover_dns 1105
|
||||
%global sover_isc 1100
|
||||
%global sover_dns 1106
|
||||
%global sover_isc 1102
|
||||
%global sover_irs 161
|
||||
%global sover_isccfg 163
|
||||
|
||||
@ -135,13 +135,9 @@ Patch164:bind-9.11-rh1666814.patch
|
||||
Patch165:bind-9.11-rh1647829.patch
|
||||
# random_test fails too often by random, disable it
|
||||
Patch168:bind-9.11-unit-disable-random.patch
|
||||
Patch169:bind-9.11-feature-test-dlz.patch
|
||||
Patch170:bind-9.11-feature-test-named.patch
|
||||
Patch171:bind-9.11-tests-variants.patch
|
||||
Patch172:bind-9.11-tests-pkcs11.patch
|
||||
Patch173: bind-9.11-unit-dnstap-pkcs11.patch
|
||||
Patch174: bind-9.11-unit-timer-nothread.patch
|
||||
Patch175: bind-9.11-CVE-2018-5741-atomic.patch
|
||||
|
||||
# SDB patches
|
||||
Patch11: bind-9.3.2b2-sdbsrc.patch
|
||||
@ -518,13 +514,9 @@ are used for building ISC DHCP.
|
||||
%patch164 -p1 -b .rh1666814
|
||||
%patch165 -p1 -b .rh1647829
|
||||
%patch168 -p1 -b .random_test-disable
|
||||
%patch169 -p1 -b .featuretest-dlz
|
||||
%patch170 -p1 -b .featuretest-named
|
||||
%patch171 -p1 -b .test-variant
|
||||
%patch172 -p1 -b .test-pkcs11
|
||||
%patch173 -p1 -b .unit-dnstap
|
||||
%patch174 -p1 -b .unit-timer
|
||||
%patch175 -p1 -b .CVE-2018-5741-atomic
|
||||
|
||||
mkdir lib/dns/tests/testdata/dstrandom
|
||||
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
|
||||
|
Loading…
Reference in New Issue
Block a user