rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update patches to 9.11.9 

Maxmind library and defines modifies many patches changing flags.
Conflicts a lot especially with PKCS11 build.
This commit is contained in:
Petr Menšík 2019-07-24 19:05:06 +02:00
parent afa1fa2af7
commit 371a1e3b7d
7 changed files with 200 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
bind-9.10-dist-native-pkcs11.patch
View File

@ -14,10 +14,10 @@ index f0c504a..ce7a2da 100644
@BIND9_MAKE_RULES@
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index ce0a177..8908a45 100644
index 4b8ca13..32f4470 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -17,18 +17,18 @@ VERSION=@BIND9_VERSION@
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
@ -30,10 +30,10 @@ index ce0a177..8908a45 100644
+ @CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-ISCLIBS = ../../lib/isc/libisc.@A@
-ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
+ISCNOSYMLIBS = ../../lib/isc-pkcs11/libisc-pkcs11-nosymtbl.@A@
@ -44,7 +44,7 @@ index ce0a177..8908a45 100644
DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
@@ -37,10 +37,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
@@ -35,10 +35,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
# Alphabetically
@ -59,7 +59,7 @@ index ce0a177..8908a45 100644
OBJS = dnssectool.@O@
@@ -61,15 +61,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@@ -59,15 +59,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
@ -78,7 +78,7 @@ index ce0a177..8908a45 100644
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -77,7 +77,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
@@ -75,7 +75,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-signzone.c
@ -87,7 +87,7 @@ index ce0a177..8908a45 100644
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -85,19 +85,19 @@ dnssec-verify.@O@: dnssec-verify.c
@@ -83,19 +83,19 @@ dnssec-verify.@O@: dnssec-verify.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-verify.c
@ -111,7 +111,7 @@ index ce0a177..8908a45 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-importkey.@O@ ${OBJS} ${LIBS}
@@ -108,16 +108,14 @@ docclean manclean maintainer-clean::
@@ -106,16 +106,14 @@ docclean manclean maintainer-clean::
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
@ -130,10 +130,10 @@ index ce0a177..8908a45 100644
clean distclean::
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index ce0a177..7cede84 100644
index 4b8ca13..4175996 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -19,7 +19,7 @@ VERSION=@BIND9_VERSION@
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
@ -143,44 +143,46 @@ index ce0a177..7cede84 100644
CWARNINGS =
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index c0861f6..df80f81 100644
index df1f7ee..f397ab0 100644
--- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in
@@ -43,26 +43,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
@@ -43,27 +43,28 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
- ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
- ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
+ ${LWRES_INCLUDES} ${DNS_PKCS11_INCLUDES} ${BIND9_INCLUDES} \
+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_PKCS11_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
+ ${LWRES_INCLUDES} ${DNS_PKCS11_INCLUDES} ${BIND9_INCLUDES} \
+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_PKCS11_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@DST_OPENSSL_INC@
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
+CDEFINES = @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO_PK11@
CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
-ISCLIBS = ../../lib/isc/libisc.@A@
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
-ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@
+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
+ISCNOSYMLIBS = ../../lib/isc-pkcs11/libisc-pkcs11-nosymtbl.@A@
LWRESLIBS = ../../lib/lwres/liblwres.@A@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
@@ -71,15 +71,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
@@ -72,15 +73,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
@ -198,8 +200,8 @@ index c0861f6..df80f81 100644
+TARGETS = named-pkcs11@EXEEXT@ feature-test-pkcs11@EXEEXT@
GEOIPLINKOBJS = geoip.@O@
@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
GEOIP2LINKOBJS = geoip.@O@
@@ -94,8 +95,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
zoneconf.@O@ \
lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
@ -209,7 +211,7 @@ index c0861f6..df80f81 100644
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \
@@ -113,8 +113,7 @@ SRCS = builtin.c client.c config.c control.c \
tkeyconf.c tsigconf.c update.c xfrout.c \
zoneconf.c \
lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
@ -219,7 +221,7 @@ index c0861f6..df80f81 100644
MANPAGES = named.8 lwresd.8 named.conf.5
@@ -146,21 +144,21 @@ server.@O@: server.c
@@ -154,21 +153,21 @@ server.@O@: server.c
-DPRODUCT=\"${PRODUCT}\" \
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
@ -245,7 +247,7 @@ index c0861f6..df80f81 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
-o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
@@ -193,16 +191,11 @@ install-man8: named.8 lwresd.8
@@ -201,16 +200,11 @@ install-man8: named.8 lwresd.8
install-man: install-man5 install-man8
@ -266,12 +268,12 @@ index c0861f6..df80f81 100644
@DLZ_DRIVER_RULES@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index c0861f6..04dea99 100644
index df1f7ee..9660965 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -47,7 +47,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
@@ -48,7 +48,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
@DST_OPENSSL_INC@
-CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
+CDEFINES = @CONTRIB_DLZ@ @CRYPTO@
@ -300,10 +302,10 @@ index a058c91..d4b689a 100644
DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.ac b/configure.ac
index d48fd51..79c96f8 100644
index 3b88105..0532feb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1089,12 +1089,14 @@ AC_SUBST(USE_GSSAPI)
@@ -1139,12 +1139,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
@ -318,10 +320,10 @@ index d48fd51..79c96f8 100644
#
# was --with-randomdev specified?
@@ -1479,11 +1481,11 @@ fi
@@ -1529,11 +1531,11 @@ fi
AC_MSG_CHECKING(for OpenSSL library)
OPENSSL_WARNING=
openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
openssldirs="/usr /usr/local /usr/local/ssl /opt/local /usr/pkg /usr/sfw"
-if test "yes" = "$want_native_pkcs11"
-then
- use_openssl="native_pkcs11"
@ -335,7 +337,7 @@ index d48fd51..79c96f8 100644
if test "auto" = "$use_openssl"
then
@@ -1496,6 +1498,7 @@ then
@@ -1546,6 +1548,7 @@ then
fi
done
fi
@ -343,7 +345,7 @@ index d48fd51..79c96f8 100644
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
@@ -1517,11 +1520,10 @@ case "$with_gost" in
@@ -1567,11 +1570,10 @@ case "$with_gost" in
;;
esac
@ -358,7 +360,7 @@ index d48fd51..79c96f8 100644
CRYPTOLIB="pkcs11"
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
@@ -1531,7 +1533,9 @@ case "$use_openssl" in
@@ -1581,7 +1583,9 @@ case "$use_openssl" in
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
@ -369,7 +371,7 @@ index d48fd51..79c96f8 100644
no)
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
@@ -1563,7 +1567,7 @@ case "$use_openssl" in
@@ -1613,7 +1617,7 @@ case "$use_openssl" in
If you do not want OpenSSL, use --without-openssl])
;;
*)
@ -378,7 +380,7 @@ index d48fd51..79c96f8 100644
then
AC_MSG_RESULT()
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
@@ -1991,6 +1995,7 @@ AC_SUBST(OPENSSL_ED25519)
@@ -2041,6 +2045,7 @@ AC_SUBST(OPENSSL_ED25519)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -386,7 +388,7 @@ index d48fd51..79c96f8 100644
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
if test "yes" = "$with_aes"
@@ -2314,6 +2319,7 @@ esac
@@ -2364,6 +2369,7 @@ esac
AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO)
@ -394,7 +396,7 @@ index d48fd51..79c96f8 100644
AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_ED25519)
@@ -5441,8 +5447,11 @@ AC_CONFIG_FILES([
@@ -5491,8 +5497,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -406,7 +408,7 @@ index d48fd51..79c96f8 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5515,6 +5524,10 @@ AC_CONFIG_FILES([
@@ -5565,6 +5574,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -417,7 +419,7 @@ index d48fd51..79c96f8 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -5539,6 +5552,24 @@ AC_CONFIG_FILES([
@@ -5589,6 +5602,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile
@ -456,17 +458,18 @@ index 81270a0..bcb5312 100644
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index f6868d1..ea6fd36 100644
index 7f09bd6..c388d9e 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@
@@ -26,17 +26,16 @@ VERSION=@BIND9_VERSION@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
- ${ISC_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
- ${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \
- @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \
+ ${ISC_PKCS11_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
+ ${ISC_PKCS11_INCLUDES} ${MAXMINDDB_CFLAGS} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@
-CDEFINES = -DUSE_MD5 @CRYPTO@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
+CDEFINES = -DUSE_MD5 @CRYPTO_PK11@ @USE_GSSAPI@ ${USE_ISC_SPNEGO}
@ -479,9 +482,9 @@ index f6868d1..ea6fd36 100644
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@
LIBS = @LIBS@
LIBS = ${MAXMINDDB_LIBS} @LIBS@
@@ -146,15 +146,15 @@ version.@O@: version.c
@@ -150,15 +149,15 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
@ -501,7 +504,7 @@ index f6868d1..ea6fd36 100644
include: gen
${MAKE} include/dns/enumtype.h
@@ -185,22 +185,22 @@ gen: gen.c
@@ -189,22 +188,22 @@ gen: gen.c
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \
${BUILD_LIBS} ${LFS_LIBS}

45
bind-9.10-sdb.patch
View File

@ -14,7 +14,7 @@ index ce7a2da..4e6a824 100644
@BIND9_MAKE_RULES@
diff --git a/bin/named-sdb/Makefile.in b/bin/named-sdb/Makefile.in
index 04dea99..4ff053e 100644
index 9660965..184fbb2 100644
--- a/bin/named-sdb/Makefile.in
+++ b/bin/named-sdb/Makefile.in
@@ -30,10 +30,10 @@ VERSION=@BIND9_VERSION@
@ -31,7 +31,7 @@ index 04dea99..4ff053e 100644
DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers
@@ -79,7 +79,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
@@ -80,7 +80,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
SUBDIRS = unix
@ -39,8 +39,8 @@ index 04dea99..4ff053e 100644
+TARGETS = named-sdb@EXEEXT@ feature-test-sdb@EXEEXT@
GEOIPLINKOBJS = geoip.@O@
@@ -146,7 +146,7 @@ server.@O@: server.c
GEOIP2LINKOBJS = geoip.@O@
@@ -154,7 +154,7 @@ server.@O@: server.c
-DPRODUCT=\"${PRODUCT}\" \
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
@ -49,7 +49,7 @@ index 04dea99..4ff053e 100644
export MAKE_SYMTABLE="yes"; \
export BASEOBJS="${OBJS} ${UOBJS}"; \
${FINALBUILDCMD}
@@ -160,7 +160,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
@@ -168,7 +168,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-c ${top_srcdir}/bin/tests/system/feature-test.c
@ -58,7 +58,7 @@ index 04dea99..4ff053e 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
-o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
@@ -182,8 +182,6 @@ statschannel.@O@: bind9.xsl.h
@@ -190,8 +190,6 @@ statschannel.@O@: bind9.xsl.h
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
@ -67,7 +67,7 @@ index 04dea99..4ff053e 100644
install-man5: named.conf.5
${INSTALL_DATA} $^ ${DESTDIR}${mandir}/man5
@@ -193,16 +191,11 @@ install-man8: named.8 lwresd.8
@@ -201,16 +199,11 @@ install-man8: named.8 lwresd.8
install-man: install-man5 install-man8
@ -88,7 +88,7 @@ index 04dea99..4ff053e 100644
@DLZ_DRIVER_RULES@
diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c
index 17f2daa..1bb9d79 100644
index 108b8d6..a943421 100644
--- a/bin/named-sdb/main.c
+++ b/bin/named-sdb/main.c
@@ -93,6 +93,10 @@
@ -102,7 +102,7 @@ index 17f2daa..1bb9d79 100644
#ifdef CONTRIB_DLZ
/*
@@ -1063,6 +1067,11 @@ setup(void) {
@@ -1069,6 +1073,11 @@ setup(void) {
ns_main_earlyfatal("isc_app_start() failed: %s",
isc_result_totext(result));
@ -114,7 +114,7 @@ index 17f2daa..1bb9d79 100644
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "starting %s %s%s%s <id:%s>",
ns_g_product, ns_g_version,
@@ -1263,6 +1272,75 @@ setup(void) {
@@ -1269,6 +1278,75 @@ setup(void) {
isc_result_totext(result));
#endif
@ -190,7 +190,7 @@ index 17f2daa..1bb9d79 100644
ns_server_create(ns_g_mctx, &ns_g_server);
#ifdef HAVE_LIBSECCOMP
@@ -1305,6 +1383,11 @@ cleanup(void) {
@@ -1311,6 +1389,11 @@ cleanup(void) {
dns_name_destroy();
@ -203,22 +203,23 @@ index 17f2daa..1bb9d79 100644
ISC_LOG_NOTICE, "exiting");
ns_log_shutdown();
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 04dea99..9ed9637 100644
index 9660965..03f7c05 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -45,9 +45,9 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
@@ -45,10 +45,10 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
- ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
+ @DST_OPENSSL_INC@
- ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \
+ ${MAXMINDDB_CFLAGS} \
@DST_OPENSSL_INC@
-CDEFINES = @CONTRIB_DLZ@ @CRYPTO@
+CDEFINES = @CRYPTO@
CWARNINGS =
@@ -71,11 +71,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
@@ -72,11 +72,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
@ -232,7 +233,7 @@ index 04dea99..9ed9637 100644
SUBDIRS = unix
@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
@@ -94,8 +94,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
zoneconf.@O@ \
lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
@ -242,7 +243,7 @@ index 04dea99..9ed9637 100644
UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \
@@ -113,8 +112,7 @@ SRCS = builtin.c client.c config.c control.c \
tkeyconf.c tsigconf.c update.c xfrout.c \
zoneconf.c \
lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
@ -252,7 +253,7 @@ index 04dea99..9ed9637 100644
MANPAGES = named.8 lwresd.8 named.conf.5
@@ -204,7 +202,5 @@ uninstall::
@@ -212,7 +210,5 @@ uninstall::
rm -f ${DESTDIR}${sbindir}/lwresd@EXEEXT@
${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@
@ -296,10 +297,10 @@ index c7e0868..95ab742 100644
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/configure.ac b/configure.ac
index 8374385..0af9b71 100644
index d8147ae..930cd1c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5436,6 +5436,8 @@ AC_CONFIG_FILES([
@@ -5532,6 +5532,8 @@ AC_CONFIG_FILES([
bin/named/unix/Makefile
bin/named-pkcs11/Makefile
bin/named-pkcs11/unix/Makefile
@ -308,7 +309,7 @@ index 8374385..0af9b71 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5460,6 +5462,7 @@ AC_CONFIG_FILES([
@@ -5556,6 +5558,7 @@ AC_CONFIG_FILES([
bin/python/isc/tests/dnskey_test.py
bin/python/isc/tests/policy_test.py
bin/rndc/Makefile

16
bind-9.11-feature-test-named.patch
View File

@ -1,7 +1,7 @@
From 4293078b294cbb766abe84d3b1618b1cb5413c82 Mon Sep 17 00:00:00 2001
From d394129acaa40ec7fc68ab27802f0a01fcd50f3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 30 Jan 2019 14:37:17 +0100
Subject: [PATCH 2/2] Create feature-test in source directory
Subject: [PATCH] Create feature-test in source directory
Feature-test tool is used in system tests to test compiled in changes.
Because we build more variants of named with different configuration,
@ -12,10 +12,10 @@ compile feature-test for each of them this way.
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 1c413973d0..b31df9a718 100644
index 3166368..df1f7ee 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -79,7 +79,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
@@ -80,7 +80,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
SUBDIRS = unix
@ -23,8 +23,8 @@ index 1c413973d0..b31df9a718 100644
+TARGETS = named@EXEEXT@ lwresd@EXEEXT@ feature-test@EXEEXT@
GEOIPLINKOBJS = geoip.@O@
@@ -151,6 +151,15 @@ lwresd@EXEEXT@: named@EXEEXT@
GEOIP2LINKOBJS = geoip.@O@
@@ -163,6 +163,15 @@ lwresd@EXEEXT@: named@EXEEXT@
rm -f lwresd@EXEEXT@
@LN@ named@EXEEXT@ lwresd@EXEEXT@
@ -41,10 +41,10 @@ index 1c413973d0..b31df9a718 100644
docclean manclean maintainer-clean::
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 2236f0a151..b072af8467 100644
index 65c0c5a..117d6ec 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -64,7 +64,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
@@ -71,7 +71,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
MDIG=$TOP/bin/tools/mdig
NZD2NZF=$TOP/bin/tools/named-nzd2nzf
FSTRM_CAPTURE=@FSTRM_CAPTURE@

14
bind-9.11-fips-tests.patch
View File

@ -1,4 +1,4 @@
From 230ca0ddbc95a043933c36c1d182f85cf0dcc971 Mon Sep 17 00:00:00 2001
From d0e3f8be48c8031ebe3d7e1bf2a32cb03c79484e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -946,7 +946,7 @@ index 1e39862..4ed19ac 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index b93651a..09b12ba 100644
index 13fb924..1ffa279 100644
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
@ -990,7 +990,7 @@ index ed30460..e6b1126 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
};
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 51dc117..48cb34b 100644
index d07881d..17ad256 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3227,8 +3227,8 @@ do
@ -1005,7 +1005,7 @@ index 51dc117..48cb34b 100644
8) size="-b 512";;
10) size="-b 1024";;
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index 3ac34e8..428d107 100644
index 27a02d0..caf4166 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -19,6 +19,7 @@
@ -1016,15 +1016,15 @@ index 3ac34e8..428d107 100644
#include <dns/edns.h>
#ifdef WIN32
@@ -45,6 +46,7 @@ usage() {
fprintf(stderr, " --have-geoip\n");
@@ -46,6 +47,7 @@ usage() {
fprintf(stderr, " --have-geoip2\n");
fprintf(stderr, " --have-libxml2\n");
fprintf(stderr, " --ipv6only=no\n");
+ fprintf(stderr, " --md5\n");
fprintf(stderr, " --rpz-nsdname\n");
fprintf(stderr, " --rpz-nsip\n");
fprintf(stderr, " --with-idn\n");
@@ -137,6 +139,18 @@ main(int argc, char **argv) {
@@ -146,6 +148,18 @@ main(int argc, char **argv) {
#endif
}

12
bind-9.11-kyua-pkcs11.patch
View File

@ -1,4 +1,4 @@
From 17998f4feb9590522a0b50943075d9e8c97ec69d Mon Sep 17 00:00:00 2001
From eb38d2278937ec3fe45d0af30cd080953bbb5b54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 2 Jan 2018 18:13:07 +0100
Subject: [PATCH] Fix pkcs11 variants atf tests
@ -16,10 +16,10 @@ Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
6 files changed, 38 insertions(+), 16 deletions(-)
diff --git a/configure.ac b/configure.ac
index 7aff0e6..8374385 100644
index 0532feb..a83ddd5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5512,6 +5512,7 @@ AC_CONFIG_FILES([
@@ -5578,6 +5578,7 @@ AC_CONFIG_FILES([
lib/dns-pkcs11/include/Makefile
lib/dns-pkcs11/include/dns/Makefile
lib/dns-pkcs11/include/dst/Makefile
@ -43,7 +43,7 @@ index 7c8bab0..eec9564 100644
include('isccfg/Kyuafile')
include('lwres/Kyuafile')
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
index 9f1781a..e50463d 100644
index 7671e1d..e237d5c 100644
--- a/lib/dns-pkcs11/tests/Makefile.in
+++ b/lib/dns-pkcs11/tests/Makefile.in
@@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@
@ -55,11 +55,11 @@ index 9f1781a..e50463d 100644
-ISCLIBS = ../../isc/libisc.@A@
-ISCDEPLIBS = ../../isc/libisc.@A@
-DNSLIBS = ../libdns.@A@ @DNS_CRYPTO_LIBS@
-DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-DNSDEPLIBS = ../libdns.@A@
+ISCLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@
+ISCDEPLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@
+DNSLIBS = ../libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS = ../libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSDEPLIBS = ../libdns-pkcs11.@A@
LIBS = @LIBS@ @CMOCKA_LIBS@

96
bind-9.11-rh1732883.patch
View File

@ -1,4 +1,4 @@
From 9ac315c16bf8441145f5b4b8a3308ae9f03582ab Mon Sep 17 00:00:00 2001
From 348947b3d573e2187db61fb43919d2260dcfc135 Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pzhukov@redhat.com>
Date: Wed, 24 Jul 2019 17:15:55 +0200
Subject: [PATCH] Detect system time jumps
@ -8,96 +8,93 @@ address dropped by the kernel due to lifetime expirity. Try to detect
this situation using either monotonic time or saved timestamp and execute
go_reboot() procedure to request lease extention
---
lib/isc/include/isc/result.h | 4 ++--
lib/isc/include/isc/util.h | 4 ++++
lib/isc/include/isc/result.h | 3 ++-
lib/isc/include/isc/util.h | 3 +++
lib/isc/result.c | 2 ++
lib/isc/unix/app.c | 41 +++++++++++++++++++++++++++++++--
lib/isc/unix/include/isc/time.h | 20 ++++++++++++++++
lib/isc/unix/time.c | 22 ++++++++++++++++++
6 files changed, 89 insertions(+), 4 deletions(-)
lib/isc/unix/app.c | 39 +++++++++++++++++++++++++++++----
lib/isc/unix/include/isc/time.h | 20 +++++++++++++++++
lib/isc/unix/time.c | 22 +++++++++++++++++++
6 files changed, 84 insertions(+), 5 deletions(-)
diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h
index 246aefb..70d4b64 100644
index 0fd4971..2add549 100644
--- a/lib/isc/include/isc/result.h
+++ b/lib/isc/include/isc/result.h
@@ -83,9 +83,9 @@
#define ISC_R_UNSET 61 /*%< unset */
#define ISC_R_MULTIPLE 62 /*%< multiple */
#define ISC_R_WOULDBLOCK 63 /*%< would block */
-
+#define ISC_R_TIMESHIFTED 64 /*%< system time changed */
@@ -87,9 +87,10 @@
#define ISC_R_CRYPTOFAILURE 65 /*%< cryptography library failure */
#define ISC_R_DISCQUOTA 66 /*%< disc quota */
#define ISC_R_DISCFULL 67 /*%< disc full */
+#define ISC_R_TIMESHIFTED 68 /*%< system time changed */
/*% Not a result code: the number of results. */
-#define ISC_R_NRESULTS 64
+#define ISC_R_NRESULTS 65
-#define ISC_R_NRESULTS 68
+#define ISC_R_NRESULTS 69
ISC_LANG_BEGINDECLS
diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h
index 332dc0c..f81967d 100644
index 973c348..8160dd3 100644
--- a/lib/isc/include/isc/util.h
+++ b/lib/isc/include/isc/util.h
@@ -233,6 +233,10 @@
@@ -289,6 +289,9 @@ extern void mock_assert(const int result, const char* const expression,
* Time
*/
#define TIME_NOW(tp) RUNTIME_CHECK(isc_time_now((tp)) == ISC_R_SUCCESS)
+#ifdef CLOCK_BOOTTIME
+#define TIME_MONOTONIC(tp) RUNTIME_CHECK(isc_time_boottime((tp)) == ISC_R_SUCCESS)
+#endif
+
/*%
* Misc
* Alignment
diff --git a/lib/isc/result.c b/lib/isc/result.c
index a707c32..6776fc6 100644
index abb6ed2..8c95a93 100644
--- a/lib/isc/result.c
+++ b/lib/isc/result.c
@@ -99,6 +99,7 @@ static const char *description[ISC_R_NRESULTS] = {
"unset", /*%< 61 */
"multiple", /*%< 62 */
"would block", /*%< 63 */
+ "time changed", /*%< 64 */
@@ -103,6 +103,7 @@ static const char *description[ISC_R_NRESULTS] = {
"crypto failure", /*%< 65 */
"disc quota", /*%< 66 */
"disc full", /*%< 67 */
+ "time changed", /*%< 68 */
};
static const char *identifier[ISC_R_NRESULTS] = {
@@ -166,6 +167,7 @@ static const char *identifier[ISC_R_NRESULTS] = {
"ISC_R_UNSET",
"ISC_R_MULTIPLE",
"ISC_R_WOULDBLOCK",
@@ -174,6 +175,7 @@ static const char *identifier[ISC_R_NRESULTS] = {
"ISC_R_CRYPTOFAILURE",
"ISC_R_DISCQUOTA",
"ISC_R_DISCFULL",
+ "ISC_R_TIMESHIFTED",
};
#define ISC_RESULT_RESULTSET 2
diff --git a/lib/isc/unix/app.c b/lib/isc/unix/app.c
index bace2bd..e9814d2 100644
index 7e5a0ee..ceab74e 100644
--- a/lib/isc/unix/app.c
+++ b/lib/isc/unix/app.c
@@ -441,15 +441,51 @@ isc__app_ctxonrun(isc_appctx_t *ctx0, isc_mem_t *mctx, isc_task_t *task,
@@ -442,15 +442,48 @@ isc__app_ctxonrun(isc_appctx_t *ctx0, isc_mem_t *mctx, isc_task_t *task,
static isc_result_t
evloop(isc__appctx_t *ctx) {
isc_result_t result;
+ isc_time_t now;
+#ifdef CLOCK_BOOTTIME
+ isc_time_t monotonic;
+ isc_uint64_t diff = 0;
+ uint64_t diff = 0;
+#else
+ isc_time_t prev;
+ TIME_NOW(&prev);
+#endif
+
+
+
while (!ctx->want_shutdown) {
int n;
- isc_time_t when, now;
+ isc_time_t when;
+
struct timeval tv, *tvp;
isc_socketwait_t *swait;
isc_boolean_t readytasks;
isc_boolean_t call_timer_dispatch = ISC_FALSE;
+ isc_uint64_t us;
bool readytasks;
bool call_timer_dispatch = false;
-
+ uint64_t us;
+
+#ifdef CLOCK_BOOTTIME
+ // TBD macros for following three lines
@ -105,7 +102,7 @@ index bace2bd..e9814d2 100644
+ TIME_MONOTONIC(&monotonic);
+ INSIST(now.seconds > monotonic.seconds)
+ us = isc_time_microdiff (&now, &monotonic);
+ if (us < diff){
+ if (us < diff){
+ us = diff - us;
+ if (us > 1000000){ // ignoring shifts less than one second
+ return ISC_R_TIMESHIFTED;
@ -120,27 +117,24 @@ index bace2bd..e9814d2 100644
+ if (isc_time_compare (&now, &prev) < 0)
+ return ISC_R_TIMESHIFTED;
+ TIME_NOW(&prev);
+#endif
+#endif
/*
* Check the reload (or suspend) case first for exiting the
* loop as fast as possible in case:
@@ -474,9 +510,10 @@ evloop(isc__appctx_t *ctx) {
@@ -475,8 +508,6 @@ evloop(isc__appctx_t *ctx) {
if (result != ISC_R_SUCCESS)
tvp = NULL;
else {
- isc_uint64_t us;
+
- uint64_t us;
-
TIME_NOW(&now);
+
us = isc_time_microdiff(&when, &now);
if (us == 0)
call_timer_dispatch = ISC_TRUE;
diff --git a/lib/isc/unix/include/isc/time.h b/lib/isc/unix/include/isc/time.h
index 75e24b9..de8b399 100644
index b864c29..5dd43c9 100644
--- a/lib/isc/unix/include/isc/time.h
+++ b/lib/isc/unix/include/isc/time.h
@@ -129,6 +129,26 @@ isc_time_isepoch(const isc_time_t *t);
@@ -132,6 +132,26 @@ isc_time_isepoch(const isc_time_t *t);
*\li 't' is a valid pointer.
*/
@ -168,10 +162,10 @@ index 75e24b9..de8b399 100644
isc_time_now(isc_time_t *t);
/*%<
diff --git a/lib/isc/unix/time.c b/lib/isc/unix/time.c
index 2210240..d7613b8 100644
index 8edc9df..fe0bb91 100644
--- a/lib/isc/unix/time.c
+++ b/lib/isc/unix/time.c
@@ -496,3 +496,25 @@ isc_time_formatISO8601ms(const isc_time_t *t, char *buf, unsigned int len) {
@@ -498,3 +498,25 @@ isc_time_formatISO8601ms(const isc_time_t *t, char *buf, unsigned int len) {
t->nanoseconds / NS_PER_MS);
}
}

120
bind-9.11-rt31459.patch
View File

@ -1,4 +1,4 @@
From 255fdf0b549ab2f138443ead0ac81bf864612217 Mon Sep 17 00:00:00 2001
From f0eee3c150b9b913819ecd864581ba50dd4ae9cf Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 12 Sep 2017 19:05:46 -0700
Subject: [PATCH] rebased rt31459c
@ -48,8 +48,8 @@ Include new unit test
lib/isc/include/isc/types.h | 2 +
lib/isc/pk11.c | 12 +-
lib/isc/win32/include/isc/platform.h.in | 5 +
win32utils/Configure | 29 ++-
36 files changed, 703 insertions(+), 175 deletions(-)
win32utils/Configure | 28 ++-
36 files changed, 702 insertions(+), 175 deletions(-)
create mode 100644 lib/dns/tests/dstrandom_test.c
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644
usekeyboard);
diff --git a/bin/named/server.c b/bin/named/server.c
index 0abbbed..405ff71 100644
index 767d83f..d3c2f9d 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -36,6 +36,7 @@
@ -304,7 +304,7 @@ index 0abbbed..405ff71 100644
#include <isc/portset.h>
#include <isc/print.h>
#include <isc/random.h>
@@ -8210,6 +8211,10 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8208,6 +8209,10 @@ load_configuration(const char *filename, ns_server_t *server,
"no source of entropy found");
} else {
const char *randomdev = cfg_obj_asstring(obj);
@ -315,7 +315,7 @@ index 0abbbed..405ff71 100644
int level = ISC_LOG_ERROR;
result = isc_entropy_createfilesource(ns_g_entropy,
randomdev);
@@ -8244,6 +8249,7 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8242,6 +8247,7 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -689,7 +689,7 @@ index b27fc1d..e28871b 100644
parse_args(false, argc, argv);
if (server == NULL)
diff --git a/configure b/configure
index b219e16..4da30b9 100755
index 4a5db6c..64aca10 100755
--- a/configure
+++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\
@ -708,7 +708,7 @@ index b219e16..4da30b9 100755
PKCS11_TEST
PKCS11_ED25519
PKCS11_GOST
@@ -1038,6 +1040,7 @@ with_eddsa
@@ -1047,6 +1049,7 @@ with_eddsa
with_aes
enable_openssl_hash
with_cc_alg
@ -716,7 +716,7 @@ index b219e16..4da30b9 100755
with_lmdb
with_libxml2
with_libjson
@@ -1734,6 +1737,7 @@ Optional Features:
@@ -1746,6 +1749,7 @@ Optional Features:
--enable-threads enable multithreading
--enable-native-pkcs11 use native PKCS11 for all crypto [default=no]
--enable-openssl-hash use OpenSSL for hash functions [default=no]
@ -724,7 +724,7 @@ index b219e16..4da30b9 100755
--enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace
@@ -16686,6 +16690,7 @@ case "$use_openssl" in
@@ -17156,6 +17160,7 @@ case "$use_openssl" in
$as_echo "disabled because of native PKCS11" >&6; }
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -732,7 +732,7 @@ index b219e16..4da30b9 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16700,6 +16705,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
@@ -17170,6 +17175,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
$as_echo "no" >&6; }
DST_OPENSSL_INC=""
CRYPTO=""
@ -740,7 +740,7 @@ index b219e16..4da30b9 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16712,6 +16718,7 @@ $as_echo "no" >&6; }
@@ -17182,6 +17188,7 @@ $as_echo "no" >&6; }
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -748,7 +748,7 @@ index b219e16..4da30b9 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -16721,7 +16728,7 @@ $as_echo "no" >&6; }
@@ -17191,7 +17198,7 @@ $as_echo "no" >&6; }
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -757,7 +757,7 @@ index b219e16..4da30b9 100755
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -16752,6 +16759,7 @@ $as_echo "not found" >&6; }
@@ -17222,6 +17229,7 @@ $as_echo "not found" >&6; }
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
fi
CRYPTO='-DOPENSSL'
@ -765,7 +765,7 @@ index b219e16..4da30b9 100755
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -17413,8 +17421,6 @@ fi
@@ -17883,8 +17891,6 @@ fi
# Use OpenSSL for hash functions
#
@ -774,7 +774,7 @@ index b219e16..4da30b9 100755
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -17789,6 +17795,86 @@ if test "rt" = "$have_clock_gt"; then
@@ -18259,6 +18265,86 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -861,7 +861,7 @@ index b219e16..4da30b9 100755
#
# was --with-lmdb specified?
#
@@ -19871,9 +19957,12 @@ _ACEOF
@@ -20341,9 +20427,12 @@ _ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
$as_echo "size_t for buflen; int for flags" >&6; }
@ -876,7 +876,7 @@ index b219e16..4da30b9 100755
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
@@ -21188,12 +21277,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -21658,12 +21747,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -890,7 +890,7 @@ index b219e16..4da30b9 100755
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364.
@@ -21226,6 +21310,11 @@ cat >>confdefs.h <<_ACEOF
@@ -21696,6 +21780,11 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
@ -902,7 +902,7 @@ index b219e16..4da30b9 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21234,39 +21323,6 @@ _ACEOF
@@ -21704,39 +21793,6 @@ _ACEOF
fi
;;
x86_64-*|amd64-*)
@ -942,7 +942,7 @@ index b219e16..4da30b9 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21297,6 +21353,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
@@ -21767,6 +21823,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
$as_echo "$arch" >&6; }
fi
@ -953,7 +953,7 @@ index b219e16..4da30b9 100755
if test "yes" = "$have_atomic"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
$as_echo_n "checking compiler support for inline assembly code... " >&6; }
@@ -23896,6 +23956,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
@@ -24372,6 +24432,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
#
dlzdir='${DLZ_DRIVER_DIR}'
@ -984,7 +984,7 @@ index b219e16..4da30b9 100755
#
# Private autoconf macro to simplify configuring drivers:
#
@@ -24226,11 +24310,11 @@ $as_echo "no" >&6; }
@@ -24702,11 +24786,11 @@ $as_echo "no" >&6; }
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
;;
*)
@ -999,7 +999,7 @@ index b219e16..4da30b9 100755
fi
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
@@ -24315,7 +24399,7 @@ $as_echo "" >&6; }
@@ -24791,7 +24875,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
@ -1008,7 +1008,7 @@ index b219e16..4da30b9 100755
# include a blank element first
for d in "" $bdb_incdirs
do
@@ -24340,57 +24424,9 @@ $as_echo "" >&6; }
@@ -24816,57 +24900,9 @@ $as_echo "" >&6; }
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
for d in $bdb_libnames
do
@ -1068,7 +1068,7 @@ index b219e16..4da30b9 100755
break
fi
done
@@ -24549,10 +24585,10 @@ $as_echo "no" >&6; }
@@ -25025,10 +25061,10 @@ $as_echo "no" >&6; }
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
fi
@ -1082,7 +1082,7 @@ index b219e16..4da30b9 100755
fi
@@ -24638,11 +24674,11 @@ fi
@@ -25114,11 +25150,11 @@ fi
odbcdirs="/usr /usr/local /usr/pkg"
for d in $odbcdirs
do
@ -1096,7 +1096,7 @@ index b219e16..4da30b9 100755
break
fi
done
@@ -24917,6 +24953,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@@ -25393,6 +25429,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1105,7 +1105,7 @@ index b219e16..4da30b9 100755
#
# Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody
@@ -27295,6 +27333,8 @@ report() {
@@ -27772,6 +27810,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1114,7 +1114,7 @@ index b219e16..4da30b9 100755
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -27335,6 +27375,8 @@ report() {
@@ -27812,6 +27852,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1123,7 +1123,7 @@ index b219e16..4da30b9 100755
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -27382,6 +27424,8 @@ report() {
@@ -27859,6 +27901,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1133,10 +1133,10 @@ index b219e16..4da30b9 100755
test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/configure.ac b/configure.ac
index 7fd192c..5e4e839 100644
index 0dc552c..3b88105 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1514,6 +1514,7 @@ case "$use_openssl" in
@@ -1572,6 +1572,7 @@ case "$use_openssl" in
AC_MSG_RESULT(disabled because of native PKCS11)
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -1144,7 +1144,7 @@ index 7fd192c..5e4e839 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1527,6 +1528,7 @@ case "$use_openssl" in
@@ -1585,6 +1586,7 @@ case "$use_openssl" in
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1152,7 +1152,7 @@ index 7fd192c..5e4e839 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1539,6 +1541,7 @@ case "$use_openssl" in
@@ -1597,6 +1599,7 @@ case "$use_openssl" in
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1160,7 +1160,7 @@ index 7fd192c..5e4e839 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1549,7 +1552,7 @@ case "$use_openssl" in
@@ -1607,7 +1610,7 @@ case "$use_openssl" in
OPENSSLLINKSRCS=""
AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -1169,7 +1169,7 @@ index 7fd192c..5e4e839 100644
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -1579,6 +1582,7 @@ If you don't want OpenSSL, use --without-openssl])
@@ -1637,6 +1640,7 @@ If you don't want OpenSSL, use --without-openssl])
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
fi
CRYPTO='-DOPENSSL'
@ -1177,7 +1177,7 @@ index 7fd192c..5e4e839 100644
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -2052,7 +2056,6 @@ fi
@@ -2110,7 +2114,6 @@ fi
# Use OpenSSL for hash functions
#
@ -1185,7 +1185,7 @@ index 7fd192c..5e4e839 100644
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -2324,6 +2327,67 @@ if test "rt" = "$have_clock_gt"; then
@@ -2382,6 +2385,67 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -1253,7 +1253,7 @@ index 7fd192c..5e4e839 100644
#
# was --with-lmdb specified?
#
@@ -4120,12 +4184,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -4178,12 +4242,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -1267,7 +1267,7 @@ index 7fd192c..5e4e839 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -4134,7 +4198,6 @@ if test "yes" = "$use_atomic"; then
@@ -4192,7 +4256,6 @@ if test "yes" = "$use_atomic"; then
fi
;;
x86_64-*|amd64-*)
@ -1275,7 +1275,7 @@ index 7fd192c..5e4e839 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -5543,6 +5606,8 @@ report() {
@@ -5607,6 +5670,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1284,7 +1284,7 @@ index 7fd192c..5e4e839 100644
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -5583,6 +5648,8 @@ report() {
@@ -5647,6 +5712,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1293,7 +1293,7 @@ index 7fd192c..5e4e839 100644
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -5630,6 +5697,8 @@ report() {
@@ -5694,6 +5761,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1693,7 +1693,7 @@ index 937b548..f3c0e38 100644
tap_test_program{name='gost_test'}
tap_test_program{name='keytable_test'}
diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in
index 0897579..9f1781a 100644
index 90dc3a6..7671e1d 100644
--- a/lib/dns/tests/Makefile.in
+++ b/lib/dns/tests/Makefile.in
@@ -37,6 +37,7 @@ SRCS = acl_test.c \
@ -2016,10 +2016,10 @@ index 5b8a2c9..913a2ce 100644
* Define if the hash functions must be provided by OpenSSL.
*/
diff --git a/win32utils/Configure b/win32utils/Configure
index 27b00af..7e35d60 100644
index 93939f3..8bacf54 100644
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -380,6 +380,7 @@ my @substdefh = ("AES_CC",
@@ -381,6 +381,7 @@ my @substdefh = ("AES_CC",
my %configdefp;
my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP",
@ -2027,7 +2027,7 @@ index 27b00af..7e35d60 100644
"ISC_PLATFORM_HAVEATOMICSTORE",
"ISC_PLATFORM_HAVEATOMICSTOREQ",
"ISC_PLATFORM_HAVECMPXCHG",
@@ -509,7 +510,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
@@ -511,7 +512,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
# enable-xxx/disable-xxx
@ -2037,7 +2037,7 @@ index 27b00af..7e35d60 100644
"fixed-rrset",
"intrinsics",
"isc-spnego",
@@ -572,6 +574,7 @@ my @help = (
@@ -575,6 +577,7 @@ my @help = (
"\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
@ -2045,7 +2045,7 @@ index 27b00af..7e35d60 100644
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n",
@@ -616,7 +619,9 @@ my $want_clean = "no";
@@ -620,7 +623,9 @@ my $want_clean = "no";
my $want_unknown = "no";
my $unknown_value;
my $enable_intrinsics = "yes";
@ -2055,7 +2055,7 @@ index 27b00af..7e35d60 100644
my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "yes";
my $enable_isc_spnego = "yes";
@@ -834,6 +839,10 @@ sub myenable {
@@ -840,6 +845,10 @@ sub myenable {
if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes";
}
@ -2066,7 +2066,7 @@ index 27b00af..7e35d60 100644
} elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes";
@@ -1125,6 +1134,11 @@ if ($verbose) {
@@ -1142,6 +1151,11 @@ if ($verbose) {
} else {
print "native-pkcs11: disabled\n";
}
@ -2078,7 +2078,7 @@ index 27b00af..7e35d60 100644
if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n";
} else {
@@ -1478,6 +1492,7 @@ if ($enable_intrinsics eq "yes") {
@@ -1500,6 +1514,7 @@ if ($enable_intrinsics eq "yes") {
# enable-native-pkcs11
if ($enable_native_pkcs11 eq "yes") {
@ -2086,7 +2086,7 @@ index 27b00af..7e35d60 100644
if ($use_openssl eq "auto") {
$use_openssl = "no";
}
@@ -1687,6 +1702,7 @@ if ($use_openssl eq "yes") {
@@ -1709,6 +1724,7 @@ if ($use_openssl eq "yes") {
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
}
@ -2094,7 +2094,7 @@ index 27b00af..7e35d60 100644
$configcond{"OPENSSL"} = 1;
$configdefd{"CRYPTO"} = "OPENSSL";
$configvar{"OPENSSL_PATH"} = "$openssl_path";
@@ -2238,6 +2254,15 @@ if ($cookie_algorithm eq "sha1") {
@@ -2260,6 +2276,15 @@ if ($cookie_algorithm eq "sha1") {
die "Unrecognized cookie algorithm: $cookie_algorithm\n";
}
@ -2110,7 +2110,7 @@ index 27b00af..7e35d60 100644
# enable-openssl-hash
if ($enable_openssl_hash eq "yes") {
if ($use_openssl eq "no") {
@@ -3564,6 +3589,7 @@ exit 0;
@@ -3635,6 +3660,7 @@ exit 0;
# --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported
@ -2118,14 +2118,6 @@ index 27b00af..7e35d60 100644
# --enable-openssl-version-check included without a way to disable it
# --enable-openssl-hash supported
# --enable-threads included without a way to disable it
@@ -3589,6 +3615,7 @@ exit 0;
# --with-gost supported
# --with-aes supported
# --with-cc-alg supported
+# --with-randomdev not supported on WIN32 (makes no sense)
# --with-geoip supported
# --with-gssapi supported with MIT (K)erberos (f)or (W)indows
# --with-lmdb no supported on WIN32 (port is not reliable)
--
2.20.1