rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update to 9.11.22

Browse Source 
https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html
This commit is contained in:
Petr Menšík 2020-08-21 10:28:16 +02:00
parent 2dfc59bcef
commit 745f43ac05
6 changed files with 154 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -112,3 +112,5 @@ bind-9.7.2b1.tar.gz
/bind-9.11.20.tar.gz.asc
/bind-9.11.21.tar.gz
/bind-9.11.21.tar.gz.asc
/bind-9.11.22.tar.gz
/bind-9.11.22.tar.gz.asc

131
bind-9.11-fips-tests.patch
View File

@ -1,4 +1,4 @@
From c23daf334d5487fa53fef88c82312e439a2d8523 Mon Sep 17 00:00:00 2001
From da45a97312a63f815b295167c3f3abb9fe8941a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -80,7 +80,7 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/digdelv/tests.sh | 20 +++---
bin/tests/system/dlv/ns1/sign.sh | 4 +-
bin/tests/system/dlv/ns2/sign.sh | 4 +-
bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++---------
bin/tests/system/dlv/ns6/sign.sh | 66 ++++++++++---------
bin/tests/system/dnssec/ns2/sign.sh | 8 +--
bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +-
bin/tests/system/dnssec/tests.sh | 4 +-
@ -92,18 +92,17 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
bin/tests/system/nsupdate/setup.sh | 7 +-
bin/tests/system/nsupdate/tests.sh | 11 ++-
bin/tests/system/nsupdate/tests.sh | 11 +++-
bin/tests/system/rndc/setup.sh | 2 +-
bin/tests/system/rndc/tests.sh | 23 ++++---
bin/tests/system/tsig/clean.sh | 1 +
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
bin/tests/system/tsig/setup.sh | 5 ++
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
bin/tests/system/tsig/tests.sh | 65 +++++++++++-------
bin/tests/system/tsiggss/setup.sh | 2 +-
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +-
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
45 files changed, 232 insertions(+), 171 deletions(-)
44 files changed, 230 insertions(+), 170 deletions(-)
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
@ -563,10 +562,10 @@ index 21be03e..e57c308 100644
};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 9ab35b3..486551a 100644
index 09d188a..7cf4030 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -153,6 +153,6 @@ dyndb "name" "library.so" {
@@ -159,6 +159,6 @@ dyndb "name" "library.so" {
system;
};
key "mykey" {
@ -601,10 +600,10 @@ index f4e30f5..9f53e31 100644
; TTL of 3 weeks
weeks 1814400 A 10.53.0.2
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index ade45ce..d3aff24 100644
index 3d1010e..fa9eb92 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then
@@ -155,7 +155,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +rrcomments works for DNSKEY($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -613,7 +612,7 @@ index ade45ce..d3aff24 100644
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -115,7 +115,7 @@ if [ -x "$DIG" ] ; then
@@ -164,7 +164,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +rrcomments works for DNSKEY ($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -622,7 +621,7 @@ index ade45ce..d3aff24 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -123,7 +123,7 @@ if [ -x "$DIG" ] ; then
@@ -172,7 +172,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +nosplit works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -631,7 +630,7 @@ index ade45ce..d3aff24 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -131,7 +131,7 @@ if [ -x "$DIG" ] ; then
@@ -180,7 +180,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +rrcomments works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -640,7 +639,7 @@ index ade45ce..d3aff24 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -148,7 +148,7 @@ if [ -x "$DIG" ] ; then
@@ -197,7 +197,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +short +rrcomments works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -649,7 +648,7 @@ index ade45ce..d3aff24 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -695,7 +695,7 @@ if [ -x ${DELV} ] ; then
@@ -799,7 +799,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +rrcomments works for DNSKEY($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -658,7 +657,7 @@ index ade45ce..d3aff24 100644
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then
@@ -808,7 +808,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -667,7 +666,7 @@ index ade45ce..d3aff24 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -712,7 +712,7 @@ if [ -x ${DELV} ] ; then
@@ -816,7 +816,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -676,7 +675,7 @@ index ade45ce..d3aff24 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -720,7 +720,7 @@ if [ -x ${DELV} ] ; then
@@ -824,7 +824,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -685,7 +684,7 @@ index ade45ce..d3aff24 100644
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 14 || ret=1
@@ -731,7 +731,7 @@ if [ -x ${DELV} ] ; then
@@ -835,7 +835,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -912,7 +911,7 @@ index 1e39862..4ed19ac 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index 13fb924..1ffa279 100644
index 7f95c8a..3a9251b 100644
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
@ -956,10 +955,10 @@ index ed30460..e6b1126 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
};
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index b31c1b4..a5e237b 100644
index 6f7eaa7..bd2778b 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3235,8 +3235,8 @@ do
@@ -3257,8 +3257,8 @@ do
alg=`expr $alg + 1`
continue;;
3) size="-b 512";;
@ -1065,7 +1064,7 @@ index cfcfe8f..0a1614d 100644
};
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
index 1f6e6d0..c08bd25 100644
index c112d2c..987b6de 100644
--- a/bin/tests/system/notify/tests.sh
+++ b/bin/tests/system/notify/tests.sh
@@ -212,16 +212,16 @@ ret=0
@ -1089,7 +1088,7 @@ index 1f6e6d0..c08bd25 100644
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index 1d999ad..26b6b7c 100644
index e90907a..540a984 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -32,7 +32,7 @@ controls {
@ -1115,10 +1114,10 @@ index 4549184..cb7dccd 100644
};
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index 21805c5..0d3d85c 100644
index a35b8ee..8383162 100644
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -58,7 +58,12 @@ EOF
@@ -53,7 +53,12 @@ EOF
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
@ -1133,10 +1132,10 @@ index 21805c5..0d3d85c 100644
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 4da4849..b3bc807 100755
index 14952c8..5c51972 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -708,7 +708,14 @@ fi
@@ -760,7 +760,14 @@ fi
n=`expr $n + 1`
ret=0
echo_i "check TSIG key algorithms ($n)"
@ -1152,7 +1151,7 @@ index 4da4849..b3bc807 100755
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 ${PORT}
update add ${alg}.keytests.nil. 600 A 10.10.10.3
@@ -716,7 +723,7 @@ send
@@ -768,7 +775,7 @@ send
END
done
sleep 2
@ -1162,10 +1161,10 @@ index 4da4849..b3bc807 100755
done
if [ $ret -ne 0 ]; then
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
index 343869e..c30efb0 100644
index 8521ff8..565a1d7 100644
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@@ -37,7 +37,7 @@ make_key () {
@@ -35,7 +35,7 @@ make_key () {
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
}
@ -1208,15 +1207,6 @@ index 57e066d..186a723 100644
n=`expr $n + 1`
echo_i "testing rndc with hmac-sha1 ($n)"
diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh
index 576ec70..cb7a852 100644
--- a/bin/tests/system/tsig/clean.sh
+++ b/bin/tests/system/tsig/clean.sh
@@ -20,3 +20,4 @@ rm -f */named.run
rm -f ns*/named.lock
rm -f Kexample.net.+163+*
rm -f keygen.out?
+rm -f ns1/named.conf
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
index fbf30c6..f61657d 100644
--- a/bin/tests/system/tsig/ns1/named.conf.in
@ -1245,11 +1235,27 @@ index fbf30c6..f61657d 100644
key "sha1-trunc" {
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
new file mode 100644
index 0000000..0682194
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
@@ -0,0 +1,10 @@
+# Conditionally included when support for MD5 is available
+key "md5" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5;
+};
+
+key "md5-trunc" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5-80;
+};
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
index 4dd4a25..aa0f966 100644
index 9a8ab2e..1311689 100644
--- a/bin/tests/system/tsig/setup.sh
+++ b/bin/tests/system/tsig/setup.sh
@@ -17,3 +17,8 @@ $SHELL clean.sh
@@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
copy_setports ns1/named.conf.in ns1/named.conf
test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
@ -1259,7 +1265,7 @@ index 4dd4a25..aa0f966 100644
+ cat ns1/rndc5.conf.in >> ns1/named.conf
+fi
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
index f731fa6..cade35b 100644
index 526dbca..bf359a4 100644
--- a/bin/tests/system/tsig/tests.sh
+++ b/bin/tests/system/tsig/tests.sh
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
@ -1273,13 +1279,6 @@ index f731fa6..cade35b 100644
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=1
-fi
-
-echo_i "fetching using hmac-md5 (new form)"
-ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=1
+if $FEATURETEST --md5
+then
+ echo_i "fetching using hmac-md5 (old form)"
@ -1289,7 +1288,13 @@ index f731fa6..cade35b 100644
+ if [ $ret -eq 1 ] ; then
+ echo_i "failed"; status=1
+ fi
+
-echo_i "fetching using hmac-md5 (new form)"
-ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=1
+ echo_i "fetching using hmac-md5 (new form)"
+ ret=0
+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
@ -1351,10 +1356,10 @@ index f731fa6..cade35b 100644
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
index 0d21c7b..dbcb7b4 100644
index 49510b4..8d8bb2a 100644
--- a/bin/tests/system/tsiggss/setup.sh
+++ b/bin/tests/system/tsiggss/setup.sh
@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
@@ -16,5 +16,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
copy_setports ns1/named.conf.in ns1/named.conf
@ -1387,22 +1392,6 @@ index b0694bb..9adae82 100644
server 10.53.0.3 ${PORT}
update add updated.example. 600 A 10.10.10.1
update add updated.example. 600 TXT Foo
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
new file mode 100644
index 0000000..0682194
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
@@ -0,0 +1,10 @@
+# Conditionally included when support for MD5 is available
+key "md5" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5;
+};
+
+key "md5-trunc" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5-80;
+};
--
2.20.1
2.26.2

46
bind-9.11-rt46047.patch
View File

@ -1,4 +1,4 @@
From 344c19ad4b3f058e65a4b41650bb0ee20692cc5c Mon Sep 17 00:00:00 2001
From 8a064944dc10421a387725a365650d656d2a97f1 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 28 Sep 2017 10:09:22 -0700
Subject: [PATCH] completed and corrected the crypto-random change
@ -142,7 +142,7 @@ index 5654435..24c0d5a 100644
usekeyboard);
diff --git a/bin/named/client.c b/bin/named/client.c
index 9a0d3c8..c573177 100644
index f4a5ff9..58549d3 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
@ -156,7 +156,7 @@ index 9a0d3c8..c573177 100644
compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
diff --git a/bin/named/config.c b/bin/named/config.c
index dbdff64..63da4b0 100644
index eef8181..ff868b8 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -98,7 +98,9 @@ options {\n\
@ -267,10 +267,10 @@ index 203f1e6..25eeced 100644
#include <isc/serial.h>
#include <isc/stats.h>
diff --git a/bin/named/server.c b/bin/named/server.c
index f27071f..f132c19 100644
index 7b3b736..4aaa92f 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8210,21 +8210,32 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8234,21 +8234,32 @@ load_configuration(const char *filename, ns_server_t *server,
* Open the source of entropy.
*/
if (first_time) {
@ -312,7 +312,7 @@ index f27071f..f132c19 100644
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
level = ISC_LOG_INFO;
@@ -8235,8 +8246,8 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8259,8 +8270,8 @@ load_configuration(const char *filename, ns_server_t *server,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
level,
@ -323,7 +323,7 @@ index f27071f..f132c19 100644
randomdev,
isc_result_totext(result));
}
@@ -8256,7 +8267,6 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8280,7 +8291,6 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -331,7 +331,7 @@ index f27071f..f132c19 100644
#endif
}
@@ -9025,6 +9035,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9049,6 +9059,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->in_roothints = NULL;
server->blackholeacl = NULL;
server->keepresporder = NULL;
@ -339,7 +339,7 @@ index f27071f..f132c19 100644
/* Must be first. */
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
@@ -9051,6 +9062,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9075,6 +9086,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
@ -349,7 +349,7 @@ index f27071f..f132c19 100644
/*
* Setup the server task, which is responsible for coordinating
@@ -9257,7 +9271,8 @@ ns_server_destroy(ns_server_t **serverp) {
@@ -9281,7 +9295,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr);
@ -359,7 +359,7 @@ index f27071f..f132c19 100644
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@@ -13263,10 +13278,10 @@ newzone_cfgctx_destroy(void **cfgp) {
@@ -13316,10 +13331,10 @@ newzone_cfgctx_destroy(void **cfgp) {
static isc_result_t
generate_salt(unsigned char *salt, size_t saltlen) {
@ -372,7 +372,7 @@ index f27071f..f132c19 100644
} rnd;
unsigned char text[512 + 1];
isc_region_t r;
@@ -13276,9 +13291,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
@@ -13329,9 +13344,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
if (saltlen > 256U)
return (ISC_R_RANGE);
@ -387,10 +387,10 @@ index f27071f..f132c19 100644
memmove(salt, rnd.rnd, saltlen);
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 0286987..0376377 100644
index 2436731..6f59456 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -283,9 +283,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -284,9 +284,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
}
#ifdef ISC_PLATFORM_CRYPTORANDOM
@ -455,22 +455,22 @@ index 2146f9b..64b8e74 100644
}
#endif
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 93c7a08..bb1e81d 100644
index 1da0565..7eef5b2 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -5081,22 +5081,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -5034,22 +5034,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<term><command>random-device</command></term>
<listitem>
<para>
- The source of entropy to be used by the server. Entropy is
- This specifies a source of entropy to be used by the server. Entropy is
- primarily needed
- for DNSSEC operations, such as TKEY transactions and dynamic
- update of signed
- zones. This options specifies the device (or file) from which
- zones. This option specifies the device (or file) from which
- to read
- entropy. If this is a file, operations requiring entropy will
- entropy. If it is a file, operations requiring entropy will
- fail when the
- file has been exhausted. If not specified, the default value
- file has been exhausted. If <command>random-device</command> is not specified, the default value
- is
- <filename>/dev/random</filename>
- (or equivalent) when present, and none otherwise. The
@ -569,10 +569,10 @@ index 0000000..89a4961
+</section>
+
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 589a347..052a0bd 100644
index adffaa0..2ffe344 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -40,6 +40,7 @@
@@ -45,6 +45,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/>
@ -785,5 +785,5 @@ index 1c45d5c..91693b5 100644
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reserved-sockets", &cfg_type_uint32, 0 },
--
2.21.1
2.26.2

119
bind-9.11-serve-stale.patch
View File

@ -1,4 +1,4 @@
From 521fc8dcc0ac064ae8bc521418f5b03f0ceec657 Mon Sep 17 00:00:00 2001
From 5400119bfb19243b37e4f4f27baad4f610fff8da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 7 Nov 2019 14:31:03 +0100
Subject: [PATCH] Implement serve-stale in 9.11
@ -240,7 +240,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
bin/tests/system/serve-stale/prereq.sh | 38 ++
bin/tests/system/serve-stale/setup.sh | 13 +
bin/tests/system/serve-stale/tests.sh | 536 ++++++++++++++++++
doc/arm/Bv9ARM-book.xml | 69 ++-
doc/arm/Bv9ARM-book.xml | 77 ++-
doc/arm/logging-categories.xml | 11 +
doc/arm/notes-rh-changes.xml | 14 +-
doc/misc/options | 10 +
@ -263,7 +263,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
lib/dns/tests/db_test.c | 198 ++++++-
lib/dns/view.c | 3 +
lib/isccfg/namedconf.c | 5 +
48 files changed, 2122 insertions(+), 102 deletions(-)
48 files changed, 2126 insertions(+), 106 deletions(-)
create mode 100644 bin/tests/system/serve-stale/.gitignore
create mode 100644 bin/tests/system/serve-stale/ans2/ans.pl.in
create mode 100644 bin/tests/system/serve-stale/clean.sh
@ -276,7 +276,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
create mode 100755 bin/tests/system/serve-stale/tests.sh
diff --git a/bin/named/config.c b/bin/named/config.c
index 63da4b0..b598f9b 100644
index ff868b8..f23bed1 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -182,13 +182,14 @@ options {\n\
@ -733,7 +733,7 @@ index 25eeced..162e4ea 100644
(!PARTIALANSWER(client) || WANTRECURSION(client)
|| eresult == DNS_R_DROP)) {
diff --git a/bin/named/server.c b/bin/named/server.c
index 1f23cf0..1fa836f 100644
index 1cbb9a0..0c899ba 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1720,7 +1720,8 @@ static bool
@ -843,7 +843,7 @@ index 1f23cf0..1fa836f 100644
/*
* Set supported DNSSEC algorithms.
*/
@@ -14456,3 +14500,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
@@ -14509,3 +14553,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
return (ISC_R_NOTIMPLEMENTED);
#endif
}
@ -994,7 +994,7 @@ index 4b8d972..8c68737 100644
/* Initialize resolver statistics */
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 8083654..d519983 100644
index 1b48861..f50635b 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -160,6 +160,8 @@ command is one of the following:\n\
@ -1052,7 +1052,7 @@ index f3f1939..9ff3f07 100644
+ exit 1
+fi
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 22749b9..a247fd5 100644
index 4c122c8..a2eb833 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \
@ -2039,10 +2039,10 @@ index 0000000..201c996
+echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index bb1e81d..6dbbfad 100644
index 7eef5b2..b16b239 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4381,6 +4381,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -4336,6 +4336,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
statement in the <filename>named.conf</filename> file:
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="options.grammar.xml"/>
@ -2052,7 +2052,7 @@ index bb1e81d..6dbbfad 100644
</section>
<section xml:id="options"><info><title><command>options</command> Statement Definition and
@@ -4474,6 +4477,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -4429,6 +4432,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<command>dnssec-validation</command>,
<command>max-cache-ttl</command>,
<command>max-ncache-ttl</command>,
@ -2060,7 +2060,7 @@ index bb1e81d..6dbbfad 100644
<command>max-cache-size</command>, and
<command>zero-no-soa-ttl</command>.
</para>
@@ -5485,7 +5489,6 @@ options {
@@ -5438,7 +5442,6 @@ options {
</listitem>
</varlistentry>
@ -2068,7 +2068,7 @@ index bb1e81d..6dbbfad 100644
<varlistentry>
<term><command>max-zone-ttl</command></term>
<listitem>
@@ -5521,6 +5524,21 @@ options {
@@ -5474,6 +5477,21 @@ options {
</listitem>
</varlistentry>
@ -2090,7 +2090,7 @@ index bb1e81d..6dbbfad 100644
<varlistentry>
<term><command>serial-update-method</command></term>
<listitem>
@@ -6280,6 +6298,22 @@ options {
@@ -6227,6 +6245,22 @@ options {
</listitem>
</varlistentry>
@ -2113,31 +2113,34 @@ index bb1e81d..6dbbfad 100644
<varlistentry>
<term><command>nocookie-udp-size</command></term>
<listitem>
@@ -7501,14 +7535,20 @@ options {
@@ -7448,13 +7482,19 @@ options {
<term><command>resolver-query-timeout</command></term>
<listitem>
<para>
- The amount of time in seconds that the resolver
+ The amount of time in milliseconds that the resolver
will spend attempting to resolve a recursive
query before failing. The default and minimum
- This is the amount of time in seconds that the
- resolver spends attempting to resolve a recursive
- query before failing. The default and minimum
- is <literal>10</literal> and the maximum is
- <literal>30</literal>. Setting it to
- <literal>0</literal> results in the default
- being used.
+ The amount of time in milliseconds that the resolver
+ will spend attempting to resolve a recursive
+ query before failing. The default and minimum
+ is <literal>10000</literal> and the maximum is
+ <literal>30000</literal>. Setting it to
<literal>0</literal> will result in the default
being used.
</para>
+ <literal>0</literal> will result in the default
+ being used.
+ </para>
+ <para>
+ This value was originally specified in seconds.
+ Values less than or equal to 300 will be be treated
+ as seconds and converted to milliseconds before
+ applying the above limits.
+ </para>
</para>
</listitem>
</varlistentry>
</variablelist>
@@ -8994,6 +9034,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
@@ -8928,6 +8968,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
@ -2166,7 +2169,7 @@ index bb1e81d..6dbbfad 100644
<term><command>min-roots</command></term>
<listitem>
diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml
index 181def7..59f6afb 100644
index e41bd3b..2f505c8 100644
--- a/doc/arm/logging-categories.xml
+++ b/doc/arm/logging-categories.xml
@@ -311,6 +311,17 @@
@ -2869,7 +2872,7 @@ index 567e8a8..7bf2b60 100644
* Functions.
*/
diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
index c849dec..647ca2a 100644
index 09a9725..8e3b3cb 100644
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@@ -229,6 +229,9 @@ struct dns_view {
@ -2979,7 +2982,7 @@ index 13d1a3e..873b694 100644
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_buffer_usedregion(&buffer, &r);
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 02f2c84..fda991d 100644
index baf7641..a8f4609 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
@ -3155,7 +3158,7 @@ index 02f2c84..fda991d 100644
/*
* Caller must be holding the node lock.
*/
@@ -3313,6 +3406,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
@@ -3318,6 +3411,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
rdataset->attributes |= DNS_RDATASETATTR_OPTOUT;
if (PREFETCH(header))
rdataset->attributes |= DNS_RDATASETATTR_PREFETCH;
@ -3168,7 +3171,7 @@ index 02f2c84..fda991d 100644
rdataset->private1 = rbtdb;
rdataset->private2 = node;
raw = (unsigned char *)header + sizeof(*header);
@@ -4653,6 +4752,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4674,6 +4773,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
#endif
if (!ACTIVE(header, search->now)) {
@ -3188,7 +3191,7 @@ index 02f2c84..fda991d 100644
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we mark
@@ -4692,7 +4804,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4713,7 +4825,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
node->data = header->next;
free_rdataset(search->rbtdb, mctx, header);
} else {
@ -3197,7 +3200,7 @@ index 02f2c84..fda991d 100644
*header_prev = header;
}
} else
@@ -5130,7 +5242,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
@@ -5154,7 +5266,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
&locktype, lock, &search,
&header_prev)) {
/* Do nothing. */
@ -3206,7 +3209,7 @@ index 02f2c84..fda991d 100644
/*
* We now know that there is at least one active
* non-stale rdataset at this node.
@@ -5608,7 +5720,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5637,7 +5749,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
* refcurrent(rbtnode) must be non-zero. This is so
* because 'node' is an argument to the function.
*/
@ -3215,7 +3218,7 @@ index 02f2c84..fda991d 100644
if (log)
isc_log_write(dns_lctx, category, module,
level, "overmem cache: stale %s",
@@ -5616,7 +5728,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5645,7 +5757,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
} else if (force_expire) {
if (! RETAIN(header)) {
set_ttl(rbtdb, header, 0);
@ -3224,7 +3227,7 @@ index 02f2c84..fda991d 100644
} else if (log) {
isc_log_write(dns_lctx, category, module,
level, "overmem cache: "
@@ -5873,9 +5985,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
@@ -5904,9 +6016,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
* non-zero. This is so because 'node' is an
* argument to the function.
*/
@ -3236,7 +3239,7 @@ index 02f2c84..fda991d 100644
if (header->type == matchtype)
found = header;
else if (header->type == RBTDB_RDATATYPE_NCACHEANY ||
@@ -6167,7 +6279,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6206,7 +6318,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
topheader = topheader->next)
{
set_ttl(rbtdb, topheader, 0);
@ -3245,7 +3248,7 @@ index 02f2c84..fda991d 100644
}
goto find_header;
}
@@ -6225,7 +6337,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6267,7 +6379,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* ncache entry.
*/
set_ttl(rbtdb, topheader, 0);
@ -3254,7 +3257,7 @@ index 02f2c84..fda991d 100644
topheader = NULL;
goto find_header;
}
@@ -6263,8 +6375,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6305,8 +6417,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
/*
@ -3268,7 +3271,7 @@ index 02f2c84..fda991d 100644
*/
if (rbtversion == NULL && trust < header->trust &&
(ACTIVE(header, now) || header_nx)) {
@@ -6293,6 +6408,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6336,6 +6451,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
if ((options & DNS_DBADD_EXACT) != 0)
flags |= DNS_RDATASLAB_EXACT;
@ -3279,7 +3282,7 @@ index 02f2c84..fda991d 100644
if ((options & DNS_DBADD_EXACTTTL) != 0 &&
newheader->rdh_ttl != header->rdh_ttl)
result = DNS_R_NOTEXACT;
@@ -6336,11 +6455,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6379,11 +6498,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
}
/*
@ -3297,7 +3300,7 @@ index 02f2c84..fda991d 100644
*/
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
@@ -6511,10 +6631,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6556,10 +6676,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
changed->dirty = true;
if (rbtversion == NULL) {
set_ttl(rbtdb, header, 0);
@ -3310,7 +3313,7 @@ index 02f2c84..fda991d 100644
}
}
if (rbtversion != NULL && !header_nx) {
@@ -8331,6 +8451,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
@@ -8410,6 +8530,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
return (result);
}
@ -3341,7 +3344,7 @@ index 02f2c84..fda991d 100644
static dns_dbmethods_t zone_methods = {
attach,
detach,
@@ -8376,7 +8520,9 @@ static dns_dbmethods_t zone_methods = {
@@ -8455,7 +8599,9 @@ static dns_dbmethods_t zone_methods = {
NULL,
hashsize,
nodefullname,
@ -3352,7 +3355,7 @@ index 02f2c84..fda991d 100644
};
static dns_dbmethods_t cache_methods = {
@@ -8424,7 +8570,9 @@ static dns_dbmethods_t cache_methods = {
@@ -8503,7 +8649,9 @@ static dns_dbmethods_t cache_methods = {
setcachestats,
hashsize,
nodefullname,
@ -3363,7 +3366,7 @@ index 02f2c84..fda991d 100644
};
isc_result_t
@@ -8695,7 +8843,7 @@ dns_rbtdb_create
@@ -8774,7 +8922,7 @@ dns_rbtdb_create
rbtdb->rpzs = NULL;
rbtdb->load_rpzs = NULL;
rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;
@ -3372,7 +3375,7 @@ index 02f2c84..fda991d 100644
/*
* Version Initialization.
*/
@@ -9113,7 +9261,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
@@ -9192,7 +9340,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
* rdatasets to work.
*/
if (NONEXISTENT(header) ||
@ -3382,7 +3385,7 @@ index 02f2c84..fda991d 100644
header = NULL;
break;
} else
@@ -10322,7 +10471,7 @@ static inline bool
@@ -10401,7 +10550,7 @@ static inline bool
need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {
if ((header->attributes &
(RDATASET_ATTR_NONEXISTENT |
@ -3391,7 +3394,7 @@ index 02f2c84..fda991d 100644
RDATASET_ATTR_ZEROTTL)) != 0)
return (false);
@@ -10428,7 +10577,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
@@ -10507,7 +10656,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
bool tree_locked, expire_t reason)
{
set_ttl(rbtdb, header, 0);
@ -3401,7 +3404,7 @@ index 02f2c84..fda991d 100644
/*
* Caller must hold the node (write) lock.
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 337a2f3..24e14d2 100644
index f7f73cd..7a77bde 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -141,16 +141,17 @@
@ -3434,7 +3437,7 @@ index 337a2f3..24e14d2 100644
#endif
/* The default maximum number of recursions to follow before giving up. */
@@ -515,6 +516,11 @@ struct dns_resolver {
@@ -523,6 +524,11 @@ struct dns_resolver {
dns_fetch_t * primefetch;
/* Locked by nlock. */
unsigned int nfctx;
@ -3446,7 +3449,7 @@ index 337a2f3..24e14d2 100644
};
#define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
@@ -1625,14 +1631,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
@@ -1633,14 +1639,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
unsigned int seconds;
unsigned int us;
@ -3465,7 +3468,7 @@ index 337a2f3..24e14d2 100644
/*
* Add a fudge factor to the expected rtt based on the current
@@ -4494,7 +4498,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
@@ -4518,7 +4522,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
/*
* Compute an expiration time for the entire fetch.
*/
@ -3475,7 +3478,7 @@ index 337a2f3..24e14d2 100644
iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
if (iresult != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -8983,6 +8988,8 @@ dns_resolver_create(dns_view_t *view,
@@ -9005,6 +9010,8 @@ dns_resolver_create(dns_view_t *view,
res->spillattimer = NULL;
res->zspill = 0;
res->zero_no_soa_ttl = false;
@ -3484,7 +3487,7 @@ index 337a2f3..24e14d2 100644
res->query_timeout = DEFAULT_QUERY_TIMEOUT;
res->maxdepth = DEFAULT_RECURSION_DEPTH;
res->maxqueries = DEFAULT_MAX_QUERIES;
@@ -10317,17 +10324,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
@@ -10339,17 +10346,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
}
void
@ -3513,7 +3516,7 @@ index 337a2f3..24e14d2 100644
}
void
@@ -10424,3 +10434,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
@@ -10446,3 +10456,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
return (resolver->quotaresp[which]);
}
@ -3549,10 +3552,10 @@ index 337a2f3..24e14d2 100644
+ resolver->nonbackofftries = tries;
+}
diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
index d4c8c67..ee9be79 100644
index 8afaa52..b370e05 100644
--- a/lib/dns/sdb.c
+++ b/lib/dns/sdb.c
@@ -1368,7 +1368,9 @@ static dns_dbmethods_t sdb_methods = {
@@ -1370,7 +1370,9 @@ static dns_dbmethods_t sdb_methods = {
NULL, /* setcachestats */
NULL, /* hashsize */
NULL, /* nodefullname */
@ -3855,5 +3858,5 @@ index 91693b5..5771774 100644
{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP },
{ "transfer-format", &cfg_type_transferformat, 0 },
--
2.21.1
2.26.2

9
bind.spec
View File

@ -60,15 +60,15 @@
# lib*.so.X versions of selected libraries
%global sover_dns 1110
%global sover_isc 1105
%global sover_isc 1107
%global sover_irs 161
%global sover_isccfg 163
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.11.21
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Version: 9.11.22
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -1641,6 +1641,9 @@ fi;
%endif
%changelog
* Thu Aug 20 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.22-1
- Update to 9.11.22
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.21-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.21.tar.gz) = d807c6fdc2ab46f14f0f72db2d991166e7fe1d37b6f458256b4e25de1fd5c5291c2338e407733388e0fa49da447941db1323a1b6fead813134101d2d5c331064
SHA512 (bind-9.11.21.tar.gz.asc) = 172c7c21f6f17f7e8c421b8f09f4da6bf907ce39c5da564d0f731fd262e265cb26b0f95c907d473cc17ff8c0b2f37d32df8371dd7d0992ca3633b557f325502a
SHA512 (bind-9.11.22.tar.gz) = 8ed2ed661b87705bbb7ddde3076a132b4e53971d669600997abfa104404e0c8b4bf04cc04c6be1c2c701123db5e0d4645ab797e5a985a18f5a1d68824a3df3ed
SHA512 (bind-9.11.22.tar.gz.asc) = 009c2035f8ed992771b863369f480575e91b2dbaad50fbfd5322cd8761bf4dced0870c448375ad746271717b6847012a2ba5f9dcc862f63c05ff6b1fcd77885f