Update patches after rebase

This commit is contained in:
Petr Menšík 2020-03-27 12:30:39 +01:00
parent 78968700e2
commit 814547323e
11 changed files with 17 additions and 4616 deletions

View File

@ -1,4 +1,4 @@
From 83b889c238282b210f874a3ad81bb56299767495 Mon Sep 17 00:00:00 2001
From 2b0dce163a119f5f62eb4428b485f7575f321d6f Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Mon, 5 Aug 2019 11:54:03 +0200
Subject: [PATCH] Allow explicit disabling of autodisabled MD5
@ -9,16 +9,16 @@ RSAMD5 is included in security policy, it fails to start, because that
algorithm is not recognized. Allow it disabled, but fail on any
other usage.
---
bin/named/server.c | 4 ++--
lib/bind9/check.c | 4 ++++
lib/dns/rcode.c | 33 +++++++++++++++------------------
3 files changed, 21 insertions(+), 20 deletions(-)
bin/named/server.c | 4 ++--
lib/bind9/check.c | 4 ++++
lib/dns/rcode.c | 1 +
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/bin/named/server.c b/bin/named/server.c
index 5b57371..51702ab 100644
index ee23f10..22a5c01 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1547,12 +1547,12 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
@@ -1689,12 +1689,12 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
r.length = strlen(r.base);
result = dns_secalg_fromtext(&alg, &r);
@ -30,14 +30,14 @@ index 5b57371..51702ab 100644
}
- if (result != ISC_R_SUCCESS) {
+ if (result != ISC_R_SUCCESS && result != ISC_R_DISABLED) {
cfg_obj_log(cfg_listelt_value(element),
ns_g_lctx, ISC_LOG_ERROR,
"invalid algorithm");
cfg_obj_log(cfg_listelt_value(element), named_g_lctx,
ISC_LOG_ERROR, "invalid algorithm");
CHECK(result);
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index e0803d4..8023784 100644
index f49a346..dbf9ddb 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -302,6 +302,10 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) {
@@ -317,6 +317,10 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) {
r.length = strlen(r.base);
tresult = dns_secalg_fromtext(&alg, &r);
@ -49,18 +49,10 @@ index e0803d4..8023784 100644
cfg_obj_log(cfg_listelt_value(element), logctx,
ISC_LOG_ERROR, "invalid algorithm '%s'",
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index f51d548..c49b8d1 100644
index 327248e..78adf63 100644
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -126,7 +126,6 @@
#endif
#define SECALGNAMES \
- MD5_SECALGNAMES \
DH_SECALGNAMES \
DSA_SECALGNAMES \
{ DNS_KEYALG_ECC, "ECC", 0 }, \
@@ -178,6 +177,7 @@ static struct tbl rcodes[] = { RCODENAMES ERCODENAMES };
@@ -152,6 +152,7 @@ static struct tbl rcodes[] = { RCODENAMES ERCODENAMES };
static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES };
static struct tbl certs[] = { CERTNAMES };
static struct tbl secalgs[] = { SECALGNAMES };
@ -68,54 +60,6 @@ index f51d548..c49b8d1 100644
static struct tbl secprotos[] = { SECPROTONAMES };
static struct tbl hashalgs[] = { HASHALGNAMES };
static struct tbl dsdigests[] = { DSDIGESTNAMES };
@@ -358,33 +358,30 @@ dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
return (dns_mnemonic_totext(cert, target, certs));
}
-static inline struct tbl *
-secalgs_tbl_start() {
- struct tbl *algs = secalgs;
-
-#ifndef PK11_MD5_DISABLE
- if (!isc_md5_available()) {
- while (algs->name != NULL &&
- algs->value == DNS_KEYALG_RSAMD5)
- ++algs;
- }
-#endif
- return algs;
-}
-
isc_result_t
dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) {
unsigned int value;
+ isc_result_t result;
- RETERR(dns_mnemonic_fromtext(&value, source,
- secalgs_tbl_start(), 0xff));
+ result = dns_mnemonic_fromtext(&value, source,
+ secalgs, 0xff);
+ if (result != ISC_R_SUCCESS) {
+ result = dns_mnemonic_fromtext(&value, source,
+ md5_secalgs, 0xff);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ } else if (!isc_md5_available()) {
+ *secalgp = value;
+ return (ISC_R_DISABLED);
+ }
+ }
*secalgp = value;
return (ISC_R_SUCCESS);
}
isc_result_t
dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) {
- return (dns_mnemonic_totext(secalg, target, secalgs_tbl_start()));
+ return (dns_mnemonic_totext(secalg, target, secalgs));
}
void
--
2.20.1
2.21.1

View File

@ -1,50 +0,0 @@
From cb6d2019766a6c8c5516fd8859cedf0052f03293 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 25 Jul 2019 11:37:57 +0200
Subject: [PATCH] Skip support of jsoncpp
Bind cannot be compiled when jsoncpp-devel is installed. Remove support
for jsoncpp, use only json-c-devel. Bind 9.15 has already support for
--with-json-c, do not yet introduce it.
---
configure.ac | 17 ++---------------
1 file changed, 2 insertions(+), 15 deletions(-)
diff --git a/configure.ac b/configure.ac
index 6d05337..5ce83b5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2594,15 +2594,7 @@ case "$use_libjson" in
auto|yes)
for d in /usr /usr/local /opt/local
do
- if test -f "${d}/include/json/json.h"
- then
- if test ${d} != /usr
- then
- libjson_cflags="-I ${d}/include"
- LIBS="$LIBS -L${d}/lib"
- fi
- have_libjson="yes"
- elif test -f "${d}/include/json-c/json.h"
+ if test -f "${d}/include/json-c/json.h"
then
if test ${d} != /usr
then
@@ -2615,12 +2607,7 @@ case "$use_libjson" in
done
;;
*)
- if test -f "${use_libjson}/include/json/json.h"
- then
- libjson_cflags="-I${use_libjson}/include"
- LIBS="$LIBS -L${use_libjson}/lib"
- have_libjson="yes"
- elif test -f "${use_libjson}/include/json-c/json.h"
+ if test -f "${use_libjson}/include/json-c/json.h"
then
libjson_cflags="-I${use_libjson}/include"
LIBS="$LIBS -L${use_libjson}/lib"
--
2.20.1

View File

@ -1,47 +0,0 @@
From cb654ddde5953cab9dfde7173ea1ed14b51c3727 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sun, 22 Dec 2019 21:51:21 +0000
Subject: [PATCH] Merge branch
'1530-lib-dns-gen-c-29-26-fatal-error-isc-platform-h-no-such-file-or-directory-v9_11'
into 'v9_11'
Resolve "lib/dns/gen.c:29:26: fatal error: isc/platform.h: No such file or directory"
See merge request isc-projects/bind9!2794
(cherry picked from commit 335ab375d6a0227fb362722acad22f2a5b75d8b7)
---
lib/dns/gen.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/dns/gen.c b/lib/dns/gen.c
index 81bc7ada1d..5fbdc3bfd3 100644
--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@@ -26,18 +26,18 @@
#include <sys/types.h>
-#include <isc/platform.h>
-
#include <ctype.h>
+#include <errno.h>
#include <limits.h>
#include <stdint.h>
-#include <stdlib.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
-#include <errno.h>
-#include <limits.h>
+
+#ifndef PATH_MAX
+#define PATH_MAX 1024
+#endif
#ifdef WIN32
#include "gen-win32.h"
--
2.21.0

View File

@ -1,194 +0,0 @@
From 6010876e561b4345e569ffd11eaec9ea52725817 Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pzhukov@redhat.com>
Date: Wed, 24 Jul 2019 17:15:55 +0200
Subject: [PATCH] Detect system time jumps
In case if system time was changed backward it's possible to have ip
address dropped by the kernel due to lifetime expirity. Try to detect
this situation using either monotonic time or saved timestamp and execute
go_reboot() procedure to request lease extention
---
lib/isc/include/isc/result.h | 3 ++-
lib/isc/include/isc/util.h | 3 +++
lib/isc/result.c | 2 ++
lib/isc/unix/app.c | 39 +++++++++++++++++++++++++++++----
lib/isc/unix/include/isc/time.h | 20 +++++++++++++++++
lib/isc/unix/time.c | 22 +++++++++++++++++++
6 files changed, 84 insertions(+), 5 deletions(-)
diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h
index 0389efa..149cde5 100644
--- a/lib/isc/include/isc/result.h
+++ b/lib/isc/include/isc/result.h
@@ -89,7 +89,8 @@
#define ISC_R_DISCFULL 67 /*%< disc full */
#define ISC_R_DEFAULT 68 /*%< default */
#define ISC_R_IPV4PREFIX 69 /*%< IPv4 prefix */
-#define ISC_R_NRESULTS 70
+#define ISC_R_TIMESHIFTED 70 /*%< system time changed */
+#define ISC_R_NRESULTS 71
ISC_LANG_BEGINDECLS
diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h
index 973c348..8160dd3 100644
--- a/lib/isc/include/isc/util.h
+++ b/lib/isc/include/isc/util.h
@@ -289,6 +289,9 @@ extern void mock_assert(const int result, const char* const expression,
* Time
*/
#define TIME_NOW(tp) RUNTIME_CHECK(isc_time_now((tp)) == ISC_R_SUCCESS)
+#ifdef CLOCK_BOOTTIME
+#define TIME_MONOTONIC(tp) RUNTIME_CHECK(isc_time_boottime((tp)) == ISC_R_SUCCESS)
+#endif
/*%
* Alignment
diff --git a/lib/isc/result.c b/lib/isc/result.c
index a9db132..7c04831 100644
--- a/lib/isc/result.c
+++ b/lib/isc/result.c
@@ -105,6 +105,7 @@ static const char *description[ISC_R_NRESULTS] = {
"disc full", /*%< 67 */
"default", /*%< 68 */
"IPv4 prefix", /*%< 69 */
+ "time changed", /*%< 70 */
};
static const char *identifier[ISC_R_NRESULTS] = {
@@ -178,6 +179,7 @@ static const char *identifier[ISC_R_NRESULTS] = {
"ISC_R_DISCFULL",
"ISC_R_DEFAULT",
"ISC_R_IPV4PREFIX",
+ "ISC_R_TIMESHIFTED",
};
#define ISC_RESULT_RESULTSET 2
diff --git a/lib/isc/unix/app.c b/lib/isc/unix/app.c
index a6e9882..52eb3e0 100644
--- a/lib/isc/unix/app.c
+++ b/lib/isc/unix/app.c
@@ -442,15 +442,48 @@ isc__app_ctxonrun(isc_appctx_t *ctx0, isc_mem_t *mctx, isc_task_t *task,
static isc_result_t
evloop(isc__appctx_t *ctx) {
isc_result_t result;
+ isc_time_t now;
+#ifdef CLOCK_BOOTTIME
+ isc_time_t monotonic;
+ uint64_t diff = 0;
+#else
+ isc_time_t prev;
+ TIME_NOW(&prev);
+#endif
+
+
while (!ctx->want_shutdown) {
int n;
- isc_time_t when, now;
+ isc_time_t when;
struct timeval tv, *tvp;
isc_socketwait_t *swait;
bool readytasks;
bool call_timer_dispatch = false;
-
+ uint64_t us;
+
+#ifdef CLOCK_BOOTTIME
+ // TBD macros for following three lines
+ TIME_NOW(&now);
+ TIME_MONOTONIC(&monotonic);
+ INSIST(now.seconds > monotonic.seconds)
+ us = isc_time_microdiff (&now, &monotonic);
+ if (us < diff){
+ us = diff - us;
+ if (us > 1000000){ // ignoring shifts less than one second
+ return ISC_R_TIMESHIFTED;
+ };
+ diff = isc_time_microdiff (&now, &monotonic);
+ } else {
+ diff = isc_time_microdiff (&now, &monotonic);
+ // not implemented
+ }
+#else
+ TIME_NOW(&now);
+ if (isc_time_compare (&now, &prev) < 0)
+ return ISC_R_TIMESHIFTED;
+ TIME_NOW(&prev);
+#endif
/*
* Check the reload (or suspend) case first for exiting the
* loop as fast as possible in case:
@@ -475,8 +508,6 @@ evloop(isc__appctx_t *ctx) {
if (result != ISC_R_SUCCESS)
tvp = NULL;
else {
- uint64_t us;
-
TIME_NOW(&now);
us = isc_time_microdiff(&when, &now);
if (us == 0)
diff --git a/lib/isc/unix/include/isc/time.h b/lib/isc/unix/include/isc/time.h
index b864c29..5dd43c9 100644
--- a/lib/isc/unix/include/isc/time.h
+++ b/lib/isc/unix/include/isc/time.h
@@ -132,6 +132,26 @@ isc_time_isepoch(const isc_time_t *t);
*\li 't' is a valid pointer.
*/
+#ifdef CLOCK_BOOTTIME
+isc_result_t
+isc_time_boottime(isc_time_t *t);
+/*%<
+ * Set 't' to monotonic time from previous boot
+ * it's not affected by system time change. It also
+ * includes the time system was suspended
+ *
+ * Requires:
+ *\li 't' is a valid pointer.
+ *
+ * Returns:
+ *
+ *\li Success
+ *\li Unexpected error
+ * Getting the time from the system failed.
+ */
+#endif /* CLOCK_BOOTTIME */
+
+
isc_result_t
isc_time_now(isc_time_t *t);
/*%<
diff --git a/lib/isc/unix/time.c b/lib/isc/unix/time.c
index 8edc9df..fe0bb91 100644
--- a/lib/isc/unix/time.c
+++ b/lib/isc/unix/time.c
@@ -498,3 +498,25 @@ isc_time_formatISO8601ms(const isc_time_t *t, char *buf, unsigned int len) {
t->nanoseconds / NS_PER_MS);
}
}
+
+
+#ifdef CLOCK_BOOTTIME
+isc_result_t
+isc_time_boottime(isc_time_t *t) {
+ struct timespec ts;
+
+ char strbuf[ISC_STRERRORSIZE];
+
+ if (clock_gettime (CLOCK_BOOTTIME, &ts) != 0){
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ UNEXPECTED_ERROR(__FILE__, __LINE__, "%s", strbuf);
+ return (ISC_R_UNEXPECTED);
+ }
+
+ t->seconds = ts.tv_sec;
+ t->nanoseconds = ts.tv_nsec;
+
+ return (ISC_R_SUCCESS);
+
+};
+#endif
--
2.20.1

View File

@ -1,59 +0,0 @@
From 6257d829c9d7e71ac51bcdc6b5b981c7a19200e2 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 25 Nov 2019 05:46:55 +0000
Subject: [PATCH] Merge branch
'1373-threadsanitizer-data-race-rbtdb-c-5193-in-detachnode' into 'master'
Resolve "ThreadSanitizer: data race rbtdb.c:5193 in detachnode"
Closes #1373
See merge request isc-projects/bind9!2598
---
lib/dns/include/dns/rbt.h | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h
index 67ac3e4d8a..a084bd6193 100644
--- a/lib/dns/include/dns/rbt.h
+++ b/lib/dns/include/dns/rbt.h
@@ -49,10 +49,7 @@ ISC_LANG_BEGINDECLS
#define DNS_RBT_USEMAGIC 1
-/*
- * These should add up to 30.
- */
-#define DNS_RBT_LOCKLENGTH 10
+#define DNS_RBT_LOCKLENGTH (sizeof(((dns_rbtnode_t *)0)->locknum)*8)
#define DNS_RBT_REFLENGTH 20
#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O')
@@ -159,16 +156,15 @@ struct dns_rbtnode {
* separate region of memory.
*/
void *data;
- unsigned int :0; /* start of bitfields c/o node lock */
- unsigned int dirty:1;
- unsigned int wild:1;
- unsigned int locknum:DNS_RBT_LOCKLENGTH;
-#ifndef DNS_RBT_USEISCREFCOUNT
- unsigned int references:DNS_RBT_REFLENGTH;
-#endif
- unsigned int :0; /* end of bitfields c/o node lock */
+ uint8_t :0; /* start of bitfields c/o node lock */
+ uint8_t dirty:1;
+ uint8_t wild:1;
+ uint8_t :0; /* end of bitfields c/o node lock */
+ uint16_t locknum; /* note that this is not in the bitfield */
#ifdef DNS_RBT_USEISCREFCOUNT
- isc_refcount_t references; /* note that this is not in the bitfield */
+ isc_refcount_t references;
+#else
+ unsigned int references:DNS_RBT_REFLENGTH;
#endif
/*@}*/
};
--
2.21.0

View File

@ -1,159 +0,0 @@
From 638561615c37e8eace986e268811335c12d1b6a1 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Dec 2019 20:41:44 +1100
Subject: [PATCH] give zspill its own lock
(cherry picked from commit a52189e8e67a20097539fe3e6f7da4e4c01dc340)
---
lib/dns/resolver.c | 45 +++++++++++++++++++++++++++++----------------
1 file changed, 29 insertions(+), 16 deletions(-)
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 9f65c0596a..04367f82c6 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -460,20 +460,21 @@ struct dns_resolver {
isc_mutex_t lock;
isc_mutex_t nlock;
isc_mutex_t primelock;
+ isc_mutex_t zspill_lock;
dns_rdataclass_t rdclass;
isc_socketmgr_t * socketmgr;
isc_timermgr_t * timermgr;
isc_taskmgr_t * taskmgr;
dns_view_t * view;
- bool frozen;
+ bool frozen;
unsigned int options;
dns_dispatchmgr_t * dispatchmgr;
dns_dispatchset_t * dispatches4;
- bool exclusivev4;
+ bool exclusivev4;
dns_dispatchset_t * dispatches6;
isc_dscp_t querydscp4;
isc_dscp_t querydscp6;
- bool exclusivev6;
+ bool exclusivev6;
unsigned int nbuckets;
fctxbucket_t * buckets;
zonebucket_t * dbuckets;
@@ -492,7 +493,7 @@ struct dns_resolver {
unsigned int spillatmax;
unsigned int spillatmin;
isc_timer_t * spillattimer;
- bool zero_no_soa_ttl;
+ bool zero_no_soa_ttl;
unsigned int query_timeout;
unsigned int maxdepth;
unsigned int maxqueries;
@@ -502,14 +503,16 @@ struct dns_resolver {
unsigned int retryinterval; /* in milliseconds */
unsigned int nonbackofftries;
+ /* Locked by lock. */
+ unsigned int zspill; /* fetches-per-zone */
+
/* Locked by lock. */
unsigned int references;
- bool exiting;
+ bool exiting;
isc_eventlist_t whenshutdown;
unsigned int activebuckets;
- bool priming;
+ bool priming;
unsigned int spillat; /* clients-per-query */
- unsigned int zspill; /* fetches-per-zone */
dns_badcache_t * badcache; /* Bad cache. */
@@ -1257,7 +1260,7 @@ fcount_incr(fetchctx_t *fctx, bool force) {
isc_result_t result = ISC_R_SUCCESS;
zonebucket_t *dbucket;
fctxcount_t *counter;
- unsigned int bucketnum, spill;
+ unsigned int bucketnum;
REQUIRE(fctx != NULL);
REQUIRE(fctx->res != NULL);
@@ -1266,10 +1269,6 @@ fcount_incr(fetchctx_t *fctx, bool force) {
bucketnum = dns_name_fullhash(&fctx->domain, false)
% RES_DOMAIN_BUCKETS;
- LOCK(&fctx->res->lock);
- spill = fctx->res->zspill;
- UNLOCK(&fctx->res->lock);
-
dbucket = &fctx->res->dbuckets[bucketnum];
LOCK(&dbucket->lock);
@@ -1297,6 +1296,12 @@ fcount_incr(fetchctx_t *fctx, bool force) {
ISC_LIST_APPEND(dbucket->list, counter, link);
}
} else {
+ unsigned int spill;
+
+ LOCK(&fctx->res->zspill_lock);
+ spill = fctx->res->zspill;
+ UNLOCK(&fctx->res->zspill_lock);
+
if (!force && spill != 0 && counter->count >= spill) {
counter->dropped++;
fcount_logspill(fctx, counter);
@@ -8811,6 +8816,7 @@ destroy(dns_resolver_t *res) {
INSIST(res->nfctx == 0);
+ DESTROYLOCK(&res->zspill_lock);
DESTROYLOCK(&res->primelock);
DESTROYLOCK(&res->nlock);
DESTROYLOCK(&res->lock);
@@ -9089,10 +9095,14 @@ dns_resolver_create(dns_view_t *view,
if (result != ISC_R_SUCCESS)
goto cleanup_nlock;
+ result = isc_mutex_init(&res->zspill_lock);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_primelock;
+
task = NULL;
result = isc_task_create(taskmgr, 0, &task);
if (result != ISC_R_SUCCESS)
- goto cleanup_primelock;
+ goto cleanup_zspill_lock;
isc_task_setname(task, "resolver_task", NULL);
result = isc_timer_create(timermgr, isc_timertype_inactive, NULL, NULL,
@@ -9100,7 +9110,7 @@ dns_resolver_create(dns_view_t *view,
&res->spillattimer);
isc_task_detach(&task);
if (result != ISC_R_SUCCESS)
- goto cleanup_primelock;
+ goto cleanup_zspill_lock;
#if USE_ALGLOCK
result = isc_rwlock_init(&res->alglock, 0, 0);
@@ -9133,6 +9143,9 @@ dns_resolver_create(dns_view_t *view,
isc_timer_detach(&res->spillattimer);
#endif
+ cleanup_zspill_lock:
+ DESTROYLOCK(&res->zspill_lock);
+
cleanup_primelock:
DESTROYLOCK(&res->primelock);
@@ -10275,9 +10288,9 @@ dns_resolver_setfetchesperzone(dns_resolver_t *resolver, uint32_t clients)
{
REQUIRE(VALID_RESOLVER(resolver));
- LOCK(&resolver->lock);
+ LOCK(&resolver->zspill_lock);
resolver->zspill = clients;
- UNLOCK(&resolver->lock);
+ UNLOCK(&resolver->zspill_lock);
}
--
2.21.0

View File

@ -1,77 +0,0 @@
From 23a6775f62deeee63e9f7927be387fecf23a8074 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 10 Dec 2019 10:02:09 +0100
Subject: [PATCH] Ensure all zone_settimer() calls are done on locked zone
(cherry picked from commit cf48e8eb326f824170f2069e5d5c33992b1783a4)
(cherry picked from commit 3bac7e98074643ff62582545e5840e4195517b07)
---
lib/dns/zone.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index e8cff77588..db837aae50 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -10291,7 +10291,9 @@ zone_maintenance(dns_zone_t *zone) {
default:
break;
}
+ LOCK_ZONE(zone);
zone_settimer(zone, &now);
+ UNLOCK_ZONE(zone);
}
void
@@ -13081,6 +13083,7 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) {
isc_result_t result;
REQUIRE(DNS_ZONE_VALID(zone));
+ REQUIRE(LOCKED_ZONE(zone));
ENTER;
if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
@@ -18405,6 +18408,7 @@ zone_rekey(dns_zone_t *zone) {
UNLOCK_ZONE(zone);
}
+ LOCK_ZONE(zone);
isc_time_settoepoch(&zone->refreshkeytime);
/*
@@ -18416,11 +18420,9 @@ zone_rekey(dns_zone_t *zone) {
isc_time_t timethen;
isc_stdtime_t then;
- LOCK_ZONE(zone);
DNS_ZONE_TIME_ADD(&timenow, zone->refreshkeyinterval,
&timethen);
zone->refreshkeytime = timethen;
- UNLOCK_ZONE(zone);
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
@@ -18431,12 +18433,10 @@ zone_rekey(dns_zone_t *zone) {
continue;
DNS_ZONE_TIME_ADD(&timenow, then - now, &timethen);
- LOCK_ZONE(zone);
if (isc_time_compare(&timethen,
&zone->refreshkeytime) < 0) {
zone->refreshkeytime = timethen;
}
- UNLOCK_ZONE(zone);
}
zone_settimer(zone, &timenow);
@@ -18444,6 +18444,7 @@ zone_rekey(dns_zone_t *zone) {
isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80);
dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf);
}
+ UNLOCK_ZONE(zone);
done:
dns_diff_clear(&diff);
--
2.21.0

View File

@ -1,38 +0,0 @@
From 7e844b093b0442bdc5cdc5aefd56fdc05f9be88f Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Dec 2019 19:17:39 +1100
Subject: [PATCH] acquire task lock before calling push_readyq for task->flags
access
(cherry picked from commit 7c94d2cd7dfaa3f04cd86ad9ed97e8366a774a4c)
---
lib/isc/task.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/isc/task.c b/lib/isc/task.c
index 329604a465..f9c4354bd2 100644
--- a/lib/isc/task.c
+++ b/lib/isc/task.c
@@ -473,7 +473,9 @@ task_ready(isc__task_t *task) {
XTRACE("task_ready");
LOCK(&manager->lock);
+ LOCK(&task->lock);
push_readyq(manager, task);
+ UNLOCK(&task->lock);
#ifdef USE_WORKER_THREADS
if (manager->mode == isc_taskmgrmode_normal || has_privilege)
SIGNAL(&manager->work_available);
@@ -1263,7 +1265,9 @@ dispatch(isc__taskmgr_t *manager) {
* might even hurt rather than help.
*/
#ifdef USE_WORKER_THREADS
+ LOCK(&task->lock);
push_readyq(manager, task);
+ UNLOCK(&task->lock);
#else
ENQUEUE(new_ready_tasks, task, ready_link);
if ((task->flags & TASK_F_PRIVILEGED) != 0)
--
2.21.0

View File

@ -1,42 +0,0 @@
From 20848d8284951481051f6ebdeb8128c05c7e82e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Mon, 11 Nov 2019 16:56:52 +0100
Subject: [PATCH] Move stale_ttl from middle to the end
bind-dyndb-ldap is using rdataset structure. Do not modify its body,
move stale_ttl to the end. Make it binary compatible.
---
lib/dns/include/dns/rdataset.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h
index 97071ed496..a0c6afe624 100644
--- a/lib/dns/include/dns/rdataset.h
+++ b/lib/dns/include/dns/rdataset.h
@@ -137,11 +137,6 @@ struct dns_rdataset {
dns_rdataclass_t rdclass;
dns_rdatatype_t type;
dns_ttl_t ttl;
- /*
- * Stale ttl is used to see how long this RRset can still be used
- * to serve to clients, after the TTL has expired.
- */
- dns_ttl_t stale_ttl;
dns_trust_t trust;
dns_rdatatype_t covers;
@@ -178,6 +173,11 @@ struct dns_rdataset {
void * private7;
/*@}*/
+ /*
+ * Stale ttl is used to see how long this RRset can still be used
+ * to serve to clients, after the TTL has expired.
+ */
+ dns_ttl_t stale_ttl;
};
/*!
--
2.20.1

File diff suppressed because it is too large Load Diff

View File

@ -156,19 +156,9 @@ Patch164:bind-9.11-rh1666814.patch
Patch170:bind-9.11-feature-test-named.patch
Patch171:bind-9.11-tests-variants.patch
Patch172:bind-9.11-tests-pkcs11.patch
Patch173:bind-9.11-rh1732883.patch
# Make sure jsonccp-devel does not interfere
Patch174:bind-9.11-json-c.patch
Patch175:bind-9.11-fips-disable.patch
#Patch175:bind-9.11-fips-disable.patch
#Patch176: bind-9.11-unit-dnstap-pkcs11.patch
Patch177: bind-9.11-serve-stale.patch
Patch178: bind-9.11-serve-stale-dbfix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1736762
Patch183: bind-9.11-rh1736762-5.patch
Patch184: bind-9.11-rh1736762-6.patch
Patch185: bind-9.11-rh1736762-7.patch
Patch186: bind-9.11-rh1736762-8.patch
Patch187: bind-9.11-oot-gen.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -567,18 +557,9 @@ are used for building ISC DHCP.
%patch170 -p1 -b .featuretest-named
%patch171 -p1 -b .test-variant
%patch172 -p1 -b .test-pkcs11
%patch173 -p1 -b .rh1732883
#%patch174 -p1 -b .unit-timer
%patch174 -p1 -b .json-c
%patch175 -p1 -b .rh1709553
#%patch175 -p1 -b .rh1709553
#%patch176 -p1 -b .unit-dnstap
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .rh1770492
%patch183 -p1 -b .rh1736762-5
%patch184 -p1 -b .rh1736762-6
%patch185 -p1 -b .rh1736762-7
%patch186 -p1 -b .rh1736762-8
%patch187 -p1 -b .oot-gen
%if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11