rpms/bind
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Update patches to 9.11.10

Browse Source
This commit is contained in:
Petr Menšík 2019-08-27 10:52:49 +02:00
parent 72f1dad845
commit 843e5f5094
3 changed files with 80 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
bind-9.11-fips-tests.patch
View File

@ -1,4 +1,4 @@
From d0e3f8be48c8031ebe3d7e1bf2a32cb03c79484e Mon Sep 17 00:00:00 2001 From f32eb98f81b33abd5b0d3c77f8f75cc3e77425ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200 Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes Subject: [PATCH] FIPS tests changes
@ -77,7 +77,7 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/checkconf/bad-tsig.conf | 2 +- bin/tests/system/checkconf/bad-tsig.conf | 2 +-
bin/tests/system/checkconf/good.conf | 2 +- bin/tests/system/checkconf/good.conf | 2 +-
bin/tests/system/digdelv/ns2/example.db | 15 +++-- bin/tests/system/digdelv/ns2/example.db | 15 +++--
bin/tests/system/digdelv/tests.sh | 28 ++++---- bin/tests/system/digdelv/tests.sh | 20 +++---
bin/tests/system/dlv/ns1/sign.sh | 4 +- bin/tests/system/dlv/ns1/sign.sh | 4 +-
bin/tests/system/dlv/ns2/sign.sh | 4 +- bin/tests/system/dlv/ns2/sign.sh | 4 +-
bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++--------- bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++---------
@ -102,7 +102,7 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/tsiggss/setup.sh | 2 +- bin/tests/system/tsiggss/setup.sh | 2 +-
bin/tests/system/upforwd/ns1/named.conf.in | 2 +- bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +- bin/tests/system/upforwd/tests.sh | 2 +-
44 files changed, 226 insertions(+), 175 deletions(-) 44 files changed, 222 insertions(+), 171 deletions(-)
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
index 0ea6502..026db3f 100644 index 0ea6502..026db3f 100644
@ -599,27 +599,9 @@ index f4e30f5..9f53e31 100644
; TTL of 3 weeks ; TTL of 3 weeks
weeks 1814400 A 10.53.0.2 weeks 1814400 A 10.53.0.2
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 1657dfd..299ba94 100644 index ade45ce..d3aff24 100644
--- a/bin/tests/system/digdelv/tests.sh --- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh
@@ -88,7 +88,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -97,7 +97,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +multi +norrcomments works for soa (when default is rrcomments)($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > dig.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then @@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then
echo_i "checking dig +rrcomments works for DNSKEY($n)" echo_i "checking dig +rrcomments works for DNSKEY($n)"
ret=0 ret=0
@ -665,25 +647,7 @@ index 1657dfd..299ba94 100644
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
@@ -661,7 +661,7 @@ if [ -x ${DELV} ] ; then @@ -695,7 +695,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -670,7 +670,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1
- grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1
+ grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1
check_ttl_range delv.out.test$n "SOA" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -679,7 +679,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +rrcomments works for DNSKEY($n)" echo_i "checking delv +rrcomments works for DNSKEY($n)"
ret=0 ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 $DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -692,7 +656,7 @@ index 1657dfd..299ba94 100644
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1 check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
@@ -688,7 +688,7 @@ if [ -x ${DELV} ] ; then @@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)" echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
ret=0 ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -701,7 +665,7 @@ index 1657dfd..299ba94 100644
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
@@ -696,7 +696,7 @@ if [ -x ${DELV} ] ; then @@ -712,7 +712,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works ($n)" echo_i "checking delv +short +rrcomments works ($n)"
ret=0 ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -710,7 +674,7 @@ index 1657dfd..299ba94 100644
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
@@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then @@ -720,7 +720,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit works ($n)" echo_i "checking delv +short +nosplit works ($n)"
ret=0 ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -719,7 +683,7 @@ index 1657dfd..299ba94 100644
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
f=`awk '{print NF}' < delv.out.test$n` f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 14 || ret=1 test "${f:-0}" -eq 14 || ret=1
@@ -715,7 +715,7 @@ if [ -x ${DELV} ] ; then @@ -731,7 +731,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit +norrcomments works ($n)" echo_i "checking delv +short +nosplit +norrcomments works ($n)"
ret=0 ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -990,10 +954,10 @@ index ed30460..e6b1126 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV"; + "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
}; };
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index d07881d..17ad256 100644 index b31c1b4..a5e237b 100644
--- a/bin/tests/system/dnssec/tests.sh --- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh
@@ -3227,8 +3227,8 @@ do @@ -3235,8 +3235,8 @@ do
alg=`expr $alg + 1` alg=`expr $alg + 1`
continue;; continue;;
3) size="-b 512";; 3) size="-b 512";;
@ -1005,7 +969,7 @@ index d07881d..17ad256 100644
8) size="-b 512";; 8) size="-b 512";;
10) size="-b 1024";; 10) size="-b 1024";;
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index 27a02d0..caf4166 100644 index c1249ed..20a3139 100644
--- a/bin/tests/system/feature-test.c --- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c
@@ -19,6 +19,7 @@ @@ -19,6 +19,7 @@
@ -1016,7 +980,7 @@ index 27a02d0..caf4166 100644
#include <dns/edns.h> #include <dns/edns.h>
#ifdef WIN32 #ifdef WIN32
@@ -46,6 +47,7 @@ usage() { @@ -47,6 +48,7 @@ usage() {
fprintf(stderr, " --have-geoip2\n"); fprintf(stderr, " --have-geoip2\n");
fprintf(stderr, " --have-libxml2\n"); fprintf(stderr, " --have-libxml2\n");
fprintf(stderr, " --ipv6only=no\n"); fprintf(stderr, " --ipv6only=no\n");
@ -1024,7 +988,7 @@ index 27a02d0..caf4166 100644
fprintf(stderr, " --rpz-nsdname\n"); fprintf(stderr, " --rpz-nsdname\n");
fprintf(stderr, " --rpz-nsip\n"); fprintf(stderr, " --rpz-nsip\n");
fprintf(stderr, " --with-idn\n"); fprintf(stderr, " --with-idn\n");
@@ -146,6 +148,18 @@ main(int argc, char **argv) { @@ -155,6 +157,18 @@ main(int argc, char **argv) {
#endif #endif
} }
@ -1209,10 +1173,10 @@ index 343869e..c30efb0 100644
make_key 3 ${EXTRAPORT3} hmac-sha224 make_key 3 ${EXTRAPORT3} hmac-sha224
make_key 4 ${EXTRAPORT4} hmac-sha256 make_key 4 ${EXTRAPORT4} hmac-sha256
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index b00056c..f7fad91 100644 index 57e066d..186a723 100644
--- a/bin/tests/system/rndc/tests.sh --- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh
@@ -356,15 +356,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi @@ -348,15 +348,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
n=`expr $n + 1` n=`expr $n + 1`

20
bind-9.11-rh1624100.patch
View File

@ -1,4 +1,4 @@
From 292a0ca28f2e8a49f8c7e62c39ad7160234ce23d Mon Sep 17 00:00:00 2001 From 76594cba9a1e910bb36160d96fc3872349341799 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org> From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 25 Apr 2018 14:04:31 +0200 Date: Wed, 25 Apr 2018 14:04:31 +0200
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
@ -81,15 +81,15 @@ index ad77f24..670982a 100644
/* accept_sec_context.c */ /* accept_sec_context.c */
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index ba53ef1..98acfff 100644 index 0fd0837..8ad54bb 100644
--- a/lib/isc/Makefile.in --- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in +++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \ @@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \ parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \
ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \ ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
rwlock.@O@ \ rwlock.@O@ \
- safe.@O@ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ - safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
+ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ + serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \ string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
tm.@O@ timer.@O@ version.@O@ \ tm.@O@ timer.@O@ version.@O@ \
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS} ${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
@ -97,8 +97,8 @@ index ba53ef1..98acfff 100644
netaddr.c netscope.c pool.c ondestroy.c \ netaddr.c netscope.c pool.c ondestroy.c \
parseint.c portset.c quota.c radix.c random.c ${CHACHASRCS} \ parseint.c portset.c quota.c radix.c random.c ${CHACHASRCS} \
ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \ ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
- safe.c serial.c sha1.c sha2.c sockaddr.c stats.c string.c \ - safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
+ serial.c sha1.c sha2.c sockaddr.c stats.c string.c \ + serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
strtoul.c symtab.c task.c taskpool.c timer.c \ strtoul.c symtab.c task.c taskpool.c timer.c \
tm.c version.c tm.c version.c
@ -241,10 +241,10 @@ index 7a464b6..0000000
-#endif -#endif
-} -}
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
index 5775b6e..3451b5d 100644 index 266ac75..60e9181 100644
--- a/lib/isc/tests/safe_test.c --- a/lib/isc/tests/safe_test.c
+++ b/lib/isc/tests/safe_test.c +++ b/lib/isc/tests/safe_test.c
@@ -44,22 +44,6 @@ isc_safe_memequal_test(void **state) { @@ -45,22 +45,6 @@ isc_safe_memequal_test(void **state) {
"\x00\x00\x00\x00", 4)); "\x00\x00\x00\x00", 4));
} }
@ -267,7 +267,7 @@ index 5775b6e..3451b5d 100644
/* test isc_safe_memwipe() */ /* test isc_safe_memwipe() */
static void static void
isc_safe_memwipe_test(void **state) { isc_safe_memwipe_test(void **state) {
@@ -68,7 +52,6 @@ isc_safe_memwipe_test(void **state) { @@ -69,7 +53,6 @@ isc_safe_memwipe_test(void **state) {
/* These should pass. */ /* These should pass. */
isc_safe_memwipe(NULL, 0); isc_safe_memwipe(NULL, 0);
isc_safe_memwipe((void *) -1, 0); isc_safe_memwipe((void *) -1, 0);
@ -275,7 +275,7 @@ index 5775b6e..3451b5d 100644
/* /*
* isc_safe_memwipe(ptr, size) should function same as * isc_safe_memwipe(ptr, size) should function same as
@@ -107,7 +90,6 @@ main(void) { @@ -108,7 +91,6 @@ main(void) {
const struct CMUnitTest tests[] = { const struct CMUnitTest tests[] = {
cmocka_unit_test(isc_safe_memequal_test), cmocka_unit_test(isc_safe_memequal_test),
cmocka_unit_test(isc_safe_memwipe_test), cmocka_unit_test(isc_safe_memwipe_test),

108
bind-9.11-rt31459.patch
View File

@ -1,4 +1,4 @@
From f0eee3c150b9b913819ecd864581ba50dd4ae9cf Mon Sep 17 00:00:00 2001 From 9f62d68da08d21a8b35e27aeebd00afe6e5fb7be Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org> From: Evan Hunt <each@isc.org>
Date: Tue, 12 Sep 2017 19:05:46 -0700 Date: Tue, 12 Sep 2017 19:05:46 -0700
Subject: [PATCH] rebased rt31459c Subject: [PATCH] rebased rt31459c
@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644
usekeyboard); usekeyboard);
diff --git a/bin/named/server.c b/bin/named/server.c diff --git a/bin/named/server.c b/bin/named/server.c
index 767d83f..d3c2f9d 100644 index c917cad..436a93a 100644
--- a/bin/named/server.c --- a/bin/named/server.c
+++ b/bin/named/server.c +++ b/bin/named/server.c
@@ -36,6 +36,7 @@ @@ -36,6 +36,7 @@
@ -304,7 +304,7 @@ index 767d83f..d3c2f9d 100644
#include <isc/portset.h> #include <isc/portset.h>
#include <isc/print.h> #include <isc/print.h>
#include <isc/random.h> #include <isc/random.h>
@@ -8208,6 +8209,10 @@ load_configuration(const char *filename, ns_server_t *server, @@ -8209,6 +8210,10 @@ load_configuration(const char *filename, ns_server_t *server,
"no source of entropy found"); "no source of entropy found");
} else { } else {
const char *randomdev = cfg_obj_asstring(obj); const char *randomdev = cfg_obj_asstring(obj);
@ -315,7 +315,7 @@ index 767d83f..d3c2f9d 100644
int level = ISC_LOG_ERROR; int level = ISC_LOG_ERROR;
result = isc_entropy_createfilesource(ns_g_entropy, result = isc_entropy_createfilesource(ns_g_entropy,
randomdev); randomdev);
@@ -8242,6 +8247,7 @@ load_configuration(const char *filename, ns_server_t *server, @@ -8243,6 +8248,7 @@ load_configuration(const char *filename, ns_server_t *server,
} }
isc_entropy_detach(&ns_g_fallbackentropy); isc_entropy_detach(&ns_g_fallbackentropy);
} }
@ -671,10 +671,10 @@ index 9f90dd7..fad6c83 100644
echo "I:failed" echo "I:failed"
status=`expr $status + $ret` status=`expr $status + $ret`
diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c
index b27fc1d..e28871b 100644 index 53579d4..e2f6810 100644
--- a/bin/tools/mdig.c --- a/bin/tools/mdig.c
+++ b/bin/tools/mdig.c +++ b/bin/tools/mdig.c
@@ -1969,12 +1969,11 @@ main(int argc, char *argv[]) { @@ -1972,12 +1972,11 @@ main(int argc, char *argv[]) {
ectx = NULL; ectx = NULL;
RUNCHECK(isc_entropy_create(mctx, &ectx)); RUNCHECK(isc_entropy_create(mctx, &ectx));
@ -689,7 +689,7 @@ index b27fc1d..e28871b 100644
parse_args(false, argc, argv); parse_args(false, argc, argv);
if (server == NULL) if (server == NULL)
diff --git a/configure b/configure diff --git a/configure b/configure
index 4a5db6c..64aca10 100755 index 2a4d9ed..e4e8ea6 100755
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\ @@ -640,6 +640,7 @@ ac_includes_default="\
@ -724,7 +724,7 @@ index 4a5db6c..64aca10 100755
--enable-largefile 64-bit file support --enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes] --enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace --enable-symtable use internal symbol table for backtrace
@@ -17156,6 +17160,7 @@ case "$use_openssl" in @@ -17117,6 +17121,7 @@ case "$use_openssl" in
$as_echo "disabled because of native PKCS11" >&6; } $as_echo "disabled because of native PKCS11" >&6; }
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO" CRYPTO="-DPKCS11CRYPTO"
@ -732,7 +732,7 @@ index 4a5db6c..64aca10 100755
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -17170,6 +17175,7 @@ $as_echo "disabled because of native PKCS11" >&6; } @@ -17131,6 +17136,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
$as_echo "no" >&6; } $as_echo "no" >&6; }
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -740,7 +740,7 @@ index 4a5db6c..64aca10 100755
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -17182,6 +17188,7 @@ $as_echo "no" >&6; } @@ -17143,6 +17149,7 @@ $as_echo "no" >&6; }
auto) auto)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -748,7 +748,7 @@ index 4a5db6c..64aca10 100755
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -17191,7 +17198,7 @@ $as_echo "no" >&6; } @@ -17152,7 +17159,7 @@ $as_echo "no" >&6; }
OPENSSLLINKOBJS="" OPENSSLLINKOBJS=""
OPENSSLLINKSRCS="" OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -757,7 +757,7 @@ index 4a5db6c..64aca10 100755
;; ;;
*) *)
if test "yes" = "$want_native_pkcs11" if test "yes" = "$want_native_pkcs11"
@@ -17222,6 +17229,7 @@ $as_echo "not found" >&6; } @@ -17183,6 +17190,7 @@ $as_echo "not found" >&6; }
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
fi fi
CRYPTO='-DOPENSSL' CRYPTO='-DOPENSSL'
@ -765,7 +765,7 @@ index 4a5db6c..64aca10 100755
if test "/usr" = "$use_openssl" if test "/usr" = "$use_openssl"
then then
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
@@ -17883,8 +17891,6 @@ fi @@ -17808,8 +17816,6 @@ fi
# Use OpenSSL for hash functions # Use OpenSSL for hash functions
# #
@ -774,7 +774,7 @@ index 4a5db6c..64aca10 100755
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in case $want_openssl_hash in
yes) yes)
@@ -18259,6 +18265,86 @@ if test "rt" = "$have_clock_gt"; then @@ -18184,6 +18190,86 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS" LIBS="-lrt $LIBS"
fi fi
@ -861,7 +861,7 @@ index 4a5db6c..64aca10 100755
# #
# was --with-lmdb specified? # was --with-lmdb specified?
# #
@@ -20341,9 +20427,12 @@ _ACEOF @@ -20266,9 +20352,12 @@ _ACEOF
if ac_fn_c_try_compile "$LINENO"; then : if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
$as_echo "size_t for buflen; int for flags" >&6; } $as_echo "size_t for buflen; int for flags" >&6; }
@ -876,7 +876,7 @@ index 4a5db6c..64aca10 100755
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
@@ -21658,12 +21747,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" @@ -21583,12 +21672,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then if test "yes" = "$use_atomic"; then
@ -890,7 +890,7 @@ index 4a5db6c..64aca10 100755
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364. # This bug is HP SR number 8606223364.
@@ -21696,6 +21780,11 @@ cat >>confdefs.h <<_ACEOF @@ -21621,6 +21705,11 @@ cat >>confdefs.h <<_ACEOF
_ACEOF _ACEOF
@ -902,7 +902,7 @@ index 4a5db6c..64aca10 100755
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -21704,39 +21793,6 @@ _ACEOF @@ -21629,39 +21718,6 @@ _ACEOF
fi fi
;; ;;
x86_64-*|amd64-*) x86_64-*|amd64-*)
@ -942,7 +942,7 @@ index 4a5db6c..64aca10 100755
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -21767,6 +21823,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } @@ -21692,6 +21748,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
$as_echo "$arch" >&6; } $as_echo "$arch" >&6; }
fi fi
@ -953,7 +953,7 @@ index 4a5db6c..64aca10 100755
if test "yes" = "$have_atomic"; then if test "yes" = "$have_atomic"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
$as_echo_n "checking compiler support for inline assembly code... " >&6; } $as_echo_n "checking compiler support for inline assembly code... " >&6; }
@@ -24372,6 +24432,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" @@ -24297,6 +24357,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
# #
dlzdir='${DLZ_DRIVER_DIR}' dlzdir='${DLZ_DRIVER_DIR}'
@ -984,7 +984,7 @@ index 4a5db6c..64aca10 100755
# #
# Private autoconf macro to simplify configuring drivers: # Private autoconf macro to simplify configuring drivers:
# #
@@ -24702,11 +24786,11 @@ $as_echo "no" >&6; } @@ -24627,11 +24711,11 @@ $as_echo "no" >&6; }
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
;; ;;
*) *)
@ -999,7 +999,7 @@ index 4a5db6c..64aca10 100755
fi fi
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
@@ -24791,7 +24875,7 @@ $as_echo "" >&6; } @@ -24716,7 +24800,7 @@ $as_echo "" >&6; }
# Check other locations for includes. # Check other locations for includes.
# Order is important (sigh). # Order is important (sigh).
@ -1008,7 +1008,7 @@ index 4a5db6c..64aca10 100755
# include a blank element first # include a blank element first
for d in "" $bdb_incdirs for d in "" $bdb_incdirs
do do
@@ -24816,57 +24900,9 @@ $as_echo "" >&6; } @@ -24741,57 +24825,9 @@ $as_echo "" >&6; }
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
for d in $bdb_libnames for d in $bdb_libnames
do do
@ -1068,7 +1068,7 @@ index 4a5db6c..64aca10 100755
break break
fi fi
done done
@@ -25025,10 +25061,10 @@ $as_echo "no" >&6; } @@ -24950,10 +24986,10 @@ $as_echo "no" >&6; }
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
fi fi
@ -1082,7 +1082,7 @@ index 4a5db6c..64aca10 100755
fi fi
@@ -25114,11 +25150,11 @@ fi @@ -25039,11 +25075,11 @@ fi
odbcdirs="/usr /usr/local /usr/pkg" odbcdirs="/usr /usr/local /usr/pkg"
for d in $odbcdirs for d in $odbcdirs
do do
@ -1096,7 +1096,7 @@ index 4a5db6c..64aca10 100755
break break
fi fi
done done
@@ -25393,6 +25429,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -25318,6 +25354,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1105,7 +1105,7 @@ index 4a5db6c..64aca10 100755
# #
# Commands to run at the end of config.status. # Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody # Don't just put these into configure, it won't work right if somebody
@@ -27772,6 +27810,8 @@ report() { @@ -27697,6 +27735,8 @@ report() {
echo " IPv6 support (--enable-ipv6)" echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)" echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1114,7 +1114,7 @@ index 4a5db6c..64aca10 100755
test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -27812,6 +27852,8 @@ report() { @@ -27737,6 +27777,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)" echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1123,7 +1123,7 @@ index 4a5db6c..64aca10 100755
echo " Dynamically loadable zone (DLZ) drivers:" echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \ test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)" echo " Berkeley DB (--with-dlz-bdb)"
@@ -27859,6 +27901,8 @@ report() { @@ -27784,6 +27826,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)" echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)" echo " EDDSA algorithm support (--with-eddsa)"
@ -1133,10 +1133,10 @@ index 4a5db6c..64aca10 100755
test "yes" = "$enable_seccomp" || \ test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)" echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 0dc552c..3b88105 100644 index 0e22d02..828581e 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -1572,6 +1572,7 @@ case "$use_openssl" in @@ -1537,6 +1537,7 @@ case "$use_openssl" in
AC_MSG_RESULT(disabled because of native PKCS11) AC_MSG_RESULT(disabled because of native PKCS11)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO" CRYPTO="-DPKCS11CRYPTO"
@ -1144,7 +1144,7 @@ index 0dc552c..3b88105 100644
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -1585,6 +1586,7 @@ case "$use_openssl" in @@ -1550,6 +1551,7 @@ case "$use_openssl" in
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -1152,7 +1152,7 @@ index 0dc552c..3b88105 100644
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -1597,6 +1599,7 @@ case "$use_openssl" in @@ -1562,6 +1564,7 @@ case "$use_openssl" in
auto) auto)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
CRYPTO="" CRYPTO=""
@ -1160,7 +1160,7 @@ index 0dc552c..3b88105 100644
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" OPENSSLEDDSALINKOBJS=""
@@ -1607,7 +1610,7 @@ case "$use_openssl" in @@ -1572,7 +1575,7 @@ case "$use_openssl" in
OPENSSLLINKSRCS="" OPENSSLLINKSRCS=""
AC_MSG_ERROR( AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -1169,7 +1169,7 @@ index 0dc552c..3b88105 100644
;; ;;
*) *)
if test "yes" = "$want_native_pkcs11" if test "yes" = "$want_native_pkcs11"
@@ -1637,6 +1640,7 @@ If you don't want OpenSSL, use --without-openssl]) @@ -1602,6 +1605,7 @@ If you don't want OpenSSL, use --without-openssl])
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
fi fi
CRYPTO='-DOPENSSL' CRYPTO='-DOPENSSL'
@ -1177,7 +1177,7 @@ index 0dc552c..3b88105 100644
if test "/usr" = "$use_openssl" if test "/usr" = "$use_openssl"
then then
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
@@ -2110,7 +2114,6 @@ fi @@ -2037,7 +2041,6 @@ fi
# Use OpenSSL for hash functions # Use OpenSSL for hash functions
# #
@ -1185,7 +1185,7 @@ index 0dc552c..3b88105 100644
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in case $want_openssl_hash in
yes) yes)
@@ -2382,6 +2385,67 @@ if test "rt" = "$have_clock_gt"; then @@ -2309,6 +2312,67 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS" LIBS="-lrt $LIBS"
fi fi
@ -1253,7 +1253,7 @@ index 0dc552c..3b88105 100644
# #
# was --with-lmdb specified? # was --with-lmdb specified?
# #
@@ -4178,12 +4242,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" @@ -4105,12 +4169,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then if test "yes" = "$use_atomic"; then
@ -1267,7 +1267,7 @@ index 0dc552c..3b88105 100644
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -4192,7 +4256,6 @@ if test "yes" = "$use_atomic"; then @@ -4119,7 +4183,6 @@ if test "yes" = "$use_atomic"; then
fi fi
;; ;;
x86_64-*|amd64-*) x86_64-*|amd64-*)
@ -1275,7 +1275,7 @@ index 0dc552c..3b88105 100644
if test $ac_cv_sizeof_void_p = 8; then if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64 arch=x86_64
have_xaddq=yes have_xaddq=yes
@@ -5607,6 +5670,8 @@ report() { @@ -5534,6 +5597,8 @@ report() {
echo " IPv6 support (--enable-ipv6)" echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)" echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1284,7 +1284,7 @@ index 0dc552c..3b88105 100644
test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -5647,6 +5712,8 @@ report() { @@ -5574,6 +5639,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)" echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1293,7 +1293,7 @@ index 0dc552c..3b88105 100644
echo " Dynamically loadable zone (DLZ) drivers:" echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \ test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)" echo " Berkeley DB (--with-dlz-bdb)"
@@ -5694,6 +5761,8 @@ report() { @@ -5621,6 +5688,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)" echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)" echo " EDDSA algorithm support (--with-eddsa)"
@ -2016,10 +2016,10 @@ index 5b8a2c9..913a2ce 100644
* Define if the hash functions must be provided by OpenSSL. * Define if the hash functions must be provided by OpenSSL.
*/ */
diff --git a/win32utils/Configure b/win32utils/Configure diff --git a/win32utils/Configure b/win32utils/Configure
index 93939f3..8bacf54 100644 index 6f93814..4286baf 100644
--- a/win32utils/Configure --- a/win32utils/Configure
+++ b/win32utils/Configure +++ b/win32utils/Configure
@@ -381,6 +381,7 @@ my @substdefh = ("AES_CC", @@ -378,6 +378,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
my %configdefp; my %configdefp;
my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP", my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP",
@ -2027,7 +2027,7 @@ index 93939f3..8bacf54 100644
"ISC_PLATFORM_HAVEATOMICSTORE", "ISC_PLATFORM_HAVEATOMICSTORE",
"ISC_PLATFORM_HAVEATOMICSTOREQ", "ISC_PLATFORM_HAVEATOMICSTOREQ",
"ISC_PLATFORM_HAVECMPXCHG", "ISC_PLATFORM_HAVECMPXCHG",
@@ -511,7 +512,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); @@ -508,7 +509,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER");
# enable-xxx/disable-xxx # enable-xxx/disable-xxx
@ -2037,7 +2037,7 @@ index 93939f3..8bacf54 100644
"fixed-rrset", "fixed-rrset",
"intrinsics", "intrinsics",
"isc-spnego", "isc-spnego",
@@ -575,6 +577,7 @@ my @help = ( @@ -572,6 +574,7 @@ my @help = (
"\nOptional Features:\n", "\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
@ -2045,7 +2045,7 @@ index 93939f3..8bacf54 100644
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
" enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n",
" enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", " enable-filter-aaaa enable filtering of AAAA records [default=yes]\n",
@@ -620,7 +623,9 @@ my $want_clean = "no"; @@ -617,7 +620,9 @@ my $want_clean = "no";
my $want_unknown = "no"; my $want_unknown = "no";
my $unknown_value; my $unknown_value;
my $enable_intrinsics = "yes"; my $enable_intrinsics = "yes";
@ -2055,7 +2055,7 @@ index 93939f3..8bacf54 100644
my $enable_openssl_hash = "auto"; my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "yes"; my $enable_filter_aaaa = "yes";
my $enable_isc_spnego = "yes"; my $enable_isc_spnego = "yes";
@@ -840,6 +845,10 @@ sub myenable { @@ -837,6 +842,10 @@ sub myenable {
if ($val =~ /^yes$/i) { if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes"; $enable_native_pkcs11 = "yes";
} }
@ -2066,7 +2066,7 @@ index 93939f3..8bacf54 100644
} elsif ($key =~ /^openssl-hash$/i) { } elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) { if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes"; $enable_openssl_hash = "yes";
@@ -1142,6 +1151,11 @@ if ($verbose) { @@ -1139,6 +1148,11 @@ if ($verbose) {
} else { } else {
print "native-pkcs11: disabled\n"; print "native-pkcs11: disabled\n";
} }
@ -2078,7 +2078,7 @@ index 93939f3..8bacf54 100644
if ($enable_openssl_hash eq "yes") { if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n"; print "openssl-hash: enabled\n";
} else { } else {
@@ -1500,6 +1514,7 @@ if ($enable_intrinsics eq "yes") { @@ -1497,6 +1511,7 @@ if ($enable_intrinsics eq "yes") {
# enable-native-pkcs11 # enable-native-pkcs11
if ($enable_native_pkcs11 eq "yes") { if ($enable_native_pkcs11 eq "yes") {
@ -2086,7 +2086,7 @@ index 93939f3..8bacf54 100644
if ($use_openssl eq "auto") { if ($use_openssl eq "auto") {
$use_openssl = "no"; $use_openssl = "no";
} }
@@ -1709,6 +1724,7 @@ if ($use_openssl eq "yes") { @@ -1706,6 +1721,7 @@ if ($use_openssl eq "yes") {
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
} }
@ -2094,10 +2094,10 @@ index 93939f3..8bacf54 100644
$configcond{"OPENSSL"} = 1; $configcond{"OPENSSL"} = 1;
$configdefd{"CRYPTO"} = "OPENSSL"; $configdefd{"CRYPTO"} = "OPENSSL";
$configvar{"OPENSSL_PATH"} = "$openssl_path"; $configvar{"OPENSSL_PATH"} = "$openssl_path";
@@ -2260,6 +2276,15 @@ if ($cookie_algorithm eq "sha1") { @@ -2242,6 +2258,15 @@ if ($use_aes eq "yes") {
die "Unrecognized cookie algorithm: $cookie_algorithm\n";
} }
+# enable-crypto-rand +# enable-crypto-rand
+if ($enable_crypto_rand eq "yes") { +if ($enable_crypto_rand eq "yes") {
+ if (($use_openssl eq "no") && ($enable_native_pkcs11 eq "no")) { + if (($use_openssl eq "no") && ($enable_native_pkcs11 eq "no")) {
@ -2110,7 +2110,7 @@ index 93939f3..8bacf54 100644
# enable-openssl-hash # enable-openssl-hash
if ($enable_openssl_hash eq "yes") { if ($enable_openssl_hash eq "yes") {
if ($use_openssl eq "no") { if ($use_openssl eq "no") {
@@ -3635,6 +3660,7 @@ exit 0; @@ -3617,6 +3642,7 @@ exit 0;
# --enable-developer partially supported # --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only) # --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported # --enable-native-pkcs11 supported