diff --git a/.gitignore b/.gitignore index 5207dcd..588ac73 100644 --- a/.gitignore +++ b/.gitignore @@ -82,3 +82,5 @@ bind-9.7.2b1.tar.gz /bind-9.11.3b1.tar.gz /bind-9.11.3.tar.gz /config-18.tar.bz2 +/bind-9.11.4rc1.tar.gz +/bind-9.11.4.tar.gz diff --git a/bind-9.10-dist-native-pkcs11.patch b/bind-9.10-dist-native-pkcs11.patch index cb36e04..49d3391 100644 --- a/bind-9.10-dist-native-pkcs11.patch +++ b/bind-9.10-dist-native-pkcs11.patch @@ -1,21 +1,23 @@ diff --git a/bin/Makefile.in b/bin/Makefile.in -index f3cbed3..7d21984 100644 +index f0c504a..ce7a2da 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in -@@ -10,7 +10,7 @@ srcdir = @srcdir@ +@@ -11,8 +11,8 @@ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ --SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \ -+SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools tests nsupdate \ - check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ +-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \ +- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests ++SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate \ ++ check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests TARGETS = + @BIND9_MAKE_RULES@ diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in -index 8c6627a..0427349 100644 +index 1be1d5f..0f09216 100644 --- a/bin/dnssec-pkcs11/Makefile.in +++ b/bin/dnssec-pkcs11/Makefile.in -@@ -14,18 +14,18 @@ VERSION=@BIND9_VERSION@ +@@ -17,18 +17,18 @@ VERSION=@BIND9_VERSION@ @BIND9_MAKE_INCLUDES@ @@ -41,7 +43,7 @@ index 8c6627a..0427349 100644 DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} -@@ -34,10 +34,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ +@@ -37,10 +37,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@ # Alphabetically @@ -56,7 +58,7 @@ index 8c6627a..0427349 100644 OBJS = dnssectool.@O@ -@@ -58,15 +58,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +@@ -61,15 +61,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} @BIND9_MAKE_RULES@ @@ -75,7 +77,7 @@ index 8c6627a..0427349 100644 export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -@@ -74,7 +74,7 @@ dnssec-signzone.@O@: dnssec-signzone.c +@@ -77,7 +77,7 @@ dnssec-signzone.@O@: dnssec-signzone.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ -c ${srcdir}/dnssec-signzone.c @@ -84,7 +86,7 @@ index 8c6627a..0427349 100644 export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -@@ -82,19 +82,19 @@ dnssec-verify.@O@: dnssec-verify.c +@@ -85,19 +85,19 @@ dnssec-verify.@O@: dnssec-verify.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ -c ${srcdir}/dnssec-verify.c @@ -108,7 +110,7 @@ index 8c6627a..0427349 100644 ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ dnssec-importkey.@O@ ${OBJS} ${LIBS} -@@ -105,14 +105,11 @@ docclean manclean maintainer-clean:: +@@ -108,14 +108,11 @@ docclean manclean maintainer-clean:: installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} @@ -124,10 +126,10 @@ index 8c6627a..0427349 100644 clean distclean:: diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in -index 8c6627a..c070881 100644 +index 1be1d5f..fc983bf 100644 --- a/bin/dnssec/Makefile.in +++ b/bin/dnssec/Makefile.in -@@ -16,7 +16,7 @@ VERSION=@BIND9_VERSION@ +@@ -19,7 +19,7 @@ VERSION=@BIND9_VERSION@ CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@ @@ -137,10 +139,10 @@ index 8c6627a..c070881 100644 CWARNINGS = diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in -index 83bce80..5170f47 100644 +index e1f85a9..2effa69 100644 --- a/bin/named-pkcs11/Makefile.in +++ b/bin/named-pkcs11/Makefile.in -@@ -40,26 +40,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@ +@@ -43,26 +43,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ @@ -174,7 +176,7 @@ index 83bce80..5170f47 100644 LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@ BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ -@@ -68,15 +68,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ +@@ -71,15 +71,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \ @@ -193,7 +195,7 @@ index 83bce80..5170f47 100644 GEOIPLINKOBJS = geoip.@O@ -@@ -87,8 +87,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ +@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \ zoneconf.@O@ \ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ @@ -203,7 +205,7 @@ index 83bce80..5170f47 100644 UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ -@@ -103,8 +102,7 @@ SRCS = builtin.c client.c config.c control.c \ +@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ @@ -213,7 +215,7 @@ index 83bce80..5170f47 100644 MANPAGES = named.8 lwresd.8 named.conf.5 -@@ -143,14 +141,14 @@ server.@O@: server.c +@@ -146,14 +144,14 @@ server.@O@: server.c -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c @@ -231,7 +233,7 @@ index 83bce80..5170f47 100644 doc man:: ${MANOBJS} -@@ -170,22 +168,12 @@ statschannel.@O@: bind9.xsl.h +@@ -173,22 +171,12 @@ statschannel.@O@: bind9.xsl.h installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} @@ -258,10 +260,10 @@ index 83bce80..5170f47 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index 83bce80..f217965 100644 +index e1f85a9..b7493c5 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -44,7 +44,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ +@@ -47,7 +47,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@ @@ -271,10 +273,10 @@ index 83bce80..f217965 100644 CWARNINGS = diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in -index d9aa66b..1900e3c 100644 +index ae90616..4bc1256 100644 --- a/bin/pkcs11/Makefile.in +++ b/bin/pkcs11/Makefile.in -@@ -12,13 +12,13 @@ top_srcdir = @top_srcdir@ +@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@ @BIND9_MAKE_INCLUDES@ @@ -292,10 +294,10 @@ index d9aa66b..1900e3c 100644 DEPLIBS = ${ISCDEPLIBS} diff --git a/configure.in b/configure.in -index 71dadbf..127de9b 100644 +index 9a1d16d..2f13059 100644 --- a/configure.in +++ b/configure.in -@@ -1152,12 +1152,14 @@ AC_SUBST(USE_GSSAPI) +@@ -1164,12 +1164,14 @@ AC_SUBST(USE_GSSAPI) AC_SUBST(DST_GSSAPI_INC) AC_SUBST(DNS_GSSAPI_LIBS) DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS" @@ -310,7 +312,7 @@ index 71dadbf..127de9b 100644 # # was --with-randomdev specified? -@@ -1542,11 +1544,11 @@ fi +@@ -1554,11 +1556,11 @@ fi AC_MSG_CHECKING(for OpenSSL library) OPENSSL_WARNING= openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" @@ -327,7 +329,7 @@ index 71dadbf..127de9b 100644 if test "auto" = "$use_openssl" then -@@ -1559,6 +1561,7 @@ then +@@ -1571,6 +1573,7 @@ then fi done fi @@ -335,7 +337,7 @@ index 71dadbf..127de9b 100644 OPENSSL_ECDSA="" OPENSSL_GOST="" OPENSSL_ED25519="" -@@ -1580,11 +1583,10 @@ case "$with_gost" in +@@ -1592,11 +1595,10 @@ case "$with_gost" in ;; esac @@ -350,7 +352,7 @@ index 71dadbf..127de9b 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1593,7 +1595,9 @@ case "$use_openssl" in +@@ -1605,7 +1607,9 @@ case "$use_openssl" in OPENSSLGOSTLINKSRCS="" OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" @@ -361,7 +363,7 @@ index 71dadbf..127de9b 100644 no) AC_MSG_RESULT(no) DST_OPENSSL_INC="" -@@ -1623,11 +1627,11 @@ case "$use_openssl" in +@@ -1635,11 +1639,11 @@ case "$use_openssl" in If you don't want OpenSSL, use --without-openssl]) ;; *) @@ -378,7 +380,7 @@ index 71dadbf..127de9b 100644 if test "yes" = "$use_openssl" then # User did not specify a path - guess it -@@ -2085,6 +2089,7 @@ AC_SUBST(OPENSSL_ED25519) +@@ -2062,6 +2066,7 @@ AC_SUBST(OPENSSL_ED25519) AC_SUBST(OPENSSL_GOST) DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS" @@ -386,7 +388,7 @@ index 71dadbf..127de9b 100644 ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES" if test "yes" = "$with_aes" -@@ -2404,6 +2409,7 @@ esac +@@ -2381,6 +2386,7 @@ esac AC_SUBST(PKCS11LINKOBJS) AC_SUBST(PKCS11LINKSRCS) AC_SUBST(CRYPTO) @@ -394,7 +396,7 @@ index 71dadbf..127de9b 100644 AC_SUBST(PKCS11_ECDSA) AC_SUBST(PKCS11_GOST) AC_SUBST(PKCS11_ED25519) -@@ -5398,8 +5404,11 @@ AC_CONFIG_FILES([ +@@ -5434,8 +5440,11 @@ AC_CONFIG_FILES([ bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile @@ -406,7 +408,7 @@ index 71dadbf..127de9b 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5500,6 +5509,10 @@ AC_CONFIG_FILES([ +@@ -5509,6 +5518,10 @@ AC_CONFIG_FILES([ lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile @@ -417,7 +419,7 @@ index 71dadbf..127de9b 100644 lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile -@@ -5524,6 +5537,24 @@ AC_CONFIG_FILES([ +@@ -5533,6 +5546,24 @@ AC_CONFIG_FILES([ lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile @@ -443,23 +445,23 @@ index 71dadbf..127de9b 100644 lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile diff --git a/lib/Makefile.in b/lib/Makefile.in -index 318450c..87cde21 100644 +index 81270a0..bcb5312 100644 --- a/lib/Makefile.in +++ b/lib/Makefile.in -@@ -14,7 +14,7 @@ top_srcdir = @top_srcdir@ +@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@ # Attempt to disable parallel processing. .NOTPARALLEL: .NO_PARALLEL: --SUBDIRS = isc isccc dns isccfg bind9 lwres irs tests samples -+SUBDIRS = isc isc-pkcs11 isccc dns dns-pkcs11 isccfg bind9 lwres irs tests samples +-SUBDIRS = isc isccc dns isccfg bind9 lwres irs samples ++SUBDIRS = isc isc-pkcs11 isccc dns dns-pkcs11 isccfg bind9 lwres irs samples TARGETS = @BIND9_MAKE_RULES@ diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in -index f7556f3..8e29a5c 100644 +index 4a8549e..6a19906 100644 --- a/lib/dns-pkcs11/Makefile.in +++ b/lib/dns-pkcs11/Makefile.in -@@ -23,16 +23,16 @@ VERSION=@BIND9_VERSION@ +@@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@ @@ -481,7 +483,7 @@ index f7556f3..8e29a5c 100644 LIBS = @LIBS@ -@@ -142,15 +142,15 @@ version.@O@: version.c +@@ -146,15 +146,15 @@ version.@O@: version.c -DLIBAGE=${LIBAGE} \ -c ${srcdir}/version.c @@ -501,7 +503,7 @@ index f7556f3..8e29a5c 100644 include: gen ${MAKE} include/dns/enumtype.h -@@ -176,25 +176,25 @@ code.h: gen +@@ -180,25 +180,25 @@ code.h: gen ./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; } gen: gen.c @@ -534,10 +536,10 @@ index f7556f3..8e29a5c 100644 rm -f include/dns/rdatastruct.h rm -f dnstap.pb-c.c dnstap.pb-c.h include/dns/dnstap.pb-c.h diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in -index bd8b109..3a6665f 100644 +index ba53ef1..d1f1771 100644 --- a/lib/isc-pkcs11/Makefile.in +++ b/lib/isc-pkcs11/Makefile.in -@@ -20,8 +20,8 @@ CINCLUDES = -I${srcdir}/unix/include \ +@@ -23,8 +23,8 @@ CINCLUDES = -I${srcdir}/unix/include \ -I${srcdir}/@ISC_THREAD_DIR@/include \ -I${srcdir}/@ISC_ARCH_DIR@/include \ -I./include \ @@ -548,7 +550,7 @@ index bd8b109..3a6665f 100644 CWARNINGS = # Alphabetically -@@ -104,40 +104,40 @@ version.@O@: version.c +@@ -107,40 +107,40 @@ version.@O@: version.c -DLIBAGE=${LIBAGE} \ -c ${srcdir}/version.c @@ -602,10 +604,10 @@ index bd8b109..3a6665f 100644 + rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \ + libisc-pkcs11-nosymtbl.la timestamp diff --git a/make/includes.in b/make/includes.in -index f41e3cd..b97534c 100644 +index fa86ad1..3cfbe9f 100644 --- a/make/includes.in +++ b/make/includes.in -@@ -40,3 +40,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \ +@@ -43,3 +43,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \ TEST_INCLUDES = \ -I${top_srcdir}/lib/tests/include diff --git a/bind-9.10-sdb.patch b/bind-9.10-sdb.patch index 0318e9e..08e562e 100644 --- a/bind-9.10-sdb.patch +++ b/bind-9.10-sdb.patch @@ -1,23 +1,23 @@ diff --git a/bin/Makefile.in b/bin/Makefile.in -index 7d21984..015ff45 100644 +index ce7a2da..4e6a824 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in -@@ -10,8 +10,8 @@ srcdir = @srcdir@ +@@ -11,8 +11,8 @@ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ --SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools tests nsupdate \ -- check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ -+SUBDIRS = named named-sdb named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools tests nsupdate \ -+ check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ sdb_tools +-SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate \ +- check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests ++SUBDIRS = named named-sdb named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate \ ++ check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ sdb_tools tests TARGETS = @BIND9_MAKE_RULES@ diff --git a/bin/named-sdb/Makefile.in b/bin/named-sdb/Makefile.in -index f217965..b79d6fe 100644 +index b7493c5..93f9a33 100644 --- a/bin/named-sdb/Makefile.in +++ b/bin/named-sdb/Makefile.in -@@ -27,10 +27,10 @@ VERSION=@BIND9_VERSION@ +@@ -30,10 +30,10 @@ VERSION=@BIND9_VERSION@ # # Add database drivers here. # @@ -31,7 +31,7 @@ index f217965..b79d6fe 100644 DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers -@@ -76,7 +76,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ +@@ -79,7 +79,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ SUBDIRS = unix @@ -40,7 +40,7 @@ index f217965..b79d6fe 100644 GEOIPLINKOBJS = geoip.@O@ -@@ -143,7 +143,7 @@ server.@O@: server.c +@@ -146,7 +146,7 @@ server.@O@: server.c -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c @@ -49,7 +49,7 @@ index f217965..b79d6fe 100644 export MAKE_SYMTABLE="yes"; \ export BASEOBJS="${OBJS} ${UOBJS}"; \ ${FINALBUILDCMD} -@@ -170,22 +170,12 @@ statschannel.@O@: bind9.xsl.h +@@ -173,22 +173,12 @@ statschannel.@O@: bind9.xsl.h installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} @@ -76,10 +76,10 @@ index f217965..b79d6fe 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c -index 64ee3ce..218d9b0 100644 +index 1227ea9..febbdf5 100644 --- a/bin/named-sdb/main.c +++ b/bin/named-sdb/main.c -@@ -88,6 +88,10 @@ +@@ -91,6 +91,10 @@ * Include header files for database drivers here. */ /* #include "xxdb.h" */ @@ -90,7 +90,7 @@ index 64ee3ce..218d9b0 100644 #ifdef CONTRIB_DLZ /* -@@ -1060,6 +1064,11 @@ setup(void) { +@@ -1061,6 +1065,11 @@ setup(void) { ns_main_earlyfatal("isc_app_start() failed: %s", isc_result_totext(result)); @@ -102,7 +102,7 @@ index 64ee3ce..218d9b0 100644 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting %s %s%s%s ", ns_g_product, ns_g_version, -@@ -1181,6 +1190,75 @@ setup(void) { +@@ -1182,6 +1191,75 @@ setup(void) { isc_result_totext(result)); #endif @@ -178,7 +178,7 @@ index 64ee3ce..218d9b0 100644 ns_server_create(ns_g_mctx, &ns_g_server); #ifdef HAVE_LIBSECCOMP -@@ -1223,6 +1301,11 @@ cleanup(void) { +@@ -1224,6 +1302,11 @@ cleanup(void) { dns_name_destroy(); @@ -191,10 +191,10 @@ index 64ee3ce..218d9b0 100644 ISC_LOG_NOTICE, "exiting"); ns_log_shutdown(); diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index f217965..05b8699 100644 +index b7493c5..8231d24 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -42,9 +42,9 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ +@@ -45,9 +45,9 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ @@ -206,7 +206,7 @@ index f217965..05b8699 100644 CWARNINGS = -@@ -68,11 +68,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ +@@ -71,11 +71,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \ @@ -220,7 +220,7 @@ index f217965..05b8699 100644 SUBDIRS = unix -@@ -87,8 +87,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ +@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \ zoneconf.@O@ \ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ @@ -230,7 +230,7 @@ index f217965..05b8699 100644 UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ -@@ -103,8 +102,7 @@ SRCS = builtin.c client.c config.c control.c \ +@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ @@ -240,7 +240,7 @@ index f217965..05b8699 100644 MANPAGES = named.8 lwresd.8 named.conf.5 -@@ -187,7 +185,5 @@ uninstall:: +@@ -190,7 +188,5 @@ uninstall:: rm -f ${DESTDIR}${sbindir}/lwresd@EXEEXT@ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@ @@ -284,10 +284,10 @@ index c7e0868..95ab742 100644 + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 diff --git a/configure.in b/configure.in -index 1a0cc5f..b59a549 100644 +index 62536a6..f571a4f 100644 --- a/configure.in +++ b/configure.in -@@ -5409,6 +5409,8 @@ AC_CONFIG_FILES([ +@@ -5445,6 +5445,8 @@ AC_CONFIG_FILES([ bin/named/unix/Makefile bin/named-pkcs11/Makefile bin/named-pkcs11/unix/Makefile @@ -296,11 +296,11 @@ index 1a0cc5f..b59a549 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5433,6 +5435,7 @@ AC_CONFIG_FILES([ +@@ -5469,6 +5471,7 @@ AC_CONFIG_FILES([ bin/python/isc/tests/dnskey_test.py bin/python/isc/tests/policy_test.py bin/rndc/Makefile + bin/sdb_tools/Makefile bin/tests/Makefile - bin/tests/atomic/Makefile - bin/tests/db/Makefile + bin/tests/headerdep_test.sh + bin/tests/optional/Makefile diff --git a/bind-9.11-CVE-2018-5738.patch b/bind-9.11-CVE-2018-5738.patch deleted file mode 100644 index e5555aa..0000000 --- a/bind-9.11-CVE-2018-5738.patch +++ /dev/null @@ -1,176 +0,0 @@ -From 7983015dfa58be21526a01300b9e13a84278266a Mon Sep 17 00:00:00 2001 -From: Evan Hunt -Date: Mon, 4 Jun 2018 21:55:41 -0700 -Subject: [PATCH] allow-recursion could incorrectly inherit from the default - allow-query - ---- - bin/named/server.c | 50 ++++++++++++++++++++++++++++++++++++-------------- - doc/arm/notes.xml | 41 +++++------------------------------------ - 2 files changed, 41 insertions(+), 50 deletions(-) - -diff --git a/bin/named/server.c b/bin/named/server.c -index 64a5180..41a1826 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -3376,10 +3376,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - dns_acache_setcachesize(view->acache, max_acache_size); - } - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query", NULL, actx, -- ns_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -4258,9 +4254,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - INSIST(result == ISC_R_SUCCESS); - view->trust_anchor_telemetry = cfg_obj_asboolean(obj); - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query-cache-on", NULL, actx, -- ns_g_mctx, &view->cacheonacl)); - /* - * Set sources where additional data and CNAME/DNAME - * targets for authoritative answers may be found. -@@ -4287,22 +4280,40 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - view->additionalfromcache = ISC_TRUE; - } - -+ CHECK(configure_view_acl(vconfig, config, ns_g_config, -+ "allow-query-cache-on", NULL, actx, -+ ns_g_mctx, &view->cacheonacl)); -+ - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, ns_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ ns_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ ns_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - ns_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - ns_g_mctx, &view->recursiononacl)); -@@ -4340,18 +4351,21 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion", NULL, - actx, ns_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion-on", NULL, - actx, ns_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-query-cache", NULL, - actx, ns_g_mctx, -@@ -4365,6 +4379,14 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, ns_g_config, -+ "allow-query", NULL, -+ actx, ns_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, -diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml -index ea9b61f..9a1832d 100644 ---- a/doc/arm/notes.xml -+++ b/doc/arm/notes.xml -@@ -103,42 +103,11 @@ - - - -- An error in TSIG handling could permit unauthorized zone -- transfers or zone updates. These flaws are disclosed in -- CVE-2017-3142 and CVE-2017-3143. [RT #45383] -- -- -- -- -- The BIND installer on Windows used an unquoted service path, -- which can enable privilege escalation. This flaw is disclosed -- in CVE-2017-3141. [RT #45229] -- -- -- -- -- With certain RPZ configurations, a response with TTL 0 -- could cause named to go into an infinite -- query loop. This flaw is disclosed in CVE-2017-3140. -- [RT #45181] -- -- -- -- -- Addresses could be referenced after being freed during resolver -- processing, causing an assertion failure. The chances of this -- happening were remote, but the introduction of a delay in -- resolution increased them. This bug is disclosed in -- CVE-2017-3145. [RT #46839] -- -- -- -- -- update-policy rules that otherwise ignore the name field now -- require that it be set to "." to ensure that any type list -- present is properly interpreted. If the name field was omitted -- from the rule declaration and a type list was present it wouldn't -- be interpreted as expected. -+ When recursion is enabled but the allow-recursion -+ and allow-query-cache ACLs are not specified, they -+ should be limited to local networks, but they were inadvertently set -+ to match the default allow-query, thus allowing -+ remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309] - - - --- -2.14.4 - diff --git a/bind-9.11-kyua-unit-oot.patch b/bind-9.11-kyua-unit-oot.patch deleted file mode 100644 index d4fe320..0000000 --- a/bind-9.11-kyua-unit-oot.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff --git a/Makefile.in b/Makefile.in -index e1b2ff3..ff82f29 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -7,6 +7,7 @@ - srcdir = @srcdir@ - VPATH = @srcdir@ - top_srcdir = @top_srcdir@ -+top_builddir = @top_builddir@ - - VERSION=@BIND9_VERSION@ - -@@ -86,7 +87,8 @@ force-test: test-force - test-force: - status=0; \ - (cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \ -- (test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \ -+ (test -f ${top_builddir}/unit/unittest.sh && \ -+ $(SHELL) ${top_builddir}/unit/unittest.sh) || status=1; \ - exit $$status - - README: README.md -@@ -110,6 +112,6 @@ CONTRIBUTING: CONTRIBUTING.md - sed -e '$${/^$$/d;}' > $@ - - unit:: -- sh ${top_srcdir}/unit/unittest.sh -+ sh ${top_builddir}/unit/unittest.sh - - clean:: -diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in -index c7fd4ed..2a6571b 100644 ---- a/lib/dns/tests/Makefile.in -+++ b/lib/dns/tests/Makefile.in -@@ -234,7 +234,7 @@ tsig_test@EXEEXT@: tsig_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} - ${ISCLIBS} ${LIBS} - - unit:: -- sh ${top_srcdir}/unit/unittest.sh -+ sh ${top_builddir}/unit/unittest.sh - - clean distclean:: - rm -f ${TARGETS} -diff --git a/lib/irs/tests/Makefile.in b/lib/irs/tests/Makefile.in -index 2ecf8b0..38bf342 100644 ---- a/lib/irs/tests/Makefile.in -+++ b/lib/irs/tests/Makefile.in -@@ -45,7 +45,7 @@ resconf_test@EXEEXT@: resconf_test.@O@ ${CFGDEPLIBS} ${DNSDEPLIBS} ${IRSDEPLIBS} - resconf_test.@O@ ${LIBS} - - unit:: -- sh ${top_srcdir}/unit/unittest.sh -+ sh ${top_builddir}/unit/unittest.sh - - clean distclean:: - rm -f ${TARGETS} -diff --git a/lib/isc/tests/Makefile.in b/lib/isc/tests/Makefile.in -index 20c7e25..f7fa538 100644 ---- a/lib/isc/tests/Makefile.in -+++ b/lib/isc/tests/Makefile.in -@@ -159,7 +159,7 @@ time_test@EXEEXT@: time_test.@O@ ${ISCDEPLIBS} - time_test.@O@ ${ISCLIBS} ${LIBS} - - unit:: -- sh ${top_srcdir}/unit/unittest.sh -+ sh ${top_builddir}/unit/unittest.sh - - clean distclean:: - rm -f ${TARGETS} -diff --git a/lib/isccfg/tests/Makefile.in b/lib/isccfg/tests/Makefile.in -index be64b92..cbd444a 100644 ---- a/lib/isccfg/tests/Makefile.in -+++ b/lib/isccfg/tests/Makefile.in -@@ -44,7 +44,7 @@ parser_test@EXEEXT@: parser_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} ${ISCCFGDEPLIBS - ${ISCLIBS} ${LIBS} - - unit:: -- sh ${top_srcdir}/unit/unittest.sh -+ sh ${top_builddir}/unit/unittest.sh - - clean distclean:: - rm -f ${TARGETS} -diff --git a/lib/lwres/tests/Makefile.in b/lib/lwres/tests/Makefile.in -index 7166d44..10db3e7 100644 ---- a/lib/lwres/tests/Makefile.in -+++ b/lib/lwres/tests/Makefile.in -@@ -39,7 +39,7 @@ config_test@EXEEXT@: config_test.@O@ ${LWRESDEPLIBS} - config_test.@O@ ${LWRESLIBS} ${LIBS} - - unit:: -- sh ${top_srcdir}/unit/unittest.sh -+ sh ${top_builddir}/unit/unittest.sh - - clean distclean:: - rm -f ${TARGETS} diff --git a/bind-9.11-libidn2-exportfix.patch b/bind-9.11-libidn2-exportfix.patch deleted file mode 100644 index 141fd4d..0000000 --- a/bind-9.11-libidn2-exportfix.patch +++ /dev/null @@ -1,122 +0,0 @@ -From a296141a45e5bea4e08358801011397c778bcc96 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Tue, 3 Apr 2018 20:35:29 +0200 -Subject: [PATCH] Remove -lidn2 from exported LIBS. Do not propagate it from - isc-config.sh --libs isc. - ---- - configure | 18 +++++++++++++----- - configure.in | 20 ++++++++++++++------ - 2 files changed, 27 insertions(+), 11 deletions(-) - -diff --git a/configure b/configure -index ce9f393..afec327 100755 ---- a/configure -+++ b/configure -@@ -22856,6 +22856,7 @@ fi - # - - LIBIDN2_CFLAGS= -+LIBIDN2_LDFLAGS= - LIBIDN2_LIBS= - - # Check whether --with-libidn2 was given. -@@ -22869,20 +22870,23 @@ case $use_libidn2 in #( - no) : - : ;; #( - yes) : -- -- LIBIDN2_LIBS="-lidn2" -- ;; #( -+ : ;; #( - *) : - - LIBIDN2_CFLAGS="-I$use_libidn2/include" -- LIBIDN2_LIBS="-L$use_libidn2/lib -lidn2" -+ LIBIDN2_LDFLAGS="-L$use_libidn2/lib" - ;; #( - *) : - ;; - esac - - if test "$use_libidn2" != "no"; then : -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing idn2_to_ascii_8z" >&5 -+ save_CFLAGS="$CFLAGS" -+ save_LIBS="$LIBS" -+ save_LDFLAGS="$LDFLAGS" -+ CFLAGS="$LIBIDN2_CFLAGS $CFLAGS" -+ LDFLAGS="$LIBIDN2_LDFLAGS $LDFLAGS" -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing idn2_to_ascii_8z" >&5 - $as_echo_n "checking for library containing idn2_to_ascii_8z... " >&6; } - if ${ac_cv_search_idn2_to_ascii_8z+:} false; then : - $as_echo_n "(cached) " >&6 -@@ -22938,6 +22942,7 @@ if test "$ac_res" != no; then : - - $as_echo "#define WITH_LIBIDN2 1" >>confdefs.h - -+ LIBIDN2_LIBS="$LIBIDN2_LDFLAGS -lidn2" - else - as_fn_error $? "libidn2 requested, but not found" "$LINENO" 5 - fi -@@ -22967,6 +22972,9 @@ $as_echo "no" >&6; } - fi - rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -+ CFLAGS="$save_CFLAGS" -+ LIBS="$save_LIBS" -+ LDFLAGS="$save_LDFLAGS" - - fi - -diff --git a/configure.in b/configure.in -index 63988c9..873e14d 100644 ---- a/configure.in -+++ b/configure.in -@@ -4904,23 +4904,28 @@ AC_SUBST(IDNKIT_LIBS) - # - - LIBIDN2_CFLAGS= -+LIBIDN2_LDFLAGS= - LIBIDN2_LIBS= - AC_ARG_WITH(libidn2, - AS_HELP_STRING([--with-libidn2[=PATH]], [enable IDN support using GNU libidn2 [yes|no|path]]), - use_libidn2="$withval", use_libidn2="no") - AS_CASE([$use_libidn2], - [no],[:], -- [yes],[ -- LIBIDN2_LIBS="-lidn2" -- ], -+ [yes],[:], - [*],[ - LIBIDN2_CFLAGS="-I$use_libidn2/include" -- LIBIDN2_LIBS="-L$use_libidn2/lib -lidn2" -+ LIBIDN2_LDFLAGS="-L$use_libidn2/lib" - ]) - - AS_IF([test "$use_libidn2" != "no"], -- [AC_SEARCH_LIBS([idn2_to_ascii_8z], [idn2], -- [AC_DEFINE(WITH_LIBIDN2, 1, [define if libidn2 support is to be included.])], -+ [save_CFLAGS="$CFLAGS" -+ save_LIBS="$LIBS" -+ save_LDFLAGS="$LDFLAGS" -+ CFLAGS="$LIBIDN2_CFLAGS $CFLAGS" -+ LDFLAGS="$LIBIDN2_LDFLAGS $LDFLAGS" -+ AC_SEARCH_LIBS([idn2_to_ascii_8z], [idn2], -+ [AC_DEFINE(WITH_LIBIDN2, 1, [define if libidn2 support is to be included.]) -+ LIBIDN2_LIBS="$LIBIDN2_LDFLAGS -lidn2"], - [AC_MSG_ERROR([libidn2 requested, but not found])]) - AC_MSG_CHECKING(whether libidn2 supports idn2_to_unicode_8zlz) - AC_TRY_LINK([#include ], -@@ -4928,6 +4933,9 @@ AS_IF([test "$use_libidn2" != "no"], - [AC_MSG_RESULT(yes) - AC_DEFINE(WITH_IDN_OUT_SUPPORT, 1, [define if IDN output support is to be included.])], - [AC_MSG_RESULT([no])]) -+ CFLAGS="$save_CFLAGS" -+ LIBS="$save_LIBS" -+ LDFLAGS="$save_LDFLAGS" - ]) - AC_SUBST([LIBIDN2_CFLAGS]) - AC_SUBST([LIBIDN2_LIBS]) --- -2.14.3 - diff --git a/bind-9.11-libidn2.patch b/bind-9.11-libidn2.patch deleted file mode 100644 index 6beab52..0000000 --- a/bind-9.11-libidn2.patch +++ /dev/null @@ -1,1189 +0,0 @@ -From 3dcf053c775344855bd6476ec4f4bada824cdd41 Mon Sep 17 00:00:00 2001 -From: Tomas Hozza -Date: Wed, 23 Sep 2015 14:37:16 +0200 -Subject: [PATCH] Add support for GNU libidn -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Added new configure option: ---with-libidn - to enable IDN using GNU libidn - -Renamed configure option: ---with-idn to --with-idnkit to make the option usage more clear - -idnkit and libidn support can not be used at the same time. - -Signed-off-by: Tomas Hozza -(cherry picked from commit 2320443f63b14ff926d0b91b479a48e29bc02376) -(cherry picked from commit edab22119f5d2b45a18727a6eb92f11b39ca3e73) - -Add support for libidn2 - -Added two new configure options: ---with-libidn2 - to enable IDN using GNU libidn2 - -idnkit, libidn and libidn2 support can not be used at the same time. - -NOTE: libidn2 does not support punycode back to Unicode -characters, so support for this is missing. - -Signed-off-by: Tomas Hozza - -Removed iconv, convert directly from locale to ACE - -Fix libidn2 and idnkit origin appending - -Make IDN options in help less different - -Signed-off-by: Petr Menšík -(cherry picked from commit 505f673451d9f94488b99f5af0ea042e3f8e0915) -(cherry picked from commit 56b66f01c6ae4d9db3a2b8df29af21f43ed65516) - -Remove conversion from locale to utf8 from public API - -Emit fatal failures on locale to ACE encoding - -Separate idnout support, disable it for libidn2 < 2.0 - -Add custom path to libidn. Leave default path for multilib support. - -Allow turning off IDN input processing by dig option - -Improve documentation, fix support in host - -Fix configure changes to adjust help text - -Use strlcpy with size guard - -Improve IDN variants choosing. Fix idn2 function name. - -Remove immediate idn_locale_to_ace and idn_ace_to_locale. - -Signed-off-by: Petr Menšík -(cherry picked from commit 94757c1545259ec3d7d99f3ba7f9baa9ce58e0d3) -(cherry picked from commit 2b031d17592a253297545c6e525019706c17c460) - -Remove support for libidn (IDN 2003) - -Signed-off-by: Petr Menšík -(cherry picked from commit 8254cf69d34947713c99839dd5139f326d8e5d43) -(cherry picked from commit 9117bbe9a5d637d51ef11c71ff6743e027db5e9e) - -Sanitize IDN initialization - -Signed-off-by: Petr Menšík -(cherry picked from commit 29b94bbb04014681afe61c1594b99f6ec30f6b1f) -(cherry picked from commit 82914d0a416edb6667e94b54ae828cd0ca8f029b) - -Simplify the libidn2 configure checks - -(cherry picked from commit 76c05a71fcf464d6a638b2d8fab589100850e3f0) -(cherry picked from commit c08528682254506f4bcf8155d700eff3ce18b601) - -Add release notes for IDNA2008 - -(cherry picked from commit e7590c7528229c7bc761a6c69c33dfb69fbaf82f) -(cherry picked from commit 2ff3b664bca0c084326d2eaf75cb3b382fa26108) ---- - bin/dig/Makefile.in | 6 +- - bin/dig/dig.c | 27 +++- - bin/dig/dig.docbook | 18 ++- - bin/dig/dighost.c | 304 +++++++++++++++++++++++++++++----------------- - bin/dig/host.c | 10 +- - bin/dig/include/dig/dig.h | 3 +- - config.h.in | 11 +- - configure | 181 ++++++++++++++++++++++++--- - configure.in | 81 +++++++++--- - doc/arm/notes.xml | 15 +++ - 10 files changed, 491 insertions(+), 165 deletions(-) - -diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in -index 511fdfe86e..d8080e5b30 100644 ---- a/bin/dig/Makefile.in -+++ b/bin/dig/Makefile.in -@@ -16,7 +16,7 @@ READLINE_LIB = @READLINE_LIB@ - - CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \ - ${BIND9_INCLUDES} ${ISC_INCLUDES} \ -- ${LWRES_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@ -+ ${LWRES_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @DST_OPENSSL_INC@ - - CDEFINES = -DVERSION=\"${VERSION}\" @CRYPTO@ - CWARNINGS = -@@ -38,10 +38,10 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} \ - ${ISCCFGDEPLIBS} ${LWRESDEPLIBS} - - LIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCLIBS} @IDNKIT_LIBS@ @LIBIDN2_LIBS@ @LIBS@ - - NOSYMLIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCNOSYMLIBS} @IDNKIT_LIBS@ @LIBIDN2_LIBS@ @LIBS@ - - SUBDIRS = - -diff --git a/bin/dig/dig.c b/bin/dig/dig.c -index 2e1ade8bf3..9a1176353e 100644 ---- a/bin/dig/dig.c -+++ b/bin/dig/dig.c -@@ -187,7 +187,8 @@ help(void) { - " +[no]fail (Don't try next server on SERVFAIL)\n" - " +[no]header-only (Send query without a question section)\n" - " +[no]identify (ID responders in short answers)\n" --" +[no]idnout (convert IDN response)\n" -+" +[no]idnin (Parse IDN names)\n" -+" +[no]idnout (Convert IDN response)\n" - " +[no]ignore (Don't revert to TCP for TC responses.)\n" - " +[no]keepopen (Keep the TCP socket open between queries)\n" - " +[no]mapped (Allow mapped IPv4 over IPv6)\n" -@@ -1091,12 +1092,28 @@ plus_option(const char *option, isc_boolean_t is_batchfile, - lookup->identify = state; - break; - case 'n': -- FULLCHECK("idnout"); --#ifndef WITH_IDN -- fprintf(stderr, ";; IDN support not enabled\n"); -+ switch (cmd[3]) { -+ case 'i': -+ FULLCHECK("idnin"); -+#ifndef WITH_IDN_SUPPORT -+ fprintf(stderr, ";; IDN input support" -+ " not enabled\n"); -+#else -+ lookup->idnin = state; -+#endif -+ break; -+ case 'o': -+ FULLCHECK("idnout"); -+#ifndef WITH_IDN_OUT_SUPPORT -+ fprintf(stderr, ";; IDN output support" -+ " not enabled\n"); - #else -- lookup->idnout = state; -+ lookup->idnout = state; - #endif -+ break; -+ default: -+ goto invalid_option; -+ } - break; - default: - goto invalid_option; -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook -index bee62c6307..da5b7d6515 100644 ---- a/bin/dig/dig.docbook -+++ b/bin/dig/dig.docbook -@@ -773,6 +773,17 @@ - - - -+ -+ -+ -+ -+ Process [do not process] IDN domain names on input. -+ This requires IDN SUPPORT to have been enabled at -+ compile time. The default is to process IDN input. -+ -+ -+ -+ - - - -@@ -1265,10 +1276,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr - dig appropriately converts character encoding of - domain name before sending a request to DNS server or displaying a - reply from the server. -- If you'd like to turn off the IDN support for some reason, defines -- the IDN_DISABLE environment variable. -- The IDN support is disabled if the variable is set when -- dig runs. -+ If you'd like to turn off the IDN support for some reason, use -+ parameters +noidnin and -+ +noidnout. - - - -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index fdfff399f5..c179b625f1 100644 ---- a/bin/dig/dighost.c -+++ b/bin/dig/dighost.c -@@ -21,18 +21,25 @@ - #include - #include - #include -+#include - - #ifdef HAVE_LOCALE_H - #include - #endif - --#ifdef WITH_IDN -+#ifdef WITH_IDN_SUPPORT -+#ifdef WITH_IDNKIT - #include - #include - #include - #include - #endif - -+#ifdef WITH_LIBIDN2 -+#include -+#endif -+#endif /* WITH_IDN_SUPPORT */ -+ - #include - #ifdef DIG_SIGCHASE - #include -@@ -145,18 +152,26 @@ int lookup_counter = 0; - - static char servercookie[256]; - --#ifdef WITH_IDN --static void initialize_idn(void); --static isc_result_t output_filter(isc_buffer_t *buffer, -- unsigned int used_org, -- isc_boolean_t absolute); --static idn_result_t append_textname(char *name, const char *origin, -- size_t namesize); --static void idn_check_result(idn_result_t r, const char *msg); -- --#define MAXDLEN 256 --int idnoptions = 0; -+#ifdef WITH_IDN_SUPPORT -+static void idn_initialize(void); -+static isc_result_t idn_locale_to_ace(const char *from, -+ char *to, -+ size_t tolen); -+#endif /* WITH_IDN_SUPPORT */ -+ -+#ifdef WITH_IDN_OUT_SUPPORT -+static isc_result_t idn_ace_to_locale(const char *from, -+ char *to, -+ size_t tolen); -+static isc_result_t output_filter(isc_buffer_t *buffer, -+ unsigned int used_org, -+ isc_boolean_t absolute); -+#define MAXDLEN 256 -+ -+#ifdef WITH_IDNKIT -+int idnoptions = 0; - #endif -+#endif /* WITH_IDN_OUT_SUPPORT */ - - isc_socket_t *keep = NULL; - isc_sockaddr_t keepaddr; -@@ -803,7 +818,12 @@ make_empty_lookup(void) { - looknew->sendcookie = ISC_FALSE; - looknew->seenbadcookie = ISC_FALSE; - looknew->badcookie = ISC_TRUE; --#ifdef WITH_IDN -+#ifdef WITH_IDN_SUPPORT -+ looknew->idnin = ISC_TRUE; -+#else -+ looknew->idnin = ISC_FALSE; -+#endif -+#ifdef WITH_IDN_OUT_SUPPORT - looknew->idnout = ISC_TRUE; - #else - looknew->idnout = ISC_FALSE; -@@ -952,6 +972,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { - } - looknew->ednsneg = lookold->ednsneg; - looknew->mapped = lookold->mapped; -+ looknew->idnin = lookold->idnin; - looknew->idnout = lookold->idnout; - #ifdef DIG_SIGCHASE - looknew->sigchase = lookold->sigchase; -@@ -1512,8 +1533,19 @@ setup_system(isc_boolean_t ipv4only, isc_boolean_t ipv6only) { - copy_server_list(lwconf, &server_list); - } - --#ifdef WITH_IDN -- initialize_idn(); -+#ifdef HAVE_SETLOCALE -+ /* Set locale */ -+ (void)setlocale(LC_ALL, ""); -+#endif -+ -+#ifdef WITH_IDN_SUPPORT -+ idn_initialize(); -+#endif -+ -+#ifdef WITH_IDN_OUT_SUPPORT -+ /* Set domain name -> text post-conversion filter. */ -+ result = dns_name_settotextfilter(output_filter); -+ check_result(result, "dns_name_settotextfilter"); - #endif - - if (keyfile[0] != 0) -@@ -2344,12 +2376,13 @@ setup_lookup(dig_lookup_t *lookup) { - char store[MXNAME]; - char ecsbuf[20]; - char cookiebuf[256]; --#ifdef WITH_IDN -- idn_result_t mr; -- char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; -+ char *origin = NULL; -+ char *textname = NULL; -+#ifdef WITH_IDN_SUPPORT -+ char idn_origin[MXNAME], idn_textname[MXNAME]; - #endif - --#ifdef WITH_IDN -+#ifdef WITH_IDN_OUT_SUPPORT - result = dns_name_settotextfilter(lookup->idnout ? - output_filter : NULL); - check_result(result, "dns_name_settotextfilter"); -@@ -2382,15 +2415,20 @@ setup_lookup(dig_lookup_t *lookup) { - isc_buffer_init(&lookup->onamebuf, lookup->oname_space, - sizeof(lookup->oname_space)); - --#ifdef WITH_IDN - /* - * We cannot convert `textname' and `origin' separately. - * `textname' doesn't contain TLD, but local mapping needs - * TLD. - */ -- mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, -- utf8_textname, sizeof(utf8_textname)); -- idn_check_result(mr, "convert textname to UTF-8"); -+ textname = lookup->textname; -+#ifdef WITH_IDN_SUPPORT -+ if (lookup->idnin) { -+ result = idn_locale_to_ace(lookup->textname, idn_textname, -+ sizeof(idn_textname)); -+ check_result(result, "convert textname to IDN encoding"); -+ debug("idn_textname: %s", idn_textname); -+ textname = idn_textname; -+ } - #endif - - /* -@@ -2401,17 +2439,8 @@ setup_lookup(dig_lookup_t *lookup) { - * is TRUE or we got a domain line in the resolv.conf file. - */ - if (lookup->new_search) { --#ifdef WITH_IDN -- if ((count_dots(utf8_textname) >= ndots) || !usesearch) { -- lookup->origin = NULL; /* Force abs lookup */ -- lookup->done_as_is = ISC_TRUE; -- lookup->need_search = usesearch; -- } else if (lookup->origin == NULL && usesearch) { -- lookup->origin = ISC_LIST_HEAD(search_list); -- lookup->need_search = ISC_FALSE; -- } --#else -- if ((count_dots(lookup->textname) >= ndots) || !usesearch) { -+ if ((count_dots(textname) >= ndots) || !usesearch) -+ { - lookup->origin = NULL; /* Force abs lookup */ - lookup->done_as_is = ISC_TRUE; - lookup->need_search = usesearch; -@@ -2419,24 +2448,8 @@ setup_lookup(dig_lookup_t *lookup) { - lookup->origin = ISC_LIST_HEAD(search_list); - lookup->need_search = ISC_FALSE; - } --#endif - } - --#ifdef WITH_IDN -- if (lookup->origin != NULL) { -- mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, -- lookup->origin->origin, utf8_origin, -- sizeof(utf8_origin)); -- idn_check_result(mr, "convert origin to UTF-8"); -- mr = append_textname(utf8_textname, utf8_origin, -- sizeof(utf8_textname)); -- idn_check_result(mr, "append origin to textname"); -- } -- mr = idn_encodename(idnoptions | IDN_LOCALMAP | IDN_NAMEPREP | -- IDN_IDNCONV | IDN_LENCHECK, utf8_textname, -- idn_textname, sizeof(idn_textname)); -- idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); --#else - if (lookup->origin != NULL) { - debug("trying origin %s", lookup->origin->origin); - result = dns_message_gettempname(lookup->sendmsg, -@@ -2444,8 +2457,18 @@ setup_lookup(dig_lookup_t *lookup) { - check_result(result, "dns_message_gettempname"); - dns_name_init(lookup->oname, NULL); - /* XXX Helper funct to conv char* to name? */ -- len = (unsigned int) strlen(lookup->origin->origin); -- isc_buffer_init(&b, lookup->origin->origin, len); -+ origin = lookup->origin->origin; -+#ifdef WITH_IDN_SUPPORT -+ if (lookup->idnin) { -+ result = idn_locale_to_ace(lookup->origin->origin, -+ idn_origin, sizeof(idn_origin)); -+ check_result(result, "convert origin to IDN encoding"); -+ debug("trying idn origin %s", idn_origin); -+ origin = idn_origin; -+ } -+#endif -+ len = (unsigned int) strlen(origin); -+ isc_buffer_init(&b, origin, len); - isc_buffer_add(&b, len); - result = dns_name_fromtext(lookup->oname, &b, dns_rootname, - 0, &lookup->onamebuf); -@@ -2455,7 +2478,7 @@ setup_lookup(dig_lookup_t *lookup) { - dns_message_puttempname(lookup->sendmsg, - &lookup->oname); - fatal("'%s' is not in legal name syntax (%s)", -- lookup->origin->origin, -+ origin, - isc_result_totext(result)); - } - if (lookup->trace && lookup->trace_root) { -@@ -2466,8 +2489,8 @@ setup_lookup(dig_lookup_t *lookup) { - - dns_fixedname_init(&fixed); - name = dns_fixedname_name(&fixed); -- len = (unsigned int) strlen(lookup->textname); -- isc_buffer_init(&b, lookup->textname, len); -+ len = (unsigned int) strlen(textname); -+ isc_buffer_init(&b, textname, len); - isc_buffer_add(&b, len); - result = dns_name_fromtext(name, &b, NULL, 0, NULL); - if (result == ISC_R_SUCCESS && -@@ -2492,28 +2515,17 @@ setup_lookup(dig_lookup_t *lookup) { - } - } - dns_message_puttempname(lookup->sendmsg, &lookup->oname); -- } else --#endif -- { -+ } else { - debug("using root origin"); - if (lookup->trace && lookup->trace_root) - dns_name_clone(dns_rootname, lookup->name); - else { --#ifdef WITH_IDN -- len = (unsigned int) strlen(idn_textname); -- isc_buffer_init(&b, idn_textname, len); -+ len = (unsigned int) strlen(textname); -+ isc_buffer_init(&b, textname, len); - isc_buffer_add(&b, len); - result = dns_name_fromtext(lookup->name, &b, - dns_rootname, 0, - &lookup->namebuf); --#else -- len = (unsigned int) strlen(lookup->textname); -- isc_buffer_init(&b, lookup->textname, len); -- isc_buffer_add(&b, len); -- result = dns_name_fromtext(lookup->name, &b, -- dns_rootname, 0, -- &lookup->namebuf); --#endif - } - if (result != ISC_R_SUCCESS) { - dns_message_puttempname(lookup->sendmsg, -@@ -4512,7 +4524,7 @@ destroy_libs(void) { - void * ptr; - dig_message_t *chase_msg; - #endif --#ifdef WITH_IDN -+#ifdef WITH_IDN_SUPPORT - isc_result_t result; - #endif - -@@ -4549,7 +4561,7 @@ destroy_libs(void) { - - clear_searchlist(); - --#ifdef WITH_IDN -+#ifdef WITH_IDN_SUPPORT - result = dns_name_settotextfilter(NULL); - check_result(result, "dns_name_settotextfilter"); - #endif -@@ -4633,27 +4645,7 @@ destroy_libs(void) { - isc_mem_destroy(&mctx); - } - --#ifdef WITH_IDN --static void --initialize_idn(void) { -- idn_result_t r; -- isc_result_t result; -- --#ifdef HAVE_SETLOCALE -- /* Set locale */ -- (void)setlocale(LC_ALL, ""); --#endif -- /* Create configuration context. */ -- r = idn_nameinit(1); -- if (r != idn_success) -- fatal("idn api initialization failed: %s", -- idn_result_tostring(r)); -- -- /* Set domain name -> text post-conversion filter. */ -- result = dns_name_settotextfilter(output_filter); -- check_result(result, "dns_name_settotextfilter"); --} -- -+#ifdef WITH_IDN_OUT_SUPPORT - static isc_result_t - output_filter(isc_buffer_t *buffer, unsigned int used_org, - isc_boolean_t absolute) -@@ -4661,6 +4653,7 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org, - char tmp1[MAXDLEN], tmp2[MAXDLEN]; - size_t fromlen, tolen; - isc_boolean_t end_with_dot; -+ isc_result_t result; - - /* - * Copy contents of 'buffer' to 'tmp1', supply trailing dot -@@ -4669,6 +4662,7 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org, - fromlen = isc_buffer_usedlength(buffer) - used_org; - if (fromlen >= MAXDLEN) - return (ISC_R_SUCCESS); -+ - memmove(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen); - end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; - if (absolute && !end_with_dot) { -@@ -4677,13 +4671,16 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org, - return (ISC_R_SUCCESS); - tmp1[fromlen - 1] = '.'; - } -+ - tmp1[fromlen] = '\0'; - - /* - * Convert contents of 'tmp1' to local encoding. - */ -- if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success) -+ result = idn_ace_to_locale(tmp1, tmp2, sizeof(tmp2)); -+ if (result != ISC_R_SUCCESS) { - return (ISC_R_SUCCESS); -+ } - strlcpy(tmp1, tmp2, MAXDLEN); - - /* -@@ -4703,35 +4700,118 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org, - - return (ISC_R_SUCCESS); - } -+#endif - --static idn_result_t --append_textname(char *name, const char *origin, size_t namesize) { -- size_t namelen = strlen(name); -- size_t originlen = strlen(origin); -+#ifdef WITH_IDN_SUPPORT -+#ifdef WITH_IDNKIT -+static void -+idnkit_check_result(idn_result_t result, const char *msg) { -+ if (result != idn_success) { -+ fatal("%s: %s", msg, idn_result_tostring(result)); -+ } -+} -+ -+static void -+idn_initialize(void) { -+ idn_result_t result; - -- /* Already absolute? */ -- if (namelen > 0 && name[namelen - 1] == '.') -- return (idn_success); -+ /* Create configuration context. */ -+ result = idn_nameinit(1); -+ idnkit_check_result(result, "idnkit api initialization failed"); -+ return (ISC_R_SUCCESS); -+} - -- /* Append dot and origin */ -+static isc_result_t -+idn_locale_to_ace(const char *from, char *to, size_t tolen) { -+ char utf8_textname[MXNAME]; -+ idn_result_t result; -+ -+ result = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, from, -+ utf8_textname, sizeof(utf8_textname)); -+ idnkit_check_result(result, "idnkit idn_encodename to utf8 failed"); -+ -+ result = idn_encodename(idnoptions | IDN_LOCALMAP | IDN_NAMEPREP | -+ IDN_IDNCONV | IDN_LENCHECK, -+ utf8_textname, to, tolen); -+ idnkit_check_result(result, "idnkit idn_encodename to idn failed"); -+ return (ISC_R_SUCCESS); -+} - -- if (namelen + 1 + originlen >= namesize) -- return (idn_buffer_overflow); -+static isc_result_t -+idn_ace_to_locale(const char *from, char *to, size_t tolen) { -+ idn_result_t result; - -- if (*origin != '.') -- name[namelen++] = '.'; -- (void)strlcpy(name + namelen, origin, namesize - namelen); -- return (idn_success); -+ result = idn_decodename(IDN_DECODE_APP, from, to, tolen); -+ if (result != idn_success) { -+ debug("idnkit idn_decodename failed: %s", -+ idn_result_tostring(result)); -+ return (ISC_R_FAILURE); -+ } -+ return (ISC_R_SUCCESS); - } -+#endif /* WITH_IDNKIT */ - -+#ifdef WITH_LIBIDN2 - static void --idn_check_result(idn_result_t r, const char *msg) { -- if (r != idn_success) { -- exitcode = 1; -- fatal("%s: %s", msg, idn_result_tostring(r)); -+idn_initialize(void) { -+} -+ -+static isc_result_t -+idn_locale_to_ace(const char *from, char *to, size_t tolen) { -+ int res; -+ char *tmp_str = NULL; -+ -+ res = idn2_lookup_ul(from, &tmp_str, IDN2_NONTRANSITIONAL); -+ if (res == IDN2_DISALLOWED) -+ res = idn2_lookup_ul(from, &tmp_str, IDN2_TRANSITIONAL); -+ -+ if (res == IDN2_OK) { -+ /* check the length */ -+ if (strlen(tmp_str) >= tolen) { -+ debug("ACE string is too long"); -+ idn2_free(tmp_str); -+ return ISC_R_NOSPACE; -+ } -+ -+ (void) strlcpy(to, tmp_str, tolen); -+ idn2_free(tmp_str); -+ return ISC_R_SUCCESS; - } -+ -+ fatal("idn2_lookup_ul failed: %s", idn2_strerror(res)); -+ return ISC_R_FAILURE; -+} -+ -+#ifdef WITH_IDN_OUT_SUPPORT -+static isc_result_t -+idn_ace_to_locale(const char *from, char *to, size_t tolen) { -+ int res; -+ char *tmp_str = NULL; -+ -+ res = idn2_to_unicode_8zlz(from, &tmp_str, -+ IDN2_NONTRANSITIONAL|IDN2_NFC_INPUT); -+ -+ if (res == IDN2_OK) { -+ /* check the length */ -+ if (strlen(tmp_str) >= tolen) { -+ debug("encoded ASC string is too long"); -+ idn2_free(tmp_str); -+ return ISC_R_FAILURE; -+ } -+ -+ (void) strncpy(to, tmp_str, tolen); -+ free(tmp_str); -+ return ISC_R_SUCCESS; -+ } else { -+ debug("idn2_to_unicode_8zlz failed: %s", -+ idn2_strerror(res)); -+ } -+ -+ return ISC_R_FAILURE; - } --#endif /* WITH_IDN */ -+#endif /* WITH_IDN_OUT_SUPPORT */ -+#endif /* WITH_LIBIDN2 */ -+#endif /* WITH_IDN_SUPPORT */ - - #ifdef DIG_SIGCHASE - void -diff --git a/bin/dig/host.c b/bin/dig/host.c -index f9e5b08962..f16483827a 100644 ---- a/bin/dig/host.c -+++ b/bin/dig/host.c -@@ -16,7 +16,7 @@ - #include - #endif - --#ifdef WITH_IDN -+#ifdef WITH_IDNKIT - #include - #include - #include -@@ -720,7 +720,7 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { - lookup->rdtype != dns_rdatatype_axfr) - lookup->rdtype = rdtype; - lookup->rdtypeset = ISC_TRUE; --#ifdef WITH_IDN -+#ifdef WITH_IDNKIT - idnoptions = 0; - #endif - if (rdtype == dns_rdatatype_axfr) { -@@ -735,7 +735,7 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { - } else if (rdtype == dns_rdatatype_any) { - if (!lookup->tcp_mode_set) - lookup->tcp_mode = ISC_TRUE; --#ifdef WITH_IDN -+#ifdef WITH_IDNKIT - } else if (rdtype == dns_rdatatype_a || - rdtype == dns_rdatatype_aaaa || - rdtype == dns_rdatatype_mx) { -@@ -767,7 +767,7 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { - if (!lookup->rdtypeset || - lookup->rdtype != dns_rdatatype_axfr) - lookup->rdtype = dns_rdatatype_any; --#ifdef WITH_IDN -+#ifdef WITH_IDNKIT - idnoptions = 0; - #endif - list_type = dns_rdatatype_any; -@@ -881,7 +881,7 @@ main(int argc, char **argv) { - ISC_LIST_INIT(search_list); - - fatalexit = 1; --#ifdef WITH_IDN -+#ifdef WITH_IDNKIT - idnoptions = IDN_ASCCHECK; - #endif - -diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h -index 2c7a5aeaa8..446ee027af 100644 ---- a/bin/dig/include/dig/dig.h -+++ b/bin/dig/include/dig/dig.h -@@ -130,6 +130,7 @@ struct dig_lookup { - ednsneg, - mapped, - print_unknown_format, -+ idnin, - idnout; - #ifdef DIG_SIGCHASE - isc_boolean_t sigchase; -@@ -292,7 +293,7 @@ extern char *progname; - extern int tries; - extern int fatalexit; - extern isc_boolean_t verbose; --#ifdef WITH_IDN -+#ifdef WITH_IDNKIT - extern int idnoptions; - #endif - -diff --git a/config.h.in b/config.h.in -index 29cdb07a50..cd798c288d 100644 ---- a/config.h.in -+++ b/config.h.in -@@ -596,7 +596,16 @@ int sigwait(const unsigned int *set, int *sig); - #undef WANT_QUERYTRACE - - /* define if idnkit support is to be included. */ --#undef WITH_IDN -+#undef WITH_IDNKIT -+ -+/* define if IDN output support is to be included. */ -+#undef WITH_IDN_OUT_SUPPORT -+ -+/* define if IDN input support is to be included. */ -+#undef WITH_IDN_SUPPORT -+ -+/* define if libidn2 support is to be included. */ -+#undef WITH_LIBIDN2 - - /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most - significant byte first (like Motorola and SPARC, unlike Intel). */ -diff --git a/configure b/configure -index 5ae413202f..ce9f393170 100755 ---- a/configure -+++ b/configure -@@ -682,7 +682,9 @@ UNITTESTS - ATFLIBS - ATFBIN - ATFBUILD --IDNLIBS -+LIBIDN2_LIBS -+LIBIDN2_CFLAGS -+IDNKIT_LIBS - XSLT_DBLATEX_FASTBOOK - XSLT_DBLATEX_STYLE - XSLT_DOCBOOK_MAKETOC_XHTML -@@ -1066,10 +1068,11 @@ enable_dnstap - with_protobuf_c - with_libfstrm - with_docbook_xsl --with_idn -+with_idnkit - with_libiconv - with_iconv - with_idnlib -+with_libidn2 - with_atf - with_tuning - enable_querytrace -@@ -1794,10 +1797,11 @@ Optional Packages: - --with-protobuf-c=path Path where protobuf-c is installed, for dnstap - --with-libfstrm=path Path where libfstrm is installed, for dnstap - --with-docbook-xsl=PATH specify path for Docbook-XSL stylesheets -- --with-idn=MPREFIX enable IDN support using idnkit [default PREFIX] -+ --with-idnkit=PATH enable IDN support using idnkit [yes|no|path] - --with-libiconv=IPREFIX GNU libiconv are in IPREFIX [default PREFIX] - --with-iconv=LIBSPEC specify iconv library [default -liconv] - --with-idnlib=ARG specify libidnkit -+ --with-libidn2=PATH enable IDN support using GNU libidn2 [yes|no|path] - --with-atf support Automated Test Framework - --with-tuning=ARG Specify server tuning (large or default) - --with-dlopen=ARG support dynamically loadable DLZ drivers -@@ -22755,28 +22759,28 @@ fi - - - # --# IDN support -+# IDN support using idnkit - # - --# Check whether --with-idn was given. --if test "${with_idn+set}" = set; then : -- withval=$with_idn; use_idn="$withval" -+# Check whether --with-idnkit was given. -+if test "${with_idnkit+set}" = set; then : -+ withval=$with_idnkit; use_idnkit="$withval" - else -- use_idn="no" -+ use_idnkit="no" - fi - --case "$use_idn" in -+case "$use_idnkit" in - yes) - if test X$prefix = XNONE ; then -- idn_path=/usr/local -+ idnkit_path=/usr/local - else -- idn_path=$prefix -+ idnkit_path=$prefix - fi - ;; - no) - ;; - *) -- idn_path="$use_idn" -+ idnkit_path="$use_idnkit" - ;; - esac - -@@ -22833,20 +22837,161 @@ if test "yes" = "$idnlib"; then - as_fn_error $? "You must specify ARG for --with-idnlib." "$LINENO" 5 - fi - --IDNLIBS= --if test "no" != "$use_idn"; then -+IDNKIT_LIBS= -+if test "no" != "$use_idnkit"; then - --$as_echo "#define WITH_IDN 1" >>confdefs.h -+$as_echo "#define WITH_IDNKIT 1" >>confdefs.h - -- STD_CINCLUDES="$STD_CINCLUDES -I$idn_path/include" -+ STD_CINCLUDES="$STD_CINCLUDES -I$idnkit_path/include" - if test "no" != "$idnlib"; then -- IDNLIBS="$idnlib $iconvlib" -+ IDNKIT_LIBS="$idnlib $iconvlib" - else -- IDNLIBS="-L$idn_path/lib -lidnkit $iconvlib" -+ IDNKIT_LIBS="-L$idnkit_path/lib -lidnkit $iconvlib" - fi - fi - - -+# -+# IDN support using libidn2 -+# -+ -+LIBIDN2_CFLAGS= -+LIBIDN2_LIBS= -+ -+# Check whether --with-libidn2 was given. -+if test "${with_libidn2+set}" = set; then : -+ withval=$with_libidn2; use_libidn2="$withval" -+else -+ use_libidn2="no" -+fi -+ -+case $use_libidn2 in #( -+ no) : -+ : ;; #( -+ yes) : -+ -+ LIBIDN2_LIBS="-lidn2" -+ ;; #( -+ *) : -+ -+ LIBIDN2_CFLAGS="-I$use_libidn2/include" -+ LIBIDN2_LIBS="-L$use_libidn2/lib -lidn2" -+ ;; #( -+ *) : -+ ;; -+esac -+ -+if test "$use_libidn2" != "no"; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing idn2_to_ascii_8z" >&5 -+$as_echo_n "checking for library containing idn2_to_ascii_8z... " >&6; } -+if ${ac_cv_search_idn2_to_ascii_8z+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ ac_func_search_save_LIBS=$LIBS -+cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+ -+/* Override any GCC internal prototype to avoid an error. -+ Use char because int might match the return type of a GCC -+ builtin and then its argument prototype would still apply. */ -+#ifdef __cplusplus -+extern "C" -+#endif -+char idn2_to_ascii_8z (); -+int -+main () -+{ -+return idn2_to_ascii_8z (); -+ ; -+ return 0; -+} -+_ACEOF -+for ac_lib in '' idn2; do -+ if test -z "$ac_lib"; then -+ ac_res="none required" -+ else -+ ac_res=-l$ac_lib -+ LIBS="-l$ac_lib $ac_func_search_save_LIBS" -+ fi -+ if ac_fn_c_try_link "$LINENO"; then : -+ ac_cv_search_idn2_to_ascii_8z=$ac_res -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext -+ if ${ac_cv_search_idn2_to_ascii_8z+:} false; then : -+ break -+fi -+done -+if ${ac_cv_search_idn2_to_ascii_8z+:} false; then : -+ -+else -+ ac_cv_search_idn2_to_ascii_8z=no -+fi -+rm conftest.$ac_ext -+LIBS=$ac_func_search_save_LIBS -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_idn2_to_ascii_8z" >&5 -+$as_echo "$ac_cv_search_idn2_to_ascii_8z" >&6; } -+ac_res=$ac_cv_search_idn2_to_ascii_8z -+if test "$ac_res" != no; then : -+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" -+ -+$as_echo "#define WITH_LIBIDN2 1" >>confdefs.h -+ -+else -+ as_fn_error $? "libidn2 requested, but not found" "$LINENO" 5 -+fi -+ -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether libidn2 supports idn2_to_unicode_8zlz" >&5 -+$as_echo_n "checking whether libidn2 supports idn2_to_unicode_8zlz... " >&6; } -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+#include -+int -+main () -+{ -+idn2_to_unicode_8zlz(".", NULL, IDN2_NONTRANSITIONAL|IDN2_NFC_INPUT); -+ ; -+ return 0; -+} -+_ACEOF -+if ac_fn_c_try_link "$LINENO"; then : -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -+$as_echo "yes" >&6; } -+ -+$as_echo "#define WITH_IDN_OUT_SUPPORT 1" >>confdefs.h -+ -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+fi -+rm -f core conftest.err conftest.$ac_objext \ -+ conftest$ac_exeext conftest.$ac_ext -+ -+fi -+ -+ -+ -+# -+# IDN support in general -+# -+ -+# check if idnkit and libidn2 are not used at the same time -+if test "$use_idnkit" != no && test "$use_libidn2" != no; then -+ as_fn_error $? "idnkit and libidn2 cannot be used at the same time." "$LINENO" 5 -+fi -+# the IDN support is on -+if test "$use_idnkit" != no || test "$use_libidn2" != no; then -+ -+$as_echo "#define WITH_IDN_SUPPORT 1" >>confdefs.h -+ -+ if test "$use_libidn2" = no || test "$use_libidn2_out" != no; then -+ -+$as_echo "#define WITH_IDN_OUT_SUPPORT 1" >>confdefs.h -+ -+ fi -+fi -+ - # - # Check whether to build Automated Test Framework unit tests - # -diff --git a/configure.in b/configure.in -index 388356a7c3..63988c97dc 100644 ---- a/configure.in -+++ b/configure.in -@@ -4824,24 +4824,24 @@ NOM_PATH_FILE(XSLT_DBLATEX_STYLE, xsl/docbook.xsl, $dblatex_xsl_trees) - NOM_PATH_FILE(XSLT_DBLATEX_FASTBOOK, xsl/latex_book_fast.xsl, $dblatex_xsl_trees) - - # --# IDN support -+# IDN support using idnkit - # --AC_ARG_WITH(idn, -- AS_HELP_STRING([--with-idn[=MPREFIX]], -- [enable IDN support using idnkit [default PREFIX]]), -- use_idn="$withval", use_idn="no") --case "$use_idn" in -+AC_ARG_WITH(idnkit, -+ AS_HELP_STRING([--with-idnkit[=PATH]], -+ [enable IDN support using idnkit [yes|no|path]]), -+ use_idnkit="$withval", use_idnkit="no") -+case "$use_idnkit" in - yes) - if test X$prefix = XNONE ; then -- idn_path=/usr/local -+ idnkit_path=/usr/local - else -- idn_path=$prefix -+ idnkit_path=$prefix - fi - ;; - no) - ;; - *) -- idn_path="$use_idn" -+ idnkit_path="$use_idnkit" - ;; - esac - -@@ -4887,17 +4887,66 @@ if test "yes" = "$idnlib"; then - AC_MSG_ERROR([You must specify ARG for --with-idnlib.]) - fi - --IDNLIBS= --if test "no" != "$use_idn"; then -- AC_DEFINE(WITH_IDN, 1, [define if idnkit support is to be included.]) -- STD_CINCLUDES="$STD_CINCLUDES -I$idn_path/include" -+IDNKIT_LIBS= -+if test "no" != "$use_idnkit"; then -+ AC_DEFINE(WITH_IDNKIT, 1, [define if idnkit support is to be included.]) -+ STD_CINCLUDES="$STD_CINCLUDES -I$idnkit_path/include" - if test "no" != "$idnlib"; then -- IDNLIBS="$idnlib $iconvlib" -+ IDNKIT_LIBS="$idnlib $iconvlib" - else -- IDNLIBS="-L$idn_path/lib -lidnkit $iconvlib" -+ IDNKIT_LIBS="-L$idnkit_path/lib -lidnkit $iconvlib" -+ fi -+fi -+AC_SUBST(IDNKIT_LIBS) -+ -+# -+# IDN support using libidn2 -+# -+ -+LIBIDN2_CFLAGS= -+LIBIDN2_LIBS= -+AC_ARG_WITH(libidn2, -+ AS_HELP_STRING([--with-libidn2[=PATH]], [enable IDN support using GNU libidn2 [yes|no|path]]), -+ use_libidn2="$withval", use_libidn2="no") -+AS_CASE([$use_libidn2], -+ [no],[:], -+ [yes],[ -+ LIBIDN2_LIBS="-lidn2" -+ ], -+ [*],[ -+ LIBIDN2_CFLAGS="-I$use_libidn2/include" -+ LIBIDN2_LIBS="-L$use_libidn2/lib -lidn2" -+ ]) -+ -+AS_IF([test "$use_libidn2" != "no"], -+ [AC_SEARCH_LIBS([idn2_to_ascii_8z], [idn2], -+ [AC_DEFINE(WITH_LIBIDN2, 1, [define if libidn2 support is to be included.])], -+ [AC_MSG_ERROR([libidn2 requested, but not found])]) -+ AC_MSG_CHECKING(whether libidn2 supports idn2_to_unicode_8zlz) -+ AC_TRY_LINK([#include ], -+ [idn2_to_unicode_8zlz(".", NULL, IDN2_NONTRANSITIONAL|IDN2_NFC_INPUT);], -+ [AC_MSG_RESULT(yes) -+ AC_DEFINE(WITH_IDN_OUT_SUPPORT, 1, [define if IDN output support is to be included.])], -+ [AC_MSG_RESULT([no])]) -+ ]) -+AC_SUBST([LIBIDN2_CFLAGS]) -+AC_SUBST([LIBIDN2_LIBS]) -+ -+# -+# IDN support in general -+# -+ -+# check if idnkit and libidn2 are not used at the same time -+if test "$use_idnkit" != no && test "$use_libidn2" != no; then -+ AC_MSG_ERROR([idnkit and libidn2 cannot be used at the same time.]) -+fi -+# the IDN support is on -+if test "$use_idnkit" != no || test "$use_libidn2" != no; then -+ AC_DEFINE(WITH_IDN_SUPPORT, 1, [define if IDN input support is to be included.]) -+ if test "$use_libidn2" = no || test "$use_libidn2_out" != no; then -+ AC_DEFINE(WITH_IDN_OUT_SUPPORT, 1, [define if IDN output support is to be included.]) - fi - fi --AC_SUBST(IDNLIBS) - - # - # Check whether to build Automated Test Framework unit tests -diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml -index ec761018c8..ea9b61fd73 100644 ---- a/doc/arm/notes.xml -+++ b/doc/arm/notes.xml -@@ -166,6 +166,14 @@ - [RT #43670] - - -+ -+ -+ named will now log a warning if the old -+ BIND now can be compiled against libidn2 library to add -+ IDNA2008 support. Previously BIND only supported IDNA2003 -+ using (now obsolete) idnkit-1 library. -+ -+ - - - -@@ -242,6 +250,13 @@ - Multicast DNS. [RT #44783] - - -+ -+ -+ dig +noidnin can be used to disable IDN -+ processing on the input domain name, when BIND is compiled -+ with IDN support. -+ -+ - - - --- -2.14.3 - diff --git a/bind-9.5-dlz-64bit.patch b/bind-9.5-dlz-64bit.patch index 06b5545..ec064c6 100644 --- a/bind-9.5-dlz-64bit.patch +++ b/bind-9.5-dlz-64bit.patch @@ -1,5 +1,5 @@ diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in -index 5d65a85..2677b26 100644 +index 47525af..eefe3c3 100644 --- a/contrib/dlz/config.dlz.in +++ b/contrib/dlz/config.dlz.in @@ -17,6 +17,13 @@ @@ -16,66 +16,7 @@ index 5d65a85..2677b26 100644 # # Private autoconf macro to simplify configuring drivers: # -@@ -152,23 +159,11 @@ then - then - use_dlz_mysql=$d - mysql_include=$d/include/mysql -- if test -d $d/lib/mysql -- then -- mysql_lib=$d/lib/mysql -- else -- mysql_lib=$d/lib -- fi - break - elif test -f $d/include/mysql.h - then - use_dlz_mysql=$d - mysql_include=$d/include -- if test -d $d/lib/mysql -- then -- mysql_lib=$d/lib/mysql -- else -- mysql_lib=$d/lib -- fi - break - fi - done -@@ -179,21 +174,9 @@ then - if test -f $d/include/mysql/mysql.h - then - mysql_include=$d/include/mysql -- if test -d $d/lib/mysql -- then -- mysql_lib=$d/lib/mysql -- else -- mysql_lib=$d/lib -- fi - elif test -f $d/include/mysql.h - then - mysql_include=$d/include -- if test -d $d/lib/mysql -- then -- mysql_lib=$d/lib/mysql -- else -- mysql_lib=$d/lib -- fi - fi - fi - -@@ -217,6 +200,12 @@ case "$use_dlz_mysql" in - [using mysql with libs ${mysql_lib} and includes ${mysql_include}]) - ;; - *) -+ if test -d $use_dlz_mysql/${target_lib}/mysql -+ then -+ mysql_lib=$use_dlz_mysql/${target_lib}/mysql -+ else -+ mysql_lib=$use_dlz_mysql/${target_lib} -+ fi - DLZ_ADD_DRIVER(MYSQL, dlz_mysql_driver, - [-I${mysql_include}], - [-L${mysql_lib} -lmysqlclient -lz -lcrypt -lm]) -@@ -310,9 +299,9 @@ case "$use_dlz_bdb" in +@@ -292,9 +299,9 @@ case "$use_dlz_bdb" in then break fi @@ -87,7 +28,7 @@ index 5d65a85..2677b26 100644 break fi done -@@ -414,7 +403,7 @@ case "$use_dlz_ldap" in +@@ -396,7 +403,7 @@ case "$use_dlz_ldap" in *) DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver, [-I$use_dlz_ldap/include], @@ -96,7 +37,7 @@ index 5d65a85..2677b26 100644 AC_MSG_RESULT( [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include]) -@@ -450,11 +439,11 @@ then +@@ -432,11 +439,11 @@ then odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do diff --git a/bind.spec b/bind.spec index 105f9ee..417c153 100644 --- a/bind.spec +++ b/bind.spec @@ -3,7 +3,7 @@ # #%%global PATCHVER P1 -#%%global PREVER b1 +#%%global PREVER rc1 %global BINDVERSION %{version}%{?PREVER}%{?PATCHVER:-%{PATCHVER}} # bcond_without is built by default, unless --without X is passed @@ -41,11 +41,18 @@ # Visit https://bugzilla.redhat.com/show_bug.cgi?id=1540300 %undefine _strict_symbol_defs_build # + +# lib*.so.X versions of selected libraries +%global sover_dns 1102 +%global sover_isc 169 +%global sover_irs 160 +%global sover_isccfg 160 + Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.11.3 -Release: 15%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Version: 9.11.4 +Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -102,9 +109,7 @@ Patch140:bind-9.11-rh1410433.patch Patch145:bind-9.11-rh1205168.patch # [ISC-Bugs #46853] commit cb616c6d5c2ece1fac37fa6e0bca2b53d4043098 ISC 4851 Patch149:bind-9.11-kyua-pkcs11.patch -Patch152:bind-9.11-kyua-unit-oot.patch Patch153:bind-9.11-export-suffix.patch -Patch154:bind-9.11-CVE-2018-5738.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -116,12 +121,8 @@ Patch135:bind-9.11-export-isc-config.patch # needs inpection Patch17: bind-9.3.2b1-fix_sdb_ldap.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1098783 -Patch73: bind-9.11-libidn2.patch # make +noidnout default Patch74: bind-9.11-libidn2-noout.patch -# link libidn2 only to utils -Patch75: bind-9.11-libidn2-exportfix.patch Requires(post): systemd @@ -157,7 +158,7 @@ BuildRequires: libdb-devel %endif %if %{with KYUA} # make unit dependencies -BuildRequires: libatf-c-devel kyua-cli +BuildRequires: libatf-c-devel kyua %else # shipped atf library requires c++ BuildRequires: gcc-c++ @@ -432,9 +433,7 @@ are used for building ISC DHCP. %ifnarch alpha ia64 %patch72 -p1 -b .64bit %endif -%patch73 -p1 -b .libidn %patch74 -p1 -b .idn-noout -%patch75 -p1 -b .idn-noexport %patch102 -p1 -b .rh452060 %patch106 -p0 -b .rh490837 %patch109 -p1 -b .rh478718 @@ -443,9 +442,7 @@ are used for building ISC DHCP. %patch131 -p1 -b .multlib-conflict %patch140 -p1 -b .rh1410433 %patch145 -p1 -b .rh1205168 -%patch152 -p1 -b .kyua-unit-oot %patch153 -p1 -b .export_suffix -%patch154 -p1 -b .CVE-2018-5738 %if %{with PKCS11} cp -r bin/named{,-pkcs11} @@ -507,6 +504,7 @@ done find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \ find lib -name 'Atffile' -exec cp -uv '{}' "%{1}/{}" ';' \ find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \ + find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \ %define systemtest_prepare_build() \ cp -Tuav bin/tests "%{1}/bin/tests/" \ @@ -1156,10 +1154,10 @@ rm -rf ${RPM_BUILD_ROOT} %{_libdir}/liblwres.so.160* %files libs-lite -%{_libdir}/libdns.so.1100* -%{_libdir}/libirs.so.160* -%{_libdir}/libisc.so.169* -%{_libdir}/libisccfg.so.160* +%{_libdir}/libdns.so.%{sover_dns}* +%{_libdir}/libirs.so.%{sover_irs}* +%{_libdir}/libisc.so.%{sover_isc}* +%{_libdir}/libisccfg.so.%{sover_isccfg}* %files license %{!?_licensedir:%global license %%doc} @@ -1325,8 +1323,8 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man8/dnssec*-pkcs11.8* %files pkcs11-libs -%{_libdir}/libdns-pkcs11.so.1100* -%{_libdir}/libisc-pkcs11.so.169* +%{_libdir}/libdns-pkcs11.so.%{sover_dns}* +%{_libdir}/libisc-pkcs11.so.%{sover_isc}* %files pkcs11-devel %{_includedir}/bind9/pk11/*.h @@ -1339,10 +1337,10 @@ rm -rf ${RPM_BUILD_ROOT} %if %{with EXPORT_LIBS} %files export-libs %dir %{_libdir}/%{_export_dir} -%{_libdir}/%{_export_dir}/libdns-export.so.1100* -%{_libdir}/%{_export_dir}/libirs-export.so.160* -%{_libdir}/%{_export_dir}/libisc-export.so.169* -%{_libdir}/%{_export_dir}/libisccfg-export.so.160* +%{_libdir}/%{_export_dir}/libdns-export.so.%{sover_dns}* +%{_libdir}/%{_export_dir}/libirs-export.so.%{sover_irs}* +%{_libdir}/%{_export_dir}/libisc-export.so.%{sover_isc}* +%{_libdir}/%{_export_dir}/libisccfg-export.so.%{sover_isccfg}* %config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf # This subpackage has to distribute its own license. Do not conflict with # other subpackages of different version @@ -1402,6 +1400,10 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Thu Jul 12 2018 Petr Menšík - 32:9.11.4-1 +- Update to 9.11.4 +- Use kyua instead of kyua-cli for unit tests + * Thu Jul 12 2018 Petr Menšík - 32:9.11.3-15 - Use new config file named-chroot.files for chroot setup (#1429656) - Fix chroot devices file verification (#1592873) diff --git a/sources b/sources index 20fb3e9..3d532e0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.11.3.tar.gz) = 1f0da13165d1ee872800fe10bb8b0f69c6c76515f9861c1528fb6005213bb71b21a1270906d2ea9ded3eaf6df1a1bac0f2c80aa511683b8d57dcff4f278d8c35 +SHA512 (bind-9.11.4.tar.gz) = e27b7730ddb2ff7ccece9b47bc79fdc91f87c74fff47c549dec1383bc663aa68796596aef0c42682f8a7c32469acf69e1946087a29b91997676fa78bd8364980 SHA512 (config-18.tar.bz2) = c0a0a1fd58a7e2c09fe69915b9a4c682d1b6c96e78583f63ce5355f663c9509d28facfd3aa078b228b69954d0af4bfa484ef661a9568aaafe6eade97dda3c3d9