rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update to 9.11.5 

Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
This commit is contained in:
Petr Menšík 2018-10-19 17:52:10 +02:00
parent c64b079c36
commit ad7b3b8f12
14 changed files with 662 additions and 724 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -86,3 +86,4 @@ bind-9.7.2b1.tar.gz
/bind-9.11.4.tar.gz
/bind-9.11.4-P1.tar.gz
/bind-9.11.4-P2.tar.gz
/bind-9.11.5.tar.gz

38
bind-9.10-dist-native-pkcs11.patch
View File

@ -14,7 +14,7 @@ index f0c504a..ce7a2da 100644
@BIND9_MAKE_RULES@
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 1d0c4ce..7b7f89b 100644
index ce0a177..f8370cf 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -17,18 +17,18 @@ VERSION=@BIND9_VERSION@
@ -121,15 +121,15 @@ index 1d0c4ce..7b7f89b 100644
-install:: ${TARGETS} installdirs install-man8
+install:: ${TARGETS} installdirs
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir} || exit 1; done
uninstall::
- for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t ; done
- for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done
clean distclean::
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 1d0c4ce..11538cf 100644
index ce0a177..7cede84 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -19,7 +19,7 @@ VERSION=@BIND9_VERSION@
@ -291,10 +291,10 @@ index a058c91..d4b689a 100644
DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.in b/configure.in
index 849fa94..69e6373 100644
index 898b4ac..1edafd1 100644
--- a/configure.in
+++ b/configure.in
@@ -1164,12 +1164,14 @@ AC_SUBST(USE_GSSAPI)
@@ -1109,12 +1109,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
@ -309,7 +309,7 @@ index 849fa94..69e6373 100644
#
# was --with-randomdev specified?
@@ -1554,11 +1556,11 @@ fi
@@ -1499,11 +1501,11 @@ fi
AC_MSG_CHECKING(for OpenSSL library)
OPENSSL_WARNING=
openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
@ -326,7 +326,7 @@ index 849fa94..69e6373 100644
if test "auto" = "$use_openssl"
then
@@ -1571,6 +1573,7 @@ then
@@ -1516,6 +1518,7 @@ then
fi
done
fi
@ -334,7 +334,7 @@ index 849fa94..69e6373 100644
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
@@ -1592,11 +1595,10 @@ case "$with_gost" in
@@ -1537,11 +1540,10 @@ case "$with_gost" in
;;
esac
@ -349,7 +349,7 @@ index 849fa94..69e6373 100644
CRYPTOLIB="pkcs11"
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
@@ -1606,7 +1608,9 @@ case "$use_openssl" in
@@ -1551,7 +1553,9 @@ case "$use_openssl" in
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
@ -360,7 +360,7 @@ index 849fa94..69e6373 100644
no)
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
@@ -1638,7 +1642,7 @@ case "$use_openssl" in
@@ -1583,7 +1587,7 @@ case "$use_openssl" in
If you do not want OpenSSL, use --without-openssl])
;;
*)
@ -369,7 +369,7 @@ index 849fa94..69e6373 100644
then
AC_MSG_RESULT()
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
@@ -2066,6 +2070,7 @@ AC_SUBST(OPENSSL_ED25519)
@@ -2011,6 +2015,7 @@ AC_SUBST(OPENSSL_ED25519)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -377,7 +377,7 @@ index 849fa94..69e6373 100644
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
if test "yes" = "$with_aes"
@@ -2384,6 +2389,7 @@ esac
@@ -2329,6 +2334,7 @@ esac
AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO)
@ -385,7 +385,7 @@ index 849fa94..69e6373 100644
AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_ED25519)
@@ -5497,8 +5503,11 @@ AC_CONFIG_FILES([
@@ -5401,8 +5407,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -397,7 +397,7 @@ index 849fa94..69e6373 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5572,6 +5581,10 @@ AC_CONFIG_FILES([
@@ -5476,6 +5485,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -408,7 +408,7 @@ index 849fa94..69e6373 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -5596,6 +5609,24 @@ AC_CONFIG_FILES([
@@ -5500,6 +5513,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile
@ -525,7 +525,7 @@ index 4a8549e..6a19906 100644
rm -f include/dns/rdatastruct.h
rm -f dnstap.pb-c.c dnstap.pb-c.h include/dns/dnstap.pb-c.h
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
index ba53ef1..d1f1771 100644
index 98acfff..2fd6981 100644
--- a/lib/isc-pkcs11/Makefile.in
+++ b/lib/isc-pkcs11/Makefile.in
@@ -23,8 +23,8 @@ CINCLUDES = -I${srcdir}/unix/include \
@ -539,7 +539,7 @@ index ba53ef1..d1f1771 100644
CWARNINGS =
# Alphabetically
@@ -107,40 +107,40 @@ version.@O@: version.c
@@ -103,40 +103,40 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c

399
bind-9.11-fips-code.patch
View File

File diff suppressed because it is too large Load Diff

136
bind-9.11-fips-tests.patch
View File

@ -1,11 +1,13 @@
From 35b53607724ec4b5d4060385218c39ccd0d78a4d Mon Sep 17 00:00:00 2001
From 07876a60a9c2537f536901b214349d67f6b25666 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH 2/2] Squashed commit of the following:
Subject: [PATCH] FIPS tests changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Squashed commit of the following:
commit 09e5eb48698d4fef2fc1031870de86c553b6bfaa
Author: Petr Menšík <pemensik@redhat.com>
Date: Wed Mar 7 20:35:13 2018 +0100
@ -108,7 +110,7 @@ Date: Wed Mar 7 10:44:23 2018 +0100
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
index 0ea6502708..026db3f134 100644
index 0ea6502..026db3f 100644
--- a/bin/tests/system/acl/ns2/named1.conf.in
+++ b/bin/tests/system/acl/ns2/named1.conf.in
@@ -33,12 +33,12 @@ options {
@ -127,7 +129,7 @@ index 0ea6502708..026db3f134 100644
};
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
index b877880554..d8f50be255 100644
index b877880..d8f50be 100644
--- a/bin/tests/system/acl/ns2/named2.conf.in
+++ b/bin/tests/system/acl/ns2/named2.conf.in
@@ -33,12 +33,12 @@ options {
@ -146,7 +148,7 @@ index b877880554..d8f50be255 100644
};
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
index 0a950622a2..aa54088138 100644
index 0a95062..aa54088 100644
--- a/bin/tests/system/acl/ns2/named3.conf.in
+++ b/bin/tests/system/acl/ns2/named3.conf.in
@@ -33,17 +33,17 @@ options {
@ -171,7 +173,7 @@ index 0a950622a2..aa54088138 100644
};
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
index 7cdcb6e341..606a3452d8 100644
index 7cdcb6e..606a345 100644
--- a/bin/tests/system/acl/ns2/named4.conf.in
+++ b/bin/tests/system/acl/ns2/named4.conf.in
@@ -33,12 +33,12 @@ options {
@ -190,7 +192,7 @@ index 7cdcb6e341..606a3452d8 100644
};
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
index 4b4e05027a..0e679a821d 100644
index 4b4e050..0e679a8 100644
--- a/bin/tests/system/acl/ns2/named5.conf.in
+++ b/bin/tests/system/acl/ns2/named5.conf.in
@@ -34,12 +34,12 @@ options {
@ -209,7 +211,7 @@ index 4b4e05027a..0e679a821d 100644
};
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
index 09f31f2bb9..f88f0d4430 100644
index 09f31f2..f88f0d4 100644
--- a/bin/tests/system/acl/tests.sh
+++ b/bin/tests/system/acl/tests.sh
@@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
@ -335,7 +337,7 @@ index 09f31f2bb9..f88f0d4430 100644
echo_i "testing allow-query-on ACL processing"
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
index 1569913b37..e9c5c2d574 100644
index 1569913..e9c5c2d 100644
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
@@ -12,7 +12,7 @@
@ -348,7 +350,7 @@ index 1569913b37..e9c5c2d574 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
index 18ac91c6e7..2b1c8739d8 100644
index 18ac91c..2b1c873 100644
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
@@ -12,12 +12,12 @@
@ -367,7 +369,7 @@ index 18ac91c6e7..2b1c8739d8 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
index b8248444dd..dd48945bf8 100644
index b824844..dd48945 100644
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
@@ -12,7 +12,7 @@
@ -380,7 +382,7 @@ index b8248444dd..dd48945bf8 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
index aeb1540e95..bfce58bddd 100644
index aeb1540..bfce58b 100644
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
@@ -12,7 +12,7 @@
@ -393,7 +395,7 @@ index aeb1540e95..bfce58bddd 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
index d4b743281a..e0f52526ba 100644
index d4b7432..e0f5252 100644
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
@@ -12,12 +12,12 @@
@ -412,7 +414,7 @@ index d4b743281a..e0f52526ba 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
index c0259387e7..87afb3fa3a 100644
index c025938..87afb3f 100644
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
@@ -12,7 +12,7 @@
@ -425,7 +427,7 @@ index c0259387e7..87afb3fa3a 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
index d83b376cfd..d726b9480b 100644
index d83b376..d726b94 100644
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
@ -444,7 +446,7 @@ index d83b376cfd..d726b9480b 100644
};
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
index fb6059d5b8..f9601564a2 100644
index fb6059d..f960156 100644
--- a/bin/tests/system/allow-query/tests.sh
+++ b/bin/tests/system/allow-query/tests.sh
@@ -190,7 +190,7 @@ rndc_reload
@ -529,7 +531,7 @@ index fb6059d5b8..f9601564a2 100644
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
index 74b7d371b7..c35376640d 100644
index 74b7d37..c353766 100644
--- a/bin/tests/system/catz/ns1/named.conf.in
+++ b/bin/tests/system/catz/ns1/named.conf.in
@@ -61,5 +61,5 @@ zone "catalog4.example" {
@ -540,7 +542,7 @@ index 74b7d371b7..c35376640d 100644
+ algorithm hmac-sha256;
};
diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in
index ee83efbee4..35ced08842 100644
index ee83efb..35ced08 100644
--- a/bin/tests/system/catz/ns2/named.conf.in
+++ b/bin/tests/system/catz/ns2/named.conf.in
@@ -70,5 +70,5 @@ zone "catalog4.example" {
@ -551,7 +553,7 @@ index ee83efbee4..35ced08842 100644
+ algorithm hmac-sha256;
};
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
index 21be03e9d2..e57c30875c 100644
index 21be03e..e57c308 100644
--- a/bin/tests/system/checkconf/bad-tsig.conf
+++ b/bin/tests/system/checkconf/bad-tsig.conf
@@ -11,7 +11,7 @@
@ -564,7 +566,7 @@ index 21be03e9d2..e57c30875c 100644
};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 9ab35b38a5..486551ae64 100644
index 9ab35b3..486551a 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -153,6 +153,6 @@ dyndb "name" "library.so" {
@ -576,7 +578,7 @@ index 9ab35b38a5..486551ae64 100644
secret "qwertyuiopasdfgh";
};
diff --git a/bin/tests/system/digdelv/ns2/example.db b/bin/tests/system/digdelv/ns2/example.db
index f4e30f51e5..9f53e31c97 100644
index f4e30f5..9f53e31 100644
--- a/bin/tests/system/digdelv/ns2/example.db
+++ b/bin/tests/system/digdelv/ns2/example.db
@@ -38,12 +38,15 @@ foo SSHFP 2 1 123456789abcdef67890123456789abcdef67890
@ -602,10 +604,10 @@ index f4e30f51e5..9f53e31c97 100644
; TTL of 3 weeks
weeks 1814400 A 10.53.0.2
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 1b25c4ddfc..5dbf20a3e1 100644
index 95bd074..b566ecb 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -62,7 +62,7 @@ if [ -x ${DIG} ] ; then
@@ -61,7 +61,7 @@ if [ -x ${DIG} ] ; then
echo_i "checking dig +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -614,7 +616,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -70,7 +70,7 @@ if [ -x ${DIG} ] ; then
@@ -69,7 +69,7 @@ if [ -x ${DIG} ] ; then
echo_i "checking dig +multi +norrcomments works for soa (when default is rrcomments)($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > dig.out.test$n || ret=1
@ -623,7 +625,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -78,7 +78,7 @@ if [ -x ${DIG} ] ; then
@@ -77,7 +77,7 @@ if [ -x ${DIG} ] ; then
echo_i "checking dig +rrcomments works for DNSKEY($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -632,7 +634,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -86,7 +86,7 @@ if [ -x ${DIG} ] ; then
@@ -85,7 +85,7 @@ if [ -x ${DIG} ] ; then
echo_i "checking dig +short +rrcomments works for DNSKEY ($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -641,7 +643,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -94,7 +94,7 @@ if [ -x ${DIG} ] ; then
@@ -93,7 +93,7 @@ if [ -x ${DIG} ] ; then
echo_i "checking dig +short +nosplit works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -650,7 +652,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -102,7 +102,7 @@ if [ -x ${DIG} ] ; then
@@ -101,7 +101,7 @@ if [ -x ${DIG} ] ; then
echo_i "checking dig +short +rrcomments works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -659,7 +661,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -118,7 +118,7 @@ if [ -x ${DIG} ] ; then
@@ -117,7 +117,7 @@ if [ -x ${DIG} ] ; then
echo_i "checking dig +short +rrcomments works($n)"
ret=0
$DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
@ -668,7 +670,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -543,7 +543,7 @@ if [ -x ${DELV} ] ; then
@@ -555,7 +555,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -677,7 +679,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -551,7 +551,7 @@ if [ -x ${DELV} ] ; then
@@ -563,7 +563,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1
@ -686,7 +688,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -559,7 +559,7 @@ if [ -x ${DELV} ] ; then
@@ -571,7 +571,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +rrcomments works for DNSKEY($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -695,7 +697,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -567,7 +567,7 @@ if [ -x ${DELV} ] ; then
@@ -579,7 +579,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -704,7 +706,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -575,7 +575,7 @@ if [ -x ${DELV} ] ; then
@@ -587,7 +587,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -713,7 +715,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -583,7 +583,7 @@ if [ -x ${DELV} ] ; then
@@ -595,7 +595,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -722,7 +724,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 14 || ret=1
@@ -594,7 +594,7 @@ if [ -x ${DELV} ] ; then
@@ -606,7 +606,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -732,7 +734,7 @@ index 1b25c4ddfc..5dbf20a3e1 100644
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 4 || ret=1
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
index b8151620cc..2a62e583b8 100755
index b815162..2a62e58 100755
--- a/bin/tests/system/dlv/ns1/sign.sh
+++ b/bin/tests/system/dlv/ns1/sign.sh
@@ -23,8 +23,8 @@ infile=root.db.in
@ -747,7 +749,7 @@ index b8151620cc..2a62e583b8 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
index 6f84d7a525..e128303a22 100755
index 6f84d7a..e128303 100755
--- a/bin/tests/system/dlv/ns2/sign.sh
+++ b/bin/tests/system/dlv/ns2/sign.sh
@@ -24,8 +24,8 @@ zonefile=druz.db
@ -762,7 +764,7 @@ index 6f84d7a525..e128303a22 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh
index bcc9922e26..846dbcc0df 100755
index bcc9922..846dbcc 100755
--- a/bin/tests/system/dlv/ns3/sign.sh
+++ b/bin/tests/system/dlv/ns3/sign.sh
@@ -19,6 +19,7 @@ echo_i "dlv/ns3/sign.sh"
@ -961,7 +963,7 @@ index bcc9922e26..846dbcc0df 100755
cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
index 1e398625f1..4ed19acd1f 100755
index 1e39862..4ed19ac 100755
--- a/bin/tests/system/dlv/ns6/sign.sh
+++ b/bin/tests/system/dlv/ns6/sign.sh
@@ -16,13 +16,15 @@ SYSTESTDIR=dlv
@ -1148,7 +1150,7 @@ index 1e398625f1..4ed19acd1f 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh
index 198d60ae15..d89a539ffd 100644
index 198d60a..d89a539 100644
--- a/bin/tests/system/dnssec/ns1/sign.sh
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -27,7 +27,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
@ -1169,7 +1171,7 @@ index 198d60ae15..d89a539ffd 100644
keyid=`expr $keyid + 0`
echo "$keyid" > managed.key.id
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index 9078459ac8..9dcd028eb5 100644
index 9078459..9dcd028 100644
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -29,8 +29,8 @@ do
@ -1213,7 +1215,7 @@ index 9078459ac8..9dcd028eb5 100644
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index 330abf7feb..f95a6b7ea8 100644
index 330abf7..f95a6b7 100644
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -28,7 +28,7 @@ zone=bogus.example.
@ -1300,7 +1302,7 @@ index 330abf7feb..f95a6b7ea8 100644
cat $infile $keyname.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
index ed30460bda..e6b112630e 100644
index ed30460..e6b1126 100644
--- a/bin/tests/system/dnssec/ns5/trusted.conf.bad
+++ b/bin/tests/system/dnssec/ns5/trusted.conf.bad
@@ -10,5 +10,5 @@
@ -1311,7 +1313,7 @@ index ed30460bda..e6b112630e 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
};
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index bb2315fbf3..315666825e 100644
index bb2315f..3156668 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1690,7 +1690,7 @@ ret=0
@ -1344,7 +1346,7 @@ index bb2315fbf3..315666825e 100644
8) size="-b 512";;
10) size="-b 1024";;
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index 9612450ab4..5eee6aa4f8 100644
index 9612450..5eee6aa 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -19,6 +19,7 @@
@ -1383,7 +1385,7 @@ index 9612450ab4..5eee6aa4f8 100644
#ifdef ENABLE_RPZ_NSIP
return (0);
diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh
index f7555810a0..4a7d89004a 100755
index f755581..4a7d890 100755
--- a/bin/tests/system/filter-aaaa/ns1/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns1/sign.sh
@@ -21,8 +21,8 @@ infile=signed.db.in
@ -1398,7 +1400,7 @@ index f7555810a0..4a7d89004a 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh
index f7555810a0..4a7d89004a 100755
index f755581..4a7d890 100755
--- a/bin/tests/system/filter-aaaa/ns4/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns4/sign.sh
@@ -21,8 +21,8 @@ infile=signed.db.in
@ -1413,7 +1415,7 @@ index f7555810a0..4a7d89004a 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
index cfcfe8fa2f..0a1614d527 100644
index cfcfe8f..0a1614d 100644
--- a/bin/tests/system/notify/ns5/named.conf.in
+++ b/bin/tests/system/notify/ns5/named.conf.in
@@ -10,17 +10,17 @@
@ -1438,7 +1440,7 @@ index cfcfe8fa2f..0a1614d527 100644
};
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
index ad20e3eaca..5a9ce4688a 100644
index ad20e3e..5a9ce46 100644
--- a/bin/tests/system/notify/tests.sh
+++ b/bin/tests/system/notify/tests.sh
@@ -186,16 +186,16 @@ ret=0
@ -1462,7 +1464,7 @@ index ad20e3eaca..5a9ce4688a 100644
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index 1d999adc39..26b6b7c9ab 100644
index 1d999ad..26b6b7c 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -32,7 +32,7 @@ controls {
@ -1475,7 +1477,7 @@ index 1d999adc39..26b6b7c9ab 100644
};
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
index b4ecf96668..1adb33eb0b 100644
index b4ecf96..1adb33e 100644
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
@@ -24,7 +24,7 @@ options {
@ -1488,10 +1490,10 @@ index b4ecf96668..1adb33eb0b 100644
};
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index 32674eb382..2331b30b00 100644
index d6647fa..715314b 100644
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -59,7 +59,12 @@ EOF
@@ -63,7 +63,12 @@ EOF
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
@ -1506,10 +1508,10 @@ index 32674eb382..2331b30b00 100644
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 2a01d1e46d..e8659587c3 100755
index 9f26572..fd0383f 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -680,7 +680,14 @@ fi
@@ -700,7 +700,14 @@ fi
n=`expr $n + 1`
ret=0
echo_i "check TSIG key algorithms ($n)"
@ -1525,7 +1527,7 @@ index 2a01d1e46d..e8659587c3 100755
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 ${PORT}
update add ${alg}.keytests.nil. 600 A 10.10.10.3
@@ -688,7 +695,7 @@ send
@@ -708,7 +715,7 @@ send
END
done
sleep 2
@ -1535,7 +1537,7 @@ index 2a01d1e46d..e8659587c3 100755
done
if [ $ret -ne 0 ]; then
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
index 850c4d2744..09a3e0f9ad 100644
index 850c4d2..09a3e0f 100644
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@@ -37,7 +37,7 @@ make_key () {
@ -1548,7 +1550,7 @@ index 850c4d2744..09a3e0f9ad 100644
make_key 3 ${EXTRAPORT3} hmac-sha224
make_key 4 ${EXTRAPORT4} hmac-sha256
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index d364e6fea0..dbf3bc6780 100644
index 647730e..7df752d 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -356,15 +356,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1582,7 +1584,7 @@ index d364e6fea0..dbf3bc6780 100644
n=`expr $n + 1`
echo_i "testing rndc with hmac-sha1 ($n)"
diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh
index 576ec70f76..cb7a852189 100644
index 576ec70..cb7a852 100644
--- a/bin/tests/system/tsig/clean.sh
+++ b/bin/tests/system/tsig/clean.sh
@@ -20,3 +20,4 @@ rm -f */named.run
@ -1591,7 +1593,7 @@ index 576ec70f76..cb7a852189 100644
rm -f keygen.out?
+rm -f ns1/named.conf
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
index fbf30c6dc4..f61657d7cf 100644
index fbf30c6..f61657d 100644
--- a/bin/tests/system/tsig/ns1/named.conf.in
+++ b/bin/tests/system/tsig/ns1/named.conf.in
@@ -21,10 +21,7 @@ options {
@ -1620,7 +1622,7 @@ index fbf30c6dc4..f61657d7cf 100644
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
new file mode 100644
index 0000000000..4117830adb
index 0000000..4117830
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
@@ -0,0 +1,11 @@
@ -1636,7 +1638,7 @@ index 0000000000..4117830adb
+};
+
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
index 656e9bbcd8..628c5bbac1 100644
index 656e9bb..628c5bb 100644
--- a/bin/tests/system/tsig/setup.sh
+++ b/bin/tests/system/tsig/setup.sh
@@ -17,3 +17,7 @@ $SHELL clean.sh
@ -1648,7 +1650,7 @@ index 656e9bbcd8..628c5bbac1 100644
+ cat ns1/rndc5.conf.in >> ns1/named.conf
+fi
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
index f731fa604c..cade35bc1d 100644
index f731fa6..cade35b 100644
--- a/bin/tests/system/tsig/tests.sh
+++ b/bin/tests/system/tsig/tests.sh
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
@ -1740,7 +1742,7 @@ index f731fa604c..cade35bc1d 100644
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
index 5da33cfde0..fb108b02bd 100644
index 5da33cf..fb108b0 100644
--- a/bin/tests/system/tsiggss/setup.sh
+++ b/bin/tests/system/tsiggss/setup.sh
@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
@ -1751,7 +1753,7 @@ index 5da33cfde0..fb108b02bd 100644
+key=`$KEYGEN -Cq -K ns1 -a DSA -b 1024 -r $RANDFILE -n HOST -T KEY key.example.nil.`
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
index e0a30cda15..6a77b1ce52 100644
index e0a30cd..6a77b1c 100644
--- a/bin/tests/system/upforwd/ns1/named.conf.in
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
@@ -10,7 +10,7 @@
@ -1764,7 +1766,7 @@ index e0a30cda15..6a77b1ce52 100644
};
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
index b0694bbd5c..9adae8228e 100644
index b0694bb..9adae82 100644
--- a/bin/tests/system/upforwd/tests.sh
+++ b/bin/tests/system/upforwd/tests.sh
@@ -68,7 +68,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi

22
bind-9.11-host-idn-disable.patch
View File

@ -1,4 +1,4 @@
From 145fac914bf47128307aea702fed7eb74b65cadd Mon Sep 17 00:00:00 2001
From ed26f0f0eb4242706d2012e4abe0152071bb305b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 25 Sep 2018 18:08:46 +0200
Subject: [PATCH] Disable IDN from environment as documented
@ -18,7 +18,7 @@ RH patch since RHEL 5.
4 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index fedd288..d5dba72 100644
index bd7510e..5cc696f 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1288,7 +1288,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
@ -33,28 +33,28 @@ index fedd288..d5dba72 100644
</refsection>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 7408193..d46379d 100644
index 341ed80..bb8702c 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -822,12 +822,17 @@ make_empty_lookup(void) {
looknew->seenbadcookie = ISC_FALSE;
looknew->badcookie = ISC_TRUE;
@@ -825,12 +825,17 @@ make_empty_lookup(void) {
looknew->seenbadcookie = false;
looknew->badcookie = true;
#ifdef WITH_IDN_SUPPORT
- looknew->idnin = ISC_TRUE;
- looknew->idnin = true;
+ looknew->idnin = (getenv("IDN_DISABLE") == NULL);
+ if (looknew->idnin) {
+ const char *charset = getenv("CHARSET");
+ if (charset && !strcmp(charset, "ASCII"))
+ looknew->idnin = ISC_FALSE;
+ looknew->idnin = false;
+ }
#else
looknew->idnin = ISC_FALSE;
looknew->idnin = false;
#endif
#ifdef WITH_IDN_OUT_SUPPORT
- looknew->idnout = ISC_TRUE;
- looknew->idnout = true;
+ looknew->idnout = looknew->idnin;
#else
looknew->idnout = ISC_FALSE;
looknew->idnout = false;
#endif
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
index 9c3aeaa..42cbbf9 100644

48
bind-9.11-kyua-pkcs11.patch
View File

@ -1,4 +1,4 @@
From d0433a314534e104f52acf2a0a96a68dd84305ae Mon Sep 17 00:00:00 2001
From 3474d13bbf08c441783bd72afbc8cec8857baf46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 2 Jan 2018 18:13:07 +0100
Subject: [PATCH] Fix pkcs11 variants atf tests
@ -17,10 +17,10 @@ Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode
7 files changed, 40 insertions(+), 16 deletions(-)
diff --git a/configure.in b/configure.in
index 67b3aab..4767eeb 100644
index 1edafd1..5466de1 100644
--- a/configure.in
+++ b/configure.in
@@ -5579,6 +5579,7 @@ AC_CONFIG_FILES([
@@ -5489,6 +5489,7 @@ AC_CONFIG_FILES([
lib/dns-pkcs11/include/Makefile
lib/dns-pkcs11/include/dns/Makefile
lib/dns-pkcs11/include/dst/Makefile
@ -57,10 +57,10 @@ index ff9fc56..eaaf0dc 100644
include('isccfg/Kyuafile')
include('lwres/Kyuafile')
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
index 2a6571b..f25a784 100644
index 625e809..6fd4e36 100644
--- a/lib/dns-pkcs11/tests/Makefile.in
+++ b/lib/dns-pkcs11/tests/Makefile.in
@@ -20,12 +20,12 @@ VERSION=@BIND9_VERSION@
@@ -21,12 +21,12 @@ VERSION=@BIND9_VERSION@
CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
@DST_OPENSSL_INC@
@ -79,10 +79,10 @@ index 2a6571b..f25a784 100644
LIBS = @LIBS@ @ATFLIBS@
diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c
index 036d27a..eb6554f 100644
index 6216b4e..dd74e58 100644
--- a/lib/dns-pkcs11/tests/dh_test.c
+++ b/lib/dns-pkcs11/tests/dh_test.c
@@ -63,7 +63,8 @@ ATF_TC_BODY(isc_dh_computesecret, tc) {
@@ -64,7 +64,8 @@ ATF_TC_BODY(isc_dh_computesecret, tc) {
ret = dst_key_computesecret(key, key, &buf);
ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY);
ret = key->func->computesecret(key, key, &buf);
@ -93,10 +93,10 @@ index 036d27a..eb6554f 100644
dst_key_free(&key);
dns_test_end();
diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in
index f7fa538..818dae4 100644
index add8068..a928dcf 100644
--- a/lib/isc-pkcs11/tests/Makefile.in
+++ b/lib/isc-pkcs11/tests/Makefile.in
@@ -17,10 +17,10 @@ VERSION=@BIND9_VERSION@
@@ -20,10 +20,10 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = -I. -Iinclude ${ISC_INCLUDES} @ISC_OPENSSL_INC@
@ -111,10 +111,10 @@ index f7fa538..818dae4 100644
LIBS = @LIBS@ @ATFLIBS@
diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c
index 5b8a374..c1891c2 100644
index 7eb1552..048ae9d 100644
--- a/lib/isc-pkcs11/tests/hash_test.c
+++ b/lib/isc-pkcs11/tests/hash_test.c
@@ -74,7 +74,7 @@ typedef struct hash_testcase {
@@ -78,7 +78,7 @@ typedef struct hash_testcase {
typedef struct hash_test_key {
const char *key;
@ -123,7 +123,7 @@ index 5b8a374..c1891c2 100644
} hash_test_key_t;
/* non-hmac tests */
@@ -957,8 +957,11 @@ ATF_TC_BODY(isc_hmacsha1, tc) {
@@ -961,8 +961,11 @@ ATF_TC_BODY(isc_hmacsha1, tc) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -134,9 +134,9 @@ index 5b8a374..c1891c2 100644
- isc_hmacsha1_init(&hmacsha1, buffer, test_key->len);
+ isc_hmacsha1_init(&hmacsha1, buffer, len);
isc_hmacsha1_update(&hmacsha1,
(const isc_uint8_t *) testcase->input,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1120,8 +1123,11 @@ ATF_TC_BODY(isc_hmacsha224, tc) {
@@ -1124,8 +1127,11 @@ ATF_TC_BODY(isc_hmacsha224, tc) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -147,9 +147,9 @@ index 5b8a374..c1891c2 100644
- isc_hmacsha224_init(&hmacsha224, buffer, test_key->len);
+ isc_hmacsha224_init(&hmacsha224, buffer, len);
isc_hmacsha224_update(&hmacsha224,
(const isc_uint8_t *) testcase->input,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1283,8 +1289,11 @@ ATF_TC_BODY(isc_hmacsha256, tc) {
@@ -1287,8 +1293,11 @@ ATF_TC_BODY(isc_hmacsha256, tc) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -160,9 +160,9 @@ index 5b8a374..c1891c2 100644
- isc_hmacsha256_init(&hmacsha256, buffer, test_key->len);
+ isc_hmacsha256_init(&hmacsha256, buffer, len);
isc_hmacsha256_update(&hmacsha256,
(const isc_uint8_t *) testcase->input,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1452,8 +1461,11 @@ ATF_TC_BODY(isc_hmacsha384, tc) {
@@ -1456,8 +1465,11 @@ ATF_TC_BODY(isc_hmacsha384, tc) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -173,9 +173,9 @@ index 5b8a374..c1891c2 100644
- isc_hmacsha384_init(&hmacsha384, buffer, test_key->len);
+ isc_hmacsha384_init(&hmacsha384, buffer, len);
isc_hmacsha384_update(&hmacsha384,
(const isc_uint8_t *) testcase->input,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1621,8 +1633,11 @@ ATF_TC_BODY(isc_hmacsha512, tc) {
@@ -1625,8 +1637,11 @@ ATF_TC_BODY(isc_hmacsha512, tc) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -186,9 +186,9 @@ index 5b8a374..c1891c2 100644
- isc_hmacsha512_init(&hmacsha512, buffer, test_key->len);
+ isc_hmacsha512_init(&hmacsha512, buffer, len);
isc_hmacsha512_update(&hmacsha512,
(const isc_uint8_t *) testcase->input,
(const uint8_t *) testcase->input,
testcase->input_len);
@@ -1765,8 +1780,11 @@ ATF_TC_BODY(isc_hmacmd5, tc) {
@@ -1769,8 +1784,11 @@ ATF_TC_BODY(isc_hmacmd5, tc) {
hash_test_key_t *test_key = test_keys;
while (testcase->input != NULL && testcase->result != NULL) {
@ -199,8 +199,8 @@ index 5b8a374..c1891c2 100644
- isc_hmacmd5_init(&hmacmd5, buffer, test_key->len);
+ isc_hmacmd5_init(&hmacmd5, buffer, len);
isc_hmacmd5_update(&hmacmd5,
(const isc_uint8_t *) testcase->input,
(const uint8_t *) testcase->input,
testcase->input_len);
--
2.14.3
2.14.4

34
bind-9.11-oot-manual.patch
View File

@ -1,4 +1,4 @@
From e462d022a9dc52c40aece6f8ba3123ff3ffa59ed Mon Sep 17 00:00:00 2001
From 8ca95f47231822df2b9c171a4da1e93ca5b748eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 25 Jul 2018 12:24:16 +0200
Subject: [PATCH] Use make automatic variables to install updated manuals
@ -19,7 +19,7 @@ Install all files in single command instead of iterating on each of them.
9 files changed, 54 insertions(+), 38 deletions(-)
diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in
index 12f48d2d23..d8eac4c714 100644
index c124e80..1174f8d 100644
--- a/bin/check/Makefile.in
+++ b/bin/check/Makefile.in
@@ -83,12 +83,14 @@ installdirs:
@ -35,13 +35,13 @@ index 12f48d2d23..d8eac4c714 100644
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
(cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
- for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
- for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
- (cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
uninstall::
rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index 87f13dda4b..7865c0c73e 100644
index 87f13dd..7865c0c 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -95,13 +95,14 @@ installdirs:
@ -64,7 +64,7 @@ index 87f13dda4b..7865c0c73e 100644
uninstall::
rm -f ${DESTDIR}${mandir}/man8/tsig-keygen.8
diff --git a/bin/delv/Makefile.in b/bin/delv/Makefile.in
index e2d2802262..19361a83ea 100644
index e2d2802..19361a8 100644
--- a/bin/delv/Makefile.in
+++ b/bin/delv/Makefile.in
@@ -63,10 +63,12 @@ installdirs:
@ -83,7 +83,7 @@ index e2d2802262..19361a83ea 100644
uninstall::
rm -f ${DESTDIR}${mandir}/man1/delv.1
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 773ac46395..3edd951e7e 100644
index a9830a9..d7ac0b6 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -91,16 +91,16 @@ installdirs:
@ -102,13 +102,13 @@ index 773ac46395..3edd951e7e 100644
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
nslookup@EXEEXT@ ${DESTDIR}${bindir}
- for m in ${MANPAGES}; do \
- ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
- done
- ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1 || exit 1; \
- done
uninstall::
for m in ${MANPAGES}; do \
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 1be1d5ffc6..1d0c4ce5c1 100644
index 2239ad1..ce0a177 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -110,9 +110,11 @@ installdirs:
@ -120,16 +120,16 @@ index 1be1d5ffc6..1d0c4ce5c1 100644
+ ${INSTALL_DATA} $^ ${DESTDIR}${mandir}/man8
+
+install:: ${TARGETS} installdirs install-man8
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
- for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir} || exit 1; done
- for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
uninstall::
for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 1c413973d0..03e4cb849b 100644
index e1f85a9..d92bc9a 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -172,12 +172,17 @@ installdirs:
@@ -176,12 +176,17 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
@ -152,7 +152,7 @@ index 1c413973d0..03e4cb849b 100644
uninstall::
rm -f ${DESTDIR}${mandir}/man5/named.conf.5
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
index ae9061626c..a058c91214 100644
index ae90616..a058c91 100644
--- a/bin/pkcs11/Makefile.in
+++ b/bin/pkcs11/Makefile.in
@@ -71,7 +71,10 @@ installdirs:
@ -179,7 +179,7 @@ index ae9061626c..a058c91214 100644
uninstall::
rm -f ${DESTDIR}${mandir}/man8/pkcs11-tokens.8
diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in
index aa678d47ab..064c404e2f 100644
index aa678d4..064c404 100644
--- a/bin/python/Makefile.in
+++ b/bin/python/Makefile.in
@@ -47,13 +47,13 @@ installdirs:
@ -201,7 +201,7 @@ index aa678d47ab..064c404e2f 100644
if test -n "${DESTDIR}" ; then \
${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} @PYTHON_INSTALL_LIB@ ; \
diff --git a/bin/tools/Makefile.in b/bin/tools/Makefile.in
index 7bf2af4cea..c395bc7462 100644
index 7bf2af4..c395bc7 100644
--- a/bin/tools/Makefile.in
+++ b/bin/tools/Makefile.in
@@ -119,17 +119,27 @@ installdirs:

58
bind-9.11-rh1624100.patch
View File

@ -1,4 +1,4 @@
From 25ff8ab2b0772262d358272a3ed70a24fc6e4887 Mon Sep 17 00:00:00 2001
From 4fc49ad102fd00343665273caf4349d4edb5e5ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 25 Apr 2018 14:04:31 +0200
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
@ -17,17 +17,17 @@ Fix the isc_safe_memwipe() usage with (NULL, >0)
lib/dns/nsec3.c | 4 +--
lib/dns/spnego.c | 4 +--
lib/isc/Makefile.in | 8 ++---
lib/isc/include/isc/safe.h | 18 ++++------
lib/isc/safe.c | 81 --------------------------------------------
lib/isc/include/isc/safe.h | 18 +++-------
lib/isc/safe.c | 83 --------------------------------------------
lib/isc/tests/safe_test.c | 20 -----------
7 files changed, 13 insertions(+), 124 deletions(-)
7 files changed, 11 insertions(+), 128 deletions(-)
delete mode 100644 lib/isc/safe.c
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 53be1f5c60..351296a356 100644
index 6ddaebe..d921870 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -786,7 +786,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
@@ -787,7 +787,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
static int
hashlist_comp(const void *a, const void *b) {
@ -37,10 +37,10 @@ index 53be1f5c60..351296a356 100644
static void
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index d364308aaf..37b6a8a7fe 100644
index e127893..895519e 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1950,7 +1950,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
@@ -1953,7 +1953,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
* Work out what this NSEC3 covers.
* Inside (<0) or outside (>=0).
*/
@ -49,7 +49,7 @@ index d364308aaf..37b6a8a7fe 100644
/*
* Prepare to compute all the hashes.
@@ -1974,7 +1974,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
@@ -1977,7 +1977,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
return (ISC_R_IGNORE);
}
@ -59,10 +59,10 @@ index d364308aaf..37b6a8a7fe 100644
/*
* The hashes are the same.
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index ce3e42d650..079d4c1b4a 100644
index ad77f24..670982a 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -369,7 +369,7 @@ gssapi_spnego_decapsulate(OM_uint32 *,
@@ -371,7 +371,7 @@ gssapi_spnego_decapsulate(OM_uint32 *,
/* mod_auth_kerb.c */
@ -71,7 +71,7 @@ index ce3e42d650..079d4c1b4a 100644
cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
{
unsigned char *p;
@@ -393,7 +393,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
@@ -395,7 +395,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
if (((OM_uint32) *p++) != gssoid->length)
return (GSS_S_DEFECTIVE_TOKEN);
@ -81,7 +81,7 @@ index ce3e42d650..079d4c1b4a 100644
/* accept_sec_context.c */
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index ba53ef1091..98acffffc9 100644
index ba53ef1..98acfff 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
@ -114,28 +114,28 @@ index ba53ef1091..98acffffc9 100644
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
index f29f00bac6..b8a0b2290c 100644
index 66ed08b..88b8f47 100644
--- a/lib/isc/include/isc/safe.h
+++ b/lib/isc/include/isc/safe.h
@@ -15,27 +15,21 @@
@@ -15,29 +15,19 @@
/*! \file isc/safe.h */
-#include <stdbool.h>
-
-#include <isc/types.h>
-#include <stdlib.h>
+#include <isc/boolean.h>
+#include <isc/lang.h>
+
+#include <openssl/crypto.h>
ISC_LANG_BEGINDECLS
-isc_boolean_t
-bool
-isc_safe_memequal(const void *s1, const void *s2, size_t n);
+#define isc_safe_memequal(s1, s2, n) ISC_TF(!CRYPTO_memcmp(s1, s2, n))
+#define isc_safe_memequal(s1, s2, n) !CRYPTO_memcmp(s1, s2, n)
/*%<
* Returns ISC_TRUE iff. two blocks of memory are equal, otherwise
* ISC_FALSE.
* Returns true iff. two blocks of memory are equal, otherwise
* false.
*
*/
@ -153,10 +153,10 @@ index f29f00bac6..b8a0b2290c 100644
*
diff --git a/lib/isc/safe.c b/lib/isc/safe.c
deleted file mode 100644
index 5c9e1e2d13..0000000000
index 7a464b6..0000000
--- a/lib/isc/safe.c
+++ /dev/null
@@ -1,81 +0,0 @@
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
@ -172,6 +172,8 @@ index 5c9e1e2d13..0000000000
-
-#include <config.h>
-
-#include <stdbool.h>
-
-#include <isc/safe.h>
-#include <isc/string.h>
-#include <isc/util.h>
@ -184,18 +186,18 @@ index 5c9e1e2d13..0000000000
-#pragma optimize("", off)
-#endif
-
-isc_boolean_t
-bool
-isc_safe_memequal(const void *s1, const void *s2, size_t n) {
- isc_uint8_t acc = 0;
- uint8_t acc = 0;
-
- if (n != 0U) {
- const isc_uint8_t *p1 = s1, *p2 = s2;
- const uint8_t *p1 = s1, *p2 = s2;
-
- do {
- acc |= *p1++ ^ *p2++;
- } while (--n != 0U);
- }
- return (ISC_TF(acc == 0));
- return (acc == 0);
-}
-
-
@ -239,7 +241,7 @@ index 5c9e1e2d13..0000000000
-#endif
-}
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
index f721cd1096..ea3e61f98d 100644
index f721cd1..ea3e61f 100644
--- a/lib/isc/tests/safe_test.c
+++ b/lib/isc/tests/safe_test.c
@@ -39,24 +39,6 @@ ATF_TC_BODY(isc_safe_memequal, tc) {

365
bind-9.11-rt31459.patch
View File

File diff suppressed because it is too large Load Diff

172
bind-9.11-rt46047.patch
View File

@ -1,4 +1,4 @@
From 1ab1aabcf9b2b8de144bab7a3ff5d9f7e6ec9ad4 Mon Sep 17 00:00:00 2001
From 9a074d5cd6c6276d95bc1cce3a14afaabc88c6c5 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 28 Sep 2017 10:09:22 -0700
Subject: [PATCH] completed and corrected the crypto-random change
@ -39,17 +39,17 @@ Subject: [PATCH] completed and corrected the crypto-random change
bin/tests/system/tkey/keycreate.c | 4 +--
bin/tests/system/tkey/keydelete.c | 4 +--
doc/arm/Bv9ARM-book.xml | 55 ++++++++++++++++++++++----------
doc/arm/notes.xml | 23 ++++++++++++-
lib/dns/dst_api.c | 7 ++--
doc/arm/notes.xml | 26 +++++++++++++++
lib/dns/dst_api.c | 4 ++-
lib/dns/include/dst/dst.h | 14 ++++++--
lib/dns/openssl_link.c | 3 +-
lib/isc/include/isc/entropy.h | 50 +++++++++++++++++++++--------
lib/isc/include/isc/random.h | 28 ++++++++++------
lib/isccfg/namedconf.c | 2 +-
22 files changed, 219 insertions(+), 110 deletions(-)
22 files changed, 221 insertions(+), 108 deletions(-)
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index fa439cc..a7ad417 100644
index 295e16f..0f79aa8 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -161,17 +161,15 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
@ -65,7 +65,7 @@ index fa439cc..a7ad417 100644
- strcmp(randomfile, ISC_PLATFORM_CRYPTORANDOM) == 0) {
- randomfile = NULL;
+ if (randomfile == NULL) {
isc_entropy_usehook(ectx, ISC_TRUE);
isc_entropy_usehook(ectx, true);
}
#endif
+ if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
@ -112,16 +112,16 @@ index 96dfef6..1c84b06 100644
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 4ea9eaf..5dd9475 100644
index 31a99e7..38c83ed 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -239,18 +239,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
ISC_LIST_INIT(sources);
}
+#ifdef ISC_PLATFORM_CRYPTORANDOM
+ if (randomfile == NULL) {
+ isc_entropy_usehook(*ectx, ISC_TRUE);
+ isc_entropy_usehook(*ectx, true);
+ }
+#endif
if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
@ -133,17 +133,17 @@ index 4ea9eaf..5dd9475 100644
- if (randomfile != NULL &&
- strcmp(randomfile, ISC_PLATFORM_CRYPTORANDOM) == 0) {
- randomfile = NULL;
- isc_entropy_usehook(*ectx, ISC_TRUE);
- isc_entropy_usehook(*ectx, true);
- }
-#endif
result = isc_entropy_usebestsource(*ectx, &source, randomfile,
usekeyboard);
diff --git a/bin/named/client.c b/bin/named/client.c
index b9ebc93..20e5f39 100644
index 0f6e162..5e39b82 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1605,7 +1605,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
@@ -1608,7 +1608,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_stdtime_get(&now);
@ -154,10 +154,10 @@ index b9ebc93..20e5f39 100644
compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
diff --git a/bin/named/config.c b/bin/named/config.c
index c50f759..c1e72ef 100644
index 2c4c93c..16ed248 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -92,7 +92,9 @@ options {\n\
@@ -93,7 +93,9 @@ options {\n\
# pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\
port 53;\n\
prefetch 2 9;\n"
@ -169,10 +169,10 @@ index c50f759..c1e72ef 100644
#endif
" recursing-file \"named.recursing\";\n\
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 237e8dc..b905475 100644
index d955c2f..40621f2 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -322,9 +322,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
@@ -325,9 +325,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
static void
control_recvmessage(isc_task_t *task, isc_event_t *event) {
@ -185,8 +185,8 @@ index 237e8dc..b905475 100644
+ controlkey_t *key = NULL;
isccc_sexpr_t *request = NULL;
isccc_sexpr_t *response = NULL;
isc_uint32_t algorithm;
@@ -335,16 +336,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
uint32_t algorithm;
@@ -338,16 +339,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
isc_buffer_t *text;
isc_result_t result;
isc_result_t eresult;
@ -194,7 +194,7 @@ index 237e8dc..b905475 100644
+ isccc_sexpr_t *_ctrl = NULL;
isccc_time_t sent;
isccc_time_t exp;
isc_uint32_t nonce;
uint32_t nonce;
- isccc_sexpr_t *data;
+ isccc_sexpr_t *data = NULL;
@ -206,25 +206,25 @@ index 237e8dc..b905475 100644
algorithm = DST_ALG_UNKNOWN;
secret.rstart = NULL;
text = NULL;
@@ -455,8 +457,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
@@ -458,8 +460,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
* Establish nonce.
*/
if (conn->nonce == 0) {
- while (conn->nonce == 0)
- isc_random_get(&conn->nonce);
+ while (conn->nonce == 0) {
+ isc_uint16_t r1 = isc_rng_random(server->rngctx);
+ isc_uint16_t r2 = isc_rng_random(server->rngctx);
+ uint16_t r1 = isc_rng_random(server->rngctx);
+ uint16_t r2 = isc_rng_random(server->rngctx);
+ conn->nonce = (r1 << 16) | r2;
+ }
eresult = ISC_R_SUCCESS;
} else
eresult = ns_control_docommand(request, listener->readonly, &text);
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index d8179a6..e03d24d 100644
index f5ed2b7..b2c1d05 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -17,6 +17,7 @@
@@ -20,6 +20,7 @@
#include <isc/log.h>
#include <isc/magic.h>
#include <isc/quota.h>
@ -232,19 +232,19 @@ index d8179a6..e03d24d 100644
#include <isc/sockaddr.h>
#include <isc/types.h>
#include <isc/xml.h>
@@ -131,6 +132,7 @@ struct ns_server {
@@ -134,6 +135,7 @@ struct ns_server {
char * lockfile;
isc_uint16_t transfer_tcp_message_size;
uint16_t transfer_tcp_message_size;
+ isc_rng_t * rngctx;
};
struct ns_altsecret {
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index d8c7188..50f924e 100644
index 419927b..d721f47 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -15,6 +15,7 @@
@@ -17,6 +17,7 @@
#include <isc/interfaceiter.h>
#include <isc/os.h>
@ -253,10 +253,10 @@ index d8c7188..50f924e 100644
#include <isc/task.h>
#include <isc/util.h>
diff --git a/bin/named/query.c b/bin/named/query.c
index accbf3b..d89622d 100644
index f8dbef2..2f3c0ca 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -18,6 +18,7 @@
@@ -19,6 +19,7 @@
#include <isc/hex.h>
#include <isc/mem.h>
#include <isc/print.h>
@ -265,10 +265,10 @@ index accbf3b..d89622d 100644
#include <isc/serial.h>
#include <isc/stats.h>
diff --git a/bin/named/server.c b/bin/named/server.c
index ca789e5..1413e85 100644
index 9258e7f..f4320df 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8076,21 +8076,30 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8164,21 +8164,30 @@ load_configuration(const char *filename, ns_server_t *server,
* Open the source of entropy.
*/
if (first_time) {
@ -291,8 +291,8 @@ index ca789e5..1413e85 100644
+ if (randomdev == NULL) {
#ifdef ISC_PLATFORM_CRYPTORANDOM
- if (strcmp(randomdev, ISC_PLATFORM_CRYPTORANDOM) == 0)
- isc_entropy_usehook(ns_g_entropy, ISC_TRUE);
+ isc_entropy_usehook(ns_g_entropy, ISC_TRUE);
- isc_entropy_usehook(ns_g_entropy, true);
+ isc_entropy_usehook(ns_g_entropy, true);
#else
- int level = ISC_LOG_ERROR;
- result = isc_entropy_createfilesource(ns_g_entropy,
@ -310,7 +310,7 @@ index ca789e5..1413e85 100644
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
level = ISC_LOG_INFO;
@@ -8101,8 +8110,8 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8189,8 +8198,8 @@ load_configuration(const char *filename, ns_server_t *server,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
level,
@ -321,7 +321,7 @@ index ca789e5..1413e85 100644
randomdev,
isc_result_totext(result));
}
@@ -8122,7 +8131,6 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8210,7 +8219,6 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -329,7 +329,7 @@ index ca789e5..1413e85 100644
#endif
}
}
@@ -8911,6 +8919,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -8998,6 +9006,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
@ -339,7 +339,7 @@ index ca789e5..1413e85 100644
/*
* Setup the server task, which is responsible for coordinating
@@ -9117,7 +9128,8 @@ ns_server_destroy(ns_server_t **serverp) {
@@ -9204,7 +9215,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr);
@ -349,7 +349,7 @@ index ca789e5..1413e85 100644
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@@ -13018,10 +13030,10 @@ newzone_cfgctx_destroy(void **cfgp) {
@@ -13105,10 +13117,10 @@ newzone_cfgctx_destroy(void **cfgp) {
static isc_result_t
generate_salt(unsigned char *salt, size_t saltlen) {
@ -357,19 +357,19 @@ index ca789e5..1413e85 100644
+ size_t i, n;
union {
unsigned char rnd[256];
- isc_uint32_t rnd32[64];
+ isc_uint16_t rnd16[128];
- uint32_t rnd32[64];
+ uint16_t rnd16[128];
} rnd;
unsigned char text[512 + 1];
isc_region_t r;
@@ -13031,9 +13043,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
@@ -13118,9 +13130,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
if (saltlen > 256U)
return (ISC_R_RANGE);
- n = (int) (saltlen + sizeof(isc_uint32_t) - 1) / sizeof(isc_uint32_t);
- n = (int) (saltlen + sizeof(uint32_t) - 1) / sizeof(uint32_t);
- for (i = 0; i < n; i++)
- isc_random_get(&rnd.rnd32[i]);
+ n = (saltlen + sizeof(isc_uint16_t) - 1) / sizeof(isc_uint16_t);
+ n = (saltlen + sizeof(uint16_t) - 1) / sizeof(uint16_t);
+ for (i = 0; i < n; i++) {
+ rnd.rnd16[i] = isc_rng_random(ns_g_server->rngctx);
+ }
@ -377,10 +377,10 @@ index ca789e5..1413e85 100644
memmove(salt, rnd.rnd, saltlen);
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 46c7acf..a0d0278 100644
index 1559a33..68b9a99 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -281,9 +281,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -283,9 +283,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
}
#ifdef ISC_PLATFORM_CRYPTORANDOM
@ -388,14 +388,14 @@ index 46c7acf..a0d0278 100644
- strcmp(randomfile, ISC_PLATFORM_CRYPTORANDOM) == 0) {
- randomfile = NULL;
+ if (randomfile == NULL) {
isc_entropy_usehook(*ectx, ISC_TRUE);
isc_entropy_usehook(*ectx, true);
}
#endif
diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
index 810d99e..d7d10e2 100644
index 7b4f617..507bf0a 100644
--- a/bin/tests/system/pipelined/pipequeries.c
+++ b/bin/tests/system/pipelined/pipequeries.c
@@ -279,9 +279,7 @@ main(int argc, char *argv[]) {
@@ -282,9 +282,7 @@ main(int argc, char *argv[]) {
ectx = NULL;
RUNCHECK(isc_entropy_create(mctx, &ectx));
#ifdef ISC_PLATFORM_CRYPTORANDOM
@ -403,11 +403,11 @@ index 810d99e..d7d10e2 100644
- strcmp(randomfile, ISC_PLATFORM_CRYPTORANDOM) == 0) {
- randomfile = NULL;
+ if (randomfile == NULL) {
isc_entropy_usehook(ectx, ISC_TRUE);
isc_entropy_usehook(ectx, true);
}
#endif
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
index 4f2f5b4..0894db7 100644
index fe8698e..937fcc3 100644
--- a/bin/tests/system/tkey/keycreate.c
+++ b/bin/tests/system/tkey/keycreate.c
@@ -255,9 +255,7 @@ main(int argc, char *argv[]) {
@ -418,11 +418,11 @@ index 4f2f5b4..0894db7 100644
- strcmp(randomfile, ISC_PLATFORM_CRYPTORANDOM) == 0) {
- randomfile = NULL;
+ if (randomfile == NULL) {
isc_entropy_usehook(ectx, ISC_TRUE);
isc_entropy_usehook(ectx, true);
}
#endif
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
index 0975bbe..5b8a470 100644
index 2146f9b..ac2c311 100644
--- a/bin/tests/system/tkey/keydelete.c
+++ b/bin/tests/system/tkey/keydelete.c
@@ -182,9 +182,7 @@ main(int argc, char **argv) {
@ -433,11 +433,11 @@ index 0975bbe..5b8a470 100644
- strcmp(randomfile, ISC_PLATFORM_CRYPTORANDOM) == 0) {
- randomfile = NULL;
+ if (randomfile == NULL) {
isc_entropy_usehook(ectx, ISC_TRUE);
isc_entropy_usehook(ectx, true);
}
#endif
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index a5d9e2e..2a96f71 100644
index baff8d3..00a50e4 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -5070,22 +5070,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@ -503,14 +503,15 @@ index a5d9e2e..2a96f71 100644
</listitem>
</varlistentry>
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index d3fdb5e..a8ad92d 100644
index d9537a3..5c2cc13 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -105,7 +105,28 @@
<itemizedlist>
<listitem>
<para>
- None.
@@ -180,6 +180,32 @@
option. [GL #105]
</para>
</listitem>
+ <listitem>
+ <para>
+ By default, BIND now uses the random number generation functions
+ in the cryptographic library (i.e., OpenSSL or a PKCS#11
+ provider) as a source of high-quality randomness rather than
@ -533,25 +534,16 @@ index d3fdb5e..a8ad92d 100644
+ <command>configure --disable-crypto-rand</command>, in which
+ case <filename>/dev/random</filename> will be the default
+ entropy source. [RT #31459] [RT #46047]
</para>
</listitem>
+ </para>
+ </listitem>
</itemizedlist>
</section>
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 803e7b3..29a4fef 100644
index afb4d80..4e62a97 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -276,8 +276,9 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
#endif
#if defined(OPENSSL) || defined(PKCS11CRYPTO)
#ifdef ISC_PLATFORM_CRYPTORANDOM
- if (dst_entropy_pool != NULL)
+ if (dst_entropy_pool != NULL) {
isc_entropy_sethook(dst_random_getdata);
+ }
#endif
#endif /* defined(OPENSSL) || defined(PKCS11CRYPTO) */
dst_initialized = ISC_TRUE;
@@ -2015,10 +2016,12 @@ dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
@@ -2013,10 +2013,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
else
flags |= ISC_ENTROPY_BLOCKING;
#ifdef ISC_PLATFORM_CRYPTORANDOM
@ -566,10 +558,10 @@ index 803e7b3..29a4fef 100644
}
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index d9b6ab6..e8c1a3c 100644
index 78e1277..10293d0 100644
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -161,8 +161,18 @@ isc_result_t
@@ -164,8 +164,18 @@ isc_result_t
dst_random_getdata(void *data, unsigned int length,
unsigned int *returned, unsigned int flags);
/*%<
@ -589,9 +581,9 @@ index d9b6ab6..e8c1a3c 100644
+ * \li DST_R_OPENSSLFAILURE, DST_R_CRYPTOFAILURE, or other codes on error
*/
isc_boolean_t
bool
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index c1e1bde..91e87d0 100644
index d88d643..7a233dd 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -482,7 +482,8 @@ dst__openssl_getengine(const char *engine) {
@ -605,7 +597,7 @@ index c1e1bde..91e87d0 100644
#ifndef DONT_REQUIRE_DST_LIB_INIT
INSIST(dst__memory_pool != NULL);
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index d9deb8a..2d37363 100644
index 632166a..c7cb17d 100644
--- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h
@@ -9,8 +9,6 @@
@ -617,7 +609,7 @@ index d9deb8a..2d37363 100644
#ifndef ISC_ENTROPY_H
#define ISC_ENTROPY_H 1
@@ -190,9 +188,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
@@ -191,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
/*!<
* \brief Create an entropy source that is polled via a callback.
*
@ -629,7 +621,7 @@ index d9deb8a..2d37363 100644
*
* Samples are added via isc_entropy_addcallbacksample(), below.
* _addcallbacksample() is the only function which may be called from
@@ -233,15 +230,32 @@ isc_result_t
@@ -234,15 +231,32 @@ isc_result_t
isc_entropy_getdata(isc_entropy_t *ent, void *data, unsigned int length,
unsigned int *returned, unsigned int flags);
/*!<
@ -669,9 +661,9 @@ index d9deb8a..2d37363 100644
*/
void
@@ -306,13 +320,21 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
@@ -307,13 +321,21 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
void
isc_entropy_usehook(isc_entropy_t *ectx, isc_boolean_t onoff);
isc_entropy_usehook(isc_entropy_t *ectx, bool onoff);
/*!<
- * \brief Mark/unmark the given entropy structure as being hooked.
+ * \brief Configure entropy context 'ectx' to use the hook function
@ -694,7 +686,7 @@ index d9deb8a..2d37363 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
index ba53ebf..b575728 100644
index f8aed34..17c551b 100644
--- a/lib/isc/include/isc/random.h
+++ b/lib/isc/include/isc/random.h
@@ -9,8 +9,6 @@
@ -737,8 +729,8 @@ index ba53ebf..b575728 100644
ISC_LANG_BEGINDECLS
@@ -115,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
isc_uint16_t
isc_rng_uniformrandom(isc_rng_t *rngctx, isc_uint16_t upper_bound);
uint16_t
isc_rng_uniformrandom(isc_rng_t *rngctx, uint16_t upper_bound);
/*%<
- * Returns a uniformly distributed pseudo random 16-bit unsigned
- * integer.
@ -748,10 +740,10 @@ index ba53ebf..b575728 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 8d496ff..dd08187 100644
index cd797a6..589da07 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1106,7 +1106,7 @@ options_clauses[] = {
@@ -1109,7 +1109,7 @@ options_clauses[] = {
{ "pid-file", &cfg_type_qstringornone, 0 },
{ "port", &cfg_type_uint32, 0 },
{ "querylog", &cfg_type_boolean, 0 },

12
bind-95-rh452060.patch
View File

@ -1,34 +1,34 @@
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index f657c30..ff9a2d2 100644
index aa5315d..1fa711a 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1694,6 +1694,13 @@ clear_query(dig_query_t *query) {
@@ -1814,6 +1814,13 @@ clear_query(dig_query_t *query) {
if (query->timer != NULL)
isc_timer_detach(&query->timer);
+
+ if (query->waiting_senddone) {
+ debug("send_done not yet called");
+ query->pending_free = ISC_TRUE;
+ query->pending_free = true;
+ return;
+ }
+
lookup = query->lookup;
if (lookup->current_query == query)
@@ -1719,10 +1726,7 @@ clear_query(dig_query_t *query) {
@@ -1839,10 +1846,7 @@ clear_query(dig_query_t *query) {
isc_mempool_put(commctx, query->recvspace);
isc_buffer_invalidate(&query->recvbuf);
isc_buffer_invalidate(&query->lengthbuf);
- if (query->waiting_senddone)
- query->pending_free = ISC_TRUE;
- query->pending_free = true;
- else
- isc_mem_free(mctx, query);
+ isc_mem_free(mctx, query);
}
/*%
@@ -2811,9 +2815,9 @@ send_done(isc_task_t *_task, isc_event_t *event) {
@@ -2892,9 +2896,9 @@ send_done(isc_task_t *_task, isc_event_t *event) {
isc_event_free(&event);
if (query->pending_free)

25
bind.spec
View File

@ -2,7 +2,7 @@
# Red Hat BIND package .spec file
#
%global PATCHVER P2
#%%global PATCHVER P2
#%%global PREVER rc1
%global BINDVERSION %{version}%{?PREVER}%{?PATCHVER:-%{PATCHVER}}
@ -43,16 +43,16 @@
#
# lib*.so.X versions of selected libraries
%global sover_dns 1102
%global sover_isc 169
%global sover_irs 160
%global sover_isccfg 160
%global sover_dns 1104
%global sover_isc 1100
%global sover_irs 161
%global sover_isccfg 163
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.11.4
Release: 12%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Version: 9.11.5
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
#
@ -452,7 +452,7 @@ are used for building ISC DHCP.
%patch72 -p1 -b .64bit
%endif
%patch102 -p1 -b .rh452060
%patch106 -p0 -b .rh490837
%patch106 -p1 -b .rh490837
%patch109 -p1 -b .rh478718
%patch112 -p1 -b .rh645544
%patch130 -p1 -b .libdb
@ -1193,9 +1193,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%files libs
%{_libdir}/libbind9.so.160*
%{_libdir}/libisccc.so.160*
%{_libdir}/liblwres.so.160*
%{_libdir}/libbind9.so.161*
%{_libdir}/libisccc.so.161*
%{_libdir}/liblwres.so.161*
%files libs-lite
%{_libdir}/libdns.so.%{sover_dns}*
@ -1446,6 +1446,9 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Wed Oct 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-1
- Update to 9.11.5
* Tue Oct 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-12.P2
- Add Requires to devel packages referenced by bind-devel

74
bind93-rh490837.patch
View File

@ -1,13 +1,22 @@
? patch
? lib/isc/lex.c.rh490837
Index: lib/isc/lex.c
===================================================================
RCS file: /var/snap/bind9/lib/isc/lex.c,v
retrieving revision 1.86
diff -p -u -r1.86 lex.c
--- lib/isc/lex.c 17 Sep 2007 09:56:29 -0000 1.86
+++ lib/isc/lex.c 6 Apr 2009 13:24:15 -0000
@@ -425,17 +425,14 @@ isc_lex_gettoken(isc_lex_t *lex, unsigne
diff --git a/lib/isc/include/isc/stdio.h b/lib/isc/include/isc/stdio.h
index 1f44b5a..a3625f9 100644
--- a/lib/isc/include/isc/stdio.h
+++ b/lib/isc/include/isc/stdio.h
@@ -69,6 +69,9 @@ isc_stdio_sync(FILE *f);
* direct counterpart in the stdio library.
*/
+isc_result_t
+isc_stdio_fgetc(FILE *f, int *ret);
+
ISC_LANG_ENDDECLS
#endif /* ISC_STDIO_H */
diff --git a/lib/isc/lex.c b/lib/isc/lex.c
index a8955bc..fc6103b 100644
--- a/lib/isc/lex.c
+++ b/lib/isc/lex.c
@@ -434,17 +434,14 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) {
if (source->is_file) {
stream = source->input;
@ -28,34 +37,14 @@ diff -p -u -r1.86 lex.c
goto done;
}
+
source->at_eof = ISC_TRUE;
source->at_eof = true;
}
} else {
Index: lib/isc/include/isc/stdio.h
===================================================================
RCS file: /var/snap/bind9/lib/isc/include/isc/stdio.h,v
retrieving revision 1.13
diff -p -u -r1.13 stdio.h
--- lib/isc/include/isc/stdio.h 19 Jun 2007 23:47:18 -0000 1.13
+++ lib/isc/include/isc/stdio.h 6 Apr 2009 13:24:15 -0000
@@ -72,6 +72,9 @@ isc_stdio_sync(FILE *f);
* direct counterpart in the stdio library.
*/
+isc_result_t
+isc_stdio_fgetc(FILE *f, int *ret);
+
ISC_LANG_ENDDECLS
#endif /* ISC_STDIO_H */
Index: lib/isc/unix/errno2result.c
===================================================================
RCS file: /var/snap/bind9/lib/isc/unix/errno2result.c,v
retrieving revision 1.17
diff -p -u -r1.17 errno2result.c
--- lib/isc/unix/errno2result.c 19 Jun 2007 23:47:18 -0000 1.17
+++ lib/isc/unix/errno2result.c 6 Apr 2009 13:24:15 -0000
@@ -43,6 +43,7 @@ isc__errno2result(int posixerrno) {
diff --git a/lib/isc/unix/errno2result.c b/lib/isc/unix/errno2result.c
index 2f12bcc..5bfd648 100644
--- a/lib/isc/unix/errno2result.c
+++ b/lib/isc/unix/errno2result.c
@@ -40,6 +40,7 @@ isc___errno2result(int posixerrno, bool dolog,
case EINVAL: /* XXX sometimes this is not for files */
case ENAMETOOLONG:
case EBADF:
@ -63,14 +52,11 @@ diff -p -u -r1.17 errno2result.c
return (ISC_R_INVALIDFILE);
case ENOENT:
return (ISC_R_FILENOTFOUND);
Index: lib/isc/unix/stdio.c
===================================================================
RCS file: /var/snap/bind9/lib/isc/unix/stdio.c,v
retrieving revision 1.8
diff -p -u -r1.8 stdio.c
--- lib/isc/unix/stdio.c 19 Jun 2007 23:47:18 -0000 1.8
+++ lib/isc/unix/stdio.c 6 Apr 2009 13:24:15 -0000
@@ -115,3 +115,22 @@ isc_stdio_sync(FILE *f) {
diff --git a/lib/isc/unix/stdio.c b/lib/isc/unix/stdio.c
index e60fa65..77f0b13 100644
--- a/lib/isc/unix/stdio.c
+++ b/lib/isc/unix/stdio.c
@@ -149,3 +149,22 @@ isc_stdio_sync(FILE *f) {
return (isc__errno2result(errno));
}

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.4-P2.tar.gz) = 6c01810526fc40485a6c0403d1ddc3b76d2e59b3426b5789436bd671f158d2fa0ea7c0aef2de81998ec715dabd06683fed7b17224d5c794c61e7100a69d4cb60
SHA512 (bind-9.11.5.tar.gz) = 7e34c8033dabaed232479b1dc2849d1247c0137bcb2b63f08f8f72ff2cca0f73e0f05d0b9b8959f8c4db8ee36a700af30fe869be186c7bab7c81a25843384b8d
SHA512 (config-18.tar.bz2) = c0a0a1fd58a7e2c09fe69915b9a4c682d1b6c96e78583f63ce5355f663c9509d28facfd3aa078b228b69954d0af4bfa484ef661a9568aaafe6eade97dda3c3d9