Update to 9.16.4

Documentation changed and requires another commit.
This commit is contained in:
Petr Menšík 2020-06-18 04:08:57 +02:00
parent 23458b3db1
commit b8ccda0801
8 changed files with 174 additions and 199 deletions

View File

@ -12,7 +12,7 @@ index 9ad7f62..094775a 100644
TARGETS =
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index ef3e70c..1f5165a 100644
index c126bf3..1b7512d 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
@ -25,7 +25,7 @@ index ef3e70c..1f5165a 100644
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 7486bf0..7d791d1 100644
index ace0e5a..e0f6a00 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
@ -40,11 +40,11 @@ index 7486bf0..7d791d1 100644
+CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" -DUSE_PKCS11=1
CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
@ -72,7 +72,7 @@ index 7486bf0..7d791d1 100644
OBJS = dnssectool.@O@
@@ -64,19 +67,19 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@@ -52,19 +55,19 @@ SRCS = dnssec-cds.c dnssec-dsfromkey.c dnssec-importkey.c \
@BIND9_MAKE_RULES@
@ -96,7 +96,7 @@ index 7486bf0..7d791d1 100644
export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -84,7 +87,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
@@ -72,7 +75,7 @@ dnssec-signzone.@O@: dnssec-signzone.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-signzone.c
@ -105,7 +105,7 @@ index 7486bf0..7d791d1 100644
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
${FINALBUILDCMD}
@@ -92,19 +95,19 @@ dnssec-verify.@O@: dnssec-verify.c
@@ -80,19 +83,19 @@ dnssec-verify.@O@: dnssec-verify.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-verify.c
@ -129,26 +129,8 @@ index 7486bf0..7d791d1 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-importkey.@O@ ${OBJS} ${LIBS}
@@ -115,16 +118,14 @@ docclean manclean maintainer-clean::
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
install-man8: ${MANPAGES}
${INSTALL_DATA} $^ ${DESTDIR}${mandir}/man8
-install:: ${TARGETS} installdirs install-man8
+install:: ${TARGETS} installdirs
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir} || exit 1; done
uninstall::
- for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done
clean distclean::
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index cb187e5..1bcb249 100644
index ed9add2..90bcec7 100644
--- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in
@@ -37,13 +37,14 @@ DBDRIVER_LIBS =
@ -171,21 +153,21 @@ index cb187e5..1bcb249 100644
${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
${DBDRIVER_INCLUDES} \
@@ -53,24 +54,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${MAXMINDDB_CFLAGS} \
${ZLIB_CFLAGS}
@@ -54,24 +55,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${LIBXML2_CFLAGS} \
${MAXMINDDB_CFLAGS}
-CDEFINES = @CONTRIB_DLZ@
+CDEFINES =
CWARNINGS =
-DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
-NSLIBS = ../../lib/ns/libns.@A@
+NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@
@ -201,7 +183,7 @@ index cb187e5..1bcb249 100644
DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
@@ -87,7 +88,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
@@ -91,7 +92,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
SUBDIRS = unix
@ -210,7 +192,7 @@ index cb187e5..1bcb249 100644
GEOIP2LINKOBJS = geoip.@O@
@@ -151,7 +152,7 @@ server.@O@: server.c
@@ -149,7 +150,7 @@ server.@O@: server.c
-DPRODUCT=\"${PRODUCT}\" \
-DVERSION=\"${VERSION}\" -c ${srcdir}/server.c
@ -219,7 +201,7 @@ index cb187e5..1bcb249 100644
export MAKE_SYMTABLE="yes"; \
export BASEOBJS="${OBJS} ${UOBJS}"; \
${FINALBUILDCMD}
@@ -161,7 +162,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
@@ -159,7 +160,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-c ${top_srcdir}/bin/tests/system/feature-test.c
@ -228,28 +210,26 @@ index cb187e5..1bcb249 100644
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
-o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
@@ -194,13 +195,13 @@ install-man8: named.8
@@ -178,11 +179,11 @@ statschannel.@O@: bind9.xsl.h
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
install-man: install-man5 install-man8
-install:: named@EXEEXT@ installdirs install-man
-install:: named@EXEEXT@ installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
+install:: named-pkcs11@EXEEXT@ installdirs install-man
+install:: named-pkcs11@EXEEXT@ installdirs
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir}
uninstall::
rm -f ${DESTDIR}${mandir}/man5/named.conf.5
rm -f ${DESTDIR}${mandir}/man8/named.8
- ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@
+ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-pkcs11@EXEEXT@
@DLZ_DRIVER_RULES@
diff --git a/configure.ac b/configure.ac
index de6a248..e95ef36 100644
index 2ff68a5..2638ef2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1196,12 +1196,14 @@ AC_SUBST(USE_GSSAPI)
@@ -1214,12 +1214,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS"
@ -264,7 +244,7 @@ index de6a248..e95ef36 100644
#
# was --with-lmdb specified?
@@ -2296,6 +2298,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)
@@ -2281,6 +2283,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)
AC_SUBST(BIND9_NS_BUILDINCLUDE)
AC_SUBST(BIND9_BIND9_BUILDINCLUDE)
AC_SUBST(BIND9_IRS_BUILDINCLUDE)
@ -273,7 +253,7 @@ index de6a248..e95ef36 100644
if test "X$srcdir" != "X"; then
BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include"
BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include"
@@ -2304,6 +2308,8 @@ if test "X$srcdir" != "X"; then
@@ -2289,6 +2293,8 @@ if test "X$srcdir" != "X"; then
BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include"
BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include"
BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include"
@ -282,7 +262,7 @@ index de6a248..e95ef36 100644
else
BIND9_ISC_BUILDINCLUDE=""
BIND9_ISCCC_BUILDINCLUDE=""
@@ -2312,6 +2318,8 @@ else
@@ -2297,6 +2303,8 @@ else
BIND9_NS_BUILDINCLUDE=""
BIND9_BIND9_BUILDINCLUDE=""
BIND9_IRS_BUILDINCLUDE=""
@ -291,7 +271,7 @@ index de6a248..e95ef36 100644
fi
AC_SUBST_FILE(BIND9_MAKE_INCLUDES)
@@ -2771,8 +2779,11 @@ AC_CONFIG_FILES([
@@ -2757,8 +2765,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -303,7 +283,7 @@ index de6a248..e95ef36 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/plugins/Makefile
@@ -2843,6 +2854,10 @@ AC_CONFIG_FILES([
@@ -2820,6 +2831,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -314,7 +294,7 @@ index de6a248..e95ef36 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -2875,6 +2890,10 @@ AC_CONFIG_FILES([
@@ -2852,6 +2867,10 @@ AC_CONFIG_FILES([
lib/ns/include/Makefile
lib/ns/include/ns/Makefile
lib/ns/tests/Makefile
@ -339,19 +319,20 @@ index ffa2d5a..6fbc192 100644
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 0ef3b5f..80683c2 100644
index 8de85bf..d5c3c2b 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -26,14 +26,14 @@ VERSION=@BIND9_VERSION@
@@ -26,7 +26,7 @@ VERSION=@BIND9_VERSION@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
-CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
+CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \
${ISC_INCLUDES} \
${FSTRM_CFLAGS} \
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
${JSON_C_CFLAGS} \
${LIBXML2_CFLAGS} \
@@ -36,7 +36,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \
${LMDB_CFLAGS} \
${MAXMINDDB_CFLAGS}
-CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO}
@ -359,7 +340,7 @@ index 0ef3b5f..80683c2 100644
CWARNINGS =
@@ -139,15 +139,15 @@ version.@O@: version.c
@@ -142,15 +142,15 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
@ -379,7 +360,7 @@ index 0ef3b5f..80683c2 100644
include: gen
${MAKE} include/dns/enumtype.h
@@ -178,22 +178,22 @@ gen: gen.c
@@ -181,22 +181,22 @@ gen: gen.c
${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \
${BUILD_LIBS} ${LFS_LIBS}
@ -408,7 +389,7 @@ index 0ef3b5f..80683c2 100644
rm -f include/dns/rdatastruct.h
rm -f dnstap.pb-c.c dnstap.pb-c.h
diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in
index fd8ebb9..9384a4f 100644
index 8aec0a8..3c2cc04 100644
--- a/lib/dns-pkcs11/tests/Makefile.in
+++ b/lib/dns-pkcs11/tests/Makefile.in
@@ -15,14 +15,14 @@ VERSION=@BIND9_VERSION@
@ -421,20 +402,20 @@ index fd8ebb9..9384a4f 100644
-CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\""
+CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""
ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
ISCDEPLIBS = ../../isc/libisc.@A@
-DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-DNSLIBS = ../libdns.@A@ @NO_LIBTOOL_DNSLIBS@
-DNSDEPLIBS = ../libdns.@A@
+DNSLIBS = ../libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
+DNSLIBS = ../libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
+DNSDEPLIBS = ../libdns-pkcs11.@A@
LIBS = @LIBS@ @CMOCKA_LIBS@
diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in
index 97aaaf6..c7ffc7b 100644
index d00ddaf..b867afe 100644
--- a/lib/ns-pkcs11/Makefile.in
+++ b/lib/ns-pkcs11/Makefile.in
@@ -20,11 +20,11 @@ VERSION=@BIND9_VERSION@
@@ -20,12 +20,12 @@ VERSION=@BIND9_VERSION@
USE_ISC_SPNEGO = @USE_ISC_SPNEGO@
@ -442,26 +423,27 @@ index 97aaaf6..c7ffc7b 100644
- ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
+CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \
+ ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@
${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \
${FSTRM_CFLAGS}
-CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"
CWARNINGS =
@@ -32,9 +32,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS
@@ -33,9 +33,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@
ISCDEPLIBS = ../../lib/isc/libisc.@A@
-DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@
LIBS = @LIBS@
@@ -66,28 +66,28 @@ version.@O@: version.c
@@ -67,28 +67,28 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
@ -476,8 +458,8 @@ index 97aaaf6..c7ffc7b 100644
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns.la -rpath ${libdir} \
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns-pkcs11.la -rpath ${libdir} \
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
- ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
- ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
+ ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
-timestamp: libns.@A@
+timestamp: libns-pkcs11.@A@
@ -499,7 +481,7 @@ index 97aaaf6..c7ffc7b 100644
- rm -f libns.@A@ timestamp
+ rm -f libns-pkcs11.@A@ timestamp
diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in
index 70c77a4..87955a7 100644
index 7869c8e..789d6cb 100644
--- a/lib/ns-pkcs11/tests/Makefile.in
+++ b/lib/ns-pkcs11/tests/Makefile.in
@@ -21,17 +21,17 @@ WRAP_NAME = -Wl,-install_name,${top_builddir}/lib/ns/tests/$@
@ -513,13 +495,13 @@ index 70c77a4..87955a7 100644
-CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\"
+CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" @USE_PKCS11@
ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
ISCDEPLIBS = ../../isc/libisc.@A@
-DNSLIBS = ../../dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-DNSLIBS = ../../dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@
-DNSDEPLIBS = ../../dns/libdns.@A@
-NSLIBS = ../libns.@A@
-NSDEPLIBS = ../libns.@A@
+DNSLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@
+DNSLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@
+DNSDEPLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@
+NSLIBS = ../libns-pkcs11.@A@
+NSDEPLIBS = ../libns-pkcs11.@A@
@ -527,10 +509,10 @@ index 70c77a4..87955a7 100644
LIBS = @LIBS@ @CMOCKA_LIBS@
diff --git a/make/includes.in b/make/includes.in
index 48cdaf7..7b17738 100644
index 9ff1bd8..ebab049 100644
--- a/make/includes.in
+++ b/make/includes.in
@@ -39,3 +39,10 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
@@ -41,3 +41,10 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
TEST_INCLUDES = \
-I${top_srcdir}/lib/tests/include

View File

@ -1,4 +1,4 @@
From 64f29512679fd00c89473d93d8b22017b018dd8f Mon Sep 17 00:00:00 2001
From e645046202006750f87531e21e3ff7c26fba3466 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 30 Jan 2019 14:37:17 +0100
Subject: [PATCH] Create feature-test in source directory
@ -7,15 +7,15 @@ Feature-test tool is used in system tests to test compiled in changes.
Because we build more variants of named with different configuration,
compile feature-test for each of them this way.
---
bin/named/Makefile.in | 11 ++++++++++-
bin/named/Makefile.in | 12 +++++++++++-
bin/tests/system/conf.sh.in | 2 +-
2 files changed, 11 insertions(+), 2 deletions(-)
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index dd25774..cb187e5 100644
index 37053a7..ed9add2 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -87,7 +87,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
@@ -91,7 +91,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
SUBDIRS = unix
@ -24,7 +24,7 @@ index dd25774..cb187e5 100644
GEOIP2LINKOBJS = geoip.@O@
@@ -156,6 +156,15 @@ named@EXEEXT@: ${OBJS} ${DEPLIBS}
@@ -154,6 +154,16 @@ named@EXEEXT@: ${OBJS} ${DEPLIBS}
export BASEOBJS="${OBJS} ${UOBJS}"; \
${FINALBUILDCMD}
@ -37,11 +37,12 @@ index dd25774..cb187e5 100644
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
+ -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
+
doc man:: ${MANOBJS}
+
clean distclean maintainer-clean::
rm -f ${TARGETS} ${OBJS}
docclean manclean maintainer-clean::
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 2317bd8..5015d5c 100644
index 7934930..e84fde2 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -37,7 +37,7 @@ DELV=$TOP/bin/delv/delv
@ -54,5 +55,5 @@ index 2317bd8..5015d5c 100644
HOST=$TOP/bin/dig/host
IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
--
2.21.1
2.26.2

View File

@ -1,4 +1,4 @@
From 124c9e4c0500e7589ee63376e8f860f4abc675f2 Mon Sep 17 00:00:00 2001
From c42c0ff6f6e0e920356d99b9ed26ed52544621c2 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 18 Oct 2019 21:30:52 +0200
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
@ -13,7 +13,7 @@ Move it as normal define to CDEFINES.
3 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index 1f5165a..ef3e70c 100644
index 1b7512d..c126bf3 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@
@ -26,12 +26,12 @@ index 1f5165a..ef3e70c 100644
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
diff --git a/configure.ac b/configure.ac
index fde41dc..e5cc3cd 100644
index eaa6b12..2ff68a5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -889,10 +889,14 @@ AS_CASE([$enable_native_pkcs11],
AC_SUBST([PKCS11_TEST])
@@ -900,10 +900,14 @@ AC_SUBST([PKCS11_TEST])
AC_SUBST([PKCS11_TOOLS])
AC_SUBST([PKCS11_MANS])
+USE_PKCS11='-DUSE_PKCS11=0'
+USE_OPENSSL='-DUSE_OPENSSL=0'
@ -79,5 +79,5 @@ index 116e2d2..99bdf5b 100644
dst_hmac_key_t *hmac_key;
} keydata; /*%< pointer to key in crypto pkg fmt */
--
2.21.1
2.26.2

View File

@ -1,68 +1,74 @@
diff --git a/bin/named/named.8 b/bin/named/named.8
index ef10ef4..3150b22 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -349,6 +349,63 @@ The default configuration file\&.
/var/run/named/named\&.pid
.RS 4
The default process\-id file\&.
+.PP
+.SH "NOTES"
+.PP
+.TP
+\fBRed Hat SELinux BIND Security Profile:\fR
+.PP
From 86fd25f3f0c5189fa93e10c6afa1a1cffe639ade Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 17 Jun 2020 23:17:13 +0200
Subject: [PATCH] Update man named with Red Hat specifics
This is almost unmodified text and requires revalidation. Some of those
statements are no longer correct.
---
bin/named/named.rst | 49 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/bin/named/named.rst b/bin/named/named.rst
index 3c54a67..c44b6d7 100644
--- a/bin/named/named.rst
+++ b/bin/named/named.rst
@@ -228,6 +228,55 @@ Files
``/var/run/named/named.pid``
The default process-id file.
+Notes
+~~~~~
+
+**Red Hat SELinux BIND Security Profile:**
+
+By default, Red Hat ships BIND with the most secure SELinux policy
+that will not prevent normal BIND operation and will prevent exploitation
+of all known BIND security vulnerabilities . See the selinux(8) man page
+for information about SElinux.
+.PP
+
+It is not necessary to run named in a chroot environment if the Red Hat
+SELinux policy for named is enabled. When enabled, this policy is far
+more secure than a chroot environment. Users are recommended to enable
+SELinux and remove the bind-chroot package.
+.PP
+With this extra security comes some restrictions:
+.PP
+
+*With this extra security comes some restrictions:*
+
+By default, the SELinux policy does not allow named to write any master
+zone database files. Only the root user may create files in the $ROOTDIR/var/named
+zone database file directory (the options { "directory" } option), where
+$ROOTDIR is set in /etc/sysconfig/named.
+.PP
+
+The "named" group must be granted read privelege to
+these files in order for named to be enabled to read them.
+.PP
+
+Any file created in the zone database file directory is automatically assigned
+the SELinux file context named_zone_t .
+.PP
+By default, SELinux prevents any role from modifying named_zone_t files; this
+the SELinux file context *named_zone_t* .
+
+By default, SELinux prevents any role from modifying *named_zone_t* files; this
+means that files in the zone database directory cannot be modified by dynamic
+DNS (DDNS) updates or zone transfers.
+.PP
+
+The Red Hat BIND distribution and SELinux policy creates three directories where
+named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
+/var/named/data. By placing files you want named to modify, such as
+named is allowed to create and modify files: */var/named/slaves*, */var/named/dynamic*
+*/var/named/data*. By placing files you want named to modify, such as
+slave or DDNS updateable zone files and database / statistics dump files in
+these directories, named will work normally and no further operator action is
+required. Files in these directories are automatically assigned the 'named_cache_t'
+required. Files in these directories are automatically assigned the '*named_cache_t*'
+file context, which SELinux allows named to write.
+.PP
+\fBRed Hat BIND SDB support:\fR
+.PP
+
+**Red Hat BIND SDB support:**
+
+Red Hat ships named with compiled in Simplified Database Backend modules that ISC
+provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them
+.PP
+The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb.
+.PP
+provides in the "contrib/sdb" directory. Install **bind-sdb** package if you want use them
+
+The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into *named-sdb*.
+
+See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
+.br
+.PP
+\fBRed Hat system-config-bind:\fR
+.PP
+Red Hat provides the system-config-bind GUI to configure named.conf and zone
+database files. Run the "system-config-bind" command and access the manual
+by selecting the Help menu.
+.PP
.RE
.SH "SEE ALSO"
.PP
+
See Also
~~~~~~~~
--
2.26.2

View File

@ -1,8 +1,10 @@
--- bind-9.5.0b2/bin/named/Makefile.in.pie 2008-02-11 17:21:47.000000000 +0100
+++ bind-9.5.0b2/bin/named/Makefile.in 2008-02-11 17:22:10.000000000 +0100
@@ -100,8 +100,12 @@ HTMLPAGES = named.html lwresd.html named
MANOBJS = ${MANPAGES} ${HTMLPAGES}
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index eb622d1..37053a7 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -117,8 +117,12 @@ SRCS = builtin.c config.c control.c \
tkeyconf.c tsigconf.c zoneconf.c \
${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
+EXT_CFLAGS = -fpie
+
@ -13,10 +15,11 @@
main.@O@: main.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
diff -up bind-9.5.0b2/bin/named/unix/Makefile.in.pie bind-9.5.0b2/bin/named/unix/Makefile.in
--- bind-9.5.0b2/bin/named/unix/Makefile.in.pie 2008-02-11 17:22:21.000000000 +0100
+++ bind-9.5.0b2/bin/named/unix/Makefile.in 2008-02-11 17:23:00.000000000 +0100
@@ -19,6 +19,8 @@ srcdir = @srcdir@
diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in
index fd9ca8d..f1c102c 100644
--- a/bin/named/unix/Makefile.in
+++ b/bin/named/unix/Makefile.in
@@ -11,6 +11,8 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@

View File

@ -63,7 +63,7 @@
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.16.3
Version: 9.16.4
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
@ -98,7 +98,7 @@ Source49: named-chroot.files
# Common patches
Patch10: bind-9.5-PIE.patch
Patch16: bind-9.3.2-redhat_doc.patch
Patch16: bind-9.16-redhat_doc.patch
Patch72: bind-9.5-dlz-64bit.patch
Patch106:bind93-rh490837.patch
Patch112:bind97-rh645544.patch
@ -150,6 +150,8 @@ BuildRequires: selinux-policy
# needed for %%{__python3} macro
BuildRequires: python3-devel
BuildRequires: python3-ply
BuildRequires: python3-sphinx
BuildRequires: doxygen
BuildRequires: findutils sed
%if 0%{?fedora}
BuildRequires: gnupg2
@ -429,7 +431,7 @@ This package provides a module which allows commands to be sent to rndc directly
%patch112 -p1 -b .rh645544
%patch130 -p1 -b .libdb
%patch140 -p1 -b .rh1410433
%patch154 -p1 -b .oot-man
#%patch154 -p1 -b .oot-man # FIXME: sphinx replace?
%patch157 -p1 -b .fips-tests
%patch164 -p1 -b .rh1666814
%patch170 -p1 -b .featuretest-named
@ -1157,6 +1159,9 @@ fi;
%changelog
* Thu Jun 18 2020 Petr Menšík <pemensik@redhat.com> - 32:9.16.4-1
- Update to 9.16.4
* Wed May 20 2020 Petr Menšík <pemensik@redhat.com> - 32:9.16.3-1
- Update to 9.16.3
- Make initscripts just optional dependency

View File

@ -1,8 +1,8 @@
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 51bc368..20a17b9 100644
index 31549c6..65a14b6 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -1754,7 +1754,7 @@ log_edns(fetchctx_t *fctx) {
@@ -1762,7 +1762,7 @@ log_edns(fetchctx_t *fctx) {
*/
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
@ -11,7 +11,7 @@ index 51bc368..20a17b9 100644
"success resolving '%s' (in '%s'?) after %s", fctx->info,
domainbuf, fctx->reason);
}
@@ -5275,7 +5275,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
@@ -5298,7 +5298,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
@ -20,12 +20,12 @@ index 51bc368..20a17b9 100644
"lame server resolving '%s' (in '%s'?): %s", namebuf,
domainbuf, addrbuf);
}
@@ -5302,7 +5302,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) {
}
@@ -5316,7 +5316,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) {
isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
- DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
"DNS format error from %s resolving %s%s%s: %s", nsbuf,
fctx->info, clmsg, clbuf, msgbuf);
"DNS format error from %s resolving %s for %s: %s", nsbuf,
fctx->info, fctx->clientstr, msgbuf);
}

View File

@ -1,44 +1,22 @@
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 1079421..f11abd1 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1177,6 +1177,39 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</para>
</refsection>
diff --git a/bin/dig/dig.rst b/bin/dig/dig.rst
index 3c899ce..3e9957b 100644
--- a/bin/dig/dig.rst
+++ b/bin/dig/dig.rst
@@ -616,6 +616,17 @@ like to turn off the IDN support for some reason, use parameters
``+noidnin`` and ``+noidnout`` or define the IDN_DISABLE environment
variable.
+ <refsection><info><title>RETURN CODES</title></info>
+ <para>
+ <command>Dig</command> return codes are:
+ <variablelist>
+ <varlistentry>
+ <listitem>
+ <para>0: Everything went well, including things like NXDOMAIN</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <listitem>
+ <para>1: Usage error</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <listitem>
+ <para>8: Couldn't open batch file</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <listitem>
+ <para>9: No reply from server</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <listitem>
+ <para>10: Internal error</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ </refsection>
+Return codes
+~~~~~~~~~~~~
+
<refsection><info><title>FILES</title></info>
+``dig`` return codes are:
+
+ 0: Everything went well, including things like NXDOMAIN
+ 1: Usage error
+ 8: Couldn't open batch file
+ 9: No reply from server
+ 10: Internal error
+
Files
~~~~~
<para><filename>/etc/resolv.conf</filename>