rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update to 9.11.17

Browse Source 
Updated a bit SDB related patches.
This commit is contained in:
Petr Menšík 2020-03-31 20:16:14 +02:00
parent a1d448dbef
commit c223e3e275
12 changed files with 290 additions and 631 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -102,3 +102,5 @@ bind-9.7.2b1.tar.gz
/bind-9.11.13.tar.gz.asc
/bind-9.11.14.tar.gz
/bind-9.11.14.tar.gz.asc
/bind-9.11.17.tar.gz
/bind-9.11.17.tar.gz.asc

18
bind-9.10-sdb.patch
View File

@ -88,10 +88,10 @@ index 4cfed4d..c6b42b2 100644
@DLZ_DRIVER_RULES@
diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c
index 108b8d6..a943421 100644
index c9fc3cc..148ebb3 100644
--- a/bin/named-sdb/main.c
+++ b/bin/named-sdb/main.c
@@ -93,6 +93,10 @@
@@ -97,6 +97,10 @@
* Include header files for database drivers here.
*/
/* #include "xxdb.h" */
@ -102,7 +102,7 @@ index 108b8d6..a943421 100644
#ifdef CONTRIB_DLZ
/*
@@ -1069,6 +1073,11 @@ setup(void) {
@@ -1134,6 +1138,11 @@ setup(void) {
ns_main_earlyfatal("isc_app_start() failed: %s",
isc_result_totext(result));
@ -114,7 +114,7 @@ index 108b8d6..a943421 100644
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "starting %s %s%s%s <id:%s>",
ns_g_product, ns_g_version,
@@ -1269,6 +1278,75 @@ setup(void) {
@@ -1334,6 +1343,75 @@ setup(void) {
isc_result_totext(result));
#endif
@ -190,7 +190,7 @@ index 108b8d6..a943421 100644
ns_server_create(ns_g_mctx, &ns_g_server);
#ifdef HAVE_LIBSECCOMP
@@ -1311,6 +1389,11 @@ cleanup(void) {
@@ -1376,6 +1454,11 @@ cleanup(void) {
dns_name_destroy();
@ -297,10 +297,10 @@ index c7e0868..95ab742 100644
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/configure.ac b/configure.ac
index f6380b1..318e533 100644
index f85f45f..7d28c52 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5416,6 +5416,8 @@ AC_CONFIG_FILES([
@@ -5400,6 +5400,8 @@ AC_CONFIG_FILES([
bin/named/unix/Makefile
bin/named-pkcs11/Makefile
bin/named-pkcs11/unix/Makefile
@ -309,9 +309,9 @@ index f6380b1..318e533 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5440,6 +5442,7 @@ AC_CONFIG_FILES([
bin/python/isc/tests/dnskey_test.py
@@ -5424,6 +5426,7 @@ AC_CONFIG_FILES([
bin/python/isc/tests/policy_test.py
bin/python/isc/utils.py
bin/rndc/Makefile
+ bin/sdb_tools/Makefile
bin/tests/Makefile

47
bind-9.11-oot-gen.patch
View File

@ -1,47 +0,0 @@
From cb654ddde5953cab9dfde7173ea1ed14b51c3727 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sun, 22 Dec 2019 21:51:21 +0000
Subject: [PATCH] Merge branch
'1530-lib-dns-gen-c-29-26-fatal-error-isc-platform-h-no-such-file-or-directory-v9_11'
into 'v9_11'
Resolve "lib/dns/gen.c:29:26: fatal error: isc/platform.h: No such file or directory"
See merge request isc-projects/bind9!2794
(cherry picked from commit 335ab375d6a0227fb362722acad22f2a5b75d8b7)
---
lib/dns/gen.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/dns/gen.c b/lib/dns/gen.c
index 81bc7ada1d..5fbdc3bfd3 100644
--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@@ -26,18 +26,18 @@
#include <sys/types.h>
-#include <isc/platform.h>
-
#include <ctype.h>
+#include <errno.h>
#include <limits.h>
#include <stdint.h>
-#include <stdlib.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
-#include <errno.h>
-#include <limits.h>
+
+#ifndef PATH_MAX
+#define PATH_MAX 1024
+#endif
#ifdef WIN32
#include "gen-win32.h"
--
2.21.0

159
bind-9.11-rh1736762-6.patch
View File

@ -1,159 +0,0 @@
From 638561615c37e8eace986e268811335c12d1b6a1 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Dec 2019 20:41:44 +1100
Subject: [PATCH] give zspill its own lock
(cherry picked from commit a52189e8e67a20097539fe3e6f7da4e4c01dc340)
---
lib/dns/resolver.c | 45 +++++++++++++++++++++++++++++----------------
1 file changed, 29 insertions(+), 16 deletions(-)
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 9f65c0596a..04367f82c6 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -460,20 +460,21 @@ struct dns_resolver {
isc_mutex_t lock;
isc_mutex_t nlock;
isc_mutex_t primelock;
+ isc_mutex_t zspill_lock;
dns_rdataclass_t rdclass;
isc_socketmgr_t * socketmgr;
isc_timermgr_t * timermgr;
isc_taskmgr_t * taskmgr;
dns_view_t * view;
- bool frozen;
+ bool frozen;
unsigned int options;
dns_dispatchmgr_t * dispatchmgr;
dns_dispatchset_t * dispatches4;
- bool exclusivev4;
+ bool exclusivev4;
dns_dispatchset_t * dispatches6;
isc_dscp_t querydscp4;
isc_dscp_t querydscp6;
- bool exclusivev6;
+ bool exclusivev6;
unsigned int nbuckets;
fctxbucket_t * buckets;
zonebucket_t * dbuckets;
@@ -492,7 +493,7 @@ struct dns_resolver {
unsigned int spillatmax;
unsigned int spillatmin;
isc_timer_t * spillattimer;
- bool zero_no_soa_ttl;
+ bool zero_no_soa_ttl;
unsigned int query_timeout;
unsigned int maxdepth;
unsigned int maxqueries;
@@ -502,14 +503,16 @@ struct dns_resolver {
unsigned int retryinterval; /* in milliseconds */
unsigned int nonbackofftries;
+ /* Locked by lock. */
+ unsigned int zspill; /* fetches-per-zone */
+
/* Locked by lock. */
unsigned int references;
- bool exiting;
+ bool exiting;
isc_eventlist_t whenshutdown;
unsigned int activebuckets;
- bool priming;
+ bool priming;
unsigned int spillat; /* clients-per-query */
- unsigned int zspill; /* fetches-per-zone */
dns_badcache_t * badcache; /* Bad cache. */
@@ -1257,7 +1260,7 @@ fcount_incr(fetchctx_t *fctx, bool force) {
isc_result_t result = ISC_R_SUCCESS;
zonebucket_t *dbucket;
fctxcount_t *counter;
- unsigned int bucketnum, spill;
+ unsigned int bucketnum;
REQUIRE(fctx != NULL);
REQUIRE(fctx->res != NULL);
@@ -1266,10 +1269,6 @@ fcount_incr(fetchctx_t *fctx, bool force) {
bucketnum = dns_name_fullhash(&fctx->domain, false)
% RES_DOMAIN_BUCKETS;
- LOCK(&fctx->res->lock);
- spill = fctx->res->zspill;
- UNLOCK(&fctx->res->lock);
-
dbucket = &fctx->res->dbuckets[bucketnum];
LOCK(&dbucket->lock);
@@ -1297,6 +1296,12 @@ fcount_incr(fetchctx_t *fctx, bool force) {
ISC_LIST_APPEND(dbucket->list, counter, link);
}
} else {
+ unsigned int spill;
+
+ LOCK(&fctx->res->zspill_lock);
+ spill = fctx->res->zspill;
+ UNLOCK(&fctx->res->zspill_lock);
+
if (!force && spill != 0 && counter->count >= spill) {
counter->dropped++;
fcount_logspill(fctx, counter);
@@ -8811,6 +8816,7 @@ destroy(dns_resolver_t *res) {
INSIST(res->nfctx == 0);
+ DESTROYLOCK(&res->zspill_lock);
DESTROYLOCK(&res->primelock);
DESTROYLOCK(&res->nlock);
DESTROYLOCK(&res->lock);
@@ -9089,10 +9095,14 @@ dns_resolver_create(dns_view_t *view,
if (result != ISC_R_SUCCESS)
goto cleanup_nlock;
+ result = isc_mutex_init(&res->zspill_lock);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_primelock;
+
task = NULL;
result = isc_task_create(taskmgr, 0, &task);
if (result != ISC_R_SUCCESS)
- goto cleanup_primelock;
+ goto cleanup_zspill_lock;
isc_task_setname(task, "resolver_task", NULL);
result = isc_timer_create(timermgr, isc_timertype_inactive, NULL, NULL,
@@ -9100,7 +9110,7 @@ dns_resolver_create(dns_view_t *view,
&res->spillattimer);
isc_task_detach(&task);
if (result != ISC_R_SUCCESS)
- goto cleanup_primelock;
+ goto cleanup_zspill_lock;
#if USE_ALGLOCK
result = isc_rwlock_init(&res->alglock, 0, 0);
@@ -9133,6 +9143,9 @@ dns_resolver_create(dns_view_t *view,
isc_timer_detach(&res->spillattimer);
#endif
+ cleanup_zspill_lock:
+ DESTROYLOCK(&res->zspill_lock);
+
cleanup_primelock:
DESTROYLOCK(&res->primelock);
@@ -10275,9 +10288,9 @@ dns_resolver_setfetchesperzone(dns_resolver_t *resolver, uint32_t clients)
{
REQUIRE(VALID_RESOLVER(resolver));
- LOCK(&resolver->lock);
+ LOCK(&resolver->zspill_lock);
resolver->zspill = clients;
- UNLOCK(&resolver->lock);
+ UNLOCK(&resolver->zspill_lock);
}
--
2.21.0

77
bind-9.11-rh1736762-7.patch
View File

@ -1,77 +0,0 @@
From 23a6775f62deeee63e9f7927be387fecf23a8074 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 10 Dec 2019 10:02:09 +0100
Subject: [PATCH] Ensure all zone_settimer() calls are done on locked zone
(cherry picked from commit cf48e8eb326f824170f2069e5d5c33992b1783a4)
(cherry picked from commit 3bac7e98074643ff62582545e5840e4195517b07)
---
lib/dns/zone.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index e8cff77588..db837aae50 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -10291,7 +10291,9 @@ zone_maintenance(dns_zone_t *zone) {
default:
break;
}
+ LOCK_ZONE(zone);
zone_settimer(zone, &now);
+ UNLOCK_ZONE(zone);
}
void
@@ -13081,6 +13083,7 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) {
isc_result_t result;
REQUIRE(DNS_ZONE_VALID(zone));
+ REQUIRE(LOCKED_ZONE(zone));
ENTER;
if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING))
@@ -18405,6 +18408,7 @@ zone_rekey(dns_zone_t *zone) {
UNLOCK_ZONE(zone);
}
+ LOCK_ZONE(zone);
isc_time_settoepoch(&zone->refreshkeytime);
/*
@@ -18416,11 +18420,9 @@ zone_rekey(dns_zone_t *zone) {
isc_time_t timethen;
isc_stdtime_t then;
- LOCK_ZONE(zone);
DNS_ZONE_TIME_ADD(&timenow, zone->refreshkeyinterval,
&timethen);
zone->refreshkeytime = timethen;
- UNLOCK_ZONE(zone);
for (key = ISC_LIST_HEAD(dnskeys);
key != NULL;
@@ -18431,12 +18433,10 @@ zone_rekey(dns_zone_t *zone) {
continue;
DNS_ZONE_TIME_ADD(&timenow, then - now, &timethen);
- LOCK_ZONE(zone);
if (isc_time_compare(&timethen,
&zone->refreshkeytime) < 0) {
zone->refreshkeytime = timethen;
}
- UNLOCK_ZONE(zone);
}
zone_settimer(zone, &timenow);
@@ -18444,6 +18444,7 @@ zone_rekey(dns_zone_t *zone) {
isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80);
dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf);
}
+ UNLOCK_ZONE(zone);
done:
dns_diff_clear(&diff);
--
2.21.0

38
bind-9.11-rh1736762-8.patch
View File

@ -1,38 +0,0 @@
From 7e844b093b0442bdc5cdc5aefd56fdc05f9be88f Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Dec 2019 19:17:39 +1100
Subject: [PATCH] acquire task lock before calling push_readyq for task->flags
access
(cherry picked from commit 7c94d2cd7dfaa3f04cd86ad9ed97e8366a774a4c)
---
lib/isc/task.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/isc/task.c b/lib/isc/task.c
index 329604a465..f9c4354bd2 100644
--- a/lib/isc/task.c
+++ b/lib/isc/task.c
@@ -473,7 +473,9 @@ task_ready(isc__task_t *task) {
XTRACE("task_ready");
LOCK(&manager->lock);
+ LOCK(&task->lock);
push_readyq(manager, task);
+ UNLOCK(&task->lock);
#ifdef USE_WORKER_THREADS
if (manager->mode == isc_taskmgrmode_normal || has_privilege)
SIGNAL(&manager->work_available);
@@ -1263,7 +1265,9 @@ dispatch(isc__taskmgr_t *manager) {
* might even hurt rather than help.
*/
#ifdef USE_WORKER_THREADS
+ LOCK(&task->lock);
push_readyq(manager, task);
+ UNLOCK(&task->lock);
#else
ENQUEUE(new_ready_tasks, task, ready_link);
if ((task->flags & TASK_F_PRIVILEGED) != 0)
--
2.21.0

86
bind-9.11-rt31459.patch
View File

@ -1,4 +1,4 @@
From e83a6723d84e4c4400ca646077393a24b092c623 Mon Sep 17 00:00:00 2001
From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 12 Sep 2017 19:05:46 -0700
Subject: [PATCH] rebased rt31459c
@ -199,7 +199,7 @@ index 7afcaee..1cfa511 100644
if (verbose > 10)
isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 71f5672..9b100ca 100644
index 319a805..27ae4d4 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) {
@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644
rdclass = strtoclass(classname);
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 9d2a016..a9f90b6 100644
index 618ec5b..5654435 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -34,6 +34,7 @@
@ -293,7 +293,7 @@ index 9d2a016..a9f90b6 100644
usekeyboard);
diff --git a/bin/named/server.c b/bin/named/server.c
index 5a860e4..21c340c 100644
index 4e503e5..f27071f 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -36,6 +36,7 @@
@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644
parse_args(false, argc, argv);
if (server == NULL)
diff --git a/configure b/configure
index aab472a..b686178 100755
index 6d05371..33689c9 100755
--- a/configure
+++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\
@ -699,7 +699,7 @@ index aab472a..b686178 100755
BUILD_LIBS
BUILD_LDFLAGS
BUILD_CPPFLAGS
@@ -821,6 +822,7 @@ XMLSTATS
@@ -823,6 +824,7 @@ LIBXML2_CFLAGS
NZDTARGETS
NZDSRCS
NZD_TOOLS
@ -707,7 +707,7 @@ index aab472a..b686178 100755
PKCS11_TEST
PKCS11_ED25519
PKCS11_GOST
@@ -1045,6 +1047,7 @@ with_eddsa
@@ -1047,6 +1049,7 @@ with_eddsa
with_aes
enable_openssl_hash
with_cc_alg
@ -715,7 +715,7 @@ index aab472a..b686178 100755
with_lmdb
with_libxml2
with_libjson
@@ -1745,6 +1748,7 @@ Optional Features:
@@ -1749,6 +1752,7 @@ Optional Features:
--enable-threads enable multithreading
--enable-native-pkcs11 use native PKCS11 for all crypto [default=no]
--enable-openssl-hash use OpenSSL for hash functions [default=no]
@ -723,7 +723,7 @@ index aab472a..b686178 100755
--enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace
@@ -17135,6 +17139,7 @@ case "$use_openssl" in
@@ -17144,6 +17148,7 @@ case "$use_openssl" in
$as_echo "disabled because of native PKCS11" >&6; }
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -731,7 +731,7 @@ index aab472a..b686178 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -17149,6 +17154,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
@@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
$as_echo "no" >&6; }
DST_OPENSSL_INC=""
CRYPTO=""
@ -739,7 +739,7 @@ index aab472a..b686178 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -17161,6 +17167,7 @@ $as_echo "no" >&6; }
@@ -17170,6 +17176,7 @@ $as_echo "no" >&6; }
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -747,7 +747,7 @@ index aab472a..b686178 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -17170,7 +17177,7 @@ $as_echo "no" >&6; }
@@ -17179,7 +17186,7 @@ $as_echo "no" >&6; }
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -756,7 +756,7 @@ index aab472a..b686178 100755
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -17201,6 +17208,7 @@ $as_echo "not found" >&6; }
@@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; }
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
fi
CRYPTO='-DOPENSSL'
@ -764,7 +764,7 @@ index aab472a..b686178 100755
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -17826,8 +17834,6 @@ fi
@@ -17835,8 +17843,6 @@ fi
# Use OpenSSL for hash functions
#
@ -773,7 +773,7 @@ index aab472a..b686178 100755
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -18202,6 +18208,86 @@ if test "rt" = "$have_clock_gt"; then
@@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -860,7 +860,7 @@ index aab472a..b686178 100755
#
# was --with-lmdb specified?
#
@@ -20284,9 +20370,12 @@ _ACEOF
@@ -20441,9 +20527,12 @@ _ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
$as_echo "size_t for buflen; int for flags" >&6; }
@ -875,7 +875,7 @@ index aab472a..b686178 100755
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
@@ -21601,12 +21690,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -889,7 +889,7 @@ index aab472a..b686178 100755
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364.
@@ -21639,6 +21723,11 @@ cat >>confdefs.h <<_ACEOF
@@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
@ -901,7 +901,7 @@ index aab472a..b686178 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21647,39 +21736,6 @@ _ACEOF
@@ -21804,39 +21893,6 @@ _ACEOF
fi
;;
x86_64-*|amd64-*)
@ -941,7 +941,7 @@ index aab472a..b686178 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21710,6 +21766,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
@@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
$as_echo "$arch" >&6; }
fi
@ -952,7 +952,7 @@ index aab472a..b686178 100755
if test "yes" = "$have_atomic"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
$as_echo_n "checking compiler support for inline assembly code... " >&6; }
@@ -24264,6 +24324,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
@@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
#
dlzdir='${DLZ_DRIVER_DIR}'
@ -983,7 +983,7 @@ index aab472a..b686178 100755
#
# Private autoconf macro to simplify configuring drivers:
#
@@ -24594,11 +24678,11 @@ $as_echo "no" >&6; }
@@ -24751,11 +24835,11 @@ $as_echo "no" >&6; }
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
;;
*)
@ -998,7 +998,7 @@ index aab472a..b686178 100755
fi
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
@@ -24683,7 +24767,7 @@ $as_echo "" >&6; }
@@ -24840,7 +24924,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
@ -1007,7 +1007,7 @@ index aab472a..b686178 100755
# include a blank element first
for d in "" $bdb_incdirs
do
@@ -24708,57 +24792,9 @@ $as_echo "" >&6; }
@@ -24865,57 +24949,9 @@ $as_echo "" >&6; }
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
for d in $bdb_libnames
do
@ -1067,7 +1067,7 @@ index aab472a..b686178 100755
break
fi
done
@@ -24917,10 +24953,10 @@ $as_echo "no" >&6; }
@@ -25074,10 +25110,10 @@ $as_echo "no" >&6; }
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
fi
@ -1081,7 +1081,7 @@ index aab472a..b686178 100755
fi
@@ -25006,11 +25042,11 @@ fi
@@ -25163,11 +25199,11 @@ fi
odbcdirs="/usr /usr/local /usr/pkg"
for d in $odbcdirs
do
@ -1095,7 +1095,7 @@ index aab472a..b686178 100755
break
fi
done
@@ -25285,6 +25321,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1104,7 +1104,7 @@ index aab472a..b686178 100755
#
# Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody
@@ -27661,6 +27699,8 @@ report() {
@@ -27819,6 +27857,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1113,7 +1113,7 @@ index aab472a..b686178 100755
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -27701,6 +27741,8 @@ report() {
@@ -27859,6 +27899,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1122,7 +1122,7 @@ index aab472a..b686178 100755
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -27748,6 +27790,8 @@ report() {
@@ -27906,6 +27948,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1132,7 +1132,7 @@ index aab472a..b686178 100755
test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/configure.ac b/configure.ac
index 0e16cc8..dd0055d 100644
index d10cde5..68bead8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1550,6 +1550,7 @@ case "$use_openssl" in
@ -1252,7 +1252,7 @@ index 0e16cc8..dd0055d 100644
#
# was --with-lmdb specified?
#
@@ -4118,12 +4182,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -1266,7 +1266,7 @@ index 0e16cc8..dd0055d 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -4132,7 +4196,6 @@ if test "yes" = "$use_atomic"; then
@@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then
fi
;;
x86_64-*|amd64-*)
@ -1274,7 +1274,7 @@ index 0e16cc8..dd0055d 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -5537,6 +5600,8 @@ report() {
@@ -5518,6 +5581,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1283,7 +1283,7 @@ index 0e16cc8..dd0055d 100644
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -5577,6 +5642,8 @@ report() {
@@ -5558,6 +5623,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1292,7 +1292,7 @@ index 0e16cc8..dd0055d 100644
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -5624,6 +5691,8 @@ report() {
@@ -5605,6 +5672,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1863,7 +1863,7 @@ index 63be973..40b21fa 100644
dst_region_computerid
dst_result_register
diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c
index ab2f617..ed05ed6 100644
index 907e470..451544d 100644
--- a/lib/isc/entropy.c
+++ b/lib/isc/entropy.c
@@ -104,11 +104,15 @@ struct isc_entropy {
@ -1921,10 +1921,10 @@ index ab2f617..ed05ed6 100644
+ hook = myhook;
+}
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index 4bba8e1..632166a 100644
index e8733db..c40a18c 100644
--- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h
@@ -304,6 +304,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
@@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
* isc_entropy_createcallbacksource().
*/
@ -1944,7 +1944,7 @@ index 4bba8e1..632166a 100644
#endif /* ISC_ENTROPY_H */
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
index 4192946..dbd1560 100644
index 61960f1..d22993d 100644
--- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in
@@ -359,6 +359,11 @@
@ -2015,7 +2015,7 @@ index 8ade705..fa72f9d 100644
* Define if the hash functions must be provided by OpenSSL.
*/
diff --git a/win32utils/Configure b/win32utils/Configure
index 953f2aa..55cc929 100644
index 79d682e..6c78cb2 100644
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
@ -2038,7 +2038,7 @@ index 953f2aa..55cc929 100644
"isc-spnego",
@@ -580,6 +582,7 @@ my @help = (
"\nOptional Features:\n",
" enable-intrinsics enable instrinsic/atomic functions [default=yes]\n",
" enable-intrinsics enable intrinsic/atomic functions [default=yes]\n",
" enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n",
+" enable-crypto-rand use crypto provider for random [default=yes]\n",
" enable-openssl-hash use OpenSSL for hash functions [default=yes]\n",
@ -2118,5 +2118,5 @@ index 953f2aa..55cc929 100644
# --enable-openssl-hash supported
# --enable-threads included without a way to disable it
--
2.21.0
2.21.1

96
bind-9.11-rt46047.patch
View File

@ -1,4 +1,4 @@
From 5a465424f5249ceaf0547ab90361a16eb08f7a2b Mon Sep 17 00:00:00 2001
From 344c19ad4b3f058e65a4b41650bb0ee20692cc5c Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 28 Sep 2017 10:09:22 -0700
Subject: [PATCH] completed and corrected the crypto-random change
@ -39,15 +39,15 @@ Subject: [PATCH] completed and corrected the crypto-random change
bin/tests/system/tkey/keycreate.c | 4 +-
bin/tests/system/tkey/keydelete.c | 5 +--
doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++-------
doc/arm/notes-rh-changes.xml | 43 ++++++++++++++++++
doc/arm/notes-rh-changes.xml | 42 ++++++++++++++++++
doc/arm/notes.xml | 1 +
lib/dns/dst_api.c | 4 +-
lib/dns/include/dst/dst.h | 14 +++++-
lib/dns/openssl_link.c | 3 +-
lib/isc/include/isc/entropy.h | 50 +++++++++++++++------
lib/isc/include/isc/entropy.h | 48 +++++++++++++++------
lib/isc/include/isc/random.h | 28 +++++++-----
lib/isccfg/namedconf.c | 2 +-
23 files changed, 241 insertions(+), 106 deletions(-)
23 files changed, 240 insertions(+), 104 deletions(-)
create mode 100644 doc/arm/notes-rh-changes.xml
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
@ -78,10 +78,10 @@ index 295e16f..0f79aa8 100644
&entropy_source,
randomfile,
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 0ae6b41..4562430 100644
index 1826919..96543fc 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -348,15 +348,23 @@
@@ -349,15 +349,23 @@
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
@ -114,7 +114,7 @@ index 0ae6b41..4562430 100644
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 31a99e7..38c83ed 100644
index 5654435..24c0d5a 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@ -142,10 +142,10 @@ index 31a99e7..38c83ed 100644
usekeyboard);
diff --git a/bin/named/client.c b/bin/named/client.c
index 50fa2cd..524d9a3 100644
index 9a0d3c8..c573177 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1762,7 +1762,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_stdtime_get(&now);
@ -223,7 +223,7 @@ index d955c2f..40621f2 100644
} else
eresult = ns_control_docommand(request, listener->readonly, &text);
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 7ee8f66..8982d26 100644
index 3f96b7b..c92922e 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -20,6 +20,7 @@
@ -255,7 +255,7 @@ index 9dea7c1..272d300 100644
#include <isc/task.h>
#include <isc/util.h>
diff --git a/bin/named/query.c b/bin/named/query.c
index c9e5469..0940714 100644
index 203f1e6..25eeced 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -19,6 +19,7 @@
@ -267,10 +267,10 @@ index c9e5469..0940714 100644
#include <isc/serial.h>
#include <isc/stats.h>
diff --git a/bin/named/server.c b/bin/named/server.c
index 36fc047..3c1eec0 100644
index f27071f..f132c19 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8208,21 +8208,32 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8210,21 +8210,32 @@ load_configuration(const char *filename, ns_server_t *server,
* Open the source of entropy.
*/
if (first_time) {
@ -312,7 +312,7 @@ index 36fc047..3c1eec0 100644
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
level = ISC_LOG_INFO;
@@ -8233,8 +8244,8 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8235,8 +8246,8 @@ load_configuration(const char *filename, ns_server_t *server,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
level,
@ -323,7 +323,7 @@ index 36fc047..3c1eec0 100644
randomdev,
isc_result_totext(result));
}
@@ -8254,7 +8265,6 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8256,7 +8267,6 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -331,7 +331,7 @@ index 36fc047..3c1eec0 100644
#endif
}
@@ -9022,6 +9032,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9025,6 +9035,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->in_roothints = NULL;
server->blackholeacl = NULL;
server->keepresporder = NULL;
@ -339,7 +339,7 @@ index 36fc047..3c1eec0 100644
/* Must be first. */
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
@@ -9048,6 +9059,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9051,6 +9062,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
@ -349,7 +349,7 @@ index 36fc047..3c1eec0 100644
/*
* Setup the server task, which is responsible for coordinating
@@ -9254,7 +9268,8 @@ ns_server_destroy(ns_server_t **serverp) {
@@ -9257,7 +9271,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr);
@ -359,7 +359,7 @@ index 36fc047..3c1eec0 100644
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@@ -13230,10 +13245,10 @@ newzone_cfgctx_destroy(void **cfgp) {
@@ -13263,10 +13278,10 @@ newzone_cfgctx_destroy(void **cfgp) {
static isc_result_t
generate_salt(unsigned char *salt, size_t saltlen) {
@ -372,7 +372,7 @@ index 36fc047..3c1eec0 100644
} rnd;
unsigned char text[512 + 1];
isc_region_t r;
@@ -13243,9 +13258,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
@@ -13276,9 +13291,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
if (saltlen > 256U)
return (ISC_R_RANGE);
@ -455,10 +455,10 @@ index 2146f9b..64b8e74 100644
}
#endif
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 33e06e6..539973c 100644
index 93c7a08..bb1e81d 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -5076,22 +5076,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -5081,22 +5081,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<term><command>random-device</command></term>
<listitem>
<para>
@ -522,11 +522,10 @@ index 33e06e6..539973c 100644
</varlistentry>
diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml
new file mode 100644
index 0000000..11c3a7c
index 0000000..89a4961
--- /dev/null
+++ b/doc/arm/notes-rh-changes.xml
@@ -0,0 +1,43 @@
+
@@ -0,0 +1,42 @@
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
@ -570,10 +569,10 @@ index 0000000..11c3a7c
+</section>
+
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index b16dab6..763ff7e 100644
index 589a347..052a0bd 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -36,6 +36,7 @@
@@ -40,6 +40,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/>
@ -582,7 +581,7 @@ index b16dab6..763ff7e 100644
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-thankyou.xml"/>
</section>
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 1614afa..0f52df9 100644
index 1eccbe7..1933993 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -2017,10 +2017,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
@ -625,7 +624,7 @@ index 6813c96..665574d 100644
bool
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 6849732..e00a0e4 100644
index ffe0a69..5e48686 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) {
@ -639,19 +638,10 @@ index 6849732..e00a0e4 100644
#ifndef DONT_REQUIRE_DST_LIB_INIT
INSIST(dst__memory_pool != NULL);
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index 632166a..c7cb17d 100644
index c40a18c..c7cb17d 100644
--- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h
@@ -9,8 +9,6 @@
* information regarding copyright ownership.
*/
-/* $Id: entropy.h,v 1.35 2009/10/19 02:37:08 marka Exp $ */
-
#ifndef ISC_ENTROPY_H
#define ISC_ENTROPY_H 1
@@ -191,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
@@ -189,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
/*!<
* \brief Create an entropy source that is polled via a callback.
*
@ -663,18 +653,23 @@ index 632166a..c7cb17d 100644
*
* Samples are added via isc_entropy_addcallbacksample(), below.
* _addcallbacksample() is the only function which may be called from
@@ -234,15 +231,32 @@ isc_result_t
@@ -232,15 +231,32 @@ isc_result_t
isc_entropy_getdata(isc_entropy_t *ent, void *data, unsigned int length,
unsigned int *returned, unsigned int flags);
/*!<
- * \brief Extract data from the entropy pool. This may load the pool from various
- * sources.
+ * \brief Get random data from entropy pool 'ent'.
+ *
*
- * Do this by stirring the pool and returning a part of hash as randomness.
- * Note that no secrets are given away here since parts of the hash are
- * xored together before returned.
+ * If a hook has been set up using isc_entropy_sethook() and
+ * isc_entropy_usehook(), then the hook function will be called to get
+ * random data.
+ *
*
- * Honor the request from the caller to only return good data, any data,
- * etc.
+ * Otherwise, randomness is extracted from the entropy pool set up in BIND.
+ * This may cause the pool to be loaded from various sources. Ths is done
+ * by stirring the pool and returning a part of hash as randomness.
@ -685,17 +680,12 @@ index 632166a..c7cb17d 100644
+ * ISC_ENTROPY_BLOCKING. These will be honored if the hook function is
+ * not in use. If it is, the flags will be passed to the hook function
+ * but it may ignore them.
*
- * Do this by stiring the pool and returning a part of hash as randomness.
- * Note that no secrets are given away here since parts of the hash are
- * xored together before returned.
+ *
+ * Up to 'length' bytes of randomness are retrieved and copied into 'data'.
+ * (If 'returned' is not NULL, and the number of bytes copied is less than
+ * 'length' - which may happen if ISC_ENTROPY_PARTIAL was used - then the
+ * number of bytes copied will be stored in *returned.)
*
- * Honor the request from the caller to only return good data, any data,
- * etc.
+ *
+ * Returns:
+ * \li ISC_R_SUCCESS on success
+ * \li ISC_R_NOENTROPY if entropy pool is empty
@ -703,7 +693,7 @@ index 632166a..c7cb17d 100644
*/
void
@@ -307,13 +321,21 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
@@ -305,13 +321,21 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
void
isc_entropy_usehook(isc_entropy_t *ectx, bool onoff);
/*!<
@ -782,7 +772,7 @@ index f8aed34..17c551b 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 03890a3..7bad989 100644
index 1c45d5c..91693b5 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1109,7 +1109,7 @@ options_clauses[] = {
@ -795,5 +785,5 @@ index 03890a3..7bad989 100644
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reserved-sockets", &cfg_type_uint32, 0 },
--
2.20.1
2.21.1

153
bind-9.11-serve-stale.patch
View File

@ -1,4 +1,4 @@
From 3829de3d5caba113d5a8560c5ff0d2a32b57a7fc Mon Sep 17 00:00:00 2001
From 521fc8dcc0ac064ae8bc521418f5b03f0ceec657 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 7 Nov 2019 14:31:03 +0100
Subject: [PATCH] Implement serve-stale in 9.11
@ -257,13 +257,13 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
lib/dns/master.c | 14 +-
lib/dns/masterdump.c | 23 +
lib/dns/rbtdb.c | 207 ++++++-
lib/dns/resolver.c | 78 ++-
lib/dns/resolver.c | 79 ++-
lib/dns/sdb.c | 4 +-
lib/dns/sdlz.c | 4 +-
lib/dns/tests/db_test.c | 198 ++++++-
lib/dns/view.c | 3 +
lib/isccfg/namedconf.c | 5 +
48 files changed, 2121 insertions(+), 102 deletions(-)
48 files changed, 2122 insertions(+), 102 deletions(-)
create mode 100644 bin/tests/system/serve-stale/.gitignore
create mode 100644 bin/tests/system/serve-stale/ans2/ans.pl.in
create mode 100644 bin/tests/system/serve-stale/clean.sh
@ -430,7 +430,7 @@ index 3aa25e9..12f178b 100644
};
diff --git a/bin/named/query.c b/bin/named/query.c
index 0940714..882d69c 100644
index 25eeced..162e4ea 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -125,10 +125,14 @@
@ -733,7 +733,7 @@ index 0940714..882d69c 100644
(!PARTIALANSWER(client) || WANTRECURSION(client)
|| eresult == DNS_R_DROP)) {
diff --git a/bin/named/server.c b/bin/named/server.c
index 36e0227..73c2b47 100644
index 1f23cf0..1fa836f 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1720,7 +1720,8 @@ static bool
@ -843,7 +843,7 @@ index 36e0227..73c2b47 100644
/*
* Set supported DNSSEC algorithms.
*/
@@ -14434,3 +14478,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
@@ -14456,3 +14500,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
return (ISC_R_NOTIMPLEMENTED);
#endif
}
@ -977,7 +977,7 @@ index 36e0227..73c2b47 100644
+ return (result);
+}
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 6292bcb..fb034a7 100644
index 4b8d972..8c68737 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -300,6 +300,12 @@ init_desc(void) {
@ -1007,10 +1007,10 @@ index 8083654..d519983 100644
Print a zone's configuration.\n\
sign zone [class [view]]\n\
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index 06b073a..6ae8e5d 100644
index e14a17e..eaf32d3 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -688,6 +688,25 @@
@@ -689,6 +689,25 @@
</listitem>
</varlistentry>
@ -1052,7 +1052,7 @@ index f3f1939..9ff3f07 100644
+ exit 1
+fi
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 1e5f221..96ee63e 100644
index 22749b9..a247fd5 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \
@ -2039,10 +2039,10 @@ index 0000000..201c996
+echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 539973c..8528649 100644
index bb1e81d..6dbbfad 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4376,6 +4376,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -4381,6 +4381,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
statement in the <filename>named.conf</filename> file:
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="options.grammar.xml"/>
@ -2052,7 +2052,7 @@ index 539973c..8528649 100644
</section>
<section xml:id="options"><info><title><command>options</command> Statement Definition and
@@ -4469,6 +4472,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -4474,6 +4477,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<command>dnssec-validation</command>,
<command>max-cache-ttl</command>,
<command>max-ncache-ttl</command>,
@ -2060,7 +2060,7 @@ index 539973c..8528649 100644
<command>max-cache-size</command>, and
<command>zero-no-soa-ttl</command>.
</para>
@@ -5480,7 +5484,6 @@ options {
@@ -5485,7 +5489,6 @@ options {
</listitem>
</varlistentry>
@ -2068,7 +2068,7 @@ index 539973c..8528649 100644
<varlistentry>
<term><command>max-zone-ttl</command></term>
<listitem>
@@ -5516,6 +5519,21 @@ options {
@@ -5521,6 +5524,21 @@ options {
</listitem>
</varlistentry>
@ -2090,7 +2090,7 @@ index 539973c..8528649 100644
<varlistentry>
<term><command>serial-update-method</command></term>
<listitem>
@@ -6275,6 +6293,22 @@ options {
@@ -6280,6 +6298,22 @@ options {
</listitem>
</varlistentry>
@ -2113,7 +2113,7 @@ index 539973c..8528649 100644
<varlistentry>
<term><command>nocookie-udp-size</command></term>
<listitem>
@@ -7483,14 +7517,20 @@ options {
@@ -7501,14 +7535,20 @@ options {
<term><command>resolver-query-timeout</command></term>
<listitem>
<para>
@ -2137,7 +2137,7 @@ index 539973c..8528649 100644
</listitem>
</varlistentry>
</variablelist>
@@ -8976,6 +9016,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
@@ -8994,6 +9034,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
@ -2188,10 +2188,10 @@ index 181def7..59f6afb 100644
<entry colname="1">
<para><command>spill</command></para>
diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml
index 11c3a7c..ba3c2cc 100644
index 89a4961..80b7dee 100644
--- a/doc/arm/notes-rh-changes.xml
+++ b/doc/arm/notes-rh-changes.xml
@@ -13,6 +13,9 @@
@@ -12,6 +12,9 @@
<section xml:id="relnotes_rh_changes"><info><title>Red Hat Specific Changes</title></info>
<itemizedlist>
<listitem>
@ -2201,7 +2201,7 @@ index 11c3a7c..ba3c2cc 100644
<para>
By default, BIND now uses the random number generation functions
in the cryptographic library (i.e., OpenSSL or a PKCS#11
@@ -37,7 +40,16 @@
@@ -36,7 +39,16 @@
case <filename>/dev/random</filename> will be the default
entropy source. [RT #31459] [RT #46047]
</para>
@ -2278,7 +2278,7 @@ index e11beed..fde93c7 100644
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index bd16aec..91cedb7 100644
index eaac5ba..a89d78f 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
@ -2669,10 +2669,10 @@ index 62797db..714b78e 100644
dns_cache_flush(dns_cache_t *cache);
/*%<
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
index ae6ae36..5079053 100644
index 6f0eed0..e3917f2 100644
--- a/lib/dns/include/dns/db.h
+++ b/lib/dns/include/dns/db.h
@@ -197,6 +197,8 @@ typedef struct dns_dbmethods {
@@ -195,6 +195,8 @@ typedef struct dns_dbmethods {
dns_name_t *name);
isc_result_t (*getsize)(dns_db_t *db, dns_dbversion_t *version,
uint64_t *records, uint64_t *bytes);
@ -2681,7 +2681,7 @@ index ae6ae36..5079053 100644
} dns_dbmethods_t;
typedef isc_result_t
@@ -255,6 +257,7 @@ struct dns_dbonupdatelistener {
@@ -253,6 +255,7 @@ struct dns_dbonupdatelistener {
#define DNS_DBFIND_FORCENSEC3 0x0080
#define DNS_DBFIND_ADDITIONALOK 0x0100
#define DNS_DBFIND_NOZONECUT 0x0200
@ -2689,7 +2689,7 @@ index ae6ae36..5079053 100644
/*@}*/
/*@{*/
@@ -1685,6 +1688,38 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name);
@@ -1683,6 +1686,38 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name);
* \li 'db' is a valid database
* \li 'node' and 'name' are not NULL
*/
@ -2783,7 +2783,7 @@ index 5295d8e..97071ed 100644
/*%
* _OMITDNSSEC:
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 6da41b7..7b397cb 100644
index 0b66c75..4b4b6bd 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name);
@ -2883,7 +2883,7 @@ index c849dec..647ca2a 100644
#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')
diff --git a/lib/dns/master.c b/lib/dns/master.c
index 2a87bca..ac4bb19 100644
index 8edd732..8c9f00e 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) {
@ -2979,10 +2979,10 @@ index 13d1a3e..873b694 100644
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_buffer_usedregion(&buffer, &r);
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 68e6a89..d8b5c60 100644
index 02f2c84..fda991d 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -488,6 +488,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
@@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_NONEXISTENT 0x0001
@ -2990,7 +2990,7 @@ index 68e6a89..d8b5c60 100644
#define RDATASET_ATTR_STALE 0x0002
#define RDATASET_ATTR_IGNORE 0x0004
#define RDATASET_ATTR_RETAIN 0x0008
@@ -500,6 +501,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
@@ -502,6 +503,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_CASESET 0x0400
#define RDATASET_ATTR_ZEROTTL 0x0800
#define RDATASET_ATTR_CASEFULLYLOWER 0x1000
@ -2999,7 +2999,7 @@ index 68e6a89..d8b5c60 100644
typedef struct acache_cbarg {
dns_rdatasetadditional_t type;
@@ -550,6 +553,8 @@ struct acachectl {
@@ -552,6 +555,8 @@ struct acachectl {
(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
#define CASEFULLYLOWER(header) \
(((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0)
@ -3008,7 +3008,7 @@ index 68e6a89..d8b5c60 100644
#define ACTIVE(header, now) \
@@ -609,6 +614,12 @@ typedef enum {
@@ -611,6 +616,12 @@ typedef enum {
expire_flush
} expire_t;
@ -3021,7 +3021,7 @@ index 68e6a89..d8b5c60 100644
typedef struct rbtdb_version {
/* Not locked */
rbtdb_serial_t serial;
@@ -676,6 +687,12 @@ struct dns_rbtdb {
@@ -678,6 +689,12 @@ struct dns_rbtdb {
dns_dbnode_t *soanode;
dns_dbnode_t *nsnode;
@ -3034,7 +3034,7 @@ index 68e6a89..d8b5c60 100644
/*
* This is a linked list used to implement the LRU cache. There will
* be node_lock_count linked lists here. Nodes in bucket 1 will be
@@ -719,6 +736,8 @@ struct dns_rbtdb {
@@ -721,6 +738,8 @@ struct dns_rbtdb {
#define RBTDB_ATTR_LOADED 0x01
#define RBTDB_ATTR_LOADING 0x02
@ -3043,7 +3043,7 @@ index 68e6a89..d8b5c60 100644
/*%
* Search Context
*/
@@ -1784,15 +1803,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
@@ -1791,15 +1810,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
}
static inline void
@ -3063,7 +3063,7 @@ index 68e6a89..d8b5c60 100644
header->node->dirty = 1;
/*
@@ -1833,8 +1852,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
@@ -1840,8 +1859,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
/*
* If current is nonexistent or stale, we can clean it up.
*/
@ -3074,7 +3074,7 @@ index 68e6a89..d8b5c60 100644
if (top_prev != NULL)
top_prev->next = current->next;
else
@@ -2079,6 +2098,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
@@ -2086,6 +2105,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
}
}
@ -3155,7 +3155,7 @@ index 68e6a89..d8b5c60 100644
/*
* Caller must be holding the node lock.
*/
@@ -3316,6 +3409,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
@@ -3313,6 +3406,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
rdataset->attributes |= DNS_RDATASETATTR_OPTOUT;
if (PREFETCH(header))
rdataset->attributes |= DNS_RDATASETATTR_PREFETCH;
@ -3168,7 +3168,7 @@ index 68e6a89..d8b5c60 100644
rdataset->private1 = rbtdb;
rdataset->private2 = node;
raw = (unsigned char *)header + sizeof(*header);
@@ -4656,6 +4755,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4653,6 +4752,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
#endif
if (!ACTIVE(header, search->now)) {
@ -3188,7 +3188,7 @@ index 68e6a89..d8b5c60 100644
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we mark
@@ -4695,7 +4807,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4692,7 +4804,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
node->data = header->next;
free_rdataset(search->rbtdb, mctx, header);
} else {
@ -3197,7 +3197,7 @@ index 68e6a89..d8b5c60 100644
*header_prev = header;
}
} else
@@ -5133,7 +5245,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
@@ -5130,7 +5242,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
&locktype, lock, &search,
&header_prev)) {
/* Do nothing. */
@ -3206,7 +3206,7 @@ index 68e6a89..d8b5c60 100644
/*
* We now know that there is at least one active
* non-stale rdataset at this node.
@@ -5611,7 +5723,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5608,7 +5720,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
* refcurrent(rbtnode) must be non-zero. This is so
* because 'node' is an argument to the function.
*/
@ -3215,7 +3215,7 @@ index 68e6a89..d8b5c60 100644
if (log)
isc_log_write(dns_lctx, category, module,
level, "overmem cache: stale %s",
@@ -5619,7 +5731,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5616,7 +5728,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
} else if (force_expire) {
if (! RETAIN(header)) {
set_ttl(rbtdb, header, 0);
@ -3224,7 +3224,7 @@ index 68e6a89..d8b5c60 100644
} else if (log) {
isc_log_write(dns_lctx, category, module,
level, "overmem cache: "
@@ -5876,9 +5988,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
@@ -5873,9 +5985,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
* non-zero. This is so because 'node' is an
* argument to the function.
*/
@ -3236,7 +3236,7 @@ index 68e6a89..d8b5c60 100644
if (header->type == matchtype)
found = header;
else if (header->type == RBTDB_RDATATYPE_NCACHEANY ||
@@ -6170,7 +6282,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6167,7 +6279,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
topheader = topheader->next)
{
set_ttl(rbtdb, topheader, 0);
@ -3245,7 +3245,7 @@ index 68e6a89..d8b5c60 100644
}
goto find_header;
}
@@ -6228,7 +6340,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6225,7 +6337,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* ncache entry.
*/
set_ttl(rbtdb, topheader, 0);
@ -3254,7 +3254,7 @@ index 68e6a89..d8b5c60 100644
topheader = NULL;
goto find_header;
}
@@ -6266,8 +6378,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6263,8 +6375,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
/*
@ -3268,7 +3268,7 @@ index 68e6a89..d8b5c60 100644
*/
if (rbtversion == NULL && trust < header->trust &&
(ACTIVE(header, now) || header_nx)) {
@@ -6296,6 +6411,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6293,6 +6408,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
if ((options & DNS_DBADD_EXACT) != 0)
flags |= DNS_RDATASLAB_EXACT;
@ -3279,7 +3279,7 @@ index 68e6a89..d8b5c60 100644
if ((options & DNS_DBADD_EXACTTTL) != 0 &&
newheader->rdh_ttl != header->rdh_ttl)
result = DNS_R_NOTEXACT;
@@ -6339,11 +6458,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6336,11 +6455,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
}
/*
@ -3297,7 +3297,7 @@ index 68e6a89..d8b5c60 100644
*/
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
@@ -6514,10 +6634,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6511,10 +6631,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
changed->dirty = true;
if (rbtversion == NULL) {
set_ttl(rbtdb, header, 0);
@ -3310,7 +3310,7 @@ index 68e6a89..d8b5c60 100644
}
}
if (rbtversion != NULL && !header_nx) {
@@ -8334,6 +8454,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
@@ -8331,6 +8451,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
return (result);
}
@ -3341,7 +3341,7 @@ index 68e6a89..d8b5c60 100644
static dns_dbmethods_t zone_methods = {
attach,
detach,
@@ -8379,7 +8523,9 @@ static dns_dbmethods_t zone_methods = {
@@ -8376,7 +8520,9 @@ static dns_dbmethods_t zone_methods = {
NULL,
hashsize,
nodefullname,
@ -3352,7 +3352,7 @@ index 68e6a89..d8b5c60 100644
};
static dns_dbmethods_t cache_methods = {
@@ -8427,7 +8573,9 @@ static dns_dbmethods_t cache_methods = {
@@ -8424,7 +8570,9 @@ static dns_dbmethods_t cache_methods = {
setcachestats,
hashsize,
nodefullname,
@ -3363,7 +3363,7 @@ index 68e6a89..d8b5c60 100644
};
isc_result_t
@@ -8698,7 +8846,7 @@ dns_rbtdb_create
@@ -8695,7 +8843,7 @@ dns_rbtdb_create
rbtdb->rpzs = NULL;
rbtdb->load_rpzs = NULL;
rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;
@ -3372,7 +3372,7 @@ index 68e6a89..d8b5c60 100644
/*
* Version Initialization.
*/
@@ -9116,7 +9264,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
@@ -9113,7 +9261,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
* rdatasets to work.
*/
if (NONEXISTENT(header) ||
@ -3382,7 +3382,7 @@ index 68e6a89..d8b5c60 100644
header = NULL;
break;
} else
@@ -10325,7 +10474,7 @@ static inline bool
@@ -10322,7 +10471,7 @@ static inline bool
need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {
if ((header->attributes &
(RDATASET_ATTR_NONEXISTENT |
@ -3391,7 +3391,7 @@ index 68e6a89..d8b5c60 100644
RDATASET_ATTR_ZEROTTL)) != 0)
return (false);
@@ -10431,7 +10580,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
@@ -10428,7 +10577,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
bool tree_locked, expire_t reason)
{
set_ttl(rbtdb, header, 0);
@ -3401,7 +3401,7 @@ index 68e6a89..d8b5c60 100644
/*
* Caller must hold the node (write) lock.
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 8db9845..9f65c05 100644
index 337a2f3..24e14d2 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -141,16 +141,17 @@
@ -3434,18 +3434,19 @@ index 8db9845..9f65c05 100644
#endif
/* The default maximum number of recursions to follow before giving up. */
@@ -497,6 +498,10 @@ struct dns_resolver {
unsigned int maxqueries;
isc_result_t quotaresp[2];
+ /* Additions for serve-stale feature. */
@@ -515,6 +516,11 @@ struct dns_resolver {
dns_fetch_t * primefetch;
/* Locked by nlock. */
unsigned int nfctx;
+
+ /* Unlocked. Additions for serve-stale feature. */
+ unsigned int retryinterval; /* in milliseconds */
+ unsigned int nonbackofftries;
+
/* Locked by lock. */
unsigned int references;
bool exiting;
@@ -1620,14 +1625,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
};
#define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
@@ -1625,14 +1631,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
unsigned int seconds;
unsigned int us;
@ -3464,7 +3465,7 @@ index 8db9845..9f65c05 100644
/*
* Add a fudge factor to the expected rtt based on the current
@@ -4489,7 +4492,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
@@ -4494,7 +4498,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
/*
* Compute an expiration time for the entire fetch.
*/
@ -3474,7 +3475,7 @@ index 8db9845..9f65c05 100644
iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
if (iresult != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -8977,6 +8981,8 @@ dns_resolver_create(dns_view_t *view,
@@ -8983,6 +8988,8 @@ dns_resolver_create(dns_view_t *view,
res->spillattimer = NULL;
res->zspill = 0;
res->zero_no_soa_ttl = false;
@ -3483,7 +3484,7 @@ index 8db9845..9f65c05 100644
res->query_timeout = DEFAULT_QUERY_TIMEOUT;
res->maxdepth = DEFAULT_RECURSION_DEPTH;
res->maxqueries = DEFAULT_MAX_QUERIES;
@@ -10304,17 +10310,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
@@ -10317,17 +10324,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
}
void
@ -3512,7 +3513,7 @@ index 8db9845..9f65c05 100644
}
void
@@ -10411,3 +10420,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
@@ -10424,3 +10434,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
return (resolver->quotaresp[which]);
}
@ -3578,7 +3579,7 @@ index 0b9620c..331992e 100644
/*
diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c
index 35cf21d..bf39545 100644
index 2849775..812f750 100644
--- a/lib/dns/tests/db_test.c
+++ b/lib/dns/tests/db_test.c
@@ -28,8 +28,9 @@
@ -3809,7 +3810,7 @@ index 35cf21d..bf39545 100644
_setup, _teardown),
cmocka_unit_test_setup_teardown(dbtype_test,
diff --git a/lib/dns/view.c b/lib/dns/view.c
index a1a4301..abf6a4c 100644
index 0fca1d9..55ede81 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
@ -3823,7 +3824,7 @@ index a1a4301..abf6a4c 100644
view->maxbits = 0;
view->v4_aaaa = dns_aaaa_ok;
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 7bad989..bbf4b45 100644
index 91693b5..5771774 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1778,6 +1778,7 @@ view_clauses[] = {
@ -3854,5 +3855,5 @@ index 7bad989..bbf4b45 100644
{ "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP },
{ "transfer-format", &cfg_type_transferformat, 0 },
--
2.21.0
2.21.1

222
bind-9.3.2b1-fix_sdb_ldap.patch
View File

@ -1,5 +1,5 @@
diff --git a/bin/sdb_tools/Makefile.in b/bin/sdb_tools/Makefile.in
index 95ab742..6069f09 100644
index 95ab742..5059a17 100644
--- a/bin/sdb_tools/Makefile.in
+++ b/bin/sdb_tools/Makefile.in
@@ -32,11 +32,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
@ -7,49 +7,46 @@ index 95ab742..6069f09 100644
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@
-TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@
+TARGETS = zone2ldap@EXEEXT@ ldap2zone@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@
+TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@ zone2sqlite@EXEEXT@ ldap2zone@EXEEXT@
-OBJS = zone2ldap.@O@ zonetodb.@O@ zone2sqlite.@O@
+OBJS = zone2ldap.@O@ ldap2zone.@O@ zonetodb.@O@ zone2sqlite.@O@
+OBJS = zone2ldap.@O@ zonetodb.@O@ zone2sqlite.@O@ ldap2zone.@O@
-SRCS = zone2ldap.c zonetodb.c zone2sqlite.c
+SRCS = zone2ldap.c ldap2zone.c zonetodb.c zone2sqlite.c
+SRCS = zone2ldap.c zonetodb.c zone2sqlite.c ldap2zone.c
MANPAGES = zone2ldap.1
@@ -53,6 +53,9 @@ zonetodb@EXEEXT@: zonetodb.@O@ ${DEPLIBS}
zone2sqlite@EXEEXT@: zone2sqlite.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ zone2sqlite.@O@ -lsqlite3 -lssl ${LIBS}
@@ -47,6 +47,9 @@ EXT_CFLAGS =
zone2ldap@EXEEXT@: zone2ldap.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.@O@ -lldap -llber ${LIBS}
+ldap2zone@EXEEXT@: ldap2zone.@O@ ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ldap2zone.@O@ -lldap -llber ${LIBS}
+
clean distclean manclean maintainer-clean::
rm -f ${TARGETS} ${OBJS}
zonetodb@EXEEXT@: zonetodb.@O@ ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zonetodb.@O@ -lpq ${LIBS}
@@ -62,6 +65,7 @@ installdirs:
install:: ${TARGETS} installdirs
@@ -64,4 +67,5 @@ install:: ${TARGETS} installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb@EXEEXT@ ${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir}
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ldap2zone@EXEEXT@ ${DESTDIR}${sbindir}
${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c
index aa2c711..76186b5 100644
index e0e9207..d59936c 100644
--- a/bin/sdb_tools/zone2ldap.c
+++ b/bin/sdb_tools/zone2ldap.c
@@ -66,6 +66,9 @@ ldap_info;
/* usage Info */
void usage (void);
@@ -73,7 +73,7 @@ void add_ldap_values (ldap_info * ldinfo);
void init_ldap_conn (void);
+/* Check for existence of (and possibly add) containing dNSZone objects */
+int lookup_dns_zones( ldap_info *ldinfo);
+
/* Add to the ldap dit */
void add_ldap_values (ldap_info * ldinfo);
/* Ldap error checking */
-void ldap_result_check (const char *msg, char *dn, int err);
+void ldap_result_check (const char *msg, const char *dn, int err);
@@ -82,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
/* Put a hostname into a char ** array */
char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
@@ -82,7 +82,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags);
int get_attr_list_size (char **tmp);
/* Get a DN */
@ -58,7 +55,7 @@ index aa2c711..76186b5 100644
/* Add to RR list */
void add_to_rr_list (char *dn, char *name, char *type, char *data,
@@ -104,11 +107,27 @@ void
@@ -104,11 +104,26 @@ void
init_ldap_conn ();
void usage();
@ -87,11 +84,19 @@ index aa2c711..76186b5 100644
+static char *objectClasses []= { &(topClass[0]), &(dNSZoneClass[0]), NULL };
+static char *topObjectClasses []= { &(topClass[0]), &(dcObjectClass[0]), &(dNSZoneClass[0]), NULL };
+static char *dn_buffer [64]={NULL};
+
LDAP *conn;
unsigned int debug = 0;
@@ -132,12 +151,12 @@ main (int argc, char **argv)
@@ -120,7 +135,7 @@ static void
fatal(const char *msg) {
perror(msg);
if (conn != NULL)
- ldap_unbind_s(conn);
+ ldap_unbind_ext_s(conn, NULL, NULL);
exit(1);
}
@@ -132,12 +147,13 @@ main (int argc, char **argv)
isc_result_t result;
char *basedn;
ldap_info *tmp;
@ -102,12 +107,12 @@ index aa2c711..76186b5 100644
isc_buffer_t buff;
char *zonefile=0L;
char fullbasedn[1024];
- char *ctmp;
+ char *ctmp, *zn, *dcp[2], *znp[2], *rdn[2];
char *ctmp;
+ char *zn, *dcp[2], *znp[2], *rdn[2];
dns_fixedname_t fixedzone, fixedname;
dns_rdataset_t rdataset;
char **dc_list;
@@ -150,7 +169,7 @@ main (int argc, char **argv)
@@ -150,7 +166,7 @@ main (int argc, char **argv)
extern char *optarg;
extern int optind, opterr, optopt;
int create_base = 0;
@ -116,7 +121,7 @@ index aa2c711..76186b5 100644
if (argc < 2)
{
@@ -158,7 +177,7 @@ main (int argc, char **argv)
@@ -158,7 +174,7 @@ main (int argc, char **argv)
exit (-1);
}
@ -125,7 +130,7 @@ index aa2c711..76186b5 100644
{
switch (topt)
{
@@ -181,6 +200,9 @@ main (int argc, char **argv)
@@ -181,6 +197,9 @@ main (int argc, char **argv)
if (bindpw == NULL)
fatal("strdup");
break;
@ -135,35 +140,27 @@ index aa2c711..76186b5 100644
case 'b':
ldapbase = strdup (optarg);
if (ldapbase == NULL)
@@ -300,27 +322,62 @@ main (int argc, char **argv)
{
if (debug)
@@ -302,17 +321,51 @@ main (int argc, char **argv)
printf ("Creating base zone DN %s\n", argzone);
-
+
dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP);
- basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC);
- for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
+ basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC, argzone);
+ if (debug)
+ printf ("base DN %s\n", basedn);
+
- for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
+ for (ctmp = &basedn[strlen (basedn)], dcn=0; ctmp >= &basedn[0]; ctmp--)
{
- if ((*ctmp == ',') || (ctmp == &basedn[0]))
+ if ((*ctmp == ',') || (ctmp == &basedn[0]))
if ((*ctmp == ',') || (ctmp == &basedn[0]))
{
+
base.mod_op = LDAP_MOD_ADD;
- base.mod_type = (char*)"objectClass";
- base.mod_values = (char**)topObjectClasses;
+ base.mod_type = objectClass;
+ base.mod_values = topObjectClasses;
base.mod_values = (char**)topObjectClasses;
base_attrs[0] = (void*)&base;
- base_attrs[1] = NULL;
-
+
+
+ dcBase.mod_op = LDAP_MOD_ADD;
+ dcBase.mod_type = dc;
+ dcp[0]=dc_list[dcn];
@ -172,13 +169,13 @@ index aa2c711..76186b5 100644
+ base_attrs[1] = (void*)&dcBase;
+
+ znBase.mod_op = LDAP_MOD_ADD;
+ znBase.mod_type = zoneName;
+ znBase.mod_type = zoneName;
+ for( zdn = dcn, znlen = 0; zdn >= 0; zdn-- )
+ znlen += strlen(dc_list[zdn])+1;
+ znp[0] = (char*)malloc(znlen+1);
+ znp[1] = 0L;
+ for( zdn = dcn, zn=znp[0]; zdn >= 0; zdn-- )
+ zn+=sprintf(zn,"%s%s",dc_list[zdn],
+ for( zdn = dcn, zn=znp[0]; zdn >= 0; zdn-- )
+ zn+=sprintf(zn,"%s%s",dc_list[zdn],
+ ((zdn > 0) && (*(dc_list[zdn-1])!='.')) ? "." : ""
+ );
+
@ -191,24 +188,15 @@ index aa2c711..76186b5 100644
+ rdn[1] = 0L;
+ rdnBase.mod_values = rdn;
+ base_attrs[3] = (void*)&rdnBase;
+
+
+ dcn++;
+
+ base.mod_values = topObjectClasses;
+ base_attrs[4] = NULL;
+
+ base_attrs[4] = NULL;
if (ldapbase)
{
if (ctmp != &basedn[0])
sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase);
else
- sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
-
+ sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
}
else
{
@@ -329,8 +386,13 @@ main (int argc, char **argv)
@@ -329,6 +382,10 @@ main (int argc, char **argv)
else
sprintf (fullbasedn, "%s", ctmp);
}
@ -217,12 +205,9 @@ index aa2c711..76186b5 100644
+ printf("Full base dn: %s\n", fullbasedn);
+
result = ldap_add_s (conn, fullbasedn, base_attrs);
ldap_result_check ("intial ldap_add_s", fullbasedn, result);
+
ldap_result_check ("initial ldap_add_s", fullbasedn, result);
}
}
@@ -408,14 +470,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
@@ -408,14 +465,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl)
isc_result_check (result, "dns_rdata_totext");
data[isc_buffer_usedlength (&buff)] = 0;
@ -240,7 +225,7 @@ index aa2c711..76186b5 100644
}
@@ -455,7 +517,8 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -455,7 +512,8 @@ add_to_rr_list (char *dn, char *name, char *type,
int attrlist;
char ldap_type_buffer[128];
char charttl[64];
@ -250,7 +235,7 @@ index aa2c711..76186b5 100644
if ((tmp = locate_by_dn (dn)) == NULL)
{
@@ -482,13 +545,13 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -482,10 +540,10 @@ add_to_rr_list (char *dn, char *name, char *type,
fatal("malloc");
}
tmp->attrs[0]->mod_op = LDAP_MOD_ADD;
@ -262,12 +247,8 @@ index aa2c711..76186b5 100644
+ tmp->attrs[0]->mod_values = objectClasses;
else
{
- tmp->attrs[0]->mod_values = (char**)topObjectClasses;
+ tmp->attrs[0]->mod_values =topObjectClasses;
tmp->attrs[1] = NULL;
tmp->attrcnt = 2;
tmp->next = ldap_info_base;
@@ -497,7 +560,7 @@ add_to_rr_list (char *dn, char *name, char *type,
tmp->attrs[0]->mod_values = (char**)topObjectClasses;
@@ -497,7 +555,7 @@ add_to_rr_list (char *dn, char *name, char *type,
}
tmp->attrs[1]->mod_op = LDAP_MOD_ADD;
@ -276,7 +257,7 @@ index aa2c711..76186b5 100644
tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2);
if (tmp->attrs[1]->mod_values == (char **)NULL)
@@ -526,7 +589,7 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -526,7 +584,7 @@ add_to_rr_list (char *dn, char *name, char *type,
fatal("strdup");
tmp->attrs[3]->mod_op = LDAP_MOD_ADD;
@ -285,16 +266,16 @@ index aa2c711..76186b5 100644
tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2);
if (tmp->attrs[3]->mod_values == (char **)NULL)
@@ -539,14 +602,25 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -539,14 +597,25 @@ add_to_rr_list (char *dn, char *name, char *type,
if (tmp->attrs[3]->mod_values[0] == NULL)
fatal("strdup");
+ znlen=strlen(gbl_zone);
+ if ( *(gbl_zone + (znlen-1)) == '.' )
+ znlen=strlen(gbl_zone);
+ if ( gbl_zone[znlen-1] == '.' )
+ { /* ldapdb MUST search by relative zone name */
+ zn = (char*)malloc(znlen);
+ strncpy(zn,gbl_zone,znlen-1);
+ *(zn + (znlen-1))='\0';
+ memcpy(zn, gbl_zone, znlen-1);
+ zn[znlen-1]='\0';
+ }else
+ {
+ zn = gbl_zone;
@ -313,7 +294,7 @@ index aa2c711..76186b5 100644
tmp->attrs[4]->mod_values[1] = NULL;
tmp->attrs[5] = NULL;
@@ -557,7 +631,7 @@ add_to_rr_list (char *dn, char *name, char *type,
@@ -557,7 +626,7 @@ add_to_rr_list (char *dn, char *name, char *type,
else
{
@ -322,7 +303,7 @@ index aa2c711..76186b5 100644
{
sprintf (ldap_type_buffer, "%sRecord", type);
if (!strncmp
@@ -631,44 +705,70 @@ char **
@@ -631,44 +700,70 @@ char **
hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
{
char *tmp;
@ -382,10 +363,10 @@ index aa2c711..76186b5 100644
+ {
+ if( hname == 0 )
+ hname=strdup(hostname);
+ last = strdup(sameZone);
+ last = strdup(sameZone);
+ }else
+ {
+ if( (hlen < zlen)
+ {
+ if( (hlen < zlen)
+ ||( strcmp( hostname + (hlen - zlen), zone ) != 0)
+ )
+ {
@ -422,7 +403,7 @@ index aa2c711..76186b5 100644
+ *tmp = '\0';
+ if( tmp == hname )
+ break;
+ }
+ }
+ }
+ if( ( last != hname ) && (tmp != hname) )
+ dn_buffer[i++] = hname;
@ -430,7 +411,7 @@ index aa2c711..76186b5 100644
dn_buffer[i] = NULL;
return dn_buffer;
@@ -680,24 +780,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
@@ -680,30 +775,38 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags)
* exception of "@"/SOA. */
char *
@ -439,19 +420,21 @@ index aa2c711..76186b5 100644
{
int size;
- int x;
- static char dn[1024];
- char tmp[128];
+ int x, znlen;
static char dn[1024];
char tmp[128];
+ static char dn[DNS_NAME_MAXTEXT*3/2];
+ char tmp[DNS_NAME_MAXTEXT*3/2];
+ char zn[DNS_NAME_MAXTEXT+1];
bzero (tmp, sizeof (tmp));
bzero (dn, sizeof (dn));
size = get_attr_list_size (dc_list);
+ znlen = strlen(zone);
+ if ( *(zone + (znlen-1)) == '.' )
+ if ( zone[znlen-1] == '.' )
+ { /* ldapdb MUST search by relative zone name */
+ memcpy(&(zn[0]),zone,znlen-1);
+ *(zn + (znlen-1))='\0';
+ zn[znlen-1]='\0';
+ zone = zn;
+ }
for (x = size - 2; x > 0; x--)
@ -460,40 +443,47 @@ index aa2c711..76186b5 100644
{
if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl))
- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%u,", dc_list[x], ttl);
+ sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
+ snprintf (tmp, sizeof(tmp), "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
else if (x == (size - 2))
- sprintf(tmp, "relativeDomainName=%s,",dc_list[x]);
+ sprintf(tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
+ snprintf(tmp, sizeof(tmp), "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]);
else
sprintf(tmp,"dc=%s,", dc_list[x]);
- sprintf(tmp,"dc=%s,", dc_list[x]);
+ snprintf(tmp, sizeof(tmp), "dc=%s,", dc_list[x]);
}
@@ -723,6 +831,7 @@ void
init_ldap_conn ()
{
int result;
+ char ldb_tag[]="LDAP Bind";
conn = ldap_open (ldapsystem, LDAP_PORT);
if (conn == NULL)
else
{
@@ -732,7 +841,7 @@ init_ldap_conn ()
- sprintf(tmp, "dc=%s,", dc_list[x]);
+ snprintf(tmp, sizeof(tmp), "dc=%s,", dc_list[x]);
}
@@ -732,19 +835,18 @@ init_ldap_conn ()
}
result = ldap_simple_bind_s (conn, binddn, bindpw);
- ldap_result_check ("ldap_simple_bind_s", (char*)"LDAP Bind", result);
+ ldap_result_check ("ldap_simple_bind_s", ldb_tag , result);
+ ldap_result_check ("ldap_simple_bind_s", "LDAP Bind", result);
}
/* Like isc_result_check, only for LDAP */
@@ -749,8 +858,6 @@ ldap_result_check (const char *msg, char *dn, int err)
void
-ldap_result_check (const char *msg, char *dn, int err)
+ldap_result_check (const char *msg, const char *dn, int err)
{
if ((err != LDAP_SUCCESS) && (err != LDAP_ALREADY_EXISTS))
{
- fprintf(stderr, "Error while adding %s (%s):\n",
- dn, msg);
- ldap_perror (conn, dn);
- ldap_unbind_s (conn);
+ fprintf(stderr, "Error while adding %s (%s):\n%s",
+ dn, msg, ldap_err2string(err));
+ ldap_unbind_ext_s (conn, NULL, NULL);
exit (-1);
}
}
-
-
/* For running the ldap_info run queue. */
void
add_ldap_values (ldap_info * ldinfo)
@@ -758,14 +865,14 @@ add_ldap_values (ldap_info * ldinfo)
@@ -758,16 +860,15 @@ add_ldap_values (ldap_info * ldinfo)
int result;
char dnbuffer[1024];
@ -505,12 +495,14 @@ index aa2c711..76186b5 100644
result = ldap_add_s (conn, dnbuffer, ldinfo->attrs);
- ldap_result_check ("ldap_add_s", dnbuffer, result);
-}
+ ldap_result_check ("ldap_add_s", dnbuffer, result);
+
}
+}
@@ -776,5 +883,5 @@ void
@@ -776,5 +877,5 @@ void
usage ()
{
fprintf (stderr,

19
bind.spec
View File

@ -55,16 +55,16 @@
#
# lib*.so.X versions of selected libraries
%global sover_dns 1107
%global sover_isc 1104
%global sover_dns 1110
%global sover_isc 1105
%global sover_irs 161
%global sover_isccfg 163
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.11.14
Release: 5%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Version: 9.11.17
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -165,10 +165,6 @@ Patch177: bind-9.11-serve-stale.patch
Patch178: bind-9.11-serve-stale-dbfix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1736762
Patch183: bind-9.11-rh1736762-5.patch
Patch184: bind-9.11-rh1736762-6.patch
Patch185: bind-9.11-rh1736762-7.patch
Patch186: bind-9.11-rh1736762-8.patch
Patch187: bind-9.11-oot-gen.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -569,10 +565,6 @@ are used for building ISC DHCP.
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .rh1770492
%patch183 -p1 -b .rh1736762-5
%patch184 -p1 -b .rh1736762-6
%patch185 -p1 -b .rh1736762-7
%patch186 -p1 -b .rh1736762-8
%patch187 -p1 -b .oot-gen
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1609,6 +1601,9 @@ fi;
%changelog
* Tue Mar 31 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.17-1
- Update to 9.11.17
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.14-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.14.tar.gz) = fc7729e780e44c3c4e50059032fdae2af3d0e07b492b5088b2fefc15354829d3c9a83fab4f2ecaa9323cd7a37b1f7eb94890c149ba1df5c4fbea7a145095cbe9
SHA512 (bind-9.11.14.tar.gz.asc) = fd28a1ebd4adf8c2854de434cc6f5f4d47d982eaad73fbb42dce8df97f7b069feb6e7c374178e203a07fff83f2cd021dfd10fb77dd6e8c5201ee4d299df98b89
SHA512 (bind-9.11.17.tar.gz) = 0c5aebd9763fdf61709d347abc79c898f62bcc6bc19bcae0e355804cfee3fd24d7054ebb574dce1987138e4a755c4bc963afb92f920ac15223c1a738d831b652
SHA512 (bind-9.11.17.tar.gz.asc) = fb5c03facaf8530bf4168be6a106bc75517bb4b45e164fbadd20ce9968098e43badff854ca735b14cddbeb76f8cc10cfaf7cad760b7b630639a1c9243dd7c422