rpms
/
bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Merged update from upstream sources 

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/bind.git#01c5de480b816ef4fcab8dbb15b5a71bad4d74ab
This commit is contained in:
DistroBaker 2020-10-27 19:10:10 +01:00 committed by Petr Šabata
parent 49cf061d17
commit d9c2aea4bc
10 changed files with 251 additions and 807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -116,3 +116,5 @@ bind-9.7.2b1.tar.gz
/bind-9.11.22.tar.gz.asc
/bind-9.11.23.tar.gz
/bind-9.11.23.tar.gz.asc
/bind-9.11.24.tar.gz
/bind-9.11.24.tar.gz.asc

62
bind-9.10-dist-native-pkcs11.patch
View File

@ -1,5 +1,5 @@
diff --git a/bin/Makefile.in b/bin/Makefile.in
index f0c504a..ce7a2da 100644
index a18b222..26a7e4e 100644
--- a/bin/Makefile.in
+++ b/bin/Makefile.in
@@ -11,8 +11,8 @@ srcdir = @srcdir@
@ -14,7 +14,7 @@ index f0c504a..ce7a2da 100644
@BIND9_MAKE_RULES@
diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in
index 4b8ca13..32f4470 100644
index 390aa0c..e59a118 100644
--- a/bin/dnssec-pkcs11/Makefile.in
+++ b/bin/dnssec-pkcs11/Makefile.in
@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@
@ -130,7 +130,7 @@ index 4b8ca13..32f4470 100644
clean distclean::
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 4b8ca13..4175996 100644
index 390aa0c..851a008 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
@ -143,7 +143,7 @@ index 4b8ca13..4175996 100644
CWARNINGS =
diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in
index 70e5571..b5a4a6b 100644
index 7a490fa..1f56836 100644
--- a/bin/named-pkcs11/Makefile.in
+++ b/bin/named-pkcs11/Makefile.in
@@ -43,27 +43,27 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@
@ -268,7 +268,7 @@ index 70e5571..b5a4a6b 100644
@DLZ_DRIVER_RULES@
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 70e5571..4cfed4d 100644
index 7a490fa..3d8655f 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -48,7 +48,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
@ -281,10 +281,10 @@ index 70e5571..4cfed4d 100644
CWARNINGS =
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
index a058c91..d4b689a 100644
index 2c19e7e..8223d5e 100644
--- a/bin/pkcs11/Makefile.in
+++ b/bin/pkcs11/Makefile.in
@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@
@@ -13,13 +13,13 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
@ -302,10 +302,10 @@ index a058c91..d4b689a 100644
DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.ac b/configure.ac
index 9b7d778..59ba20b 100644
index c6715b4..8144268 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1139,12 +1139,14 @@ AC_SUBST(USE_GSSAPI)
@@ -1176,12 +1176,14 @@ AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS"
@ -320,24 +320,26 @@ index 9b7d778..59ba20b 100644
#
# was --with-randomdev specified?
@@ -1494,11 +1496,11 @@ AC_ARG_ENABLE(openssl-hash,
@@ -1554,12 +1556,12 @@ AC_ARG_ENABLE(openssl-hash,
AC_MSG_CHECKING(for OpenSSL library)
OPENSSL_WARNING=
openssldirs="/usr /usr/local /usr/local/ssl /opt/local /usr/pkg /usr/sfw"
-if test "yes" = "$want_native_pkcs11"
-then
- use_openssl="native_pkcs11"
- want_openssl_hash="no"
- AC_MSG_RESULT(use of native PKCS11 instead)
-fi
+# if test "yes" = "$want_native_pkcs11"
+# then
+# use_openssl="native_pkcs11"
+# AC_MSG_RESULT(use of native PKCS11 instead)
+# fi
+#if test "yes" = "$want_native_pkcs11"
+#then
+# use_openssl="native_pkcs11"
+# want_openssl_hash="no"
+# AC_MSG_RESULT(use of native PKCS11 instead)
+#fi
if test "auto" = "$use_openssl"
then
@@ -1511,6 +1513,7 @@ then
@@ -1572,6 +1574,7 @@ then
fi
done
fi
@ -345,7 +347,7 @@ index 9b7d778..59ba20b 100644
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
@@ -1532,11 +1535,10 @@ case "$with_gost" in
@@ -1593,11 +1596,10 @@ case "$with_gost" in
;;
esac
@ -360,7 +362,7 @@ index 9b7d778..59ba20b 100644
CRYPTOLIB="pkcs11"
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
@@ -1546,7 +1548,9 @@ case "$use_openssl" in
@@ -1607,7 +1609,9 @@ case "$use_openssl" in
OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
@ -371,7 +373,7 @@ index 9b7d778..59ba20b 100644
no)
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
@@ -1578,7 +1582,7 @@ case "$use_openssl" in
@@ -1639,7 +1643,7 @@ case "$use_openssl" in
If you do not want OpenSSL, use --without-openssl])
;;
*)
@ -380,7 +382,7 @@ index 9b7d778..59ba20b 100644
then
AC_MSG_RESULT()
AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
@@ -2006,6 +2010,7 @@ AC_SUBST(OPENSSL_ED25519)
@@ -2067,6 +2071,7 @@ AC_SUBST(OPENSSL_ED25519)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -388,7 +390,7 @@ index 9b7d778..59ba20b 100644
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
if test "yes" = "$with_aes"
@@ -2291,6 +2296,7 @@ esac
@@ -2353,6 +2358,7 @@ esac
AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO)
@ -396,7 +398,7 @@ index 9b7d778..59ba20b 100644
AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_ED25519)
@@ -5405,8 +5411,11 @@ AC_CONFIG_FILES([
@@ -5501,8 +5507,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile
bin/dig/Makefile
bin/dnssec/Makefile
@ -408,7 +410,7 @@ index 9b7d778..59ba20b 100644
bin/nsupdate/Makefile
bin/pkcs11/Makefile
bin/python/Makefile
@@ -5479,6 +5488,10 @@ AC_CONFIG_FILES([
@@ -5575,6 +5584,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
lib/dns/tests/Makefile
@ -419,7 +421,7 @@ index 9b7d778..59ba20b 100644
lib/irs/Makefile
lib/irs/include/Makefile
lib/irs/include/irs/Makefile
@@ -5503,6 +5516,24 @@ AC_CONFIG_FILES([
@@ -5599,6 +5612,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile
@ -445,7 +447,7 @@ index 9b7d778..59ba20b 100644
lib/isccc/include/Makefile
lib/isccc/include/isccc/Makefile
diff --git a/lib/Makefile.in b/lib/Makefile.in
index 81270a0..bcb5312 100644
index f089bea..3ed939b 100644
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@
@ -458,7 +460,7 @@ index 81270a0..bcb5312 100644
@BIND9_MAKE_RULES@
diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
index 7f09bd6..c388d9e 100644
index 8fc4e94..5eefb14 100644
--- a/lib/dns-pkcs11/Makefile.in
+++ b/lib/dns-pkcs11/Makefile.in
@@ -26,17 +26,16 @@ VERSION=@BIND9_VERSION@
@ -533,7 +535,7 @@ index 7f09bd6..c388d9e 100644
rm -f include/dns/rdatastruct.h
rm -f dnstap.pb-c.c dnstap.pb-c.h
diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
index 8ad54bb..a3ecdfb 100644
index 7e3e9ce..58d7466 100644
--- a/lib/isc-pkcs11/Makefile.in
+++ b/lib/isc-pkcs11/Makefile.in
@@ -23,8 +23,8 @@ CINCLUDES = -I${srcdir}/unix/include \
@ -547,7 +549,7 @@ index 8ad54bb..a3ecdfb 100644
CWARNINGS =
# Alphabetically
@@ -103,40 +103,40 @@ version.@O@: version.c
@@ -107,40 +107,40 @@ version.@O@: version.c
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
@ -601,10 +603,10 @@ index 8ad54bb..a3ecdfb 100644
+ rm -f libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@ libisc-pkcs11.la \
+ libisc-pkcs11-nosymtbl.la timestamp
diff --git a/make/includes.in b/make/includes.in
index fa86ad1..3cfbe9f 100644
index 66efe68..966671f 100644
--- a/make/includes.in
+++ b/make/includes.in
@@ -43,3 +43,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
@@ -41,3 +41,13 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \
TEST_INCLUDES = \
-I${top_srcdir}/lib/tests/include

138
bind-9.11-fips-tests.patch
View File

@ -1,4 +1,4 @@
From da45a97312a63f815b295167c3f3abb9fe8941a3 Mon Sep 17 00:00:00 2001
From 14ad3e0b42bc999072d30268396412bec158a22d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -96,17 +96,15 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/rndc/setup.sh | 2 +-
bin/tests/system/rndc/tests.sh | 23 ++++---
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
bin/tests/system/tsig/setup.sh | 5 ++
bin/tests/system/tsig/tests.sh | 65 +++++++++++-------
bin/tests/system/tsiggss/setup.sh | 2 +-
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +-
44 files changed, 230 insertions(+), 170 deletions(-)
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
43 files changed, 220 insertions(+), 170 deletions(-)
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
index 0ea6502..026db3f 100644
index 9999ada..e3f8d0e 100644
--- a/bin/tests/system/acl/ns2/named1.conf.in
+++ b/bin/tests/system/acl/ns2/named1.conf.in
@@ -33,12 +33,12 @@ options {
@ -125,7 +123,7 @@ index 0ea6502..026db3f 100644
};
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
index b877880..d8f50be 100644
index f8ec34e..d2d6ad3 100644
--- a/bin/tests/system/acl/ns2/named2.conf.in
+++ b/bin/tests/system/acl/ns2/named2.conf.in
@@ -33,12 +33,12 @@ options {
@ -144,7 +142,7 @@ index b877880..d8f50be 100644
};
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
index 0a95062..aa54088 100644
index 2acb813..6a00344 100644
--- a/bin/tests/system/acl/ns2/named3.conf.in
+++ b/bin/tests/system/acl/ns2/named3.conf.in
@@ -33,17 +33,17 @@ options {
@ -169,7 +167,7 @@ index 0a95062..aa54088 100644
};
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
index 7cdcb6e..606a345 100644
index bca3ee1..5913420 100644
--- a/bin/tests/system/acl/ns2/named4.conf.in
+++ b/bin/tests/system/acl/ns2/named4.conf.in
@@ -33,12 +33,12 @@ options {
@ -188,7 +186,7 @@ index 7cdcb6e..606a345 100644
};
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
index 4b4e050..0e679a8 100644
index 9ef8171..5ae8d38 100644
--- a/bin/tests/system/acl/ns2/named5.conf.in
+++ b/bin/tests/system/acl/ns2/named5.conf.in
@@ -34,12 +34,12 @@ options {
@ -207,7 +205,7 @@ index 4b4e050..0e679a8 100644
};
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
index 09f31f2..f88f0d4 100644
index 2ee34a0..a73a54e 100644
--- a/bin/tests/system/acl/tests.sh
+++ b/bin/tests/system/acl/tests.sh
@@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
@ -333,7 +331,7 @@ index 09f31f2..f88f0d4 100644
echo_i "testing allow-query-on ACL processing"
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
index 1569913..e9c5c2d 100644
index a579f32..3b8f853 100644
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
@@ -12,7 +12,7 @@
@ -346,7 +344,7 @@ index 1569913..e9c5c2d 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
index 18ac91c..2b1c873 100644
index 166afa1..997ece9 100644
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
@@ -12,12 +12,12 @@
@ -365,7 +363,7 @@ index 18ac91c..2b1c873 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
index b824844..dd48945 100644
index 25271a5..a9cb65d 100644
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
@@ -12,7 +12,7 @@
@ -378,7 +376,7 @@ index b824844..dd48945 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
index aeb1540..bfce58b 100644
index c7c8254..f165e65 100644
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
@@ -12,7 +12,7 @@
@ -391,7 +389,7 @@ index aeb1540..bfce58b 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
index d4b7432..e0f5252 100644
index 567bbcc..4fd2035 100644
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
@@ -12,12 +12,12 @@
@ -410,7 +408,7 @@ index d4b7432..e0f5252 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
index c025938..87afb3f 100644
index b75161f..7b254e6 100644
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
@@ -12,7 +12,7 @@
@ -423,7 +421,7 @@ index c025938..87afb3f 100644
};
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
index d83b376..d726b94 100644
index 9e17818..22f5001 100644
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
@ -442,7 +440,7 @@ index d83b376..d726b94 100644
};
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
index fb6059d..f960156 100644
index 791a1a4..95cd971 100644
--- a/bin/tests/system/allow-query/tests.sh
+++ b/bin/tests/system/allow-query/tests.sh
@@ -190,7 +190,7 @@ rndc_reload
@ -527,7 +525,7 @@ index fb6059d..f960156 100644
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
index 74b7d37..c353766 100644
index 6856ec7..0ac1fa3 100644
--- a/bin/tests/system/catz/ns1/named.conf.in
+++ b/bin/tests/system/catz/ns1/named.conf.in
@@ -61,5 +61,5 @@ zone "catalog4.example" {
@ -538,7 +536,7 @@ index 74b7d37..c353766 100644
+ algorithm hmac-sha256;
};
diff --git a/bin/tests/system/catz/ns2/named.conf.in b/bin/tests/system/catz/ns2/named.conf.in
index ee83efb..35ced08 100644
index dd3a9dc..77b8d96 100644
--- a/bin/tests/system/catz/ns2/named.conf.in
+++ b/bin/tests/system/catz/ns2/named.conf.in
@@ -70,5 +70,5 @@ zone "catalog4.example" {
@ -549,7 +547,7 @@ index ee83efb..35ced08 100644
+ algorithm hmac-sha256;
};
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
index 21be03e..e57c308 100644
index 338dddb..90cd424 100644
--- a/bin/tests/system/checkconf/bad-tsig.conf
+++ b/bin/tests/system/checkconf/bad-tsig.conf
@@ -11,7 +11,7 @@
@ -562,7 +560,7 @@ index 21be03e..e57c308 100644
};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 09d188a..7cf4030 100644
index 2282f87..1359cf3 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -159,6 +159,6 @@ dyndb "name" "library.so" {
@ -574,7 +572,7 @@ index 09d188a..7cf4030 100644
secret "qwertyuiopasdfgh";
};
diff --git a/bin/tests/system/digdelv/ns2/example.db b/bin/tests/system/digdelv/ns2/example.db
index f4e30f5..9f53e31 100644
index b66207a..359b220 100644
--- a/bin/tests/system/digdelv/ns2/example.db
+++ b/bin/tests/system/digdelv/ns2/example.db
@@ -38,12 +38,15 @@ foo SSHFP 2 1 123456789abcdef67890123456789abcdef67890
@ -600,7 +598,7 @@ index f4e30f5..9f53e31 100644
; TTL of 3 weeks
weeks 1814400 A 10.53.0.2
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 3d1010e..fa9eb92 100644
index 2109001..ded5557 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -155,7 +155,7 @@ if [ -x "$DIG" ] ; then
@ -648,7 +646,7 @@ index 3d1010e..fa9eb92 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -799,7 +799,7 @@ if [ -x ${DELV} ] ; then
@@ -827,7 +827,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +rrcomments works for DNSKEY($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -657,7 +655,7 @@ index 3d1010e..fa9eb92 100644
check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -808,7 +808,7 @@ if [ -x ${DELV} ] ; then
@@ -836,7 +836,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works for DNSKEY ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -666,7 +664,7 @@ index 3d1010e..fa9eb92 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -816,7 +816,7 @@ if [ -x ${DELV} ] ; then
@@ -844,7 +844,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +rrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -675,7 +673,7 @@ index 3d1010e..fa9eb92 100644
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
@@ -824,7 +824,7 @@ if [ -x ${DELV} ] ; then
@@ -852,7 +852,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -684,7 +682,7 @@ index 3d1010e..fa9eb92 100644
if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 14 || ret=1
@@ -835,7 +835,7 @@ if [ -x ${DELV} ] ; then
@@ -863,7 +863,7 @@ if [ -x ${DELV} ] ; then
echo_i "checking delv +short +nosplit +norrcomments works ($n)"
ret=0
$DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
@ -694,7 +692,7 @@ index 3d1010e..fa9eb92 100644
f=`awk '{print NF}' < delv.out.test$n`
test "${f:-0}" -eq 4 || ret=1
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
index 606e7cc..a3a0d60 100755
index 14ca5db..3f522d0 100755
--- a/bin/tests/system/dlv/ns1/sign.sh
+++ b/bin/tests/system/dlv/ns1/sign.sh
@@ -23,8 +23,8 @@ infile=root.db.in
@ -709,7 +707,7 @@ index 606e7cc..a3a0d60 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
index 9825c57..202c978 100755
index d870798..b0ab372 100755
--- a/bin/tests/system/dlv/ns2/sign.sh
+++ b/bin/tests/system/dlv/ns2/sign.sh
@@ -24,8 +24,8 @@ zonefile=druz.db
@ -724,7 +722,7 @@ index 9825c57..202c978 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
index 1e39862..4ed19ac 100755
index ba39f90..f20a2dd 100755
--- a/bin/tests/system/dlv/ns6/sign.sh
+++ b/bin/tests/system/dlv/ns6/sign.sh
@@ -16,13 +16,15 @@ SYSTESTDIR=dlv
@ -911,7 +909,7 @@ index 1e39862..4ed19ac 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index 7f95c8a..3a9251b 100644
index e28b3f1..29c169b 100644
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -126,8 +126,8 @@ zone=in-addr.arpa.
@ -944,7 +942,7 @@ index 7f95c8a..3a9251b 100644
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad
index ed30460..e6b1126 100644
index 75cf699..b4d848c 100644
--- a/bin/tests/system/dnssec/ns5/trusted.conf.bad
+++ b/bin/tests/system/dnssec/ns5/trusted.conf.bad
@@ -10,5 +10,5 @@
@ -955,7 +953,7 @@ index ed30460..e6b1126 100644
+ "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV";
};
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 6f7eaa7..bd2778b 100644
index 3e8e4d5..da692f9 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3257,8 +3257,8 @@ do
@ -970,7 +968,7 @@ index 6f7eaa7..bd2778b 100644
8) size="-b 512";;
10) size="-b 1024";;
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index c1249ed..20a3139 100644
index 5e473ab..b08692e 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -19,6 +19,7 @@
@ -982,14 +980,14 @@ index c1249ed..20a3139 100644
#ifdef WIN32
@@ -47,6 +48,7 @@ usage() {
fprintf(stderr, " --have-geoip2\n");
fprintf(stderr, " --have-libxml2\n");
fprintf(stderr, " --ipv6only=no\n");
+ fprintf(stderr, " --md5\n");
fprintf(stderr, " --rpz-nsdname\n");
fprintf(stderr, " --rpz-nsip\n");
fprintf(stderr, " --with-idn\n");
@@ -155,6 +157,18 @@ main(int argc, char **argv) {
fprintf(stderr, "\t--have-geoip\n");
fprintf(stderr, "\t--have-libxml2\n");
fprintf(stderr, "\t--ipv6only=no\n");
+ fprintf(stderr, "\t--md5\n");
fprintf(stderr, "\t--rpz-log-qtype-qclass\n");
fprintf(stderr, "\t--rpz-nsdname\n");
fprintf(stderr, "\t--rpz-nsip\n");
@@ -194,6 +196,18 @@ main(int argc, char **argv) {
#endif
}
@ -1009,7 +1007,7 @@ index c1249ed..20a3139 100644
#ifdef ENABLE_RPZ_NSIP
return (0);
diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh
index f755581..4a7d890 100755
index 479f98c..4d4a765 100755
--- a/bin/tests/system/filter-aaaa/ns1/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns1/sign.sh
@@ -21,8 +21,8 @@ infile=signed.db.in
@ -1024,7 +1022,7 @@ index f755581..4a7d890 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh
index f755581..4a7d890 100755
index 479f98c..4d4a765 100755
--- a/bin/tests/system/filter-aaaa/ns4/sign.sh
+++ b/bin/tests/system/filter-aaaa/ns4/sign.sh
@@ -21,8 +21,8 @@ infile=signed.db.in
@ -1039,7 +1037,7 @@ index f755581..4a7d890 100755
cat $infile $keyname1.key $keyname2.key >$zonefile
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
index cfcfe8f..0a1614d 100644
index 157ef16..b802288 100644
--- a/bin/tests/system/notify/ns5/named.conf.in
+++ b/bin/tests/system/notify/ns5/named.conf.in
@@ -10,17 +10,17 @@
@ -1064,7 +1062,7 @@ index cfcfe8f..0a1614d 100644
};
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
index c112d2c..987b6de 100644
index f9fd3f5..916af75 100644
--- a/bin/tests/system/notify/tests.sh
+++ b/bin/tests/system/notify/tests.sh
@@ -212,16 +212,16 @@ ret=0
@ -1088,7 +1086,7 @@ index c112d2c..987b6de 100644
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index e90907a..540a984 100644
index b0ded3a..cb80269 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -32,7 +32,7 @@ controls {
@ -1101,7 +1099,7 @@ index e90907a..540a984 100644
};
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
index 4549184..cb7dccd 100644
index e6e2382..b0a94e0 100644
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
@@ -33,7 +33,7 @@ controls {
@ -1114,7 +1112,7 @@ index 4549184..cb7dccd 100644
};
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index a35b8ee..8383162 100644
index 6fbf1d7..a712b17 100644
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -53,7 +53,12 @@ EOF
@ -1132,10 +1130,10 @@ index a35b8ee..8383162 100644
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 14952c8..5c51972 100755
index 6b2c8f6..96ad95e 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -760,7 +760,14 @@ fi
@@ -788,7 +788,14 @@ fi
n=`expr $n + 1`
ret=0
echo_i "check TSIG key algorithms ($n)"
@ -1151,7 +1149,7 @@ index 14952c8..5c51972 100755
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 ${PORT}
update add ${alg}.keytests.nil. 600 A 10.10.10.3
@@ -768,7 +775,7 @@ send
@@ -796,7 +803,7 @@ send
END
done
sleep 2
@ -1161,7 +1159,7 @@ index 14952c8..5c51972 100755
done
if [ $ret -ne 0 ]; then
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
index 8521ff8..565a1d7 100644
index 2eb2cd5..36f5114 100644
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@@ -35,7 +35,7 @@ make_key () {
@ -1174,7 +1172,7 @@ index 8521ff8..565a1d7 100644
make_key 3 ${EXTRAPORT3} hmac-sha224
make_key 4 ${EXTRAPORT4} hmac-sha256
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index 57e066d..186a723 100644
index 4e25e51..cb8934c 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -348,15 +348,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
@ -1208,7 +1206,7 @@ index 57e066d..186a723 100644
n=`expr $n + 1`
echo_i "testing rndc with hmac-sha1 ($n)"
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
index fbf30c6..f61657d 100644
index 4905ffd..958d9fb 100644
--- a/bin/tests/system/tsig/ns1/named.conf.in
+++ b/bin/tests/system/tsig/ns1/named.conf.in
@@ -21,10 +21,7 @@ options {
@ -1235,24 +1233,8 @@ index fbf30c6..f61657d 100644
key "sha1-trunc" {
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
new file mode 100644
index 0000000..0682194
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
@@ -0,0 +1,10 @@
+# Conditionally included when support for MD5 is available
+key "md5" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5;
+};
+
+key "md5-trunc" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5-80;
+};
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
index 9a8ab2e..1311689 100644
index f42aa79..bfcf4a6 100644
--- a/bin/tests/system/tsig/setup.sh
+++ b/bin/tests/system/tsig/setup.sh
@@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
@ -1265,7 +1247,7 @@ index 9a8ab2e..1311689 100644
+ cat ns1/rndc5.conf.in >> ns1/named.conf
+fi
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
index 526dbca..bf359a4 100644
index ed41e1d..98c542e 100644
--- a/bin/tests/system/tsig/tests.sh
+++ b/bin/tests/system/tsig/tests.sh
@@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
@ -1356,7 +1338,7 @@ index 526dbca..bf359a4 100644
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
index 49510b4..8d8bb2a 100644
index f04c907..09da5f9 100644
--- a/bin/tests/system/tsiggss/setup.sh
+++ b/bin/tests/system/tsiggss/setup.sh
@@ -16,5 +16,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
@ -1367,7 +1349,7 @@ index 49510b4..8d8bb2a 100644
+key=`$KEYGEN -Cq -K ns1 -a DSA -b 1024 -r $RANDFILE -n HOST -T KEY key.example.nil.`
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
index e0a30cd..6a77b1c 100644
index 4ddd7a4..238f52a 100644
--- a/bin/tests/system/upforwd/ns1/named.conf.in
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
@@ -10,7 +10,7 @@
@ -1380,7 +1362,7 @@ index e0a30cd..6a77b1c 100644
};
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
index b0694bb..9adae82 100644
index 1cf8d3b..f4c3216 100644
--- a/bin/tests/system/upforwd/tests.sh
+++ b/bin/tests/system/upforwd/tests.sh
@@ -68,7 +68,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi

288
bind-9.11-rh1624100.patch
View File

@ -1,288 +0,0 @@
From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 25 Apr 2018 14:04:31 +0200
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
Fix the isc_safe_memwipe() usage with (NULL, >0)
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
---
bin/dnssec/dnssec-signzone.c | 2 +-
lib/dns/nsec3.c | 4 +-
lib/dns/spnego.c | 4 +-
lib/isc/Makefile.in | 8 +---
lib/isc/include/isc/safe.h | 18 ++------
lib/isc/safe.c | 83 ------------------------------------
lib/isc/tests/safe_test.c | 18 --------
7 files changed, 11 insertions(+), 126 deletions(-)
delete mode 100644 lib/isc/safe.c
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 6dded0c..a9c5557 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
static int
hashlist_comp(const void *a, const void *b) {
- return (isc_safe_memcompare(a, b, hash_length + 1));
+ return (memcmp(a, b, hash_length + 1));
}
static void
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 6ae7ca8..01426d6 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1963,7 +1963,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
* Work out what this NSEC3 covers.
* Inside (<0) or outside (>=0).
*/
- scope = isc_safe_memcompare(owner, nsec3.next, nsec3.next_length);
+ scope = memcmp(owner, nsec3.next, nsec3.next_length);
/*
* Prepare to compute all the hashes.
@@ -1987,7 +1987,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
return (ISC_R_IGNORE);
}
- order = isc_safe_memcompare(hash, owner, length);
+ order = memcmp(hash, owner, length);
if (first && order == 0) {
/*
* The hashes are the same.
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index ad77f24..670982a 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -371,7 +371,7 @@ gssapi_spnego_decapsulate(OM_uint32 *,
/* mod_auth_kerb.c */
-static int
+static isc_boolean_t
cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
{
unsigned char *p;
@@ -395,7 +395,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
if (((OM_uint32) *p++) != gssoid->length)
return (GSS_S_DEFECTIVE_TOKEN);
- return (isc_safe_memcompare(p, gssoid->elements, gssoid->length));
+ return (!isc_safe_memequal(p, gssoid->elements, gssoid->length));
}
/* accept_sec_context.c */
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 149552a..8529a86 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \
ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
rwlock.@O@ \
- safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
+ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
tm.@O@ timer.@O@ utf8.@O@ version.@O@ \
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
@@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
netaddr.c netscope.c pool.c ondestroy.c \
parseint.c portset.c quota.c radix.c random.c ${CHACHASRCS} \
ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
- safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
+ serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
strtoul.c symtab.c task.c taskpool.c timer.c \
tm.c utf8.c version.c
@@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@
@BIND9_MAKE_RULES@
-safe.@O@: safe.c
- ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} @CCNOOPT@ \
- -c ${srcdir}/safe.c
-
version.@O@: version.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
index 66ed08b..88b8f47 100644
--- a/lib/isc/include/isc/safe.h
+++ b/lib/isc/include/isc/safe.h
@@ -15,29 +15,19 @@
/*! \file isc/safe.h */
-#include <stdbool.h>
-
-#include <isc/types.h>
-#include <stdlib.h>
+#include <isc/lang.h>
+#include <openssl/crypto.h>
ISC_LANG_BEGINDECLS
-bool
-isc_safe_memequal(const void *s1, const void *s2, size_t n);
+#define isc_safe_memequal(s1, s2, n) !CRYPTO_memcmp(s1, s2, n)
/*%<
* Returns true iff. two blocks of memory are equal, otherwise
* false.
*
*/
-int
-isc_safe_memcompare(const void *b1, const void *b2, size_t len);
-/*%<
- * Clone of libc memcmp() which is safe to differential timing attacks.
- */
-
-void
-isc_safe_memwipe(void *ptr, size_t len);
+#define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len)
/*%<
* Clear the memory of length `len` pointed to by `ptr`.
*
diff --git a/lib/isc/safe.c b/lib/isc/safe.c
deleted file mode 100644
index 7a464b6..0000000
--- a/lib/isc/safe.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdbool.h>
-
-#include <isc/safe.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#ifdef WIN32
-#include <windows.h>
-#endif
-
-#ifdef _MSC_VER
-#pragma optimize("", off)
-#endif
-
-bool
-isc_safe_memequal(const void *s1, const void *s2, size_t n) {
- uint8_t acc = 0;
-
- if (n != 0U) {
- const uint8_t *p1 = s1, *p2 = s2;
-
- do {
- acc |= *p1++ ^ *p2++;
- } while (--n != 0U);
- }
- return (acc == 0);
-}
-
-
-int
-isc_safe_memcompare(const void *b1, const void *b2, size_t len) {
- const unsigned char *p1 = b1, *p2 = b2;
- size_t i;
- int res = 0, done = 0;
-
- for (i = 0; i < len; i++) {
- /* lt is -1 if p1[i] < p2[i]; else 0. */
- int lt = (p1[i] - p2[i]) >> CHAR_BIT;
-
- /* gt is -1 if p1[i] > p2[i]; else 0. */
- int gt = (p2[i] - p1[i]) >> CHAR_BIT;
-
- /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
- int cmp = lt - gt;
-
- /* set res = cmp if !done. */
- res |= cmp & ~done;
-
- /* set done if p1[i] != p2[i]. */
- done |= lt | gt;
- }
-
- return (res);
-}
-
-void
-isc_safe_memwipe(void *ptr, size_t len) {
- if (ISC_UNLIKELY(ptr == NULL || len == 0))
- return;
-
-#ifdef WIN32
- SecureZeroMemory(ptr, len);
-#elif HAVE_EXPLICIT_BZERO
- explicit_bzero(ptr, len);
-#else
- memset(ptr, 0, len);
-#endif
-}
diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c
index 266ac75..60e9181 100644
--- a/lib/isc/tests/safe_test.c
+++ b/lib/isc/tests/safe_test.c
@@ -45,22 +45,6 @@ isc_safe_memequal_test(void **state) {
"\x00\x00\x00\x00", 4));
}
-/* test isc_safe_memcompare() */
-static void
-isc_safe_memcompare_test(void **state) {
- UNUSED(state);
-
- assert_int_equal(isc_safe_memcompare("test", "test", 4), 0);
- assert_true(isc_safe_memcompare("test", "tesc", 4) > 0);
- assert_true(isc_safe_memcompare("test", "tesy", 4) < 0);
- assert_int_equal(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x00", 4), 0);
- assert_true(isc_safe_memcompare("\x00\x00\x00\x00",
- "\x00\x00\x00\x01", 4) < 0);
- assert_true(isc_safe_memcompare("\x00\x00\x00\x02",
- "\x00\x00\x00\x00", 4) > 0);
-}
-
/* test isc_safe_memwipe() */
static void
isc_safe_memwipe_test(void **state) {
@@ -69,7 +53,6 @@ isc_safe_memwipe_test(void **state) {
/* These should pass. */
isc_safe_memwipe(NULL, 0);
isc_safe_memwipe((void *) -1, 0);
- isc_safe_memwipe(NULL, 42);
/*
* isc_safe_memwipe(ptr, size) should function same as
@@ -108,7 +91,6 @@ main(void) {
const struct CMUnitTest tests[] = {
cmocka_unit_test(isc_safe_memequal_test),
cmocka_unit_test(isc_safe_memwipe_test),
- cmocka_unit_test(isc_safe_memcompare_test),
};
return (cmocka_run_group_tests(tests, NULL, NULL));
--
2.26.2

59
bind-9.11-rh1736762-5.patch
View File

@ -1,59 +0,0 @@
From 6257d829c9d7e71ac51bcdc6b5b981c7a19200e2 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 25 Nov 2019 05:46:55 +0000
Subject: [PATCH] Merge branch
'1373-threadsanitizer-data-race-rbtdb-c-5193-in-detachnode' into 'master'
Resolve "ThreadSanitizer: data race rbtdb.c:5193 in detachnode"
Closes #1373
See merge request isc-projects/bind9!2598
---
lib/dns/include/dns/rbt.h | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h
index 67ac3e4d8a..a084bd6193 100644
--- a/lib/dns/include/dns/rbt.h
+++ b/lib/dns/include/dns/rbt.h
@@ -49,10 +49,7 @@ ISC_LANG_BEGINDECLS
#define DNS_RBT_USEMAGIC 1
-/*
- * These should add up to 30.
- */
-#define DNS_RBT_LOCKLENGTH 10
+#define DNS_RBT_LOCKLENGTH (sizeof(((dns_rbtnode_t *)0)->locknum)*8)
#define DNS_RBT_REFLENGTH 20
#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O')
@@ -159,16 +156,15 @@ struct dns_rbtnode {
* separate region of memory.
*/
void *data;
- unsigned int :0; /* start of bitfields c/o node lock */
- unsigned int dirty:1;
- unsigned int wild:1;
- unsigned int locknum:DNS_RBT_LOCKLENGTH;
-#ifndef DNS_RBT_USEISCREFCOUNT
- unsigned int references:DNS_RBT_REFLENGTH;
-#endif
- unsigned int :0; /* end of bitfields c/o node lock */
+ uint8_t :0; /* start of bitfields c/o node lock */
+ uint8_t dirty:1;
+ uint8_t wild:1;
+ uint8_t :0; /* end of bitfields c/o node lock */
+ uint16_t locknum; /* note that this is not in the bitfield */
#ifdef DNS_RBT_USEISCREFCOUNT
- isc_refcount_t references; /* note that this is not in the bitfield */
+ isc_refcount_t references;
+#else
+ unsigned int references:DNS_RBT_REFLENGTH;
#endif
/*@}*/
};
--
2.21.0

109
bind-9.11-rt46047.patch
View File

@ -1,4 +1,4 @@
From 8a064944dc10421a387725a365650d656d2a97f1 Mon Sep 17 00:00:00 2001
From af3b530773231f8cff6548e36962ad1f25e38c5d Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 28 Sep 2017 10:09:22 -0700
Subject: [PATCH] completed and corrected the crypto-random change
@ -45,13 +45,13 @@ Subject: [PATCH] completed and corrected the crypto-random change
lib/dns/include/dst/dst.h | 14 +++++-
lib/dns/openssl_link.c | 3 +-
lib/isc/include/isc/entropy.h | 48 +++++++++++++++------
lib/isc/include/isc/random.h | 28 +++++++-----
lib/isc/include/isc/random.h | 26 +++++++----
lib/isccfg/namedconf.c | 2 +-
23 files changed, 240 insertions(+), 104 deletions(-)
23 files changed, 240 insertions(+), 102 deletions(-)
create mode 100644 doc/arm/notes-rh-changes.xml
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index 295e16f..0f79aa8 100644
index bd269e7..1ac775f 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -161,17 +161,15 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
@ -78,7 +78,7 @@ index 295e16f..0f79aa8 100644
&entropy_source,
randomfile,
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 1826919..96543fc 100644
index bd19e1d..2c09b30 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -349,15 +349,23 @@
@ -114,7 +114,7 @@ index 1826919..96543fc 100644
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 5654435..24c0d5a 100644
index 2a0f9c6..6fcd411 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@ -142,10 +142,10 @@ index 5654435..24c0d5a 100644
usekeyboard);
diff --git a/bin/named/client.c b/bin/named/client.c
index f4a5ff9..58549d3 100644
index 4a50ad9..4d140e8 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
@@ -1768,7 +1768,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_stdtime_get(&now);
@ -156,7 +156,7 @@ index f4a5ff9..58549d3 100644
compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
diff --git a/bin/named/config.c b/bin/named/config.c
index eef8181..ff868b8 100644
index 9b343fa..5e663c6 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -98,7 +98,9 @@ options {\n\
@ -171,10 +171,10 @@ index eef8181..ff868b8 100644
#endif
" recursing-file \"named.recursing\";\n\
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index d955c2f..40621f2 100644
index 9fdf49b..42128dc 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -325,9 +325,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
@@ -327,9 +327,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
static void
control_recvmessage(isc_task_t *task, isc_event_t *event) {
@ -188,7 +188,7 @@ index d955c2f..40621f2 100644
isccc_sexpr_t *request = NULL;
isccc_sexpr_t *response = NULL;
uint32_t algorithm;
@@ -338,16 +339,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
@@ -340,16 +341,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
isc_buffer_t *text;
isc_result_t result;
isc_result_t eresult;
@ -208,7 +208,7 @@ index d955c2f..40621f2 100644
algorithm = DST_ALG_UNKNOWN;
secret.rstart = NULL;
text = NULL;
@@ -458,8 +460,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
@@ -462,8 +464,11 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
* Establish nonce.
*/
if (conn->nonce == 0) {
@ -223,7 +223,7 @@ index d955c2f..40621f2 100644
} else
eresult = ns_control_docommand(request, listener->readonly, &text);
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index 3f96b7b..c92922e 100644
index 4fd0194..0ba2627 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -20,6 +20,7 @@
@ -234,7 +234,7 @@ index 3f96b7b..c92922e 100644
#include <isc/sockaddr.h>
#include <isc/types.h>
#include <isc/xml.h>
@@ -134,6 +135,7 @@ struct ns_server {
@@ -135,6 +136,7 @@ struct ns_server {
char * lockfile;
uint16_t transfer_tcp_message_size;
@ -243,7 +243,7 @@ index 3f96b7b..c92922e 100644
struct ns_altsecret {
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 9dea7c1..272d300 100644
index 93aac31..e12fad9 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -17,6 +17,7 @@
@ -255,22 +255,22 @@ index 9dea7c1..272d300 100644
#include <isc/task.h>
#include <isc/util.h>
diff --git a/bin/named/query.c b/bin/named/query.c
index 203f1e6..25eeced 100644
index 58b5914..edf42d2 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -19,6 +19,7 @@
#include <isc/hex.h>
@@ -20,6 +20,7 @@
#include <isc/mem.h>
#include <isc/platform.h>
#include <isc/print.h>
+#include <isc/random.h>
#include <isc/rwlock.h>
#include <isc/serial.h>
#include <isc/stats.h>
diff --git a/bin/named/server.c b/bin/named/server.c
index 7b3b736..4aaa92f 100644
index b2ae57c..cca7fe8 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8234,21 +8234,32 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8279,21 +8279,32 @@ load_configuration(const char *filename, ns_server_t *server,
* Open the source of entropy.
*/
if (first_time) {
@ -312,7 +312,7 @@ index 7b3b736..4aaa92f 100644
#ifdef PATH_RANDOMDEV
if (ns_g_fallbackentropy != NULL) {
level = ISC_LOG_INFO;
@@ -8259,8 +8270,8 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8304,8 +8315,8 @@ load_configuration(const char *filename, ns_server_t *server,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
level,
@ -323,7 +323,7 @@ index 7b3b736..4aaa92f 100644
randomdev,
isc_result_totext(result));
}
@@ -8280,7 +8291,6 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8325,7 +8336,6 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -331,7 +331,7 @@ index 7b3b736..4aaa92f 100644
#endif
}
@@ -9049,6 +9059,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9097,6 +9107,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->in_roothints = NULL;
server->blackholeacl = NULL;
server->keepresporder = NULL;
@ -339,7 +339,7 @@ index 7b3b736..4aaa92f 100644
/* Must be first. */
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
@@ -9075,6 +9086,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
@@ -9123,6 +9134,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
&server->tkeyctx),
"creating TKEY context");
@ -349,7 +349,7 @@ index 7b3b736..4aaa92f 100644
/*
* Setup the server task, which is responsible for coordinating
@@ -9281,7 +9295,8 @@ ns_server_destroy(ns_server_t **serverp) {
@@ -9329,7 +9343,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->zonemgr != NULL)
dns_zonemgr_detach(&server->zonemgr);
@ -359,7 +359,7 @@ index 7b3b736..4aaa92f 100644
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@@ -13316,10 +13331,10 @@ newzone_cfgctx_destroy(void **cfgp) {
@@ -13366,10 +13381,10 @@ newzone_cfgctx_destroy(void **cfgp) {
static isc_result_t
generate_salt(unsigned char *salt, size_t saltlen) {
@ -372,7 +372,7 @@ index 7b3b736..4aaa92f 100644
} rnd;
unsigned char text[512 + 1];
isc_region_t r;
@@ -13329,9 +13344,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
@@ -13379,9 +13394,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
if (saltlen > 256U)
return (ISC_R_RANGE);
@ -387,10 +387,10 @@ index 7b3b736..4aaa92f 100644
memmove(salt, rnd.rnd, saltlen);
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 2436731..6f59456 100644
index 7f15cbc..458aa76 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -284,9 +284,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -289,9 +289,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
}
#ifdef ISC_PLATFORM_CRYPTORANDOM
@ -402,7 +402,7 @@ index 2436731..6f59456 100644
}
#endif
diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
index f0a6ff2..55064f6 100644
index 95b65bf..7a81d4e 100644
--- a/bin/tests/system/pipelined/pipequeries.c
+++ b/bin/tests/system/pipelined/pipequeries.c
@@ -280,9 +280,7 @@ main(int argc, char *argv[]) {
@ -417,7 +417,7 @@ index f0a6ff2..55064f6 100644
}
#endif
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
index fe8698e..937fcc3 100644
index 3236968..4fa77b6 100644
--- a/bin/tests/system/tkey/keycreate.c
+++ b/bin/tests/system/tkey/keycreate.c
@@ -255,9 +255,7 @@ main(int argc, char *argv[]) {
@ -432,7 +432,7 @@ index fe8698e..937fcc3 100644
}
#endif
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
index 2146f9b..64b8e74 100644
index 43fb6b0..105e151 100644
--- a/bin/tests/system/tkey/keydelete.c
+++ b/bin/tests/system/tkey/keydelete.c
@@ -171,6 +171,7 @@ main(int argc, char **argv) {
@ -455,7 +455,7 @@ index 2146f9b..64b8e74 100644
}
#endif
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 1da0565..7eef5b2 100644
index ca98726..1f9df2c 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -5034,22 +5034,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@ -569,10 +569,10 @@ index 0000000..89a4961
+</section>
+
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index adffaa0..2ffe344 100644
index a5e42c0..f8cb1f9 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -45,6 +45,7 @@
@@ -47,6 +47,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.1.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-9.11.0.xml"/>
@ -581,7 +581,7 @@ index adffaa0..2ffe344 100644
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes-thankyou.xml"/>
</section>
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 1eccbe7..1933993 100644
index aa54afc..2156384 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -2017,10 +2017,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) {
@ -599,7 +599,7 @@ index 1eccbe7..1933993 100644
}
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index 6813c96..665574d 100644
index 3aba028..180c841 100644
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -163,8 +163,18 @@ isc_result_t
@ -624,7 +624,7 @@ index 6813c96..665574d 100644
bool
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index ffe0a69..5e48686 100644
index 3f4f822..cfdc757 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) {
@ -638,7 +638,7 @@ index ffe0a69..5e48686 100644
#ifndef DONT_REQUIRE_DST_LIB_INIT
INSIST(dst__memory_pool != NULL);
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index c40a18c..c7cb17d 100644
index f32c9dc..bed276b 100644
--- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h
@@ -189,9 +189,8 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent,
@ -718,26 +718,21 @@ index c40a18c..c7cb17d 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
index f8aed34..17c551b 100644
index f38e80d..3cb1c56 100644
--- a/lib/isc/include/isc/random.h
+++ b/lib/isc/include/isc/random.h
@@ -9,8 +9,6 @@
* information regarding copyright ownership.
*/
-/* $Id: random.h,v 1.20 2009/01/17 23:47:43 tbox Exp $ */
-
#ifndef ISC_RANDOM_H
#define ISC_RANDOM_H 1
@@ -21,13 +19,23 @@
@@ -19,13 +19,23 @@
#include <isc/mutex.h>
/*! \file isc/random.h
- * \brief Implements a random state pool which will let the caller return a
- * series of possibly non-reproducible random values.
+ * \brief Implements pseudo random number generators.
+ *
*
- * Note that the
- * strength of these numbers is not all that high, and should not be
- * used in cryptography functions. It is useful for jittering values
- * a bit here and there, such as timeouts, etc.
+ * Two pseudo-random number generators are implemented, in isc_random_*
+ * and isc_rng_*. Neither one is very strong; they should not be used
+ * in cryptography functions.
@ -747,11 +742,7 @@ index f8aed34..17c551b 100644
+ * It is useful for jittering values a bit here and there, such as
+ * timeouts, etc, but should not be relied upon to generate
+ * unpredictable sequences (for example, when choosing transaction IDs).
*
- * Note that the
- * strength of these numbers is not all that high, and should not be
- * used in cryptography functions. It is useful for jittering values
- * a bit here and there, such as timeouts, etc.
+ *
+ * isc_rng_* is based on ChaCha20, and is seeded and stirred from the
+ * system entropy source. It is stronger than isc_random_* and can
+ * be used for generating unpredictable sequences. It is still not as
@ -760,7 +751,7 @@ index f8aed34..17c551b 100644
*/
ISC_LANG_BEGINDECLS
@@ -115,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
@@ -113,8 +123,8 @@ isc_rng_random(isc_rng_t *rngctx);
uint16_t
isc_rng_uniformrandom(isc_rng_t *rngctx, uint16_t upper_bound);
/*%<
@ -772,7 +763,7 @@ index f8aed34..17c551b 100644
ISC_LANG_ENDDECLS
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 1c45d5c..91693b5 100644
index e74c93b..212194e 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1109,7 +1109,7 @@ options_clauses[] = {

198
bind-9.11-serve-stale.patch
View File

@ -1,4 +1,4 @@
From 5400119bfb19243b37e4f4f27baad4f610fff8da Mon Sep 17 00:00:00 2001
From 95b25d45662f4fad39cbc9ddbc3b4bcdae0a04ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 7 Nov 2019 14:31:03 +0100
Subject: [PATCH] Implement serve-stale in 9.11
@ -276,7 +276,7 @@ Signed-off-by: Petr Menšík <pemensik@redhat.com>
create mode 100755 bin/tests/system/serve-stale/tests.sh
diff --git a/bin/named/config.c b/bin/named/config.c
index ff868b8..f23bed1 100644
index 5e663c6..560ef04 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -182,13 +182,14 @@ options {\n\
@ -312,7 +312,7 @@ index ff868b8..f23bed1 100644
transfer-format many-answers;\n\
v6-bias 50;\n\
diff --git a/bin/named/control.c b/bin/named/control.c
index df23c26..8b79850 100644
index 23620b4..0756c73 100644
--- a/bin/named/control.c
+++ b/bin/named/control.c
@@ -282,6 +282,8 @@ ns_control_docommand(isccc_sexpr_t *message, bool readonly,
@ -325,10 +325,10 @@ index df23c26..8b79850 100644
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h
index 8705fdd..1634154 100644
index 56bad8d..37403f1 100644
--- a/bin/named/include/named/control.h
+++ b/bin/named/include/named/control.h
@@ -69,6 +69,7 @@
@@ -67,6 +67,7 @@
#define NS_COMMAND_MKEYS "managed-keys"
#define NS_COMMAND_DNSTAPREOPEN "dnstap-reopen"
#define NS_COMMAND_DNSTAP "dnstap"
@ -337,10 +337,10 @@ index 8705fdd..1634154 100644
isc_result_t
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h
index 56bfcd4..cd8db60 100644
index 76e3a51..0d1d985 100644
--- a/bin/named/include/named/log.h
+++ b/bin/named/include/named/log.h
@@ -32,6 +32,7 @@
@@ -30,6 +30,7 @@
#define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6])
#define NS_LOGCATEGORY_QUERY_ERRORS (&ns_g_categories[7])
#define NS_LOGCATEGORY_TAT (&ns_g_categories[8])
@ -349,7 +349,7 @@ index 56bfcd4..cd8db60 100644
/*
* Backwards compatibility.
diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
index 9661f56..445b578 100644
index ef1b172..53c052b 100644
--- a/bin/named/include/named/query.h
+++ b/bin/named/include/named/query.h
@@ -35,6 +35,18 @@ typedef struct ns_dbversion {
@ -389,10 +389,10 @@ index 9661f56..445b578 100644
bool root_key_sentinel_is_ta;
bool root_key_sentinel_not_ta;
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index c92922e..588bf2d 100644
index 0ba2627..08a02dc 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -226,7 +226,10 @@ enum {
@@ -227,7 +227,10 @@ enum {
dns_nsstatscounter_reclimitdropped = 58,
@ -404,7 +404,7 @@ index c92922e..588bf2d 100644
};
/*%
@@ -765,4 +768,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
@@ -766,4 +769,12 @@ ns_server_mkeys(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
isc_result_t
ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
@ -418,7 +418,7 @@ index c92922e..588bf2d 100644
+ isc_buffer_t **text);
#endif /* NAMED_SERVER_H */
diff --git a/bin/named/log.c b/bin/named/log.c
index 3aa25e9..12f178b 100644
index acfa766..ea6f114 100644
--- a/bin/named/log.c
+++ b/bin/named/log.c
@@ -38,6 +38,7 @@ static isc_logcategory_t categories[] = {
@ -430,10 +430,10 @@ index 3aa25e9..12f178b 100644
};
diff --git a/bin/named/query.c b/bin/named/query.c
index 25eeced..162e4ea 100644
index edf42d2..89cc574 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -125,10 +125,14 @@
@@ -149,10 +149,14 @@ last_cmpxchg(isc_stdtime_t *x, isc_stdtime_t *e, isc_stdtime_t r) {
#define REDIRECT(c) (((c)->query.attributes & \
NS_QUERYATTR_REDIRECT) != 0)
@ -449,7 +449,7 @@ index 25eeced..162e4ea 100644
#ifdef WANT_QUERYTRACE
static inline void
client_trace(ns_client_t *client, int level, const char *message) {
@@ -217,6 +221,10 @@ static bool
@@ -241,6 +245,10 @@ static bool
rpz_ck_dnssec(ns_client_t *client, isc_result_t qresult,
dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset);
@ -460,7 +460,7 @@ index 25eeced..162e4ea 100644
/*%
* Increment query statistics counters.
*/
@@ -470,6 +478,7 @@ query_reset(ns_client_t *client, bool everything) {
@@ -494,6 +502,7 @@ query_reset(ns_client_t *client, bool everything) {
client->query.isreferral = false;
client->query.dns64_options = 0;
client->query.dns64_ttl = UINT32_MAX;
@ -468,8 +468,8 @@ index 25eeced..162e4ea 100644
client->query.root_key_sentinel_keyid = 0;
client->query.root_key_sentinel_is_ta = false;
client->query.root_key_sentinel_not_ta = false;
@@ -4254,6 +4263,54 @@ query_prefetch(ns_client_t *client, dns_name_t *qname,
dns_rdataset_clearprefetch(rdataset);
@@ -4305,6 +4314,54 @@ log_quota(ns_client_t *client, isc_stdtime_t *last, isc_stdtime_t now,
}
}
+/*%
@ -523,7 +523,7 @@ index 25eeced..162e4ea 100644
static isc_result_t
query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
dns_name_t *qdomain, dns_rdataset_t *nameservers,
@@ -4263,6 +4320,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
@@ -4314,6 +4371,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
dns_rdataset_t *rdataset, *sigrdataset;
isc_sockaddr_t *peeraddr;
@ -543,7 +543,7 @@ index 25eeced..162e4ea 100644
if (!resuming)
inc_stats(client, dns_nsstatscounter_recursion);
@@ -6780,6 +6850,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -6821,6 +6891,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
int line = -1;
bool dns64_exclude, dns64, rpz;
bool nxrewrite = false;
@ -551,7 +551,7 @@ index 25eeced..162e4ea 100644
bool redirected = false;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
@@ -7089,6 +7160,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7130,6 +7201,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
type = qtype;
restart:
@ -559,7 +559,7 @@ index 25eeced..162e4ea 100644
CTRACE(ISC_LOG_DEBUG(3), "query_find: restart");
want_restart = false;
authoritative = false;
@@ -7233,6 +7305,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7274,6 +7346,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
db_find:
@ -567,7 +567,7 @@ index 25eeced..162e4ea 100644
CTRACE(ISC_LOG_DEBUG(3), "query_find: db_find");
/*
* We'll need some resources...
@@ -7290,6 +7363,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7331,6 +7404,35 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (!is_zone)
dns_cache_updatestats(client->view->cache, result);
@ -603,7 +603,7 @@ index 25eeced..162e4ea 100644
resume:
CTRACE(ISC_LOG_DEBUG(3), "query_find: resume");
@@ -7635,6 +7737,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7676,6 +7778,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* The cache doesn't even have the root NS. Get them from
* the hints DB.
*/
@ -611,7 +611,7 @@ index 25eeced..162e4ea 100644
INSIST(!is_zone);
if (db != NULL)
dns_db_detach(&db);
@@ -7697,12 +7800,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -7738,12 +7841,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
/* FALLTHROUGH */
case DNS_R_DELEGATION:
@ -626,7 +626,7 @@ index 25eeced..162e4ea 100644
if (!RECURSIONOK(client) &&
(options & DNS_GETDB_NOEXACT) != 0 &&
qtype == dns_rdatatype_ds) {
@@ -8089,6 +8194,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8130,6 +8235,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
false, true);
}
}
@ -634,7 +634,7 @@ index 25eeced..162e4ea 100644
if (dns_rdataset_isassociated(rdataset)) {
/*
* If we've got a NSEC record, we need to save the
@@ -8409,7 +8515,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8450,7 +8556,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* If we have a zero ttl from the cache refetch it.
*/
@ -644,7 +644,7 @@ index 25eeced..162e4ea 100644
RECURSIONOK(client))
{
if (dns_rdataset_isassociated(rdataset))
@@ -8627,7 +8734,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8668,7 +8775,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
"query_find: unexpected error after resuming: %s",
isc_result_totext(result));
CTRACE(ISC_LOG_ERROR, errmsg);
@ -657,7 +657,7 @@ index 25eeced..162e4ea 100644
goto cleanup;
}
@@ -8883,7 +8994,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8924,7 +9035,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* If we have a zero ttl from the cache refetch it.
*/
@ -666,7 +666,7 @@ index 25eeced..162e4ea 100644
RECURSIONOK(client))
{
if (dns_rdataset_isassociated(rdataset))
@@ -8894,6 +9005,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -8935,6 +9046,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (node != NULL)
dns_db_detachnode(db, &node);
@ -674,7 +674,7 @@ index 25eeced..162e4ea 100644
INSIST(!REDIRECT(client));
result = query_recurse(client, qtype,
client->query.qname,
@@ -9174,6 +9286,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -9215,6 +9327,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
dns_fixedname_name(&wildcardname),
true, false);
cleanup:
@ -682,7 +682,7 @@ index 25eeced..162e4ea 100644
CTRACE(ISC_LOG_DEBUG(3), "query_find: cleanup");
/*
* General cleanup.
@@ -9230,6 +9343,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
@@ -9271,6 +9384,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
goto restart;
}
@ -733,7 +733,7 @@ index 25eeced..162e4ea 100644
(!PARTIALANSWER(client) || WANTRECURSION(client)
|| eresult == DNS_R_DROP)) {
diff --git a/bin/named/server.c b/bin/named/server.c
index 1cbb9a0..0c899ba 100644
index 2bdf690..3a5ba91 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1720,7 +1720,8 @@ static bool
@ -843,7 +843,7 @@ index 1cbb9a0..0c899ba 100644
/*
* Set supported DNSSEC algorithms.
*/
@@ -14509,3 +14553,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
@@ -14559,3 +14603,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
return (ISC_R_NOTIMPLEMENTED);
#endif
}
@ -977,7 +977,7 @@ index 1cbb9a0..0c899ba 100644
+ return (result);
+}
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 4b8d972..8c68737 100644
index 12ab048..4938c03 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -300,6 +300,12 @@ init_desc(void) {
@ -994,7 +994,7 @@ index 4b8d972..8c68737 100644
/* Initialize resolver statistics */
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 1b48861..f50635b 100644
index 0acfe3a..2c21c1d 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -160,6 +160,8 @@ command is one of the following:\n\
@ -1007,7 +1007,7 @@ index 1b48861..f50635b 100644
Print a zone's configuration.\n\
sign zone [class [view]]\n\
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index e14a17e..eaf32d3 100644
index 1e3812e..c7fe65f 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -689,6 +689,25 @@
@ -1037,7 +1037,7 @@ index e14a17e..eaf32d3 100644
<term><userinput>secroots <optional>-</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term>
<listitem>
diff --git a/bin/tests/system/chain/prereq.sh b/bin/tests/system/chain/prereq.sh
index f3f1939..9ff3f07 100644
index 23bedcd..43385de 100644
--- a/bin/tests/system/chain/prereq.sh
+++ b/bin/tests/system/chain/prereq.sh
@@ -48,3 +48,10 @@ else
@ -1052,7 +1052,7 @@ index f3f1939..9ff3f07 100644
+ exit 1
+fi
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 4c122c8..a2eb833 100644
index c59cfaf..2b3de5f 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \
@ -2039,7 +2039,7 @@ index 0000000..201c996
+echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 7eef5b2..b16b239 100644
index 1f9df2c..78e75ce 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4336,6 +4336,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@ -2140,7 +2140,7 @@ index 7eef5b2..b16b239 100644
</para>
</listitem>
</varlistentry>
@@ -8928,6 +8968,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
@@ -9015,6 +9055,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
@ -2169,7 +2169,7 @@ index 7eef5b2..b16b239 100644
<term><command>min-roots</command></term>
<listitem>
diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml
index e41bd3b..2f505c8 100644
index f0776fe..c4b903a 100644
--- a/doc/arm/logging-categories.xml
+++ b/doc/arm/logging-categories.xml
@@ -311,6 +311,17 @@
@ -2281,7 +2281,7 @@ index e11beed..fde93c7 100644
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index eaac5ba..a89d78f 100644
index bf769fe..6c57fa4 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -99,7 +99,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
@ -2525,7 +2525,7 @@ index eaac5ba..a89d78f 100644
}
diff --git a/lib/dns/cache.c b/lib/dns/cache.c
index 4701ff8..97e427a 100644
index 2965a4f..617737a 100644
--- a/lib/dns/cache.c
+++ b/lib/dns/cache.c
@@ -138,6 +138,7 @@ struct dns_cache {
@ -2595,7 +2595,7 @@ index 4701ff8..97e427a 100644
* The cleaner task is shutting down; do the necessary cleanup.
*/
diff --git a/lib/dns/db.c b/lib/dns/db.c
index ee3e00d..576aa65 100644
index a28a566..c581646 100644
--- a/lib/dns/db.c
+++ b/lib/dns/db.c
@@ -1130,3 +1130,25 @@ dns_db_nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
@ -2625,7 +2625,7 @@ index ee3e00d..576aa65 100644
+ return (ISC_R_NOTIMPLEMENTED);
+}
diff --git a/lib/dns/ecdb.c b/lib/dns/ecdb.c
index 47994ea..23bfe7d 100644
index fc94ccf..76d0417 100644
--- a/lib/dns/ecdb.c
+++ b/lib/dns/ecdb.c
@@ -588,7 +588,9 @@ static dns_dbmethods_t ecdb_methods = {
@ -2640,7 +2640,7 @@ index 47994ea..23bfe7d 100644
static isc_result_t
diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h
index 62797db..714b78e 100644
index ab4b0b5..e158014 100644
--- a/lib/dns/include/dns/cache.h
+++ b/lib/dns/include/dns/cache.h
@@ -260,6 +260,27 @@ dns_cache_getcachesize(dns_cache_t *cache);
@ -2672,7 +2672,7 @@ index 62797db..714b78e 100644
dns_cache_flush(dns_cache_t *cache);
/*%<
diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h
index 6f0eed0..e3917f2 100644
index 96f3a8f..452770f 100644
--- a/lib/dns/include/dns/db.h
+++ b/lib/dns/include/dns/db.h
@@ -195,6 +195,8 @@ typedef struct dns_dbmethods {
@ -2732,7 +2732,7 @@ index 6f0eed0..e3917f2 100644
#endif /* DNS_DB_H */
diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h
index 5295d8e..97071ed 100644
index ed9119a..710e97c 100644
--- a/lib/dns/include/dns/rdataset.h
+++ b/lib/dns/include/dns/rdataset.h
@@ -128,6 +128,7 @@ struct dns_rdataset {
@ -2786,7 +2786,7 @@ index 5295d8e..97071ed 100644
/*%
* _OMITDNSSEC:
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 0b66c75..4b4b6bd 100644
index 7b3c047..bd7d225 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -547,9 +547,12 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name);
@ -2855,12 +2855,12 @@ index 0b66c75..4b4b6bd 100644
dns_resolver_getoptions(dns_resolver_t *resolver);
diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h
index 567e8a8..7bf2b60 100644
index 2468e3c..934a641 100644
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@@ -385,6 +385,12 @@ typedef enum {
dns_updatemethod_date
} dns_updatemethod_t;
@@ -390,6 +390,12 @@ typedef struct {
size_t count;
} dns_indent_t;
+typedef enum {
+ dns_stale_answer_no,
@ -2872,7 +2872,7 @@ index 567e8a8..7bf2b60 100644
* Functions.
*/
diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
index 09a9725..8e3b3cb 100644
index 53f1db1..96148c7 100644
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@@ -229,6 +229,9 @@ struct dns_view {
@ -2886,7 +2886,7 @@ index 09a9725..8e3b3cb 100644
#define DNS_VIEW_MAGIC ISC_MAGIC('V','i','e','w')
diff --git a/lib/dns/master.c b/lib/dns/master.c
index 8edd732..8c9f00e 100644
index 7d26b81..36999b5 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -1948,12 +1948,18 @@ load_text(dns_loadctx_t *lctx) {
@ -2913,7 +2913,7 @@ index 8edd732..8c9f00e 100644
/*
diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c
index 13d1a3e..873b694 100644
index fa839a0..91b3cab 100644
--- a/lib/dns/masterdump.c
+++ b/lib/dns/masterdump.c
@@ -81,6 +81,9 @@ struct dns_master_style {
@ -2982,10 +2982,10 @@ index 13d1a3e..873b694 100644
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_buffer_usedregion(&buffer, &r);
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index baf7641..a8f4609 100644
index 3b75cad..535202b 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
@@ -511,6 +511,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t;
typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_NONEXISTENT 0x0001
@ -2993,7 +2993,7 @@ index baf7641..a8f4609 100644
#define RDATASET_ATTR_STALE 0x0002
#define RDATASET_ATTR_IGNORE 0x0004
#define RDATASET_ATTR_RETAIN 0x0008
@@ -502,6 +503,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
@@ -523,6 +524,8 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_CASESET 0x0400
#define RDATASET_ATTR_ZEROTTL 0x0800
#define RDATASET_ATTR_CASEFULLYLOWER 0x1000
@ -3002,7 +3002,7 @@ index baf7641..a8f4609 100644
typedef struct acache_cbarg {
dns_rdatasetadditional_t type;
@@ -552,6 +555,8 @@ struct acachectl {
@@ -573,6 +576,8 @@ struct acachectl {
(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
#define CASEFULLYLOWER(header) \
(((header)->attributes & RDATASET_ATTR_CASEFULLYLOWER) != 0)
@ -3011,7 +3011,7 @@ index baf7641..a8f4609 100644
#define ACTIVE(header, now) \
@@ -611,6 +616,12 @@ typedef enum {
@@ -632,6 +637,12 @@ typedef enum {
expire_flush
} expire_t;
@ -3024,7 +3024,7 @@ index baf7641..a8f4609 100644
typedef struct rbtdb_version {
/* Not locked */
rbtdb_serial_t serial;
@@ -678,6 +689,12 @@ struct dns_rbtdb {
@@ -699,6 +710,12 @@ struct dns_rbtdb {
dns_dbnode_t *soanode;
dns_dbnode_t *nsnode;
@ -3037,7 +3037,7 @@ index baf7641..a8f4609 100644
/*
* This is a linked list used to implement the LRU cache. There will
* be node_lock_count linked lists here. Nodes in bucket 1 will be
@@ -721,6 +738,8 @@ struct dns_rbtdb {
@@ -742,6 +759,8 @@ struct dns_rbtdb {
#define RBTDB_ATTR_LOADED 0x01
#define RBTDB_ATTR_LOADING 0x02
@ -3046,7 +3046,7 @@ index baf7641..a8f4609 100644
/*%
* Search Context
*/
@@ -1791,15 +1810,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
@@ -1816,15 +1835,15 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) {
}
static inline void
@ -3066,7 +3066,7 @@ index baf7641..a8f4609 100644
header->node->dirty = 1;
/*
@@ -1840,8 +1859,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
@@ -1865,8 +1884,8 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
/*
* If current is nonexistent or stale, we can clean it up.
*/
@ -3077,7 +3077,7 @@ index baf7641..a8f4609 100644
if (top_prev != NULL)
top_prev->next = current->next;
else
@@ -2086,6 +2105,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
@@ -2111,6 +2130,80 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
}
}
@ -3158,7 +3158,7 @@ index baf7641..a8f4609 100644
/*
* Caller must be holding the node lock.
*/
@@ -3318,6 +3411,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -3343,6 +3436,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
rdataset->attributes |= DNS_RDATASETATTR_OPTOUT;
if (PREFETCH(header))
rdataset->attributes |= DNS_RDATASETATTR_PREFETCH;
@ -3171,7 +3171,7 @@ index baf7641..a8f4609 100644
rdataset->private1 = rbtdb;
rdataset->private2 = node;
raw = (unsigned char *)header + sizeof(*header);
@@ -4674,6 +4773,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4699,6 +4798,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
#endif
if (!ACTIVE(header, search->now)) {
@ -3191,7 +3191,7 @@ index baf7641..a8f4609 100644
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we mark
@@ -4713,7 +4825,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
@@ -4738,7 +4850,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header,
node->data = header->next;
free_rdataset(search->rbtdb, mctx, header);
} else {
@ -3200,7 +3200,7 @@ index baf7641..a8f4609 100644
*header_prev = header;
}
} else
@@ -5154,7 +5266,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
@@ -5179,7 +5291,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
&locktype, lock, &search,
&header_prev)) {
/* Do nothing. */
@ -3209,7 +3209,7 @@ index baf7641..a8f4609 100644
/*
* We now know that there is at least one active
* non-stale rdataset at this node.
@@ -5637,7 +5749,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5662,7 +5774,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
* refcurrent(rbtnode) must be non-zero. This is so
* because 'node' is an argument to the function.
*/
@ -3218,7 +3218,7 @@ index baf7641..a8f4609 100644
if (log)
isc_log_write(dns_lctx, category, module,
level, "overmem cache: stale %s",
@@ -5645,7 +5757,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
@@ -5670,7 +5782,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) {
} else if (force_expire) {
if (! RETAIN(header)) {
set_ttl(rbtdb, header, 0);
@ -3227,7 +3227,7 @@ index baf7641..a8f4609 100644
} else if (log) {
isc_log_write(dns_lctx, category, module,
level, "overmem cache: "
@@ -5904,9 +6016,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
@@ -5929,9 +6041,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
* non-zero. This is so because 'node' is an
* argument to the function.
*/
@ -3239,7 +3239,7 @@ index baf7641..a8f4609 100644
if (header->type == matchtype)
found = header;
else if (header->type == RBTDB_RDATATYPE_NCACHEANY ||
@@ -6206,7 +6318,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6233,7 +6345,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
topheader = topheader->next)
{
set_ttl(rbtdb, topheader, 0);
@ -3248,7 +3248,7 @@ index baf7641..a8f4609 100644
}
goto find_header;
}
@@ -6267,7 +6379,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6294,7 +6406,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* ncache entry.
*/
set_ttl(rbtdb, topheader, 0);
@ -3257,7 +3257,7 @@ index baf7641..a8f4609 100644
topheader = NULL;
goto find_header;
}
@@ -6305,8 +6417,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6332,8 +6444,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
/*
@ -3271,7 +3271,7 @@ index baf7641..a8f4609 100644
*/
if (rbtversion == NULL && trust < header->trust &&
(ACTIVE(header, now) || header_nx)) {
@@ -6336,6 +6451,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6363,6 +6478,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
if ((options & DNS_DBADD_EXACT) != 0)
flags |= DNS_RDATASLAB_EXACT;
@ -3282,7 +3282,7 @@ index baf7641..a8f4609 100644
if ((options & DNS_DBADD_EXACTTTL) != 0 &&
newheader->rdh_ttl != header->rdh_ttl)
result = DNS_R_NOTEXACT;
@@ -6379,11 +6498,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6406,11 +6525,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
}
/*
@ -3300,7 +3300,7 @@ index baf7641..a8f4609 100644
*/
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
@@ -6556,10 +6676,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
@@ -6583,10 +6703,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
changed->dirty = true;
if (rbtversion == NULL) {
set_ttl(rbtdb, header, 0);
@ -3313,7 +3313,7 @@ index baf7641..a8f4609 100644
}
}
if (rbtversion != NULL && !header_nx) {
@@ -8410,6 +8530,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
@@ -8437,6 +8557,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) {
return (result);
}
@ -3344,7 +3344,7 @@ index baf7641..a8f4609 100644
static dns_dbmethods_t zone_methods = {
attach,
detach,
@@ -8455,7 +8599,9 @@ static dns_dbmethods_t zone_methods = {
@@ -8482,7 +8626,9 @@ static dns_dbmethods_t zone_methods = {
NULL,
hashsize,
nodefullname,
@ -3355,7 +3355,7 @@ index baf7641..a8f4609 100644
};
static dns_dbmethods_t cache_methods = {
@@ -8503,7 +8649,9 @@ static dns_dbmethods_t cache_methods = {
@@ -8530,7 +8676,9 @@ static dns_dbmethods_t cache_methods = {
setcachestats,
hashsize,
nodefullname,
@ -3366,7 +3366,7 @@ index baf7641..a8f4609 100644
};
isc_result_t
@@ -8774,7 +8922,7 @@ dns_rbtdb_create
@@ -8801,7 +8949,7 @@ dns_rbtdb_create
rbtdb->rpzs = NULL;
rbtdb->load_rpzs = NULL;
rbtdb->rpz_num = DNS_RPZ_INVALID_NUM;
@ -3375,7 +3375,7 @@ index baf7641..a8f4609 100644
/*
* Version Initialization.
*/
@@ -9192,7 +9340,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
@@ -9219,7 +9367,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) {
* rdatasets to work.
*/
if (NONEXISTENT(header) ||
@ -3385,7 +3385,7 @@ index baf7641..a8f4609 100644
header = NULL;
break;
} else
@@ -10401,7 +10550,7 @@ static inline bool
@@ -10428,7 +10577,7 @@ static inline bool
need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) {
if ((header->attributes &
(RDATASET_ATTR_NONEXISTENT |
@ -3394,7 +3394,7 @@ index baf7641..a8f4609 100644
RDATASET_ATTR_ZEROTTL)) != 0)
return (false);
@@ -10507,7 +10656,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
@@ -10534,7 +10683,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header,
bool tree_locked, expire_t reason)
{
set_ttl(rbtdb, header, 0);
@ -3404,7 +3404,7 @@ index baf7641..a8f4609 100644
/*
* Caller must hold the node (write) lock.
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index f7f73cd..7a77bde 100644
index 5e20783..17a4eee 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -141,16 +141,17 @@
@ -3437,7 +3437,7 @@ index f7f73cd..7a77bde 100644
#endif
/* The default maximum number of recursions to follow before giving up. */
@@ -523,6 +524,11 @@ struct dns_resolver {
@@ -529,6 +530,11 @@ struct dns_resolver {
dns_fetch_t * primefetch;
/* Locked by nlock. */
unsigned int nfctx;
@ -3449,7 +3449,7 @@ index f7f73cd..7a77bde 100644
};
#define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!')
@@ -1633,14 +1639,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
@@ -1650,14 +1656,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) {
unsigned int seconds;
unsigned int us;
@ -3468,7 +3468,7 @@ index f7f73cd..7a77bde 100644
/*
* Add a fudge factor to the expected rtt based on the current
@@ -4518,7 +4522,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
@@ -4535,7 +4539,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
/*
* Compute an expiration time for the entire fetch.
*/
@ -3478,7 +3478,7 @@ index f7f73cd..7a77bde 100644
iresult = isc_time_nowplusinterval(&fctx->expires, &interval);
if (iresult != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -9005,6 +9010,8 @@ dns_resolver_create(dns_view_t *view,
@@ -9059,6 +9064,8 @@ dns_resolver_create(dns_view_t *view,
res->spillattimer = NULL;
res->zspill = 0;
res->zero_no_soa_ttl = false;
@ -3487,7 +3487,7 @@ index f7f73cd..7a77bde 100644
res->query_timeout = DEFAULT_QUERY_TIMEOUT;
res->maxdepth = DEFAULT_RECURSION_DEPTH;
res->maxqueries = DEFAULT_MAX_QUERIES;
@@ -10339,17 +10346,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
@@ -10393,17 +10400,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) {
}
void
@ -3516,7 +3516,7 @@ index f7f73cd..7a77bde 100644
}
void
@@ -10446,3 +10456,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
@@ -10500,3 +10510,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which)
return (resolver->quotaresp[which]);
}
@ -3552,7 +3552,7 @@ index f7f73cd..7a77bde 100644
+ resolver->nonbackofftries = tries;
+}
diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c
index 8afaa52..b370e05 100644
index 477bb74..09cf932 100644
--- a/lib/dns/sdb.c
+++ b/lib/dns/sdb.c
@@ -1370,7 +1370,9 @@ static dns_dbmethods_t sdb_methods = {
@ -3567,7 +3567,7 @@ index 8afaa52..b370e05 100644
static isc_result_t
diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c
index 0b9620c..331992e 100644
index 037d74a..9218fed 100644
--- a/lib/dns/sdlz.c
+++ b/lib/dns/sdlz.c
@@ -1336,7 +1336,9 @@ static dns_dbmethods_t sdlzdb_methods = {
@ -3582,7 +3582,7 @@ index 0b9620c..331992e 100644
/*
diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c
index 2849775..812f750 100644
index bc1cc3f..60fdb81 100644
--- a/lib/dns/tests/db_test.c
+++ b/lib/dns/tests/db_test.c
@@ -28,8 +28,9 @@
@ -3813,7 +3813,7 @@ index 2849775..812f750 100644
_setup, _teardown),
cmocka_unit_test_setup_teardown(dbtype_test,
diff --git a/lib/dns/view.c b/lib/dns/view.c
index 0fca1d9..55ede81 100644
index a7ba613..a644c5f 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -229,6 +229,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
@ -3827,7 +3827,7 @@ index 0fca1d9..55ede81 100644
view->maxbits = 0;
view->v4_aaaa = dns_aaaa_ok;
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 91693b5..5771774 100644
index 212194e..b562f95 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1778,6 +1778,7 @@ view_clauses[] = {

178
bind-9.11.23-atomic.patch
View File

@ -1,178 +0,0 @@
From 1528f231b559670445cfc427937174535981917d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Fri, 18 Sep 2020 14:46:02 +0200
Subject: [PATCH] Fix isc_atomic_xadd symbol missing
Squashed commit of the following:
commit d8afe85342f05d8fec8ee0255451568e936b7eb2
Author: Mark Andrews <marka@isc.org>
Date: Mon Sep 7 16:12:31 2020 +1000
Update 'init_count' atomically to silence tsan errors.
(cherry picked from commit 90185b225f4c7acde2fbb04697d857fe496725a2)
commit f166c7fb7cc262a688ed511e40c9b0d551d5992d
Author: Mark Andrews <marka@isc.org>
Date: Thu Sep 3 12:53:53 2020 +1000
The node lock was released too early.
NEGATIVE needs to be call with the node lock held.
WARNING: ThreadSanitizer: data race
Write of size 2 at 0x000000000001 by thread T1 (mutexes: write M1):
#0 mark_stale_header lib/dns/rbtdb.c:1802:21
#1 add32 lib/dns/rbtdb.c:6559:5
#2 addrdataset lib/dns/rbtdb.c:6975:12
#3 dns_db_addrdataset lib/dns/db.c:783:10
#4 cache_name lib/dns/resolver.c:5829:13
#5 cache_message lib/dns/resolver.c:5926:14
#6 resquery_response lib/dns/resolver.c:8618:12
#7 dispatch lib/isc/task.c:1157:7
#8 run lib/isc/task.c:1331:2
Previous read of size 2 at 0x000000000001 by thread T2:
#0 cache_findrdataset lib/dns/rbtdb.c:5932:6
#1 dns_db_findrdataset lib/dns/db.c:739:10
#2 query_addadditional2 bin/named/query.c:2196:11
#3 additionaldata_ns lib/dns/./rdata/generic/ns_2.c:198:10
#4 dns_rdata_additionaldata lib/dns/rdata.c:1246:2
#5 dns_rdataset_additionaldata lib/dns/rdataset.c:629:12
#6 query_addrdataset bin/named/query.c:2411:8
#7 query_addrrset bin/named/query.c:2802:2
#8 query_addbestns bin/named/query.c:3501:2
#9 query_find bin/named/query.c:9165:4
#10 query_resume bin/named/query.c:4164:12
#11 dispatch lib/isc/task.c:1157:7
#12 run lib/isc/task.c:1331:2
(cherry picked from commit a1dcb73f677969d99df3ccff2acf4737e18a72b1)
commit 591a80fa95b8f3f3e716c45ceb9c5e4ccfa551c8
Author: Mark Andrews <marka@isc.org>
Date: Mon Aug 24 17:34:58 2020 +1000
increment header->count atomically
(cherry picked from commit 121837aa75ced489e28f8ce1dd20315487d199fa)
---
lib/dns/rbtdb.c | 43 +++++++++++++++++++++++++++++++++++--------
1 file changed, 35 insertions(+), 8 deletions(-)
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 88c39bf714..31ced8e73a 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -399,6 +399,23 @@ typedef isc_mutex_t nodelock_t;
#define NODE_WEAKDOWNGRADE(l) ((void)0)
#endif
+#if defined(ISC_PLATFORM_HAVESTDATOMIC)
+#if defined(__cplusplus)
+#include <isc/stdatomic.h>
+#else
+#include <stdatomic.h>
+#endif
+#define DNS_RBTDB_STDATOMIC 1
+#define DNS_RBTDB_INC(x) atomic_fetch_add(&(x), (1))
+#define DNS_RBTDB_LOAD(x) atomic_load(&(x))
+#elif defined(ISC_PLATFORM_HAVEXADD)
+#define DNS_RBTDB_INC(x) isc_atomic_xadd((int *)&(x), 1);
+#define DNS_RBTDB_LOAD(x) isc_atomic_xadd((int *)&(x), 0);
+#else
+#define DNS_RBTDB_INC(x) ((x)++)
+#define DNS_RBTDB_LOAD(x) (x)
+#endif
+
/*%
* Whether to rate-limit updating the LRU to avoid possible thread contention.
* Our performance measurement has shown the cost is marginal, so it's defined
@@ -457,7 +474,11 @@ typedef struct rdatasetheader {
* this rdataset.
*/
- uint32_t count;
+#ifdef DNS_RBTDB_STDATOMIC
+ _Atomic(uint32_t) count;
+#else
+ uint32_t count;
+#endif
/*%<
* Monotonously increased every time this rdataset is bound so that
* it is used as the base of the starting point in DNS responses
@@ -952,7 +973,11 @@ static char FILE_VERSION[32] = "\0";
* that indicates that the database does not implement cyclic
* processing.
*/
+#ifdef DNS_RBTDB_STDATOMIC
+static _Atomic(unsigned int) init_count;
+#else
static unsigned int init_count;
+#endif
/*
* Locking
@@ -3322,7 +3347,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
rdataset->private2 = node;
raw = (unsigned char *)header + sizeof(*header);
rdataset->private3 = raw;
- rdataset->count = header->count++;
+ rdataset->count = DNS_RBTDB_INC(header->count);
if (rdataset->count == UINT32_MAX)
rdataset->count = 0;
@@ -5924,10 +5949,10 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
}
}
- NODE_UNLOCK(lock, locktype);
-
- if (found == NULL)
+ if (found == NULL) {
+ NODE_UNLOCK(lock, locktype);
return (ISC_R_NOTFOUND);
+ }
if (NEGATIVE(found)) {
/*
@@ -5939,6 +5964,8 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
result = DNS_R_NCACHENXRRSET;
}
+ NODE_UNLOCK(lock, locktype);
+
update_cachestats(rbtdb, result);
return (result);
@@ -6839,7 +6866,7 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
newheader->attributes |= RDATASET_ATTR_ZEROTTL;
newheader->noqname = NULL;
newheader->closest = NULL;
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
+ newheader->count = DNS_RBTDB_INC(init_count);
newheader->trust = rdataset->trust;
newheader->additional_auth = NULL;
newheader->additional_glue = NULL;
@@ -7035,7 +7062,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
newheader->trust = 0;
newheader->noqname = NULL;
newheader->closest = NULL;
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
+ newheader->count = DNS_RBTDB_INC(init_count);
newheader->additional_auth = NULL;
newheader->additional_glue = NULL;
newheader->last_used = 0;
@@ -7481,7 +7508,7 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
newheader->serial = 1;
newheader->noqname = NULL;
newheader->closest = NULL;
- newheader->count = isc_atomic_xadd((int32_t*)&init_count, 1);
+ newheader->count = DNS_RBTDB_INC(init_count);
newheader->additional_auth = NULL;
newheader->additional_glue = NULL;
newheader->last_used = 0;
--
2.26.2

20
bind.spec
View File

@ -58,7 +58,7 @@
#
# lib*.so.X versions of selected libraries
%global sover_dns 1110
%global sover_dns 1112
%global sover_isc 1107
%global sover_irs 161
%global sover_isccfg 163
@ -66,8 +66,8 @@
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.11.23
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Version: 9.11.24
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -145,10 +145,6 @@ Patch157:bind-9.11-fips-tests.patch
Patch158:bind-9.11-rt31459.patch
# [RT #46047] commit 24172bd2eeba91441ab1c65d2717b0692309244a ISC 4724
Patch159:bind-9.11-rt46047.patch
# commit 66ba2fdad583d962a1f4971c85d58381f0849e4d
# commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c
# commit 083461d3329ff6f2410745848a926090586a9846
Patch160:bind-9.11-rh1624100.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/555
Patch161:bind-9.11-host-idn-disable.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e
@ -166,10 +162,6 @@ Patch174:bind-9.11-json-c.patch
Patch175:bind-9.11-fips-disable.patch
Patch177: bind-9.11-serve-stale.patch
Patch178: bind-9.11-serve-stale-dbfix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1736762
Patch183: bind-9.11-rh1736762-5.patch
# https://gitlab.isc.org/isc-projects/bind9/-/issues/2167
Patch184: bind-9.11.23-atomic.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -571,7 +563,6 @@ are used for building ISC DHCP.
%patch157 -p1 -b .fips-tests
%patch158 -p1 -b .rt31459
%patch159 -p1 -b .rt46047
%patch160 -p1 -b .rh1624100
%patch161 -p1 -b .host-idn-disable
%patch163 -p1 -b .rh1663318
%patch164 -p1 -b .rh1666814
@ -584,8 +575,6 @@ are used for building ISC DHCP.
%patch175 -p1 -b .rh1709553
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .rh1770492
%patch183 -p1 -b .rh1736762-5
%patch184 -p1 -b .rbtdb-atomic
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1619,6 +1608,9 @@ fi;
%endif
%changelog
* Fri Oct 23 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-1
- Update to 9.11.24
* Wed Sep 23 2020 Adrian Reber <adrian@lisas.de> - 32:9.11.23-2
- Rebuilt for protobuf 3.13

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.23.tar.gz) = df374dcfdad5c905d5607fd3a5dcfd236f1c9ee448902db520748a738d1ff2f1761603bf62949d38932fcd3ebbf36e693737c40f0a6233af20ee91c3f9a3f462
SHA512 (bind-9.11.23.tar.gz.asc) = afba039f50ad94fffa7891730d2d506a035f7abedeaec2f05abf19d030ffebc271b49e24adb3720f7bdb73318d52ededf0765ee082a6dc7cd9b581facafd411a
SHA512 (bind-9.11.24.tar.gz) = 30b4910be9e59b1df9184ddbd95341494c08a2c530b02077f28492c248af607d7d4c6666459a0e7cc0e9ad6c2b12ff3e7b03f500a720b39d304008f0ab94d5fa
SHA512 (bind-9.11.24.tar.gz.asc) = 7ec9a0fa9cc61ab64c2c2c67fabfe17311253da509dbe658dfe5a63d4fada2d0800a2e6d388d8303ccaa4ef110c5a110569724030df3a34dee58b0a58904bbcb