6e3b160e37
From Upstream Release notes:
Security Fixes
DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]
Known Issues
We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]
66 lines
2.5 KiB
Diff
66 lines
2.5 KiB
Diff
From 9576e960ad3719aa9c1707734ad7ba0eccf16e5f Mon Sep 17 00:00:00 2001
|
|
From: Petr Mensik <pemensik@redhat.com>
|
|
Date: Fri, 1 Mar 2019 15:48:20 +0100
|
|
Subject: [PATCH] Make alternative named builds testable in system tests
|
|
|
|
Red Hat has alternative variant builds of named, which are not ever
|
|
tested by system tests. New variables make it relatively easy to test
|
|
alternative variants.
|
|
|
|
For sdb variant use:
|
|
export NAMED_VARIANT=-sdb DNSSEC_VARIANT=
|
|
|
|
For pkcs variant use:
|
|
export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11
|
|
---
|
|
bin/tests/system/conf.sh.in | 18 +++++++++---------
|
|
1 file changed, 9 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
|
index 6f2dbcd..05605ae 100644
|
|
--- a/bin/tests/system/conf.sh.in
|
|
+++ b/bin/tests/system/conf.sh.in
|
|
@@ -37,7 +37,7 @@ DISABLED_ALGORITHM=ECDSAP384SHA384
|
|
DISABLED_ALGORITHM_NUMBER=14
|
|
DISABLED_BITS=384
|
|
|
|
-NAMED=$TOP/bin/named/named
|
|
+NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT}
|
|
# We must use "named -l" instead of "lwresd" because argv[0] is lost
|
|
# if the program is libtoolized.
|
|
LWRESD="$TOP/bin/named/named -l"
|
|
@@ -48,14 +48,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate
|
|
DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
|
|
TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
|
|
RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
|
|
-KEYGEN=$TOP/bin/dnssec/dnssec-keygen
|
|
-KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
|
|
-SIGNER=$TOP/bin/dnssec/dnssec-signzone
|
|
-REVOKE=$TOP/bin/dnssec/dnssec-revoke
|
|
-SETTIME=$TOP/bin/dnssec/dnssec-settime
|
|
-DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
|
|
+KEYGEN=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-keygen${DNSSEC_VARIANT}
|
|
+KEYFRLAB=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-keyfromlabel${DNSSEC_VARIANT}
|
|
+SIGNER=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-signzone${DNSSEC_VARIANT}
|
|
+REVOKE=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-revoke${DNSSEC_VARIANT}
|
|
+SETTIME=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-settime${DNSSEC_VARIANT}
|
|
+DSFROMKEY=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-dsfromkey${DNSSEC_VARIANT}
|
|
HOST=$TOP/bin/dig/host
|
|
-IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
|
|
+IMPORTKEY=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-importkey${DNSSEC_VARIANT}
|
|
CHECKDS=$TOP/bin/python/dnssec-checkds
|
|
COVERAGE=$TOP/bin/python/dnssec-coverage
|
|
KEYMGR=$TOP/bin/python/dnssec-keymgr
|
|
@@ -75,7 +75,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
|
|
MDIG=$TOP/bin/tools/mdig
|
|
NZD2NZF=$TOP/bin/tools/named-nzd2nzf
|
|
FSTRM_CAPTURE=@FSTRM_CAPTURE@
|
|
-FEATURETEST=$TOP/bin/named/feature-test
|
|
+FEATURETEST=$TOP/bin/named${NAMED_VARIANT}/feature-test${NAMED_VARIANT}
|
|
|
|
RANDFILE=$TOP/bin/tests/system/random.data
|
|
|
|
--
|
|
2.21.1
|
|
|