Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b49d075cce | |||
| 2683c619eb | |||
| e4326ff34b |
1
.bind9.18.metadata
Normal file
1
.bind9.18.metadata
Normal file
@ -0,0 +1 @@
|
||||
33ff5a86e56d65859358749654ea848809bd4532 SOURCES/bind-9.18.29.tar.xz
|
||||
@ -1 +0,0 @@
|
||||
1
|
||||
233
.gitignore
vendored
233
.gitignore
vendored
@ -1,232 +1 @@
|
||||
bind-9.7.1-P2.tar.gz
|
||||
config-8.tar.bz2
|
||||
bind-9.7.2b1.tar.gz
|
||||
/config-8.tar.bz2
|
||||
/bind-9.7.2rc1.tar.gz
|
||||
/bind-9.7.2.tar.gz
|
||||
/bind-9.7.2-P2.tar.gz
|
||||
/bind-9.7.2-P3.tar.gz
|
||||
/bind-9.7.3b1.tar.gz
|
||||
/bind-9.7.3rc1.tar.gz
|
||||
/bind-9.7.3.tar.gz
|
||||
/bind-9.8.0rc1.tar.gz
|
||||
/bind-9.8.0.tar.gz
|
||||
/bind-9.8.0-P1.tar.gz
|
||||
/bind-9.8.0-P2.tar.gz
|
||||
/bind-9.8.0-P4.tar.gz
|
||||
/bind-9.8.1rc1.tar.gz
|
||||
/bind-9.8.1.tar.gz
|
||||
/bind-9.9.0b1.tar.gz
|
||||
/bind-9.9.0b2.tar.gz
|
||||
/bind-9.9.0rc1.tar.gz
|
||||
/bind-9.9.0rc2.tar.gz
|
||||
/bind-9.9.0.tar.gz
|
||||
/bind-9.9.1.tar.gz
|
||||
/bind-9.9.1-P1.tar.gz
|
||||
/bind-9.9.1-P2.tar.gz
|
||||
/bind-9.9.1-P3.tar.gz
|
||||
/bind-9.9.2.tar.gz
|
||||
/bind-9.9.2-P1.tar.gz
|
||||
/config-9.tar.bz2
|
||||
/config-10.tar.bz2
|
||||
/bind-9.9.2-P2.tar.gz
|
||||
/bind-9.9.3rc1.tar.gz
|
||||
/config-11.tar.bz2
|
||||
/bind-9.9.3rc2.tar.gz
|
||||
/bind-9.9.3.tar.gz
|
||||
/bind-9.9.3-P1.tar.gz
|
||||
/bind-9.9.4b1.tar.gz
|
||||
/bind-9.9.4rc1.tar.gz
|
||||
/bind-9.9.4rc2.tar.gz
|
||||
/bind-9.9.4.tar.gz
|
||||
/config-12.tar.bz2
|
||||
/bind-9.9.5b1.tar.gz
|
||||
/bind-9.9.5rc2.tar.gz
|
||||
/bind-9.9.5.tar.gz
|
||||
/bind-9.9.5-P1.tar.gz
|
||||
/bind-9.9.6.tar.gz
|
||||
/bind-9.9.6-P1.tar.gz
|
||||
/bind-9.10.1b2.tar.gz
|
||||
/bind-9.10.1.tar.gz
|
||||
/bind-9.10.1-P1.tar.gz
|
||||
/bind-9.10.2rc1.tar.gz
|
||||
/bind-9.10.2rc2.tar.gz
|
||||
/bind-9.10.2.tar.gz
|
||||
/config-13.tar.bz2
|
||||
/config-14.tar.bz2
|
||||
/bind-9.10.2-P1.tar.gz
|
||||
/bind-9.10.2-P2.tar.gz
|
||||
/bind-9.10.2-P3.tar.gz
|
||||
/bind-9.10.3rc1.tar.gz
|
||||
/bind-9.10.3.tar.gz
|
||||
/bind-9.10.3-P2.tar.gz
|
||||
/config-15.tar.bz2
|
||||
/bind-9.10.3-P3.tar.gz
|
||||
/bind-9.10.3-P4.tar.gz
|
||||
/bind-9.10.4-P1.tar.gz
|
||||
/bind-9.10.4-P2.tar.gz
|
||||
/bind-9.10.4-P3.tar.gz
|
||||
/bind-9.10.4-P4.tar.gz
|
||||
/bind-9.11.0-P1.tar.gz
|
||||
/bind-9.11.0-P2.tar.gz
|
||||
/bind-9.11.0-P3.tar.gz
|
||||
/bind-9.11.0-P5.tar.gz
|
||||
/config-16.tar.bz2
|
||||
/bind-9.11.1-P1.tar.gz
|
||||
/bind-9.11.1-P2.tar.gz
|
||||
/bind-9.11.1-P3.tar.gz
|
||||
/bind-9.11.2b1.tar.gz
|
||||
/bind-9.11.2.tar.gz
|
||||
/config-17.tar.bz2
|
||||
/bind-9.11.2-P1.tar.gz
|
||||
/bind-9.11.3b1.tar.gz
|
||||
/bind-9.11.3.tar.gz
|
||||
/config-18.tar.bz2
|
||||
/bind-9.11.4rc1.tar.gz
|
||||
/bind-9.11.4.tar.gz
|
||||
/bind-9.11.4-P1.tar.gz
|
||||
/bind-9.11.4-P2.tar.gz
|
||||
/bind-9.11.5.tar.gz
|
||||
/bind-9.11.5-P1.tar.gz
|
||||
/config-19.tar.bz2
|
||||
/bind-9.11.5-P4.tar.gz
|
||||
/bind-9.11.6.tar.gz
|
||||
/bind-9.11.6-P1.tar.gz
|
||||
/bind-9.11.7.tar.gz
|
||||
/bind-9.11.8.tar.gz
|
||||
/bind-9.11.9.tar.gz
|
||||
/bind-9.11.10.tar.gz
|
||||
/bind-9.11.11.tar.gz
|
||||
/bind-9.11.12.tar.gz
|
||||
/bind-9.11.13.tar.gz
|
||||
/bind-9.11.13.tar.gz.asc
|
||||
/bind-9.11.14.tar.gz
|
||||
/bind-9.11.14.tar.gz.asc
|
||||
/bind-9.11.17.tar.gz
|
||||
/bind-9.11.17.tar.gz.asc
|
||||
/bind-9.11.18.tar.gz
|
||||
/bind-9.11.18.tar.gz.asc
|
||||
/bind-9.11.19.tar.gz
|
||||
/bind-9.11.19.tar.gz.asc
|
||||
/bind-9.11.20.tar.gz
|
||||
/bind-9.11.20.tar.gz.asc
|
||||
/bind-9.11.21.tar.gz
|
||||
/bind-9.11.21.tar.gz.asc
|
||||
/bind-9.11.22.tar.gz
|
||||
/bind-9.11.22.tar.gz.asc
|
||||
/bind-9.11.23.tar.gz
|
||||
/bind-9.11.23.tar.gz.asc
|
||||
/bind-9.11.24.tar.gz
|
||||
/bind-9.11.24.tar.gz.asc
|
||||
/bind-9.11.25.tar.gz
|
||||
/bind-9.11.25.tar.gz.asc
|
||||
/bind-9.11.26.tar.gz
|
||||
/bind-9.11.26.tar.gz.asc
|
||||
/bind-9.16.1.tar.xz
|
||||
/bind-9.16.1.tar.xz.asc
|
||||
/bind-9.16.2.tar.xz
|
||||
/bind-9.16.2.tar.xz.asc
|
||||
/bind-9.16.4.tar.xz
|
||||
/bind-9.16.4.tar.xz.asc
|
||||
/bind-9.16.5.tar.xz
|
||||
/bind-9.16.5.tar.xz.asc
|
||||
/bind-9.16.6.tar.xz
|
||||
/bind-9.16.6.tar.xz.asc
|
||||
/bind-9.16.7.tar.xz
|
||||
/bind-9.16.7.tar.xz.asc
|
||||
/bind-9.16.8.tar.xz
|
||||
/bind-9.16.8.tar.xz.asc
|
||||
/bind-9.16.9.tar.xz
|
||||
/bind-9.16.9.tar.xz.asc
|
||||
/bind-9.16.10.tar.xz
|
||||
/bind-9.16.10.tar.xz.asc
|
||||
/bind-9.16.11.tar.xz
|
||||
/bind-9.16.11.tar.xz.asc
|
||||
/bind-9.16.13.tar.xz
|
||||
/bind-9.16.13.tar.xz.asc
|
||||
/bind-9.16.15.tar.xz
|
||||
/bind-9.16.15.tar.xz.asc
|
||||
/bind-9.16.16.tar.xz
|
||||
/bind-9.16.16.tar.xz.asc
|
||||
/bind-9.16.17.tar.xz
|
||||
/bind-9.16.17.tar.xz.asc
|
||||
/bind-9.16.18.tar.xz
|
||||
/bind-9.16.18.tar.xz.asc
|
||||
/bind-9.16.19.tar.xz
|
||||
/bind-9.16.19.tar.xz.asc
|
||||
/bind-9.16.20.tar.xz
|
||||
/bind-9.16.20.tar.xz.asc
|
||||
/bind-9.16.21.tar.xz
|
||||
/bind-9.16.21.tar.xz.asc
|
||||
/bind-9.16.22.tar.xz
|
||||
/bind-9.16.22.tar.xz.asc
|
||||
/bind-9.16.23.tar.xz
|
||||
/bind-9.16.23.tar.xz.asc
|
||||
/bind-9.16.24.tar.xz
|
||||
/bind-9.16.24.tar.xz.asc
|
||||
/bind-9.16.25.tar.xz
|
||||
/bind-9.16.25.tar.xz.asc
|
||||
/bind-9.16.26.tar.xz
|
||||
/bind-9.16.26.tar.xz.asc
|
||||
/bind-9.16.27.tar.xz
|
||||
/bind-9.16.27.tar.xz.asc
|
||||
/bind-9.16.28.tar.xz
|
||||
/bind-9.16.28.tar.xz.asc
|
||||
/bind-9.16.29.tar.xz
|
||||
/bind-9.16.29.tar.xz.asc
|
||||
/bind-9.16.30.tar.xz
|
||||
/bind-9.16.30.tar.xz.asc
|
||||
/bind-9.18.0.tar.xz
|
||||
/bind-9.18.0.tar.xz.asc
|
||||
/bind-9.18.1.tar.xz
|
||||
/bind-9.18.1.tar.xz.asc
|
||||
/bind-9.18.2.tar.xz
|
||||
/bind-9.18.2.tar.xz.asc
|
||||
/bind-9.18.3.tar.xz
|
||||
/bind-9.18.3.tar.xz.asc
|
||||
/bind-9.18.4.tar.xz
|
||||
/bind-9.18.4.tar.xz.asc
|
||||
/bind-9.18.5.tar.xz
|
||||
/bind-9.18.5.tar.xz.asc
|
||||
/bind-9.18.6.tar.xz
|
||||
/bind-9.18.6.tar.xz.asc
|
||||
/bind-9.18.7.tar.xz
|
||||
/bind-9.18.7.tar.xz.asc
|
||||
/bind-9.18.8.tar.xz
|
||||
/bind-9.18.8.tar.xz.asc
|
||||
/bind-9.18.9.tar.xz
|
||||
/bind-9.18.9.tar.xz.asc
|
||||
/bind-9.18.10.tar.xz
|
||||
/bind-9.18.10.tar.xz.asc
|
||||
/bind-9.18.11.tar.xz
|
||||
/bind-9.18.11.tar.xz.asc
|
||||
/bind-9.18.12.tar.xz
|
||||
/bind-9.18.12.tar.xz.asc
|
||||
/bind-9.18.13.tar.xz
|
||||
/bind-9.18.13.tar.xz.asc
|
||||
/bind-9.18.14.tar.xz
|
||||
/bind-9.18.14.tar.xz.asc
|
||||
/bind-9.18.15.tar.xz
|
||||
/bind-9.18.15.tar.xz.asc
|
||||
/bind-9.18.16.tar.xz
|
||||
/bind-9.18.16.tar.xz.asc
|
||||
/bind-9.18.17.tar.xz
|
||||
/bind-9.18.17.tar.xz.asc
|
||||
/bind-9.18.18.tar.xz
|
||||
/bind-9.18.18.tar.xz.asc
|
||||
/bind-9.18.19.tar.xz
|
||||
/bind-9.18.19.tar.xz.asc
|
||||
/bind-9.18.20.tar.xz
|
||||
/bind-9.18.20.tar.xz.asc
|
||||
/bind-9.18.21.tar.xz
|
||||
/bind-9.18.21.tar.xz.asc
|
||||
/bind-9.18.24.tar.xz
|
||||
/bind-9.18.24.tar.xz.asc
|
||||
/bind-9.18.26.tar.xz
|
||||
/bind-9.18.26.tar.xz.asc
|
||||
/bind-9.18.27.tar.xz
|
||||
/bind-9.18.27.tar.xz.asc
|
||||
/bind-9.18.28.tar.xz
|
||||
/bind-9.18.28.tar.xz.asc
|
||||
/bind-9.18.29.tar.xz
|
||||
/bind-9.18.29.tar.xz.asc
|
||||
SOURCES/bind-9.18.29.tar.xz
|
||||
|
||||
43
Changes.md
43
Changes.md
@ -1,43 +0,0 @@
|
||||
# Significant Changes in BIND9 package
|
||||
|
||||
## BIND 9.16
|
||||
|
||||
### New features
|
||||
|
||||
- *libuv* is used for network subsystem as a mandatory dependency
|
||||
- *dnssec-policy* support in named.conf is introduced, providing a a key and signing policy
|
||||
([KASP](https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-Policy-(KASP)))
|
||||
- *trusted-keys* and *managed-keys* are deprecated, replaced by *trust-anchors*
|
||||
- *trust-anchors* support also anchor in a *DS* format, in addition to *DNSKEY* format
|
||||
- **dig, mdig** and **delv** support **+yaml** parameter to print detailed machine parseable output
|
||||
|
||||
### Feature changes
|
||||
|
||||
- Static trust anchor and *dnssec-validation auto;* are incompatible and cause fatal error, when used together.
|
||||
- *DS* and *CDS* now generates only SHA-256 digest, SHA-1 is no longer generated by default
|
||||
- SipHash 2-4 DNS Cookie ([RFC 7873](https://www.rfc-editor.org/rfc/rfc7873.html) is now default).
|
||||
Only AES alternative algorithm is kept, HMAC-SHA cookie support were removed.
|
||||
- **dnssec-signzone** and **dnssec-verify** commands print output to stdout, *-q* parameter can silence them
|
||||
|
||||
### Features removed
|
||||
|
||||
- *dnssec-enable* option is obsolete, DNSSEC support is always enabled
|
||||
- *dnssec-lookaside* option is deprecated and support for it removed from all tools
|
||||
- *cleaning-interval* option is removed
|
||||
|
||||
### Upstream release notes
|
||||
|
||||
- [9.16.10 notes](https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10)
|
||||
- [9.16.0 notes](https://downloads.isc.org/isc/bind9/9.16.0/doc/arm/html/notes.html#notes-for-bind-9-16-0)
|
||||
|
||||
## BIND 9.14
|
||||
|
||||
- single thread support removed. Cannot provide *bind-export-libs* for DHCP
|
||||
- *lwres* support completely removed. Both daemon and library
|
||||
- common parts of daemon moved into *libns* shared library
|
||||
- introduced plugin for filtering aaaa responses
|
||||
- some SDB utilities no longer supported
|
||||
|
||||
### Upstream release notes
|
||||
|
||||
- [9.14.7 notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)
|
||||
33
README.md
33
README.md
@ -1,33 +0,0 @@
|
||||
# BIND 9
|
||||
|
||||
[BIND (Berkeley Internet Name Domain)](https://www.isc.org/downloads/bind/doc/) is a complete, highly portable
|
||||
implementation of the DNS (Domain Name System) protocol.
|
||||
|
||||
Internet Systems Consortium
|
||||
([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
|
||||
corporation dedicated to providing software and services in support of the
|
||||
Internet infrastructure, developed BIND 9 and is responsible for its
|
||||
ongoing maintenance and improvement.
|
||||
|
||||
More details about upstream project can be found on their
|
||||
[gitlab](https://gitlab.isc.org/isc-projects/bind9). This repository contains
|
||||
only upstream sources and packaging instructions for
|
||||
[Fedora Project](https://fedoraproject.org).
|
||||
|
||||
## Subpackages
|
||||
|
||||
The package contains several subpackages, some of them can be disabled on rebuild.
|
||||
|
||||
* **bind** -- *named* daemon providing DNS server
|
||||
* **bind-utils** -- set of tools to analyse DNS responses or update entries (dig, host)
|
||||
* **bind-doc** -- documentation for current bind, *BIND 9 Administrator Reference Manual*.
|
||||
* **bind-license** -- Shared license for all packages but bind-export-libs.
|
||||
* **bind-libs** -- Shared libraries used by some others programs
|
||||
* **bind-devel** -- Development headers for libs. Can be disabled by `--without DEVEL`
|
||||
|
||||
|
||||
## Optional features
|
||||
|
||||
* *GSSTSIG* -- Support for Kerberos authentication in BIND.
|
||||
* *LMDB* -- Support for dynamic database for managing runtime added zones. Provides faster removal of added zone with much less overhead. But requires lmdb linked to base libs.
|
||||
* *DLZ* -- Support for dynamic loaded modules providing support for features *bind-sdb* provides, but only small module is required.
|
||||
68
SOURCES/bind-9.18-CVE-2024-11187-pre-test.patch
Normal file
68
SOURCES/bind-9.18-CVE-2024-11187-pre-test.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From cd48dcb0f87f8bed8138cbc4635a6a46f3148620 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
|
||||
Date: Tue, 7 Jan 2025 15:22:40 +0100
|
||||
Subject: [PATCH] Isolate using the -T noaa flag only for part of the resolver
|
||||
test
|
||||
|
||||
Instead of running the whole resolver/ns4 server with -T noaa flag,
|
||||
use it only for the part where it is actually needed. The -T noaa
|
||||
could interfere with other parts of the test because the answers don't
|
||||
have the authoritative-answer bit set, and we could have false
|
||||
positives (or false negatives) in the test because the authoritative
|
||||
server doesn't follow the DNS protocol for all the tests in the resolver
|
||||
system test.
|
||||
|
||||
(cherry picked from commit e51d4d3b88af00d6667f2055087ebfc47fb3107c)
|
||||
---
|
||||
bin/tests/system/resolver/ns4/named.noaa | 12 ------------
|
||||
bin/tests/system/resolver/tests.sh | 8 ++++++++
|
||||
2 files changed, 8 insertions(+), 12 deletions(-)
|
||||
delete mode 100644 bin/tests/system/resolver/ns4/named.noaa
|
||||
|
||||
diff --git a/bin/tests/system/resolver/ns4/named.noaa b/bin/tests/system/resolver/ns4/named.noaa
|
||||
deleted file mode 100644
|
||||
index be78cc2c949..00000000000
|
||||
--- a/bin/tests/system/resolver/ns4/named.noaa
|
||||
+++ /dev/null
|
||||
@@ -1,12 +0,0 @@
|
||||
-Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
-SPDX-License-Identifier: MPL-2.0
|
||||
-
|
||||
-This Source Code Form is subject to the terms of the Mozilla Public
|
||||
-License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
-file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
-
|
||||
-See the COPYRIGHT file distributed with this work for additional
|
||||
-information regarding copyright ownership.
|
||||
-
|
||||
-Add -T noaa.
|
||||
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
|
||||
index 982ff9761be..23b42f728cd 100755
|
||||
--- a/bin/tests/system/resolver/tests.sh
|
||||
+++ b/bin/tests/system/resolver/tests.sh
|
||||
@@ -322,6 +322,10 @@ done
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
+stop_server ns4
|
||||
+touch ns4/named.noaa
|
||||
+start_server --noclean --restart --port ${PORT} ns4 || ret=1
|
||||
+
|
||||
n=$((n + 1))
|
||||
echo_i "RT21594 regression test check setup ($n)"
|
||||
ret=0
|
||||
@@ -358,6 +362,10 @@ grep "status: NXDOMAIN" dig.ns5.out.${n} >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
+stop_server ns4
|
||||
+rm ns4/named.noaa
|
||||
+start_server --noclean --restart --port ${PORT} ns4 || ret=1
|
||||
+
|
||||
n=$((n + 1))
|
||||
echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"
|
||||
ret=0
|
||||
--
|
||||
2.48.1
|
||||
|
||||
226
SOURCES/bind-9.18-CVE-2024-11187.patch
Normal file
226
SOURCES/bind-9.18-CVE-2024-11187.patch
Normal file
@ -0,0 +1,226 @@
|
||||
From 7ded6b358ced23bb6214c7309cff0850b7d1b77d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
|
||||
Date: Thu, 14 Nov 2024 10:37:29 +0100
|
||||
Subject: [PATCH] Limit the additional processing for large RDATA sets
|
||||
|
||||
When answering queries, don't add data to the additional section if
|
||||
the answer has more than 13 names in the RDATA. This limits the
|
||||
number of lookups into the database(s) during a single client query,
|
||||
reducing query processing load.
|
||||
|
||||
Also, don't append any additional data to type=ANY queries. The
|
||||
answer to ANY is already big enough.
|
||||
|
||||
(cherry picked from commit a1982cf1bb95c818aa7b58988b5611dec80f2408)
|
||||
---
|
||||
bin/tests/system/additional/tests.sh | 2 +-
|
||||
lib/dns/include/dns/rdataset.h | 10 +++++++++-
|
||||
lib/dns/rbtdb.c | 2 +-
|
||||
lib/dns/rdataset.c | 7 ++++++-
|
||||
lib/dns/resolver.c | 19 ++++++++++++-------
|
||||
lib/ns/query.c | 12 ++++++++----
|
||||
6 files changed, 37 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/additional/tests.sh b/bin/tests/system/additional/tests.sh
|
||||
index 193c9f9..e1b0cfb 100644
|
||||
--- a/bin/tests/system/additional/tests.sh
|
||||
+++ b/bin/tests/system/additional/tests.sh
|
||||
@@ -279,7 +279,7 @@ n=$((n + 1))
|
||||
echo_i "testing with 'minimal-any no;' ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 >dig.out.$n || ret=1
|
||||
-grep "ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2" dig.out.$n >/dev/null || ret=1
|
||||
+grep "ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1" dig.out.$n >/dev/null || ret=1
|
||||
if [ $ret -eq 1 ]; then
|
||||
echo_i "failed"
|
||||
status=$((status + 1))
|
||||
diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h
|
||||
index f63591c..b28686a 100644
|
||||
--- a/lib/dns/include/dns/rdataset.h
|
||||
+++ b/lib/dns/include/dns/rdataset.h
|
||||
@@ -54,6 +54,8 @@
|
||||
#include <dns/rdatastruct.h>
|
||||
#include <dns/types.h>
|
||||
|
||||
+#define DNS_RDATASET_MAXADDITIONAL 13
|
||||
+
|
||||
ISC_LANG_BEGINDECLS
|
||||
|
||||
typedef enum {
|
||||
@@ -453,7 +455,8 @@ dns_rdataset_towirepartial(dns_rdataset_t *rdataset,
|
||||
isc_result_t
|
||||
dns_rdataset_additionaldata(dns_rdataset_t *rdataset,
|
||||
const dns_name_t *owner_name,
|
||||
- dns_additionaldatafunc_t add, void *arg);
|
||||
+ dns_additionaldatafunc_t add, void *arg,
|
||||
+ size_t limit);
|
||||
/*%<
|
||||
* For each rdata in rdataset, call 'add' for each name and type in the
|
||||
* rdata which is subject to additional section processing.
|
||||
@@ -472,10 +475,15 @@ dns_rdataset_additionaldata(dns_rdataset_t *rdataset,
|
||||
*\li If a call to dns_rdata_additionaldata() is not successful, the
|
||||
* result returned will be the result of dns_rdataset_additionaldata().
|
||||
*
|
||||
+ *\li If 'limit' is non-zero and the number of the rdatasets is larger
|
||||
+ * than 'limit', no additional data will be processed.
|
||||
+ *
|
||||
* Returns:
|
||||
*
|
||||
*\li #ISC_R_SUCCESS
|
||||
*
|
||||
+ *\li #DNS_R_TOOMANYRECORDS in case rdataset count is larger than 'limit'
|
||||
+ *
|
||||
*\li Any error that dns_rdata_additionaldata() can return.
|
||||
*/
|
||||
|
||||
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
|
||||
index 5c2f0b2..c4db047 100644
|
||||
--- a/lib/dns/rbtdb.c
|
||||
+++ b/lib/dns/rbtdb.c
|
||||
@@ -10317,7 +10317,7 @@ no_glue:
|
||||
idx = hash_32(hash, rbtversion->glue_table_bits);
|
||||
|
||||
(void)dns_rdataset_additionaldata(rdataset, dns_rootname,
|
||||
- glue_nsdname_cb, &ctx);
|
||||
+ glue_nsdname_cb, &ctx, 0);
|
||||
|
||||
cur = isc_mem_get(rbtdb->common.mctx, sizeof(*cur));
|
||||
|
||||
diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c
|
||||
index 4d48203..0b450a9 100644
|
||||
--- a/lib/dns/rdataset.c
|
||||
+++ b/lib/dns/rdataset.c
|
||||
@@ -577,7 +577,8 @@ dns_rdataset_towire(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
|
||||
isc_result_t
|
||||
dns_rdataset_additionaldata(dns_rdataset_t *rdataset,
|
||||
const dns_name_t *owner_name,
|
||||
- dns_additionaldatafunc_t add, void *arg) {
|
||||
+ dns_additionaldatafunc_t add, void *arg,
|
||||
+ size_t limit) {
|
||||
dns_rdata_t rdata = DNS_RDATA_INIT;
|
||||
isc_result_t result;
|
||||
|
||||
@@ -589,6 +590,10 @@ dns_rdataset_additionaldata(dns_rdataset_t *rdataset,
|
||||
REQUIRE(DNS_RDATASET_VALID(rdataset));
|
||||
REQUIRE((rdataset->attributes & DNS_RDATASETATTR_QUESTION) == 0);
|
||||
|
||||
+ if (limit != 0 && dns_rdataset_count(rdataset) > limit) {
|
||||
+ return DNS_R_TOOMANYRECORDS;
|
||||
+ }
|
||||
+
|
||||
result = dns_rdataset_first(rdataset);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
return (result);
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index f8f53d2..bb0bfa1 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -8904,7 +8904,7 @@ rctx_answer_any(respctx_t *rctx) {
|
||||
rdataset->trust = rctx->trust;
|
||||
|
||||
(void)dns_rdataset_additionaldata(rdataset, rctx->aname,
|
||||
- check_related, rctx);
|
||||
+ check_related, rctx, 0);
|
||||
}
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
@@ -8952,7 +8952,7 @@ rctx_answer_match(respctx_t *rctx) {
|
||||
rctx->ardataset->attributes |= DNS_RDATASETATTR_CACHE;
|
||||
rctx->ardataset->trust = rctx->trust;
|
||||
(void)dns_rdataset_additionaldata(rctx->ardataset, rctx->aname,
|
||||
- check_related, rctx);
|
||||
+ check_related, rctx, 0);
|
||||
|
||||
for (sigrdataset = ISC_LIST_HEAD(rctx->aname->list);
|
||||
sigrdataset != NULL;
|
||||
@@ -9159,7 +9159,7 @@ rctx_authority_positive(respctx_t *rctx) {
|
||||
*/
|
||||
(void)dns_rdataset_additionaldata(
|
||||
rdataset, name, check_related,
|
||||
- rctx);
|
||||
+ rctx, 0);
|
||||
done = true;
|
||||
}
|
||||
}
|
||||
@@ -9666,8 +9666,12 @@ rctx_referral(respctx_t *rctx) {
|
||||
*/
|
||||
INSIST(rctx->ns_rdataset != NULL);
|
||||
FCTX_ATTR_SET(fctx, FCTX_ATTR_GLUING);
|
||||
+
|
||||
+ /*
|
||||
+ * Mark the glue records in the additional section to be cached.
|
||||
+ */
|
||||
(void)dns_rdataset_additionaldata(rctx->ns_rdataset, rctx->ns_name,
|
||||
- check_related, rctx);
|
||||
+ check_related, rctx, 0);
|
||||
#if CHECK_FOR_GLUE_IN_ANSWER
|
||||
/*
|
||||
* Look in the answer section for "glue" that is incorrectly
|
||||
@@ -9679,8 +9683,9 @@ rctx_referral(respctx_t *rctx) {
|
||||
if (rctx->glue_in_answer &&
|
||||
(fctx->type == dns_rdatatype_aaaa || fctx->type == dns_rdatatype_a))
|
||||
{
|
||||
- (void)dns_rdataset_additionaldata(
|
||||
- rctx->ns_rdataset, rctx->ns_name, check_answer, fctx);
|
||||
+ (void)dns_rdataset_additionaldata(rctx->ns_rdataset,
|
||||
+ rctx->ns_name, check_answer,
|
||||
+ fctx, 0);
|
||||
}
|
||||
#endif /* if CHECK_FOR_GLUE_IN_ANSWER */
|
||||
FCTX_ATTR_CLR(fctx, FCTX_ATTR_GLUING);
|
||||
@@ -9782,7 +9787,7 @@ again:
|
||||
if (CHASE(rdataset)) {
|
||||
rdataset->attributes &= ~DNS_RDATASETATTR_CHASE;
|
||||
(void)dns_rdataset_additionaldata(
|
||||
- rdataset, name, check_related, rctx);
|
||||
+ rdataset, name, check_related, rctx, 0);
|
||||
rescan = true;
|
||||
}
|
||||
}
|
||||
diff --git a/lib/ns/query.c b/lib/ns/query.c
|
||||
index 5549e20..ded1eae 100644
|
||||
--- a/lib/ns/query.c
|
||||
+++ b/lib/ns/query.c
|
||||
@@ -2094,7 +2094,8 @@ addname:
|
||||
if (trdataset != NULL && dns_rdatatype_followadditional(type)) {
|
||||
if (client->additionaldepth++ < client->view->max_restarts) {
|
||||
eresult = dns_rdataset_additionaldata(
|
||||
- trdataset, fname, query_additional_cb, qctx);
|
||||
+ trdataset, fname, query_additional_cb, qctx,
|
||||
+ DNS_RDATASET_MAXADDITIONAL);
|
||||
}
|
||||
client->additionaldepth--;
|
||||
}
|
||||
@@ -2194,7 +2195,7 @@ regular:
|
||||
* We don't care if dns_rdataset_additionaldata() fails.
|
||||
*/
|
||||
(void)dns_rdataset_additionaldata(rdataset, name, query_additional_cb,
|
||||
- qctx);
|
||||
+ qctx, DNS_RDATASET_MAXADDITIONAL);
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_additional: done");
|
||||
}
|
||||
|
||||
@@ -2220,7 +2221,8 @@ query_addrrset(query_ctx_t *qctx, dns_name_t **namep,
|
||||
* To the current response for 'client', add the answer RRset
|
||||
* '*rdatasetp' and an optional signature set '*sigrdatasetp', with
|
||||
* owner name '*namep', to section 'section', unless they are
|
||||
- * already there. Also add any pertinent additional data.
|
||||
+ * already there. Also add any pertinent additional data, unless
|
||||
+ * the query was for type ANY.
|
||||
*
|
||||
* If 'dbuf' is not NULL, then '*namep' is the name whose data is
|
||||
* stored in 'dbuf'. In this case, query_addrrset() guarantees that
|
||||
@@ -2275,7 +2277,9 @@ query_addrrset(query_ctx_t *qctx, dns_name_t **namep,
|
||||
*/
|
||||
query_addtoname(mname, rdataset);
|
||||
query_setorder(qctx, mname, rdataset);
|
||||
- query_additional(qctx, mname, rdataset);
|
||||
+ if (qctx->qtype != dns_rdatatype_any) {
|
||||
+ query_additional(qctx, mname, rdataset);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Note: we only add SIGs if we've added the type they cover, so
|
||||
--
|
||||
2.48.1
|
||||
|
||||
1418
SOURCES/bind-9.18-CVE-2024-12705.patch
Normal file
1418
SOURCES/bind-9.18-CVE-2024-12705.patch
Normal file
File diff suppressed because it is too large
Load Diff
114
SOURCES/bind-9.18-nsupdate-TLS-doc.patch
Normal file
114
SOURCES/bind-9.18-nsupdate-TLS-doc.patch
Normal file
@ -0,0 +1,114 @@
|
||||
From 146811cdc40459129b20df9b3bb31bd152570b72 Mon Sep 17 00:00:00 2001
|
||||
From: Aram Sargsyan <aram@isc.org>
|
||||
Date: Wed, 21 Sep 2022 15:05:11 +0000
|
||||
Subject: [PATCH 2/3] Document nsupdate options related to DoT
|
||||
|
||||
Add documentation for the newly implemented DoT feature of the
|
||||
nsupdate program.
|
||||
|
||||
(cherry picked from commit bd8299d7b501234263a6aee98049f879b1c700b7)
|
||||
---
|
||||
bin/nsupdate/nsupdate.rst | 48 ++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 47 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bin/nsupdate/nsupdate.rst b/bin/nsupdate/nsupdate.rst
|
||||
index 81bb4815cf4..f1ab5c76fa7 100644
|
||||
--- a/bin/nsupdate/nsupdate.rst
|
||||
+++ b/bin/nsupdate/nsupdate.rst
|
||||
@@ -19,7 +19,7 @@ nsupdate - dynamic DNS update utility
|
||||
Synopsis
|
||||
~~~~~~~~
|
||||
|
||||
-:program:`nsupdate` [**-d**] [**-D**] [**-i**] [**-L** level] [ [**-g**] | [**-o**] | [**-l**] | [**-y** [hmac:]keyname:secret] | [**-k** keyfile] ] [**-t** timeout] [**-u** udptimeout] [**-r** udpretries] [**-v**] [**-T**] [**-P**] [**-V**] [ [**-4**] | [**-6**] ] [filename]
|
||||
+:program:`nsupdate` [**-d**] [**-D**] [**-i**] [**-L** level] [ [**-g**] | [**-o**] | [**-l**] | [**-y** [hmac:]keyname:secret] | [**-k** keyfile] ] [ [**-S**] [**-K** tlskeyfile] [**-E** tlscertfile] [**-A** tlscafile] [**-H** tlshostname] [-O] ] [**-t** timeout] [**-u** udptimeout] [**-r** udpretries] [**-v**] [**-T**] [**-P**] [**-V**] [ [**-4**] | [**-6**] ] [filename]
|
||||
|
||||
Description
|
||||
~~~~~~~~~~~
|
||||
@@ -71,6 +71,15 @@ Options
|
||||
|
||||
This option sets use of IPv6 only.
|
||||
|
||||
+.. option:: -A tlscafile
|
||||
+
|
||||
+ This option specifies the file of the certificate authorities (CA) certificates
|
||||
+ (in PEM format) in order to verify the remote server TLS certificate when
|
||||
+ using DNS-over-TLS (DoT), to achieve Strict or Mutual TLS. When used, it will
|
||||
+ override the certificates from the global certificates store, which are
|
||||
+ otherwise used by default when :option:`-S` is enabled. This option can not
|
||||
+ be used in conjuction with :option:`-O`, and it implies :option:`-S`.
|
||||
+
|
||||
.. option:: -C
|
||||
|
||||
Overrides the default `resolv.conf` file. This is only intended for testing.
|
||||
@@ -84,10 +93,23 @@ Options
|
||||
|
||||
This option sets extra debug mode.
|
||||
|
||||
+.. option:: -E tlscertfile
|
||||
+
|
||||
+ This option sets the certificate(s) file for authentication for the
|
||||
+ DNS-over-TLS (DoT) transport to the remote server. The certificate
|
||||
+ chain file is expected to be in PEM format. This option implies :option:`-S`,
|
||||
+ and can only be used with :option:`-K`.
|
||||
+
|
||||
.. option:: -g
|
||||
|
||||
This option enables standard GSS-TSIG mode.
|
||||
|
||||
+.. option:: -H tlshostname
|
||||
+
|
||||
+ This option makes :program:`nsupdate` use the provided hostname during remote
|
||||
+ server TLS certificate verification. Otherwise, the DNS server name
|
||||
+ is used. This option implies :option:`-S`.
|
||||
+
|
||||
.. option:: -i
|
||||
|
||||
This option forces interactive mode, even when standard input is not a terminal.
|
||||
@@ -104,6 +126,13 @@ Options
|
||||
key used to authenticate Dynamic DNS update requests. In this case,
|
||||
the key specified is not an HMAC-MD5 key.
|
||||
|
||||
+.. option:: -K tlskeyfile
|
||||
+
|
||||
+ This option sets the key file for authenticated encryption for the
|
||||
+ DNS-over-TLS (DoT) transport with the remote server. The private key file is
|
||||
+ expected to be in PEM format. This option implies :option:`-S`, and can only
|
||||
+ be used with :option:`-E`.
|
||||
+
|
||||
.. option:: -l
|
||||
|
||||
This option sets local-host only mode, which sets the server address to localhost
|
||||
@@ -123,6 +152,14 @@ Options
|
||||
This option enables a non-standards-compliant variant of GSS-TSIG
|
||||
used by Windows 2000.
|
||||
|
||||
+.. option:: -O
|
||||
+
|
||||
+ This option enables Opportunistic TLS. When used, the remote peer's TLS
|
||||
+ certificate will not be verified. This option should be used for debugging
|
||||
+ purposes only, and it is not recommended to use it in production. This
|
||||
+ option can not be used in conjuction with :option:`-A`, and it implies
|
||||
+ :option:`-S`.
|
||||
+
|
||||
.. option:: -p port
|
||||
|
||||
This option sets the port to use for connections to a name server. The default is
|
||||
@@ -138,6 +175,15 @@ Options
|
||||
This option sets the number of UDP retries. The default is 3. If zero, only one update
|
||||
request is made.
|
||||
|
||||
+.. option:: -S
|
||||
+
|
||||
+ This option indicates whether to use DNS-over-TLS (DoT) when querying
|
||||
+ name servers specified by ``server servername port`` syntax in the input
|
||||
+ file, and the primary server discovered through a SOA request. When the
|
||||
+ :option:`-K` and :option:`-E` options are used, then the specified TLS
|
||||
+ client certificate and private key pair are used for authentication
|
||||
+ (Mutual TLS). This option implies :option:`-v`.
|
||||
+
|
||||
.. option:: -t timeout
|
||||
|
||||
This option sets the maximum time an update request can take before it is aborted. The
|
||||
--
|
||||
2.48.1
|
||||
|
||||
1630
SOURCES/bind-9.18-nsupdate-TLS-tests.patch
Normal file
1630
SOURCES/bind-9.18-nsupdate-TLS-tests.patch
Normal file
File diff suppressed because it is too large
Load Diff
1602
SOURCES/bind-9.18-nsupdate-TLS.patch
Normal file
1602
SOURCES/bind-9.18-nsupdate-TLS.patch
Normal file
File diff suppressed because it is too large
Load Diff
90
SOURCES/bind-9.18-query-fname-relative.patch
Normal file
90
SOURCES/bind-9.18-query-fname-relative.patch
Normal file
@ -0,0 +1,90 @@
|
||||
From 5bc7cd7a7b9c37e5c70ccf74c5485a02411aaef5 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 25 Apr 2025 02:00:00 +0200
|
||||
Subject: [PATCH] Insert additional checks ensuring name is not relative
|
||||
|
||||
Mitigation for crashes put in various places, where obviously relative
|
||||
uninitialized name must not appear. This seems unnecessary once true
|
||||
cause were identified, but may prevent similar places.
|
||||
---
|
||||
lib/ns/query.c | 35 +++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 35 insertions(+)
|
||||
|
||||
diff --git a/lib/ns/query.c b/lib/ns/query.c
|
||||
index 11d2520..7e8a4d2 100644
|
||||
--- a/lib/ns/query.c
|
||||
+++ b/lib/ns/query.c
|
||||
@@ -2203,6 +2203,20 @@ regular:
|
||||
CTRACE(ISC_LOG_DEBUG(3), "query_additional: done");
|
||||
}
|
||||
|
||||
+static void
|
||||
+log_query_relative(query_ctx_t *qctx, const char *func, const dns_name_t *name) {
|
||||
+ if (isc_log_wouldlog(ns_lctx, ISC_LOG_DEBUG(1))) {
|
||||
+ char namebuf[DNS_NAME_FORMATSIZE] = "!";
|
||||
+ dns_name_format(name, namebuf, sizeof(namebuf));
|
||||
+ ns_client_log(
|
||||
+ qctx->client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_QUERY,
|
||||
+ ISC_LOG_DEBUG(1),
|
||||
+ "%s: fname=%s leading to relative name, aborting query.",
|
||||
+ func, namebuf
|
||||
+ );
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void
|
||||
query_addrrset(query_ctx_t *qctx, dns_name_t **namep,
|
||||
dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp,
|
||||
@@ -2275,6 +2289,11 @@ query_addrrset(query_ctx_t *qctx, dns_name_t **namep,
|
||||
client->query.attributes &= ~NS_QUERYATTR_SECURE;
|
||||
}
|
||||
|
||||
+ if (!qctx->is_zone && mname && !dns_name_isabsolute(mname)) {
|
||||
+ log_query_relative(qctx, "query_addrrset", mname);
|
||||
+ QUERY_ERROR(qctx, DNS_R_SERVFAIL);
|
||||
+ return;
|
||||
+ }
|
||||
/*
|
||||
* Update message name, set rdataset order, and do additional
|
||||
* section processing if needed.
|
||||
@@ -8074,6 +8093,11 @@ query_respond_any(query_ctx_t *qctx) {
|
||||
: qctx->tname;
|
||||
query_prefetch(qctx->client, name,
|
||||
qctx->rdataset);
|
||||
+ if (name && !dns_name_isabsolute(name)) {
|
||||
+ log_query_relative(qctx, "query_respond_any", name);
|
||||
+ result = DNS_R_DROP;
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -10696,6 +10720,11 @@ query_cname(query_ctx_t *qctx) {
|
||||
|
||||
if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
|
||||
query_prefetch(qctx->client, qctx->fname, qctx->rdataset);
|
||||
+ if (qctx->fname && !dns_name_isabsolute(qctx->fname)) {
|
||||
+ log_query_relative(qctx, "query_cname", qctx->fname);
|
||||
+ QUERY_ERROR(qctx, DNS_R_SERVFAIL);
|
||||
+ return (ns_query_done(qctx));
|
||||
+ }
|
||||
}
|
||||
|
||||
query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp,
|
||||
@@ -10801,7 +10830,13 @@ query_dname(query_ctx_t *qctx) {
|
||||
|
||||
if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
|
||||
query_prefetch(qctx->client, qctx->fname, qctx->rdataset);
|
||||
+ if (qctx->fname && !dns_name_isabsolute(qctx->fname)) {
|
||||
+ log_query_relative(qctx, "query_dname", qctx->fname);
|
||||
+ QUERY_ERROR(qctx, DNS_R_SERVFAIL);
|
||||
+ return (ns_query_done(qctx));
|
||||
+ }
|
||||
}
|
||||
+
|
||||
query_addrrset(qctx, &qctx->fname, &qctx->rdataset, sigrdatasetp,
|
||||
qctx->dbuf, DNS_SECTION_ANSWER);
|
||||
|
||||
--
|
||||
2.49.0
|
||||
|
||||
16
SOURCES/bind-9.18.29.tar.xz.asc
Normal file
16
SOURCES/bind-9.18.29.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAma+DmEACgkQGC4jV5Ri
|
||||
76q1FQ/8CXrIA21FAdnGuGqC53EVOzFl3QptFMThoVTO0kzp7rQcwv8xE/gphXnT
|
||||
j4DWMAZ/tDW6ZalDbmCh6t+z/0pXewHB+43CILSkzU9Gi5gnAUHdIdlGQnYH/x2N
|
||||
eyHBKuB9Wubmi87Yu8zjtF+Xu43qgcYqNKP/QqU9YwsqPQ+7GgcKAETVidFMB9/4
|
||||
QZiMT4gMawguft+BwFZ1eYvk0Bemk0OkKhofyWDcVnl5r93pvTIK3SsIHyEHx7xu
|
||||
dbG9Z5HhoaJ8b48djahrrYSQCQ0Dn9KbEVLu+/BS5tz+k+V1VI1pk4OS15wn7yBZ
|
||||
8EqAGc5xj4MEKW7PEteOK7QQQE59yKY6SGwt+tQwokUZ/Rq4bAx2bHXY83oRBULo
|
||||
BIRDdgoxc9X44YQ/a55La+7/xq2eCYwW2s364R4To3K58nPCNlkdEQUziY1V7guR
|
||||
3zOcHPAZNe5bK7bN3BMDusQgtoerfSUC1x+zj5Nm9Xnb/yAtVUyiP/k/zlIds9W3
|
||||
rKSCM5FAuacZdWQKeVpRa1EaXhObm08qLO9a/Dc/Qvll8GKAmrMoll2WwEoUVlZ3
|
||||
HwZPRsPIWYSCemtHmp36b7nOZ0vo4NMXjb2nV7xW3a8BqOD3RW0XiTlC814qmqsU
|
||||
x16eOHowvtDw58abeBzPJ2k1yne1Ic2zBdJzUM9wqdJCoBN5g0A=
|
||||
=2EW2
|
||||
-----END PGP SIGNATURE-----
|
||||
44
SOURCES/bind-9.21-resume-qmin-cname.patch
Normal file
44
SOURCES/bind-9.21-resume-qmin-cname.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From ac0c3b0477d97fe5c968910f603bb8d04c740da7 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Tue, 3 Jun 2025 21:00:58 +0200
|
||||
Subject: [PATCH] Handle CNAME and DNAME in resume_min in a special way
|
||||
|
||||
When authoritative zone is loaded when query minimization query for the
|
||||
same zone is already pending, it might receive unexpected result codes.
|
||||
|
||||
Normally DNS_R_CNAME would follow to query_cname after processing sent
|
||||
events, but dns_view_findzonecut does not fill CNAME target into
|
||||
event->foundevent. Usual lookup via query_lookup would always have that
|
||||
filled.
|
||||
|
||||
Ideally we would restart the query with unmodified search name, if
|
||||
unexpected change from recursing to local zone cut were detected. Until
|
||||
dns_view_findzonecut is modified to export zone/cache source of the cut,
|
||||
at least fail queries which went into unexpected state.
|
||||
---
|
||||
lib/dns/resolver.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||||
index 795791246b..39a294437e 100644
|
||||
--- a/lib/dns/resolver.c
|
||||
+++ b/lib/dns/resolver.c
|
||||
@@ -4497,6 +4497,15 @@ resume_qmin(isc_task_t *task, isc_event_t *event) {
|
||||
if (result == DNS_R_NXDOMAIN) {
|
||||
result = DNS_R_SERVFAIL;
|
||||
}
|
||||
+ /*
|
||||
+ * CNAME or DNAME means zone were added with that record
|
||||
+ * after the start of query minimization queries. It means
|
||||
+ * we do not have initialized correct hevent->foundname
|
||||
+ * and have to fail.
|
||||
+ */
|
||||
+ if (result == DNS_R_CNAME || result == DNS_R_DNAME) {
|
||||
+ result = DNS_R_SERVFAIL;
|
||||
+ }
|
||||
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
goto cleanup;
|
||||
--
|
||||
2.49.0
|
||||
|
||||
28
SOURCES/bind-9.5-PIE.patch
Normal file
28
SOURCES/bind-9.5-PIE.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 13348a5fc64387bf53ef450688e181100d0ceddb Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 12 Dec 2024 15:56:13 +0100
|
||||
Subject: [PATCH] Harden named service build flags
|
||||
|
||||
---
|
||||
bin/named/Makefile.am | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am
|
||||
index 57a023b..b832e9c 100644
|
||||
--- a/bin/named/Makefile.am
|
||||
+++ b/bin/named/Makefile.am
|
||||
@@ -33,7 +33,10 @@ endif HAVE_LIBXML2
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
- -DNAMED_SYSCONFDIR=\"${sysconfdir}\"
|
||||
+ -DNAMED_SYSCONFDIR=\"${sysconfdir}\" \
|
||||
+ -fpie
|
||||
+
|
||||
+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
|
||||
sbin_PROGRAMS = named
|
||||
|
||||
--
|
||||
2.47.1
|
||||
|
||||
@ -77,7 +77,7 @@ License: MPL-2.0 AND ISC AND MIT AND BSD-3-Clause AND BSD-2-Clause
|
||||
# ./lib/isc/tm.c BSD-2-clause and/or MPL-2.0
|
||||
# ./lib/isccfg/parser.c BSD-2-clause and/or MPL-2.0
|
||||
Version: 9.18.29
|
||||
Release: 1%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
@ -114,6 +114,22 @@ Patch10: bind-9.5-PIE.patch
|
||||
Patch16: bind-9.16-redhat_doc.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2122010
|
||||
Patch26: bind-9.18-unittest-netmgr-unstable.patch
|
||||
# https://issues.redhat.com/browse/FREEIPA-11706
|
||||
# https://issues.redhat.com/browse/RHEL-76331
|
||||
Patch27: bind-9.18-nsupdate-TLS.patch
|
||||
Patch28: bind-9.18-nsupdate-TLS-doc.patch
|
||||
Patch29: bind-9.18-nsupdate-TLS-tests.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/commit/c6e6a7af8ac6b575dd3657b0f5cf4248d734c2b0
|
||||
Patch30: bind-9.18-CVE-2024-11187-pre-test.patch
|
||||
Patch31: bind-9.18-CVE-2024-11187.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/commit/e733e624147155d6cbee7f0f150c79c7ac6b54bb
|
||||
Patch32: bind-9.18-CVE-2024-12705.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/10562
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/issues/5357
|
||||
# downstream patch fixing bind-dyndb-ldap causing issue
|
||||
Patch33: bind-9.21-resume-qmin-cname.patch
|
||||
# downstream only, extra check for above change, RHEL-30407
|
||||
Patch34: bind-9.18-query-fname-relative.patch
|
||||
|
||||
%{?systemd_ordering}
|
||||
Requires: coreutils
|
||||
@ -961,6 +977,19 @@ fi;
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jun 10 2025 Petr Mensik <pemensik@redhat.com> - 32:9.18.29-4
|
||||
- Prevent name.c:670 attributes assertion failed (RHEL-30407)
|
||||
- Add extra checks for relative names
|
||||
|
||||
* Mon Feb 03 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-3
|
||||
- Limit additional section records CPU processing (CVE-2024-11187)
|
||||
- Read HTTPS requests in limited chunks and prevent overload (CVE-2024-12705)
|
||||
|
||||
* Mon Jan 27 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-2
|
||||
- Backport nsupdate TLS support into 9.18 (RHEL-76331)
|
||||
- Update nsupdate manual about new TLS options
|
||||
- Test nsupdate TLS support
|
||||
|
||||
* Wed Aug 21 2024 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-1
|
||||
- Update to 9.18.29 (RHEL-53015)
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMooACgkQdLtrmky7
|
||||
PThv2RAAnXNLYTzXtH6ls29tRm5Hc+D6UaeqcWDNQ4BpkRVhrFxtukalGCi9mmB6
|
||||
NPJzFyXmaOW654pypCIuEgqJNFUpDtLzLzT7SUF+mhm+5plsaRSBnh4mq87l5KSp
|
||||
twODAPnfCJV+HBk5RmToLEstAbGQ7xEBTyQtZoFkY+V7zEFwENKiCvWsoSWOkYR3
|
||||
zXo3sKjc83HV9ShbW/mCtbZf5L0qlbrKOAzqJfAFMhNNJi8kMbmr/Zi2sIfN+Rhv
|
||||
g8HQo89Epv6r51yAdeED8idIX4rKjjcEtHrZeDmLdCcdHgSEj2sIlH92Joce6vL0
|
||||
S59A0rItIXm6fW8sz6WNpcj4tVtWYbIYjXZ4SPFNkaUrHv8cUekq+5vbI+v07Gh3
|
||||
2bhtDsDyTY5I1/AsY/EFmwkCAjUS00jZryBnuJpLB3v5JtUog4ek32yLBzPrqRBo
|
||||
1876j4nlXAia8mG0OgJNWZ0gHyUPe/TgfR8fQDLmHxHHlKrJNTEwY6bLW8jzFTX1
|
||||
zk510fI1K7J9tiQgf5wcBQ2h3EBlqzDNIJDovoATzLYIf0HKyVegh/vnQdtdEhUR
|
||||
1DzJAt3bsBfAP1AFfWPD/ACu5Zdm7SxY1wE/pjkwttDU3sRZqOfuwNBGeolu3cVN
|
||||
O9/h1zsyVeVS0ui2vu4+V4EvNitmXsVbG2doDq9L5yBiIKGO2Ew=
|
||||
=GCy6
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABAgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMpEACgkQdLtrmky7
|
||||
PTh/sg//QbNRAQvADQfwF1PPo+JxB+3WzQ9oJAWeHbOoiubwkUwO9xE+BEnTNd5o
|
||||
oM1lSLqFxNykOTaoeJlqPftPod1cxo7lSzkwflugGyB/59wliCpqCg053YV4x9mO
|
||||
QggvA/E50+0FI/Om/7v4GHGADu/JE83FovOueWAB0LgqfDSD6QFcNFF9sUJJ4P7r
|
||||
FcEXSWj8QbrHMWBKncZUOpD2ECotvtrYmi0DTHl1XfigESDQpWtsnTFuabCCsvkh
|
||||
ch9wQRplAes2Mf/aS5tl1y0QKKBFuEjtGiTdgrDl6o9GLnx6CueX5saZehu2EVkr
|
||||
fq2vEYUC2lRQSjuxSMMJ3L0TGUcl7+ixlAIISS2K9L5Xx7MhBXt/EH5KiKPfsEet
|
||||
3EH+DhxV5uXjDU7MgvREnxT+ssV23e0HWTz4tVVQ9LpvYmWPIgLcSOhHCc57yoQF
|
||||
c46V0f69dMWbMAlQ93EZSG274ZvpIszpK8+3hGI3/TuDFFgiQJeJJBFVtYJMle69
|
||||
3mEEclfzO7fBiXZFec6nVx2309bL64bafN7zszPKXl4XgoefOfD0v0eWqQT4fxfm
|
||||
dnGC0qMqSZs5F+d0fISV5JUUNYzt9PZjvnzqLLGOeTF6l3/n9G1mmNsXcxJ1OEIF
|
||||
6qh1oO7JTPjt0MFhKac4QjNQi/Bnp25O3I/PRyWZCbiwXkyvyQU=
|
||||
=ZT7s
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,17 +0,0 @@
|
||||
diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am
|
||||
index 57a023b..085f2f7 100644
|
||||
--- a/bin/named/Makefile.am
|
||||
+++ b/bin/named/Makefile.am
|
||||
@@ -32,9 +32,12 @@ AM_CPPFLAGS += \
|
||||
endif HAVE_LIBXML2
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
+ -fpie \
|
||||
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNAMED_SYSCONFDIR=\"${sysconfdir}\"
|
||||
|
||||
+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
+
|
||||
sbin_PROGRAMS = named
|
||||
|
||||
nodist_named_SOURCES = xsl.c
|
||||
@ -1,226 +0,0 @@
|
||||
diff -up bind-9.9.3rc2/isc-config.sh.in.exportlib bind-9.9.3rc2/isc-config.sh.in
|
||||
diff -up bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib bind-9.9.3rc2/lib/export/dns/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/dns/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/dns/Makefile.in 2013-05-13 10:45:22.574089729 +0200
|
||||
@@ -35,9 +35,9 @@ CDEFINES = -DUSE_MD5 @USE_OPENSSL@ @USE_
|
||||
|
||||
CWARNINGS =
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
|
||||
-ISCDEPLIBS = ../isc/libisc.@A@
|
||||
+ISCDEPLIBS = ../isc/libisc-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -116,29 +116,29 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libdns.@SA@: ${OBJS}
|
||||
+libdns-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libdns.la: ${OBJS}
|
||||
+libdns-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
|
||||
|
||||
-timestamp: libdns.@A@
|
||||
+timestamp: libdns-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libdns.@A@ timestamp
|
||||
+ rm -f libdns-export.@A@ timestamp
|
||||
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
|
||||
rm -f include/dns/rdatastruct.h
|
||||
|
||||
diff -up bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib bind-9.9.3rc2/lib/export/irs/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/irs/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/irs/Makefile.in 2013-05-13 10:45:22.575089729 +0200
|
||||
@@ -43,9 +43,9 @@ SRCS = context.c \
|
||||
gai_sterror.c getaddrinfo.c getnameinfo.c \
|
||||
resconf.c
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-DNSLIBS = ../dns/libdns.@A@
|
||||
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@
|
||||
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -62,26 +62,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libirs.@SA@: ${OBJS} version.@O@
|
||||
+libirs-export.@SA@: ${OBJS} version.@O@
|
||||
${AR} ${ARFLAGS} $@ ${OBJS} version.@O@
|
||||
${RANLIB} $@
|
||||
|
||||
-libirs.la: ${OBJS} version.@O@
|
||||
+libirs-export.la: ${OBJS} version.@O@
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} version.@O@ ${LIBS} ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS}
|
||||
|
||||
-timestamp: libirs.@A@
|
||||
+timestamp: libirs-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libirs.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libirs-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libirs.@A@ libirs.la timestamp
|
||||
+ rm -f libirs-export.@A@ libirs-export.la timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isccfg/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/isccfg/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/isccfg/Makefile.in 2013-05-13 10:45:22.576089729 +0200
|
||||
@@ -30,11 +30,11 @@ CINCLUDES = -I. ${DNS_INCLUDES} -I${expo
|
||||
CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
|
||||
|
||||
ISCDEPLIBS = ../../lib/isc/libisc.@A@
|
||||
-ISCCFGDEPLIBS = libisccfg.@A@
|
||||
+ISCCFGDEPLIBS = libisccfg-export.@A@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
@@ -58,26 +58,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libisccfg.@SA@: ${OBJS}
|
||||
+libisccfg-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libisccfg.la: ${OBJS}
|
||||
+libisccfg-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${LIBS} ${DNSLIBS} ${ISCLIBS}
|
||||
|
||||
-timestamp: libisccfg.@A@
|
||||
+timestamp: libisccfg-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisccfg-export.@A@ \
|
||||
${DESTDIR}${export_libdir}/
|
||||
|
||||
clean distclean::
|
||||
- rm -f libisccfg.@A@ timestamp
|
||||
+ rm -f libisccfg-export.@A@ timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib bind-9.9.3rc2/lib/export/isc/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/isc/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/isc/Makefile.in 2013-05-13 10:45:22.576089729 +0200
|
||||
@@ -100,6 +100,10 @@ SRCS = @ISC_EXTRA_SRCS@ \
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
+# Note: the order of SUBDIRS is important.
|
||||
+# Attempt to disable parallel processing.
|
||||
+.NOTPARALLEL:
|
||||
+.NO_PARALLEL:
|
||||
SUBDIRS = include unix nls @ISC_THREAD_DIR@
|
||||
TARGETS = timestamp
|
||||
|
||||
@@ -113,26 +117,26 @@ version.@O@: ${srcdir}/version.c
|
||||
-DLIBAGE=${LIBAGE} \
|
||||
-c ${srcdir}/version.c
|
||||
|
||||
-libisc.@SA@: ${OBJS}
|
||||
+libisc-export.@SA@: ${OBJS}
|
||||
${AR} ${ARFLAGS} $@ ${OBJS}
|
||||
${RANLIB} $@
|
||||
|
||||
-libisc.la: ${OBJS}
|
||||
+libisc-export.la: ${OBJS}
|
||||
${LIBTOOL_MODE_LINK} \
|
||||
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la \
|
||||
+ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-export.la \
|
||||
-rpath ${export_libdir} \
|
||||
-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
|
||||
${OBJS} ${LIBS}
|
||||
|
||||
-timestamp: libisc.@A@
|
||||
+timestamp: libisc-export.@A@
|
||||
touch timestamp
|
||||
|
||||
installdirs:
|
||||
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
|
||||
|
||||
install:: timestamp installdirs
|
||||
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc.@A@ \
|
||||
+ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-export.@A@ \
|
||||
${DESTDIR}${export_libdir}
|
||||
|
||||
clean distclean::
|
||||
- rm -f libisc.@A@ libisc.la timestamp
|
||||
+ rm -f libisc-export.@A@ libisc-export.la timestamp
|
||||
diff -up bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib bind-9.9.3rc2/lib/export/samples/Makefile.in
|
||||
--- bind-9.9.3rc2/lib/export/samples/Makefile.in.exportlib 2013-04-30 08:38:46.000000000 +0200
|
||||
+++ bind-9.9.3rc2/lib/export/samples/Makefile.in 2013-05-13 10:45:22.577089729 +0200
|
||||
@@ -31,15 +31,15 @@ CINCLUDES = -I${srcdir}/include -I../dns
|
||||
CDEFINES =
|
||||
CWARNINGS =
|
||||
|
||||
-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
|
||||
-ISCLIBS = ../isc/libisc.@A@
|
||||
-ISCCFGLIBS = ../isccfg/libisccfg.@A@
|
||||
-IRSLIBS = ../irs/libirs.@A@
|
||||
+DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
|
||||
+ISCLIBS = ../isc/libisc-export.@A@
|
||||
+ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
|
||||
+IRSLIBS = ../irs/libirs-export.@A@
|
||||
|
||||
-DNSDEPLIBS = ../dns/libdns.@A@
|
||||
-ISCDEPLIBS = ../isc/libisc.@A@
|
||||
-ISCCFGDEPLIBS = ../isccfg/libisccfg.@A@
|
||||
-IRSDEPLIBS = ../irs/libirs.@A@
|
||||
+DNSDEPLIBS = ../dns/libdns-export.@A@
|
||||
+ISCDEPLIBS = ../isc/libisc-export.@A@
|
||||
+ISCCFGDEPLIBS = ../isccfg/libisccfg-export.@A@
|
||||
+IRSDEPLIBS = ../irs/libirs-export.@A@
|
||||
|
||||
DEPLIBS = ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
|
||||
|
||||
252
codesign2019.txt
252
codesign2019.txt
@ -1,252 +0,0 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Comment: GPGTools - http://gpgtools.org
|
||||
|
||||
mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m
|
||||
r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk
|
||||
pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI
|
||||
yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG
|
||||
ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0
|
||||
/hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh
|
||||
qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF
|
||||
UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv
|
||||
SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D
|
||||
o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt
|
||||
LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB
|
||||
tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
|
||||
LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln
|
||||
EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB
|
||||
Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA
|
||||
1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj
|
||||
tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+
|
||||
5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn
|
||||
Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF
|
||||
JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI
|
||||
hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa
|
||||
xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd
|
||||
gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX
|
||||
pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP
|
||||
vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf
|
||||
6f2op3tMiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAlwuSqAACgkQ
|
||||
lumWUDlMmaz+igf/ZW8OY5aWjRk7QiXp93jkWRIbMi8kB9jW5u6tfYXFjMADpqiQ
|
||||
yYdzEHFayRF92PQwj81UzIWzOWjErFWLDE2xol9sP5LdzeqoyED+XTqKggpVsIs+
|
||||
Lq672qnumQoZKp1YGb8MDocU2DNg/VsMdi7kCnEnPbcSuBxksmxGYomusXNrAF94
|
||||
1OJ2sqd9BuFamLIyn8XUCGGYlsvMoe4kTCg6Cc1sQvx0lDG8urKN57jBKWbP4alV
|
||||
+JBV5KQcf74gzPmE3ypgY1tMEwxyH/WyS9ekDbai0qauX6eUAsM1bduH8fIcknLS
|
||||
Zl5hrJTrzWFF9/DKOth8QOwhJ9zoIF1fcAsx9okBMwQQAQgAHRYhBHpqR7X54SM6
|
||||
0lUrXL2X3GOe6MR7BQJcLktcAAoJEL2X3GOe6MR7jwEH/iaolMeno1oeWAgzN6Mg
|
||||
bx3maweh/9Vqty1fwk7Crq1G78X5i1OCkknEL2p0Bfle4ApwcC4HZVcqCgoYpRV3
|
||||
/EEXtwkMNy3plWdBbLCQSev/E1D39GzgAHiMnv7NUJnkoJbvMrvrAiUTXPTtARMM
|
||||
gjEpvgEs60wuJxS8ESomRhe/KW4myxDoBxF+K+e5bOkOvvWVcAYJHWZ1BIZs4n6b
|
||||
+C2vO8q5aKTkQ/XvNT7utbTOqj1SGhItRaAQKXHBdzkQ1Et3wTA4+uRg4gK12624
|
||||
9LperYs26w9X9UzApl+qVxQhtWUw3tnUXMastDfQrRcvJgq1xpv++OqX5Uc93RTf
|
||||
SNWJAjMEEAEIAB0WIQS+DpdItxglOii7if/xsRvwXPAuVwUCXC5LlQAKCRDxsRvw
|
||||
XPAuV29KEACEwlTVVKe4gnBYHnlAD7csoQ0+gJ6C+Ofzlw+UItRIcFeVCAknSGBs
|
||||
NPxr9JStIvKpmsbSKpCNUEAYnRP2immh94y/C6BuTe1uUUmqBGr1f4OAUwZpmI29
|
||||
ixYeY/uUs9FZO3bS0/WtG46tdcJK41qtM0DYAGT3oeZhJMTW15dfvMGlFukauSOU
|
||||
+BbR+6sZhqdbWl/AOTE/6x5otnAaW0GObY/BW240Xq/KTgBrzVdK5qNoYsMVsiTd
|
||||
0im0JKvFG08ED+ZfcILhlO6G9jRhoTkhtYuf8CKN1dPf2IoB5FrRFf0xqRr9hNlk
|
||||
X7ViNMP9OPb8i3BubWvRi5rNSquCwrFATSiAgaA9Yi1BNzQsmQxOql9lsh7eCH7m
|
||||
+8zzUg9umWI6PkSv8vHBo2kPX73wmtEsF6vxJlk0yDBuQw7y0uuKh406tEEk4cP2
|
||||
8U4baq+ihpioupDhNuEII1h1Eh/RBE408RAOpcr+2F0m/fKOoJyz7u+AxyV81Ia6
|
||||
fyBnUfZnlfKo16w87c1HJRs9dKkRa5yGziBf9TcED3sru58Pftes2Nr80/iOh26i
|
||||
P2pRihcIyrmeAqDWnneErVCmPMDTe6zkMrm/0iZ25/Jfq+M8IHEzFEw3Y1FBOeFg
|
||||
9TyMDwYG2biJPTNTDO0BQ+Rrvs4SjFWEYSxgJSvG1jMfSPt5AR6MJrkCDQRcKvQU
|
||||
ARAAufZX5WzJr0lZAhxaGpHY6JMBr4jVOCP4TrDZhwC2K4CXNM/PLLNisWzquiWa
|
||||
FvUDhB89kCxrEhipwVFYhBr16CDQxrr8yhah3RIxrBMYhRTxgIAkANgkhGWfDJSE
|
||||
zXauA7krYtS3rYwhfXe4cNsTkLPbnMUlyLJcqj2wnZcZIt97aL+NFRPyfIw1KfUb
|
||||
9u3tB9seDYbvTEULeL07aTnHpWM5f3bTwJrJ2OFPzXseCCzPiVNh3Bv+YtJ1pMTr
|
||||
c/UHO5DoJuHLsF0wicPSrpD0twspFdR/0rT6eNycsaCtV4GQzBcMPvY7qai5XrZm
|
||||
Cqgluo1W6l6+F5YrKvRMtyyFkUNGcPywdjSlP44JyRrS2uzvFUViSsJArcmFG2TJ
|
||||
LCohnse8wqjw0dIUVbmDbE4zjaG56zkvu0k+04Wwp3XPgOZrbl6cbhX3yLhu/Gt0
|
||||
dzd9EReoNfKXk32hBzKas/vdeB5DZejbOOOWYftqyZC1LvDvvrYFhFK6VGozfZ6L
|
||||
Fml1hzn+xPahp5tRv93/T9zXeVPm9zilGMqm/gjRgh8ojWxNQoNzJyqTPWIvWmbu
|
||||
EIP3T3cTFq6lJpJsg3+sfzofGWZCGnBZQGqm8rEOoUWiaKe1BvQCX1x8p4/x8/tX
|
||||
TaVDpQCGoqxXt09plkDuGMuiDICxBlaHWUR2jLoHc2cLrB8AEQEAAYkCPAQYAQgA
|
||||
JhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcKvQUAhsMBQkD7JcAAAoJEHS7a5pM
|
||||
uz04pB8P/Amfg54IFeALiPOrKbjC3bVAQzrsf09IL8sUln/LCZIx9HgGAJj/f35S
|
||||
Q35sK2ucjWiDX6qCxVrWmC6caQXFgXOFSKIlqladmmgj4sIdLM5wj4nbomHChpB5
|
||||
rqV/GgkFwWBQ3kPCatXvc8Bg+zKJ+wXgTuPFXefyE9R+SLuas2grQ9hAjvTGHYbq
|
||||
iYxSlNDFc1aHLAQ3bS76351MHuMHOpLzoB0OkZDCVNW4GNEqrLbINdr50RAK+Loo
|
||||
Z2UBIobEZjXYor9A2FWkSvdjyz6X1QKMdQMath6R91k/O0abBa7ly4/805eAGXM3
|
||||
w1Xf2eMlpiUs69BeYoJBklK8aNMntpDREunJjhiPU4JoDzSxl5Qv7LuXylyo0YJA
|
||||
9YmydKhTTcRdwsKc//nGr/ckg4BRl+VbtJBYvd3xGB7IQ+pT/TOakv9qCospAhr3
|
||||
EQjVP/XpnWJRd+x+dq8UXqwWmTenWDE42cNr7BDFJdOqS5ZWy4sIz4sdjpSxXMB9
|
||||
8iiRtKSpKRCJgXScB7SYebh835EgG2YyQGdhJMO7C6ok9POYQBqL8sBqRzImJKoT
|
||||
VDvOH42WArKwJWTHa4mPdiDHEIZlkONerec3JXtl4Mfv8cwZ5Lb8fSiB/x8AWvqs
|
||||
puc/7hQtkus4TcgutS1fwhAwpnFItpVF6+73CMQrJsblBdTjW0T+uQINBFxbVHwB
|
||||
EADebZOJbhPdhHeBPdlZYE3rRjB8scDpWdjrCupfmeTC9MM6JgCE4DEMBtBXk+h1
|
||||
+7wfpblYYNFwGVFvytG5nvGRDtHWxwd1Z9O8Fx4Zqu0Fx/wAn7ZL3ryE+tdHR7JK
|
||||
7SLxOa2X49T/8LY0U8Q65I4ZRo/b4VMcXApCmncw3QSRqHT/mYdNnf+HHPvi3jza
|
||||
md3iVptCS4Iaisc079DFda+htWXspBc13lmPi2vGQkWjjS3B4yO8JackyQPVhpsg
|
||||
KYbRBzOH0Kii8bXmyA6O5uIJYEddp5Veged4FE/ej3CrgGP1D0Yk1epx8lLbi9RB
|
||||
kwFS7DA5rQ23UnbSy1WyV1ZgPrWqQAWuGpjMTVTWN0ElI3AGxAnE8lZlSXyE+XyV
|
||||
uHjjIVrayBjLKVqDuSLdKZeCvI4QsyHH6F0NKJQkngvXxLZYxO6s0c2EFFLzdVWT
|
||||
1V9GMP8UsDrrb+JsZjUVmPR1tTP4xqEQG6KjfFoQm5XWpGtFwh91OK1lwf/Bx2/C
|
||||
j+PquLLFcj7hEP79VDTUZPQAduTTxIeTzHXH+x1PCHFB10xxH3e82VSdJeBUrJxn
|
||||
riXzK50SKTTmF+uYpHqE8Jg1N2Y1n5ksuxeYUy8PFjhAeBCqZ6ZcldUDf4999e/z
|
||||
PT8bwfCDr8jRdqJHrq7RxTJiP5RsMudWpKeohzJGwQ5uZwARAQABiQRyBBgBCAAm
|
||||
FiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVHwCGwIFCQO9IQACQAkQdLtrmky7
|
||||
PTjBdCAEGQEIAB0WIQSVztolaxygoV8wL7WVIaftXazpGAUCXFtUfAAKCRCVIaft
|
||||
XazpGPeMEACm9nxA/VKf8RxDo2ZuTgyuSwlR8tCjAE4k3+UoiYUbamkW4pjx9Vgd
|
||||
1zC5bNxSWZ5vlJ4CH8ArKFqNK5LBVDZqhYureAo/1Af2b9vRJw0/QQHhuXz/jqeT
|
||||
wwrLuKpy796Gpt+aFfcmS0ZC4QXfxJERhAP6tu1p6YmAsSb+bjziQVkKrt9mhOrL
|
||||
dtz6WP0Fg1joRj33FgnnLtayHvtgQrNFI3ztCjk/B2FjYZxqbBGfk5gyo0cTE2Fi
|
||||
oLhG/XrxIoZepFMJkGYETnYQXrOt2KuJLvawV70YQmG8EqHYY8drKA0XDZs8TVdT
|
||||
5cvGvtm8ERz5znsssRBxQMI5Ml6O2ahrXp8Eq4htCzlvO8t2MOtzvqAJRiyAd6bA
|
||||
Uo+MGVRpnvePOR1SAgBXCd416rF0iCXc1utZxnqwdq9kJAZ+8mCLx4N4jk6AdGpX
|
||||
zcNkLg7QmUzXn75RxZ6GrIUYZJNMlswXq5XhSW4o8ePlaxWjh9+QTtU964AZhpA1
|
||||
uoHsKGTBxHJs0w6McZm14kb2PuaO2/rpf8s8IZyc93+Y5O/gHZ6/agBjA9qN6wkQ
|
||||
R1d5UhJC4QS/m35rBGBKK9X3fqQxaBCio6Qz+m4A3GchrztJpq+2P+ma5ylsTq5j
|
||||
V4njky26WNtrV7+N0C4Moj3I4Qn6YU/eSManTXzHzoiPZCEH/IOxgXIiD/9Zm3Zz
|
||||
I+h4NCfSGyP11/w1gEzlTHQ4at/FXIIDh0Y2ZNpWPffuFQLtcER2vyKPwhDYpGMy
|
||||
NNHXks4azfrXVCv0wmSNBbeS8pJrYtopZpCEBrAbg/YLv9m5lpDSRHaR3gv/qMZ7
|
||||
QxY+NwqciqTwGq68PuF4mDSvtfuFmbEES9Iybiie+eL/6DU2knfBjgshUe6vElR+
|
||||
LYoPQ45GY2IxRTJ1pMXaZw1+evwH3UvseRGkRygiaBgoU/qR4prynvjMQcacCa+C
|
||||
aRnXZJYp/usVBeY0xut9toc9/OcLGoBr5h9l5YjruO2vu8VHou8N0tarVQn3YbQR
|
||||
Fi+YtNtclWJa8Pq1AsKRTCFwDwP6eODv6mNOrEFydNRcpiQmzp47VWF/YHRfHzCq
|
||||
A1wHLxLUrpQTaVw6J4FqedAQ31aAO4faA7MS+ZMNBqZCZ7lTGC6TvojqqBAN2yX7
|
||||
AnnYpZHM+lGpi2/ukVzLqSkGmdNOgbu+UZvoej3YnHYig4yWP+z2xrlJl8bkhU/d
|
||||
r9IQE5aRCEPB/JWhHJ2/GqYl9qjshlB52+6X2KDarwptOtzT9ooArYhpMwKIYh34
|
||||
c7X8tlAKYk7V5j7txIRFDKKAftC7dM82PntXJxSkWyR70GYnYjiXyrqqerqT7xIC
|
||||
mDEQgFOPpy09zFW62paO9uiZw6qwybwqgGpoX7kCDQRcW1TbARAA3ERo2mPv2VVg
|
||||
ZUFr4MtPDm4UG00YJW/LYa3D3k0e9tdSScACXprk1sAoxUlQx/CSdErPKwXG4rax
|
||||
iN4t5nICUUNYSC0dh09G25jC7nwsWc0AYyZu+h/FzfvpOm3fBwmBlzILlGh0URwH
|
||||
Ffj9fHt6hos4C+3PFZZ/X24aMJF/cov1oYi9rqFwt/l0mgtPE88Iyj2/Vp3Lergg
|
||||
QMzKfEuyluj9fL2cgU0Qa7oAPXmaxhHtua4cvbM5SXGo3FXjIgzH9OfM+2orebeN
|
||||
wH1M3ec6w+nPmRmCJLvPKGOeS7GVXL5/aOyPlDWzSXYnpCKS2ntw4K4nt0IA8n8z
|
||||
1db109l/C2noDrDSJEqOo843ShNGTYOMVUrj3a+Y7o2ATc9pNZalf0PwnKas7NDb
|
||||
IJ152PEQw665iYXcv2awjLF6W0yuSq8kfiaAxIrsie2Dto0zgqOs0Ot9Y74u11Hh
|
||||
wBSHUO3mEZJScAAcI/yDF2PvjvCQSzu4mdXb77t6X2O6YHULz4A7bVQCMazcTDI9
|
||||
/S0W2+ixPnnJVnE3xgjK9zuizji8JDJw1hJCQM+yTLVqq9pfvcRfQ6uwpMRzz/O3
|
||||
S0zDRiA69/GyfNwkpgz5QaGpY02IK5WrQU1doRjIz4BHAYzoIOkMkRqTtjdElQZw
|
||||
/D3wSO2uwsEMNwRzibR/Lz1JF2aGn6EAEQEAAYkEcgQYAQgAJhYhBK4/rHlnEexZ
|
||||
/AB6pHS7a5pMuz04BQJcW1TbAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkBCAAd
|
||||
FiEE1wyE5ktVjlvM7AchMuIXXx11eioFAlxbVNsACgkQMuIXXx11eiqCfQ//SFDf
|
||||
rOIEoslp6n6vlCuavOg02wvjskKQGP1P1Q4v40Fw1Gl87n9uXAoMpeF4H+pzUxOi
|
||||
BHYCQi+EemwocSThzaWfPzd3JG/0OcRymf+ZOcBb+58VJL7p88QdMFIAi5J+KMuA
|
||||
fEG0zLkc9anEnXoVMmQJX5K+6PyeVDvBbYGjLjQAsWTZTiVuQI0w3WxFtDGWqQII
|
||||
8e/qE0DA7c/auGn7j2hid308+FcdfpmLefW9YesWjE1yYvHoCRdFOJ/7Sft4MQCI
|
||||
Re7UET3TRMBvtisP2DcqyzGPp22s4ZYFCCJJNiB92bXdEl5zXe4Ff7JTfNE/QrR7
|
||||
Wg5R9hZHgHdbp8p8bA3f0y29YCx3puYg7BbmQWiMh3rXWE5b090pSpw0K9BQU3vO
|
||||
irr+5/2TaFOJXHl4VF03GrWsSncShCbdsdRIv4TB0lY2mN4q+e7bjlAzJJeoaS97
|
||||
GIqu3DBlAJyx/ZwWW23DXXwoQ4jNuJhpl2jaCE7rVQB0uLjbp0i9Zdd4SdYZxmO/
|
||||
Y+JfgoJz8eyx8wZi4eDz1ijN0WKsIGjxJH5VUK9STjijDMeG6ZZRLc6b1QCGhe97
|
||||
ZbDkEUTdQGoeu4L5Fiqoma13NEsf8ofBDv+myJm/O67Va9JI3gxhIrhmF7LMzQQp
|
||||
lYx2peZC1CmhEnn83dtt83mhXvX6Dth657BW/Qd+GQ//SVuTPuNkBXfrTi4dbnv+
|
||||
cU6IsoIBodTF/WsQ6h4kbtsPhO5DbrsLNuNumrqVEN8jw+HUsEeNvFNeMrTPdG2V
|
||||
87ShQ4BQGkCf+GFRBj0myxxXOFZYQx6RpY5fCe7yOcTzpkbnPWmm7V8HdOuZ0NnL
|
||||
JNQ5YogOI6UvXVKv35R9qBo+G9jkhhb0eaAu6BERzKVANKfsGN7545ElZ1qlffMh
|
||||
AQhXGb6TsvCeSg2cWGb2cnVL2d58uVukD4PDiq4qqwgClkF3bOO70SIgGrCteHbi
|
||||
4Hseopex5m6GqqjoUYXr7QQBwSaQdc+gKtEjMHCsHbUyHRk0qEHdEe+2RmL0d0ra
|
||||
QMJfKyYQjcCR7tnrgN4WD1h4NKRdC/KRW31MDmH9XVPrkOMQCUCnArXkOwdKWsKf
|
||||
h8af9HqweXOT1FHJN/M3tWaBpv6KoduF2f2pj1VhPZ2EqFUycJ26lrHyOpsynQR6
|
||||
+TD+c1uXotDwKN5RW+YL1cydk6mhib64fdOyPUeTcHehjMAFgM2f5wi35Ujcj8id
|
||||
37cWOqRsggSbMnGO4AUA/YtcVNG8TjZbakson8ENK7e8q4sEiNFUZ7/CtzNokwHQ
|
||||
5uOG1+qB85Y4ImGnIZVeiBpjt73VVawg4Zvm/omtW50P9R+4rVhMJZZFAgrWg8BH
|
||||
H/KNznW0vUuShG8B+2FA/eu5Ag0EXFtVDAEQAL5ftI1GgVJEFgX5VsuFnfBnH95c
|
||||
zqmwEXaTP4s7Xm3O0Wy579EzRUD1eEw/UaD/q2OHScwvMP65cZYQ9w4hnCN6H96P
|
||||
96Teo7LOMCssvSXIO7gqP33LKTqDzsIoAFHwWE3dq1jbyP6T1Je85mr0Edvk8kOC
|
||||
B1hudswAARno/7X9zGulhhwuEHk5Iey7R59yRUQqBctdNcetGyaiFjjX0evuVADi
|
||||
/z/s07XhDLDt7+3Vglh1/7XGC64QhB9QjZ8j0u7+0xfmLLjhi+7EpkDlAHIJXX1H
|
||||
0wAsPOGKlYruQUmIsMNfBINZeulHEBZ4cAd30xsM296DzJ6QL9sAGfYMhRs0YHB/
|
||||
EJ10Zv0iw1pU2jCCUv/9Kf4F4nwgHQWQP7JAbfhOIUOUq/YlxjTLnkd25+7vD3KH
|
||||
NQ6UiRDROR9Jwetpd/zokpf5O5iTBpVL+sCq+NsTZyDOjITve2sY0V8v10M+Z+pL
|
||||
cp/cUZ4JEDS/WJ4/ovBNJP8b+YwN/RBgCjl8UBX/N+e7AA52eYP2H9GK9XPkzSCE
|
||||
VxEf5PyjGrwedpoLkzagrHsDuWo3uBquLyneT/ozihqKQAuInUy5B7rWU4mpKHe5
|
||||
Vto5o6Zuj+6MgHgIQzRK6Da2ziMNEmroxwZibcYCtUPdvcvxGh+byclnzBclKjOw
|
||||
kAalFPx0SxEbHmzPABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9
|
||||
OAUCXFtVDAIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBK7WIv4CB360
|
||||
tcFGwUKiedJIzcMQBQJcW1UMAAoJEEKiedJIzcMQH+cQAIQYXDnqi4Hl21LtAgky
|
||||
pZxug+x/LECVlwkrIfaQF337+fG+H9J7SdU87Sn1Xe/YUgQnF0XP/fjIVFM0e/Tb
|
||||
xVlmTFqiejLnIwJJDgUaHO3POT2sGEyO3tc0mqSzyRBxtMQ8yvApccBhL5QODv3h
|
||||
hlRWgk5MXU0IPeXw134IWm+o/PRiPBoXPawvVfEVIBlUFaiSZASf4BAiSad4aJQe
|
||||
P8PyP7FPvQB1xiib0iSetn6ZmNeN2OSUJPiPA8aE9JCKuFtomVQEDM0BqQDl5A7h
|
||||
5O2uyf0Li+/ArqBvfBjrH03e5zbID02dO3D2BjsV3jUeVPQ5WDgVg8LH+nfg/rRy
|
||||
wfCsx9zFp1mt3K4xN2v7IKwxGndApgCcx17gsjzMvLz0J7sSGov4MNjzqvGEDKCl
|
||||
uUvNKXqy7je9xcQLpoyvWtoWFXWTbQAcK5Vv+hC67r9bHpjI1KuqA8hYqNKxsv7s
|
||||
wiLZdd4SK9SIuwf0j8/XTZwmoFfGolJil0ZNxyqBF39+CMVpaHdLM1qKZz99TVzS
|
||||
h4obOOjkUjK458xSo0XCbJ4qXYp7PgxyWK6GIbTozbbG/1ldw+LUnqxt8Shf797L
|
||||
J9lbI3ICuR2P5PYlKJf3b6D9GyfqyrP387fKAKhHsYkZ1XD54/8wIgTrdfeNPtL0
|
||||
1mjWDjw5KvO9kuPBjcmzgt+NrtsQAJwKeZsiqLLcY8kJ9xP+/xtTlh2iVuZMfxwq
|
||||
hwlo4MMCzpobLDZ/JKU398m77eboTKJSBfeUYxQd4ATn1L8NLKjLxKAaBkjEk0nN
|
||||
8w9OUQbFlhQ/asLzzF7Z9IGGh9/SEgBZ8V67a0O3Qw9Xdi3ARK3bbZ8RIVJ0+P9G
|
||||
CGrfq9j4ZmGA2L4irLjsvDAv7CSMb4WBKW8j0Jz5LFMwOMJgG1TT5c6lNqFj6y09
|
||||
rZcVLnt8+lUv2Bw3LC0oI1TjFkrrCzIdfg++mPi3K/ZFc50bvnWF4eCOjgZ5U9Vb
|
||||
sxFZq3+vTRcIfI9z2lZ9CNDRA1O5jGvuVtEGLiSLF2aJ6kiNriLuuGTlXfg/Fpgh
|
||||
GTvyppOTzF7PtHzHBQ/ZjnhWojnc/jyJRwLK8cCl6+EOc887v8BDmqgFWtmycsE2
|
||||
5fDJ7UFGP13g/eDL3ZUgMDty5dQaUOTX145t2KT+lMqpY6ZK2EC+eoqrnIGJ+tYy
|
||||
0l4RRxi10mbNhuPIIDdph7X+mUHgCeA9gyF0Y+LqiB6CX+zFg7ovLvnCbMPxdGXq
|
||||
z7AjfwqZBKI+BVuBeDtyW4onmElCu5cXNKsg3W0IlQlZf9PMDU6Ht0XLUs7EPfbQ
|
||||
sH1Vqi1XE1W/tGnkmjcpG/qlt9Gx1uwFGLP6iomqUBc2c0GZ6R1xplXvd3w3yC8d
|
||||
8lAgPGImuQINBFxbVToBEADkuxhQx9gxlzzCc0nUu2v82XsD+GzONp9irt14gslx
|
||||
te96eKaTXTi0t5eya0X5TIY3wbREwjlfAeM9AfcAmWcsM4izrfPtANM6WOxB2Tbz
|
||||
EY2cqv7NBQii7Z5aqPyjcIiT0b0Gs2evlDkn3xEBBqTSrNcnGSA29bZPIkaUb7Qo
|
||||
p/Ani0S3/tgcR21gXsJwkgpfNKwvPT03Lz3/o5rXAyag0M/25adgk9SVKNcXc8h2
|
||||
HSGv5ENjwUKNNnowVbNLw4287mFUM2Vd6unGJ2MBj7aUwTrfBl7gNV96mMdDJWcB
|
||||
hGKYkxUvibuHCa2KH7gTrnV6X7sdrgD5CbJMPq6OZNSP6n6bUVg22eHxoETplFwT
|
||||
4NvV3clRMWIAG1XgXR1l99LAh7PPnPMM1pHQGPwYHQskoBFS4g5knzHpB9h9TfZ3
|
||||
MM4cDZR5NgWmE0fYVnWe5ax+wW0/IOklUoHv3qoL4yiN9wFJq2oLzUNQd9+tsqiy
|
||||
vxSTh8iYmHegyn5KuBPsrMPgvqiKOdalTZKkak9DOx4cGQL2qHspKxiBOb6uox2v
|
||||
fjMQ5bDeUn+4DYMdnZNHeywCUegJmDakUtlfvN+136IDHGwfdGcitqzswzd3+PI2
|
||||
qlwPE19gkrp9NUaD3Qj2ZtDP7sU2cThc6Gra5KRFW8f98bI77j1Wu6pCnYFLqPz4
|
||||
QQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVToCGwIF
|
||||
CQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQR5HX64jryNAThDSqwz3zWa56YK
|
||||
eQUCXFtVOgAKCRAz3zWa56YKeSWOEADK8u03LESGSQlZQqnnCAI8iYs1s+XRMEnG
|
||||
2tAQ1OK7/4eNgr1yZckmaW4FBMgeEgYIBJ7v3SlW7Hf7dE10TYPNGbP6UxVW8HIP
|
||||
rA4CINcGZXWWwpS374JNMS6A5eb6viuEgEMEi00jx0MmLvCMZKypmwXQUl5YJ5nB
|
||||
ytpQ1681mCQxGBMhT1eKQt3B4nAsoEnP+HnqVM/nKxBemSBNXX+C0b/YeQoLC3sD
|
||||
L+Z0NRI8U6PZl9Rokod3uynH0vfBYCEJd6MvsjtnJlVVaseYIA3ESNrFG12tw95I
|
||||
wKNrVCANZ1DBSyK4ovmmWsDrH+uFTHSLNjlxIuVxUfmXcLfgcepVCmd/7Z7UrWYr
|
||||
SXSvP0VG4ZmEPE7tNb8bfyADftO1cVsmcHBQeSrgvpSrTv9L8MocojpR5vJc1f+a
|
||||
sBT7rAeGzZP9riz1GmryXawaZgdLfaaJfzRQkc1uTChb7kMN+UMhVUdCAXmho0XO
|
||||
SfcsW84u/LpjdYh2Ww41xQO6EWvbZDNgD/Fdmp8Uh1MqJ1Dejri6kjNn6wPImXJd
|
||||
Eu6nHqWDRdYsfT4XUB18tB+4aIpFzCyIgpf7p1uaVU7Oqip5sZkc/WXKr77lV23m
|
||||
PQvpGRNCzgU2TJY7ktR3LOvUVN6wNfLMHzeQk18NdmcEGUrJ0YYtl9vE5/Eg9L6x
|
||||
LBH9PKt17IQ8D/9DLwQX8pl3fuTM8ZbzIPLxiXhbgzBBTXKRE2u1888+RIq9xE7c
|
||||
aVFjwq4qpgqZ5SFonTcG4Pi5ck3mFAzyA5zLRF+ckpmBpwSPMpLwCpv10369D1jh
|
||||
AF3JsUwt6DIb2BISMhh2ThSUMSKO75q8GSotsKjJyjD6vl1x4L7WXubTWxEiNuwD
|
||||
3kAjFWS1Z1VWtA9SURWAbsDaCV4VmwCCpSIwRr9OTbyu9XuMdMxGNpl8SwW7MVQb
|
||||
x4aYNvR7Hl/wIR71AHAXoSfrKp3p12anXjYYASHmbm16ugP4H7HLMBfznKet2f76
|
||||
gIxJr1CsAMTSqypcC1UoVb6Gz8djeIR+GU+6efHI4TIUMy5uMIUx8tYbwSEeo/y6
|
||||
NnjpJFYYjJa671iSABInNxs4+X+1zrFa+wl45EnaFxziEet2Qzv/VsusoLvLwnYi
|
||||
BZckclAS5xoVGFW0WJ01OfLUDHxGMt9GSheL8c+GLMaMtaCWunpmmt9zZ9WdpBOu
|
||||
AGluMG1Cee50TrhXaGE8CdNr8nOdSeLNAveBAPmuVa0JDSe20/D/RuYJLKeG9Vsq
|
||||
BZvjuGlOUsfl6UjtiGRbgS9OWpxeez5ugc9yyV+rBGIpmnIb+9quz2HmGxE65eA2
|
||||
cRNsZRIjFLzeAx/0RMaT1nlLFTBbUuZ+tJ+fgFtRGMhifZn1pb2dMQo0N7kCDQRc
|
||||
W1VuARAAv4LYaNq2Zev/v7M5DnxLpgHRcMkG7TOQpycrlK5653llpZzTy3mh5peW
|
||||
vcq3IDmdeUIJxQ+WDh2f0vS+NIKDC/HAddfHrZPbhO7zLxLcMW5KmV05ancaRSP0
|
||||
s0+IyQmvVxUNrgPinZiphlvRGoLXS6pdgfc4jIR9B2umPecfvfu/6EWFPnXZgG8K
|
||||
yY3Z+mwrmEO0FaXHBQuu6nactiPe79N4bLe8hk9RW6yIxLBeJzIoOlIcJmuRHapt
|
||||
nS2lV3mfhZdFnkAp1o6a2TL5BwgMY0wZUKZr78HEMKh6LbPN9rPepf0neUeq/k1l
|
||||
NJU7V6XMS+rezF31vgSJ5KoNGYhxtWZ54uksH2rcw7+ltpSVtqY91G/vibpRCJG3
|
||||
LdX/kxHni1NEWyZlpS/6ntuH6HSoNYsR9IMsbESs3QVCH74ApK88CxYCRB0SEo0M
|
||||
yAElbQ3bfEKCKl/FwC4IzAYAJ2arWKwBHRSJlsrNCtczrjG7j3EyJrn8+Tm5yjO6
|
||||
0THQjvc/nBxrNE09r1Lzz7jrDWC9Rl+BH6wqdniymoYyUAQsX2rZ+Jhah1Zkf+Gu
|
||||
76qtY+EH494dPM+0FazcBlgBd6/J5mh3Wk9JuecXLTEUGtzd1GmI9CENPAklCauX
|
||||
tNOWeTop27djuKWsZxuP1GyV6UYixFVOSWteyAbA32cncVv/2ZUAEQEAAYkEcgQY
|
||||
AQgAJhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcW1VuAhsCBQkDvSEAAkAJEHS7
|
||||
a5pMuz04wXQgBBkBCAAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAlxbVW4ACgkQ
|
||||
F8xdsfAIhAd4jxAAiO9+VRQQ3eBOsJRgANdgL/l51kq7qE3u8xnSqNkrmdYDdT2H
|
||||
TYH5W4n2AmGo50BDafdjd6tut0qtzA3/hGWCooydxKFOsnIYziUeoHvlICj3RkHO
|
||||
y7utcFhAgRWi+kzFwnnXGf13dMU9iG7yvKrCrCEw44gzoQ1KnY1Xsj18n5JkqxeT
|
||||
94bzcSbz20OpOSIMfSQPrpy18WrZYwHodcIZ3IUUACCpMZdfTa9c/qHRQ/rcwl+B
|
||||
0JlHx0V4AYiSAsiMVgflO1Eqi7apPuwxPPd5nnHkrdDM9CYC3LdBORBXwncG3oZ5
|
||||
eTSXmsvFxHXH41JHsm/1QFcVmFAYhu9qJFCGiD+8UeTFtT+nnHU69BszgtUskqX8
|
||||
k9PqLdK7Vxkp16wc6WOp1NeIQ6Fd4PxTGrPqs9bJk7TlYtTFWpA0X+EMj/San+Ku
|
||||
PxqLEa4Ab12R4vs1pCrn/g1z3C/6ujH4B70HOrRTIeTjULJ6xdwXGtwUA09hio0r
|
||||
pHhtyZhAh5irUJNto4ZOk/Qyd+dfMsNvRJfbVIK2mmeRaBnp902AsQNgYVdi2Aki
|
||||
0h4kz3bVLGw7iD/xV2hV69+JwLSijkkmOpz/EjMwj0hDDYrHH3Y3o0dV3dNdk/5i
|
||||
6lQgcxSVsl9kWlHcoEllKbf0Hb1muKVwoGGYxFYna2jsLFVjG29M7iPSgrHjmg/+
|
||||
I3fmsLZ0VI9kmxniUlZ6gz5NB5PJ3RXmwKO9LkBgE5C1wpuZbNEQ1NsR2bprlJPm
|
||||
++GNSo8HaheuTRJn42kkOgfIJwjuvXih3FE/NtRA/W8H2uF6YLDjBKGZJbxQcmsd
|
||||
CTEuCRCVP8X7C5n3rl1YqzfWfNr8QFxvH7ivG7KOlSxvyTKcYatWb9uDUPrnr74f
|
||||
ZaMljHGsNyKj70MzZcrrsmt61yWGR0h+02rmIKlskl4hkh+qF5ehI+Bkd7eblsBy
|
||||
rxEREHq/ij2Vd7l0Z606YCE8vj8WfcsJj8JjwR3A+nND/oNJTTbQ3b8OvasvqIey
|
||||
WqqmGg73nbHjd/VIAUsfvnsEYatDk4pAA/wQr9c4T4s5Q/QRwDrAsa4J89FrDjWC
|
||||
hQBPL7TaP8Af/3Y3/86jLCN4lnW1qjPXv5rhBFeI0EVi1k1qdV06qr5HOk7CwQTT
|
||||
uc4rCdFcEnw8kVKZa/yFnlJfRa0Z4IwSahdp5fdFEuad6LpOcFFnYxWtIWhcg4GT
|
||||
RcMha/OZnsfqOqiAt6In+1IwuJBz3uMM7xw2AMaxzAejGEL63F81C5iJ6Ld6kQK+
|
||||
XblDW0G643bVbzkBb46MAT+UnLuWQUs3NDtk1FEioJyWUgbO/srMH4MoWM7rG8ZT
|
||||
nQPohNmPBrqL2phmE27HQsQ0rTjH2Z2ol7iy9OFMtT0=
|
||||
=MkGo
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
25
gating.yaml
25
gating.yaml
@ -1,25 +0,0 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
||||
|
||||
#Rawhide
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
||||
|
||||
#gating rhel
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-*
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
|
||||
411
ldap2zone.c
411
ldap2zone.c
@ -1,411 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2004, 2005 Stig Venaas <venaas@uninett.no>
|
||||
* $Id: ldap2zone.c,v 1.1 2007/07/24 15:18:00 atkac Exp $
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*/
|
||||
|
||||
#define LDAP_DEPRECATED 1
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
|
||||
#include <ldap.h>
|
||||
|
||||
struct string {
|
||||
void *data;
|
||||
size_t len;
|
||||
};
|
||||
|
||||
struct assstack_entry {
|
||||
struct string key;
|
||||
struct string val;
|
||||
struct assstack_entry *next;
|
||||
};
|
||||
|
||||
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key);
|
||||
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item);
|
||||
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item);
|
||||
void printsoa(struct string *soa);
|
||||
void printrrs(char *defaultttl, struct assstack_entry *item);
|
||||
void print_zone(char *defaultttl, struct assstack_entry *stack);
|
||||
void usage(char *name);
|
||||
void err(char *name, const char *msg);
|
||||
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val);
|
||||
|
||||
struct assstack_entry *assstack_find(struct assstack_entry *stack, struct string *key) {
|
||||
for (; stack; stack = stack->next)
|
||||
if (stack->key.len == key->len && !memcmp(stack->key.data, key->data, key->len))
|
||||
return stack;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void assstack_push(struct assstack_entry **stack, struct assstack_entry *item) {
|
||||
item->next = *stack;
|
||||
*stack = item;
|
||||
}
|
||||
|
||||
void assstack_insertbottom(struct assstack_entry **stack, struct assstack_entry *item) {
|
||||
struct assstack_entry *p;
|
||||
|
||||
item->next = NULL;
|
||||
if (!*stack) {
|
||||
*stack = item;
|
||||
return;
|
||||
}
|
||||
/* find end, should keep track of end somewhere */
|
||||
/* really a queue, not a stack */
|
||||
p = *stack;
|
||||
while (p->next)
|
||||
p = p->next;
|
||||
p->next = item;
|
||||
}
|
||||
|
||||
void printsoa(struct string *soa) {
|
||||
char *s;
|
||||
size_t i;
|
||||
|
||||
s = (char *)soa->data;
|
||||
i = 0;
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
printf("(\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
putchar(s[i]);
|
||||
if (s[i++] == ' ')
|
||||
break;
|
||||
}
|
||||
printf("; Serialnumber\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Refresh\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Retry\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
if (s[i] == ' ')
|
||||
break;
|
||||
putchar(s[i++]);
|
||||
}
|
||||
i++;
|
||||
printf("\t; Expire\n\t\t\t\t");
|
||||
while (i < soa->len) {
|
||||
putchar(s[i++]);
|
||||
}
|
||||
printf(" )\t; Minimum TTL\n");
|
||||
}
|
||||
|
||||
void printrrs(char *defaultttl, struct assstack_entry *item) {
|
||||
struct assstack_entry *stack;
|
||||
char *s;
|
||||
int first;
|
||||
size_t i;
|
||||
char *ttl, *type;
|
||||
int top;
|
||||
|
||||
s = (char *)item->key.data;
|
||||
|
||||
if (item->key.len == 1 && *s == '@') {
|
||||
top = 1;
|
||||
printf("@\t");
|
||||
} else {
|
||||
top = 0;
|
||||
for (i = 0; i < item->key.len; i++)
|
||||
putchar(s[i]);
|
||||
if (item->key.len < 8)
|
||||
putchar('\t');
|
||||
putchar('\t');
|
||||
}
|
||||
|
||||
first = 1;
|
||||
for (stack = (struct assstack_entry *) item->val.data; stack; stack = stack->next) {
|
||||
ttl = (char *)stack->key.data;
|
||||
s = strchr(ttl, ' ');
|
||||
*s++ = '\0';
|
||||
type = s;
|
||||
|
||||
if (first)
|
||||
first = 0;
|
||||
else
|
||||
printf("\t\t");
|
||||
|
||||
if (strcmp(defaultttl, ttl))
|
||||
printf("%s", ttl);
|
||||
putchar('\t');
|
||||
|
||||
if (top) {
|
||||
top = 0;
|
||||
printf("IN\t%s\t", type);
|
||||
/* Should always be SOA here */
|
||||
if (!strcmp(type, "SOA")) {
|
||||
printsoa(&stack->val);
|
||||
continue;
|
||||
}
|
||||
} else
|
||||
printf("%s\t", type);
|
||||
|
||||
s = (char *)stack->val.data;
|
||||
for (i = 0; i < stack->val.len; i++)
|
||||
putchar(s[i]);
|
||||
putchar('\n');
|
||||
}
|
||||
}
|
||||
|
||||
void print_zone(char *defaultttl, struct assstack_entry *stack) {
|
||||
printf("$TTL %s\n", defaultttl);
|
||||
for (; stack; stack = stack->next)
|
||||
printrrs(defaultttl, stack);
|
||||
};
|
||||
|
||||
void usage(char *name) {
|
||||
fprintf(stderr, "Usage:%s zone-name LDAP-URL default-ttl [serial]\n", name);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
void err(char *name, const char *msg) {
|
||||
fprintf(stderr, "%s: %s\n", name, msg);
|
||||
exit(1);
|
||||
};
|
||||
|
||||
int putrr(struct assstack_entry **stack, struct berval *name, char *type, char *ttl, struct berval *val) {
|
||||
struct string key;
|
||||
struct assstack_entry *rr, *rrdata;
|
||||
|
||||
/* Do nothing if name or value have 0 length */
|
||||
if (!name->bv_len || !val->bv_len)
|
||||
return 0;
|
||||
|
||||
/* see if already have an entry for this name */
|
||||
key.len = name->bv_len;
|
||||
key.data = name->bv_val;
|
||||
|
||||
rr = assstack_find(*stack, &key);
|
||||
if (!rr) {
|
||||
/* Not found, create and push new entry */
|
||||
rr = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
|
||||
if (!rr)
|
||||
return -1;
|
||||
rr->key.len = name->bv_len;
|
||||
rr->key.data = (void *) malloc(rr->key.len);
|
||||
if (!rr->key.data) {
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
memcpy(rr->key.data, name->bv_val, name->bv_len);
|
||||
rr->val.len = sizeof(void *);
|
||||
rr->val.data = NULL;
|
||||
if (name->bv_len == 1 && *(char *)name->bv_val == '@')
|
||||
assstack_push(stack, rr);
|
||||
else
|
||||
assstack_insertbottom(stack, rr);
|
||||
}
|
||||
|
||||
rrdata = (struct assstack_entry *) malloc(sizeof(struct assstack_entry));
|
||||
if (!rrdata) {
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
rrdata->key.len = strlen(type) + strlen(ttl) + 1;
|
||||
rrdata->key.data = (void *) malloc(rrdata->key.len);
|
||||
if (!rrdata->key.data) {
|
||||
free(rrdata);
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
sprintf((char *)rrdata->key.data, "%s %s", ttl, type);
|
||||
|
||||
rrdata->val.len = val->bv_len;
|
||||
rrdata->val.data = (void *) malloc(val->bv_len);
|
||||
if (!rrdata->val.data) {
|
||||
free(rrdata->key.data);
|
||||
free(rrdata);
|
||||
free(rr->key.data);
|
||||
free(rr);
|
||||
return -1;
|
||||
}
|
||||
memcpy(rrdata->val.data, val->bv_val, val->bv_len);
|
||||
|
||||
if (!strcmp(type, "SOA"))
|
||||
assstack_push((struct assstack_entry **) &(rr->val.data), rrdata);
|
||||
else
|
||||
assstack_insertbottom((struct assstack_entry **) &(rr->val.data), rrdata);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
char *s, *hostporturl, *base = NULL;
|
||||
char *ttl, *defaultttl;
|
||||
LDAP *ld;
|
||||
char *fltr = NULL;
|
||||
LDAPMessage *res, *e;
|
||||
char *a, **ttlvals, **soavals, *serial;
|
||||
struct berval **vals, **names;
|
||||
char type[64];
|
||||
BerElement *ptr;
|
||||
int i, j, rc, msgid;
|
||||
struct assstack_entry *zone = NULL;
|
||||
|
||||
if (argc < 4 || argc > 5)
|
||||
usage(argv[0]);
|
||||
|
||||
hostporturl = argv[2];
|
||||
|
||||
if (hostporturl != strstr( hostporturl, "ldap"))
|
||||
err(argv[0], "Not an LDAP URL");
|
||||
|
||||
s = strchr(hostporturl, ':');
|
||||
|
||||
if (!s || strlen(s) < 3 || s[1] != '/' || s[2] != '/')
|
||||
err(argv[0], "Not an LDAP URL");
|
||||
|
||||
s = strchr(s+3, '/');
|
||||
if (s) {
|
||||
*s++ = '\0';
|
||||
base = s;
|
||||
s = strchr(base, '?');
|
||||
if (s)
|
||||
err(argv[0], "LDAP URL can only contain host, port and base");
|
||||
}
|
||||
|
||||
defaultttl = argv[3];
|
||||
|
||||
rc = ldap_initialize(&ld, hostporturl);
|
||||
if (rc != LDAP_SUCCESS)
|
||||
err(argv[0], "ldap_initialize() failed");
|
||||
|
||||
if (argc == 5) {
|
||||
/* serial number specified, check if different from one in SOA */
|
||||
fltr = (char *)malloc(strlen(argv[1]) + strlen("(&(relativeDomainName=@)(zoneName=))") + 1);
|
||||
sprintf(fltr, "(&(relativeDomainName=@)(zoneName=%s))", argv[1]);
|
||||
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
|
||||
if (msgid == -1)
|
||||
err(argv[0], "ldap_search() failed");
|
||||
|
||||
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
|
||||
/* not supporting continuation references at present */
|
||||
if (rc != LDAP_RES_SEARCH_ENTRY)
|
||||
err(argv[0], "ldap_result() returned cont.ref? Exiting");
|
||||
|
||||
/* only one entry per result message */
|
||||
e = ldap_first_entry(ld, res);
|
||||
if (e == NULL) {
|
||||
ldap_msgfree(res);
|
||||
err(argv[0], "ldap_first_entry() failed");
|
||||
}
|
||||
|
||||
soavals = ldap_get_values(ld, e, "SOARecord");
|
||||
if (soavals)
|
||||
break;
|
||||
}
|
||||
|
||||
ldap_msgfree(res);
|
||||
if (!soavals) {
|
||||
err(argv[0], "No SOA Record found");
|
||||
}
|
||||
|
||||
/* We have a SOA, compare serial numbers */
|
||||
/* Only checkinf first value, should be only one */
|
||||
s = strchr(soavals[0], ' ');
|
||||
s++;
|
||||
s = strchr(s, ' ');
|
||||
s++;
|
||||
serial = s;
|
||||
s = strchr(s, ' ');
|
||||
*s = '\0';
|
||||
if (!strcmp(serial, argv[4])) {
|
||||
ldap_value_free(soavals);
|
||||
err(argv[0], "serial numbers match");
|
||||
}
|
||||
ldap_value_free(soavals);
|
||||
}
|
||||
|
||||
if (!fltr)
|
||||
fltr = (char *)malloc(strlen(argv[1]) + strlen("(zoneName=)") + 1);
|
||||
if (!fltr)
|
||||
err(argv[0], "Malloc failed");
|
||||
sprintf(fltr, "(zoneName=%s)", argv[1]);
|
||||
|
||||
msgid = ldap_search(ld, base, LDAP_SCOPE_SUBTREE, fltr, NULL, 0);
|
||||
if (msgid == -1)
|
||||
err(argv[0], "ldap_search() failed");
|
||||
|
||||
while ((rc = ldap_result(ld, msgid, 0, NULL, &res)) != LDAP_RES_SEARCH_RESULT ) {
|
||||
/* not supporting continuation references at present */
|
||||
if (rc != LDAP_RES_SEARCH_ENTRY)
|
||||
err(argv[0], "ldap_result() returned cont.ref? Exiting");
|
||||
|
||||
/* only one entry per result message */
|
||||
e = ldap_first_entry(ld, res);
|
||||
if (e == NULL) {
|
||||
ldap_msgfree(res);
|
||||
err(argv[0], "ldap_first_entry() failed");
|
||||
}
|
||||
|
||||
names = ldap_get_values_len(ld, e, "relativeDomainName");
|
||||
if (!names)
|
||||
continue;
|
||||
|
||||
ttlvals = ldap_get_values(ld, e, "dNSTTL");
|
||||
ttl = ttlvals ? ttlvals[0] : defaultttl;
|
||||
|
||||
for (a = ldap_first_attribute(ld, e, &ptr); a != NULL; a = ldap_next_attribute(ld, e, ptr)) {
|
||||
char *s;
|
||||
|
||||
for (s = a; *s; s++)
|
||||
*s = toupper(*s);
|
||||
s = strstr(a, "RECORD");
|
||||
if ((s == NULL) || (s == a) || (s - a >= (signed int)sizeof(type))) {
|
||||
ldap_memfree(a);
|
||||
continue;
|
||||
}
|
||||
|
||||
strncpy(type, a, s - a);
|
||||
type[s - a] = '\0';
|
||||
vals = ldap_get_values_len(ld, e, a);
|
||||
if (vals) {
|
||||
for (i = 0; vals[i]; i++)
|
||||
for (j = 0; names[j]; j++)
|
||||
if (putrr(&zone, names[j], type, ttl, vals[i]))
|
||||
err(argv[0], "malloc failed");
|
||||
ldap_value_free_len(vals);
|
||||
}
|
||||
ldap_memfree(a);
|
||||
}
|
||||
|
||||
if (ptr)
|
||||
ber_free(ptr, 0);
|
||||
if (ttlvals)
|
||||
ldap_value_free(ttlvals);
|
||||
ldap_value_free_len(names);
|
||||
/* free this result */
|
||||
ldap_msgfree(res);
|
||||
}
|
||||
|
||||
/* free final result */
|
||||
ldap_msgfree(res);
|
||||
|
||||
print_zone(defaultttl, zone);
|
||||
return 0;
|
||||
}
|
||||
@ -1,143 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
#
|
||||
# Makefile modificator
|
||||
#
|
||||
# Should help in building bin/tests/system tests standalone,
|
||||
# linked to libraries installed into the system.
|
||||
# TODO:
|
||||
# - Fix top_srcdir, because dyndb/driver/Makefile uses $TOPSRC/mkinstalldirs
|
||||
# - Fix conf.sh to contain paths to system tools
|
||||
# - Export $TOP/version somewhere, where it would be used
|
||||
# - system tests needs bin/tests code. Do not include just bin/tests/system
|
||||
#
|
||||
# Possible solution:
|
||||
#
|
||||
# sed -e 's/$TOP\/s\?bin\/\(delv\|confgen\|named\|nsupdate\|pkcs11\|python\|rndc\|check\|dig\|dnssec\|tools\)\/\([[:alnum:]-]\+\)/`type -p \2`/' conf.sh
|
||||
# sed -e 's,../../../../\(isc-config.sh\),\1,' builtin/tests.sh
|
||||
# or use: $NAMED -V | head -1 | cut -d ' ' -f 2
|
||||
|
||||
import re
|
||||
import argparse
|
||||
|
||||
"""
|
||||
Script for replacing Makefile ISC_INCLUDES with runtime flags.
|
||||
|
||||
Should translate part of Makefile to use isc-config.sh instead static linked sources.
|
||||
ISC_INCLUDES = -I/home/pemensik/rhel/bind/bind-9.11.12/build/lib/isc/include \
|
||||
-I${top_srcdir}/lib/isc \
|
||||
-I${top_srcdir}/lib/isc/include \
|
||||
-I${top_srcdir}/lib/isc/unix/include \
|
||||
-I${top_srcdir}/lib/isc/pthreads/include \
|
||||
-I${top_srcdir}/lib/isc/x86_32/include
|
||||
|
||||
Should be translated to:
|
||||
ISC_INCLUDES = $(shell isc-config.sh --cflags isc)
|
||||
"""
|
||||
|
||||
def isc_config(mode, lib):
|
||||
if mode:
|
||||
return '$(shell isc-config.sh {mode} {lib})'.format(mode=mode, lib=lib)
|
||||
else:
|
||||
return ''
|
||||
|
||||
def check_match(match, debug=False):
|
||||
"""
|
||||
Check this definition is handled by internal library
|
||||
"""
|
||||
if not match:
|
||||
return False
|
||||
lib = match.group(2).lower()
|
||||
ok = not lib_filter or lib in lib_filter
|
||||
if debug:
|
||||
print('{status} {lib}: {text}'.format(status=ok, lib=lib, text=match.group(1)))
|
||||
return ok
|
||||
|
||||
def fix_line(match, mode):
|
||||
lib = match.group(2).lower()
|
||||
return match.group(1)+isc_config(mode, lib)+"\n"
|
||||
|
||||
def fix_file_lines(path, debug=False):
|
||||
"""
|
||||
Opens file and scans fixes selected parameters
|
||||
|
||||
Returns list of lines if something should be changed,
|
||||
None if no action is required
|
||||
"""
|
||||
fixed = []
|
||||
changed = False
|
||||
with open(path, 'r') as fin:
|
||||
fout = None
|
||||
|
||||
line = next(fin, None)
|
||||
while line:
|
||||
appended = False
|
||||
while line.endswith("\\\n"):
|
||||
line += next(fin, None)
|
||||
|
||||
inc = re_includes.match(line)
|
||||
deplibs = re_deplibs.match(line)
|
||||
libs = re_libs.match(line)
|
||||
newline = None
|
||||
if check_match(inc, debug=debug):
|
||||
newline = fix_line(inc, '--cflags')
|
||||
elif check_match(deplibs, debug=debug):
|
||||
newline = fix_line(libs, None)
|
||||
elif check_match(libs, debug=debug):
|
||||
newline = fix_line(libs, '--libs')
|
||||
|
||||
if newline and line != newline:
|
||||
changed = True
|
||||
line = newline
|
||||
|
||||
fixed.append(line)
|
||||
line = next(fin, None)
|
||||
|
||||
if not changed:
|
||||
return None
|
||||
else:
|
||||
return fixed
|
||||
|
||||
def write_lines(path, lines):
|
||||
fout = open(path, 'w')
|
||||
for line in lines:
|
||||
fout.write(line)
|
||||
fout.close()
|
||||
|
||||
def print_lines(lines):
|
||||
for line in lines:
|
||||
print(line, end='')
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='Makefile multiline include replacer')
|
||||
parser.add_argument('files', nargs='+')
|
||||
parser.add_argument('--filter', type=str,
|
||||
default='isc isccc isccfg dns lwres bind9 irs',
|
||||
help='List of libraries supported by isc-config.sh')
|
||||
parser.add_argument('--check', action='store_true',
|
||||
help='Test file only')
|
||||
parser.add_argument('--print', action='store_true',
|
||||
help='Print changed file only')
|
||||
parser.add_argument('--debug', action='store_true',
|
||||
help='Enable debug outputs')
|
||||
|
||||
args = parser.parse_args()
|
||||
lib_filter = None
|
||||
|
||||
re_includes = re.compile(r'^\s*((\w+)_INCLUDES\s+=\s*).*')
|
||||
re_deplibs = re.compile(r'^\s*((\w+)DEPLIBS\s*=).*')
|
||||
re_libs = re.compile(r'^\s*((\w+)LIBS\s*=).*')
|
||||
|
||||
if args.filter:
|
||||
lib_filter = set(args.filter.split(' '))
|
||||
pass
|
||||
|
||||
for path in args.files:
|
||||
lines = fix_file_lines(path, debug=args.debug)
|
||||
if lines:
|
||||
if args.print:
|
||||
print_lines(lines)
|
||||
elif not args.check:
|
||||
write_lines(path, lines)
|
||||
print('File {path} was fixed'.format(path=path))
|
||||
else:
|
||||
print('File {path} does not need fixing'.format(path=path))
|
||||
39
plans.fmf
39
plans.fmf
@ -1,39 +0,0 @@
|
||||
environment+:
|
||||
PACKAGE: bind9.18
|
||||
|
||||
/tier1-internal:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
name: /plans/bind9.18/tier1/internal
|
||||
|
||||
/tier1-public:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
name: /plans/bind9.18/tier1/public
|
||||
|
||||
|
||||
/tier2-tier3-internal:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
name: /plans/bind9.18/tier2-tier3/internal
|
||||
|
||||
/tier2-tier3-public:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
name: /plans/bind9.18/tier2-tier3/public
|
||||
|
||||
/others-internal:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
name: /plans/bind9.18/others/internal
|
||||
|
||||
/others-public:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
name: /plans/bind9.18/others/public
|
||||
@ -1,10 +0,0 @@
|
||||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = @TOKENPATH@
|
||||
objectstore.backend = file
|
||||
|
||||
# ERROR, WARNING, INFO, DEBUG
|
||||
log.level = ERROR
|
||||
|
||||
# If CKF_REMOVABLE_DEVICE flag should be set
|
||||
slots.removable = false
|
||||
2
sources
2
sources
@ -1,2 +0,0 @@
|
||||
SHA512 (bind-9.18.29.tar.xz) = 6c2676e2e2cb90f3bd73afb367813c54d1c961e12df1e12e41b9d0ee5a1d5cdf368d81410469753eaef37e43358b56796f078f3b2f20c3b247c4bef91d56c716
|
||||
SHA512 (bind-9.18.29.tar.xz.asc) = 6612c7151c4c1736e0237b8219cefbafbc1dcd4b04ad9b12b99cba703e6debde90d2f9838dd1465a47b9a002a598d9b8f3221dfe1a3bdc41436a92e6d06db472
|
||||
Loading…
Reference in New Issue
Block a user