diff --git a/bind-9.10-dist-native-pkcs11.patch b/bind-9.10-dist-native-pkcs11.patch index bd8e74d..65a2e83 100644 --- a/bind-9.10-dist-native-pkcs11.patch +++ b/bind-9.10-dist-native-pkcs11.patch @@ -300,10 +300,10 @@ index a058c91..d4b689a 100644 DEPLIBS = ${ISCDEPLIBS} diff --git a/configure.ac b/configure.ac -index 5e1ba8c..7aff0e6 100644 +index 5e4e839..0ef2c8f 100644 --- a/configure.ac +++ b/configure.ac -@@ -1070,12 +1070,14 @@ AC_SUBST(USE_GSSAPI) +@@ -1081,12 +1081,14 @@ AC_SUBST(USE_GSSAPI) AC_SUBST(DST_GSSAPI_INC) AC_SUBST(DNS_GSSAPI_LIBS) DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS" @@ -318,7 +318,7 @@ index 5e1ba8c..7aff0e6 100644 # # was --with-randomdev specified? -@@ -1460,11 +1462,11 @@ fi +@@ -1471,11 +1473,11 @@ fi AC_MSG_CHECKING(for OpenSSL library) OPENSSL_WARNING= openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" @@ -335,7 +335,7 @@ index 5e1ba8c..7aff0e6 100644 if test "auto" = "$use_openssl" then -@@ -1477,6 +1479,7 @@ then +@@ -1488,6 +1490,7 @@ then fi done fi @@ -343,7 +343,7 @@ index 5e1ba8c..7aff0e6 100644 OPENSSL_ECDSA="" OPENSSL_GOST="" OPENSSL_ED25519="" -@@ -1498,11 +1501,10 @@ case "$with_gost" in +@@ -1509,11 +1512,10 @@ case "$with_gost" in ;; esac @@ -358,7 +358,7 @@ index 5e1ba8c..7aff0e6 100644 CRYPTOLIB="pkcs11" OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" -@@ -1512,7 +1514,9 @@ case "$use_openssl" in +@@ -1523,7 +1525,9 @@ case "$use_openssl" in OPENSSLGOSTLINKSRCS="" OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" @@ -369,7 +369,7 @@ index 5e1ba8c..7aff0e6 100644 no) AC_MSG_RESULT(no) DST_OPENSSL_INC="" -@@ -1544,7 +1548,7 @@ case "$use_openssl" in +@@ -1555,7 +1559,7 @@ case "$use_openssl" in If you do not want OpenSSL, use --without-openssl]) ;; *) @@ -378,7 +378,7 @@ index 5e1ba8c..7aff0e6 100644 then AC_MSG_RESULT() AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.]) -@@ -1972,6 +1976,7 @@ AC_SUBST(OPENSSL_ED25519) +@@ -1983,6 +1987,7 @@ AC_SUBST(OPENSSL_ED25519) AC_SUBST(OPENSSL_GOST) DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS" @@ -386,7 +386,7 @@ index 5e1ba8c..7aff0e6 100644 ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES" if test "yes" = "$with_aes" -@@ -2295,6 +2300,7 @@ esac +@@ -2306,6 +2311,7 @@ esac AC_SUBST(PKCS11LINKOBJS) AC_SUBST(PKCS11LINKSRCS) AC_SUBST(CRYPTO) @@ -394,7 +394,7 @@ index 5e1ba8c..7aff0e6 100644 AC_SUBST(PKCS11_ECDSA) AC_SUBST(PKCS11_GOST) AC_SUBST(PKCS11_ED25519) -@@ -5425,8 +5431,11 @@ AC_CONFIG_FILES([ +@@ -5428,8 +5434,11 @@ AC_CONFIG_FILES([ bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile @@ -406,7 +406,7 @@ index 5e1ba8c..7aff0e6 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5499,6 +5508,10 @@ AC_CONFIG_FILES([ +@@ -5502,6 +5511,10 @@ AC_CONFIG_FILES([ lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile @@ -417,7 +417,7 @@ index 5e1ba8c..7aff0e6 100644 lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile -@@ -5523,6 +5536,24 @@ AC_CONFIG_FILES([ +@@ -5526,6 +5539,24 @@ AC_CONFIG_FILES([ lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile @@ -456,7 +456,7 @@ index 81270a0..bcb5312 100644 @BIND9_MAKE_RULES@ diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in -index 068bbac..d7f3d95 100644 +index 56dd259..f9aa782 100644 --- a/lib/dns-pkcs11/Makefile.in +++ b/lib/dns-pkcs11/Makefile.in @@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@ @@ -501,12 +501,8 @@ index 068bbac..d7f3d95 100644 include: gen ${MAKE} include/dns/enumtype.h -@@ -180,25 +180,25 @@ code.h: gen - ./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; } - - gen: gen.c -- ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \ -+ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \ +@@ -183,22 +183,22 @@ gen: gen.c + ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \ ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS} -timestamp: include libdns.@A@ @@ -532,7 +528,7 @@ index 068bbac..d7f3d95 100644 + rm -f libdns-pkcs11.@A@ timestamp rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h rm -f include/dns/rdatastruct.h - rm -f dnstap.pb-c.c dnstap.pb-c.h include/dns/dnstap.pb-c.h + rm -f dnstap.pb-c.c dnstap.pb-c.h diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in index 98acfff..2fd6981 100644 --- a/lib/isc-pkcs11/Makefile.in diff --git a/bind-9.11-CVE-2018-5741-atomic.patch b/bind-9.11-CVE-2018-5741-atomic.patch deleted file mode 100644 index cfbded6..0000000 --- a/bind-9.11-CVE-2018-5741-atomic.patch +++ /dev/null @@ -1,132 +0,0 @@ -From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= -Date: Wed, 17 Apr 2019 15:22:27 +0200 -Subject: [PATCH] Replace atomic operations in bin/named/client.c with - isc_refcount reference counting - ---- - bin/named/client.c | 18 +++++++----------- - bin/named/include/named/interfacemgr.h | 5 +++-- - bin/named/interfacemgr.c | 7 +++++-- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/bin/named/client.c b/bin/named/client.c -index 845326abc0..29fecadca8 100644 ---- a/bin/named/client.c -+++ b/bin/named/client.c -@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) { - static void - mark_tcp_active(ns_client_t *client, bool active) { - if (active && !client->tcpactive) { -- isc_atomic_xadd(&client->interface->ntcpactive, 1); -+ isc_refcount_increment0(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } else if (!active && client->tcpactive) { -- uint32_t old = -- isc_atomic_xadd(&client->interface->ntcpactive, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpactive, NULL); - client->tcpactive = active; - } - } -@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) { - if (client->mortal && TCP_CLIENT(client) && - client->newstate != NS_CLIENTSTATE_FREED && - !ns_g_clienttest && -- isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0) -+ isc_refcount_current(&client->interface->ntcpaccepting) == 0) - { - /* Nobody else is accepting */ - client->mortal = false; -@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - isc_result_t result; - ns_client_t *client = event->ev_arg; - isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; -- uint32_t old; - - REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN); - REQUIRE(NS_CLIENT_VALID(client)); -@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { - INSIST(client->naccepts == 1); - client->naccepts--; - -- old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1); -- INSIST(old > 0); -+ isc_refcount_decrement(&client->interface->ntcpaccepting, NULL); - - /* - * We must take ownership of the new socket before the exit -@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) { - * quota is tcp-clients plus the number of listening - * interfaces plus 1.) - */ -- exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > -- (client->tcpactive ? 1 : 0)); -+ exit = (isc_refcount_current(&client->interface->ntcpactive) > -+ (client->tcpactive ? 1U : 0U)); - if (exit) { - client->newstate = NS_CLIENTSTATE_INACTIVE; - (void)exit_check(client); -@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) { - * listening for connections itself to prevent the interface - * going dead. - */ -- isc_atomic_xadd(&client->interface->ntcpaccepting, 1); -+ isc_refcount_increment0(&client->interface->ntcpaccepting, NULL); - } - - static void -diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h -index 3535ef22a8..6e10f210fd 100644 ---- a/bin/named/include/named/interfacemgr.h -+++ b/bin/named/include/named/interfacemgr.h -@@ -45,6 +45,7 @@ - #include - #include - #include -+#include - - #include - -@@ -75,11 +76,11 @@ struct ns_interface { - /*%< UDP dispatchers. */ - isc_socket_t * tcpsocket; /*%< TCP socket. */ - isc_dscp_t dscp; /*%< "listen-on" DSCP value */ -- int32_t ntcpaccepting; /*%< Number of clients -+ isc_refcount_t ntcpaccepting; /*%< Number of clients - ready to accept new - TCP connections on this - interface */ -- int32_t ntcpactive; /*%< Number of clients -+ isc_refcount_t ntcpactive; /*%< Number of clients - servicing TCP queries - (whether accepting or - connected) */ -diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c -index d9f6df5802..135533be6b 100644 ---- a/bin/named/interfacemgr.c -+++ b/bin/named/interfacemgr.c -@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, - * connections will be handled in parallel even though there is - * only one client initially. - */ -- ifp->ntcpaccepting = 0; -- ifp->ntcpactive = 0; -+ isc_refcount_init(&ifp->ntcpaccepting, 0); -+ isc_refcount_init(&ifp->ntcpactive, 0); - - ifp->nudpdispatch = 0; - -@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) { - - ns_interfacemgr_detach(&ifp->mgr); - -+ isc_refcount_destroy(&ifp->ntcpactive); -+ isc_refcount_destroy(&ifp->ntcpaccepting); -+ - ifp->magic = 0; - isc_mem_put(mctx, ifp, sizeof(*ifp)); - } --- -2.18.1 - diff --git a/bind-9.11-feature-test-dlz.patch b/bind-9.11-feature-test-dlz.patch deleted file mode 100644 index 39e46c8..0000000 --- a/bind-9.11-feature-test-dlz.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 71627db6c8852d7805ec559506f5f3cb8d89a131 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Wed, 30 Jan 2019 15:12:54 +0100 -Subject: [PATCH] Support DLZ filesystem detection in feature-test - -Do not use variable from configure to detect the feature. ---- - bin/tests/system/Makefile.in | 2 +- - bin/tests/system/dlz/{prereq.sh.in => prereq.sh} | 2 +- - bin/tests/system/feature-test.c | 9 +++++++++ - configure.ac | 1 - - 4 files changed, 11 insertions(+), 3 deletions(-) - rename bin/tests/system/dlz/{prereq.sh.in => prereq.sh} (91%) - -diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in -index c18b4c5..dea2f75 100644 ---- a/bin/tests/system/Makefile.in -+++ b/bin/tests/system/Makefile.in -@@ -19,7 +19,7 @@ SUBDIRS = dlzexternal dyndb lwresd pipelined rndc rsabigexponent tkey - - CINCLUDES = ${ISC_INCLUDES} ${DNS_INCLUDES} - --CDEFINES = @USE_GSSAPI@ -+CDEFINES = @USE_GSSAPI@ @CONTRIB_DLZ@ - CWARNINGS = - - DNSLIBS = -diff --git a/bin/tests/system/dlz/prereq.sh.in b/bin/tests/system/dlz/prereq.sh -similarity index 91% -rename from bin/tests/system/dlz/prereq.sh.in -rename to bin/tests/system/dlz/prereq.sh -index afec653..fb3328e 100644 ---- a/bin/tests/system/dlz/prereq.sh.in -+++ b/bin/tests/system/dlz/prereq.sh -@@ -12,7 +12,7 @@ - SYSTEMTESTTOP=.. - . $SYSTEMTESTTOP/conf.sh - --if [ "@DLZ_SYSTEM_TEST@" != "filesystem" ]; then -+if ! $FEATURETEST --with-dlz-filesystem; then - echo_i "DLZ filesystem driver not supported" - exit 255 - fi -diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c -index 11863a3..428d107 100644 ---- a/bin/tests/system/feature-test.c -+++ b/bin/tests/system/feature-test.c -@@ -51,6 +51,7 @@ usage() { - fprintf(stderr, " --rpz-nsip\n"); - fprintf(stderr, " --with-idn\n"); - fprintf(stderr, " --with-lmdb\n"); -+ fprintf(stderr, " --with-dlz-filesystem\n"); - } - - int -@@ -182,6 +183,14 @@ main(int argc, char **argv) { - #endif - } - -+ if (strcmp(argv[1], "--with-dlz-filesystem") == 0) { -+#ifdef DLZ_FILESYSTEM -+ return (0); -+#else -+ return (1); -+#endif -+ } -+ - if (strcmp(argv[1], "--ipv6only=no") == 0) { - #ifdef WIN32 - return (0); -diff --git a/configure.ac b/configure.ac -index fddc63a..5e1ba8c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -5458,7 +5458,6 @@ AC_CONFIG_FILES([ - bin/tests/pkcs11/benchmarks/Makefile - bin/tests/system/Makefile - bin/tests/system/conf.sh -- bin/tests/system/dlz/prereq.sh - bin/tests/system/dlzexternal/Makefile - bin/tests/system/dlzexternal/ns1/dlzs.conf - bin/tests/system/dyndb/Makefile --- -2.20.1 - diff --git a/bind-9.11-fips-code.patch b/bind-9.11-fips-code.patch index 1640b3e..74dbb05 100644 --- a/bind-9.11-fips-code.patch +++ b/bind-9.11-fips-code.patch @@ -1,4 +1,4 @@ -From 9ff202072b286ef57e0ffcd7c55777f2994d3985 Mon Sep 17 00:00:00 2001 +From b8485528f5098e3360560d5b85c9ffc592619c55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:34:45 +0200 Subject: [PATCH] FIPS code changes @@ -267,7 +267,7 @@ index 2063a3b..8e856c5 100644 digestbits = 0; } diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index 011b118..5eabc1f 100644 +index e75b8b7..9234d35 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -80,6 +80,7 @@ @@ -396,7 +396,7 @@ index 7584efb..a153172 100644 case hmacsha1: *name = dns_tsig_hmacsha1_name; break; case hmacsha224: *name = dns_tsig_hmacsha224_name; break; diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c -index 548e0ce..509784c 100644 +index de60313..bbb3936 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -31,6 +31,7 @@ @@ -406,8 +406,8 @@ index 548e0ce..509784c 100644 +#include #include #include - #include -@@ -476,9 +477,10 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len, + #include +@@ -477,9 +478,10 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len, strlcpy(buf, hmacstr, ISC_MIN(len + 1, sizeof(buf))); #ifndef PK11_MD5_DISABLE @@ -420,7 +420,7 @@ index 548e0ce..509784c 100644 *hmac = DNS_TSIG_HMACMD5_NAME; result = isc_parse_uint16(&digestbits, &buf[9], 10); if (result != ISC_R_SUCCESS || digestbits > 128) { -@@ -591,10 +593,10 @@ setup_keystr(void) { +@@ -592,10 +594,10 @@ setup_keystr(void) { exit(1); } } else { @@ -434,7 +434,7 @@ index 548e0ce..509784c 100644 #endif name = keystr; n = s; -@@ -731,7 +733,8 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) { +@@ -732,7 +734,8 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) { switch (dst_key_alg(dstkey)) { #ifndef PK11_MD5_DISABLE case DST_ALG_HMACMD5: @@ -444,7 +444,7 @@ index 548e0ce..509784c 100644 break; #endif case DST_ALG_HMACSHA1: -@@ -1606,12 +1609,13 @@ evaluate_key(char *cmdline) { +@@ -1637,12 +1640,13 @@ evaluate_key(char *cmdline) { return (STATUS_SYNTAX); } namestr = n + 1; @@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644 dst_key_free(&dstkey); CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED); diff --git a/lib/bind9/check.c b/lib/bind9/check.c -index d6fba22..ac60ba8 100644 +index 2a0e735..dc80018 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -23,6 +23,7 @@ @@ -633,7 +633,7 @@ index d6fba22..ac60ba8 100644 #include #include #include -@@ -2589,6 +2590,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { +@@ -2590,6 +2591,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { } algorithm = cfg_obj_asstring(algobj); @@ -966,7 +966,7 @@ index 16214c6..9b235ba 100644 /* RSASHA256 */ diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c -index 4d6847e..1a208b5 100644 +index 8e5250e..9accc53 100644 --- a/lib/dns/tests/tsig_test.c +++ b/lib/dns/tests/tsig_test.c @@ -24,6 +24,7 @@ @@ -1115,7 +1115,7 @@ index 4d29398..e3f5cec 100644 #endif /* !PK11_MD5_DISABLE */ diff --git a/lib/isc/md5.c b/lib/isc/md5.c -index 920aed5..a086a57 100644 +index 249f3da..628a414 100644 --- a/lib/isc/md5.c +++ b/lib/isc/md5.c @@ -37,6 +37,7 @@ @@ -1126,7 +1126,7 @@ index 920aed5..a086a57 100644 #include #include #include -@@ -55,6 +56,9 @@ +@@ -54,6 +55,9 @@ #define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr) #endif @@ -1136,7 +1136,7 @@ index 920aed5..a086a57 100644 void isc_md5_init(isc_md5_t *ctx) { ctx->ctx = EVP_MD_CTX_new(); -@@ -86,8 +90,33 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { +@@ -85,8 +89,33 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { ctx->ctx = NULL; } @@ -1170,7 +1170,7 @@ index 920aed5..a086a57 100644 void isc_md5_init(isc_md5_t *ctx) { CK_RV rv; -@@ -130,6 +159,31 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { +@@ -129,6 +158,31 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { pk11_return_session(ctx); } @@ -1202,7 +1202,7 @@ index 920aed5..a086a57 100644 #else static void -@@ -339,6 +393,11 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { +@@ -338,6 +392,11 @@ isc_md5_final(isc_md5_t *ctx, unsigned char *digest) { memmove(digest, ctx->buf, 16); isc_safe_memwipe(ctx, sizeof(*ctx)); /* In case it's sensitive */ } diff --git a/bind-9.11-fips-tests.patch b/bind-9.11-fips-tests.patch index b86b783..b33e1bc 100644 --- a/bind-9.11-fips-tests.patch +++ b/bind-9.11-fips-tests.patch @@ -1,4 +1,4 @@ -From 4e6888c1d32071ead4b7faeeb0f1774a6d8a1120 Mon Sep 17 00:00:00 2001 +From 230ca0ddbc95a043933c36c1d182f85cf0dcc971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:46:45 +0200 Subject: [PATCH] FIPS tests changes @@ -76,17 +76,14 @@ Date: Wed Mar 7 10:44:23 2018 +0100 bin/tests/system/catz/ns2/named.conf.in | 2 +- bin/tests/system/checkconf/bad-tsig.conf | 2 +- bin/tests/system/checkconf/good.conf | 2 +- - bin/tests/system/digdelv/ns2/example.db | 15 ++-- + bin/tests/system/digdelv/ns2/example.db | 15 +++-- bin/tests/system/digdelv/tests.sh | 28 ++++---- bin/tests/system/dlv/ns1/sign.sh | 4 +- bin/tests/system/dlv/ns2/sign.sh | 4 +- - bin/tests/system/dlv/ns3/sign.sh | 69 ++++++++++--------- bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++--------- - bin/tests/system/dnssec/ns1/sign.sh | 4 +- - bin/tests/system/dnssec/ns2/sign.sh | 12 ++-- - bin/tests/system/dnssec/ns3/sign.sh | 20 +++--- + bin/tests/system/dnssec/ns2/sign.sh | 8 +-- bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +- - bin/tests/system/dnssec/tests.sh | 8 +-- + bin/tests/system/dnssec/tests.sh | 4 +- bin/tests/system/feature-test.c | 14 ++++ bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +- bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +- @@ -101,11 +98,11 @@ Date: Wed Mar 7 10:44:23 2018 +0100 bin/tests/system/tsig/clean.sh | 1 + bin/tests/system/tsig/ns1/named.conf.in | 10 +-- bin/tests/system/tsig/setup.sh | 5 ++ - bin/tests/system/tsig/tests.sh | 67 +++++++++++------- + bin/tests/system/tsig/tests.sh | 67 ++++++++++++------- bin/tests/system/tsiggss/setup.sh | 2 +- bin/tests/system/upforwd/ns1/named.conf.in | 2 +- bin/tests/system/upforwd/tests.sh | 2 +- - 47 files changed, 277 insertions(+), 225 deletions(-) + 44 files changed, 226 insertions(+), 175 deletions(-) diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in index 0ea6502..026db3f 100644 @@ -602,37 +599,37 @@ index f4e30f5..9f53e31 100644 ; TTL of 3 weeks weeks 1814400 A 10.53.0.2 diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh -index 24aa7b3..54a3e2a 100644 +index 1657dfd..299ba94 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh -@@ -61,7 +61,7 @@ if [ -x ${DIG} ] ; then +@@ -88,7 +88,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +multi +norrcomments works for dnskey (when default is rrcomments)($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 - grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1 + grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1 + check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - -@@ -69,7 +69,7 @@ if [ -x ${DIG} ] ; then +@@ -97,7 +97,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +multi +norrcomments works for soa (when default is rrcomments)($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > dig.out.test$n || ret=1 - grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1 + grep "; ZSK; alg = RSASHA256 ; key id = 36895" < dig.out.test$n > /dev/null && ret=1 + check_ttl_range dig.out.test$n "SOA" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - -@@ -77,7 +77,7 @@ if [ -x ${DIG} ] ; then +@@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +rrcomments works for DNSKEY($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 - grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null || ret=1 + grep "; ZSK; alg = RSASHA256 ; key id = 36895$" < dig.out.test$n > /dev/null || ret=1 + check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - -@@ -85,7 +85,7 @@ if [ -x ${DIG} ] ; then +@@ -115,7 +115,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +rrcomments works for DNSKEY ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -641,7 +638,7 @@ index 24aa7b3..54a3e2a 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -93,7 +93,7 @@ if [ -x ${DIG} ] ; then +@@ -123,7 +123,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +nosplit works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -650,7 +647,7 @@ index 24aa7b3..54a3e2a 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -101,7 +101,7 @@ if [ -x ${DIG} ] ; then +@@ -131,7 +131,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +rrcomments works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -659,7 +656,7 @@ index 24aa7b3..54a3e2a 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -117,7 +117,7 @@ if [ -x ${DIG} ] ; then +@@ -148,7 +148,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +rrcomments works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -668,34 +665,34 @@ index 24aa7b3..54a3e2a 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -564,7 +564,7 @@ if [ -x ${DELV} ] ; then +@@ -661,7 +661,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 - grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1 + grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1 + check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - -@@ -572,7 +572,7 @@ if [ -x ${DELV} ] ; then +@@ -670,7 +670,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1 - grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1 + grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null && ret=1 + check_ttl_range delv.out.test$n "SOA" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - -@@ -580,7 +580,7 @@ if [ -x ${DELV} ] ; then +@@ -679,7 +679,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +rrcomments works for DNSKEY($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 - grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null || ret=1 + grep "; ZSK; alg = RSASHA256 ; key id = 36895" < delv.out.test$n > /dev/null || ret=1 + check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - -@@ -588,7 +588,7 @@ if [ -x ${DELV} ] ; then +@@ -688,7 +688,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +rrcomments works for DNSKEY ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -704,7 +701,7 @@ index 24aa7b3..54a3e2a 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -596,7 +596,7 @@ if [ -x ${DELV} ] ; then +@@ -696,7 +696,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +rrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -713,7 +710,7 @@ index 24aa7b3..54a3e2a 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -604,7 +604,7 @@ if [ -x ${DELV} ] ; then +@@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +nosplit works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -722,7 +719,7 @@ index 24aa7b3..54a3e2a 100644 if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi f=`awk '{print NF}' < delv.out.test$n` test "${f:-0}" -eq 14 || ret=1 -@@ -615,7 +615,7 @@ if [ -x ${DELV} ] ; then +@@ -715,7 +715,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +nosplit +norrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -732,22 +729,22 @@ index 24aa7b3..54a3e2a 100644 f=`awk '{print NF}' < delv.out.test$n` test "${f:-0}" -eq 4 || ret=1 diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh -index b815162..2a62e58 100755 +index 606e7cc..a3a0d60 100755 --- a/bin/tests/system/dlv/ns1/sign.sh +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -23,8 +23,8 @@ infile=root.db.in zonefile=root.db outfile=root.signed --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null` ++keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh -index 6f84d7a..e128303 100755 +index 9825c57..202c978 100755 --- a/bin/tests/system/dlv/ns2/sign.sh +++ b/bin/tests/system/dlv/ns2/sign.sh @@ -24,8 +24,8 @@ zonefile=druz.db @@ -761,205 +758,6 @@ index 6f84d7a..e128303 100755 cat $infile $keyname1.key $keyname2.key >$zonefile -diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh -index bcc9922..846dbcc 100755 ---- a/bin/tests/system/dlv/ns3/sign.sh -+++ b/bin/tests/system/dlv/ns3/sign.sh -@@ -19,6 +19,7 @@ echo_i "dlv/ns3/sign.sh" - dlvzone=dlv.utld. - dlvsets= - dssets= -+bits=1024 - - zone=child1.utld. - infile=child.db.in -@@ -26,8 +27,8 @@ zonefile=child1.utld.db - outfile=child1.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -42,8 +43,8 @@ zonefile=child3.utld.db - outfile=child3.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -58,8 +59,8 @@ zonefile=child4.utld.db - outfile=child4.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -73,8 +74,8 @@ zonefile=child5.utld.db - outfile=child5.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -88,8 +89,8 @@ infile=child.db.in - zonefile=child7.utld.db - outfile=child7.signed - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -103,8 +104,8 @@ infile=child.db.in - zonefile=child8.utld.db - outfile=child8.signed - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -118,8 +119,8 @@ zonefile=child9.utld.db - outfile=child9.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -132,8 +133,8 @@ zonefile=child10.utld.db - outfile=child10.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -147,8 +148,8 @@ outfile=child1.druz.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -164,8 +165,8 @@ outfile=child3.druz.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -181,8 +182,8 @@ outfile=child4.druz.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -197,8 +198,8 @@ outfile=child5.druz.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -213,8 +214,8 @@ zonefile=child7.druz.db - outfile=child7.druz.signed - dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP - cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile -@@ -228,8 +229,8 @@ infile=child.db.in - zonefile=child8.druz.db - outfile=child8.druz.signed - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -243,8 +244,8 @@ zonefile=child9.druz.db - outfile=child9.druz.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -258,8 +259,8 @@ outfile=child10.druz.signed - dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" - dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -272,8 +273,8 @@ infile=dlv.db.in - zonefile=dlv.utld.db - outfile=dlv.signed - --keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` --keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` -+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` -+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b $bits -n zone $zone 2> /dev/null` - - cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile - diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh index 1e39862..4ed19ac 100755 --- a/bin/tests/system/dlv/ns6/sign.sh @@ -1147,43 +945,11 @@ index 1e39862..4ed19ac 100755 cat $infile $keyname1.key $keyname2.key >$zonefile -diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh -index 198d60a..d89a539 100644 ---- a/bin/tests/system/dnssec/ns1/sign.sh -+++ b/bin/tests/system/dnssec/ns1/sign.sh -@@ -27,7 +27,7 @@ cp ../ns2/dsset-in-addr.arpa$TP . - grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP - cp ../ns6/dsset-optout-tld$TP . - --keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone` - - cat $infile $keyname.key > $zonefile - -@@ -48,6 +48,6 @@ cp managed.conf ../ns4/managed.conf - # - # Save keyid for managed key id test. - # --keyid=`expr $keyname : 'K.+001+\(.*\)'` -+keyid=`expr $keyname : 'K.+008+\([0-9]*\)'` - keyid=`expr $keyid + 0` - echo "$keyid" > managed.key.id diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh -index ca18608..25b6cab 100644 +index b93651a..09b12ba 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh -@@ -30,8 +30,8 @@ do - cp ../ns3/dsset-$subdomain.example$TP . - done - --keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone` --keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone` -+keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone` -+keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -91,8 +91,8 @@ zone=in-addr.arpa. +@@ -126,8 +126,8 @@ zone=in-addr.arpa. infile=in-addr.arpa.db.in zonefile=in-addr.arpa.db @@ -1194,7 +960,7 @@ index ca18608..25b6cab 100644 cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null -@@ -103,7 +103,7 @@ privzone=private.secure.example. +@@ -138,7 +138,7 @@ privzone=private.secure.example privinfile=private.secure.example.db.in privzonefile=private.secure.example.db @@ -1203,102 +969,15 @@ index ca18608..25b6cab 100644 cat $privinfile $privkeyname.key >$privzonefile -@@ -117,7 +117,7 @@ dlvinfile=dlv.db.in +@@ -152,7 +152,7 @@ dlvinfile=dlv.db.in dlvzonefile=dlv.db - dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP + dlvsetfile=dlvset-${privzone}${TP} -dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone` +dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $dlvzone` cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile -diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh -index ff55d84..4f6a251 100644 ---- a/bin/tests/system/dnssec/ns3/sign.sh -+++ b/bin/tests/system/dnssec/ns3/sign.sh -@@ -28,7 +28,7 @@ zone=bogus.example. - infile=bogus.example.db.in - zonefile=bogus.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone` - - cat $infile $keyname.key >$zonefile - -@@ -38,8 +38,8 @@ zone=dynamic.example. - infile=dynamic.example.db.in - zonefile=dynamic.example.db - --keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` --keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone` -+keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone` -+keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone -f KSK $zone` - - cat $infile $keyname1.key $keyname2.key >$zonefile - -@@ -49,7 +49,7 @@ zone=keyless.example. - infile=generic.example.db.in - zonefile=keyless.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone` - - cat $infile $keyname.key >$zonefile - -@@ -69,7 +69,7 @@ zone=secure.nsec3.example. - infile=secure.nsec3.example.db.in - zonefile=secure.nsec3.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone` - - cat $infile $keyname.key >$zonefile - -@@ -82,7 +82,7 @@ zone=nsec3.nsec3.example. - infile=nsec3.nsec3.example.db.in - zonefile=nsec3.nsec3.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` - - cat $infile $keyname.key >$zonefile - -@@ -95,7 +95,7 @@ zone=optout.nsec3.example. - infile=optout.nsec3.example.db.in - zonefile=optout.nsec3.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` - - cat $infile $keyname.key >$zonefile - -@@ -108,7 +108,7 @@ zone=nsec3.example. - infile=nsec3.example.db.in - zonefile=nsec3.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` - - cat $infile $keyname.key >$zonefile - -@@ -121,7 +121,7 @@ zone=secure.optout.example. - infile=secure.optout.example.db.in - zonefile=secure.optout.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone` - - cat $infile $keyname.key >$zonefile - -@@ -533,7 +533,7 @@ zone=badds.example. - infile=bogus.example.db.in - zonefile=badds.example.db - --keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` -+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone $zone` - - cat $infile $keyname.key >$zonefile - diff --git a/bin/tests/system/dnssec/ns5/trusted.conf.bad b/bin/tests/system/dnssec/ns5/trusted.conf.bad index ed30460..e6b1126 100644 --- a/bin/tests/system/dnssec/ns5/trusted.conf.bad @@ -1311,28 +990,10 @@ index ed30460..e6b1126 100644 + "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV"; }; diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh -index 646434f..9a10f9f 100644 +index 51dc117..48cb34b 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh -@@ -1688,7 +1688,7 @@ ret=0 - $RNDCCMD 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i - keyid=`cat ns1/managed.key.id` - cp ns4/named.secroots named.secroots.test$n --linecount=`grep "./RSAMD5/$keyid ; trusted" named.secroots.test$n | wc -l` -+linecount=`grep "./RSASHA256/$keyid ; trusted" named.secroots.test$n | wc -l` - [ "$linecount" -eq 1 ] || ret=1 - linecount=`cat named.secroots.test$n | wc -l` - [ "$linecount" -eq 10 ] || ret=1 -@@ -3016,7 +3016,7 @@ echo_i "check dig's +nocrypto flag ($n)" - ret=0 - $DIG $DIGOPTS +norec +nocrypto DNSKEY . \ - @10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1 --grep '256 3 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 -+grep '256 3 8 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 - grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 - $DIG $DIGOPTS +norec +nocrypto DS example \ - @10.53.0.1 > dig.out.ds.ns1.test$n || ret=1 -@@ -3128,8 +3128,8 @@ do +@@ -3227,8 +3227,8 @@ do alg=`expr $alg + 1` continue;; 3) size="-b 512";; @@ -1344,7 +1005,7 @@ index 646434f..9a10f9f 100644 8) size="-b 512";; 10) size="-b 1024";; diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c -index f934b63..11863a3 100644 +index 3ac34e8..428d107 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -19,6 +19,7 @@ @@ -1363,7 +1024,7 @@ index f934b63..11863a3 100644 fprintf(stderr, " --rpz-nsdname\n"); fprintf(stderr, " --rpz-nsip\n"); fprintf(stderr, " --with-idn\n"); -@@ -136,6 +138,18 @@ main(int argc, char **argv) { +@@ -137,6 +139,18 @@ main(int argc, char **argv) { #endif } @@ -1488,10 +1149,10 @@ index 4549184..cb7dccd 100644 }; diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh -index 45dfeeb..594db77 100644 +index 21805c5..0d3d85c 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh -@@ -63,7 +63,12 @@ EOF +@@ -58,7 +58,12 @@ EOF $DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key @@ -1506,10 +1167,10 @@ index 45dfeeb..594db77 100644 $DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key $DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh -index 901cd22..b72b59c 100755 +index 4da4849..b3bc807 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh -@@ -700,7 +700,14 @@ fi +@@ -708,7 +708,14 @@ fi n=`expr $n + 1` ret=0 echo_i "check TSIG key algorithms ($n)" @@ -1525,7 +1186,7 @@ index 901cd22..b72b59c 100755 $NSUPDATE -k ns1/${alg}.key < /dev/null || ret=1 server 10.53.0.1 ${PORT} update add ${alg}.keytests.nil. 600 A 10.10.10.3 -@@ -708,7 +715,7 @@ send +@@ -716,7 +723,7 @@ send END done sleep 2 diff --git a/bind-9.11-rt31459.patch b/bind-9.11-rt31459.patch index e24aa8d..1eee414 100644 --- a/bind-9.11-rt31459.patch +++ b/bind-9.11-rt31459.patch @@ -1,4 +1,4 @@ -From 99fc89de7b96713a7c82ea9b98d5bc0c70ad1f6e Mon Sep 17 00:00:00 2001 +From 255fdf0b549ab2f138443ead0ac81bf864612217 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 12 Sep 2017 19:05:46 -0700 Subject: [PATCH] rebased rt31459c @@ -22,7 +22,7 @@ Include new unit test bin/dnssec/dnssec-verify.c | 8 +- bin/dnssec/dnssectool.c | 11 +- bin/named/server.c | 6 + - bin/nsupdate/nsupdate.c | 18 +- + bin/nsupdate/nsupdate.c | 14 +- bin/tests/makejournal.c | 6 +- bin/tests/system/pipelined/pipequeries.c | 21 +- bin/tests/system/pipelined/tests.sh | 4 +- @@ -49,7 +49,7 @@ Include new unit test lib/isc/pk11.c | 12 +- lib/isc/win32/include/isc/platform.h.in | 5 + win32utils/Configure | 29 ++- - 36 files changed, 707 insertions(+), 175 deletions(-) + 36 files changed, 703 insertions(+), 175 deletions(-) create mode 100644 lib/dns/tests/dstrandom_test.c diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c @@ -71,7 +71,7 @@ index 5015abb..295e16f 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c -index 931d5de..864f2ad 100644 +index 060892b..c2cc9c7 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -494,14 +494,14 @@ main(int argc, char **argv) { @@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644 usekeyboard); diff --git a/bin/named/server.c b/bin/named/server.c -index b63a386..30e7eac 100644 +index 0abbbed..405ff71 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -36,6 +36,7 @@ @@ -324,18 +324,10 @@ index b63a386..30e7eac 100644 } } diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c -index 509784c..6d7a02e 100644 +index bbb3936..0286987 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c -@@ -35,6 +35,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -271,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { +@@ -272,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { if (*ectx == NULL) { result = isc_entropy_create(mctx, ectx); if (result != ISC_R_SUCCESS) @@ -345,7 +337,7 @@ index 509784c..6d7a02e 100644 ISC_LIST_INIT(sources); } -@@ -280,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { +@@ -281,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { randomfile = NULL; } @@ -359,7 +351,7 @@ index 509784c..6d7a02e 100644 result = isc_entropy_usebestsource(*ectx, &source, randomfile, usekeyboard); -@@ -950,11 +959,11 @@ setup_system(void) { +@@ -979,11 +987,11 @@ setup_system(void) { } } @@ -373,16 +365,6 @@ index 509784c..6d7a02e 100644 result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr); check_result(result, "dns_dispatchmgr_create"); -@@ -978,6 +987,9 @@ setup_system(void) { - check_result(result, "dst_lib_init"); - is_dst_up = true; - -+ /* moved after dst_lib_init() */ -+ isc_hash_init(); -+ - attrmask = DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP; - attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6; - diff --git a/bin/tests/makejournal.c b/bin/tests/makejournal.c index 61a41b0..acc71a1 100644 --- a/bin/tests/makejournal.c @@ -707,7 +689,7 @@ index b27fc1d..e28871b 100644 parse_args(false, argc, argv); if (server == NULL) diff --git a/configure b/configure -index e425720..4f09c96 100755 +index b219e16..4da30b9 100755 --- a/configure +++ b/configure @@ -640,6 +640,7 @@ ac_includes_default="\ @@ -718,7 +700,7 @@ index e425720..4f09c96 100755 BUILD_LIBS BUILD_LDFLAGS BUILD_CPPFLAGS -@@ -824,6 +825,7 @@ XMLSTATS +@@ -823,6 +824,7 @@ XMLSTATS NZDTARGETS NZDSRCS NZD_TOOLS @@ -726,7 +708,7 @@ index e425720..4f09c96 100755 PKCS11_TEST PKCS11_ED25519 PKCS11_GOST -@@ -1039,6 +1041,7 @@ with_eddsa +@@ -1038,6 +1040,7 @@ with_eddsa with_aes enable_openssl_hash with_cc_alg @@ -734,7 +716,7 @@ index e425720..4f09c96 100755 with_lmdb with_libxml2 with_libjson -@@ -1735,6 +1738,7 @@ Optional Features: +@@ -1734,6 +1737,7 @@ Optional Features: --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=no] @@ -742,7 +724,7 @@ index e425720..4f09c96 100755 --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace -@@ -16684,6 +16688,7 @@ case "$use_openssl" in +@@ -16686,6 +16690,7 @@ case "$use_openssl" in $as_echo "disabled because of native PKCS11" >&6; } DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -750,7 +732,7 @@ index e425720..4f09c96 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16698,6 +16703,7 @@ $as_echo "disabled because of native PKCS11" >&6; } +@@ -16700,6 +16705,7 @@ $as_echo "disabled because of native PKCS11" >&6; } $as_echo "no" >&6; } DST_OPENSSL_INC="" CRYPTO="" @@ -758,7 +740,7 @@ index e425720..4f09c96 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16710,6 +16716,7 @@ $as_echo "no" >&6; } +@@ -16712,6 +16718,7 @@ $as_echo "no" >&6; } auto) DST_OPENSSL_INC="" CRYPTO="" @@ -766,7 +748,7 @@ index e425720..4f09c96 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16719,7 +16726,7 @@ $as_echo "no" >&6; } +@@ -16721,7 +16728,7 @@ $as_echo "no" >&6; } OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -775,7 +757,7 @@ index e425720..4f09c96 100755 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -16750,6 +16757,7 @@ $as_echo "not found" >&6; } +@@ -16752,6 +16759,7 @@ $as_echo "not found" >&6; } as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi CRYPTO='-DOPENSSL' @@ -783,7 +765,7 @@ index e425720..4f09c96 100755 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -17411,8 +17419,6 @@ fi +@@ -17413,8 +17421,6 @@ fi # Use OpenSSL for hash functions # @@ -792,7 +774,7 @@ index e425720..4f09c96 100755 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -17787,6 +17793,86 @@ if test "rt" = "$have_clock_gt"; then +@@ -17789,6 +17795,86 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -879,7 +861,7 @@ index e425720..4f09c96 100755 # # was --with-lmdb specified? # -@@ -19869,9 +19955,12 @@ _ACEOF +@@ -19871,9 +19957,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 $as_echo "size_t for buflen; int for flags" >&6; } @@ -894,7 +876,7 @@ index e425720..4f09c96 100755 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h -@@ -21186,12 +21275,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -21188,12 +21277,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -908,7 +890,7 @@ index e425720..4f09c96 100755 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -@@ -21224,6 +21308,11 @@ cat >>confdefs.h <<_ACEOF +@@ -21226,6 +21310,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF @@ -920,7 +902,7 @@ index e425720..4f09c96 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21232,39 +21321,6 @@ _ACEOF +@@ -21234,39 +21323,6 @@ _ACEOF fi ;; x86_64-*|amd64-*) @@ -960,7 +942,7 @@ index e425720..4f09c96 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21295,6 +21351,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } +@@ -21297,6 +21353,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } $as_echo "$arch" >&6; } fi @@ -971,7 +953,7 @@ index e425720..4f09c96 100755 if test "yes" = "$have_atomic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 $as_echo_n "checking compiler support for inline assembly code... " >&6; } -@@ -23848,6 +23908,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" +@@ -23896,6 +23956,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" # dlzdir='${DLZ_DRIVER_DIR}' @@ -1002,7 +984,7 @@ index e425720..4f09c96 100755 # # Private autoconf macro to simplify configuring drivers: # -@@ -24178,11 +24262,11 @@ $as_echo "no" >&6; } +@@ -24226,11 +24310,11 @@ $as_echo "no" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } ;; *) @@ -1017,7 +999,7 @@ index e425720..4f09c96 100755 fi CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" -@@ -24267,7 +24351,7 @@ $as_echo "" >&6; } +@@ -24315,7 +24399,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). @@ -1026,7 +1008,7 @@ index e425720..4f09c96 100755 # include a blank element first for d in "" $bdb_incdirs do -@@ -24292,57 +24376,9 @@ $as_echo "" >&6; } +@@ -24340,57 +24424,9 @@ $as_echo "" >&6; } bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" for d in $bdb_libnames do @@ -1086,7 +1068,7 @@ index e425720..4f09c96 100755 break fi done -@@ -24501,10 +24537,10 @@ $as_echo "no" >&6; } +@@ -24549,10 +24585,10 @@ $as_echo "no" >&6; } DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" fi @@ -1100,7 +1082,7 @@ index e425720..4f09c96 100755 fi -@@ -24590,11 +24626,11 @@ fi +@@ -24638,11 +24674,11 @@ fi odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do @@ -1114,7 +1096,7 @@ index e425720..4f09c96 100755 break fi done -@@ -24869,6 +24905,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" +@@ -24917,6 +24953,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -1123,7 +1105,7 @@ index e425720..4f09c96 100755 # # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody -@@ -27248,6 +27286,8 @@ report() { +@@ -27295,6 +27333,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1132,7 +1114,7 @@ index e425720..4f09c96 100755 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -27288,6 +27328,8 @@ report() { +@@ -27335,6 +27375,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1141,7 +1123,7 @@ index e425720..4f09c96 100755 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -27335,6 +27377,8 @@ report() { +@@ -27382,6 +27424,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1151,10 +1133,10 @@ index e425720..4f09c96 100755 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/configure.ac b/configure.ac -index 7c5ad51..fddc63a 100644 +index 7fd192c..5e4e839 100644 --- a/configure.ac +++ b/configure.ac -@@ -1503,6 +1503,7 @@ case "$use_openssl" in +@@ -1514,6 +1514,7 @@ case "$use_openssl" in AC_MSG_RESULT(disabled because of native PKCS11) DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -1162,7 +1144,7 @@ index 7c5ad51..fddc63a 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1516,6 +1517,7 @@ case "$use_openssl" in +@@ -1527,6 +1528,7 @@ case "$use_openssl" in AC_MSG_RESULT(no) DST_OPENSSL_INC="" CRYPTO="" @@ -1170,7 +1152,7 @@ index 7c5ad51..fddc63a 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1528,6 +1530,7 @@ case "$use_openssl" in +@@ -1539,6 +1541,7 @@ case "$use_openssl" in auto) DST_OPENSSL_INC="" CRYPTO="" @@ -1178,7 +1160,7 @@ index 7c5ad51..fddc63a 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1538,7 +1541,7 @@ case "$use_openssl" in +@@ -1549,7 +1552,7 @@ case "$use_openssl" in OPENSSLLINKSRCS="" AC_MSG_ERROR( [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -1187,7 +1169,7 @@ index 7c5ad51..fddc63a 100644 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -1568,6 +1571,7 @@ If you don't want OpenSSL, use --without-openssl]) +@@ -1579,6 +1582,7 @@ If you don't want OpenSSL, use --without-openssl]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) fi CRYPTO='-DOPENSSL' @@ -1195,7 +1177,7 @@ index 7c5ad51..fddc63a 100644 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -2041,7 +2045,6 @@ fi +@@ -2052,7 +2056,6 @@ fi # Use OpenSSL for hash functions # @@ -1203,7 +1185,7 @@ index 7c5ad51..fddc63a 100644 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -2313,6 +2316,67 @@ if test "rt" = "$have_clock_gt"; then +@@ -2324,6 +2327,67 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -1271,7 +1253,7 @@ index 7c5ad51..fddc63a 100644 # # was --with-lmdb specified? # -@@ -4109,12 +4173,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -4120,12 +4184,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -1285,7 +1267,7 @@ index 7c5ad51..fddc63a 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -4123,7 +4187,6 @@ if test "yes" = "$use_atomic"; then +@@ -4134,7 +4198,6 @@ if test "yes" = "$use_atomic"; then fi ;; x86_64-*|amd64-*) @@ -1293,7 +1275,7 @@ index 7c5ad51..fddc63a 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -5541,6 +5604,8 @@ report() { +@@ -5543,6 +5606,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1302,7 +1284,7 @@ index 7c5ad51..fddc63a 100644 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -5581,6 +5646,8 @@ report() { +@@ -5583,6 +5648,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1311,7 +1293,7 @@ index 7c5ad51..fddc63a 100644 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -5628,6 +5695,8 @@ report() { +@@ -5630,6 +5697,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -2034,10 +2016,10 @@ index 5b8a2c9..913a2ce 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure -index ad99f89..2c55946 100644 +index 27b00af..7e35d60 100644 --- a/win32utils/Configure +++ b/win32utils/Configure -@@ -381,6 +381,7 @@ my @substdefh = ("AES_CC", +@@ -380,6 +380,7 @@ my @substdefh = ("AES_CC", my %configdefp; my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP", @@ -2045,7 +2027,7 @@ index ad99f89..2c55946 100644 "ISC_PLATFORM_HAVEATOMICSTORE", "ISC_PLATFORM_HAVEATOMICSTOREQ", "ISC_PLATFORM_HAVECMPXCHG", -@@ -510,7 +511,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); +@@ -509,7 +510,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); # enable-xxx/disable-xxx @@ -2055,7 +2037,7 @@ index ad99f89..2c55946 100644 "fixed-rrset", "intrinsics", "isc-spnego", -@@ -573,6 +575,7 @@ my @help = ( +@@ -572,6 +574,7 @@ my @help = ( "\nOptional Features:\n", " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", @@ -2063,7 +2045,7 @@ index ad99f89..2c55946 100644 " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", -@@ -617,7 +620,9 @@ my $want_clean = "no"; +@@ -616,7 +619,9 @@ my $want_clean = "no"; my $want_unknown = "no"; my $unknown_value; my $enable_intrinsics = "yes"; @@ -2073,7 +2055,7 @@ index ad99f89..2c55946 100644 my $enable_openssl_hash = "auto"; my $enable_filter_aaaa = "yes"; my $enable_isc_spnego = "yes"; -@@ -828,6 +833,10 @@ sub myenable { +@@ -834,6 +839,10 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_native_pkcs11 = "yes"; } @@ -2084,7 +2066,7 @@ index ad99f89..2c55946 100644 } elsif ($key =~ /^openssl-hash$/i) { if ($val =~ /^yes$/i) { $enable_openssl_hash = "yes"; -@@ -1119,6 +1128,11 @@ if ($verbose) { +@@ -1125,6 +1134,11 @@ if ($verbose) { } else { print "native-pkcs11: disabled\n"; } @@ -2096,7 +2078,7 @@ index ad99f89..2c55946 100644 if ($enable_openssl_hash eq "yes") { print "openssl-hash: enabled\n"; } else { -@@ -1472,6 +1486,7 @@ if ($enable_intrinsics eq "yes") { +@@ -1478,6 +1492,7 @@ if ($enable_intrinsics eq "yes") { # enable-native-pkcs11 if ($enable_native_pkcs11 eq "yes") { @@ -2104,7 +2086,7 @@ index ad99f89..2c55946 100644 if ($use_openssl eq "auto") { $use_openssl = "no"; } -@@ -1681,6 +1696,7 @@ if ($use_openssl eq "yes") { +@@ -1687,6 +1702,7 @@ if ($use_openssl eq "yes") { $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); } @@ -2112,7 +2094,7 @@ index ad99f89..2c55946 100644 $configcond{"OPENSSL"} = 1; $configdefd{"CRYPTO"} = "OPENSSL"; $configvar{"OPENSSL_PATH"} = "$openssl_path"; -@@ -2232,6 +2248,15 @@ if ($cookie_algorithm eq "sha1") { +@@ -2238,6 +2254,15 @@ if ($cookie_algorithm eq "sha1") { die "Unrecognized cookie algorithm: $cookie_algorithm\n"; } @@ -2128,7 +2110,7 @@ index ad99f89..2c55946 100644 # enable-openssl-hash if ($enable_openssl_hash eq "yes") { if ($use_openssl eq "no") { -@@ -3558,6 +3583,7 @@ exit 0; +@@ -3564,6 +3589,7 @@ exit 0; # --enable-developer partially supported # --enable-newstats (9.9/9.9sub only) # --enable-native-pkcs11 supported @@ -2136,7 +2118,7 @@ index ad99f89..2c55946 100644 # --enable-openssl-version-check included without a way to disable it # --enable-openssl-hash supported # --enable-threads included without a way to disable it -@@ -3583,6 +3609,7 @@ exit 0; +@@ -3589,6 +3615,7 @@ exit 0; # --with-gost supported # --with-aes supported # --with-cc-alg supported diff --git a/bind-9.11-tests-variants.patch b/bind-9.11-tests-variants.patch index 55f4491..d983671 100644 --- a/bind-9.11-tests-variants.patch +++ b/bind-9.11-tests-variants.patch @@ -1,4 +1,4 @@ -From 7d689f77714430a4ef6cead040ec304dca0b8bd3 Mon Sep 17 00:00:00 2001 +From 06a22ff20ac3d68fa1f995c91068b43392425e43 Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Fri, 1 Mar 2019 15:48:20 +0100 Subject: [PATCH] Make alternative named builds testable in system tests @@ -17,19 +17,19 @@ export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in -index b072af8..d2cb8ed 100644 +index 4b0fe39..f135af6 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in -@@ -27,7 +27,7 @@ ALTERNATIVE_ALGORITHM=RSASHA1 - ALTERNATIVE_ALGORITHM_NUMBER=5 - ALTERNATIVE_BITS=1280 +@@ -34,7 +34,7 @@ DISABLED_ALGORITHM=ECDSAP384SHA384 + DISABLED_ALGORITHM_NUMBER=14 + DISABLED_BITS=384 -NAMED=$TOP/bin/named/named +NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT} # We must use "named -l" instead of "lwresd" because argv[0] is lost # if the program is libtoolized. LWRESD="$TOP/bin/named/named -l" -@@ -38,13 +38,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate +@@ -45,13 +45,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen @@ -51,7 +51,7 @@ index b072af8..d2cb8ed 100644 CHECKDS=$TOP/bin/python/dnssec-checkds COVERAGE=$TOP/bin/python/dnssec-coverage KEYMGR=$TOP/bin/python/dnssec-keymgr -@@ -64,7 +65,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read +@@ -71,7 +72,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read MDIG=$TOP/bin/tools/mdig NZD2NZF=$TOP/bin/tools/named-nzd2nzf FSTRM_CAPTURE=@FSTRM_CAPTURE@ diff --git a/bind-9.11-unit-dnstap-pkcs11.patch b/bind-9.11-unit-dnstap-pkcs11.patch deleted file mode 100644 index 60cc1cd..0000000 --- a/bind-9.11-unit-dnstap-pkcs11.patch +++ /dev/null @@ -1,38 +0,0 @@ -From dca9eea70cb33062905aefc389266da931e9d0d6 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Thu, 14 Mar 2019 15:48:37 +0100 -Subject: [PATCH] Set TZ again before dns library is initialized - -PKCS11 uses it, initializes TZ offset from dst init. Setting environment -in test is too late since use of cmocka. ---- - lib/dns/tests/dnstap_test.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c -index 22d6dc3..5a60b12 100644 ---- a/lib/dns/tests/dnstap_test.c -+++ b/lib/dns/tests/dnstap_test.c -@@ -309,9 +309,6 @@ totext_test(void **state) { - - UNUSED(state); - -- /* make sure text conversion gets the right local time */ -- setenv("TZ", "PST8", 1); -- - result = dns_dt_open(TAPSAVED, dns_dtmode_file, mctx, &handle); - assert_int_equal(result, ISC_R_SUCCESS); - -@@ -378,6 +375,9 @@ main(void) { - cmocka_unit_test_setup_teardown(totext_test, _setup, _teardown), - }; - -+ /* make sure text conversion gets the right local time */ -+ setenv("TZ", "PST8", 1); -+ - return (cmocka_run_group_tests(tests, dns_test_init, dns_test_final)); - #else - print_message("1..0 # Skip dnstap not enabled\n"); --- -2.20.1 - diff --git a/bind-9.11-unit-timer-nothread.patch b/bind-9.11-unit-timer-nothread.patch deleted file mode 100644 index f913724..0000000 --- a/bind-9.11-unit-timer-nothread.patch +++ /dev/null @@ -1,49 +0,0 @@ -From c88ba11ced1311e91a73ffdf42114ed14a805725 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Thu, 14 Mar 2019 21:05:34 +0100 -Subject: [PATCH] Workaround to kyua bug - -Kyua 0.13 is not able to correctly handle whole test skipping. -Make workaround to it, include skipping message. ---- - lib/isc/tests/timer_test.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/lib/isc/tests/timer_test.c b/lib/isc/tests/timer_test.c -index f69f2b3..050cf6d 100644 ---- a/lib/isc/tests/timer_test.c -+++ b/lib/isc/tests/timer_test.c -@@ -573,14 +573,13 @@ purge(void **state) { - - int - main(int argc, char **argv) { -- const struct CMUnitTest tests[] = { - #ifdef ISC_PLATFORM_USETHREADS -+ const struct CMUnitTest tests[] = { - cmocka_unit_test_setup_teardown(ticker, _setup, _teardown), - cmocka_unit_test_setup_teardown(once_life, _setup, _teardown), - cmocka_unit_test_setup_teardown(once_idle, _setup, _teardown), - cmocka_unit_test_setup_teardown(reset, _setup, _teardown), - cmocka_unit_test_setup_teardown(purge, _setup, _teardown), --#endif - }; - int c; - -@@ -595,6 +594,14 @@ main(int argc, char **argv) { - } - - return (cmocka_run_group_tests(tests, NULL, NULL)); -+#else -+ UNUSED(argc); -+ UNUSED(argv); -+ UNUSED(verbose); -+ -+ printf("1..0 # Skipped: threads disabled\n"); -+ return (0); -+#endif - } - - #else /* HAVE_CMOCKA */ --- -2.20.1 - diff --git a/bind-9.3.2b1-fix_sdb_ldap.patch b/bind-9.3.2b1-fix_sdb_ldap.patch index d027bb9..35c8542 100644 --- a/bind-9.3.2b1-fix_sdb_ldap.patch +++ b/bind-9.3.2b1-fix_sdb_ldap.patch @@ -36,10 +36,10 @@ index 95ab742..6069f09 100644 ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 diff --git a/bin/sdb_tools/zone2ldap.c b/bin/sdb_tools/zone2ldap.c -index 23dd873..d56bc56 100644 +index aa2c711..76186b5 100644 --- a/bin/sdb_tools/zone2ldap.c +++ b/bin/sdb_tools/zone2ldap.c -@@ -65,6 +66,9 @@ ldap_info; +@@ -66,6 +66,9 @@ ldap_info; /* usage Info */ void usage (void); @@ -49,7 +49,7 @@ index 23dd873..d56bc56 100644 /* Add to the ldap dit */ void add_ldap_values (ldap_info * ldinfo); -@@ -81,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); +@@ -82,7 +85,7 @@ char **hostname_to_dn_list (char *hostname, char *zone, unsigned int flags); int get_attr_list_size (char **tmp); /* Get a DN */ @@ -58,7 +58,7 @@ index 23dd873..d56bc56 100644 /* Add to RR list */ void add_to_rr_list (char *dn, char *name, char *type, char *data, -@@ -103,11 +107,27 @@ void +@@ -104,11 +107,27 @@ void init_ldap_conn (); void usage(); @@ -91,7 +91,7 @@ index 23dd873..d56bc56 100644 LDAP *conn; unsigned int debug = 0; -@@ -131,12 +151,12 @@ main (int argc, char **argv) +@@ -132,12 +151,12 @@ main (int argc, char **argv) isc_result_t result; char *basedn; ldap_info *tmp; @@ -107,7 +107,7 @@ index 23dd873..d56bc56 100644 dns_fixedname_t fixedzone, fixedname; dns_rdataset_t rdataset; char **dc_list; -@@ -149,7 +169,7 @@ main (int argc, char **argv) +@@ -150,7 +169,7 @@ main (int argc, char **argv) extern char *optarg; extern int optind, opterr, optopt; int create_base = 0; @@ -116,7 +116,7 @@ index 23dd873..d56bc56 100644 if (argc < 2) { -@@ -157,7 +177,7 @@ main (int argc, char **argv) +@@ -158,7 +177,7 @@ main (int argc, char **argv) exit (-1); } @@ -125,7 +125,7 @@ index 23dd873..d56bc56 100644 { switch (topt) { -@@ -180,6 +200,9 @@ main (int argc, char **argv) +@@ -181,6 +200,9 @@ main (int argc, char **argv) if (bindpw == NULL) fatal("strdup"); break; @@ -135,7 +135,7 @@ index 23dd873..d56bc56 100644 case 'b': ldapbase = strdup (optarg); if (ldapbase == NULL) -@@ -301,27 +324,62 @@ main (int argc, char **argv) +@@ -300,27 +322,62 @@ main (int argc, char **argv) { if (debug) printf ("Creating base zone DN %s\n", argzone); @@ -208,7 +208,7 @@ index 23dd873..d56bc56 100644 } else { -@@ -330,8 +388,13 @@ main (int argc, char **argv) +@@ -329,8 +386,13 @@ main (int argc, char **argv) else sprintf (fullbasedn, "%s", ctmp); } @@ -222,7 +222,7 @@ index 23dd873..d56bc56 100644 } } -@@ -409,14 +472,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl) +@@ -408,14 +470,14 @@ generate_ldap (dns_name_t * dnsname, dns_rdata_t * rdata, unsigned int ttl) isc_result_check (result, "dns_rdata_totext"); data[isc_buffer_usedlength (&buff)] = 0; @@ -240,7 +240,7 @@ index 23dd873..d56bc56 100644 } -@@ -456,7 +519,8 @@ add_to_rr_list (char *dn, char *name, char *type, +@@ -455,7 +517,8 @@ add_to_rr_list (char *dn, char *name, char *type, int attrlist; char ldap_type_buffer[128]; char charttl[64]; @@ -250,7 +250,7 @@ index 23dd873..d56bc56 100644 if ((tmp = locate_by_dn (dn)) == NULL) { -@@ -483,13 +547,13 @@ add_to_rr_list (char *dn, char *name, char *type, +@@ -482,13 +545,13 @@ add_to_rr_list (char *dn, char *name, char *type, fatal("malloc"); } tmp->attrs[0]->mod_op = LDAP_MOD_ADD; @@ -267,7 +267,7 @@ index 23dd873..d56bc56 100644 tmp->attrs[1] = NULL; tmp->attrcnt = 2; tmp->next = ldap_info_base; -@@ -498,7 +562,7 @@ add_to_rr_list (char *dn, char *name, char *type, +@@ -497,7 +560,7 @@ add_to_rr_list (char *dn, char *name, char *type, } tmp->attrs[1]->mod_op = LDAP_MOD_ADD; @@ -276,7 +276,7 @@ index 23dd873..d56bc56 100644 tmp->attrs[1]->mod_values = (char **) calloc (sizeof (char *), 2); if (tmp->attrs[1]->mod_values == (char **)NULL) -@@ -527,7 +591,7 @@ add_to_rr_list (char *dn, char *name, char *type, +@@ -526,7 +589,7 @@ add_to_rr_list (char *dn, char *name, char *type, fatal("strdup"); tmp->attrs[3]->mod_op = LDAP_MOD_ADD; @@ -285,7 +285,7 @@ index 23dd873..d56bc56 100644 tmp->attrs[3]->mod_values = (char **) calloc (sizeof (char *), 2); if (tmp->attrs[3]->mod_values == (char **)NULL) -@@ -540,14 +604,25 @@ add_to_rr_list (char *dn, char *name, char *type, +@@ -539,14 +602,25 @@ add_to_rr_list (char *dn, char *name, char *type, if (tmp->attrs[3]->mod_values[0] == NULL) fatal("strdup"); @@ -313,7 +313,7 @@ index 23dd873..d56bc56 100644 tmp->attrs[4]->mod_values[1] = NULL; tmp->attrs[5] = NULL; -@@ -558,7 +633,7 @@ add_to_rr_list (char *dn, char *name, char *type, +@@ -557,7 +631,7 @@ add_to_rr_list (char *dn, char *name, char *type, else { @@ -322,7 +322,7 @@ index 23dd873..d56bc56 100644 { sprintf (ldap_type_buffer, "%sRecord", type); if (!strncmp -@@ -632,44 +707,70 @@ char ** +@@ -631,44 +705,70 @@ char ** hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) { char *tmp; @@ -430,7 +430,7 @@ index 23dd873..d56bc56 100644 dn_buffer[i] = NULL; return dn_buffer; -@@ -681,24 +782,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) +@@ -680,24 +780,32 @@ hostname_to_dn_list (char *hostname, char *zone, unsigned int flags) * exception of "@"/SOA. */ char * @@ -459,7 +459,7 @@ index 23dd873..d56bc56 100644 if (flag == WI_SPEC) { if (x == (size - 2) && (strncmp (dc_list[x], "@", 1) == 0) && (ttl)) -- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%d,", dc_list[x], ttl); +- sprintf (tmp, "relativeDomainName=%s + dNSTTL=%u,", dc_list[x], ttl); + sprintf (tmp, "zoneName=%s + relativeDomainName=%s,", zone, dc_list[x]); else if (x == (size - 2)) - sprintf(tmp, "relativeDomainName=%s,",dc_list[x]); @@ -467,7 +467,7 @@ index 23dd873..d56bc56 100644 else sprintf(tmp,"dc=%s,", dc_list[x]); } -@@ -724,6 +833,7 @@ void +@@ -723,6 +831,7 @@ void init_ldap_conn () { int result; @@ -475,7 +475,7 @@ index 23dd873..d56bc56 100644 conn = ldap_open (ldapsystem, LDAP_PORT); if (conn == NULL) { -@@ -733,7 +843,7 @@ init_ldap_conn () +@@ -732,7 +841,7 @@ init_ldap_conn () } result = ldap_simple_bind_s (conn, binddn, bindpw); @@ -484,7 +484,7 @@ index 23dd873..d56bc56 100644 } /* Like isc_result_check, only for LDAP */ -@@ -750,8 +860,6 @@ ldap_result_check (const char *msg, char *dn, int err) +@@ -749,8 +858,6 @@ ldap_result_check (const char *msg, char *dn, int err) } } @@ -493,7 +493,7 @@ index 23dd873..d56bc56 100644 /* For running the ldap_info run queue. */ void add_ldap_values (ldap_info * ldinfo) -@@ -759,14 +867,14 @@ add_ldap_values (ldap_info * ldinfo) +@@ -758,14 +865,14 @@ add_ldap_values (ldap_info * ldinfo) int result; char dnbuffer[1024]; @@ -510,7 +510,7 @@ index 23dd873..d56bc56 100644 } -@@ -777,5 +885,5 @@ void +@@ -776,5 +883,5 @@ void usage () { fprintf (stderr, diff --git a/bind.spec b/bind.spec index 55be4da..96b747b 100644 --- a/bind.spec +++ b/bind.spec @@ -44,8 +44,8 @@ # # lib*.so.X versions of selected libraries -%global sover_dns 1105 -%global sover_isc 1100 +%global sover_dns 1106 +%global sover_isc 1102 %global sover_irs 161 %global sover_isccfg 163 @@ -135,13 +135,9 @@ Patch164:bind-9.11-rh1666814.patch Patch165:bind-9.11-rh1647829.patch # random_test fails too often by random, disable it Patch168:bind-9.11-unit-disable-random.patch -Patch169:bind-9.11-feature-test-dlz.patch Patch170:bind-9.11-feature-test-named.patch Patch171:bind-9.11-tests-variants.patch Patch172:bind-9.11-tests-pkcs11.patch -Patch173: bind-9.11-unit-dnstap-pkcs11.patch -Patch174: bind-9.11-unit-timer-nothread.patch -Patch175: bind-9.11-CVE-2018-5741-atomic.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -518,13 +514,9 @@ are used for building ISC DHCP. %patch164 -p1 -b .rh1666814 %patch165 -p1 -b .rh1647829 %patch168 -p1 -b .random_test-disable -%patch169 -p1 -b .featuretest-dlz %patch170 -p1 -b .featuretest-named %patch171 -p1 -b .test-variant %patch172 -p1 -b .test-pkcs11 -%patch173 -p1 -b .unit-dnstap -%patch174 -p1 -b .unit-timer -%patch175 -p1 -b .CVE-2018-5741-atomic mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data