diff --git a/bind-9.10-dist-native-pkcs11.patch b/bind-9.10-dist-native-pkcs11.patch index 9468850..0ba7ccc 100644 --- a/bind-9.10-dist-native-pkcs11.patch +++ b/bind-9.10-dist-native-pkcs11.patch @@ -14,10 +14,10 @@ index f0c504a..ce7a2da 100644 @BIND9_MAKE_RULES@ diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in -index ce0a177..8908a45 100644 +index 4b8ca13..32f4470 100644 --- a/bin/dnssec-pkcs11/Makefile.in +++ b/bin/dnssec-pkcs11/Makefile.in -@@ -17,18 +17,18 @@ VERSION=@BIND9_VERSION@ +@@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@ @BIND9_MAKE_INCLUDES@ @@ -30,10 +30,10 @@ index ce0a177..8908a45 100644 + @CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\" CWARNINGS = --DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ +-DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -ISCLIBS = ../../lib/isc/libisc.@A@ -ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ -+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@ ++DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ +ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ +ISCNOSYMLIBS = ../../lib/isc-pkcs11/libisc-pkcs11-nosymtbl.@A@ @@ -44,7 +44,7 @@ index ce0a177..8908a45 100644 DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} -@@ -37,10 +37,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ +@@ -35,10 +35,10 @@ LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@ # Alphabetically @@ -59,7 +59,7 @@ index ce0a177..8908a45 100644 OBJS = dnssectool.@O@ -@@ -61,15 +61,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +@@ -59,15 +59,15 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} @BIND9_MAKE_RULES@ @@ -78,7 +78,7 @@ index ce0a177..8908a45 100644 export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -@@ -77,7 +77,7 @@ dnssec-signzone.@O@: dnssec-signzone.c +@@ -75,7 +75,7 @@ dnssec-signzone.@O@: dnssec-signzone.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ -c ${srcdir}/dnssec-signzone.c @@ -87,7 +87,7 @@ index ce0a177..8908a45 100644 export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -@@ -85,19 +85,19 @@ dnssec-verify.@O@: dnssec-verify.c +@@ -83,19 +83,19 @@ dnssec-verify.@O@: dnssec-verify.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ -c ${srcdir}/dnssec-verify.c @@ -111,7 +111,7 @@ index ce0a177..8908a45 100644 ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ dnssec-importkey.@O@ ${OBJS} ${LIBS} -@@ -108,16 +108,14 @@ docclean manclean maintainer-clean:: +@@ -106,16 +106,14 @@ docclean manclean maintainer-clean:: installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} @@ -130,10 +130,10 @@ index ce0a177..8908a45 100644 clean distclean:: diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in -index ce0a177..7cede84 100644 +index 4b8ca13..4175996 100644 --- a/bin/dnssec/Makefile.in +++ b/bin/dnssec/Makefile.in -@@ -19,7 +19,7 @@ VERSION=@BIND9_VERSION@ +@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@ CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@ @@ -143,44 +143,46 @@ index ce0a177..7cede84 100644 CWARNINGS = diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in -index c0861f6..df80f81 100644 +index df1f7ee..f397ab0 100644 --- a/bin/named-pkcs11/Makefile.in +++ b/bin/named-pkcs11/Makefile.in -@@ -43,26 +43,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@ +@@ -43,27 +43,28 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ - ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ - ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ -+ ${LWRES_INCLUDES} ${DNS_PKCS11_INCLUDES} ${BIND9_INCLUDES} \ -+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_PKCS11_INCLUDES} \ - ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@ ++ ${LWRES_INCLUDES} ${DNS_PKCS11_INCLUDES} ${BIND9_INCLUDES} \ ++ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_PKCS11_INCLUDES} \ + ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \ + @DST_OPENSSL_INC@ -CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@ +CDEFINES = @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO_PK11@ CWARNINGS = --DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ -+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@ + DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ ++DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCCLIBS = ../../lib/isccc/libisccc.@A@ -ISCLIBS = ../../lib/isc/libisc.@A@ -+ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ - ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ +-ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ++ISCLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ ++ISCNOSYMLIBS = ../../lib/isc-pkcs11/libisc-pkcs11-nosymtbl.@A@ LWRESLIBS = ../../lib/lwres/liblwres.@A@ BIND9LIBS = ../../lib/bind9/libbind9.@A@ -DNSDEPLIBS = ../../lib/dns/libdns.@A@ -+DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ++DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ -ISCDEPLIBS = ../../lib/isc/libisc.@A@ -+ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ ++ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@ BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ -@@ -71,15 +71,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ +@@ -72,15 +73,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \ @@ -198,8 +200,8 @@ index c0861f6..df80f81 100644 +TARGETS = named-pkcs11@EXEEXT@ feature-test-pkcs11@EXEEXT@ GEOIPLINKOBJS = geoip.@O@ - -@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ + GEOIP2LINKOBJS = geoip.@O@ +@@ -94,8 +95,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \ zoneconf.@O@ \ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ @@ -209,7 +211,7 @@ index c0861f6..df80f81 100644 UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ -@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \ +@@ -113,8 +113,7 @@ SRCS = builtin.c client.c config.c control.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ @@ -219,7 +221,7 @@ index c0861f6..df80f81 100644 MANPAGES = named.8 lwresd.8 named.conf.5 -@@ -146,21 +144,21 @@ server.@O@: server.c +@@ -154,21 +153,21 @@ server.@O@: server.c -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c @@ -245,7 +247,7 @@ index c0861f6..df80f81 100644 ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS} -@@ -193,16 +191,11 @@ install-man8: named.8 lwresd.8 +@@ -201,16 +200,11 @@ install-man8: named.8 lwresd.8 install-man: install-man5 install-man8 @@ -266,12 +268,12 @@ index c0861f6..df80f81 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index c0861f6..04dea99 100644 +index df1f7ee..9660965 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -47,7 +47,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ - ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ - ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@ +@@ -48,7 +48,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ + ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \ + @DST_OPENSSL_INC@ -CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@ +CDEFINES = @CONTRIB_DLZ@ @CRYPTO@ @@ -300,10 +302,10 @@ index a058c91..d4b689a 100644 DEPLIBS = ${ISCDEPLIBS} diff --git a/configure.ac b/configure.ac -index d48fd51..79c96f8 100644 +index 3b88105..0532feb 100644 --- a/configure.ac +++ b/configure.ac -@@ -1089,12 +1089,14 @@ AC_SUBST(USE_GSSAPI) +@@ -1139,12 +1139,14 @@ AC_SUBST(USE_GSSAPI) AC_SUBST(DST_GSSAPI_INC) AC_SUBST(DNS_GSSAPI_LIBS) DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS" @@ -318,10 +320,10 @@ index d48fd51..79c96f8 100644 # # was --with-randomdev specified? -@@ -1479,11 +1481,11 @@ fi +@@ -1529,11 +1531,11 @@ fi AC_MSG_CHECKING(for OpenSSL library) OPENSSL_WARNING= - openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" + openssldirs="/usr /usr/local /usr/local/ssl /opt/local /usr/pkg /usr/sfw" -if test "yes" = "$want_native_pkcs11" -then - use_openssl="native_pkcs11" @@ -335,7 +337,7 @@ index d48fd51..79c96f8 100644 if test "auto" = "$use_openssl" then -@@ -1496,6 +1498,7 @@ then +@@ -1546,6 +1548,7 @@ then fi done fi @@ -343,7 +345,7 @@ index d48fd51..79c96f8 100644 OPENSSL_ECDSA="" OPENSSL_GOST="" OPENSSL_ED25519="" -@@ -1517,11 +1520,10 @@ case "$with_gost" in +@@ -1567,11 +1570,10 @@ case "$with_gost" in ;; esac @@ -358,7 +360,7 @@ index d48fd51..79c96f8 100644 CRYPTOLIB="pkcs11" OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" -@@ -1531,7 +1533,9 @@ case "$use_openssl" in +@@ -1581,7 +1583,9 @@ case "$use_openssl" in OPENSSLGOSTLINKSRCS="" OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" @@ -369,7 +371,7 @@ index d48fd51..79c96f8 100644 no) AC_MSG_RESULT(no) DST_OPENSSL_INC="" -@@ -1563,7 +1567,7 @@ case "$use_openssl" in +@@ -1613,7 +1617,7 @@ case "$use_openssl" in If you do not want OpenSSL, use --without-openssl]) ;; *) @@ -378,7 +380,7 @@ index d48fd51..79c96f8 100644 then AC_MSG_RESULT() AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.]) -@@ -1991,6 +1995,7 @@ AC_SUBST(OPENSSL_ED25519) +@@ -2041,6 +2045,7 @@ AC_SUBST(OPENSSL_ED25519) AC_SUBST(OPENSSL_GOST) DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS" @@ -386,7 +388,7 @@ index d48fd51..79c96f8 100644 ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES" if test "yes" = "$with_aes" -@@ -2314,6 +2319,7 @@ esac +@@ -2364,6 +2369,7 @@ esac AC_SUBST(PKCS11LINKOBJS) AC_SUBST(PKCS11LINKSRCS) AC_SUBST(CRYPTO) @@ -394,7 +396,7 @@ index d48fd51..79c96f8 100644 AC_SUBST(PKCS11_ECDSA) AC_SUBST(PKCS11_GOST) AC_SUBST(PKCS11_ED25519) -@@ -5441,8 +5447,11 @@ AC_CONFIG_FILES([ +@@ -5491,8 +5497,11 @@ AC_CONFIG_FILES([ bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile @@ -406,7 +408,7 @@ index d48fd51..79c96f8 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5515,6 +5524,10 @@ AC_CONFIG_FILES([ +@@ -5565,6 +5574,10 @@ AC_CONFIG_FILES([ lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile @@ -417,7 +419,7 @@ index d48fd51..79c96f8 100644 lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile -@@ -5539,6 +5552,24 @@ AC_CONFIG_FILES([ +@@ -5589,6 +5602,24 @@ AC_CONFIG_FILES([ lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile @@ -456,17 +458,18 @@ index 81270a0..bcb5312 100644 @BIND9_MAKE_RULES@ diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in -index f6868d1..ea6fd36 100644 +index 7f09bd6..c388d9e 100644 --- a/lib/dns-pkcs11/Makefile.in +++ b/lib/dns-pkcs11/Makefile.in -@@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@ +@@ -26,17 +26,16 @@ VERSION=@BIND9_VERSION@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@ -CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \ -- ${ISC_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@ +- ${ISC_INCLUDES} ${MAXMINDDB_CFLAGS} \ +- @DST_OPENSSL_INC@ @DST_GSSAPI_INC@ +CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \ -+ ${ISC_PKCS11_INCLUDES} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@ ++ ${ISC_PKCS11_INCLUDES} ${MAXMINDDB_CFLAGS} @DST_OPENSSL_INC@ @DST_GSSAPI_INC@ -CDEFINES = -DUSE_MD5 @CRYPTO@ @USE_GSSAPI@ ${USE_ISC_SPNEGO} +CDEFINES = -DUSE_MD5 @CRYPTO_PK11@ @USE_GSSAPI@ ${USE_ISC_SPNEGO} @@ -479,9 +482,9 @@ index f6868d1..ea6fd36 100644 -ISCDEPLIBS = ../../lib/isc/libisc.@A@ +ISCDEPLIBS = ../../lib/isc-pkcs11/libisc-pkcs11.@A@ - LIBS = @LIBS@ + LIBS = ${MAXMINDDB_LIBS} @LIBS@ -@@ -146,15 +146,15 @@ version.@O@: version.c +@@ -150,15 +149,15 @@ version.@O@: version.c -DLIBAGE=${LIBAGE} \ -c ${srcdir}/version.c @@ -501,7 +504,7 @@ index f6868d1..ea6fd36 100644 include: gen ${MAKE} include/dns/enumtype.h -@@ -185,22 +185,22 @@ gen: gen.c +@@ -189,22 +188,22 @@ gen: gen.c ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \ ${BUILD_LIBS} ${LFS_LIBS} diff --git a/bind-9.10-sdb.patch b/bind-9.10-sdb.patch index 485e241..c72906c 100644 --- a/bind-9.10-sdb.patch +++ b/bind-9.10-sdb.patch @@ -14,7 +14,7 @@ index ce7a2da..4e6a824 100644 @BIND9_MAKE_RULES@ diff --git a/bin/named-sdb/Makefile.in b/bin/named-sdb/Makefile.in -index 04dea99..4ff053e 100644 +index 9660965..184fbb2 100644 --- a/bin/named-sdb/Makefile.in +++ b/bin/named-sdb/Makefile.in @@ -30,10 +30,10 @@ VERSION=@BIND9_VERSION@ @@ -31,7 +31,7 @@ index 04dea99..4ff053e 100644 DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers -@@ -79,7 +79,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ +@@ -80,7 +80,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ SUBDIRS = unix @@ -39,8 +39,8 @@ index 04dea99..4ff053e 100644 +TARGETS = named-sdb@EXEEXT@ feature-test-sdb@EXEEXT@ GEOIPLINKOBJS = geoip.@O@ - -@@ -146,7 +146,7 @@ server.@O@: server.c + GEOIP2LINKOBJS = geoip.@O@ +@@ -154,7 +154,7 @@ server.@O@: server.c -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c @@ -49,7 +49,7 @@ index 04dea99..4ff053e 100644 export MAKE_SYMTABLE="yes"; \ export BASEOBJS="${OBJS} ${UOBJS}"; \ ${FINALBUILDCMD} -@@ -160,7 +160,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c +@@ -168,7 +168,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -c ${top_srcdir}/bin/tests/system/feature-test.c @@ -58,7 +58,7 @@ index 04dea99..4ff053e 100644 ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS} -@@ -182,8 +182,6 @@ statschannel.@O@: bind9.xsl.h +@@ -190,8 +190,6 @@ statschannel.@O@: bind9.xsl.h installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} @@ -67,7 +67,7 @@ index 04dea99..4ff053e 100644 install-man5: named.conf.5 ${INSTALL_DATA} $^ ${DESTDIR}${mandir}/man5 -@@ -193,16 +191,11 @@ install-man8: named.8 lwresd.8 +@@ -201,16 +199,11 @@ install-man8: named.8 lwresd.8 install-man: install-man5 install-man8 @@ -88,7 +88,7 @@ index 04dea99..4ff053e 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c -index 17f2daa..1bb9d79 100644 +index 108b8d6..a943421 100644 --- a/bin/named-sdb/main.c +++ b/bin/named-sdb/main.c @@ -93,6 +93,10 @@ @@ -102,7 +102,7 @@ index 17f2daa..1bb9d79 100644 #ifdef CONTRIB_DLZ /* -@@ -1063,6 +1067,11 @@ setup(void) { +@@ -1069,6 +1073,11 @@ setup(void) { ns_main_earlyfatal("isc_app_start() failed: %s", isc_result_totext(result)); @@ -114,7 +114,7 @@ index 17f2daa..1bb9d79 100644 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting %s %s%s%s ", ns_g_product, ns_g_version, -@@ -1263,6 +1272,75 @@ setup(void) { +@@ -1269,6 +1278,75 @@ setup(void) { isc_result_totext(result)); #endif @@ -190,7 +190,7 @@ index 17f2daa..1bb9d79 100644 ns_server_create(ns_g_mctx, &ns_g_server); #ifdef HAVE_LIBSECCOMP -@@ -1305,6 +1383,11 @@ cleanup(void) { +@@ -1311,6 +1389,11 @@ cleanup(void) { dns_name_destroy(); @@ -203,22 +203,23 @@ index 17f2daa..1bb9d79 100644 ISC_LOG_NOTICE, "exiting"); ns_log_shutdown(); diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index 04dea99..9ed9637 100644 +index 9660965..03f7c05 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -45,9 +45,9 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ +@@ -45,10 +45,10 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ -- ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@ -+ @DST_OPENSSL_INC@ +- ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} ${MAXMINDDB_CFLAGS} \ ++ ${MAXMINDDB_CFLAGS} \ + @DST_OPENSSL_INC@ -CDEFINES = @CONTRIB_DLZ@ @CRYPTO@ +CDEFINES = @CRYPTO@ CWARNINGS = -@@ -71,11 +71,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ +@@ -72,11 +72,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \ @@ -232,7 +233,7 @@ index 04dea99..9ed9637 100644 SUBDIRS = unix -@@ -90,8 +90,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ +@@ -94,8 +94,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \ zoneconf.@O@ \ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ @@ -242,7 +243,7 @@ index 04dea99..9ed9637 100644 UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ -@@ -106,8 +105,7 @@ SRCS = builtin.c client.c config.c control.c \ +@@ -113,8 +112,7 @@ SRCS = builtin.c client.c config.c control.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ @@ -252,7 +253,7 @@ index 04dea99..9ed9637 100644 MANPAGES = named.8 lwresd.8 named.conf.5 -@@ -204,7 +202,5 @@ uninstall:: +@@ -212,7 +210,5 @@ uninstall:: rm -f ${DESTDIR}${sbindir}/lwresd@EXEEXT@ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@ @@ -296,10 +297,10 @@ index c7e0868..95ab742 100644 + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 diff --git a/configure.ac b/configure.ac -index 8374385..0af9b71 100644 +index d8147ae..930cd1c 100644 --- a/configure.ac +++ b/configure.ac -@@ -5436,6 +5436,8 @@ AC_CONFIG_FILES([ +@@ -5532,6 +5532,8 @@ AC_CONFIG_FILES([ bin/named/unix/Makefile bin/named-pkcs11/Makefile bin/named-pkcs11/unix/Makefile @@ -308,7 +309,7 @@ index 8374385..0af9b71 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5460,6 +5462,7 @@ AC_CONFIG_FILES([ +@@ -5556,6 +5558,7 @@ AC_CONFIG_FILES([ bin/python/isc/tests/dnskey_test.py bin/python/isc/tests/policy_test.py bin/rndc/Makefile diff --git a/bind-9.11-feature-test-named.patch b/bind-9.11-feature-test-named.patch index 9758c38..8d5ef9a 100644 --- a/bind-9.11-feature-test-named.patch +++ b/bind-9.11-feature-test-named.patch @@ -1,7 +1,7 @@ -From 4293078b294cbb766abe84d3b1618b1cb5413c82 Mon Sep 17 00:00:00 2001 +From d394129acaa40ec7fc68ab27802f0a01fcd50f3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 30 Jan 2019 14:37:17 +0100 -Subject: [PATCH 2/2] Create feature-test in source directory +Subject: [PATCH] Create feature-test in source directory Feature-test tool is used in system tests to test compiled in changes. Because we build more variants of named with different configuration, @@ -12,10 +12,10 @@ compile feature-test for each of them this way. 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index 1c413973d0..b31df9a718 100644 +index 3166368..df1f7ee 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -79,7 +79,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ +@@ -80,7 +80,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ SUBDIRS = unix @@ -23,8 +23,8 @@ index 1c413973d0..b31df9a718 100644 +TARGETS = named@EXEEXT@ lwresd@EXEEXT@ feature-test@EXEEXT@ GEOIPLINKOBJS = geoip.@O@ - -@@ -151,6 +151,15 @@ lwresd@EXEEXT@: named@EXEEXT@ + GEOIP2LINKOBJS = geoip.@O@ +@@ -163,6 +163,15 @@ lwresd@EXEEXT@: named@EXEEXT@ rm -f lwresd@EXEEXT@ @LN@ named@EXEEXT@ lwresd@EXEEXT@ @@ -41,10 +41,10 @@ index 1c413973d0..b31df9a718 100644 docclean manclean maintainer-clean:: diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in -index 2236f0a151..b072af8467 100644 +index 65c0c5a..117d6ec 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in -@@ -64,7 +64,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read +@@ -71,7 +71,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read MDIG=$TOP/bin/tools/mdig NZD2NZF=$TOP/bin/tools/named-nzd2nzf FSTRM_CAPTURE=@FSTRM_CAPTURE@ diff --git a/bind-9.11-fips-tests.patch b/bind-9.11-fips-tests.patch index b33e1bc..920440b 100644 --- a/bind-9.11-fips-tests.patch +++ b/bind-9.11-fips-tests.patch @@ -1,4 +1,4 @@ -From 230ca0ddbc95a043933c36c1d182f85cf0dcc971 Mon Sep 17 00:00:00 2001 +From d0e3f8be48c8031ebe3d7e1bf2a32cb03c79484e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:46:45 +0200 Subject: [PATCH] FIPS tests changes @@ -946,7 +946,7 @@ index 1e39862..4ed19ac 100755 cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh -index b93651a..09b12ba 100644 +index 13fb924..1ffa279 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -126,8 +126,8 @@ zone=in-addr.arpa. @@ -990,7 +990,7 @@ index ed30460..e6b1126 100644 + "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV"; }; diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh -index 51dc117..48cb34b 100644 +index d07881d..17ad256 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -3227,8 +3227,8 @@ do @@ -1005,7 +1005,7 @@ index 51dc117..48cb34b 100644 8) size="-b 512";; 10) size="-b 1024";; diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c -index 3ac34e8..428d107 100644 +index 27a02d0..caf4166 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -19,6 +19,7 @@ @@ -1016,15 +1016,15 @@ index 3ac34e8..428d107 100644 #include #ifdef WIN32 -@@ -45,6 +46,7 @@ usage() { - fprintf(stderr, " --have-geoip\n"); +@@ -46,6 +47,7 @@ usage() { + fprintf(stderr, " --have-geoip2\n"); fprintf(stderr, " --have-libxml2\n"); fprintf(stderr, " --ipv6only=no\n"); + fprintf(stderr, " --md5\n"); fprintf(stderr, " --rpz-nsdname\n"); fprintf(stderr, " --rpz-nsip\n"); fprintf(stderr, " --with-idn\n"); -@@ -137,6 +139,18 @@ main(int argc, char **argv) { +@@ -146,6 +148,18 @@ main(int argc, char **argv) { #endif } diff --git a/bind-9.11-kyua-pkcs11.patch b/bind-9.11-kyua-pkcs11.patch index caf57bb..ac15d22 100644 --- a/bind-9.11-kyua-pkcs11.patch +++ b/bind-9.11-kyua-pkcs11.patch @@ -1,4 +1,4 @@ -From 17998f4feb9590522a0b50943075d9e8c97ec69d Mon Sep 17 00:00:00 2001 +From eb38d2278937ec3fe45d0af30cd080953bbb5b54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 2 Jan 2018 18:13:07 +0100 Subject: [PATCH] Fix pkcs11 variants atf tests @@ -16,10 +16,10 @@ Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode 6 files changed, 38 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac -index 7aff0e6..8374385 100644 +index 0532feb..a83ddd5 100644 --- a/configure.ac +++ b/configure.ac -@@ -5512,6 +5512,7 @@ AC_CONFIG_FILES([ +@@ -5578,6 +5578,7 @@ AC_CONFIG_FILES([ lib/dns-pkcs11/include/Makefile lib/dns-pkcs11/include/dns/Makefile lib/dns-pkcs11/include/dst/Makefile @@ -43,7 +43,7 @@ index 7c8bab0..eec9564 100644 include('isccfg/Kyuafile') include('lwres/Kyuafile') diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in -index 9f1781a..e50463d 100644 +index 7671e1d..e237d5c 100644 --- a/lib/dns-pkcs11/tests/Makefile.in +++ b/lib/dns-pkcs11/tests/Makefile.in @@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@ @@ -55,11 +55,11 @@ index 9f1781a..e50463d 100644 -ISCLIBS = ../../isc/libisc.@A@ -ISCDEPLIBS = ../../isc/libisc.@A@ --DNSLIBS = ../libdns.@A@ @DNS_CRYPTO_LIBS@ +-DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -DNSDEPLIBS = ../libdns.@A@ +ISCLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@ +ISCDEPLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@ -+DNSLIBS = ../libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@ ++DNSLIBS = ../libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ +DNSDEPLIBS = ../libdns-pkcs11.@A@ LIBS = @LIBS@ @CMOCKA_LIBS@ diff --git a/bind-9.11-rh1732883.patch b/bind-9.11-rh1732883.patch index b312e63..80820b5 100644 --- a/bind-9.11-rh1732883.patch +++ b/bind-9.11-rh1732883.patch @@ -1,4 +1,4 @@ -From 9ac315c16bf8441145f5b4b8a3308ae9f03582ab Mon Sep 17 00:00:00 2001 +From 348947b3d573e2187db61fb43919d2260dcfc135 Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: Wed, 24 Jul 2019 17:15:55 +0200 Subject: [PATCH] Detect system time jumps @@ -8,96 +8,93 @@ address dropped by the kernel due to lifetime expirity. Try to detect this situation using either monotonic time or saved timestamp and execute go_reboot() procedure to request lease extention --- - lib/isc/include/isc/result.h | 4 ++-- - lib/isc/include/isc/util.h | 4 ++++ + lib/isc/include/isc/result.h | 3 ++- + lib/isc/include/isc/util.h | 3 +++ lib/isc/result.c | 2 ++ - lib/isc/unix/app.c | 41 +++++++++++++++++++++++++++++++-- - lib/isc/unix/include/isc/time.h | 20 ++++++++++++++++ - lib/isc/unix/time.c | 22 ++++++++++++++++++ - 6 files changed, 89 insertions(+), 4 deletions(-) + lib/isc/unix/app.c | 39 +++++++++++++++++++++++++++++---- + lib/isc/unix/include/isc/time.h | 20 +++++++++++++++++ + lib/isc/unix/time.c | 22 +++++++++++++++++++ + 6 files changed, 84 insertions(+), 5 deletions(-) diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h -index 246aefb..70d4b64 100644 +index 0fd4971..2add549 100644 --- a/lib/isc/include/isc/result.h +++ b/lib/isc/include/isc/result.h -@@ -83,9 +83,9 @@ - #define ISC_R_UNSET 61 /*%< unset */ - #define ISC_R_MULTIPLE 62 /*%< multiple */ - #define ISC_R_WOULDBLOCK 63 /*%< would block */ -- -+#define ISC_R_TIMESHIFTED 64 /*%< system time changed */ +@@ -87,9 +87,10 @@ + #define ISC_R_CRYPTOFAILURE 65 /*%< cryptography library failure */ + #define ISC_R_DISCQUOTA 66 /*%< disc quota */ + #define ISC_R_DISCFULL 67 /*%< disc full */ ++#define ISC_R_TIMESHIFTED 68 /*%< system time changed */ + /*% Not a result code: the number of results. */ --#define ISC_R_NRESULTS 64 -+#define ISC_R_NRESULTS 65 +-#define ISC_R_NRESULTS 68 ++#define ISC_R_NRESULTS 69 ISC_LANG_BEGINDECLS diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h -index 332dc0c..f81967d 100644 +index 973c348..8160dd3 100644 --- a/lib/isc/include/isc/util.h +++ b/lib/isc/include/isc/util.h -@@ -233,6 +233,10 @@ +@@ -289,6 +289,9 @@ extern void mock_assert(const int result, const char* const expression, * Time */ #define TIME_NOW(tp) RUNTIME_CHECK(isc_time_now((tp)) == ISC_R_SUCCESS) +#ifdef CLOCK_BOOTTIME +#define TIME_MONOTONIC(tp) RUNTIME_CHECK(isc_time_boottime((tp)) == ISC_R_SUCCESS) +#endif -+ /*% - * Misc + * Alignment diff --git a/lib/isc/result.c b/lib/isc/result.c -index a707c32..6776fc6 100644 +index abb6ed2..8c95a93 100644 --- a/lib/isc/result.c +++ b/lib/isc/result.c -@@ -99,6 +99,7 @@ static const char *description[ISC_R_NRESULTS] = { - "unset", /*%< 61 */ - "multiple", /*%< 62 */ - "would block", /*%< 63 */ -+ "time changed", /*%< 64 */ +@@ -103,6 +103,7 @@ static const char *description[ISC_R_NRESULTS] = { + "crypto failure", /*%< 65 */ + "disc quota", /*%< 66 */ + "disc full", /*%< 67 */ ++ "time changed", /*%< 68 */ }; static const char *identifier[ISC_R_NRESULTS] = { -@@ -166,6 +167,7 @@ static const char *identifier[ISC_R_NRESULTS] = { - "ISC_R_UNSET", - "ISC_R_MULTIPLE", - "ISC_R_WOULDBLOCK", +@@ -174,6 +175,7 @@ static const char *identifier[ISC_R_NRESULTS] = { + "ISC_R_CRYPTOFAILURE", + "ISC_R_DISCQUOTA", + "ISC_R_DISCFULL", + "ISC_R_TIMESHIFTED", }; #define ISC_RESULT_RESULTSET 2 diff --git a/lib/isc/unix/app.c b/lib/isc/unix/app.c -index bace2bd..e9814d2 100644 +index 7e5a0ee..ceab74e 100644 --- a/lib/isc/unix/app.c +++ b/lib/isc/unix/app.c -@@ -441,15 +441,51 @@ isc__app_ctxonrun(isc_appctx_t *ctx0, isc_mem_t *mctx, isc_task_t *task, +@@ -442,15 +442,48 @@ isc__app_ctxonrun(isc_appctx_t *ctx0, isc_mem_t *mctx, isc_task_t *task, static isc_result_t evloop(isc__appctx_t *ctx) { isc_result_t result; + isc_time_t now; +#ifdef CLOCK_BOOTTIME + isc_time_t monotonic; -+ isc_uint64_t diff = 0; ++ uint64_t diff = 0; +#else + isc_time_t prev; + TIME_NOW(&prev); +#endif + + -+ while (!ctx->want_shutdown) { int n; - isc_time_t when, now; + isc_time_t when; -+ struct timeval tv, *tvp; isc_socketwait_t *swait; - isc_boolean_t readytasks; - isc_boolean_t call_timer_dispatch = ISC_FALSE; - -+ isc_uint64_t us; + bool readytasks; + bool call_timer_dispatch = false; +- ++ uint64_t us; + +#ifdef CLOCK_BOOTTIME + // TBD macros for following three lines @@ -105,7 +102,7 @@ index bace2bd..e9814d2 100644 + TIME_MONOTONIC(&monotonic); + INSIST(now.seconds > monotonic.seconds) + us = isc_time_microdiff (&now, &monotonic); -+ if (us < diff){ ++ if (us < diff){ + us = diff - us; + if (us > 1000000){ // ignoring shifts less than one second + return ISC_R_TIMESHIFTED; @@ -120,27 +117,24 @@ index bace2bd..e9814d2 100644 + if (isc_time_compare (&now, &prev) < 0) + return ISC_R_TIMESHIFTED; + TIME_NOW(&prev); -+#endif ++#endif /* * Check the reload (or suspend) case first for exiting the * loop as fast as possible in case: -@@ -474,9 +510,10 @@ evloop(isc__appctx_t *ctx) { +@@ -475,8 +508,6 @@ evloop(isc__appctx_t *ctx) { if (result != ISC_R_SUCCESS) tvp = NULL; else { -- isc_uint64_t us; -+ - +- uint64_t us; +- TIME_NOW(&now); -+ us = isc_time_microdiff(&when, &now); if (us == 0) - call_timer_dispatch = ISC_TRUE; diff --git a/lib/isc/unix/include/isc/time.h b/lib/isc/unix/include/isc/time.h -index 75e24b9..de8b399 100644 +index b864c29..5dd43c9 100644 --- a/lib/isc/unix/include/isc/time.h +++ b/lib/isc/unix/include/isc/time.h -@@ -129,6 +129,26 @@ isc_time_isepoch(const isc_time_t *t); +@@ -132,6 +132,26 @@ isc_time_isepoch(const isc_time_t *t); *\li 't' is a valid pointer. */ @@ -168,10 +162,10 @@ index 75e24b9..de8b399 100644 isc_time_now(isc_time_t *t); /*%< diff --git a/lib/isc/unix/time.c b/lib/isc/unix/time.c -index 2210240..d7613b8 100644 +index 8edc9df..fe0bb91 100644 --- a/lib/isc/unix/time.c +++ b/lib/isc/unix/time.c -@@ -496,3 +496,25 @@ isc_time_formatISO8601ms(const isc_time_t *t, char *buf, unsigned int len) { +@@ -498,3 +498,25 @@ isc_time_formatISO8601ms(const isc_time_t *t, char *buf, unsigned int len) { t->nanoseconds / NS_PER_MS); } } diff --git a/bind-9.11-rt31459.patch b/bind-9.11-rt31459.patch index 1eee414..bbb8948 100644 --- a/bind-9.11-rt31459.patch +++ b/bind-9.11-rt31459.patch @@ -1,4 +1,4 @@ -From 255fdf0b549ab2f138443ead0ac81bf864612217 Mon Sep 17 00:00:00 2001 +From f0eee3c150b9b913819ecd864581ba50dd4ae9cf Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 12 Sep 2017 19:05:46 -0700 Subject: [PATCH] rebased rt31459c @@ -48,8 +48,8 @@ Include new unit test lib/isc/include/isc/types.h | 2 + lib/isc/pk11.c | 12 +- lib/isc/win32/include/isc/platform.h.in | 5 + - win32utils/Configure | 29 ++- - 36 files changed, 703 insertions(+), 175 deletions(-) + win32utils/Configure | 28 ++- + 36 files changed, 702 insertions(+), 175 deletions(-) create mode 100644 lib/dns/tests/dstrandom_test.c diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c @@ -293,7 +293,7 @@ index fbc7ece..31a99e7 100644 usekeyboard); diff --git a/bin/named/server.c b/bin/named/server.c -index 0abbbed..405ff71 100644 +index 767d83f..d3c2f9d 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -36,6 +36,7 @@ @@ -304,7 +304,7 @@ index 0abbbed..405ff71 100644 #include #include #include -@@ -8210,6 +8211,10 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8208,6 +8209,10 @@ load_configuration(const char *filename, ns_server_t *server, "no source of entropy found"); } else { const char *randomdev = cfg_obj_asstring(obj); @@ -315,7 +315,7 @@ index 0abbbed..405ff71 100644 int level = ISC_LOG_ERROR; result = isc_entropy_createfilesource(ns_g_entropy, randomdev); -@@ -8244,6 +8249,7 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8242,6 +8247,7 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -689,7 +689,7 @@ index b27fc1d..e28871b 100644 parse_args(false, argc, argv); if (server == NULL) diff --git a/configure b/configure -index b219e16..4da30b9 100755 +index 4a5db6c..64aca10 100755 --- a/configure +++ b/configure @@ -640,6 +640,7 @@ ac_includes_default="\ @@ -708,7 +708,7 @@ index b219e16..4da30b9 100755 PKCS11_TEST PKCS11_ED25519 PKCS11_GOST -@@ -1038,6 +1040,7 @@ with_eddsa +@@ -1047,6 +1049,7 @@ with_eddsa with_aes enable_openssl_hash with_cc_alg @@ -716,7 +716,7 @@ index b219e16..4da30b9 100755 with_lmdb with_libxml2 with_libjson -@@ -1734,6 +1737,7 @@ Optional Features: +@@ -1746,6 +1749,7 @@ Optional Features: --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=no] @@ -724,7 +724,7 @@ index b219e16..4da30b9 100755 --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace -@@ -16686,6 +16690,7 @@ case "$use_openssl" in +@@ -17156,6 +17160,7 @@ case "$use_openssl" in $as_echo "disabled because of native PKCS11" >&6; } DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -732,7 +732,7 @@ index b219e16..4da30b9 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16700,6 +16705,7 @@ $as_echo "disabled because of native PKCS11" >&6; } +@@ -17170,6 +17175,7 @@ $as_echo "disabled because of native PKCS11" >&6; } $as_echo "no" >&6; } DST_OPENSSL_INC="" CRYPTO="" @@ -740,7 +740,7 @@ index b219e16..4da30b9 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16712,6 +16718,7 @@ $as_echo "no" >&6; } +@@ -17182,6 +17188,7 @@ $as_echo "no" >&6; } auto) DST_OPENSSL_INC="" CRYPTO="" @@ -748,7 +748,7 @@ index b219e16..4da30b9 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16721,7 +16728,7 @@ $as_echo "no" >&6; } +@@ -17191,7 +17198,7 @@ $as_echo "no" >&6; } OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -757,7 +757,7 @@ index b219e16..4da30b9 100755 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -16752,6 +16759,7 @@ $as_echo "not found" >&6; } +@@ -17222,6 +17229,7 @@ $as_echo "not found" >&6; } as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi CRYPTO='-DOPENSSL' @@ -765,7 +765,7 @@ index b219e16..4da30b9 100755 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -17413,8 +17421,6 @@ fi +@@ -17883,8 +17891,6 @@ fi # Use OpenSSL for hash functions # @@ -774,7 +774,7 @@ index b219e16..4da30b9 100755 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -17789,6 +17795,86 @@ if test "rt" = "$have_clock_gt"; then +@@ -18259,6 +18265,86 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -861,7 +861,7 @@ index b219e16..4da30b9 100755 # # was --with-lmdb specified? # -@@ -19871,9 +19957,12 @@ _ACEOF +@@ -20341,9 +20427,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 $as_echo "size_t for buflen; int for flags" >&6; } @@ -876,7 +876,7 @@ index b219e16..4da30b9 100755 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h -@@ -21188,12 +21277,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -21658,12 +21747,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -890,7 +890,7 @@ index b219e16..4da30b9 100755 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -@@ -21226,6 +21310,11 @@ cat >>confdefs.h <<_ACEOF +@@ -21696,6 +21780,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF @@ -902,7 +902,7 @@ index b219e16..4da30b9 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21234,39 +21323,6 @@ _ACEOF +@@ -21704,39 +21793,6 @@ _ACEOF fi ;; x86_64-*|amd64-*) @@ -942,7 +942,7 @@ index b219e16..4da30b9 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21297,6 +21353,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } +@@ -21767,6 +21823,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } $as_echo "$arch" >&6; } fi @@ -953,7 +953,7 @@ index b219e16..4da30b9 100755 if test "yes" = "$have_atomic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 $as_echo_n "checking compiler support for inline assembly code... " >&6; } -@@ -23896,6 +23956,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" +@@ -24372,6 +24432,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" # dlzdir='${DLZ_DRIVER_DIR}' @@ -984,7 +984,7 @@ index b219e16..4da30b9 100755 # # Private autoconf macro to simplify configuring drivers: # -@@ -24226,11 +24310,11 @@ $as_echo "no" >&6; } +@@ -24702,11 +24786,11 @@ $as_echo "no" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } ;; *) @@ -999,7 +999,7 @@ index b219e16..4da30b9 100755 fi CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" -@@ -24315,7 +24399,7 @@ $as_echo "" >&6; } +@@ -24791,7 +24875,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). @@ -1008,7 +1008,7 @@ index b219e16..4da30b9 100755 # include a blank element first for d in "" $bdb_incdirs do -@@ -24340,57 +24424,9 @@ $as_echo "" >&6; } +@@ -24816,57 +24900,9 @@ $as_echo "" >&6; } bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" for d in $bdb_libnames do @@ -1068,7 +1068,7 @@ index b219e16..4da30b9 100755 break fi done -@@ -24549,10 +24585,10 @@ $as_echo "no" >&6; } +@@ -25025,10 +25061,10 @@ $as_echo "no" >&6; } DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" fi @@ -1082,7 +1082,7 @@ index b219e16..4da30b9 100755 fi -@@ -24638,11 +24674,11 @@ fi +@@ -25114,11 +25150,11 @@ fi odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do @@ -1096,7 +1096,7 @@ index b219e16..4da30b9 100755 break fi done -@@ -24917,6 +24953,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" +@@ -25393,6 +25429,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -1105,7 +1105,7 @@ index b219e16..4da30b9 100755 # # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody -@@ -27295,6 +27333,8 @@ report() { +@@ -27772,6 +27810,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1114,7 +1114,7 @@ index b219e16..4da30b9 100755 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -27335,6 +27375,8 @@ report() { +@@ -27812,6 +27852,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1123,7 +1123,7 @@ index b219e16..4da30b9 100755 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -27382,6 +27424,8 @@ report() { +@@ -27859,6 +27901,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1133,10 +1133,10 @@ index b219e16..4da30b9 100755 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/configure.ac b/configure.ac -index 7fd192c..5e4e839 100644 +index 0dc552c..3b88105 100644 --- a/configure.ac +++ b/configure.ac -@@ -1514,6 +1514,7 @@ case "$use_openssl" in +@@ -1572,6 +1572,7 @@ case "$use_openssl" in AC_MSG_RESULT(disabled because of native PKCS11) DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -1144,7 +1144,7 @@ index 7fd192c..5e4e839 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1527,6 +1528,7 @@ case "$use_openssl" in +@@ -1585,6 +1586,7 @@ case "$use_openssl" in AC_MSG_RESULT(no) DST_OPENSSL_INC="" CRYPTO="" @@ -1152,7 +1152,7 @@ index 7fd192c..5e4e839 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1539,6 +1541,7 @@ case "$use_openssl" in +@@ -1597,6 +1599,7 @@ case "$use_openssl" in auto) DST_OPENSSL_INC="" CRYPTO="" @@ -1160,7 +1160,7 @@ index 7fd192c..5e4e839 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1549,7 +1552,7 @@ case "$use_openssl" in +@@ -1607,7 +1610,7 @@ case "$use_openssl" in OPENSSLLINKSRCS="" AC_MSG_ERROR( [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -1169,7 +1169,7 @@ index 7fd192c..5e4e839 100644 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -1579,6 +1582,7 @@ If you don't want OpenSSL, use --without-openssl]) +@@ -1637,6 +1640,7 @@ If you don't want OpenSSL, use --without-openssl]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) fi CRYPTO='-DOPENSSL' @@ -1177,7 +1177,7 @@ index 7fd192c..5e4e839 100644 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -2052,7 +2056,6 @@ fi +@@ -2110,7 +2114,6 @@ fi # Use OpenSSL for hash functions # @@ -1185,7 +1185,7 @@ index 7fd192c..5e4e839 100644 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -2324,6 +2327,67 @@ if test "rt" = "$have_clock_gt"; then +@@ -2382,6 +2385,67 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -1253,7 +1253,7 @@ index 7fd192c..5e4e839 100644 # # was --with-lmdb specified? # -@@ -4120,12 +4184,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -4178,12 +4242,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -1267,7 +1267,7 @@ index 7fd192c..5e4e839 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -4134,7 +4198,6 @@ if test "yes" = "$use_atomic"; then +@@ -4192,7 +4256,6 @@ if test "yes" = "$use_atomic"; then fi ;; x86_64-*|amd64-*) @@ -1275,7 +1275,7 @@ index 7fd192c..5e4e839 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -5543,6 +5606,8 @@ report() { +@@ -5607,6 +5670,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1284,7 +1284,7 @@ index 7fd192c..5e4e839 100644 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -5583,6 +5648,8 @@ report() { +@@ -5647,6 +5712,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1293,7 +1293,7 @@ index 7fd192c..5e4e839 100644 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -5630,6 +5697,8 @@ report() { +@@ -5694,6 +5761,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1693,7 +1693,7 @@ index 937b548..f3c0e38 100644 tap_test_program{name='gost_test'} tap_test_program{name='keytable_test'} diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in -index 0897579..9f1781a 100644 +index 90dc3a6..7671e1d 100644 --- a/lib/dns/tests/Makefile.in +++ b/lib/dns/tests/Makefile.in @@ -37,6 +37,7 @@ SRCS = acl_test.c \ @@ -2016,10 +2016,10 @@ index 5b8a2c9..913a2ce 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure -index 27b00af..7e35d60 100644 +index 93939f3..8bacf54 100644 --- a/win32utils/Configure +++ b/win32utils/Configure -@@ -380,6 +380,7 @@ my @substdefh = ("AES_CC", +@@ -381,6 +381,7 @@ my @substdefh = ("AES_CC", my %configdefp; my @substdefp = ("ISC_PLATFORM_BUSYWAITNOP", @@ -2027,7 +2027,7 @@ index 27b00af..7e35d60 100644 "ISC_PLATFORM_HAVEATOMICSTORE", "ISC_PLATFORM_HAVEATOMICSTOREQ", "ISC_PLATFORM_HAVECMPXCHG", -@@ -509,7 +510,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); +@@ -511,7 +512,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); # enable-xxx/disable-xxx @@ -2037,7 +2037,7 @@ index 27b00af..7e35d60 100644 "fixed-rrset", "intrinsics", "isc-spnego", -@@ -572,6 +574,7 @@ my @help = ( +@@ -575,6 +577,7 @@ my @help = ( "\nOptional Features:\n", " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", @@ -2045,7 +2045,7 @@ index 27b00af..7e35d60 100644 " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", -@@ -616,7 +619,9 @@ my $want_clean = "no"; +@@ -620,7 +623,9 @@ my $want_clean = "no"; my $want_unknown = "no"; my $unknown_value; my $enable_intrinsics = "yes"; @@ -2055,7 +2055,7 @@ index 27b00af..7e35d60 100644 my $enable_openssl_hash = "auto"; my $enable_filter_aaaa = "yes"; my $enable_isc_spnego = "yes"; -@@ -834,6 +839,10 @@ sub myenable { +@@ -840,6 +845,10 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_native_pkcs11 = "yes"; } @@ -2066,7 +2066,7 @@ index 27b00af..7e35d60 100644 } elsif ($key =~ /^openssl-hash$/i) { if ($val =~ /^yes$/i) { $enable_openssl_hash = "yes"; -@@ -1125,6 +1134,11 @@ if ($verbose) { +@@ -1142,6 +1151,11 @@ if ($verbose) { } else { print "native-pkcs11: disabled\n"; } @@ -2078,7 +2078,7 @@ index 27b00af..7e35d60 100644 if ($enable_openssl_hash eq "yes") { print "openssl-hash: enabled\n"; } else { -@@ -1478,6 +1492,7 @@ if ($enable_intrinsics eq "yes") { +@@ -1500,6 +1514,7 @@ if ($enable_intrinsics eq "yes") { # enable-native-pkcs11 if ($enable_native_pkcs11 eq "yes") { @@ -2086,7 +2086,7 @@ index 27b00af..7e35d60 100644 if ($use_openssl eq "auto") { $use_openssl = "no"; } -@@ -1687,6 +1702,7 @@ if ($use_openssl eq "yes") { +@@ -1709,6 +1724,7 @@ if ($use_openssl eq "yes") { $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); } @@ -2094,7 +2094,7 @@ index 27b00af..7e35d60 100644 $configcond{"OPENSSL"} = 1; $configdefd{"CRYPTO"} = "OPENSSL"; $configvar{"OPENSSL_PATH"} = "$openssl_path"; -@@ -2238,6 +2254,15 @@ if ($cookie_algorithm eq "sha1") { +@@ -2260,6 +2276,15 @@ if ($cookie_algorithm eq "sha1") { die "Unrecognized cookie algorithm: $cookie_algorithm\n"; } @@ -2110,7 +2110,7 @@ index 27b00af..7e35d60 100644 # enable-openssl-hash if ($enable_openssl_hash eq "yes") { if ($use_openssl eq "no") { -@@ -3564,6 +3589,7 @@ exit 0; +@@ -3635,6 +3660,7 @@ exit 0; # --enable-developer partially supported # --enable-newstats (9.9/9.9sub only) # --enable-native-pkcs11 supported @@ -2118,14 +2118,6 @@ index 27b00af..7e35d60 100644 # --enable-openssl-version-check included without a way to disable it # --enable-openssl-hash supported # --enable-threads included without a way to disable it -@@ -3589,6 +3615,7 @@ exit 0; - # --with-gost supported - # --with-aes supported - # --with-cc-alg supported -+# --with-randomdev not supported on WIN32 (makes no sense) - # --with-geoip supported - # --with-gssapi supported with MIT (K)erberos (f)or (W)indows - # --with-lmdb no supported on WIN32 (port is not reliable) -- 2.20.1