diff --git a/bind-9.16-resolv.conf-options-timeout-test.patch b/bind-9.16-resolv.conf-options-timeout-test.patch new file mode 100644 index 0000000..16cf020 --- /dev/null +++ b/bind-9.16-resolv.conf-options-timeout-test.patch @@ -0,0 +1,113 @@ +From 7270604440268bb17b39ae734ff33003a67c8343 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 20 Jul 2021 19:34:42 +0200 +Subject: [PATCH] Check parsed resconf values + +Add 'attempts' check, fix 'ndots' data. Create a bunch of verification +functions and check parsed values, not just return codes. +--- + lib/irs/tests/resconf_test.c | 46 ++++++++++++++++++-- + lib/irs/tests/testdata/options-attempts.conf | 10 +++++ + lib/irs/tests/testdata/options-ndots.conf | 2 +- + 3 files changed, 54 insertions(+), 4 deletions(-) + create mode 100644 lib/irs/tests/testdata/options-attempts.conf + +diff --git a/lib/irs/tests/resconf_test.c b/lib/irs/tests/resconf_test.c +index 6951758..ce94345 100644 +--- a/lib/irs/tests/resconf_test.c ++++ b/lib/irs/tests/resconf_test.c +@@ -45,6 +45,43 @@ setup_test() { + assert_return_code(chdir(TESTS), 0); + } + ++static isc_result_t ++check_number(unsigned int n, unsigned int expected) { ++ return ((n == expected) ? ISC_R_SUCCESS : ISC_R_BADNUMBER); ++} ++ ++static isc_result_t ++check_attempts(irs_resconf_t *resconf) { ++ return (check_number(irs_resconf_getattempts(resconf), 4)); ++} ++ ++static isc_result_t ++check_timeout(irs_resconf_t *resconf) { ++ return (check_number(irs_resconf_gettimeout(resconf), 1)); ++} ++ ++static isc_result_t ++check_ndots(irs_resconf_t *resconf) { ++ return (check_number(irs_resconf_getndots(resconf), 2)); ++} ++ ++static isc_result_t ++check_options(irs_resconf_t *resconf) { ++ if (irs_resconf_getattempts(resconf) != 3) { ++ return ISC_R_BADNUMBER; /* default value only */ ++ } ++ ++ if (irs_resconf_getndots(resconf) != 2) { ++ return ISC_R_BADNUMBER; ++ } ++ ++ if (irs_resconf_gettimeout(resconf) != 1) { ++ return ISC_R_BADNUMBER; ++ } ++ ++ return (ISC_R_SUCCESS); ++} ++ + /* test irs_resconf_load() */ + static void + irs_resconf_load_test(void **state) { +@@ -64,15 +101,18 @@ irs_resconf_load_test(void **state) { + ISC_R_SUCCESS }, + { "testdata/nameserver-v6-scoped.conf", ISC_R_SUCCESS, NULL, + ISC_R_SUCCESS }, ++ { "testdata/options-attempts.conf", ISC_R_SUCCESS, ++ check_attempts, ISC_R_SUCCESS }, + { "testdata/options-debug.conf", ISC_R_SUCCESS, NULL, + ISC_R_SUCCESS }, +- { "testdata/options-ndots.conf", ISC_R_SUCCESS, NULL, ++ { "testdata/options-ndots.conf", ISC_R_SUCCESS, check_ndots, + ISC_R_SUCCESS }, +- { "testdata/options-timeout.conf", ISC_R_SUCCESS, NULL, ++ { "testdata/options-timeout.conf", ISC_R_SUCCESS, check_timeout, + ISC_R_SUCCESS }, + { "testdata/options-unknown.conf", ISC_R_SUCCESS, NULL, + ISC_R_SUCCESS }, +- { "testdata/options.conf", ISC_R_SUCCESS, NULL, ISC_R_SUCCESS }, ++ { "testdata/options.conf", ISC_R_SUCCESS, check_options, ++ ISC_R_SUCCESS }, + { "testdata/options-bad-ndots.conf", ISC_R_RANGE, NULL, + ISC_R_SUCCESS }, + { "testdata/options-empty.conf", ISC_R_UNEXPECTEDEND, NULL, +diff --git a/lib/irs/tests/testdata/options-attempts.conf b/lib/irs/tests/testdata/options-attempts.conf +new file mode 100644 +index 0000000..4538643 +--- /dev/null ++++ b/lib/irs/tests/testdata/options-attempts.conf +@@ -0,0 +1,10 @@ ++# Copyright (C) Internet Systems Consortium, Inc. ("ISC") ++# ++# This Source Code Form is subject to the terms of the Mozilla Public ++# License, v. 2.0. If a copy of the MPL was not distributed with this ++# file, you can obtain one at https://mozilla.org/MPL/2.0/. ++# ++# See the COPYRIGHT file distributed with this work for additional ++# information regarding copyright ownership. ++ ++options attempts:4 +diff --git a/lib/irs/tests/testdata/options-ndots.conf b/lib/irs/tests/testdata/options-ndots.conf +index 5d18d26..f37c712 100644 +--- a/lib/irs/tests/testdata/options-ndots.conf ++++ b/lib/irs/tests/testdata/options-ndots.conf +@@ -9,4 +9,4 @@ + # See the COPYRIGHT file distributed with this work for additional + # information regarding copyright ownership. + +-option ndots:2 ++options ndots:2 +-- +2.35.3 + diff --git a/bind-9.16-resolv.conf-options-timeout.patch b/bind-9.16-resolv.conf-options-timeout.patch new file mode 100644 index 0000000..2c28b6d --- /dev/null +++ b/bind-9.16-resolv.conf-options-timeout.patch @@ -0,0 +1,203 @@ +From b0e79979672935ff07bf23703c675ee788940c59 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 22 Jun 2021 16:35:46 +0200 +Subject: [PATCH] Parse 'timeout' and 'attempts' from resolv.conf + +It was supported by lwres in BIND 9.11, and is still mentioned in +the manual page. Restore support for it by adding it to libirs. +--- + bin/dig/dighost.c | 13 ++++++- + lib/irs/include/irs/resconf.h | 20 +++++++++++ + lib/irs/resconf.c | 64 ++++++++++++++++++++++++++++------- + 3 files changed, 84 insertions(+), 13 deletions(-) + +diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c +index 0222454..274e894 100644 +--- a/bin/dig/dighost.c ++++ b/bin/dig/dighost.c +@@ -133,7 +133,7 @@ int sendcount = 0; + int recvcount = 0; + int sockcount = 0; + int ndots = -1; +-int tries = 3; ++int tries = -1; + int lookup_counter = 0; + + static char servercookie[256]; +@@ -1330,6 +1330,17 @@ setup_system(bool ipv4only, bool ipv6only) { + ndots = irs_resconf_getndots(resconf); + debug("ndots is %d.", ndots); + } ++ if (timeout == 0) { ++ timeout = irs_resconf_gettimeout(resconf); ++ debug("timeout is %d.", timeout); ++ } ++ if (tries == -1) { ++ tries = irs_resconf_getattempts(resconf); ++ if (tries == 0) { ++ tries = 3; ++ } ++ debug("retries is %d.", tries); ++ } + + /* If user doesn't specify server use nameservers from resolv.conf. */ + if (ISC_LIST_EMPTY(server_list)) { +diff --git a/lib/irs/include/irs/resconf.h b/lib/irs/include/irs/resconf.h +index 424b795..74fc84a 100644 +--- a/lib/irs/include/irs/resconf.h ++++ b/lib/irs/include/irs/resconf.h +@@ -113,6 +113,26 @@ irs_resconf_getndots(irs_resconf_t *conf); + *\li 'conf' is a valid resconf object. + */ + ++unsigned int ++irs_resconf_getattempts(irs_resconf_t *conf); ++/*%< ++ * Return the 'attempts' value stored in 'conf'. ++ * ++ * Requires: ++ * ++ *\li 'conf' is a valid resconf object. ++ */ ++ ++unsigned int ++irs_resconf_gettimeout(irs_resconf_t *conf); ++/*%< ++ * Return the 'timeout' value stored in 'conf'. ++ * ++ * Requires: ++ * ++ *\li 'conf' is a valid resconf object. ++ */ ++ + ISC_LANG_ENDDECLS + + #endif /* IRS_RESCONF_H */ +diff --git a/lib/irs/resconf.c b/lib/irs/resconf.c +index 096064b..dd51d71 100644 +--- a/lib/irs/resconf.c ++++ b/lib/irs/resconf.c +@@ -80,6 +80,13 @@ + #define RESCONFMAXLINELEN 256U /*%< max size of a line */ + #define RESCONFMAXSORTLIST 10U /*%< max 10 */ + ++#define CHECK(op) \ ++ do { \ ++ result = (op); \ ++ if (result != ISC_R_SUCCESS) \ ++ goto cleanup; \ ++ } while (0) ++ + /*! + * configuration data structure + */ +@@ -114,6 +121,10 @@ struct irs_resconf { + uint8_t resdebug; + /*%< set to n in 'options ndots:n' */ + uint8_t ndots; ++ /*%< set to n in 'options attempts:n' */ ++ uint8_t attempts; ++ /*%< set to n in 'options timeout:n' */ ++ uint8_t timeout; + }; + + static isc_result_t +@@ -176,8 +187,8 @@ eatwhite(FILE *fp) { + */ + static int + getword(FILE *fp, char *buffer, size_t size) { ++ char *p = NULL; + int ch; +- char *p; + + REQUIRE(buffer != NULL); + REQUIRE(size > 0U); +@@ -457,11 +468,26 @@ resconf_parsesortlist(irs_resconf_t *conf, FILE *fp) { + return (ISC_R_SUCCESS); + } + ++static isc_result_t ++resconf_optionnumber(const char *word, uint8_t *number) { ++ char *p; ++ long n; ++ ++ n = strtol(word, &p, 10); ++ if (*p != '\0') { /* Bad string. */ ++ return (ISC_R_UNEXPECTEDTOKEN); ++ } ++ if (n < 0 || n > 0xff) { /* Out of range. */ ++ return (ISC_R_RANGE); ++ } ++ *number = n; ++ return (ISC_R_SUCCESS); ++} ++ + static isc_result_t + resconf_parseoption(irs_resconf_t *conf, FILE *fp) { + int delim; +- long ndots; +- char *p; ++ isc_result_t result = ISC_R_SUCCESS; + char word[RESCONFMAXLINELEN]; + + delim = getword(fp, word, sizeof(word)); +@@ -473,14 +499,11 @@ resconf_parseoption(irs_resconf_t *conf, FILE *fp) { + if (strcmp("debug", word) == 0) { + conf->resdebug = 1; + } else if (strncmp("ndots:", word, 6) == 0) { +- ndots = strtol(word + 6, &p, 10); +- if (*p != '\0') { /* Bad string. */ +- return (ISC_R_UNEXPECTEDTOKEN); +- } +- if (ndots < 0 || ndots > 0xff) { /* Out of range. */ +- return (ISC_R_RANGE); +- } +- conf->ndots = (uint8_t)ndots; ++ CHECK(resconf_optionnumber(word + 6, &conf->ndots)); ++ } else if (strncmp("attempts:", word, 9) == 0) { ++ CHECK(resconf_optionnumber(word + 9, &conf->attempts)); ++ } else if (strncmp("timeout:", word, 8) == 0) { ++ CHECK(resconf_optionnumber(word + 8, &conf->timeout)); + } + + if (delim == EOF || delim == '\n') { +@@ -490,7 +513,8 @@ resconf_parseoption(irs_resconf_t *conf, FILE *fp) { + } + } + +- return (ISC_R_SUCCESS); ++cleanup: ++ return (result); + } + + static isc_result_t +@@ -532,6 +556,8 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp) { + conf->sortlistnxt = 0; + conf->resdebug = 0; + conf->ndots = 1; ++ conf->attempts = 3; ++ conf->timeout = 0; + for (i = 0; i < RESCONFMAXSEARCH; i++) { + conf->search[i] = NULL; + } +@@ -687,3 +713,17 @@ irs_resconf_getndots(irs_resconf_t *conf) { + + return ((unsigned int)conf->ndots); + } ++ ++unsigned int ++irs_resconf_getattempts(irs_resconf_t *conf) { ++ REQUIRE(IRS_RESCONF_VALID(conf)); ++ ++ return ((unsigned int)conf->attempts); ++} ++ ++unsigned int ++irs_resconf_gettimeout(irs_resconf_t *conf) { ++ REQUIRE(IRS_RESCONF_VALID(conf)); ++ ++ return ((unsigned int)conf->timeout); ++} +-- +2.35.3 + diff --git a/bind.spec b/bind.spec index 13e4997..d830eb9 100644 --- a/bind.spec +++ b/bind.spec @@ -53,7 +53,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.16.28 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -105,6 +105,9 @@ Patch24: bind-9.9.1-P2-dlz-libdb.patch Patch25:bind-9.11-rh1666814.patch # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5905 Patch26: bind-9.16-locked-isc-queue.patch +# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5273 +Patch27: bind-9.16-resolv.conf-options-timeout.patch +Patch28: bind-9.16-resolv.conf-options-timeout-test.patch %{?systemd_ordering} Requires: coreutils @@ -1115,6 +1118,9 @@ fi; %endif %changelog +* Tue May 17 2022 Petr Menšík - 32:9.16.28-2 +- Parse again timeout and attempts from resolv.conf (#2087156) + * Wed Apr 20 2022 Petr Menšík - 32:9.16.28-1 - Update to 9.16.28 (#2076941)