diff --git a/bind-9.10-dist-native-pkcs11.patch b/bind-9.10-dist-native-pkcs11.patch index b623f58..0dfc74c 100644 --- a/bind-9.10-dist-native-pkcs11.patch +++ b/bind-9.10-dist-native-pkcs11.patch @@ -12,7 +12,7 @@ index 9ad7f62..094775a 100644 TARGETS = diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in -index ef3e70c..1f5165a 100644 +index c126bf3..1b7512d 100644 --- a/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@ @@ -25,7 +25,7 @@ index ef3e70c..1f5165a 100644 ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in -index 7486bf0..7d791d1 100644 +index ace0e5a..e0f6a00 100644 --- a/bin/dnssec-pkcs11/Makefile.in +++ b/bin/dnssec-pkcs11/Makefile.in @@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@ @@ -40,11 +40,11 @@ index 7486bf0..7d791d1 100644 +CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" -DUSE_PKCS11=1 CWARNINGS = --DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@ +-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@ ++DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ - ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS} - ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS} + ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@ + ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@ -DNSDEPLIBS = ../../lib/dns/libdns.@A@ +DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @@ -72,7 +72,7 @@ index 7486bf0..7d791d1 100644 OBJS = dnssectool.@O@ -@@ -64,19 +67,19 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +@@ -52,19 +55,19 @@ SRCS = dnssec-cds.c dnssec-dsfromkey.c dnssec-importkey.c \ @BIND9_MAKE_RULES@ @@ -96,7 +96,7 @@ index 7486bf0..7d791d1 100644 export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -@@ -84,7 +87,7 @@ dnssec-signzone.@O@: dnssec-signzone.c +@@ -72,7 +75,7 @@ dnssec-signzone.@O@: dnssec-signzone.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ -c ${srcdir}/dnssec-signzone.c @@ -105,7 +105,7 @@ index 7486bf0..7d791d1 100644 export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -@@ -92,19 +95,19 @@ dnssec-verify.@O@: dnssec-verify.c +@@ -80,19 +83,19 @@ dnssec-verify.@O@: dnssec-verify.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \ -c ${srcdir}/dnssec-verify.c @@ -129,26 +129,8 @@ index 7486bf0..7d791d1 100644 ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ dnssec-importkey.@O@ ${OBJS} ${LIBS} -@@ -115,16 +118,14 @@ docclean manclean maintainer-clean:: - - installdirs: - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} -- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8 - - install-man8: ${MANPAGES} - ${INSTALL_DATA} $^ ${DESTDIR}${mandir}/man8 - --install:: ${TARGETS} installdirs install-man8 -+install:: ${TARGETS} installdirs - for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir} || exit 1; done - - uninstall:: -- for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done - for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done - - clean distclean:: diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in -index cb187e5..1bcb249 100644 +index ed9add2..90bcec7 100644 --- a/bin/named-pkcs11/Makefile.in +++ b/bin/named-pkcs11/Makefile.in @@ -37,13 +37,14 @@ DBDRIVER_LIBS = @@ -171,21 +153,21 @@ index cb187e5..1bcb249 100644 ${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \ ${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \ ${DBDRIVER_INCLUDES} \ -@@ -53,24 +54,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ - ${MAXMINDDB_CFLAGS} \ - ${ZLIB_CFLAGS} +@@ -54,24 +55,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ + ${LIBXML2_CFLAGS} \ + ${MAXMINDDB_CFLAGS} -CDEFINES = @CONTRIB_DLZ@ +CDEFINES = CWARNINGS = --DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@ +-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@ ++DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@ ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ ISCCCLIBS = ../../lib/isccc/libisccc.@A@ - ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS} - ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS} + ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@ + ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@ BIND9LIBS = ../../lib/bind9/libbind9.@A@ -NSLIBS = ../../lib/ns/libns.@A@ +NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@ @@ -201,7 +183,7 @@ index cb187e5..1bcb249 100644 DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} -@@ -87,7 +88,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \ +@@ -91,7 +92,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \ SUBDIRS = unix @@ -210,7 +192,7 @@ index cb187e5..1bcb249 100644 GEOIP2LINKOBJS = geoip.@O@ -@@ -151,7 +152,7 @@ server.@O@: server.c +@@ -149,7 +150,7 @@ server.@O@: server.c -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c @@ -219,7 +201,7 @@ index cb187e5..1bcb249 100644 export MAKE_SYMTABLE="yes"; \ export BASEOBJS="${OBJS} ${UOBJS}"; \ ${FINALBUILDCMD} -@@ -161,7 +162,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c +@@ -159,7 +160,7 @@ feature-test.@O@: ${top_srcdir}/bin/tests/system/feature-test.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -c ${top_srcdir}/bin/tests/system/feature-test.c @@ -228,28 +210,26 @@ index cb187e5..1bcb249 100644 ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS} -@@ -194,13 +195,13 @@ install-man8: named.8 - - install-man: install-man5 install-man8 +@@ -178,11 +179,11 @@ statschannel.@O@: bind9.xsl.h + installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} --install:: named@EXEEXT@ installdirs install-man +-install:: named@EXEEXT@ installdirs - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} -+install:: named-pkcs11@EXEEXT@ installdirs install-man ++install:: named-pkcs11@EXEEXT@ installdirs + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir} uninstall:: - rm -f ${DESTDIR}${mandir}/man5/named.conf.5 - rm -f ${DESTDIR}${mandir}/man8/named.8 - ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@ + ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-pkcs11@EXEEXT@ @DLZ_DRIVER_RULES@ diff --git a/configure.ac b/configure.ac -index de6a248..e95ef36 100644 +index 2ff68a5..2638ef2 100644 --- a/configure.ac +++ b/configure.ac -@@ -1196,12 +1196,14 @@ AC_SUBST(USE_GSSAPI) +@@ -1214,12 +1214,14 @@ AC_SUBST(USE_GSSAPI) AC_SUBST(DST_GSSAPI_INC) AC_SUBST(DNS_GSSAPI_LIBS) DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS" @@ -264,7 +244,7 @@ index de6a248..e95ef36 100644 # # was --with-lmdb specified? -@@ -2296,6 +2298,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE) +@@ -2281,6 +2283,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE) AC_SUBST(BIND9_NS_BUILDINCLUDE) AC_SUBST(BIND9_BIND9_BUILDINCLUDE) AC_SUBST(BIND9_IRS_BUILDINCLUDE) @@ -273,7 +253,7 @@ index de6a248..e95ef36 100644 if test "X$srcdir" != "X"; then BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include" BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include" -@@ -2304,6 +2308,8 @@ if test "X$srcdir" != "X"; then +@@ -2289,6 +2293,8 @@ if test "X$srcdir" != "X"; then BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include" BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include" BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include" @@ -282,7 +262,7 @@ index de6a248..e95ef36 100644 else BIND9_ISC_BUILDINCLUDE="" BIND9_ISCCC_BUILDINCLUDE="" -@@ -2312,6 +2318,8 @@ else +@@ -2297,6 +2303,8 @@ else BIND9_NS_BUILDINCLUDE="" BIND9_BIND9_BUILDINCLUDE="" BIND9_IRS_BUILDINCLUDE="" @@ -291,7 +271,7 @@ index de6a248..e95ef36 100644 fi AC_SUBST_FILE(BIND9_MAKE_INCLUDES) -@@ -2771,8 +2779,11 @@ AC_CONFIG_FILES([ +@@ -2757,8 +2765,11 @@ AC_CONFIG_FILES([ bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile @@ -303,7 +283,7 @@ index de6a248..e95ef36 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/plugins/Makefile -@@ -2843,6 +2854,10 @@ AC_CONFIG_FILES([ +@@ -2820,6 +2831,10 @@ AC_CONFIG_FILES([ lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile @@ -314,7 +294,7 @@ index de6a248..e95ef36 100644 lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile -@@ -2875,6 +2890,10 @@ AC_CONFIG_FILES([ +@@ -2852,6 +2867,10 @@ AC_CONFIG_FILES([ lib/ns/include/Makefile lib/ns/include/ns/Makefile lib/ns/tests/Makefile @@ -339,19 +319,20 @@ index ffa2d5a..6fbc192 100644 @BIND9_MAKE_RULES@ diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in -index 0ef3b5f..80683c2 100644 +index 8de85bf..d5c3c2b 100644 --- a/lib/dns-pkcs11/Makefile.in +++ b/lib/dns-pkcs11/Makefile.in -@@ -26,14 +26,14 @@ VERSION=@BIND9_VERSION@ +@@ -26,7 +26,7 @@ VERSION=@BIND9_VERSION@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@ -CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \ +CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \ ${ISC_INCLUDES} \ + ${FSTRM_CFLAGS} \ ${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \ - ${JSON_C_CFLAGS} \ - ${LIBXML2_CFLAGS} \ +@@ -36,7 +36,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \ + ${LMDB_CFLAGS} \ ${MAXMINDDB_CFLAGS} -CDEFINES = @USE_GSSAPI@ ${USE_ISC_SPNEGO} @@ -359,7 +340,7 @@ index 0ef3b5f..80683c2 100644 CWARNINGS = -@@ -139,15 +139,15 @@ version.@O@: version.c +@@ -142,15 +142,15 @@ version.@O@: version.c -DLIBAGE=${LIBAGE} \ -c ${srcdir}/version.c @@ -379,7 +360,7 @@ index 0ef3b5f..80683c2 100644 include: gen ${MAKE} include/dns/enumtype.h -@@ -178,22 +178,22 @@ gen: gen.c +@@ -181,22 +181,22 @@ gen: gen.c ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \ ${BUILD_LIBS} ${LFS_LIBS} @@ -408,7 +389,7 @@ index 0ef3b5f..80683c2 100644 rm -f include/dns/rdatastruct.h rm -f dnstap.pb-c.c dnstap.pb-c.h diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in -index fd8ebb9..9384a4f 100644 +index 8aec0a8..3c2cc04 100644 --- a/lib/dns-pkcs11/tests/Makefile.in +++ b/lib/dns-pkcs11/tests/Makefile.in @@ -15,14 +15,14 @@ VERSION=@BIND9_VERSION@ @@ -421,20 +402,20 @@ index fd8ebb9..9384a4f 100644 -CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\"" +CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\"" - ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS} + ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@ ISCDEPLIBS = ../../isc/libisc.@A@ --DNSLIBS = ../libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ +-DNSLIBS = ../libdns.@A@ @NO_LIBTOOL_DNSLIBS@ -DNSDEPLIBS = ../libdns.@A@ -+DNSLIBS = ../libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@ ++DNSLIBS = ../libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@ +DNSDEPLIBS = ../libdns-pkcs11.@A@ LIBS = @LIBS@ @CMOCKA_LIBS@ diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in -index 97aaaf6..c7ffc7b 100644 +index d00ddaf..b867afe 100644 --- a/lib/ns-pkcs11/Makefile.in +++ b/lib/ns-pkcs11/Makefile.in -@@ -20,11 +20,11 @@ VERSION=@BIND9_VERSION@ +@@ -20,12 +20,12 @@ VERSION=@BIND9_VERSION@ USE_ISC_SPNEGO = @USE_ISC_SPNEGO@ @@ -442,26 +423,27 @@ index 97aaaf6..c7ffc7b 100644 - ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \ +CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \ + ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \ - ${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ + ${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \ + ${FSTRM_CFLAGS} -CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\" +CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\" CWARNINGS = -@@ -32,9 +32,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS +@@ -33,9 +33,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@ ISCDEPLIBS = ../../lib/isc/libisc.@A@ --DNSLIBS = ../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ -+DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@ +-DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@ ++DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@ -DNSDEPLIBS = ../../lib/dns/libdns.@A@ +DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ LIBS = @LIBS@ -@@ -66,28 +66,28 @@ version.@O@: version.c +@@ -67,28 +67,28 @@ version.@O@: version.c -DLIBAGE=${LIBAGE} \ -c ${srcdir}/version.c @@ -476,8 +458,8 @@ index 97aaaf6..c7ffc7b 100644 - ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns.la -rpath ${libdir} \ + ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns-pkcs11.la -rpath ${libdir} \ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ -- ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS} -+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS} +- ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_LIBS@ ${LIBS} ++ ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS} -timestamp: libns.@A@ +timestamp: libns-pkcs11.@A@ @@ -499,7 +481,7 @@ index 97aaaf6..c7ffc7b 100644 - rm -f libns.@A@ timestamp + rm -f libns-pkcs11.@A@ timestamp diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in -index 70c77a4..87955a7 100644 +index 7869c8e..789d6cb 100644 --- a/lib/ns-pkcs11/tests/Makefile.in +++ b/lib/ns-pkcs11/tests/Makefile.in @@ -21,17 +21,17 @@ WRAP_NAME = -Wl,-install_name,${top_builddir}/lib/ns/tests/$@ @@ -513,13 +495,13 @@ index 70c77a4..87955a7 100644 -CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" +CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" @USE_PKCS11@ - ISCLIBS = ../../isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS} + ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@ ISCDEPLIBS = ../../isc/libisc.@A@ --DNSLIBS = ../../dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@ +-DNSLIBS = ../../dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@ -DNSDEPLIBS = ../../dns/libdns.@A@ -NSLIBS = ../libns.@A@ -NSDEPLIBS = ../libns.@A@ -+DNSLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_PK11_LIBS@ ++DNSLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@ +DNSDEPLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ +NSLIBS = ../libns-pkcs11.@A@ +NSDEPLIBS = ../libns-pkcs11.@A@ @@ -527,10 +509,10 @@ index 70c77a4..87955a7 100644 LIBS = @LIBS@ @CMOCKA_LIBS@ diff --git a/make/includes.in b/make/includes.in -index 48cdaf7..7b17738 100644 +index 9ff1bd8..ebab049 100644 --- a/make/includes.in +++ b/make/includes.in -@@ -39,3 +39,10 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \ +@@ -41,3 +41,10 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \ TEST_INCLUDES = \ -I${top_srcdir}/lib/tests/include diff --git a/bind-9.11-feature-test-named.patch b/bind-9.11-feature-test-named.patch index c4bbe16..9af8d73 100644 --- a/bind-9.11-feature-test-named.patch +++ b/bind-9.11-feature-test-named.patch @@ -1,4 +1,4 @@ -From 64f29512679fd00c89473d93d8b22017b018dd8f Mon Sep 17 00:00:00 2001 +From e645046202006750f87531e21e3ff7c26fba3466 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 30 Jan 2019 14:37:17 +0100 Subject: [PATCH] Create feature-test in source directory @@ -7,15 +7,15 @@ Feature-test tool is used in system tests to test compiled in changes. Because we build more variants of named with different configuration, compile feature-test for each of them this way. --- - bin/named/Makefile.in | 11 ++++++++++- + bin/named/Makefile.in | 12 +++++++++++- bin/tests/system/conf.sh.in | 2 +- - 2 files changed, 11 insertions(+), 2 deletions(-) + 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index dd25774..cb187e5 100644 +index 37053a7..ed9add2 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -87,7 +87,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \ +@@ -91,7 +91,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \ SUBDIRS = unix @@ -24,7 +24,7 @@ index dd25774..cb187e5 100644 GEOIP2LINKOBJS = geoip.@O@ -@@ -156,6 +156,15 @@ named@EXEEXT@: ${OBJS} ${DEPLIBS} +@@ -154,6 +154,16 @@ named@EXEEXT@: ${OBJS} ${DEPLIBS} export BASEOBJS="${OBJS} ${UOBJS}"; \ ${FINALBUILDCMD} @@ -37,11 +37,12 @@ index dd25774..cb187e5 100644 + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ + -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS} + - doc man:: ${MANOBJS} ++ + clean distclean maintainer-clean:: + rm -f ${TARGETS} ${OBJS} - docclean manclean maintainer-clean:: diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in -index 2317bd8..5015d5c 100644 +index 7934930..e84fde2 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -37,7 +37,7 @@ DELV=$TOP/bin/delv/delv @@ -54,5 +55,5 @@ index 2317bd8..5015d5c 100644 HOST=$TOP/bin/dig/host IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey -- -2.21.1 +2.26.2 diff --git a/bind-9.14-config-pkcs11.patch b/bind-9.14-config-pkcs11.patch index bfc6e45..58b492b 100644 --- a/bind-9.14-config-pkcs11.patch +++ b/bind-9.14-config-pkcs11.patch @@ -1,4 +1,4 @@ -From 124c9e4c0500e7589ee63376e8f860f4abc675f2 Mon Sep 17 00:00:00 2001 +From c42c0ff6f6e0e920356d99b9ed26ed52544621c2 Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Fri, 18 Oct 2019 21:30:52 +0200 Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h @@ -13,7 +13,7 @@ Move it as normal define to CDEFINES. 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in -index 1f5165a..ef3e70c 100644 +index 1b7512d..c126bf3 100644 --- a/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@ @@ -26,12 +26,12 @@ index 1f5165a..ef3e70c 100644 ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ diff --git a/configure.ac b/configure.ac -index fde41dc..e5cc3cd 100644 +index eaa6b12..2ff68a5 100644 --- a/configure.ac +++ b/configure.ac -@@ -889,10 +889,14 @@ AS_CASE([$enable_native_pkcs11], - AC_SUBST([PKCS11_TEST]) +@@ -900,10 +900,14 @@ AC_SUBST([PKCS11_TEST]) AC_SUBST([PKCS11_TOOLS]) + AC_SUBST([PKCS11_MANS]) +USE_PKCS11='-DUSE_PKCS11=0' +USE_OPENSSL='-DUSE_OPENSSL=0' @@ -79,5 +79,5 @@ index 116e2d2..99bdf5b 100644 dst_hmac_key_t *hmac_key; } keydata; /*%< pointer to key in crypto pkg fmt */ -- -2.21.1 +2.26.2 diff --git a/bind-9.16-redhat_doc.patch b/bind-9.16-redhat_doc.patch new file mode 100644 index 0000000..15c8a41 --- /dev/null +++ b/bind-9.16-redhat_doc.patch @@ -0,0 +1,74 @@ +From 86fd25f3f0c5189fa93e10c6afa1a1cffe639ade Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Wed, 17 Jun 2020 23:17:13 +0200 +Subject: [PATCH] Update man named with Red Hat specifics + +This is almost unmodified text and requires revalidation. Some of those +statements are no longer correct. +--- + bin/named/named.rst | 49 +++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/bin/named/named.rst b/bin/named/named.rst +index 3c54a67..c44b6d7 100644 +--- a/bin/named/named.rst ++++ b/bin/named/named.rst +@@ -228,6 +228,55 @@ Files + ``/var/run/named/named.pid`` + The default process-id file. + ++Notes ++~~~~~ ++ ++**Red Hat SELinux BIND Security Profile:** ++ ++By default, Red Hat ships BIND with the most secure SELinux policy ++that will not prevent normal BIND operation and will prevent exploitation ++of all known BIND security vulnerabilities . See the selinux(8) man page ++for information about SElinux. ++ ++It is not necessary to run named in a chroot environment if the Red Hat ++SELinux policy for named is enabled. When enabled, this policy is far ++more secure than a chroot environment. Users are recommended to enable ++SELinux and remove the bind-chroot package. ++ ++*With this extra security comes some restrictions:* ++ ++By default, the SELinux policy does not allow named to write any master ++zone database files. Only the root user may create files in the $ROOTDIR/var/named ++zone database file directory (the options { "directory" } option), where ++$ROOTDIR is set in /etc/sysconfig/named. ++ ++The "named" group must be granted read privelege to ++these files in order for named to be enabled to read them. ++ ++Any file created in the zone database file directory is automatically assigned ++the SELinux file context *named_zone_t* . ++ ++By default, SELinux prevents any role from modifying *named_zone_t* files; this ++means that files in the zone database directory cannot be modified by dynamic ++DNS (DDNS) updates or zone transfers. ++ ++The Red Hat BIND distribution and SELinux policy creates three directories where ++named is allowed to create and modify files: */var/named/slaves*, */var/named/dynamic* ++*/var/named/data*. By placing files you want named to modify, such as ++slave or DDNS updateable zone files and database / statistics dump files in ++these directories, named will work normally and no further operator action is ++required. Files in these directories are automatically assigned the '*named_cache_t*' ++file context, which SELinux allows named to write. ++ ++**Red Hat BIND SDB support:** ++ ++Red Hat ships named with compiled in Simplified Database Backend modules that ISC ++provides in the "contrib/sdb" directory. Install **bind-sdb** package if you want use them ++ ++The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into *named-sdb*. ++ ++See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ . ++ + See Also + ~~~~~~~~ + +-- +2.26.2 + diff --git a/bind-9.3.2-redhat_doc.patch b/bind-9.3.2-redhat_doc.patch deleted file mode 100644 index d4531f4..0000000 --- a/bind-9.3.2-redhat_doc.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff --git a/bin/named/named.8 b/bin/named/named.8 -index ef10ef4..3150b22 100644 ---- a/bin/named/named.8 -+++ b/bin/named/named.8 -@@ -349,6 +349,63 @@ The default configuration file\&. - /var/run/named/named\&.pid - .RS 4 - The default process\-id file\&. -+.PP -+.SH "NOTES" -+.PP -+.TP -+\fBRed Hat SELinux BIND Security Profile:\fR -+.PP -+By default, Red Hat ships BIND with the most secure SELinux policy -+that will not prevent normal BIND operation and will prevent exploitation -+of all known BIND security vulnerabilities . See the selinux(8) man page -+for information about SElinux. -+.PP -+It is not necessary to run named in a chroot environment if the Red Hat -+SELinux policy for named is enabled. When enabled, this policy is far -+more secure than a chroot environment. Users are recommended to enable -+SELinux and remove the bind-chroot package. -+.PP -+With this extra security comes some restrictions: -+.PP -+By default, the SELinux policy does not allow named to write any master -+zone database files. Only the root user may create files in the $ROOTDIR/var/named -+zone database file directory (the options { "directory" } option), where -+$ROOTDIR is set in /etc/sysconfig/named. -+.PP -+The "named" group must be granted read privelege to -+these files in order for named to be enabled to read them. -+.PP -+Any file created in the zone database file directory is automatically assigned -+the SELinux file context named_zone_t . -+.PP -+By default, SELinux prevents any role from modifying named_zone_t files; this -+means that files in the zone database directory cannot be modified by dynamic -+DNS (DDNS) updates or zone transfers. -+.PP -+The Red Hat BIND distribution and SELinux policy creates three directories where -+named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic -+/var/named/data. By placing files you want named to modify, such as -+slave or DDNS updateable zone files and database / statistics dump files in -+these directories, named will work normally and no further operator action is -+required. Files in these directories are automatically assigned the 'named_cache_t' -+file context, which SELinux allows named to write. -+.PP -+\fBRed Hat BIND SDB support:\fR -+.PP -+Red Hat ships named with compiled in Simplified Database Backend modules that ISC -+provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them -+.PP -+The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb. -+.PP -+See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ . -+.br -+.PP -+\fBRed Hat system-config-bind:\fR -+.PP -+Red Hat provides the system-config-bind GUI to configure named.conf and zone -+database files. Run the "system-config-bind" command and access the manual -+by selecting the Help menu. -+.PP - .RE - .SH "SEE ALSO" - .PP diff --git a/bind-9.5-PIE.patch b/bind-9.5-PIE.patch index a525b9b..d3c73ee 100644 --- a/bind-9.5-PIE.patch +++ b/bind-9.5-PIE.patch @@ -1,8 +1,10 @@ ---- bind-9.5.0b2/bin/named/Makefile.in.pie 2008-02-11 17:21:47.000000000 +0100 -+++ bind-9.5.0b2/bin/named/Makefile.in 2008-02-11 17:22:10.000000000 +0100 -@@ -100,8 +100,12 @@ HTMLPAGES = named.html lwresd.html named - - MANOBJS = ${MANPAGES} ${HTMLPAGES} +diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in +index eb622d1..37053a7 100644 +--- a/bin/named/Makefile.in ++++ b/bin/named/Makefile.in +@@ -117,8 +117,12 @@ SRCS = builtin.c config.c control.c \ + tkeyconf.c tsigconf.c zoneconf.c \ + ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS} +EXT_CFLAGS = -fpie + @@ -13,10 +15,11 @@ main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -diff -up bind-9.5.0b2/bin/named/unix/Makefile.in.pie bind-9.5.0b2/bin/named/unix/Makefile.in ---- bind-9.5.0b2/bin/named/unix/Makefile.in.pie 2008-02-11 17:22:21.000000000 +0100 -+++ bind-9.5.0b2/bin/named/unix/Makefile.in 2008-02-11 17:23:00.000000000 +0100 -@@ -19,6 +19,8 @@ srcdir = @srcdir@ +diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in +index fd9ca8d..f1c102c 100644 +--- a/bin/named/unix/Makefile.in ++++ b/bin/named/unix/Makefile.in +@@ -11,6 +11,8 @@ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ diff --git a/bind.spec b/bind.spec index e533822..01b5197 100644 --- a/bind.spec +++ b/bind.spec @@ -63,7 +63,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.16.3 +Version: 9.16.4 Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ @@ -98,7 +98,7 @@ Source49: named-chroot.files # Common patches Patch10: bind-9.5-PIE.patch -Patch16: bind-9.3.2-redhat_doc.patch +Patch16: bind-9.16-redhat_doc.patch Patch72: bind-9.5-dlz-64bit.patch Patch106:bind93-rh490837.patch Patch112:bind97-rh645544.patch @@ -150,6 +150,8 @@ BuildRequires: selinux-policy # needed for %%{__python3} macro BuildRequires: python3-devel BuildRequires: python3-ply +BuildRequires: python3-sphinx +BuildRequires: doxygen BuildRequires: findutils sed %if 0%{?fedora} BuildRequires: gnupg2 @@ -429,7 +431,7 @@ This package provides a module which allows commands to be sent to rndc directly %patch112 -p1 -b .rh645544 %patch130 -p1 -b .libdb %patch140 -p1 -b .rh1410433 -%patch154 -p1 -b .oot-man +#%patch154 -p1 -b .oot-man # FIXME: sphinx replace? %patch157 -p1 -b .fips-tests %patch164 -p1 -b .rh1666814 %patch170 -p1 -b .featuretest-named @@ -1157,6 +1159,9 @@ fi; %changelog +* Thu Jun 18 2020 Petr Menšík - 32:9.16.4-1 +- Update to 9.16.4 + * Wed May 20 2020 Petr Menšík - 32:9.16.3-1 - Update to 9.16.3 - Make initscripts just optional dependency diff --git a/bind97-rh645544.patch b/bind97-rh645544.patch index e7f67d8..e2ae978 100644 --- a/bind97-rh645544.patch +++ b/bind97-rh645544.patch @@ -1,8 +1,8 @@ diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 51bc368..20a17b9 100644 +index 31549c6..65a14b6 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c -@@ -1754,7 +1754,7 @@ log_edns(fetchctx_t *fctx) { +@@ -1762,7 +1762,7 @@ log_edns(fetchctx_t *fctx) { */ dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED, @@ -11,7 +11,7 @@ index 51bc368..20a17b9 100644 "success resolving '%s' (in '%s'?) after %s", fctx->info, domainbuf, fctx->reason); } -@@ -5275,7 +5275,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) { +@@ -5298,7 +5298,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) { dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS, @@ -20,12 +20,12 @@ index 51bc368..20a17b9 100644 "lame server resolving '%s' (in '%s'?): %s", namebuf, domainbuf, addrbuf); } -@@ -5302,7 +5302,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) { - } +@@ -5316,7 +5316,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) { + isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, - DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE, + DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1), - "DNS format error from %s resolving %s%s%s: %s", nsbuf, - fctx->info, clmsg, clbuf, msgbuf); + "DNS format error from %s resolving %s for %s: %s", nsbuf, + fctx->info, fctx->clientstr, msgbuf); } diff --git a/bind99-rh640538.patch b/bind99-rh640538.patch index 5066a14..54d7e1b 100644 --- a/bind99-rh640538.patch +++ b/bind99-rh640538.patch @@ -1,44 +1,22 @@ -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook -index 1079421..f11abd1 100644 ---- a/bin/dig/dig.docbook -+++ b/bin/dig/dig.docbook -@@ -1177,6 +1177,39 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr - - +diff --git a/bin/dig/dig.rst b/bin/dig/dig.rst +index 3c899ce..3e9957b 100644 +--- a/bin/dig/dig.rst ++++ b/bin/dig/dig.rst +@@ -616,6 +616,17 @@ like to turn off the IDN support for some reason, use parameters + ``+noidnin`` and ``+noidnout`` or define the IDN_DISABLE environment + variable. -+ RETURN CODES -+ -+ Dig return codes are: -+ -+ -+ -+ 0: Everything went well, including things like NXDOMAIN -+ -+ -+ -+ -+ 1: Usage error -+ -+ -+ -+ -+ 8: Couldn't open batch file -+ -+ -+ -+ -+ 9: No reply from server -+ -+ -+ -+ -+ 10: Internal error -+ -+ -+ -+ -+ ++Return codes ++~~~~~~~~~~~~ + - FILES ++``dig`` return codes are: ++ ++ 0: Everything went well, including things like NXDOMAIN ++ 1: Usage error ++ 8: Couldn't open batch file ++ 9: No reply from server ++ 10: Internal error ++ + Files + ~~~~~ - /etc/resolv.conf