diff --git a/.gitignore b/.gitignore index d72777d..621325c 100644 --- a/.gitignore +++ b/.gitignore @@ -102,3 +102,5 @@ bind-9.7.2b1.tar.gz /bind-9.11.13.tar.gz.asc /bind-9.11.14.tar.gz /bind-9.11.14.tar.gz.asc +/bind-9.11.17.tar.gz +/bind-9.11.17.tar.gz.asc diff --git a/bind-9.10-sdb.patch b/bind-9.10-sdb.patch index ef9a8dc..5c4987f 100644 --- a/bind-9.10-sdb.patch +++ b/bind-9.10-sdb.patch @@ -88,10 +88,10 @@ index 4cfed4d..c6b42b2 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c -index 108b8d6..a943421 100644 +index c9fc3cc..148ebb3 100644 --- a/bin/named-sdb/main.c +++ b/bin/named-sdb/main.c -@@ -93,6 +93,10 @@ +@@ -97,6 +97,10 @@ * Include header files for database drivers here. */ /* #include "xxdb.h" */ @@ -102,7 +102,7 @@ index 108b8d6..a943421 100644 #ifdef CONTRIB_DLZ /* -@@ -1069,6 +1073,11 @@ setup(void) { +@@ -1134,6 +1138,11 @@ setup(void) { ns_main_earlyfatal("isc_app_start() failed: %s", isc_result_totext(result)); @@ -114,7 +114,7 @@ index 108b8d6..a943421 100644 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting %s %s%s%s ", ns_g_product, ns_g_version, -@@ -1269,6 +1278,75 @@ setup(void) { +@@ -1334,6 +1343,75 @@ setup(void) { isc_result_totext(result)); #endif @@ -190,7 +190,7 @@ index 108b8d6..a943421 100644 ns_server_create(ns_g_mctx, &ns_g_server); #ifdef HAVE_LIBSECCOMP -@@ -1311,6 +1389,11 @@ cleanup(void) { +@@ -1376,6 +1454,11 @@ cleanup(void) { dns_name_destroy(); @@ -297,10 +297,10 @@ index c7e0868..95ab742 100644 + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 diff --git a/configure.ac b/configure.ac -index f6380b1..318e533 100644 +index f85f45f..7d28c52 100644 --- a/configure.ac +++ b/configure.ac -@@ -5416,6 +5416,8 @@ AC_CONFIG_FILES([ +@@ -5400,6 +5400,8 @@ AC_CONFIG_FILES([ bin/named/unix/Makefile bin/named-pkcs11/Makefile bin/named-pkcs11/unix/Makefile @@ -309,9 +309,9 @@ index f6380b1..318e533 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5440,6 +5442,7 @@ AC_CONFIG_FILES([ - bin/python/isc/tests/dnskey_test.py +@@ -5424,6 +5426,7 @@ AC_CONFIG_FILES([ bin/python/isc/tests/policy_test.py + bin/python/isc/utils.py bin/rndc/Makefile + bin/sdb_tools/Makefile bin/tests/Makefile diff --git a/bind-9.11-oot-gen.patch b/bind-9.11-oot-gen.patch deleted file mode 100644 index 9a7f991..0000000 --- a/bind-9.11-oot-gen.patch +++ /dev/null @@ -1,47 +0,0 @@ -From cb654ddde5953cab9dfde7173ea1ed14b51c3727 Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Sun, 22 Dec 2019 21:51:21 +0000 -Subject: [PATCH] Merge branch - '1530-lib-dns-gen-c-29-26-fatal-error-isc-platform-h-no-such-file-or-directory-v9_11' - into 'v9_11' - -Resolve "lib/dns/gen.c:29:26: fatal error: isc/platform.h: No such file or directory" - -See merge request isc-projects/bind9!2794 - -(cherry picked from commit 335ab375d6a0227fb362722acad22f2a5b75d8b7) ---- - lib/dns/gen.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/lib/dns/gen.c b/lib/dns/gen.c -index 81bc7ada1d..5fbdc3bfd3 100644 ---- a/lib/dns/gen.c -+++ b/lib/dns/gen.c -@@ -26,18 +26,18 @@ - - #include - --#include -- - #include -+#include - #include - #include --#include - #include - #include - #include - #include --#include --#include -+ -+#ifndef PATH_MAX -+#define PATH_MAX 1024 -+#endif - - #ifdef WIN32 - #include "gen-win32.h" --- -2.21.0 - diff --git a/bind-9.11-rh1736762-6.patch b/bind-9.11-rh1736762-6.patch deleted file mode 100644 index abc36f0..0000000 --- a/bind-9.11-rh1736762-6.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 638561615c37e8eace986e268811335c12d1b6a1 Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Thu, 12 Dec 2019 20:41:44 +1100 -Subject: [PATCH] give zspill its own lock - -(cherry picked from commit a52189e8e67a20097539fe3e6f7da4e4c01dc340) ---- - lib/dns/resolver.c | 45 +++++++++++++++++++++++++++++---------------- - 1 file changed, 29 insertions(+), 16 deletions(-) - -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 9f65c0596a..04367f82c6 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -460,20 +460,21 @@ struct dns_resolver { - isc_mutex_t lock; - isc_mutex_t nlock; - isc_mutex_t primelock; -+ isc_mutex_t zspill_lock; - dns_rdataclass_t rdclass; - isc_socketmgr_t * socketmgr; - isc_timermgr_t * timermgr; - isc_taskmgr_t * taskmgr; - dns_view_t * view; -- bool frozen; -+ bool frozen; - unsigned int options; - dns_dispatchmgr_t * dispatchmgr; - dns_dispatchset_t * dispatches4; -- bool exclusivev4; -+ bool exclusivev4; - dns_dispatchset_t * dispatches6; - isc_dscp_t querydscp4; - isc_dscp_t querydscp6; -- bool exclusivev6; -+ bool exclusivev6; - unsigned int nbuckets; - fctxbucket_t * buckets; - zonebucket_t * dbuckets; -@@ -492,7 +493,7 @@ struct dns_resolver { - unsigned int spillatmax; - unsigned int spillatmin; - isc_timer_t * spillattimer; -- bool zero_no_soa_ttl; -+ bool zero_no_soa_ttl; - unsigned int query_timeout; - unsigned int maxdepth; - unsigned int maxqueries; -@@ -502,14 +503,16 @@ struct dns_resolver { - unsigned int retryinterval; /* in milliseconds */ - unsigned int nonbackofftries; - -+ /* Locked by lock. */ -+ unsigned int zspill; /* fetches-per-zone */ -+ - /* Locked by lock. */ - unsigned int references; -- bool exiting; -+ bool exiting; - isc_eventlist_t whenshutdown; - unsigned int activebuckets; -- bool priming; -+ bool priming; - unsigned int spillat; /* clients-per-query */ -- unsigned int zspill; /* fetches-per-zone */ - - dns_badcache_t * badcache; /* Bad cache. */ - -@@ -1257,7 +1260,7 @@ fcount_incr(fetchctx_t *fctx, bool force) { - isc_result_t result = ISC_R_SUCCESS; - zonebucket_t *dbucket; - fctxcount_t *counter; -- unsigned int bucketnum, spill; -+ unsigned int bucketnum; - - REQUIRE(fctx != NULL); - REQUIRE(fctx->res != NULL); -@@ -1266,10 +1269,6 @@ fcount_incr(fetchctx_t *fctx, bool force) { - bucketnum = dns_name_fullhash(&fctx->domain, false) - % RES_DOMAIN_BUCKETS; - -- LOCK(&fctx->res->lock); -- spill = fctx->res->zspill; -- UNLOCK(&fctx->res->lock); -- - dbucket = &fctx->res->dbuckets[bucketnum]; - - LOCK(&dbucket->lock); -@@ -1297,6 +1296,12 @@ fcount_incr(fetchctx_t *fctx, bool force) { - ISC_LIST_APPEND(dbucket->list, counter, link); - } - } else { -+ unsigned int spill; -+ -+ LOCK(&fctx->res->zspill_lock); -+ spill = fctx->res->zspill; -+ UNLOCK(&fctx->res->zspill_lock); -+ - if (!force && spill != 0 && counter->count >= spill) { - counter->dropped++; - fcount_logspill(fctx, counter); -@@ -8811,6 +8816,7 @@ destroy(dns_resolver_t *res) { - - INSIST(res->nfctx == 0); - -+ DESTROYLOCK(&res->zspill_lock); - DESTROYLOCK(&res->primelock); - DESTROYLOCK(&res->nlock); - DESTROYLOCK(&res->lock); -@@ -9089,10 +9095,14 @@ dns_resolver_create(dns_view_t *view, - if (result != ISC_R_SUCCESS) - goto cleanup_nlock; - -+ result = isc_mutex_init(&res->zspill_lock); -+ if (result != ISC_R_SUCCESS) -+ goto cleanup_primelock; -+ - task = NULL; - result = isc_task_create(taskmgr, 0, &task); - if (result != ISC_R_SUCCESS) -- goto cleanup_primelock; -+ goto cleanup_zspill_lock; - isc_task_setname(task, "resolver_task", NULL); - - result = isc_timer_create(timermgr, isc_timertype_inactive, NULL, NULL, -@@ -9100,7 +9110,7 @@ dns_resolver_create(dns_view_t *view, - &res->spillattimer); - isc_task_detach(&task); - if (result != ISC_R_SUCCESS) -- goto cleanup_primelock; -+ goto cleanup_zspill_lock; - - #if USE_ALGLOCK - result = isc_rwlock_init(&res->alglock, 0, 0); -@@ -9133,6 +9143,9 @@ dns_resolver_create(dns_view_t *view, - isc_timer_detach(&res->spillattimer); - #endif - -+ cleanup_zspill_lock: -+ DESTROYLOCK(&res->zspill_lock); -+ - cleanup_primelock: - DESTROYLOCK(&res->primelock); - -@@ -10275,9 +10288,9 @@ dns_resolver_setfetchesperzone(dns_resolver_t *resolver, uint32_t clients) - { - REQUIRE(VALID_RESOLVER(resolver)); - -- LOCK(&resolver->lock); -+ LOCK(&resolver->zspill_lock); - resolver->zspill = clients; -- UNLOCK(&resolver->lock); -+ UNLOCK(&resolver->zspill_lock); - } - - --- -2.21.0 - diff --git a/bind-9.11-rh1736762-7.patch b/bind-9.11-rh1736762-7.patch deleted file mode 100644 index 38617a2..0000000 --- a/bind-9.11-rh1736762-7.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 23a6775f62deeee63e9f7927be387fecf23a8074 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= -Date: Tue, 10 Dec 2019 10:02:09 +0100 -Subject: [PATCH] Ensure all zone_settimer() calls are done on locked zone - -(cherry picked from commit cf48e8eb326f824170f2069e5d5c33992b1783a4) -(cherry picked from commit 3bac7e98074643ff62582545e5840e4195517b07) ---- - lib/dns/zone.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/lib/dns/zone.c b/lib/dns/zone.c -index e8cff77588..db837aae50 100644 ---- a/lib/dns/zone.c -+++ b/lib/dns/zone.c -@@ -10291,7 +10291,9 @@ zone_maintenance(dns_zone_t *zone) { - default: - break; - } -+ LOCK_ZONE(zone); - zone_settimer(zone, &now); -+ UNLOCK_ZONE(zone); - } - - void -@@ -13081,6 +13083,7 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) { - isc_result_t result; - - REQUIRE(DNS_ZONE_VALID(zone)); -+ REQUIRE(LOCKED_ZONE(zone)); - ENTER; - - if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) -@@ -18405,6 +18408,7 @@ zone_rekey(dns_zone_t *zone) { - UNLOCK_ZONE(zone); - } - -+ LOCK_ZONE(zone); - isc_time_settoepoch(&zone->refreshkeytime); - - /* -@@ -18416,11 +18420,9 @@ zone_rekey(dns_zone_t *zone) { - isc_time_t timethen; - isc_stdtime_t then; - -- LOCK_ZONE(zone); - DNS_ZONE_TIME_ADD(&timenow, zone->refreshkeyinterval, - &timethen); - zone->refreshkeytime = timethen; -- UNLOCK_ZONE(zone); - - for (key = ISC_LIST_HEAD(dnskeys); - key != NULL; -@@ -18431,12 +18433,10 @@ zone_rekey(dns_zone_t *zone) { - continue; - - DNS_ZONE_TIME_ADD(&timenow, then - now, &timethen); -- LOCK_ZONE(zone); - if (isc_time_compare(&timethen, - &zone->refreshkeytime) < 0) { - zone->refreshkeytime = timethen; - } -- UNLOCK_ZONE(zone); - } - - zone_settimer(zone, &timenow); -@@ -18444,6 +18444,7 @@ zone_rekey(dns_zone_t *zone) { - isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80); - dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf); - } -+ UNLOCK_ZONE(zone); - - done: - dns_diff_clear(&diff); --- -2.21.0 - diff --git a/bind-9.11-rh1736762-8.patch b/bind-9.11-rh1736762-8.patch deleted file mode 100644 index f04a98a..0000000 --- a/bind-9.11-rh1736762-8.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7e844b093b0442bdc5cdc5aefd56fdc05f9be88f Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Thu, 12 Dec 2019 19:17:39 +1100 -Subject: [PATCH] acquire task lock before calling push_readyq for task->flags - access - -(cherry picked from commit 7c94d2cd7dfaa3f04cd86ad9ed97e8366a774a4c) ---- - lib/isc/task.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/isc/task.c b/lib/isc/task.c -index 329604a465..f9c4354bd2 100644 ---- a/lib/isc/task.c -+++ b/lib/isc/task.c -@@ -473,7 +473,9 @@ task_ready(isc__task_t *task) { - XTRACE("task_ready"); - - LOCK(&manager->lock); -+ LOCK(&task->lock); - push_readyq(manager, task); -+ UNLOCK(&task->lock); - #ifdef USE_WORKER_THREADS - if (manager->mode == isc_taskmgrmode_normal || has_privilege) - SIGNAL(&manager->work_available); -@@ -1263,7 +1265,9 @@ dispatch(isc__taskmgr_t *manager) { - * might even hurt rather than help. - */ - #ifdef USE_WORKER_THREADS -+ LOCK(&task->lock); - push_readyq(manager, task); -+ UNLOCK(&task->lock); - #else - ENQUEUE(new_ready_tasks, task, ready_link); - if ((task->flags & TASK_F_PRIVILEGED) != 0) --- -2.21.0 - diff --git a/bind-9.11-rt31459.patch b/bind-9.11-rt31459.patch index efcc6fa..266f78c 100644 --- a/bind-9.11-rt31459.patch +++ b/bind-9.11-rt31459.patch @@ -1,4 +1,4 @@ -From e83a6723d84e4c4400ca646077393a24b092c623 Mon Sep 17 00:00:00 2001 +From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 12 Sep 2017 19:05:46 -0700 Subject: [PATCH] rebased rt31459c @@ -199,7 +199,7 @@ index 7afcaee..1cfa511 100644 if (verbose > 10) isc_mem_stats(mctx, stdout); diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c -index 71f5672..9b100ca 100644 +index 319a805..27ae4d4 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) { @@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644 rdclass = strtoclass(classname); diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c -index 9d2a016..a9f90b6 100644 +index 618ec5b..5654435 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -34,6 +34,7 @@ @@ -293,7 +293,7 @@ index 9d2a016..a9f90b6 100644 usekeyboard); diff --git a/bin/named/server.c b/bin/named/server.c -index 5a860e4..21c340c 100644 +index 4e503e5..f27071f 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -36,6 +36,7 @@ @@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644 parse_args(false, argc, argv); if (server == NULL) diff --git a/configure b/configure -index aab472a..b686178 100755 +index 6d05371..33689c9 100755 --- a/configure +++ b/configure @@ -640,6 +640,7 @@ ac_includes_default="\ @@ -699,7 +699,7 @@ index aab472a..b686178 100755 BUILD_LIBS BUILD_LDFLAGS BUILD_CPPFLAGS -@@ -821,6 +822,7 @@ XMLSTATS +@@ -823,6 +824,7 @@ LIBXML2_CFLAGS NZDTARGETS NZDSRCS NZD_TOOLS @@ -707,7 +707,7 @@ index aab472a..b686178 100755 PKCS11_TEST PKCS11_ED25519 PKCS11_GOST -@@ -1045,6 +1047,7 @@ with_eddsa +@@ -1047,6 +1049,7 @@ with_eddsa with_aes enable_openssl_hash with_cc_alg @@ -715,7 +715,7 @@ index aab472a..b686178 100755 with_lmdb with_libxml2 with_libjson -@@ -1745,6 +1748,7 @@ Optional Features: +@@ -1749,6 +1752,7 @@ Optional Features: --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=no] @@ -723,7 +723,7 @@ index aab472a..b686178 100755 --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace -@@ -17135,6 +17139,7 @@ case "$use_openssl" in +@@ -17144,6 +17148,7 @@ case "$use_openssl" in $as_echo "disabled because of native PKCS11" >&6; } DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -731,7 +731,7 @@ index aab472a..b686178 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17149,6 +17154,7 @@ $as_echo "disabled because of native PKCS11" >&6; } +@@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; } $as_echo "no" >&6; } DST_OPENSSL_INC="" CRYPTO="" @@ -739,7 +739,7 @@ index aab472a..b686178 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17161,6 +17167,7 @@ $as_echo "no" >&6; } +@@ -17170,6 +17176,7 @@ $as_echo "no" >&6; } auto) DST_OPENSSL_INC="" CRYPTO="" @@ -747,7 +747,7 @@ index aab472a..b686178 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17170,7 +17177,7 @@ $as_echo "no" >&6; } +@@ -17179,7 +17186,7 @@ $as_echo "no" >&6; } OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -756,7 +756,7 @@ index aab472a..b686178 100755 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -17201,6 +17208,7 @@ $as_echo "not found" >&6; } +@@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; } as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi CRYPTO='-DOPENSSL' @@ -764,7 +764,7 @@ index aab472a..b686178 100755 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -17826,8 +17834,6 @@ fi +@@ -17835,8 +17843,6 @@ fi # Use OpenSSL for hash functions # @@ -773,7 +773,7 @@ index aab472a..b686178 100755 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -18202,6 +18208,86 @@ if test "rt" = "$have_clock_gt"; then +@@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -860,7 +860,7 @@ index aab472a..b686178 100755 # # was --with-lmdb specified? # -@@ -20284,9 +20370,12 @@ _ACEOF +@@ -20441,9 +20527,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 $as_echo "size_t for buflen; int for flags" >&6; } @@ -875,7 +875,7 @@ index aab472a..b686178 100755 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h -@@ -21601,12 +21690,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -889,7 +889,7 @@ index aab472a..b686178 100755 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -@@ -21639,6 +21723,11 @@ cat >>confdefs.h <<_ACEOF +@@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF @@ -901,7 +901,7 @@ index aab472a..b686178 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21647,39 +21736,6 @@ _ACEOF +@@ -21804,39 +21893,6 @@ _ACEOF fi ;; x86_64-*|amd64-*) @@ -941,7 +941,7 @@ index aab472a..b686178 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21710,6 +21766,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } +@@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } $as_echo "$arch" >&6; } fi @@ -952,7 +952,7 @@ index aab472a..b686178 100755 if test "yes" = "$have_atomic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 $as_echo_n "checking compiler support for inline assembly code... " >&6; } -@@ -24264,6 +24324,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" +@@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" # dlzdir='${DLZ_DRIVER_DIR}' @@ -983,7 +983,7 @@ index aab472a..b686178 100755 # # Private autoconf macro to simplify configuring drivers: # -@@ -24594,11 +24678,11 @@ $as_echo "no" >&6; } +@@ -24751,11 +24835,11 @@ $as_echo "no" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } ;; *) @@ -998,7 +998,7 @@ index aab472a..b686178 100755 fi CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" -@@ -24683,7 +24767,7 @@ $as_echo "" >&6; } +@@ -24840,7 +24924,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). @@ -1007,7 +1007,7 @@ index aab472a..b686178 100755 # include a blank element first for d in "" $bdb_incdirs do -@@ -24708,57 +24792,9 @@ $as_echo "" >&6; } +@@ -24865,57 +24949,9 @@ $as_echo "" >&6; } bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" for d in $bdb_libnames do @@ -1067,7 +1067,7 @@ index aab472a..b686178 100755 break fi done -@@ -24917,10 +24953,10 @@ $as_echo "no" >&6; } +@@ -25074,10 +25110,10 @@ $as_echo "no" >&6; } DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" fi @@ -1081,7 +1081,7 @@ index aab472a..b686178 100755 fi -@@ -25006,11 +25042,11 @@ fi +@@ -25163,11 +25199,11 @@ fi odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do @@ -1095,7 +1095,7 @@ index aab472a..b686178 100755 break fi done -@@ -25285,6 +25321,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" +@@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -1104,7 +1104,7 @@ index aab472a..b686178 100755 # # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody -@@ -27661,6 +27699,8 @@ report() { +@@ -27819,6 +27857,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1113,7 +1113,7 @@ index aab472a..b686178 100755 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -27701,6 +27741,8 @@ report() { +@@ -27859,6 +27899,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1122,7 +1122,7 @@ index aab472a..b686178 100755 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -27748,6 +27790,8 @@ report() { +@@ -27906,6 +27948,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1132,7 +1132,7 @@ index aab472a..b686178 100755 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/configure.ac b/configure.ac -index 0e16cc8..dd0055d 100644 +index d10cde5..68bead8 100644 --- a/configure.ac +++ b/configure.ac @@ -1550,6 +1550,7 @@ case "$use_openssl" in @@ -1252,7 +1252,7 @@ index 0e16cc8..dd0055d 100644 # # was --with-lmdb specified? # -@@ -4118,12 +4182,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -1266,7 +1266,7 @@ index 0e16cc8..dd0055d 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -4132,7 +4196,6 @@ if test "yes" = "$use_atomic"; then +@@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then fi ;; x86_64-*|amd64-*) @@ -1274,7 +1274,7 @@ index 0e16cc8..dd0055d 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -5537,6 +5600,8 @@ report() { +@@ -5518,6 +5581,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1283,7 +1283,7 @@ index 0e16cc8..dd0055d 100644 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -5577,6 +5642,8 @@ report() { +@@ -5558,6 +5623,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1292,7 +1292,7 @@ index 0e16cc8..dd0055d 100644 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -5624,6 +5691,8 @@ report() { +@@ -5605,6 +5672,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1863,7 +1863,7 @@ index 63be973..40b21fa 100644 dst_region_computerid dst_result_register diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c -index ab2f617..ed05ed6 100644 +index 907e470..451544d 100644 --- a/lib/isc/entropy.c +++ b/lib/isc/entropy.c @@ -104,11 +104,15 @@ struct isc_entropy { @@ -1921,10 +1921,10 @@ index ab2f617..ed05ed6 100644 + hook = myhook; +} diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h -index 4bba8e1..632166a 100644 +index e8733db..c40a18c 100644 --- a/lib/isc/include/isc/entropy.h +++ b/lib/isc/include/isc/entropy.h -@@ -304,6 +304,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, +@@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, * isc_entropy_createcallbacksource(). */ @@ -1944,7 +1944,7 @@ index 4bba8e1..632166a 100644 #endif /* ISC_ENTROPY_H */ diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in -index 4192946..dbd1560 100644 +index 61960f1..d22993d 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in @@ -359,6 +359,11 @@ @@ -2015,7 +2015,7 @@ index 8ade705..fa72f9d 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure -index 953f2aa..55cc929 100644 +index 79d682e..6c78cb2 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA", @@ -2038,7 +2038,7 @@ index 953f2aa..55cc929 100644 "isc-spnego", @@ -580,6 +582,7 @@ my @help = ( "\nOptional Features:\n", - " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", + " enable-intrinsics enable intrinsic/atomic functions [default=yes]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", +" enable-crypto-rand use crypto provider for random [default=yes]\n", " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", @@ -2118,5 +2118,5 @@ index 953f2aa..55cc929 100644 # --enable-openssl-hash supported # --enable-threads included without a way to disable it -- -2.21.0 +2.21.1 diff --git a/bind-9.11-rt46047.patch b/bind-9.11-rt46047.patch index 8f413f6..ee9bae8 100644 --- a/bind-9.11-rt46047.patch +++ b/bind-9.11-rt46047.patch @@ -1,4 +1,4 @@ -From 5a465424f5249ceaf0547ab90361a16eb08f7a2b Mon Sep 17 00:00:00 2001 +From 344c19ad4b3f058e65a4b41650bb0ee20692cc5c Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 28 Sep 2017 10:09:22 -0700 Subject: [PATCH] completed and corrected the crypto-random change @@ -39,15 +39,15 @@ Subject: [PATCH] completed and corrected the crypto-random change bin/tests/system/tkey/keycreate.c | 4 +- bin/tests/system/tkey/keydelete.c | 5 +-- doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++------- - doc/arm/notes-rh-changes.xml | 43 ++++++++++++++++++ + doc/arm/notes-rh-changes.xml | 42 ++++++++++++++++++ doc/arm/notes.xml | 1 + lib/dns/dst_api.c | 4 +- lib/dns/include/dst/dst.h | 14 +++++- lib/dns/openssl_link.c | 3 +- - lib/isc/include/isc/entropy.h | 50 +++++++++++++++------ + lib/isc/include/isc/entropy.h | 48 +++++++++++++++------ lib/isc/include/isc/random.h | 28 +++++++----- lib/isccfg/namedconf.c | 2 +- - 23 files changed, 241 insertions(+), 106 deletions(-) + 23 files changed, 240 insertions(+), 104 deletions(-) create mode 100644 doc/arm/notes-rh-changes.xml diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c @@ -78,10 +78,10 @@ index 295e16f..0f79aa8 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook -index 0ae6b41..4562430 100644 +index 1826919..96543fc 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook -@@ -348,15 +348,23 @@ +@@ -349,15 +349,23 @@ -r randomdev @@ -114,7 +114,7 @@ index 0ae6b41..4562430 100644 diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c -index 31a99e7..38c83ed 100644 +index 5654435..24c0d5a 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -241,18 +241,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { @@ -142,10 +142,10 @@ index 31a99e7..38c83ed 100644 usekeyboard); diff --git a/bin/named/client.c b/bin/named/client.c -index 50fa2cd..524d9a3 100644 +index 9a0d3c8..c573177 100644 --- a/bin/named/client.c +++ b/bin/named/client.c -@@ -1762,7 +1762,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, +@@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, isc_buffer_init(&buf, cookie, sizeof(cookie)); isc_stdtime_get(&now); @@ -223,7 +223,7 @@ index d955c2f..40621f2 100644 } else eresult = ns_control_docommand(request, listener->readonly, &text); diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h -index 7ee8f66..8982d26 100644 +index 3f96b7b..c92922e 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -20,6 +20,7 @@ @@ -255,7 +255,7 @@ index 9dea7c1..272d300 100644 #include #include diff --git a/bin/named/query.c b/bin/named/query.c -index c9e5469..0940714 100644 +index 203f1e6..25eeced 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -19,6 +19,7 @@ @@ -267,10 +267,10 @@ index c9e5469..0940714 100644 #include #include diff --git a/bin/named/server.c b/bin/named/server.c -index 36fc047..3c1eec0 100644 +index f27071f..f132c19 100644 --- a/bin/named/server.c +++ b/bin/named/server.c -@@ -8208,21 +8208,32 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8210,21 +8210,32 @@ load_configuration(const char *filename, ns_server_t *server, * Open the source of entropy. */ if (first_time) { @@ -312,7 +312,7 @@ index 36fc047..3c1eec0 100644 #ifdef PATH_RANDOMDEV if (ns_g_fallbackentropy != NULL) { level = ISC_LOG_INFO; -@@ -8233,8 +8244,8 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8235,8 +8246,8 @@ load_configuration(const char *filename, ns_server_t *server, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, level, @@ -323,7 +323,7 @@ index 36fc047..3c1eec0 100644 randomdev, isc_result_totext(result)); } -@@ -8254,7 +8265,6 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8256,7 +8267,6 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -331,7 +331,7 @@ index 36fc047..3c1eec0 100644 #endif } -@@ -9022,6 +9032,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { +@@ -9025,6 +9035,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->in_roothints = NULL; server->blackholeacl = NULL; server->keepresporder = NULL; @@ -339,7 +339,7 @@ index 36fc047..3c1eec0 100644 /* Must be first. */ CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy, -@@ -9048,6 +9059,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { +@@ -9051,6 +9062,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy, &server->tkeyctx), "creating TKEY context"); @@ -349,7 +349,7 @@ index 36fc047..3c1eec0 100644 /* * Setup the server task, which is responsible for coordinating -@@ -9254,7 +9268,8 @@ ns_server_destroy(ns_server_t **serverp) { +@@ -9257,7 +9271,8 @@ ns_server_destroy(ns_server_t **serverp) { if (server->zonemgr != NULL) dns_zonemgr_detach(&server->zonemgr); @@ -359,7 +359,7 @@ index 36fc047..3c1eec0 100644 if (server->tkeyctx != NULL) dns_tkeyctx_destroy(&server->tkeyctx); -@@ -13230,10 +13245,10 @@ newzone_cfgctx_destroy(void **cfgp) { +@@ -13263,10 +13278,10 @@ newzone_cfgctx_destroy(void **cfgp) { static isc_result_t generate_salt(unsigned char *salt, size_t saltlen) { @@ -372,7 +372,7 @@ index 36fc047..3c1eec0 100644 } rnd; unsigned char text[512 + 1]; isc_region_t r; -@@ -13243,9 +13258,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { +@@ -13276,9 +13291,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { if (saltlen > 256U) return (ISC_R_RANGE); @@ -455,10 +455,10 @@ index 2146f9b..64b8e74 100644 } #endif diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index 33e06e6..539973c 100644 +index 93c7a08..bb1e81d 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml -@@ -5076,22 +5076,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] +@@ -5081,22 +5081,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] random-device @@ -522,11 +522,10 @@ index 33e06e6..539973c 100644 diff --git a/doc/arm/notes-rh-changes.xml b/doc/arm/notes-rh-changes.xml new file mode 100644 -index 0000000..11c3a7c +index 0000000..89a4961 --- /dev/null +++ b/doc/arm/notes-rh-changes.xml -@@ -0,0 +1,43 @@ -+ +@@ -0,0 +1,42 @@ +