diff --git a/SOURCES/bind-9.11-disab-timer-test.patch b/SOURCES/bind-9.11-disab-timer-test.patch
new file mode 100644
index 0000000..7054b3e
--- /dev/null
+++ b/SOURCES/bind-9.11-disab-timer-test.patch
@@ -0,0 +1,36 @@
+diff --git a/lib/isc-pkcs11/tests/Atffile b/lib/isc-pkcs11/tests/Atffile
+index 74a4a77..ff02df1 100644
+--- a/lib/isc-pkcs11/tests/Atffile
++++ b/lib/isc-pkcs11/tests/Atffile
+@@ -31,4 +31,3 @@ tp: symtab_test
+ tp: task_test
+ tp: taskpool_test
+ tp: time_test
+-tp: timer_test
+diff --git a/lib/isc-pkcs11/tests/Kyuafile b/lib/isc-pkcs11/tests/Kyuafile
+index a86824a..94afc41 100644
+--- a/lib/isc-pkcs11/tests/Kyuafile
++++ b/lib/isc-pkcs11/tests/Kyuafile
+@@ -29,4 +29,3 @@ atf_test_program{name='symtab_test'}
+ atf_test_program{name='task_test'}
+ atf_test_program{name='taskpool_test'}
+ atf_test_program{name='time_test'}
+-atf_test_program{name='timer_test'}
+diff --git a/lib/isc/tests/Atffile b/lib/isc/tests/Atffile
+index 74a4a77..ff02df1 100644
+--- a/lib/isc/tests/Atffile
++++ b/lib/isc/tests/Atffile
+@@ -31,4 +31,3 @@ tp: symtab_test
+ tp: task_test
+ tp: taskpool_test
+ tp: time_test
+-tp: timer_test
+diff --git a/lib/isc/tests/Kyuafile b/lib/isc/tests/Kyuafile
+index a86824a..94afc41 100644
+--- a/lib/isc/tests/Kyuafile
++++ b/lib/isc/tests/Kyuafile
+@@ -29,4 +29,3 @@ atf_test_program{name='symtab_test'}
+ atf_test_program{name='task_test'}
+ atf_test_program{name='taskpool_test'}
+ atf_test_program{name='time_test'}
+-atf_test_program{name='timer_test'}
diff --git a/SOURCES/bind-9.11-rh1300636.patch b/SOURCES/bind-9.11-rh1300636.patch
new file mode 100644
index 0000000..5f0cdf1
--- /dev/null
+++ b/SOURCES/bind-9.11-rh1300636.patch
@@ -0,0 +1,77 @@
+From cfbb8a96570959a3d7471edbd8df559ea4e73123 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Wed, 14 Nov 2018 15:17:48 +1100
+Subject: [PATCH] free tmpzonename and restart_master
+
+(cherry picked from commit 50714a9b35ce80bd8839a52106778d65b6d4d7ba)
+(cherry picked from commit e409b8c6982a275e3fad960b2e66437890ff08e2)
+---
+ bin/nsupdate/nsupdate.c | 14 ++++++++++++--
+ lib/dns/include/dns/name.h | 5 +++++
+ 2 files changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
+index a0d0278635..7e241c17e9 100644
+--- a/bin/nsupdate/nsupdate.c
++++ b/bin/nsupdate/nsupdate.c
+@@ -158,8 +158,8 @@ static dns_fixedname_t fuserzone;
+ static dns_fixedname_t fzname;
+ static dns_name_t *userzone = NULL;
+ static dns_name_t *zname = NULL;
+-static dns_name_t tmpzonename;
+-static dns_name_t restart_master;
++static dns_name_t tmpzonename = DNS_NAME_INITEMPTY;
++static dns_name_t restart_master = DNS_NAME_INITEMPTY;
+ static dns_tsig_keyring_t *gssring = NULL;
+ static dns_tsigkey_t *tsigkey = NULL;
+ static dst_key_t *sig0key = NULL;
+@@ -2415,6 +2415,8 @@ update_completed(isc_task_t *task, isc_event_t *event) {
+ if (usegsstsig) {
+ dns_name_free(&tmpzonename, gmctx);
+ dns_name_free(&restart_master, gmctx);
++ dns_name_init(&tmpzonename, 0);
++ dns_name_init(&restart_master, 0);
+ }
+ isc_event_free(&event);
+ done_update();
+@@ -2830,6 +2832,8 @@ failed_gssrequest() {
+
+ dns_name_free(&tmpzonename, gmctx);
+ dns_name_free(&restart_master, gmctx);
++ dns_name_init(&tmpzonename, NULL);
++ dns_name_init(&restart_master, NULL);
+
+ done_update();
+ }
+@@ -3238,6 +3242,12 @@ cleanup(void) {
+ isc_mem_free(gmctx, realm);
+ realm = NULL;
+ }
++ if (dns_name_dynamic(&tmpzonename)) {
++ dns_name_free(&tmpzonename, gmctx);
++ }
++ if (dns_name_dynamic(&restart_master)) {
++ dns_name_free(&restart_master, gmctx);
++ }
+ #endif
+
+ if (sig0key != NULL)
+diff --git a/lib/dns/include/dns/name.h b/lib/dns/include/dns/name.h
+index be74667ccb..93ddacd80b 100644
+--- a/lib/dns/include/dns/name.h
++++ b/lib/dns/include/dns/name.h
+@@ -181,6 +181,11 @@ LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_wildcardname;
+ {NULL, NULL} \
+ }
+
++#define DNS_NAME_INITEMPTY { \
++ DNS_NAME_MAGIC, NULL, 0, 0, 0, NULL, NULL, \
++ { (void *)-1, (void *)-1 }, { NULL, NULL } \
++}
++
+ /*%
+ * Standard size of a wire format name
+ */
+--
+2.21.1
+
diff --git a/SOURCES/bind-9.11-rh1743572-2.patch b/SOURCES/bind-9.11-rh1743572-2.patch
new file mode 100644
index 0000000..a46c8ec
--- /dev/null
+++ b/SOURCES/bind-9.11-rh1743572-2.patch
@@ -0,0 +1,29 @@
+From 908b71224037745db3d1420a37e99ee9cbb3b3b3 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Thu, 12 Dec 2019 16:05:25 +0100
+Subject: [PATCH] Terminate query if both setup_lookup and next_origin failed
+
+That happens in case searched name plus search domain is too long and no
+shorted origin would follow.
+---
+ bin/dig/dighost.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
+index 6302a98..ed9625e 100644
+--- a/bin/dig/dighost.c
++++ b/bin/dig/dighost.c
+@@ -2053,6 +2053,10 @@ start_lookup(void) {
+ do_lookup(current_lookup);
+ else if (next_origin(current_lookup))
+ check_next_lookup(current_lookup);
++ else {
++ cancel_lookup(current_lookup);
++ check_next_lookup(current_lookup);
++ }
+ } else {
+ check_if_done();
+ }
+--
+2.21.0
+
diff --git a/SOURCES/bind-9.11-rh1744081.patch b/SOURCES/bind-9.11-rh1744081.patch
new file mode 100644
index 0000000..c58911d
--- /dev/null
+++ b/SOURCES/bind-9.11-rh1744081.patch
@@ -0,0 +1,33 @@
+From f6b9f4dfa61038a353f3974ec7683231fa23ed21 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Wed, 11 Mar 2020 17:36:51 +0100
+Subject: [PATCH] Allow conflicting files in zones, warn only
+
+Change hard error to just annoying warning. Broken configuration is
+still error, but it was possible before. Make it possible again.
+Would be fixed by using in-view clause properly.
+---
+ lib/bind9/check.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/bind9/check.c b/lib/bind9/check.c
+index 545e3c6..b02a894 100644
+--- a/lib/bind9/check.c
++++ b/lib/bind9/check.c
+@@ -2650,11 +2650,11 @@ fileexist(const cfg_obj_t *obj, isc_symtab_t *symtab, isc_boolean_t writeable,
+ if (writeable) {
+ file = cfg_obj_file(symvalue.as_cpointer);
+ line = cfg_obj_line(symvalue.as_cpointer);
+- cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
++ cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
+ "writeable file '%s': already in use: "
+ "%s:%u", cfg_obj_asstring(obj),
+ file, line);
+- return (ISC_R_EXISTS);
++ return (ISC_R_SUCCESS); // Pretend it is ok
+ }
+ result = isc_symtab_lookup(symtab, cfg_obj_asstring(obj), 2,
+ &symvalue);
+--
+2.21.1
+
diff --git a/SOURCES/bind-9.11-rh1753259.patch b/SOURCES/bind-9.11-rh1753259.patch
new file mode 100644
index 0000000..8bf9f47
--- /dev/null
+++ b/SOURCES/bind-9.11-rh1753259.patch
@@ -0,0 +1,34 @@
+From f968f649e7e57eb097fb766be805a2d976d2dcc6 Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Wed, 27 Nov 2019 16:06:12 +0100
+Subject: [PATCH] Disable listening on IPV6 by default
+
+If configuration file does not mention listen-on-v6, for backward
+compatibility assume none; Upstream changed default value to any; but
+previous RHEL7 version did not have it.
+---
+ bin/named/server.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/bin/named/server.c b/bin/named/server.c
+index 93f9417..eac467f 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -7781,11 +7781,13 @@ load_configuration(const char *filename, ns_server_t *server,
+ ns_g_mctx, AF_INET6,
+ &listenon);
+ } else if (!ns_g_lwresdonly) {
++ isc_boolean_t enable;
+ /*
+ * Not specified, use default.
+ */
++ enable = ISC_TF(isc_net_probeipv4() != ISC_R_SUCCESS);
+ CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
+- -1, ISC_TRUE, &listenon));
++ -1, enable, &listenon));
+ }
+ if (listenon != NULL) {
+ ns_interfacemgr_setlistenon6(server->interfacemgr,
+--
+2.20.1
+
diff --git a/SOURCES/bind-9.11-rh1756201.patch b/SOURCES/bind-9.11-rh1756201.patch
new file mode 100644
index 0000000..b4d011d
--- /dev/null
+++ b/SOURCES/bind-9.11-rh1756201.patch
@@ -0,0 +1,246 @@
+From bd79638f1c2c8f765e316c30b15dfb3e5d31e1e4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
+Date: Thu, 3 Jan 2019 14:58:05 +0100
+Subject: [PATCH] If possible don't use forwarders when priming the resolver.
+
+If we try to fetch a record from cache and need to look into
+hints database we assume that the resolver is not primed and
+start dns_resolver_prime(). Priming query is supposed to return
+NSes for "." in ANSWER section and glue records for them in
+ADDITIONAL section, so that we can fill that info in 'regular'
+cache and not use hints db anymore.
+However, if we're using a forwarder the priming query goes through
+it, and if it's configured to return minimal answers we won't get
+the addresses of root servers in ADDITIONAL section. Since the
+only records for root servers we have are in hints database we'll
+try to prime the resolver with every single query.
+
+This patch adds a DNS_FETCHOPT_NOFORWARD flag which avoids using
+forwarders if possible (that is if we have forward-first policy).
+Using this flag on priming fetch fixes the problem as we get the
+proper glue. With forward-only policy the problem is non-existent,
+as we'll never ask for root server addresses because we'll never
+have a need to query them.
+
+Also added a test to confirm priming queries are not forwarded.
+
+(cherry picked from commit b49310ac06ac87733dc2867828e61370a84b2a9a)
+(cherry picked from commit f8963ad70e222edad0c1e64f855f7fb41fb13c3c)
+(cherry picked from commit aa9866c390a21d6984aa75cdb84d7bc77e114c2f)
+---
+ bin/tests/system/forward/ns4/named.conf.in | 3 ++
+ bin/tests/system/forward/ns7/named.conf.in | 28 +++++++++++++++++
+ bin/tests/system/forward/ns7/root.db | 28 +++++++++++++++++
+ bin/tests/system/forward/setup.sh | 1 +
+ bin/tests/system/forward/tests.sh | 12 ++++++++
+ lib/dns/include/dns/resolver.h | 36 ++++++++++++----------
+ lib/dns/resolver.c | 17 ++++++++--
+ 7 files changed, 106 insertions(+), 19 deletions(-)
+ create mode 100644 bin/tests/system/forward/ns7/named.conf.in
+ create mode 100644 bin/tests/system/forward/ns7/root.db
+
+diff --git a/bin/tests/system/forward/ns4/named.conf.in b/bin/tests/system/forward/ns4/named.conf.in
+index 480530b0f2..643e1271b5 100644
+--- a/bin/tests/system/forward/ns4/named.conf.in
++++ b/bin/tests/system/forward/ns4/named.conf.in
+@@ -17,6 +17,9 @@ options {
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
++ recursion yes;
++ dnssec-validation yes;
++ minimal-responses yes;
+ };
+
+ zone "." {
+diff --git a/bin/tests/system/forward/ns7/named.conf.in b/bin/tests/system/forward/ns7/named.conf.in
+new file mode 100644
+index 0000000000..d9f5e8a9db
+--- /dev/null
++++ b/bin/tests/system/forward/ns7/named.conf.in
+@@ -0,0 +1,28 @@
++/*
++ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
++ *
++ * This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
++ *
++ * See the COPYRIGHT file distributed with this work for additional
++ * information regarding copyright ownership.
++ */
++
++options {
++ query-source address 10.53.0.7;
++ notify-source 10.53.0.7;
++ transfer-source 10.53.0.7;
++ port @PORT@;
++ pid-file "named.pid";
++ listen-on { 10.53.0.7; };
++ listen-on-v6 { none; };
++ forwarders { 10.53.0.4; };
++ forward first;
++ dnssec-validation yes;
++};
++
++zone "." {
++ type hint;
++ file "root.db";
++};
+diff --git a/bin/tests/system/forward/ns7/root.db b/bin/tests/system/forward/ns7/root.db
+new file mode 100644
+index 0000000000..7346810ba6
+--- /dev/null
++++ b/bin/tests/system/forward/ns7/root.db
+@@ -0,0 +1,28 @@
++; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
++;
++; This Source Code Form is subject to the terms of the Mozilla Public
++; License, v. 2.0. If a copy of the MPL was not distributed with this
++; file, You can obtain one at http://mozilla.org/MPL/2.0/.
++;
++; See the COPYRIGHT file distributed with this work for additional
++; information regarding copyright ownership.
++
++$TTL 300
++. IN SOA gson.nominum.com. a.root.servers.nil. (
++ 2000042100 ; serial
++ 600 ; refresh
++ 600 ; retry
++ 1200 ; expire
++ 600 ; minimum
++ )
++. NS a.root-servers.nil.
++a.root-servers.nil. A 10.53.0.1
++
++example1 NS ns.example1
++ns.example1 A 10.53.0.1
++
++example2 NS ns.example2
++ns.example2 A 10.53.0.1
++
++example3 NS ns.example3
++ns.example3 A 10.53.0.1
+diff --git a/bin/tests/system/forward/setup.sh b/bin/tests/system/forward/setup.sh
+index c63aeb10d2..d64579e590 100644
+--- a/bin/tests/system/forward/setup.sh
++++ b/bin/tests/system/forward/setup.sh
+@@ -18,3 +18,4 @@ copy_setports ns2/named.conf.in ns2/named.conf
+ copy_setports ns3/named.conf.in ns3/named.conf
+ copy_setports ns4/named.conf.in ns4/named.conf
+ copy_setports ns5/named.conf.in ns5/named.conf
++copy_setports ns7/named.conf.in ns7/named.conf
+diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh
+index f23cde1751..8c6496037d 100644
+--- a/bin/tests/system/forward/tests.sh
++++ b/bin/tests/system/forward/tests.sh
+@@ -131,5 +131,17 @@ $CHECKCONF ula-notinherited.conf | grep "forward first;" >/dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+
++echo_i "checking that priming queries are not forwarded"
++ret=0
++$DIG $DIGOPTS +noadd +noauth txt.example1. txt @10.53.0.7 > dig.out.f7 || ret=1
++sent=`sed -n '/sending packet to 10.53.0.1/,/^$/p' ns7/named.run | grep ";.*IN.*NS" | wc -l`
++[ $sent -eq 1 ] || ret=1
++sent=`grep "10.53.0.7#.* (.): query '\./NS/IN' approved" ns4/named.run | wc -l`
++[ $sent -eq 0 ] || ret=1
++sent=`grep "10.53.0.7#.* (.): query '\./NS/IN' approved" ns1/named.run | wc -l`
++[ $sent -eq 1 ] || ret=1
++if [ $ret != 0 ]; then echo_i "failed"; fi
++status=`expr $status + $ret`
++
+ echo_i "exit status: $status"
+ [ $status -eq 0 ] || exit 1
+diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
+index f2f8714d16..e1a10295f3 100644
+--- a/lib/dns/include/dns/resolver.h
++++ b/lib/dns/include/dns/resolver.h
+@@ -88,23 +88,25 @@ typedef enum {
+ /*
+ * Options that modify how a 'fetch' is done.
+ */
+-#define DNS_FETCHOPT_TCP 0x0001 /*%< Use TCP. */
+-#define DNS_FETCHOPT_UNSHARED 0x0002 /*%< See below. */
+-#define DNS_FETCHOPT_RECURSIVE 0x0004 /*%< Set RD? */
+-#define DNS_FETCHOPT_NOEDNS0 0x0008 /*%< Do not use EDNS. */
+-#define DNS_FETCHOPT_FORWARDONLY 0x0010 /*%< Only use forwarders. */
+-#define DNS_FETCHOPT_NOVALIDATE 0x0020 /*%< Disable validation. */
+-#define DNS_FETCHOPT_EDNS512 0x0040 /*%< Advertise a 512 byte
+- UDP buffer. */
+-#define DNS_FETCHOPT_WANTNSID 0x0080 /*%< Request NSID */
+-#define DNS_FETCHOPT_PREFETCH 0x0100 /*%< Do prefetch */
+-#define DNS_FETCHOPT_NOCDFLAG 0x0200 /*%< Don't set CD flag. */
+-#define DNS_FETCHOPT_NONTA 0x0400 /*%< Ignore NTA table. */
+-/* RESERVED ECS 0x0000 */
+-/* RESERVED ECS 0x1000 */
+-/* RESERVED ECS 0x2000 */
+-/* RESERVED TCPCLIENT 0x4000 */
+-#define DNS_FETCHOPT_NOCACHED 0x8000 /*%< Force cache update. */
++#define DNS_FETCHOPT_TCP 0x00001 /*%< Use TCP. */
++#define DNS_FETCHOPT_UNSHARED 0x00002 /*%< See below. */
++#define DNS_FETCHOPT_RECURSIVE 0x00004 /*%< Set RD? */
++#define DNS_FETCHOPT_NOEDNS0 0x00008 /*%< Do not use EDNS. */
++#define DNS_FETCHOPT_FORWARDONLY 0x00010 /*%< Only use forwarders. */
++#define DNS_FETCHOPT_NOVALIDATE 0x00020 /*%< Disable validation. */
++#define DNS_FETCHOPT_EDNS512 0x00040 /*%< Advertise a 512 byte
++ 0 UDP buffer. */
++#define DNS_FETCHOPT_WANTNSID 0x00080 /*%< Request NSID */
++#define DNS_FETCHOPT_PREFETCH 0x00100 /*%< Do prefetch */
++#define DNS_FETCHOPT_NOCDFLAG 0x00200 /*%< Don't set CD flag. */
++#define DNS_FETCHOPT_NONTA 0x00400 /*%< Ignore NTA table. */
++/* RESERVED ECS 0x00000 */
++/* RESERVED ECS 0x01000 */
++/* RESERVED ECS 0x02000 */
++/* RESERVED TCPCLIENT 0x04000 */
++#define DNS_FETCHOPT_NOCACHED 0x08000 /*%< Force cache update. */
++#define DNS_FETCHOPT_NOFORWARD 0x80000 /*%< Do not use forwarders
++ if possible. */
+
+ /* Reserved in use by adb.c 0x00400000 */
+ #define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 301ad52fe2..f701a09be9 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -3261,6 +3261,18 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) {
+ INSIST(ISC_LIST_EMPTY(fctx->forwaddrs));
+ INSIST(ISC_LIST_EMPTY(fctx->altaddrs));
+
++ /*
++ * If we have DNS_FETCHOPT_NOFORWARD set and forwarding policy
++ * allows us to not forward - skip forwarders and go straight
++ * to NSes. This is currently used to make sure that priming query
++ * gets root servers' IP addresses in ADDITIONAL section.
++ */
++ if ((fctx->options & DNS_FETCHOPT_NOFORWARD) != 0 &&
++ (fctx->fwdpolicy != dns_fwdpolicy_only))
++ {
++ goto normal_nses;
++ }
++
+ /*
+ * If this fctx has forwarders, use them; otherwise use any
+ * selective forwarders specified in the view; otherwise use the
+@@ -3346,7 +3358,7 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) {
+ /*
+ * Normal nameservers.
+ */
+-
++ normal_nses:
+ stdoptions = DNS_ADBFIND_WANTEVENT | DNS_ADBFIND_EMPTYEVENT;
+ if (fctx->restarts == 1) {
+ /*
+@@ -9194,7 +9206,8 @@ dns_resolver_prime(dns_resolver_t *res) {
+ LOCK(&res->primelock);
+ result = dns_resolver_createfetch(res, dns_rootname,
+ dns_rdatatype_ns,
+- NULL, NULL, NULL, 0,
++ NULL, NULL, NULL,
++ DNS_FETCHOPT_NOFORWARD,
+ res->buckets[0].task,
+ prime_done,
+ res, rdataset, NULL,
+--
+2.21.1
+
diff --git a/SOURCES/bind-9.11-rh1781576.patch b/SOURCES/bind-9.11-rh1781576.patch
new file mode 100644
index 0000000..e57ffd3
--- /dev/null
+++ b/SOURCES/bind-9.11-rh1781576.patch
@@ -0,0 +1,672 @@
+From 64d62856d251b58fe3350e9c3cf985a78debba5d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
+Date: Wed, 7 Aug 2019 05:46:45 -0400
+Subject: [PATCH] Merge branch '1148-deadlock-hangs-named-v9_11' into 'v9_11'
+
+Convert (dns_view_t){ .weakrefs } to isc_refcount_t
+
+See merge request isc-projects/bind9!2227
+
+(cherry picked from commit e3903e83962c659bbac52454c816588c24078b5e)
+---
+ lib/dns/client.c | 121 +++++++++++++++++--------------------
+ lib/dns/include/dns/view.h | 2 +-
+ lib/dns/view.c | 88 +++++++++------------------
+ lib/isc/app_api.c | 18 +++++-
+ 4 files changed, 103 insertions(+), 126 deletions(-)
+
+diff --git a/lib/dns/client.c b/lib/dns/client.c
+index b0dfa57dbe..e7eb40cd07 100644
+--- a/lib/dns/client.c
++++ b/lib/dns/client.c
+@@ -17,6 +17,7 @@
+ #include <isc/buffer.h>
+ #include <isc/mem.h>
+ #include <isc/mutex.h>
++#include <isc/refcount.h>
+ #include <isc/safe.h>
+ #include <isc/sockaddr.h>
+ #include <isc/socket.h>
+@@ -92,8 +93,9 @@ struct dns_client {
+ unsigned int find_timeout;
+ unsigned int find_udpretries;
+
++ isc_refcount_t references;
++
+ /* Locked */
+- unsigned int references;
+ dns_viewlist_t viewlist;
+ ISC_LIST(struct resctx) resctxs;
+ ISC_LIST(struct reqctx) reqctxs;
+@@ -463,8 +465,7 @@ dns_client_createx2(isc_mem_t *mctx, isc_appctx_t *actx,
+
+ result = isc_mutex_init(&client->lock);
+ if (result != ISC_R_SUCCESS) {
+- isc_mem_put(mctx, client, sizeof(*client));
+- return (result);
++ goto cleanup_client;
+ }
+
+ client->actx = actx;
+@@ -474,12 +475,14 @@ dns_client_createx2(isc_mem_t *mctx, isc_appctx_t *actx,
+
+ client->task = NULL;
+ result = isc_task_create(client->taskmgr, 0, &client->task);
+- if (result != ISC_R_SUCCESS)
+- goto cleanup;
++ if (result != ISC_R_SUCCESS) {
++ goto cleanup_lock;
++ }
+
+ result = dns_dispatchmgr_create(mctx, NULL, &dispatchmgr);
+- if (result != ISC_R_SUCCESS)
+- goto cleanup;
++ if (result != ISC_R_SUCCESS) {
++ goto cleanup_task;
++ }
+ client->dispatchmgr = dispatchmgr;
+
+ /*
+@@ -491,8 +494,9 @@ dns_client_createx2(isc_mem_t *mctx, isc_appctx_t *actx,
+ result = getudpdispatch(AF_INET, dispatchmgr, socketmgr,
+ taskmgr, ISC_TRUE,
+ &dispatchv4, localaddr4);
+- if (result == ISC_R_SUCCESS)
++ if (result == ISC_R_SUCCESS) {
+ client->dispatchv4 = dispatchv4;
++ }
+ }
+
+ client->dispatchv6 = NULL;
+@@ -500,22 +504,30 @@ dns_client_createx2(isc_mem_t *mctx, isc_appctx_t *actx,
+ result = getudpdispatch(AF_INET6, dispatchmgr, socketmgr,
+ taskmgr, ISC_TRUE,
+ &dispatchv6, localaddr6);
+- if (result == ISC_R_SUCCESS)
++ if (result == ISC_R_SUCCESS) {
+ client->dispatchv6 = dispatchv6;
++ }
+ }
+
+ /* We need at least one of the dispatchers */
+ if (dispatchv4 == NULL && dispatchv6 == NULL) {
+ INSIST(result != ISC_R_SUCCESS);
+- goto cleanup;
++ goto cleanup_dispatchmgr;
++ }
++
++ result = isc_refcount_init(&client->references, 1);
++ if (result != ISC_R_SUCCESS) {
++ goto cleanup_dispatches;
+ }
+
+ /* Create the default view for class IN */
+ result = createview(mctx, dns_rdataclass_in, options, taskmgr,
+ RESOLVER_NTASKS, socketmgr, timermgr,
+ dispatchmgr, dispatchv4, dispatchv6, &view);
+- if (result != ISC_R_SUCCESS)
+- goto cleanup;
++ if (result != ISC_R_SUCCESS) {
++ goto cleanup_references;
++ }
++
+ ISC_LIST_INIT(client->viewlist);
+ ISC_LIST_APPEND(client->viewlist, view, link);
+
+@@ -535,32 +547,38 @@ dns_client_createx2(isc_mem_t *mctx, isc_appctx_t *actx,
+ client->find_udpretries = DEF_FIND_UDPRETRIES;
+ client->attributes = 0;
+
+- client->references = 1;
+ client->magic = DNS_CLIENT_MAGIC;
+
+ *clientp = client;
+
+ return (ISC_R_SUCCESS);
+
+- cleanup:
++ cleanup_references:
++ isc_refcount_decrement(&client->references, NULL);
++ isc_refcount_destroy(&client->references);
++ cleanup_dispatches:
+ if (dispatchv4 != NULL)
+ dns_dispatch_detach(&dispatchv4);
+ if (dispatchv6 != NULL)
+ dns_dispatch_detach(&dispatchv6);
+- if (dispatchmgr != NULL)
+- dns_dispatchmgr_destroy(&dispatchmgr);
+- if (client->task != NULL)
+- isc_task_detach(&client->task);
++ cleanup_dispatchmgr:
++ dns_dispatchmgr_destroy(&dispatchmgr);
++ cleanup_task:
++ isc_task_detach(&client->task);
++ cleanup_lock:
++ DESTROYLOCK(&client->lock);
++ cleanup_client:
+ isc_mem_put(mctx, client, sizeof(*client));
+
+ return (result);
+ }
+
+ static void
+-destroyclient(dns_client_t **clientp) {
+- dns_client_t *client = *clientp;
++destroyclient(dns_client_t *client) {
+ dns_view_t *view;
+
++ isc_refcount_destroy(&client->references);
++
+ while ((view = ISC_LIST_HEAD(client->viewlist)) != NULL) {
+ ISC_LIST_UNLINK(client->viewlist, view, link);
+ dns_view_detach(&view);
+@@ -592,32 +610,22 @@ destroyclient(dns_client_t **clientp) {
+ client->magic = 0;
+
+ isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
+-
+- *clientp = NULL;
+ }
+
+ void
+ dns_client_destroy(dns_client_t **clientp) {
+ dns_client_t *client;
+- isc_boolean_t destroyok = ISC_FALSE;
++ isc_uint32_t references;
+
+ REQUIRE(clientp != NULL);
+ client = *clientp;
++ *clientp = NULL;
+ REQUIRE(DNS_CLIENT_VALID(client));
+
+- LOCK(&client->lock);
+- client->references--;
+- if (client->references == 0 && ISC_LIST_EMPTY(client->resctxs) &&
+- ISC_LIST_EMPTY(client->reqctxs) &&
+- ISC_LIST_EMPTY(client->updatectxs)) {
+- destroyok = ISC_TRUE;
++ isc_refcount_decrement(&client->references, &references);
++ if (references == 0U) {
++ destroyclient(client);
+ }
+- UNLOCK(&client->lock);
+-
+- if (destroyok)
+- destroyclient(&client);
+-
+- *clientp = NULL;
+ }
+
+ isc_result_t
+@@ -1407,6 +1415,7 @@ dns_client_startresolve(dns_client_t *client, dns_name_t *name,
+ rctx->event = event;
+
+ rctx->magic = RCTX_MAGIC;
++ isc_refcount_increment(&client->references, NULL);
+
+ LOCK(&client->lock);
+ ISC_LIST_APPEND(client->resctxs, rctx, link);
+@@ -1477,10 +1486,10 @@ dns_client_destroyrestrans(dns_clientrestrans_t **transp) {
+ resctx_t *rctx;
+ isc_mem_t *mctx;
+ dns_client_t *client;
+- isc_boolean_t need_destroyclient = ISC_FALSE;
+
+ REQUIRE(transp != NULL);
+ rctx = (resctx_t *)*transp;
++ *transp = NULL;
+ REQUIRE(RCTX_VALID(rctx));
+ REQUIRE(rctx->fetch == NULL);
+ REQUIRE(rctx->event == NULL);
+@@ -1502,11 +1511,6 @@ dns_client_destroyrestrans(dns_clientrestrans_t **transp) {
+ INSIST(ISC_LINK_LINKED(rctx, link));
+ ISC_LIST_UNLINK(client->resctxs, rctx, link);
+
+- if (client->references == 0 && ISC_LIST_EMPTY(client->resctxs) &&
+- ISC_LIST_EMPTY(client->reqctxs) &&
+- ISC_LIST_EMPTY(client->updatectxs))
+- need_destroyclient = ISC_TRUE;
+-
+ UNLOCK(&client->lock);
+
+ INSIST(ISC_LIST_EMPTY(rctx->namelist));
+@@ -1516,10 +1520,8 @@ dns_client_destroyrestrans(dns_clientrestrans_t **transp) {
+
+ isc_mem_put(mctx, rctx, sizeof(*rctx));
+
+- if (need_destroyclient)
+- destroyclient(&client);
++ dns_client_destroy(&client);
+
+- *transp = NULL;
+ }
+
+ isc_result_t
+@@ -1793,6 +1795,7 @@ dns_client_startrequest(dns_client_t *client, dns_message_t *qmessage,
+
+ LOCK(&client->lock);
+ ISC_LIST_APPEND(client->reqctxs, ctx, link);
++ isc_refcount_increment(&client->references, NULL);
+ UNLOCK(&client->lock);
+
+ ctx->request = NULL;
+@@ -1807,6 +1810,8 @@ dns_client_startrequest(dns_client_t *client, dns_message_t *qmessage,
+ return (ISC_R_SUCCESS);
+ }
+
++ isc_refcount_decrement(&client->references, NULL);
++
+ cleanup:
+ if (ctx != NULL) {
+ LOCK(&client->lock);
+@@ -1847,10 +1852,10 @@ dns_client_destroyreqtrans(dns_clientreqtrans_t **transp) {
+ reqctx_t *ctx;
+ isc_mem_t *mctx;
+ dns_client_t *client;
+- isc_boolean_t need_destroyclient = ISC_FALSE;
+
+ REQUIRE(transp != NULL);
+ ctx = (reqctx_t *)*transp;
++ *transp = NULL;
+ REQUIRE(REQCTX_VALID(ctx));
+ client = ctx->client;
+ REQUIRE(DNS_CLIENT_VALID(client));
+@@ -1865,12 +1870,6 @@ dns_client_destroyreqtrans(dns_clientreqtrans_t **transp) {
+ INSIST(ISC_LINK_LINKED(ctx, link));
+ ISC_LIST_UNLINK(client->reqctxs, ctx, link);
+
+- if (client->references == 0 && ISC_LIST_EMPTY(client->resctxs) &&
+- ISC_LIST_EMPTY(client->reqctxs) &&
+- ISC_LIST_EMPTY(client->updatectxs)) {
+- need_destroyclient = ISC_TRUE;
+- }
+-
+ UNLOCK(&client->lock);
+
+ DESTROYLOCK(&ctx->lock);
+@@ -1878,10 +1877,7 @@ dns_client_destroyreqtrans(dns_clientreqtrans_t **transp) {
+
+ isc_mem_put(mctx, ctx, sizeof(*ctx));
+
+- if (need_destroyclient)
+- destroyclient(&client);
+-
+- *transp = NULL;
++ dns_client_destroy(&client);
+ }
+
+ /*%
+@@ -2971,6 +2967,7 @@ dns_client_startupdate(dns_client_t *client, dns_rdataclass_t rdclass,
+
+ LOCK(&client->lock);
+ ISC_LIST_APPEND(client->updatectxs, uctx, link);
++ isc_refcount_increment(&client->references, NULL);
+ UNLOCK(&client->lock);
+
+ *transp = (dns_clientupdatetrans_t *)uctx;
+@@ -2989,6 +2986,8 @@ dns_client_startupdate(dns_client_t *client, dns_rdataclass_t rdclass,
+ }
+ if (result == ISC_R_SUCCESS)
+ return (result);
++
++ isc_refcount_decrement(&client->references, NULL);
+ *transp = NULL;
+
+ fail:
+@@ -3046,11 +3045,11 @@ dns_client_destroyupdatetrans(dns_clientupdatetrans_t **transp) {
+ updatectx_t *uctx;
+ isc_mem_t *mctx;
+ dns_client_t *client;
+- isc_boolean_t need_destroyclient = ISC_FALSE;
+ isc_sockaddr_t *sa;
+
+ REQUIRE(transp != NULL);
+ uctx = (updatectx_t *)*transp;
++ *transp = NULL;
+ REQUIRE(UCTX_VALID(uctx));
+ client = uctx->client;
+ REQUIRE(DNS_CLIENT_VALID(client));
+@@ -3071,11 +3070,6 @@ dns_client_destroyupdatetrans(dns_clientupdatetrans_t **transp) {
+ INSIST(ISC_LINK_LINKED(uctx, link));
+ ISC_LIST_UNLINK(client->updatectxs, uctx, link);
+
+- if (client->references == 0 && ISC_LIST_EMPTY(client->resctxs) &&
+- ISC_LIST_EMPTY(client->reqctxs) &&
+- ISC_LIST_EMPTY(client->updatectxs))
+- need_destroyclient = ISC_TRUE;
+-
+ UNLOCK(&client->lock);
+
+ DESTROYLOCK(&uctx->lock);
+@@ -3083,10 +3077,7 @@ dns_client_destroyupdatetrans(dns_clientupdatetrans_t **transp) {
+
+ isc_mem_put(mctx, uctx, sizeof(*uctx));
+
+- if (need_destroyclient)
+- destroyclient(&client);
+-
+- *transp = NULL;
++ dns_client_destroy(&client);
+ }
+
+ isc_mem_t *
+diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
+index 7cd88f8377..e383c40f0f 100644
+--- a/lib/dns/include/dns/view.h
++++ b/lib/dns/include/dns/view.h
+@@ -191,9 +191,9 @@ struct dns_view {
+
+ /* Locked by themselves. */
+ isc_refcount_t references;
++ isc_refcount_t weakrefs;
+
+ /* Locked by lock. */
+- unsigned int weakrefs;
+ unsigned int attributes;
+ /* Under owner's locking control. */
+ ISC_LINK(struct dns_view) link;
+diff --git a/lib/dns/view.c b/lib/dns/view.c
+index f53193c3ec..db09c3db6e 100644
+--- a/lib/dns/view.c
++++ b/lib/dns/view.c
+@@ -155,9 +155,13 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
+ view->frozen = ISC_FALSE;
+ view->task = NULL;
+ result = isc_refcount_init(&view->references, 1);
+- if (result != ISC_R_SUCCESS)
++ if (result != ISC_R_SUCCESS) {
+ goto cleanup_fwdtable;
+- view->weakrefs = 0;
++ }
++ result = isc_refcount_init(&view->weakrefs, 1);
++ if (result != ISC_R_SUCCESS) {
++ goto cleanup_references;
++ }
+ view->attributes = (DNS_VIEWATTR_RESSHUTDOWN|DNS_VIEWATTR_ADBSHUTDOWN|
+ DNS_VIEWATTR_REQSHUTDOWN);
+ view->statickeys = NULL;
+@@ -167,7 +171,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
+ view->matchrecursiveonly = ISC_FALSE;
+ result = dns_tsigkeyring_create(view->mctx, &view->dynamickeys);
+ if (result != ISC_R_SUCCESS)
+- goto cleanup_references;
++ goto cleanup_weakrefs;
+ view->peers = NULL;
+ view->order = NULL;
+ view->delonly = NULL;
+@@ -304,6 +308,10 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
+ if (view->dynamickeys != NULL)
+ dns_tsigkeyring_detach(&view->dynamickeys);
+
++ cleanup_weakrefs:
++ isc_refcount_decrement(&view->weakrefs, NULL);
++ isc_refcount_destroy(&view->weakrefs);
++
+ cleanup_references:
+ isc_refcount_destroy(&view->references);
+
+@@ -336,12 +344,13 @@ destroy(dns_view_t *view) {
+ dns_dlzdb_t *dlzdb;
+
+ REQUIRE(!ISC_LINK_LINKED(view, link));
+- REQUIRE(isc_refcount_current(&view->references) == 0);
+- REQUIRE(view->weakrefs == 0);
+ REQUIRE(RESSHUTDOWN(view));
+ REQUIRE(ADBSHUTDOWN(view));
+ REQUIRE(REQSHUTDOWN(view));
+
++ isc_refcount_destroy(&view->references);
++ isc_refcount_destroy(&view->weakrefs);
++
+ if (view->order != NULL)
+ dns_order_detach(&view->order);
+ if (view->peers != NULL)
+@@ -536,26 +545,12 @@ destroy(dns_view_t *view) {
+ DESTROYLOCK(&view->new_zone_lock);
+ DESTROYLOCK(&view->lock);
+ isc_refcount_destroy(&view->references);
++ isc_refcount_destroy(&view->weakrefs);
+ isc_mem_free(view->mctx, view->nta_file);
+ isc_mem_free(view->mctx, view->name);
+ isc_mem_putanddetach(&view->mctx, view, sizeof(*view));
+ }
+
+-/*
+- * Return true iff 'view' may be freed.
+- * The caller must be holding the view lock.
+- */
+-static isc_boolean_t
+-all_done(dns_view_t *view) {
+-
+- if (isc_refcount_current(&view->references) == 0 &&
+- view->weakrefs == 0 &&
+- RESSHUTDOWN(view) && ADBSHUTDOWN(view) && REQSHUTDOWN(view))
+- return (ISC_TRUE);
+-
+- return (ISC_FALSE);
+-}
+-
+ void
+ dns_view_attach(dns_view_t *source, dns_view_t **targetp) {
+
+@@ -571,10 +566,10 @@ static void
+ view_flushanddetach(dns_view_t **viewp, isc_boolean_t flush) {
+ dns_view_t *view;
+ unsigned int refs;
+- isc_boolean_t done = ISC_FALSE;
+
+ REQUIRE(viewp != NULL);
+ view = *viewp;
++ *viewp = NULL;
+ REQUIRE(DNS_VIEW_VALID(view));
+
+ if (flush)
+@@ -613,7 +608,6 @@ view_flushanddetach(dns_view_t **viewp, isc_boolean_t flush) {
+ if (view->catzs != NULL) {
+ dns_catz_catzs_detach(&view->catzs);
+ }
+- done = all_done(view);
+ UNLOCK(&view->lock);
+
+ /* Need to detach zones outside view lock */
+@@ -622,12 +616,9 @@ view_flushanddetach(dns_view_t **viewp, isc_boolean_t flush) {
+
+ if (rdzone != NULL)
+ dns_zone_detach(&rdzone);
+- }
+-
+- *viewp = NULL;
+
+- if (done)
+- destroy(view);
++ dns_view_weakdetach(&view);
++ }
+ }
+
+ void
+@@ -661,9 +652,7 @@ dns_view_weakattach(dns_view_t *source, dns_view_t **targetp) {
+ REQUIRE(DNS_VIEW_VALID(source));
+ REQUIRE(targetp != NULL && *targetp == NULL);
+
+- LOCK(&source->lock);
+- source->weakrefs++;
+- UNLOCK(&source->lock);
++ isc_refcount_increment(&source->weakrefs, NULL);
+
+ *targetp = source;
+ }
+@@ -671,30 +660,22 @@ dns_view_weakattach(dns_view_t *source, dns_view_t **targetp) {
+ void
+ dns_view_weakdetach(dns_view_t **viewp) {
+ dns_view_t *view;
+- isc_boolean_t done = ISC_FALSE;
++ unsigned int weakrefs;
+
+ REQUIRE(viewp != NULL);
+ view = *viewp;
+ REQUIRE(DNS_VIEW_VALID(view));
+-
+- LOCK(&view->lock);
+-
+- INSIST(view->weakrefs > 0);
+- view->weakrefs--;
+- done = all_done(view);
+-
+- UNLOCK(&view->lock);
+-
+ *viewp = NULL;
+
+- if (done)
++ isc_refcount_decrement(&view->weakrefs, &weakrefs);
++ if (weakrefs == 0) {
+ destroy(view);
++ }
+ }
+
+ static void
+ resolver_shutdown(isc_task_t *task, isc_event_t *event) {
+ dns_view_t *view = event->ev_arg;
+- isc_boolean_t done;
+
+ REQUIRE(event->ev_type == DNS_EVENT_VIEWRESSHUTDOWN);
+ REQUIRE(DNS_VIEW_VALID(view));
+@@ -705,20 +686,15 @@ resolver_shutdown(isc_task_t *task, isc_event_t *event) {
+ isc_event_free(&event);
+
+ LOCK(&view->lock);
+-
+ view->attributes |= DNS_VIEWATTR_RESSHUTDOWN;
+- done = all_done(view);
+-
+ UNLOCK(&view->lock);
+
+- if (done)
+- destroy(view);
++ dns_view_weakdetach(&view);
+ }
+
+ static void
+ adb_shutdown(isc_task_t *task, isc_event_t *event) {
+ dns_view_t *view = event->ev_arg;
+- isc_boolean_t done;
+
+ REQUIRE(event->ev_type == DNS_EVENT_VIEWADBSHUTDOWN);
+ REQUIRE(DNS_VIEW_VALID(view));
+@@ -729,20 +705,15 @@ adb_shutdown(isc_task_t *task, isc_event_t *event) {
+ isc_event_free(&event);
+
+ LOCK(&view->lock);
+-
+ view->attributes |= DNS_VIEWATTR_ADBSHUTDOWN;
+- done = all_done(view);
+-
+ UNLOCK(&view->lock);
+
+- if (done)
+- destroy(view);
++ dns_view_weakdetach(&view);
+ }
+
+ static void
+ req_shutdown(isc_task_t *task, isc_event_t *event) {
+ dns_view_t *view = event->ev_arg;
+- isc_boolean_t done;
+
+ REQUIRE(event->ev_type == DNS_EVENT_VIEWREQSHUTDOWN);
+ REQUIRE(DNS_VIEW_VALID(view));
+@@ -753,14 +724,10 @@ req_shutdown(isc_task_t *task, isc_event_t *event) {
+ isc_event_free(&event);
+
+ LOCK(&view->lock);
+-
+ view->attributes |= DNS_VIEWATTR_REQSHUTDOWN;
+- done = all_done(view);
+-
+ UNLOCK(&view->lock);
+
+- if (done)
+- destroy(view);
++ dns_view_weakdetach(&view);
+ }
+
+ isc_result_t
+@@ -809,6 +776,7 @@ dns_view_createresolver(dns_view_t *view,
+ event = &view->resevent;
+ dns_resolver_whenshutdown(view->resolver, view->task, &event);
+ view->attributes &= ~DNS_VIEWATTR_RESSHUTDOWN;
++ isc_refcount_increment(&view->weakrefs, NULL);
+
+ result = isc_mem_create(0, 0, &mctx);
+ if (result != ISC_R_SUCCESS) {
+@@ -826,6 +794,7 @@ dns_view_createresolver(dns_view_t *view,
+ event = &view->adbevent;
+ dns_adb_whenshutdown(view->adb, view->task, &event);
+ view->attributes &= ~DNS_VIEWATTR_ADBSHUTDOWN;
++ isc_refcount_increment(&view->weakrefs, NULL);
+
+ result = dns_requestmgr_create(view->mctx, timermgr, socketmgr,
+ dns_resolver_taskmgr(view->resolver),
+@@ -840,6 +809,7 @@ dns_view_createresolver(dns_view_t *view,
+ event = &view->reqevent;
+ dns_requestmgr_whenshutdown(view->requestmgr, view->task, &event);
+ view->attributes &= ~DNS_VIEWATTR_REQSHUTDOWN;
++ isc_refcount_increment(&view->weakrefs, NULL);
+
+ return (ISC_R_SUCCESS);
+ }
+diff --git a/lib/isc/app_api.c b/lib/isc/app_api.c
+index 5563c7cc0b..40ec2d93b8 100644
+--- a/lib/isc/app_api.c
++++ b/lib/isc/app_api.c
+@@ -23,6 +23,7 @@
+ static isc_mutex_t createlock;
+ static isc_once_t once = ISC_ONCE_INIT;
+ static isc_appctxcreatefunc_t appctx_createfunc = NULL;
++static isc_mutex_t runninglock;
+ static isc_boolean_t is_running = ISC_FALSE;
+
+ #define ISCAPI_APPMETHODS_VALID(m) ISC_MAGIC_VALID(m, ISCAPI_APPMETHODS_MAGIC)
+@@ -30,6 +31,7 @@ static isc_boolean_t is_running = ISC_FALSE;
+ static void
+ initialize(void) {
+ RUNTIME_CHECK(isc_mutex_init(&createlock) == ISC_R_SUCCESS);
++ RUNTIME_CHECK(isc_mutex_init(&runninglock) == ISC_R_SUCCESS);
+ }
+
+ isc_result_t
+@@ -196,9 +198,15 @@ isc_app_run() {
+ if (isc_bind9) {
+ isc_result_t result;
+
++ RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
++
++ LOCK(&runninglock);
+ is_running = ISC_TRUE;
++ UNLOCK(&runninglock);
+ result = isc__app_run();
++ LOCK(&runninglock);
+ is_running = ISC_FALSE;
++ UNLOCK(&runninglock);
+
+ return (result);
+ }
+@@ -208,7 +216,15 @@ isc_app_run() {
+
+ isc_boolean_t
+ isc_app_isrunning() {
+- return (is_running);
++ isc_boolean_t running;
++
++ RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
++
++ LOCK(&runninglock);
++ running = is_running;
++ UNLOCK(&runninglock);
++
++ return (running);
+ }
+
+ isc_result_t
+--
+2.21.1
+
diff --git a/SOURCES/bind-9.11.4-CVE-2019-6477.patch b/SOURCES/bind-9.11.4-CVE-2019-6477.patch
new file mode 100644
index 0000000..0a7e554
--- /dev/null
+++ b/SOURCES/bind-9.11.4-CVE-2019-6477.patch
@@ -0,0 +1,157 @@
+From c3314d0fa0756d39cab1e9d9e3cf2e36dd6273da Mon Sep 17 00:00:00 2001
+From: Petr Mensik <pemensik@redhat.com>
+Date: Mon, 18 Nov 2019 16:44:58 +0100
+Subject: [PATCH] Limit number of queries per TCP connection
+
+5306. [security] Set a limit on the number of concurrently served
+ pipelined TCP queries. (CVE-2019-6477) [GL #1264]
+---
+ bin/named/client.c | 73 ++++++++++++++++++++------------
+ bin/named/include/named/client.h | 5 ++-
+ 2 files changed, 50 insertions(+), 28 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index f21a77ba52..23f70edaff 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -98,7 +98,15 @@
+ #define SEND_BUFFER_SIZE 4096
+ #define RECV_BUFFER_SIZE 4096
+
++#define TCP_CLIENTS_PER_CONN 23
++/*%<
++ * Number of simultaneous ns_clients_t (queries in flight) for one
++ * TCP connection. The number was arbitrarily picked and might be
++ * changed in the future.
++ */
++
+ #ifdef ISC_PLATFORM_USETHREADS
++
+ #define NMCTXS 100
+ /*%<
+ * Number of 'mctx pools' for clients. (Should this be configurable?)
+@@ -333,7 +341,7 @@ tcpconn_init(ns_client_t *client, isc_boolean_t force) {
+ */
+ tconn = isc_mem_allocate(ns_g_mctx, sizeof(*tconn));
+
+- isc_refcount_init(&tconn->refs, 1);
++ isc_refcount_init(&tconn->clients, 1); /* Current client */
+ tconn->tcpquota = quota;
+ quota = NULL;
+ tconn->pipelined = ISC_FALSE;
+@@ -350,14 +358,14 @@ tcpconn_init(ns_client_t *client, isc_boolean_t force) {
+ */
+ static void
+ tcpconn_attach(ns_client_t *source, ns_client_t *target) {
+- int refs;
++ int old_clients;
+
+ REQUIRE(source->tcpconn != NULL);
+ REQUIRE(target->tcpconn == NULL);
+ REQUIRE(source->tcpconn->pipelined);
+
+- isc_refcount_increment(&source->tcpconn->refs, &refs);
+- INSIST(refs > 1);
++ isc_refcount_increment(&source->tcpconn->clients, &old_clients);
++ INSIST(old_clients > 1);
+ target->tcpconn = source->tcpconn;
+ }
+
+@@ -370,15 +378,15 @@ tcpconn_attach(ns_client_t *source, ns_client_t *target) {
+ static void
+ tcpconn_detach(ns_client_t *client) {
+ ns_tcpconn_t *tconn = NULL;
+- int refs;
++ int old_clients;
+
+ REQUIRE(client->tcpconn != NULL);
+
+ tconn = client->tcpconn;
+ client->tcpconn = NULL;
+
+- isc_refcount_decrement(&tconn->refs, &refs);
+- if (refs == 0) {
++ isc_refcount_decrement(&tconn->clients, &old_clients);
++ if (old_clients == 0) {
+ isc_quota_detach(&tconn->tcpquota);
+ isc_mem_free(ns_g_mctx, tconn);
+ }
+@@ -2629,28 +2637,39 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ /*
+ * Pipeline TCP query processing.
+ */
+- if (TCP_CLIENT(client) &&
+- client->message->opcode != dns_opcode_query)
+- {
+- client->tcpconn->pipelined = ISC_FALSE;
+- }
+- if (TCP_CLIENT(client) && client->tcpconn->pipelined) {
+- /*
+- * We're pipelining. Replace the client; the
+- * replacement can read the TCP socket looking
+- * for new messages and this one can process the
+- * current message asynchronously.
+- *
+- * There will now be at least three clients using this
+- * TCP socket - one accepting new connections,
+- * one reading an existing connection to get new
+- * messages, and one answering the message already
+- * received.
+- */
+- result = ns_client_replace(client);
+- if (result != ISC_R_SUCCESS) {
++ if (TCP_CLIENT(client)) {
++ if (client->message->opcode != dns_opcode_query) {
+ client->tcpconn->pipelined = ISC_FALSE;
+ }
++
++ /*
++ * Limit the maximum number of simultaneous pipelined
++ * queries on TCP connection to TCP_CLIENTS_PER_CONN.
++ */
++ if ((isc_refcount_current(&client->tcpconn->clients)
++ > TCP_CLIENTS_PER_CONN))
++ {
++ client->tcpconn->pipelined = ISC_FALSE;
++ }
++
++ if (client->tcpconn->pipelined) {
++ /*
++ * We're pipelining. Replace the client; the
++ * replacement can read the TCP socket looking
++ * for new messages and this one can process the
++ * current message asynchronously.
++ *
++ * There will now be at least three clients using this
++ * TCP socket - one accepting new connections,
++ * one reading an existing connection to get new
++ * messages, and one answering the message already
++ * received.
++ */
++ result = ns_client_replace(client);
++ if (result != ISC_R_SUCCESS) {
++ client->tcpconn->pipelined = ISC_FALSE;
++ }
++ }
+ }
+
+ dns_opcodestats_increment(ns_g_server->opcodestats,
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index 0f54d2267b..86437ade22 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -77,7 +77,10 @@
+
+ /*% reference-counted TCP connection object */
+ typedef struct ns_tcpconn {
+- isc_refcount_t refs;
++ isc_refcount_t clients; /* Number of clients using
++ * this connection. Conn can
++ * be freed if goes to 0
++ */
+ isc_quota_t *tcpquota;
+ isc_boolean_t pipelined;
+ } ns_tcpconn_t;
+--
+2.20.1
+
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index c9bf6d3..115942c 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -64,7 +64,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.11.4
-Release: 13%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release: 22%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
#
@@ -158,6 +158,14 @@ Patch171:bind-9.11-CVE-2019-6465.patch
Patch172:bind-9.11-rh1732883.patch
Patch173: bind-9.11-CVE-2018-5745-testfix.patch
Patch174: bind-9.11-rh1743572.patch
+Patch175: bind-9.11.4-CVE-2019-6477.patch
+Patch176: bind-9.11-rh1753259.patch
+Patch177: bind-9.11-rh1743572-2.patch
+Patch178: bind-9.11-rh1781576.patch
+Patch179: bind-9.11-disab-timer-test.patch
+Patch180: bind-9.11-rh1744081.patch
+Patch181: bind-9.11-rh1300636.patch
+Patch182: bind-9.11-rh1756201.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -510,6 +518,13 @@ are used for building ISC DHCP.
%patch172 -p1 -b .rh1732883
%patch173 -p1 -b .CVE-2018-5745-testfix
%patch174 -p1 -b .rh1743572
+%patch175 -p1 -b .CVE-2019-6477
+%patch176 -p1 -b .rh1753259
+%patch177 -p1 -b .rh1743572
+%patch178 -p1 -b .rh1781576
+%patch180 -p1 -b .rh1744081
+%patch181 -p1 -b .rh1300636
+%patch182 -p1 -b .rh1756201
# Override upstream builtin keys
cp -fp %{SOURCE29} bind.keys
@@ -523,6 +538,10 @@ cp -r lib/dns{,-pkcs11}
%patch149 -p1 -b .kyua-pkcs11
%endif
+%ifarch ppc64le
+%patch179 -p1 -b .timer-test-ppc64le
+%endif
+
%if %{with SDB}
%patch101 -p1 -b .old-api
mkdir bin/named-sdb
@@ -613,6 +632,9 @@ export LIBDIR_SUFFIX
--enable-filter-aaaa \
--enable-rrl \
--with-pic \
+%ifarch aarch64 ppc ppc64 ppc64le
+ --disable-atomic \
+%endif
--disable-static \
--includedir=%{_includedir}/bind9 \
--with-tuning=large \
@@ -1484,6 +1506,34 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
+* Wed Mar 18 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-22.P2
+- Solve often priming queries on some forwarder (#1756201)
+
+* Mon Mar 16 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-21.P2
+- Disable atomic operations also on ppc (#1779589)
+
+* Fri Mar 13 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-20.P2
+- Do not crash when nsupdate with GSS terminated early (#1300636)
+
+* Wed Mar 11 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-19.P2
+- Allow conflicting zone files with a warning (#1744081)
+
+* Wed Mar 04 2020 Miroslav Lichvar <mlichvar@redhat.com> - 32:9.11.4-18.P2
+- Disable atomic operations on ppc64, ppc64le, aarch64 (#1779589)
+
+* Fri Feb 21 2020 Tomas Korbar <tkorbar@redhat.com> - 32:9.11.4-17.P2
+- Prevent deadlock on reload (#1781576)
+- Disable unit test timer_test on ppc64le because of its instability
+
+* Thu Dec 12 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-16.P2
+- Finish dig query when name is too long (#1743572)
+
+* Wed Nov 27 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-15.P2
+- Stop listening on IPv6 by default (#1753259)
+
+* Tue Nov 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-14.P2
+- Limit number of queries per TCP connection (CVE-2019-6477)
+
* Wed Oct 02 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-13.P2
- Revert not searching names with dot (#1743572)