From 1e4169114ff7a8fee368f3e5d51104705aaff60f Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Mar 05 2019 20:49:26 +0000 Subject: Adapted patches for new version Removed merged upstream. --- diff --git a/bind-9.10-dist-native-pkcs11.patch b/bind-9.10-dist-native-pkcs11.patch index f5a6d78..bd8e74d 100644 --- a/bind-9.10-dist-native-pkcs11.patch +++ b/bind-9.10-dist-native-pkcs11.patch @@ -1,22 +1,3 @@ -From c6c0dc7addd8b27718247aa9c67e3cf3f80a8be3 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Fri, 1 Mar 2019 11:10:03 +0100 -Subject: [PATCH] bind-9.10-dist-native-pkcs11.patch - ---- - bin/Makefile.in | 4 +-- - bin/dnssec-pkcs11/Makefile.in | 44 ++++++++++++++--------------- - bin/dnssec/Makefile.in | 2 +- - bin/named-pkcs11/Makefile.in | 45 +++++++++++++---------------- - bin/named/Makefile.in | 2 +- - bin/pkcs11/Makefile.in | 6 ++-- - configure.in | 53 +++++++++++++++++++++++++++-------- - lib/Makefile.in | 2 +- - lib/dns-pkcs11/Makefile.in | 30 ++++++++++---------- - lib/isc-pkcs11/Makefile.in | 28 +++++++++--------- - make/includes.in | 10 +++++++ - 11 files changed, 129 insertions(+), 97 deletions(-) - diff --git a/bin/Makefile.in b/bin/Makefile.in index f0c504a..ce7a2da 100644 --- a/bin/Makefile.in @@ -318,11 +299,11 @@ index a058c91..d4b689a 100644 DEPLIBS = ${ISCDEPLIBS} -diff --git a/configure.in b/configure.in -index b2bb268..d9e0797 100644 ---- a/configure.in -+++ b/configure.in -@@ -1109,12 +1109,14 @@ AC_SUBST(USE_GSSAPI) +diff --git a/configure.ac b/configure.ac +index 5e1ba8c..7aff0e6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1070,12 +1070,14 @@ AC_SUBST(USE_GSSAPI) AC_SUBST(DST_GSSAPI_INC) AC_SUBST(DNS_GSSAPI_LIBS) DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS" @@ -337,7 +318,7 @@ index b2bb268..d9e0797 100644 # # was --with-randomdev specified? -@@ -1499,11 +1501,11 @@ fi +@@ -1460,11 +1462,11 @@ fi AC_MSG_CHECKING(for OpenSSL library) OPENSSL_WARNING= openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" @@ -354,7 +335,7 @@ index b2bb268..d9e0797 100644 if test "auto" = "$use_openssl" then -@@ -1516,6 +1518,7 @@ then +@@ -1477,6 +1479,7 @@ then fi done fi @@ -362,7 +343,7 @@ index b2bb268..d9e0797 100644 OPENSSL_ECDSA="" OPENSSL_GOST="" OPENSSL_ED25519="" -@@ -1537,11 +1540,10 @@ case "$with_gost" in +@@ -1498,11 +1501,10 @@ case "$with_gost" in ;; esac @@ -377,7 +358,7 @@ index b2bb268..d9e0797 100644 CRYPTOLIB="pkcs11" OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" -@@ -1551,7 +1553,9 @@ case "$use_openssl" in +@@ -1512,7 +1514,9 @@ case "$use_openssl" in OPENSSLGOSTLINKSRCS="" OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" @@ -388,7 +369,7 @@ index b2bb268..d9e0797 100644 no) AC_MSG_RESULT(no) DST_OPENSSL_INC="" -@@ -1583,7 +1587,7 @@ case "$use_openssl" in +@@ -1544,7 +1548,7 @@ case "$use_openssl" in If you do not want OpenSSL, use --without-openssl]) ;; *) @@ -397,7 +378,7 @@ index b2bb268..d9e0797 100644 then AC_MSG_RESULT() AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.]) -@@ -2016,6 +2020,7 @@ AC_SUBST(OPENSSL_ED25519) +@@ -1972,6 +1976,7 @@ AC_SUBST(OPENSSL_ED25519) AC_SUBST(OPENSSL_GOST) DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS" @@ -405,7 +386,7 @@ index b2bb268..d9e0797 100644 ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES" if test "yes" = "$with_aes" -@@ -2334,6 +2339,7 @@ esac +@@ -2295,6 +2300,7 @@ esac AC_SUBST(PKCS11LINKOBJS) AC_SUBST(PKCS11LINKSRCS) AC_SUBST(CRYPTO) @@ -413,7 +394,7 @@ index b2bb268..d9e0797 100644 AC_SUBST(PKCS11_ECDSA) AC_SUBST(PKCS11_GOST) AC_SUBST(PKCS11_ED25519) -@@ -5406,8 +5412,11 @@ AC_CONFIG_FILES([ +@@ -5425,8 +5431,11 @@ AC_CONFIG_FILES([ bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile @@ -425,7 +406,7 @@ index b2bb268..d9e0797 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5480,6 +5489,10 @@ AC_CONFIG_FILES([ +@@ -5499,6 +5508,10 @@ AC_CONFIG_FILES([ lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile @@ -436,7 +417,7 @@ index b2bb268..d9e0797 100644 lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile -@@ -5504,6 +5517,24 @@ AC_CONFIG_FILES([ +@@ -5523,6 +5536,24 @@ AC_CONFIG_FILES([ lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile @@ -475,7 +456,7 @@ index 81270a0..bcb5312 100644 @BIND9_MAKE_RULES@ diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in -index 4a8549e..6a19906 100644 +index 068bbac..d7f3d95 100644 --- a/lib/dns-pkcs11/Makefile.in +++ b/lib/dns-pkcs11/Makefile.in @@ -26,16 +26,16 @@ VERSION=@BIND9_VERSION@ @@ -638,6 +619,3 @@ index fa86ad1..3cfbe9f 100644 + +DNS_PKCS11_INCLUDES = @BIND9_DNS_BUILDINCLUDE@ \ + -I${top_srcdir}/lib/dns-pkcs11/include --- -2.20.1 - diff --git a/bind-9.10-sdb.patch b/bind-9.10-sdb.patch index e087ad7..485e241 100644 --- a/bind-9.10-sdb.patch +++ b/bind-9.10-sdb.patch @@ -1,17 +1,3 @@ -From 09b71a1994d7ea3b299746167b6bcf24021edd76 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Thu, 28 Feb 2019 18:37:01 +0100 -Subject: [PATCH] bind-9.10-sdb.patch - ---- - bin/Makefile.in | 4 +- - bin/named-sdb/Makefile.in | 25 +++++------- - bin/named-sdb/main.c | 83 +++++++++++++++++++++++++++++++++++++++ - bin/named/Makefile.in | 16 +++----- - bin/sdb_tools/Makefile.in | 10 +++-- - configure.in | 3 ++ - 6 files changed, 110 insertions(+), 31 deletions(-) - diff --git a/bin/Makefile.in b/bin/Makefile.in index ce7a2da..4e6a824 100644 --- a/bin/Makefile.in @@ -102,7 +88,7 @@ index 04dea99..4ff053e 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c -index 8cec1ad..de5e5bb 100644 +index 17f2daa..1bb9d79 100644 --- a/bin/named-sdb/main.c +++ b/bin/named-sdb/main.c @@ -93,6 +93,10 @@ @@ -309,11 +295,11 @@ index c7e0868..95ab742 100644 ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb@EXEEXT@ ${DESTDIR}${sbindir} + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 -diff --git a/configure.in b/configure.in -index c09c21a..e48bd2e 100644 ---- a/configure.in -+++ b/configure.in -@@ -5417,6 +5417,8 @@ AC_CONFIG_FILES([ +diff --git a/configure.ac b/configure.ac +index 8374385..0af9b71 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -5436,6 +5436,8 @@ AC_CONFIG_FILES([ bin/named/unix/Makefile bin/named-pkcs11/Makefile bin/named-pkcs11/unix/Makefile @@ -322,7 +308,7 @@ index c09c21a..e48bd2e 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5441,6 +5443,7 @@ AC_CONFIG_FILES([ +@@ -5460,6 +5462,7 @@ AC_CONFIG_FILES([ bin/python/isc/tests/dnskey_test.py bin/python/isc/tests/policy_test.py bin/rndc/Makefile @@ -330,6 +316,3 @@ index c09c21a..e48bd2e 100644 bin/tests/Makefile bin/tests/headerdep_test.sh bin/tests/optional/Makefile --- -2.20.1 - diff --git a/bind-9.11-ed448-disable.patch b/bind-9.11-ed448-disable.patch deleted file mode 100644 index 179f32f..0000000 --- a/bind-9.11-ed448-disable.patch +++ /dev/null @@ -1,41 +0,0 @@ -From e6bad0789c731f06de781997e33e864c71510ff2 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Thu, 21 Feb 2019 12:36:17 +0100 -Subject: [PATCH] Disable autodetected ED448 algorithm support - -Implementation is broken in bind, disabled also in more recent versions. -Makes bin/tests/system/dnssec fail. ---- - configure.in | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/configure.in b/configure.in -index ca84ff3239..da4dd5f249 100644 ---- a/configure.in -+++ b/configure.in -@@ -1917,6 +1917,9 @@ int main() { - } - ], - [AC_MSG_RESULT(yes) -+ # ED448 support is broken in BIND -+ # https://gitlab.isc.org/isc-projects/bind9/issues/225 -+ # disable if autodetected, can be enabled by --with-eddsa=all - have_ed448="yes"], - [AC_MSG_RESULT(no) - have_ed448="no"], -@@ -1929,8 +1932,10 @@ int main() { - esac - case $have_ed448 in - yes) -- AC_DEFINE(HAVE_OPENSSL_ED448, 1, -- [Define if your OpenSSL version supports Ed448.]) -+ # ED448 support is broken in BIND -+ # https://gitlab.isc.org/isc-projects/bind9/issues/225 -+ # AC_DEFINE(HAVE_OPENSSL_ED448, 1, -+ # [Define if your OpenSSL version supports Ed448.]) - ;; - *) - ;; --- -2.20.1 - diff --git a/bind-9.11-export-suffix.patch b/bind-9.11-export-suffix.patch index e3ba29c..8703747 100644 --- a/bind-9.11-export-suffix.patch +++ b/bind-9.11-export-suffix.patch @@ -1,8 +1,8 @@ -diff --git a/configure.in b/configure.in -index e6cd6a4..988b0a7 100644 ---- a/configure.in -+++ b/configure.in -@@ -5116,6 +5116,8 @@ AC_SUBST(BUILD_CPPFLAGS) +diff --git a/configure.ac b/configure.ac +index c1bfd62..7c5ad51 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -5333,6 +5333,8 @@ AC_SUBST(BUILD_CPPFLAGS) AC_SUBST(BUILD_LDFLAGS) AC_SUBST(BUILD_LIBS) @@ -12,10 +12,10 @@ index e6cd6a4..988b0a7 100644 # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody diff --git a/isc-config.sh.in b/isc-config.sh.in -index 110191a..5a64004 100644 +index b5e94ed..d2857e0 100644 --- a/isc-config.sh.in +++ b/isc-config.sh.in -@@ -12,16 +12,17 @@ prefix=@prefix@ +@@ -13,16 +13,17 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ exec_prefix_set= includedir=@includedir@ diff --git a/bind-9.11-feature-test-dlz.patch b/bind-9.11-feature-test-dlz.patch index 2c06d9f..39e46c8 100644 --- a/bind-9.11-feature-test-dlz.patch +++ b/bind-9.11-feature-test-dlz.patch @@ -1,4 +1,4 @@ -From fe4074d27f642dd93afb5988a2edc7c173b22520 Mon Sep 17 00:00:00 2001 +From 71627db6c8852d7805ec559506f5f3cb8d89a131 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 30 Jan 2019 15:12:54 +0100 Subject: [PATCH] Support DLZ filesystem detection in feature-test @@ -8,7 +8,7 @@ Do not use variable from configure to detect the feature. bin/tests/system/Makefile.in | 2 +- bin/tests/system/dlz/{prereq.sh.in => prereq.sh} | 2 +- bin/tests/system/feature-test.c | 9 +++++++++ - configure.in | 1 - + configure.ac | 1 - 4 files changed, 11 insertions(+), 3 deletions(-) rename bin/tests/system/dlz/{prereq.sh.in => prereq.sh} (91%) @@ -42,7 +42,7 @@ index afec653..fb3328e 100644 exit 255 fi diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c -index 5eee6aa..78bd3b9 100644 +index 11863a3..428d107 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -51,6 +51,7 @@ usage() { @@ -68,11 +68,11 @@ index 5eee6aa..78bd3b9 100644 if (strcmp(argv[1], "--ipv6only=no") == 0) { #ifdef WIN32 return (0); -diff --git a/configure.in b/configure.in -index fc1ad41..b2bb268 100644 ---- a/configure.in -+++ b/configure.in -@@ -5439,7 +5439,6 @@ AC_CONFIG_FILES([ +diff --git a/configure.ac b/configure.ac +index fddc63a..5e1ba8c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -5458,7 +5458,6 @@ AC_CONFIG_FILES([ bin/tests/pkcs11/benchmarks/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh diff --git a/bind-9.11-fips-code.patch b/bind-9.11-fips-code.patch index f4973a6..1640b3e 100644 --- a/bind-9.11-fips-code.patch +++ b/bind-9.11-fips-code.patch @@ -1,4 +1,4 @@ -From 9fa0831af989818eb6f908815967590e56a19ab1 Mon Sep 17 00:00:00 2001 +From 9ff202072b286ef57e0ffcd7c55777f2994d3985 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:34:45 +0200 Subject: [PATCH] FIPS code changes @@ -96,36 +96,36 @@ Date: Mon Jan 22 07:21:04 2018 +0100 Add runtime detection whether MD5 is useable. --- - bin/confgen/keygen.c | 10 ++++- - bin/confgen/rndc-confgen.c | 32 ++++------------ - bin/dig/dig.c | 7 ++-- - bin/dig/dighost.c | 14 +++++-- - bin/dnssec/dnssec-keygen.c | 14 +++++++ - bin/named/config.c | 25 ++++++++++++- - bin/nsupdate/nsupdate.c | 24 +++++++----- + bin/confgen/keygen.c | 10 +++- + bin/confgen/rndc-confgen.c | 32 ++++--------- + bin/dig/dig.c | 7 +-- + bin/dig/dighost.c | 14 ++++-- + bin/dnssec/dnssec-keygen.c | 14 ++++++ + bin/named/config.c | 25 +++++++++- + bin/nsupdate/nsupdate.c | 24 ++++++---- bin/rndc/rndc.c | 3 +- - bin/tests/optional/hash_test.c | 78 ++++++++++++++++++++------------------- + bin/tests/optional/hash_test.c | 78 ++++++++++++++++--------------- bin/tests/system/tkey/keycreate.c | 3 ++ - bin/tests/system/tkey/keydelete.c | 17 ++++++--- - lib/bind9/check.c | 10 +++++ - lib/dns/dst_api.c | 23 ++++++++---- + bin/tests/system/tkey/keydelete.c | 17 ++++--- + lib/bind9/check.c | 10 ++++ + lib/dns/dst_api.c | 23 ++++++--- lib/dns/dst_internal.h | 3 +- - lib/dns/dst_parse.c | 18 +++++++-- - lib/dns/hmac_link.c | 18 ++------- + lib/dns/dst_parse.c | 18 +++++-- + lib/dns/hmac_link.c | 18 ++----- lib/dns/opensslrsa_link.c | 6 +++ - lib/dns/pkcs11rsa_link.c | 33 +++++++++++++++-- - lib/dns/rcode.c | 21 ++++++++++- - lib/dns/tests/rsa_test.c | 29 ++++++++------- + lib/dns/pkcs11rsa_link.c | 33 +++++++++++-- + lib/dns/rcode.c | 21 ++++++++- + lib/dns/tests/rsa_test.c | 4 ++ lib/dns/tests/tsig_test.c | 1 + - lib/dns/tkey.c | 9 +++++ + lib/dns/tkey.c | 9 ++++ lib/dns/tsec.c | 8 +++- - lib/dns/tsig.c | 17 +++++---- + lib/dns/tsig.c | 17 ++++--- lib/isc/include/isc/md5.h | 3 ++ - lib/isc/md5.c | 59 +++++++++++++++++++++++++++++ - lib/isc/pk11.c | 44 +++++++++++++++------- - lib/isc/tests/hash_test.c | 9 +++-- - lib/isccc/cc.c | 42 +++++++++++++-------- - 29 files changed, 409 insertions(+), 171 deletions(-) + lib/isc/md5.c | 59 +++++++++++++++++++++++ + lib/isc/pk11.c | 44 +++++++++++------ + lib/isc/tests/hash_test.c | 9 ++++ + lib/isccc/cc.c | 42 +++++++++++------ + 29 files changed, 400 insertions(+), 155 deletions(-) diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c index 8931ad5..5015abb 100644 @@ -241,7 +241,7 @@ index 5ca3d76..6b7790a 100644 port = DEFAULT_PORT; diff --git a/bin/dig/dig.c b/bin/dig/dig.c -index 39f74be..597e830 100644 +index 2063a3b..8e856c5 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -20,6 +20,7 @@ @@ -252,7 +252,7 @@ index 39f74be..597e830 100644 #include #include #include -@@ -1760,10 +1761,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, +@@ -1767,10 +1768,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, ptr = ptr2; ptr2 = ptr3; } else { @@ -267,7 +267,7 @@ index 39f74be..597e830 100644 digestbits = 0; } diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index 1fa711a..341ed80 100644 +index 011b118..5eabc1f 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -80,6 +80,7 @@ @@ -339,7 +339,7 @@ index 1476d0d..f5c9316 100644 alg = DST_ALG_HMACMD5; #else diff --git a/bin/named/config.c b/bin/named/config.c -index 2732a8f..2c4c93c 100644 +index 7584efb..a153172 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -18,6 +18,7 @@ @@ -350,7 +350,7 @@ index 2732a8f..2c4c93c 100644 #include #include #include -@@ -967,6 +968,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name, +@@ -969,6 +970,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name, return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits)); } @@ -372,7 +372,7 @@ index 2732a8f..2c4c93c 100644 isc_result_t ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, unsigned int *typep, uint16_t *digestbits) -@@ -976,7 +992,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, +@@ -978,7 +994,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, uint16_t bits; isc_result_t result; @@ -381,7 +381,7 @@ index 2732a8f..2c4c93c 100644 len = strlen(algorithms[i].str); if (strncasecmp(algorithms[i].str, str, len) == 0 && (str[len] == '\0' || -@@ -999,7 +1015,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, +@@ -1001,7 +1017,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, if (name != NULL) { switch (algorithms[i].hmac) { #ifndef PK11_MD5_DISABLE @@ -396,7 +396,7 @@ index 2732a8f..2c4c93c 100644 case hmacsha1: *name = dns_tsig_hmacsha1_name; break; case hmacsha224: *name = dns_tsig_hmacsha224_name; break; diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c -index 8d1da3b..5eefc57 100644 +index 548e0ce..509784c 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -31,6 +31,7 @@ @@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644 dst_key_free(&dstkey); CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED); diff --git a/lib/bind9/check.c b/lib/bind9/check.c -index d32a5a1..c749c27 100644 +index d6fba22..ac60ba8 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -23,6 +23,7 @@ @@ -633,7 +633,7 @@ index d32a5a1..c749c27 100644 #include #include #include -@@ -2592,6 +2593,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { +@@ -2589,6 +2590,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { } algorithm = cfg_obj_asstring(algobj); @@ -650,7 +650,7 @@ index d32a5a1..c749c27 100644 len = strlen(algorithms[i].name); if (strncasecmp(algorithms[i].name, algorithm, len) == 0 && diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c -index 97fee68..5703f9c 100644 +index e3c47a9..320c0f8 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -192,6 +192,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx, @@ -766,7 +766,7 @@ index f31c33d..87023a6 100644 ret = DST_R_INVALIDPRIVATEKEY; goto fail; diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c -index 94e73b1..d904075 100644 +index 3b6579b..4bdce2f 100644 --- a/lib/dns/hmac_link.c +++ b/lib/dns/hmac_link.c @@ -340,20 +340,10 @@ static dst_func_t hmacmd5_functions = { @@ -792,13 +792,13 @@ index 94e73b1..d904075 100644 + if (!isc_md5_available()) + return (ISC_R_SUCCESS); + #if PK11_FLAVOR != PK11_UTIMACO_FLAVOR /* - * Prevent use of incorrect crypto diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c -index c03fd72..49b66fc 100644 +index ec35f50..c80fabe 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c -@@ -1802,6 +1802,12 @@ dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) { +@@ -1812,6 +1812,12 @@ dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) { if (*funcp == NULL) { switch (algorithm) { @@ -812,7 +812,7 @@ index c03fd72..49b66fc 100644 #if defined(HAVE_EVP_SHA256) || !USE_EVP *funcp = &opensslrsa_functions; diff --git a/lib/dns/pkcs11rsa_link.c b/lib/dns/pkcs11rsa_link.c -index eb782c8..46fd844 100644 +index 096c1a8..6c280bf 100644 --- a/lib/dns/pkcs11rsa_link.c +++ b/lib/dns/pkcs11rsa_link.c @@ -96,10 +96,15 @@ pkcs11rsa_createctx_sign(dst_key_t *key, dst_context_t *dctx) { @@ -832,7 +832,7 @@ index eb782c8..46fd844 100644 case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: /* From RFC 3110 */ -@@ -636,6 +641,9 @@ pkcs11rsa_createctx(dst_key_t *key, dst_context_t *dctx) { +@@ -641,6 +646,9 @@ pkcs11rsa_createctx(dst_key_t *key, dst_context_t *dctx) { switch (key->key_alg) { #ifndef PK11_MD5_DISABLE case DST_ALG_RSAMD5: @@ -842,7 +842,7 @@ index eb782c8..46fd844 100644 mech.mechanism = CKM_MD5; break; #endif -@@ -792,6 +800,9 @@ pkcs11rsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { +@@ -799,6 +807,9 @@ pkcs11rsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { switch (key->key_alg) { #ifndef PK11_MD5_DISABLE case DST_ALG_RSAMD5: @@ -852,7 +852,7 @@ index eb782c8..46fd844 100644 der = md5_der; derlen = sizeof(md5_der); hashlen = ISC_MD5_DIGESTLENGTH; -@@ -1016,6 +1027,9 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) { +@@ -1024,6 +1035,9 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) { switch (key->key_alg) { #ifndef PK11_MD5_DISABLE case DST_ALG_RSAMD5: @@ -862,7 +862,7 @@ index eb782c8..46fd844 100644 der = md5_der; derlen = sizeof(md5_der); hashlen = ISC_MD5_DIGESTLENGTH; -@@ -2219,11 +2233,22 @@ static dst_func_t pkcs11rsa_functions = { +@@ -2231,11 +2245,22 @@ static dst_func_t pkcs11rsa_functions = { }; isc_result_t @@ -889,7 +889,7 @@ index eb782c8..46fd844 100644 } diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c -index 6a5948e..010dd1b 100644 +index 9c42c50..f51d548 100644 --- a/lib/dns/rcode.c +++ b/lib/dns/rcode.c @@ -16,6 +16,7 @@ @@ -900,7 +900,7 @@ index 6a5948e..010dd1b 100644 #include #include #include -@@ -349,17 +350,33 @@ dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) { +@@ -357,17 +358,33 @@ dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) { return (dns_mnemonic_totext(cert, target, certs)); } @@ -937,70 +937,48 @@ index 6a5948e..010dd1b 100644 void diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c -index fb207ef..3ef0a4e 100644 +index 16214c6..9b235ba 100644 --- a/lib/dns/tests/rsa_test.c +++ b/lib/dns/tests/rsa_test.c -@@ -19,6 +19,7 @@ - #include - #include +@@ -26,6 +26,7 @@ + #define UNIT_TESTING + #include +#include #include #include -@@ -225,23 +226,25 @@ ATF_TC_BODY(isc_rsa_verify, tc) { +@@ -247,6 +248,8 @@ isc_rsa_verify_test(void **state) { /* RSAMD5 */ #ifndef PK11_MD5_DISABLE -- key->key_alg = DST_ALG_RSAMD5; + if (isc_md5_available()) { -+ key->key_alg = DST_ALG_RSAMD5; - -- ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC, -- false, &ctx); -- ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS); -+ ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC, -+ false, &ctx); -+ ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS); - -- r.base = d; -- r.length = 10; -- ret = dst_context_adddata(ctx, &r); -- ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS); -+ r.base = d; -+ r.length = 10; -+ ret = dst_context_adddata(ctx, &r); -+ ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS); - -- r.base = sigmd5; -- r.length = 256; -- ret = dst_context_verify(ctx, &r); -- ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS); -+ r.base = sigmd5; -+ r.length = 256; -+ ret = dst_context_verify(ctx, &r); -+ ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS); - -- dst_context_destroy(&ctx); -+ dst_context_destroy(&ctx); ++ /* wrong indentation is kept for diff minimization */ + key->key_alg = DST_ALG_RSAMD5; + + ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC, +@@ -264,6 +267,7 @@ isc_rsa_verify_test(void **state) { + assert_int_equal(ret, ISC_R_SUCCESS); + + dst_context_destroy(&ctx); + } #endif /* RSASHA256 */ diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c -index 443fb36..f003ff3 100644 +index 4d6847e..1a208b5 100644 --- a/lib/dns/tests/tsig_test.c +++ b/lib/dns/tests/tsig_test.c -@@ -14,6 +14,7 @@ - #include - #include +@@ -24,6 +24,7 @@ + #define UNIT_TESTING + #include +#include #include #include - + #include diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c -index 5b4ffd9..cc3469d 100644 +index 89cfc79..d07364a 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -245,6 +245,9 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness, @@ -1027,7 +1005,7 @@ index 5b4ffd9..cc3469d 100644 tkey_log("process_dhtkey: algorithms other than " "hmac-md5 are not supported"); diff --git a/lib/dns/tsec.c b/lib/dns/tsec.c -index c5eca0e..19b9002 100644 +index 9d8ead4..0c82f65 100644 --- a/lib/dns/tsec.c +++ b/lib/dns/tsec.c @@ -11,6 +11,7 @@ @@ -1053,7 +1031,7 @@ index c5eca0e..19b9002 100644 #endif case DST_ALG_HMACSHA1: diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c -index a94ec69..f74c831 100644 +index 58c1104..00ee1e1 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -273,7 +273,8 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, @@ -1086,7 +1064,7 @@ index a94ec69..f74c831 100644 if (secret != NULL) { isc_buffer_t b; -@@ -1283,7 +1286,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, +@@ -1291,7 +1294,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, return (ret); if ( #ifndef PK11_MD5_DISABLE @@ -1095,7 +1073,7 @@ index a94ec69..f74c831 100644 #endif alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 || -@@ -1452,7 +1455,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, +@@ -1460,7 +1463,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, if ( #ifndef PK11_MD5_DISABLE @@ -1104,7 +1082,7 @@ index a94ec69..f74c831 100644 #endif alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 || -@@ -1593,7 +1596,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { +@@ -1601,7 +1604,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { goto cleanup_querystruct; if ( #ifndef PK11_MD5_DISABLE @@ -1113,7 +1091,7 @@ index a94ec69..f74c831 100644 #endif alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 || -@@ -1772,7 +1775,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { +@@ -1780,7 +1783,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { goto cleanup_context; if ( #ifndef PK11_MD5_DISABLE @@ -1137,7 +1115,7 @@ index 4d29398..e3f5cec 100644 #endif /* !PK11_MD5_DISABLE */ diff --git a/lib/isc/md5.c b/lib/isc/md5.c -index 25c71a2..934a70c 100644 +index 920aed5..a086a57 100644 --- a/lib/isc/md5.c +++ b/lib/isc/md5.c @@ -37,6 +37,7 @@ @@ -1237,7 +1215,7 @@ index 25c71a2..934a70c 100644 /* diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c -index c5d2310..a01e698 100644 +index 0d5b009..bb9912b 100644 --- a/lib/isc/pk11.c +++ b/lib/isc/pk11.c @@ -197,8 +197,6 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) { @@ -1356,39 +1334,39 @@ index c5d2310..a01e698 100644 /* ECDSA requires digest */ diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c -index 8f12342..7eb1552 100644 +index 8ddfe70..9c4d299 100644 --- a/lib/isc/tests/hash_test.c +++ b/lib/isc/tests/hash_test.c -@@ -2009,7 +2009,8 @@ ATF_TP_ADD_TCS(tp) { - * various cryptographic hashes. - */ - #ifndef PK11_MD5_DISABLE -- ATF_TP_ADD_TC(tp, md5_check); -+ if (isc_md5_available()) -+ ATF_TP_ADD_TC(tp, md5_check); - #endif - ATF_TP_ADD_TC(tp, sha1_check); +@@ -776,6 +776,9 @@ isc_md5_test(void **state) { + + UNUSED(state); + ++ if (!isc_md5_available()) ++ return; ++ + /* + * These are the various test vectors. All of these are passed + * through the hash function and the results are compared to the +@@ -1631,6 +1634,9 @@ isc_hmacmd5_test(void **state) { + + UNUSED(state); + ++ if (!isc_md5_available()) ++ return; ++ + /* + * These are the various test vectors. All of these are passed + * through the hash function and the results are compared to the +@@ -1941,6 +1947,9 @@ static void + md5_check_test(void **state) { + UNUSED(state); + ++ if (!isc_md5_available()) ++ return; ++ + assert_true(isc_md5_check(false)); + assert_false(isc_md5_check(true)); -@@ -2017,7 +2018,8 @@ ATF_TP_ADD_TCS(tp) { - ATF_TP_ADD_TC(tp, isc_hash_function_reverse); - ATF_TP_ADD_TC(tp, isc_hash_initializer); - #ifndef PK11_MD5_DISABLE -- ATF_TP_ADD_TC(tp, isc_hmacmd5); -+ if (isc_md5_available()) -+ ATF_TP_ADD_TC(tp, isc_hmacmd5); - #endif - ATF_TP_ADD_TC(tp, isc_hmacsha1); - ATF_TP_ADD_TC(tp, isc_hmacsha224); -@@ -2025,7 +2027,8 @@ ATF_TP_ADD_TCS(tp) { - ATF_TP_ADD_TC(tp, isc_hmacsha384); - ATF_TP_ADD_TC(tp, isc_hmacsha512); - #ifndef PK11_MD5_DISABLE -- ATF_TP_ADD_TC(tp, isc_md5); -+ if (isc_md5_available()) -+ ATF_TP_ADD_TC(tp, isc_md5); - #endif - ATF_TP_ADD_TC(tp, isc_sha1); - ATF_TP_ADD_TC(tp, isc_sha224); diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c index c2740cb..c314d76 100644 --- a/lib/isccc/cc.c @@ -1477,5 +1455,5 @@ index c2740cb..c314d76 100644 case ISCCC_ALG_HMACSHA1: -- -2.14.4 +2.20.1 diff --git a/bind-9.11-fips-tests.patch b/bind-9.11-fips-tests.patch index 16d3b33..b86b783 100644 --- a/bind-9.11-fips-tests.patch +++ b/bind-9.11-fips-tests.patch @@ -1,4 +1,4 @@ -From 07876a60a9c2537f536901b214349d67f6b25666 Mon Sep 17 00:00:00 2001 +From 4e6888c1d32071ead4b7faeeb0f1774a6d8a1120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:46:45 +0200 Subject: [PATCH] FIPS tests changes @@ -58,56 +58,54 @@ Date: Wed Mar 7 10:44:23 2018 +0100 Use hmac-sha256 instead of default hmac-md5 for allow-query --- - bin/tests/system/acl/ns2/named1.conf.in | 4 +- - bin/tests/system/acl/ns2/named2.conf.in | 4 +- - bin/tests/system/acl/ns2/named3.conf.in | 6 +-- - bin/tests/system/acl/ns2/named4.conf.in | 4 +- - bin/tests/system/acl/ns2/named5.conf.in | 4 +- - bin/tests/system/acl/tests.sh | 32 +++++------ - bin/tests/system/allow-query/ns2/named10.conf.in | 2 +- - bin/tests/system/allow-query/ns2/named11.conf.in | 4 +- - bin/tests/system/allow-query/ns2/named12.conf.in | 2 +- - bin/tests/system/allow-query/ns2/named30.conf.in | 2 +- - bin/tests/system/allow-query/ns2/named31.conf.in | 4 +- - bin/tests/system/allow-query/ns2/named32.conf.in | 2 +- - bin/tests/system/allow-query/ns2/named40.conf.in | 4 +- - bin/tests/system/allow-query/tests.sh | 18 +++---- - bin/tests/system/catz/ns1/named.conf.in | 2 +- - bin/tests/system/catz/ns2/named.conf.in | 2 +- - bin/tests/system/checkconf/bad-tsig.conf | 2 +- - bin/tests/system/checkconf/good.conf | 2 +- - bin/tests/system/digdelv/ns2/example.db | 15 +++--- - bin/tests/system/digdelv/tests.sh | 28 +++++----- - bin/tests/system/dlv/ns1/sign.sh | 4 +- - bin/tests/system/dlv/ns2/sign.sh | 4 +- - bin/tests/system/dlv/ns3/sign.sh | 69 ++++++++++++------------ - bin/tests/system/dlv/ns6/sign.sh | 66 ++++++++++++----------- - bin/tests/system/dnssec/ns1/sign.sh | 4 +- - bin/tests/system/dnssec/ns2/sign.sh | 12 ++--- - bin/tests/system/dnssec/ns3/sign.sh | 20 +++---- - bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +- - bin/tests/system/dnssec/tests.sh | 8 +-- - bin/tests/system/feature-test.c | 14 +++++ - bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +- - bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +- - bin/tests/system/notify/ns5/named.conf.in | 6 +-- - bin/tests/system/notify/tests.sh | 6 +-- - bin/tests/system/nsupdate/ns1/named.conf.in | 2 +- - bin/tests/system/nsupdate/ns2/named.conf.in | 2 +- - bin/tests/system/nsupdate/setup.sh | 7 ++- - bin/tests/system/nsupdate/tests.sh | 11 +++- - bin/tests/system/rndc/setup.sh | 2 +- - bin/tests/system/rndc/tests.sh | 23 ++++---- - bin/tests/system/tsig/clean.sh | 1 + - bin/tests/system/tsig/ns1/named.conf.in | 10 +--- - bin/tests/system/tsig/ns1/rndc5.conf.in | 11 ++++ - bin/tests/system/tsig/setup.sh | 4 ++ - bin/tests/system/tsig/tests.sh | 67 ++++++++++++++--------- - bin/tests/system/tsiggss/setup.sh | 2 +- - bin/tests/system/upforwd/ns1/named.conf.in | 2 +- - bin/tests/system/upforwd/tests.sh | 2 +- - 48 files changed, 287 insertions(+), 225 deletions(-) - create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in + bin/tests/system/acl/ns2/named1.conf.in | 4 +- + bin/tests/system/acl/ns2/named2.conf.in | 4 +- + bin/tests/system/acl/ns2/named3.conf.in | 6 +- + bin/tests/system/acl/ns2/named4.conf.in | 4 +- + bin/tests/system/acl/ns2/named5.conf.in | 4 +- + bin/tests/system/acl/tests.sh | 32 ++++----- + .../system/allow-query/ns2/named10.conf.in | 2 +- + .../system/allow-query/ns2/named11.conf.in | 4 +- + .../system/allow-query/ns2/named12.conf.in | 2 +- + .../system/allow-query/ns2/named30.conf.in | 2 +- + .../system/allow-query/ns2/named31.conf.in | 4 +- + .../system/allow-query/ns2/named32.conf.in | 2 +- + .../system/allow-query/ns2/named40.conf.in | 4 +- + bin/tests/system/allow-query/tests.sh | 18 ++--- + bin/tests/system/catz/ns1/named.conf.in | 2 +- + bin/tests/system/catz/ns2/named.conf.in | 2 +- + bin/tests/system/checkconf/bad-tsig.conf | 2 +- + bin/tests/system/checkconf/good.conf | 2 +- + bin/tests/system/digdelv/ns2/example.db | 15 ++-- + bin/tests/system/digdelv/tests.sh | 28 ++++---- + bin/tests/system/dlv/ns1/sign.sh | 4 +- + bin/tests/system/dlv/ns2/sign.sh | 4 +- + bin/tests/system/dlv/ns3/sign.sh | 69 ++++++++++--------- + bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++--------- + bin/tests/system/dnssec/ns1/sign.sh | 4 +- + bin/tests/system/dnssec/ns2/sign.sh | 12 ++-- + bin/tests/system/dnssec/ns3/sign.sh | 20 +++--- + bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +- + bin/tests/system/dnssec/tests.sh | 8 +-- + bin/tests/system/feature-test.c | 14 ++++ + bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +- + bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +- + bin/tests/system/notify/ns5/named.conf.in | 6 +- + bin/tests/system/notify/tests.sh | 6 +- + bin/tests/system/nsupdate/ns1/named.conf.in | 2 +- + bin/tests/system/nsupdate/ns2/named.conf.in | 2 +- + bin/tests/system/nsupdate/setup.sh | 7 +- + bin/tests/system/nsupdate/tests.sh | 11 ++- + bin/tests/system/rndc/setup.sh | 2 +- + bin/tests/system/rndc/tests.sh | 23 ++++--- + bin/tests/system/tsig/clean.sh | 1 + + bin/tests/system/tsig/ns1/named.conf.in | 10 +-- + bin/tests/system/tsig/setup.sh | 5 ++ + bin/tests/system/tsig/tests.sh | 67 +++++++++++------- + bin/tests/system/tsiggss/setup.sh | 2 +- + bin/tests/system/upforwd/ns1/named.conf.in | 2 +- + bin/tests/system/upforwd/tests.sh | 2 +- + 47 files changed, 277 insertions(+), 225 deletions(-) diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in index 0ea6502..026db3f 100644 @@ -604,7 +602,7 @@ index f4e30f5..9f53e31 100644 ; TTL of 3 weeks weeks 1814400 A 10.53.0.2 diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh -index 95bd074..b566ecb 100644 +index 24aa7b3..54a3e2a 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh @@ -61,7 +61,7 @@ if [ -x ${DIG} ] ; then @@ -670,7 +668,7 @@ index 95bd074..b566ecb 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -555,7 +555,7 @@ if [ -x ${DELV} ] ; then +@@ -564,7 +564,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -679,7 +677,7 @@ index 95bd074..b566ecb 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -563,7 +563,7 @@ if [ -x ${DELV} ] ; then +@@ -572,7 +572,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1 @@ -688,7 +686,7 @@ index 95bd074..b566ecb 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -571,7 +571,7 @@ if [ -x ${DELV} ] ; then +@@ -580,7 +580,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +rrcomments works for DNSKEY($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -697,7 +695,7 @@ index 95bd074..b566ecb 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -579,7 +579,7 @@ if [ -x ${DELV} ] ; then +@@ -588,7 +588,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +rrcomments works for DNSKEY ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -706,7 +704,7 @@ index 95bd074..b566ecb 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -587,7 +587,7 @@ if [ -x ${DELV} ] ; then +@@ -596,7 +596,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +rrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -715,7 +713,7 @@ index 95bd074..b566ecb 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -595,7 +595,7 @@ if [ -x ${DELV} ] ; then +@@ -604,7 +604,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +nosplit works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -724,7 +722,7 @@ index 95bd074..b566ecb 100644 if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi f=`awk '{print NF}' < delv.out.test$n` test "${f:-0}" -eq 14 || ret=1 -@@ -606,7 +606,7 @@ if [ -x ${DELV} ] ; then +@@ -615,7 +615,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +nosplit +norrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -1171,10 +1169,10 @@ index 198d60a..d89a539 100644 keyid=`expr $keyid + 0` echo "$keyid" > managed.key.id diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh -index 9078459..9dcd028 100644 +index ca18608..25b6cab 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh -@@ -29,8 +29,8 @@ do +@@ -30,8 +30,8 @@ do cp ../ns3/dsset-$subdomain.example$TP . done @@ -1185,7 +1183,7 @@ index 9078459..9dcd028 100644 cat $infile $keyname1.key $keyname2.key >$zonefile -@@ -89,8 +89,8 @@ zone=in-addr.arpa. +@@ -91,8 +91,8 @@ zone=in-addr.arpa. infile=in-addr.arpa.db.in zonefile=in-addr.arpa.db @@ -1196,7 +1194,7 @@ index 9078459..9dcd028 100644 cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null -@@ -101,7 +101,7 @@ privzone=private.secure.example. +@@ -103,7 +103,7 @@ privzone=private.secure.example. privinfile=private.secure.example.db.in privzonefile=private.secure.example.db @@ -1205,7 +1203,7 @@ index 9078459..9dcd028 100644 cat $privinfile $privkeyname.key >$privzonefile -@@ -115,7 +115,7 @@ dlvinfile=dlv.db.in +@@ -117,7 +117,7 @@ dlvinfile=dlv.db.in dlvzonefile=dlv.db dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP @@ -1215,7 +1213,7 @@ index 9078459..9dcd028 100644 cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh -index 330abf7..f95a6b7 100644 +index ff55d84..4f6a251 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -28,7 +28,7 @@ zone=bogus.example. @@ -1292,7 +1290,7 @@ index 330abf7..f95a6b7 100644 cat $infile $keyname.key >$zonefile -@@ -498,7 +498,7 @@ zone=badds.example. +@@ -533,7 +533,7 @@ zone=badds.example. infile=bogus.example.db.in zonefile=badds.example.db @@ -1313,10 +1311,10 @@ index ed30460..e6b1126 100644 + "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV"; }; diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh -index bb2315f..3156668 100644 +index 646434f..9a10f9f 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh -@@ -1690,7 +1690,7 @@ ret=0 +@@ -1688,7 +1688,7 @@ ret=0 $RNDCCMD 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i keyid=`cat ns1/managed.key.id` cp ns4/named.secroots named.secroots.test$n @@ -1325,7 +1323,7 @@ index bb2315f..3156668 100644 [ "$linecount" -eq 1 ] || ret=1 linecount=`cat named.secroots.test$n | wc -l` [ "$linecount" -eq 10 ] || ret=1 -@@ -3018,7 +3018,7 @@ echo_i "check dig's +nocrypto flag ($n)" +@@ -3016,7 +3016,7 @@ echo_i "check dig's +nocrypto flag ($n)" ret=0 $DIG $DIGOPTS +norec +nocrypto DNSKEY . \ @10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1 @@ -1334,7 +1332,7 @@ index bb2315f..3156668 100644 grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +norec +nocrypto DS example \ @10.53.0.1 > dig.out.ds.ns1.test$n || ret=1 -@@ -3130,8 +3130,8 @@ do +@@ -3128,8 +3128,8 @@ do alg=`expr $alg + 1` continue;; 3) size="-b 512";; @@ -1346,7 +1344,7 @@ index bb2315f..3156668 100644 8) size="-b 512";; 10) size="-b 1024";; diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c -index 9612450..5eee6aa 100644 +index f934b63..11863a3 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -19,6 +19,7 @@ @@ -1440,10 +1438,10 @@ index cfcfe8f..0a1614d 100644 }; diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh -index ad20e3e..5a9ce46 100644 +index 1f6e6d0..c08bd25 100644 --- a/bin/tests/system/notify/tests.sh +++ b/bin/tests/system/notify/tests.sh -@@ -186,16 +186,16 @@ ret=0 +@@ -212,16 +212,16 @@ ret=0 $NSUPDATE << EOF server 10.53.0.5 ${PORT} zone x21 @@ -1477,10 +1475,10 @@ index 1d999ad..26b6b7c 100644 }; diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in -index b4ecf96..1adb33e 100644 +index 4549184..cb7dccd 100644 --- a/bin/tests/system/nsupdate/ns2/named.conf.in +++ b/bin/tests/system/nsupdate/ns2/named.conf.in -@@ -24,7 +24,7 @@ options { +@@ -33,7 +33,7 @@ controls { }; key altkey { @@ -1490,7 +1488,7 @@ index b4ecf96..1adb33e 100644 }; diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh -index d6647fa..715314b 100644 +index 45dfeeb..594db77 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -63,7 +63,12 @@ EOF @@ -1508,7 +1506,7 @@ index d6647fa..715314b 100644 $DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key $DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh -index 9f26572..fd0383f 100755 +index 901cd22..b72b59c 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -700,7 +700,14 @@ fi @@ -1537,7 +1535,7 @@ index 9f26572..fd0383f 100755 done if [ $ret -ne 0 ]; then diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh -index 850c4d2..09a3e0f 100644 +index 343869e..c30efb0 100644 --- a/bin/tests/system/rndc/setup.sh +++ b/bin/tests/system/rndc/setup.sh @@ -37,7 +37,7 @@ make_key () { @@ -1550,7 +1548,7 @@ index 850c4d2..09a3e0f 100644 make_key 3 ${EXTRAPORT3} hmac-sha224 make_key 4 ${EXTRAPORT4} hmac-sha256 diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh -index 647730e..7df752d 100644 +index b00056c..f7fad91 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -356,15 +356,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1620,31 +1618,15 @@ index fbf30c6..f61657d 100644 key "sha1-trunc" { secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; -diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in -new file mode 100644 -index 0000000..4117830 ---- /dev/null -+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in -@@ -0,0 +1,11 @@ -+ -+key "md5" { -+ secret "97rnFx24Tfna4mHPfgnerA=="; -+ algorithm hmac-md5; -+}; -+ -+key "md5-trunc" { -+ secret "97rnFx24Tfna4mHPfgnerA=="; -+ algorithm hmac-md5-80; -+}; -+ diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh -index 656e9bb..628c5bb 100644 +index 4dd4a25..aa0f966 100644 --- a/bin/tests/system/tsig/setup.sh +++ b/bin/tests/system/tsig/setup.sh -@@ -17,3 +17,7 @@ $SHELL clean.sh +@@ -17,3 +17,8 @@ $SHELL clean.sh copy_setports ns1/named.conf.in ns1/named.conf - test -r $RANDFILE || $GENRANDOM 400 $RANDFILE + test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE ++ +if $FEATURETEST --md5 +then + cat ns1/rndc5.conf.in >> ns1/named.conf @@ -1742,10 +1724,10 @@ index f731fa6..cade35b 100644 echo_i "fetching using hmac-sha1-80 (BADTRUNC)" diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh -index 5da33cf..fb108b0 100644 +index 0d21c7b..dbcb7b4 100644 --- a/bin/tests/system/tsiggss/setup.sh +++ b/bin/tests/system/tsiggss/setup.sh -@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE copy_setports ns1/named.conf.in ns1/named.conf @@ -1779,5 +1761,5 @@ index b0694bb..9adae82 100644 update add updated.example. 600 A 10.10.10.1 update add updated.example. 600 TXT Foo -- -2.14.4 +2.20.1 diff --git a/bind-9.11-host-idn-disable.patch b/bind-9.11-host-idn-disable.patch index 7d52964..7f02b4c 100644 --- a/bind-9.11-host-idn-disable.patch +++ b/bind-9.11-host-idn-disable.patch @@ -1,4 +1,4 @@ -From ed26f0f0eb4242706d2012e4abe0152071bb305b Mon Sep 17 00:00:00 2001 +From ec50eff97c259b5bfbfa4e050d69fe7b39b0f15a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 25 Sep 2018 18:08:46 +0200 Subject: [PATCH] Disable IDN from environment as documented @@ -12,16 +12,16 @@ Support variable CHARSET=ASCII to disable IDN, supported in downstream RH patch since RHEL 5. --- bin/dig/dig.docbook | 4 +++- - bin/dig/dighost.c | 9 +++++++-- + bin/dig/dighost.c | 5 +++++ bin/dig/host.docbook | 2 +- bin/dig/nslookup.docbook | 15 +++++++++++++++ - 4 files changed, 26 insertions(+), 4 deletions(-) + 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook -index bd7510e..5cc696f 100644 +index 5d19301..933af79 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook -@@ -1288,7 +1288,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr +@@ -1312,7 +1312,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr reply from the server. If you'd like to turn off the IDN support for some reason, use parameters +noidnin and @@ -33,15 +33,13 @@ index bd7510e..5cc696f 100644 diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index 341ed80..bb8702c 100644 +index 5eabc1f..73aaab8 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c -@@ -825,12 +825,17 @@ make_empty_lookup(void) { - looknew->seenbadcookie = false; +@@ -826,6 +826,11 @@ make_empty_lookup(void) { looknew->badcookie = true; #ifdef WITH_IDN_SUPPORT -- looknew->idnin = true; -+ looknew->idnin = (getenv("IDN_DISABLE") == NULL); + looknew->idnin = isatty(1)?(getenv("IDN_DISABLE") == NULL):false; + if (looknew->idnin) { + const char *charset = getenv("CHARSET"); + if (charset && !strcmp(charset, "ASCII")) @@ -50,17 +48,11 @@ index 341ed80..bb8702c 100644 #else looknew->idnin = false; #endif - #ifdef WITH_IDN_OUT_SUPPORT -- looknew->idnout = true; -+ looknew->idnout = looknew->idnin; - #else - looknew->idnout = false; - #endif diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook -index 9c3aeaa..42cbbf9 100644 +index da0f8fb..9689b5a 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook -@@ -378,7 +378,7 @@ +@@ -379,7 +379,7 @@ host appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. @@ -70,10 +62,10 @@ index 9c3aeaa..42cbbf9 100644 The IDN support is disabled if the variable is set when host runs. diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook -index 3aff4e9..86a09c6 100644 +index d46fc2d..6d7d181 100644 --- a/bin/dig/nslookup.docbook +++ b/bin/dig/nslookup.docbook -@@ -478,6 +478,21 @@ nslookup -query=hinfo -timeout=10 +@@ -495,6 +495,21 @@ nslookup -query=hinfo -timeout=10 @@ -96,5 +88,5 @@ index 3aff4e9..86a09c6 100644 /etc/resolv.conf -- -2.14.4 +2.20.1 diff --git a/bind-9.11-kyua-pkcs11.patch b/bind-9.11-kyua-pkcs11.patch index 1b83800..caf57bb 100644 --- a/bind-9.11-kyua-pkcs11.patch +++ b/bind-9.11-kyua-pkcs11.patch @@ -1,4 +1,4 @@ -From 3474d13bbf08c441783bd72afbc8cec8857baf46 Mon Sep 17 00:00:00 2001 +From 17998f4feb9590522a0b50943075d9e8c97ec69d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 2 Jan 2018 18:13:07 +0100 Subject: [PATCH] Fix pkcs11 variants atf tests @@ -7,20 +7,19 @@ Add dns-pkcs11 tests Makefile to configure Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode --- - configure.in | 1 + - lib/Atffile | 2 ++ + configure.ac | 1 + lib/Kyuafile | 2 ++ lib/dns-pkcs11/tests/Makefile.in | 10 +++++----- lib/dns-pkcs11/tests/dh_test.c | 3 ++- lib/isc-pkcs11/tests/Makefile.in | 6 +++--- lib/isc-pkcs11/tests/hash_test.c | 32 +++++++++++++++++++++++++------- - 7 files changed, 40 insertions(+), 16 deletions(-) + 6 files changed, 38 insertions(+), 16 deletions(-) -diff --git a/configure.in b/configure.in -index 1edafd1..5466de1 100644 ---- a/configure.in -+++ b/configure.in -@@ -5489,6 +5489,7 @@ AC_CONFIG_FILES([ +diff --git a/configure.ac b/configure.ac +index 7aff0e6..8374385 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -5512,6 +5512,7 @@ AC_CONFIG_FILES([ lib/dns-pkcs11/include/Makefile lib/dns-pkcs11/include/dns/Makefile lib/dns-pkcs11/include/dst/Makefile @@ -28,25 +27,11 @@ index 1edafd1..5466de1 100644 lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile -diff --git a/lib/Atffile b/lib/Atffile -index 93bbb01..4db3dce 100644 ---- a/lib/Atffile -+++ b/lib/Atffile -@@ -3,7 +3,9 @@ Content-Type: application/X-atf-atffile; version="1" - prop: test-suite = bind9 - - tp: dns -+tp: dns-pkcs11 - tp: irs - tp: isc -+tp: isc-pkcs11 - tp: isccfg - tp: lwres diff --git a/lib/Kyuafile b/lib/Kyuafile -index ff9fc56..eaaf0dc 100644 +index 7c8bab0..eec9564 100644 --- a/lib/Kyuafile +++ b/lib/Kyuafile -@@ -2,7 +2,9 @@ syntax(2) +@@ -2,8 +2,10 @@ syntax(2) test_suite('bind9') include('dns/Kyuafile') @@ -54,18 +39,19 @@ index ff9fc56..eaaf0dc 100644 include('irs/Kyuafile') include('isc/Kyuafile') +include('isc-pkcs11/Kyuafile') + include('isccc/Kyuafile') include('isccfg/Kyuafile') include('lwres/Kyuafile') diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in -index 625e809..6fd4e36 100644 +index 9f1781a..e50463d 100644 --- a/lib/dns-pkcs11/tests/Makefile.in +++ b/lib/dns-pkcs11/tests/Makefile.in -@@ -21,12 +21,12 @@ VERSION=@BIND9_VERSION@ +@@ -17,12 +17,12 @@ VERSION=@BIND9_VERSION@ CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \ @DST_OPENSSL_INC@ -CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\"" -+CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\"" ++CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\"" -ISCLIBS = ../../isc/libisc.@A@ -ISCDEPLIBS = ../../isc/libisc.@A@ @@ -76,45 +62,45 @@ index 625e809..6fd4e36 100644 +DNSLIBS = ../libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@ +DNSDEPLIBS = ../libdns-pkcs11.@A@ - LIBS = @LIBS@ @ATFLIBS@ - + LIBS = @LIBS@ @CMOCKA_LIBS@ + CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@ diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c -index 6216b4e..dd74e58 100644 +index 4dbfd82..a383b8e 100644 --- a/lib/dns-pkcs11/tests/dh_test.c +++ b/lib/dns-pkcs11/tests/dh_test.c -@@ -64,7 +64,8 @@ ATF_TC_BODY(isc_dh_computesecret, tc) { - ret = dst_key_computesecret(key, key, &buf); - ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY); - ret = key->func->computesecret(key, key, &buf); -- ATF_REQUIRE_EQ(ret, DST_R_COMPUTESECRETFAILURE); +@@ -86,7 +86,8 @@ dh_computesecret(void **state) { + result = dst_key_computesecret(key, key, &buf); + assert_int_equal(result, DST_R_NOTPRIVATEKEY); + result = key->func->computesecret(key, key, &buf); +- assert_int_equal(result, DST_R_COMPUTESECRETFAILURE); + /* PKCS11 variant gives different result, accept both */ -+ ATF_REQUIRE(ret == DST_R_COMPUTESECRETFAILURE || ret == DST_R_INVALIDPRIVATEKEY); ++ assert_true(result == DST_R_COMPUTESECRETFAILURE || result == DST_R_INVALIDPRIVATEKEY); dst_key_free(&key); - dns_test_end(); + } diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in -index add8068..a928dcf 100644 +index 2fdee0b..a263b35 100644 --- a/lib/isc-pkcs11/tests/Makefile.in +++ b/lib/isc-pkcs11/tests/Makefile.in -@@ -20,10 +20,10 @@ VERSION=@BIND9_VERSION@ +@@ -16,10 +16,10 @@ VERSION=@BIND9_VERSION@ @BIND9_MAKE_INCLUDES@ CINCLUDES = -I. -Iinclude ${ISC_INCLUDES} @ISC_OPENSSL_INC@ -CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc/tests/\"" -+CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\"" ++CDEFINES = @CRYPTO_PK11@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\"" -ISCLIBS = ../libisc.@A@ @ISC_OPENSSL_LIBS@ -ISCDEPLIBS = ../libisc.@A@ +ISCLIBS = ../libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@ +ISCDEPLIBS = ../libisc-pkcs11.@A@ - LIBS = @LIBS@ @ATFLIBS@ - + LIBS = @LIBS@ @CMOCKA_LIBS@ + CFLAGS = @CFLAGS@ @CMOCKA_CFLAGS@ diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c -index 7eb1552..048ae9d 100644 +index 9c4d299..d9deba2 100644 --- a/lib/isc-pkcs11/tests/hash_test.c +++ b/lib/isc-pkcs11/tests/hash_test.c -@@ -78,7 +78,7 @@ typedef struct hash_testcase { +@@ -85,7 +85,7 @@ typedef struct hash_testcase { typedef struct hash_test_key { const char *key; @@ -123,7 +109,7 @@ index 7eb1552..048ae9d 100644 } hash_test_key_t; /* non-hmac tests */ -@@ -961,8 +961,11 @@ ATF_TC_BODY(isc_hmacsha1, tc) { +@@ -956,8 +956,11 @@ isc_hmacsha1_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -136,7 +122,7 @@ index 7eb1552..048ae9d 100644 isc_hmacsha1_update(&hmacsha1, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1124,8 +1127,11 @@ ATF_TC_BODY(isc_hmacsha224, tc) { +@@ -1116,8 +1119,11 @@ isc_hmacsha224_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -149,7 +135,7 @@ index 7eb1552..048ae9d 100644 isc_hmacsha224_update(&hmacsha224, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1287,8 +1293,11 @@ ATF_TC_BODY(isc_hmacsha256, tc) { +@@ -1277,8 +1283,11 @@ isc_hmacsha256_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -162,7 +148,7 @@ index 7eb1552..048ae9d 100644 isc_hmacsha256_update(&hmacsha256, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1456,8 +1465,11 @@ ATF_TC_BODY(isc_hmacsha384, tc) { +@@ -1444,8 +1453,11 @@ isc_hmacsha384_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -175,7 +161,7 @@ index 7eb1552..048ae9d 100644 isc_hmacsha384_update(&hmacsha384, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1625,8 +1637,11 @@ ATF_TC_BODY(isc_hmacsha512, tc) { +@@ -1611,8 +1623,11 @@ isc_hmacsha512_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -188,7 +174,7 @@ index 7eb1552..048ae9d 100644 isc_hmacsha512_update(&hmacsha512, (const uint8_t *) testcase->input, testcase->input_len); -@@ -1769,8 +1784,11 @@ ATF_TC_BODY(isc_hmacmd5, tc) { +@@ -1755,8 +1770,11 @@ isc_hmacmd5_test(void **state) { hash_test_key_t *test_key = test_keys; while (testcase->input != NULL && testcase->result != NULL) { @@ -202,5 +188,5 @@ index 7eb1552..048ae9d 100644 (const uint8_t *) testcase->input, testcase->input_len); -- -2.14.4 +2.20.1 diff --git a/bind-9.11-kyua.patch b/bind-9.11-kyua.patch deleted file mode 100644 index af37219..0000000 --- a/bind-9.11-kyua.patch +++ /dev/null @@ -1,209 +0,0 @@ -From b93950dff6b3bf02225ad64d7c3e02e6b04917fd Mon Sep 17 00:00:00 2001 -From: Tinderbox User -Date: Fri, 29 Dec 2017 02:23:11 +0000 -Subject: [PATCH] regen v9_11 - ---- - Kyuafile | 4 ++++ - lib/Kyuafile | 8 ++++++++ - lib/dns/Kyuafile | 4 ++++ - lib/dns/tests/Kyuafile | 30 ++++++++++++++++++++++++++++++ - lib/irs/Kyuafile | 4 ++++ - lib/irs/tests/Kyuafile | 4 ++++ - lib/isc/Kyuafile | 4 ++++ - lib/isc/tests/Kyuafile | 28 ++++++++++++++++++++++++++++ - lib/isccfg/Kyuafile | 4 ++++ - lib/isccfg/tests/Kyuafile | 4 ++++ - lib/lwres/Kyuafile | 4 ++++ - lib/lwres/tests/Kyuafile | 4 ++++ - 12 files changed, 102 insertions(+) - create mode 100644 Kyuafile - create mode 100644 lib/Kyuafile - create mode 100644 lib/dns/Kyuafile - create mode 100644 lib/dns/tests/Kyuafile - create mode 100644 lib/irs/Kyuafile - create mode 100644 lib/irs/tests/Kyuafile - create mode 100644 lib/isc/Kyuafile - create mode 100644 lib/isc/tests/Kyuafile - create mode 100644 lib/isccfg/Kyuafile - create mode 100644 lib/isccfg/tests/Kyuafile - create mode 100644 lib/lwres/Kyuafile - create mode 100644 lib/lwres/tests/Kyuafile - -diff --git a/Kyuafile b/Kyuafile -new file mode 100644 -index 0000000..70b2cff ---- /dev/null -+++ b/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+include('lib/Kyuafile') -diff --git a/lib/Kyuafile b/lib/Kyuafile -new file mode 100644 -index 0000000..ff9fc56 ---- /dev/null -+++ b/lib/Kyuafile -@@ -0,0 +1,8 @@ -+syntax(2) -+test_suite('bind9') -+ -+include('dns/Kyuafile') -+include('irs/Kyuafile') -+include('isc/Kyuafile') -+include('isccfg/Kyuafile') -+include('lwres/Kyuafile') -diff --git a/lib/dns/Kyuafile b/lib/dns/Kyuafile -new file mode 100644 -index 0000000..0739e3a ---- /dev/null -+++ b/lib/dns/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+include('tests/Kyuafile') -diff --git a/lib/dns/tests/Kyuafile b/lib/dns/tests/Kyuafile -new file mode 100644 -index 0000000..72a581b ---- /dev/null -+++ b/lib/dns/tests/Kyuafile -@@ -0,0 +1,30 @@ -+syntax(2) -+test_suite('bind9') -+ -+atf_test_program{name='acl_test'} -+atf_test_program{name='db_test'} -+atf_test_program{name='dbdiff_test'} -+atf_test_program{name='dbiterator_test'} -+atf_test_program{name='dbversion_test'} -+atf_test_program{name='dh_test'} -+atf_test_program{name='dispatch_test'} -+atf_test_program{name='dnstap_test'} -+atf_test_program{name='geoip_test'} -+atf_test_program{name='gost_test'} -+atf_test_program{name='keytable_test'} -+atf_test_program{name='master_test'} -+atf_test_program{name='name_test'} -+atf_test_program{name='nsec3_test'} -+atf_test_program{name='peer_test'} -+atf_test_program{name='private_test'} -+atf_test_program{name='rbt_serialize_test'} -+atf_test_program{name='rbt_test'} -+atf_test_program{name='rdata_test'} -+atf_test_program{name='rdataset_test'} -+atf_test_program{name='rdatasetstats_test'} -+atf_test_program{name='rsa_test'} -+atf_test_program{name='time_test'} -+atf_test_program{name='tsig_test'} -+atf_test_program{name='update_test'} -+atf_test_program{name='zonemgr_test'} -+atf_test_program{name='zt_test'} -diff --git a/lib/irs/Kyuafile b/lib/irs/Kyuafile -new file mode 100644 -index 0000000..0739e3a ---- /dev/null -+++ b/lib/irs/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+include('tests/Kyuafile') -diff --git a/lib/irs/tests/Kyuafile b/lib/irs/tests/Kyuafile -new file mode 100644 -index 0000000..4ef7136 ---- /dev/null -+++ b/lib/irs/tests/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+atf_test_program{name='resconf_test'} -diff --git a/lib/isc/Kyuafile b/lib/isc/Kyuafile -new file mode 100644 -index 0000000..0739e3a ---- /dev/null -+++ b/lib/isc/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+include('tests/Kyuafile') -diff --git a/lib/isc/tests/Kyuafile b/lib/isc/tests/Kyuafile -new file mode 100644 -index 0000000..c558cbc ---- /dev/null -+++ b/lib/isc/tests/Kyuafile -@@ -0,0 +1,28 @@ -+syntax(2) -+test_suite('bind9') -+ -+atf_test_program{name='aes_test'} -+atf_test_program{name='buffer_test'} -+atf_test_program{name='counter_test'} -+atf_test_program{name='errno_test'} -+atf_test_program{name='file_test'} -+atf_test_program{name='hash_test'} -+atf_test_program{name='ht_test'} -+atf_test_program{name='lex_test'} -+atf_test_program{name='mem_test'} -+atf_test_program{name='netaddr_test'} -+atf_test_program{name='parse_test'} -+atf_test_program{name='pool_test'} -+atf_test_program{name='print_test'} -+atf_test_program{name='queue_test'} -+atf_test_program{name='radix_test'} -+atf_test_program{name='random_test'} -+atf_test_program{name='regex_test'} -+atf_test_program{name='result_test'} -+atf_test_program{name='safe_test'} -+atf_test_program{name='sockaddr_test'} -+atf_test_program{name='socket_test'} -+atf_test_program{name='symtab_test'} -+atf_test_program{name='task_test'} -+atf_test_program{name='taskpool_test'} -+atf_test_program{name='time_test'} -diff --git a/lib/isccfg/Kyuafile b/lib/isccfg/Kyuafile -new file mode 100644 -index 0000000..0739e3a ---- /dev/null -+++ b/lib/isccfg/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+include('tests/Kyuafile') -diff --git a/lib/isccfg/tests/Kyuafile b/lib/isccfg/tests/Kyuafile -new file mode 100644 -index 0000000..342d25f ---- /dev/null -+++ b/lib/isccfg/tests/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+atf_test_program{name='parser_test'} -diff --git a/lib/lwres/Kyuafile b/lib/lwres/Kyuafile -new file mode 100644 -index 0000000..0739e3a ---- /dev/null -+++ b/lib/lwres/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+include('tests/Kyuafile') -diff --git a/lib/lwres/tests/Kyuafile b/lib/lwres/tests/Kyuafile -new file mode 100644 -index 0000000..6d373e8 ---- /dev/null -+++ b/lib/lwres/tests/Kyuafile -@@ -0,0 +1,4 @@ -+syntax(2) -+test_suite('bind9') -+ -+atf_test_program{name='config_test'} --- -2.9.5 - diff --git a/bind-9.11-rh1410433.patch b/bind-9.11-rh1410433.patch index b7fdc48..d307620 100644 --- a/bind-9.11-rh1410433.patch +++ b/bind-9.11-rh1410433.patch @@ -1,14 +1,16 @@ diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c -index 0ce5e42..556d920 100644 +index 15561ce..e4449b0 100644 --- a/lib/dns/dyndb.c +++ b/lib/dns/dyndb.c -@@ -130,9 +130,6 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname, +@@ -133,8 +133,11 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname, instname, filename); flags = RTLD_NOW|RTLD_LOCAL; --#ifdef RTLD_DEEPBIND -- flags |= RTLD_DEEPBIND; --#endif ++#if 0 ++ /* Shared global namespace is required for dns-pkcs11 library */ + #if defined(RTLD_DEEPBIND) && !__SANITIZE_ADDRESS__ + flags |= RTLD_DEEPBIND; ++#endif + #endif handle = dlopen(filename, flags); - if (handle == NULL) diff --git a/bind-9.11-rh1624100.patch b/bind-9.11-rh1624100.patch index b17a6ca..00030cc 100644 --- a/bind-9.11-rh1624100.patch +++ b/bind-9.11-rh1624100.patch @@ -1,4 +1,4 @@ -From 4fc49ad102fd00343665273caf4349d4edb5e5ac Mon Sep 17 00:00:00 2001 +From 292a0ca28f2e8a49f8c7e62c39ad7160234ce23d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 25 Apr 2018 14:04:31 +0200 Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts @@ -14,13 +14,13 @@ Fix the isc_safe_memwipe() usage with (NULL, >0) (cherry picked from commit 083461d3329ff6f2410745848a926090586a9846) --- bin/dnssec/dnssec-signzone.c | 2 +- - lib/dns/nsec3.c | 4 +-- - lib/dns/spnego.c | 4 +-- - lib/isc/Makefile.in | 8 ++--- - lib/isc/include/isc/safe.h | 18 +++------- - lib/isc/safe.c | 83 -------------------------------------------- - lib/isc/tests/safe_test.c | 20 ----------- - 7 files changed, 11 insertions(+), 128 deletions(-) + lib/dns/nsec3.c | 4 +- + lib/dns/spnego.c | 4 +- + lib/isc/Makefile.in | 8 +--- + lib/isc/include/isc/safe.h | 18 ++------ + lib/isc/safe.c | 83 ------------------------------------ + lib/isc/tests/safe_test.c | 18 -------- + 7 files changed, 11 insertions(+), 126 deletions(-) delete mode 100644 lib/isc/safe.c diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c @@ -37,10 +37,10 @@ index 6ddaebe..d921870 100644 static void diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c -index e127893..895519e 100644 +index 6ae7ca8..01426d6 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c -@@ -1953,7 +1953,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name, +@@ -1963,7 +1963,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name, * Work out what this NSEC3 covers. * Inside (<0) or outside (>=0). */ @@ -49,7 +49,7 @@ index e127893..895519e 100644 /* * Prepare to compute all the hashes. -@@ -1977,7 +1977,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name, +@@ -1987,7 +1987,7 @@ dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name, return (ISC_R_IGNORE); } @@ -241,35 +241,33 @@ index 7a464b6..0000000 -#endif -} diff --git a/lib/isc/tests/safe_test.c b/lib/isc/tests/safe_test.c -index f721cd1..ea3e61f 100644 +index 5775b6e..3451b5d 100644 --- a/lib/isc/tests/safe_test.c +++ b/lib/isc/tests/safe_test.c -@@ -39,24 +39,6 @@ ATF_TC_BODY(isc_safe_memequal, tc) { - "\x00\x00\x00\x00", 4)); +@@ -44,22 +44,6 @@ isc_safe_memequal_test(void **state) { + "\x00\x00\x00\x00", 4)); } --ATF_TC(isc_safe_memcompare); --ATF_TC_HEAD(isc_safe_memcompare, tc) { -- atf_tc_set_md_var(tc, "descr", "safe memcompare()"); --} --ATF_TC_BODY(isc_safe_memcompare, tc) { -- UNUSED(tc); +-/* test isc_safe_memcompare() */ +-static void +-isc_safe_memcompare_test(void **state) { +- UNUSED(state); - -- ATF_CHECK(isc_safe_memcompare("test", "test", 4) == 0); -- ATF_CHECK(isc_safe_memcompare("test", "tesc", 4) > 0); -- ATF_CHECK(isc_safe_memcompare("test", "tesy", 4) < 0); -- ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00", -- "\x00\x00\x00\x00", 4) == 0); -- ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x00", -- "\x00\x00\x00\x01", 4) < 0); -- ATF_CHECK(isc_safe_memcompare("\x00\x00\x00\x02", -- "\x00\x00\x00\x00", 4) > 0); +- assert_int_equal(isc_safe_memcompare("test", "test", 4), 0); +- assert_true(isc_safe_memcompare("test", "tesc", 4) > 0); +- assert_true(isc_safe_memcompare("test", "tesy", 4) < 0); +- assert_int_equal(isc_safe_memcompare("\x00\x00\x00\x00", +- "\x00\x00\x00\x00", 4), 0); +- assert_true(isc_safe_memcompare("\x00\x00\x00\x00", +- "\x00\x00\x00\x01", 4) < 0); +- assert_true(isc_safe_memcompare("\x00\x00\x00\x02", +- "\x00\x00\x00\x00", 4) > 0); -} - - ATF_TC(isc_safe_memwipe); - ATF_TC_HEAD(isc_safe_memwipe, tc) { - atf_tc_set_md_var(tc, "descr", "isc_safe_memwipe()"); -@@ -67,7 +49,6 @@ ATF_TC_BODY(isc_safe_memwipe, tc) { + /* test isc_safe_memwipe() */ + static void + isc_safe_memwipe_test(void **state) { +@@ -68,7 +52,6 @@ isc_safe_memwipe_test(void **state) { /* These should pass. */ isc_safe_memwipe(NULL, 0); isc_safe_memwipe((void *) -1, 0); @@ -277,14 +275,14 @@ index f721cd1..ea3e61f 100644 /* * isc_safe_memwipe(ptr, size) should function same as -@@ -106,7 +87,6 @@ ATF_TC_BODY(isc_safe_memwipe, tc) { - */ - ATF_TP_ADD_TCS(tp) { - ATF_TP_ADD_TC(tp, isc_safe_memequal); -- ATF_TP_ADD_TC(tp, isc_safe_memcompare); - ATF_TP_ADD_TC(tp, isc_safe_memwipe); - return (atf_no_error()); - } +@@ -107,7 +90,6 @@ main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test(isc_safe_memequal_test), + cmocka_unit_test(isc_safe_memwipe_test), +- cmocka_unit_test(isc_safe_memcompare_test), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); -- -2.14.4 +2.20.1 diff --git a/bind-9.11-rh1647829-2.patch b/bind-9.11-rh1647829-2.patch index bb8b3e9..98612bf 100644 --- a/bind-9.11-rh1647829-2.patch +++ b/bind-9.11-rh1647829-2.patch @@ -1,28 +1,86 @@ -From 58e1af6ca75d035b6391708be2c2272bb8d04620 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= -Date: Sun, 4 Nov 2018 02:20:41 +0700 -Subject: [PATCH] Enable IDN processing (both idnin and idnout) only on tty, - disable it when the stdout is not a tty - -(cherry picked from commit 0e1bf7d017e4f6d787cbeb72cc2aa74e7f30122e) -(cherry picked from commit 8e1cc95c943b7dfaaaaf2d9a4971861735cc3fb2) +From fdfc8ad6a1069eea6b012972c972798003d58312 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 29 Jan 2019 18:07:44 +0100 +Subject: [PATCH] Fallback to ASCII on output IDN conversion error + +It is possible dig used ACE encoded name in locale, which does not +support converting it to unicode. Instead of fatal error, fallback to +ACE name on output. + +(cherry picked from commit 7f4cb8f9584597fea16de6557124ac8b1bd47440) + +Modify idna test to fallback to ACE + +Test valid A-label on input would be displayed as A-label on output if +locale does not allow U-label. + +(cherry picked from commit 4ce232f8605bdbe0594ebe5a71383c9d4e6f263b) + +Emit warning on IDN output failure + +Warning is emitted before any dig headers. + +(cherry picked from commit 4b410038c531fbb902cd5fb83174eed1f06cb7d7) --- - bin/dig/dighost.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + bin/dig/dighost.c | 15 +++++++++++++-- + bin/tests/system/idna/tests.sh | 17 +++++++++++++++++ + 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index 74791d671e..3b722ba0ff 100644 +index 73aaab8..375f99f 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c -@@ -825,7 +825,7 @@ make_empty_lookup(void) { - looknew->seenbadcookie = false; - looknew->badcookie = true; - #ifdef WITH_IDN_SUPPORT -- looknew->idnin = (getenv("IDN_DISABLE") == NULL); -+ looknew->idnin = isatty(1)?(getenv("IDN_DISABLE") == NULL):false; - if (looknew->idnin) { - const char *charset = getenv("CHARSET"); - if (charset && !strcmp(charset, "ASCII")) +@@ -4877,9 +4877,20 @@ idn_ace_to_locale(const char *from, char *to, size_t tolen) { + */ + res = idn2_to_unicode_8zlz(utf8_src, &tmp_str, 0); + if (res != IDN2_OK) { +- fatal("Cannot represent '%s' in the current locale (%s), " +- "use +noidnout or a different locale", ++ static bool warned = false; ++ ++ res = idn2_to_ascii_8z(utf8_src, &tmp_str, 0); ++ if (res != IDN2_OK) { ++ fatal("Cannot represent '%s' " ++ "in the current locale nor ascii (%s), " ++ "use +noidnout or a different locale", + from, idn2_strerror(res)); ++ } else if (!warned) { ++ fprintf(stderr, ";; Warning: cannot represent '%s' " ++ "in the current locale", ++ tmp_str); ++ warned = true; ++ } + } + + /* +diff --git a/bin/tests/system/idna/tests.sh b/bin/tests/system/idna/tests.sh +index 7acb0fa..0269bcd 100644 +--- a/bin/tests/system/idna/tests.sh ++++ b/bin/tests/system/idna/tests.sh +@@ -244,6 +244,23 @@ idna_enabled_test() { + idna_test "$text" "+idnin +noidnout" "xn--nxasmq6b.com" "xn--nxasmq6b.com." + idna_test "$text" "+idnin +idnout" "xn--nxasmq6b.com" "βόλοσ.com." + ++ # Test of valid A-label in locale that cannot display it ++ # ++ # +noidnout: The string is sent as-is to the server and the returned qname ++ # is displayed in the same form. ++ # +idnout: The string is sent as-is to the server and the returned qname ++ # is displayed as the corresponding A-label. ++ # ++ # The "+[no]idnout" flag has no effect in these cases. ++ text="Checking valid A-label in C locale" ++ label="xn--nxasmq6b.com" ++ LC_ALL=C idna_test "$text" "" "$label" "$label." ++ LC_ALL=C idna_test "$text" "+noidnin +noidnout" "$label" "$label." ++ LC_ALL=C idna_test "$text" "+noidnin +idnout" "$label" "$label." ++ LC_ALL=C idna_test "$text" "+idnin +noidnout" "$label" "$label." ++ LC_ALL=C idna_test "$text" "+idnin +idnout" "$label" "$label." ++ LC_ALL=C idna_test "$text" "+noidnin +idnout" "$label" "$label." ++ + + + # Tests of invalid A-labels -- 2.20.1 diff --git a/bind-9.11-rt31459.patch b/bind-9.11-rt31459.patch index 06847bf..e24aa8d 100644 --- a/bind-9.11-rt31459.patch +++ b/bind-9.11-rt31459.patch @@ -1,4 +1,4 @@ -From 45209f5153693339c4582795714b6859693673fc Mon Sep 17 00:00:00 2001 +From 99fc89de7b96713a7c82ea9b98d5bc0c70ad1f6e Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 12 Sep 2017 19:05:46 -0700 Subject: [PATCH] rebased rt31459c @@ -22,27 +22,25 @@ Include new unit test bin/dnssec/dnssec-verify.c | 8 +- bin/dnssec/dnssectool.c | 11 +- bin/named/server.c | 6 + - bin/nsupdate/nsupdate.c | 18 ++- + bin/nsupdate/nsupdate.c | 18 +- bin/tests/makejournal.c | 6 +- - bin/tests/system/pipelined/pipequeries.c | 21 ++- + bin/tests/system/pipelined/pipequeries.c | 21 +- bin/tests/system/pipelined/tests.sh | 4 +- bin/tests/system/rsabigexponent/bigkey.c | 4 + - bin/tests/system/tkey/keycreate.c | 26 +++- - bin/tests/system/tkey/keydelete.c | 26 +++- + bin/tests/system/tkey/keycreate.c | 26 ++- + bin/tests/system/tkey/keydelete.c | 26 ++- bin/tests/system/tkey/tests.sh | 8 +- bin/tools/mdig.c | 3 +- - configure | 250 ++++++++++++++++++------------- - configure.in | 77 +++++++++- - lib/dns/dst_api.c | 21 ++- + configure | 250 +++++++++++++---------- + configure.ac | 77 ++++++- + lib/dns/dst_api.c | 21 +- lib/dns/include/dst/dst.h | 8 + lib/dns/lib.c | 15 +- - lib/dns/openssl_link.c | 72 ++++++++- - lib/dns/pkcs11.c | 29 +++- - lib/dns/tests/Atffile | 1 + + lib/dns/openssl_link.c | 72 ++++++- + lib/dns/pkcs11.c | 29 ++- lib/dns/tests/Kyuafile | 1 + lib/dns/tests/Makefile.in | 7 + - lib/dns/tests/dnstest.c | 14 +- - lib/dns/tests/dstrandom_test.c | 99 ++++++++++++ + lib/dns/tests/dstrandom_test.c | 115 +++++++++++ lib/dns/win32/libdns.def.in | 7 + lib/isc/entropy.c | 24 +++ lib/isc/include/isc/entropy.h | 12 ++ @@ -50,8 +48,8 @@ Include new unit test lib/isc/include/isc/types.h | 2 + lib/isc/pk11.c | 12 +- lib/isc/win32/include/isc/platform.h.in | 5 + - win32utils/Configure | 29 +++- - 38 files changed, 699 insertions(+), 182 deletions(-) + win32utils/Configure | 29 ++- + 36 files changed, 707 insertions(+), 175 deletions(-) create mode 100644 lib/dns/tests/dstrandom_test.c diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c @@ -73,10 +71,10 @@ index 5015abb..295e16f 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c -index 65fdaaa..6612189 100644 +index 931d5de..864f2ad 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c -@@ -497,14 +497,14 @@ main(int argc, char **argv) { +@@ -494,14 +494,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -94,7 +92,7 @@ index 65fdaaa..6612189 100644 isc_entropy_stopcallbacksources(ectx); setup_logging(mctx, &log); -@@ -566,8 +566,8 @@ main(int argc, char **argv) { +@@ -563,8 +563,8 @@ main(int argc, char **argv) { if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); cleanup_logging(&log); @@ -137,7 +135,7 @@ index 0d1e7f8..79c4d74 100644 dns_name_destroy(); if (verbose > 10) diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c -index 1a2b545..e33cb8b 100644 +index 7d82dbf..10f9359 100644 --- a/bin/dnssec/dnssec-revoke.c +++ b/bin/dnssec/dnssec-revoke.c @@ -184,14 +184,14 @@ main(int argc, char **argv) { @@ -295,7 +293,7 @@ index fbc7ece..31a99e7 100644 usekeyboard); diff --git a/bin/named/server.c b/bin/named/server.c -index 7f87ccf..9258e7f 100644 +index b63a386..30e7eac 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -36,6 +36,7 @@ @@ -306,7 +304,7 @@ index 7f87ccf..9258e7f 100644 #include #include #include -@@ -8171,6 +8172,10 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8210,6 +8211,10 @@ load_configuration(const char *filename, ns_server_t *server, "no source of entropy found"); } else { const char *randomdev = cfg_obj_asstring(obj); @@ -317,7 +315,7 @@ index 7f87ccf..9258e7f 100644 int level = ISC_LOG_ERROR; result = isc_entropy_createfilesource(ns_g_entropy, randomdev); -@@ -8205,6 +8210,7 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8244,6 +8249,7 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -326,7 +324,7 @@ index 7f87ccf..9258e7f 100644 } } diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c -index 5eefc57..1559a33 100644 +index 509784c..6d7a02e 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -35,6 +35,7 @@ @@ -469,7 +467,7 @@ index 2fcc064..7b4f617 100644 isc_log_destroy(&lctx); diff --git a/bin/tests/system/pipelined/tests.sh b/bin/tests/system/pipelined/tests.sh -index a6720ce..9063b1f 100644 +index 61f1ff7..ed1302a 100644 --- a/bin/tests/system/pipelined/tests.sh +++ b/bin/tests/system/pipelined/tests.sh @@ -19,7 +19,7 @@ status=0 @@ -480,7 +478,7 @@ index a6720ce..9063b1f 100644 +$PIPEQUERIES -p ${PORT} -r $RANDFILE < input > raw || ret=1 awk '{ print $1 " " $5 }' < raw > output sort < output > output-sorted - diff ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; } + $DIFF ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; } @@ -43,7 +43,7 @@ status=`expr $status + $ret` echo_i "check keep-response-order" @@ -488,7 +486,7 @@ index a6720ce..9063b1f 100644 -$PIPEQUERIES -p ${PORT} ++ < inputb > rawb || ret=1 +$PIPEQUERIES -p ${PORT} -r $RANDFILE ++ < inputb > rawb || ret=1 awk '{ print $1 " " $5 }' < rawb > outputb - diff refb outputb || ret=1 + $DIFF refb outputb || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c index 4462f2e..f06268d 100644 @@ -691,10 +689,10 @@ index 9f90dd7..fad6c83 100644 echo "I:failed" status=`expr $status + $ret` diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c -index 4876875..e46653a 100644 +index b27fc1d..e28871b 100644 --- a/bin/tools/mdig.c +++ b/bin/tools/mdig.c -@@ -1955,12 +1955,11 @@ main(int argc, char *argv[]) { +@@ -1969,12 +1969,11 @@ main(int argc, char *argv[]) { ectx = NULL; RUNCHECK(isc_entropy_create(mctx, &ectx)); @@ -709,7 +707,7 @@ index 4876875..e46653a 100644 parse_args(false, argc, argv); if (server == NULL) diff --git a/configure b/configure -index 4394755..2e0af33 100755 +index e425720..4f09c96 100755 --- a/configure +++ b/configure @@ -640,6 +640,7 @@ ac_includes_default="\ @@ -720,7 +718,7 @@ index 4394755..2e0af33 100755 BUILD_LIBS BUILD_LDFLAGS BUILD_CPPFLAGS -@@ -823,6 +824,7 @@ XMLSTATS +@@ -824,6 +825,7 @@ XMLSTATS NZDTARGETS NZDSRCS NZD_TOOLS @@ -728,7 +726,7 @@ index 4394755..2e0af33 100755 PKCS11_TEST PKCS11_ED25519 PKCS11_GOST -@@ -1035,6 +1037,7 @@ with_eddsa +@@ -1039,6 +1041,7 @@ with_eddsa with_aes enable_openssl_hash with_cc_alg @@ -736,7 +734,7 @@ index 4394755..2e0af33 100755 with_lmdb with_libxml2 with_libjson -@@ -1728,6 +1731,7 @@ Optional Features: +@@ -1735,6 +1738,7 @@ Optional Features: --enable-threads enable multithreading --enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-openssl-hash use OpenSSL for hash functions [default=no] @@ -744,7 +742,7 @@ index 4394755..2e0af33 100755 --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace -@@ -16631,6 +16635,7 @@ case "$use_openssl" in +@@ -16684,6 +16688,7 @@ case "$use_openssl" in $as_echo "disabled because of native PKCS11" >&6; } DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -752,7 +750,7 @@ index 4394755..2e0af33 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16645,6 +16650,7 @@ $as_echo "disabled because of native PKCS11" >&6; } +@@ -16698,6 +16703,7 @@ $as_echo "disabled because of native PKCS11" >&6; } $as_echo "no" >&6; } DST_OPENSSL_INC="" CRYPTO="" @@ -760,7 +758,7 @@ index 4394755..2e0af33 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16657,6 +16663,7 @@ $as_echo "no" >&6; } +@@ -16710,6 +16716,7 @@ $as_echo "no" >&6; } auto) DST_OPENSSL_INC="" CRYPTO="" @@ -768,7 +766,7 @@ index 4394755..2e0af33 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -16666,7 +16673,7 @@ $as_echo "no" >&6; } +@@ -16719,7 +16726,7 @@ $as_echo "no" >&6; } OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -777,7 +775,7 @@ index 4394755..2e0af33 100755 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -16697,6 +16704,7 @@ $as_echo "not found" >&6; } +@@ -16750,6 +16757,7 @@ $as_echo "not found" >&6; } as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi CRYPTO='-DOPENSSL' @@ -785,7 +783,7 @@ index 4394755..2e0af33 100755 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -17358,8 +17366,6 @@ fi +@@ -17411,8 +17419,6 @@ fi # Use OpenSSL for hash functions # @@ -794,7 +792,7 @@ index 4394755..2e0af33 100755 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -17728,6 +17734,86 @@ if test "rt" = "$have_clock_gt"; then +@@ -17787,6 +17793,86 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -881,7 +879,7 @@ index 4394755..2e0af33 100755 # # was --with-lmdb specified? # -@@ -19810,9 +19896,12 @@ _ACEOF +@@ -19869,9 +19955,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 $as_echo "size_t for buflen; int for flags" >&6; } @@ -896,7 +894,7 @@ index 4394755..2e0af33 100755 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h -@@ -21123,12 +21212,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -21186,12 +21275,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -910,7 +908,7 @@ index 4394755..2e0af33 100755 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -@@ -21161,6 +21245,11 @@ cat >>confdefs.h <<_ACEOF +@@ -21224,6 +21308,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF @@ -922,7 +920,7 @@ index 4394755..2e0af33 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21169,39 +21258,6 @@ _ACEOF +@@ -21232,39 +21321,6 @@ _ACEOF fi ;; x86_64-*|amd64-*) @@ -962,7 +960,7 @@ index 4394755..2e0af33 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21232,6 +21288,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } +@@ -21295,6 +21351,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } $as_echo "$arch" >&6; } fi @@ -973,7 +971,7 @@ index 4394755..2e0af33 100755 if test "yes" = "$have_atomic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 $as_echo_n "checking compiler support for inline assembly code... " >&6; } -@@ -23519,6 +23579,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" +@@ -23848,6 +23908,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" # dlzdir='${DLZ_DRIVER_DIR}' @@ -1004,7 +1002,7 @@ index 4394755..2e0af33 100755 # # Private autoconf macro to simplify configuring drivers: # -@@ -23849,11 +23933,11 @@ $as_echo "no" >&6; } +@@ -24178,11 +24262,11 @@ $as_echo "no" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } ;; *) @@ -1019,7 +1017,7 @@ index 4394755..2e0af33 100755 fi CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" -@@ -23938,7 +24022,7 @@ $as_echo "" >&6; } +@@ -24267,7 +24351,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). @@ -1028,7 +1026,7 @@ index 4394755..2e0af33 100755 # include a blank element first for d in "" $bdb_incdirs do -@@ -23963,57 +24047,9 @@ $as_echo "" >&6; } +@@ -24292,57 +24376,9 @@ $as_echo "" >&6; } bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" for d in $bdb_libnames do @@ -1088,7 +1086,7 @@ index 4394755..2e0af33 100755 break fi done -@@ -24172,10 +24208,10 @@ $as_echo "no" >&6; } +@@ -24501,10 +24537,10 @@ $as_echo "no" >&6; } DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" fi @@ -1102,7 +1100,7 @@ index 4394755..2e0af33 100755 fi -@@ -24261,11 +24297,11 @@ fi +@@ -24590,11 +24626,11 @@ fi odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do @@ -1116,7 +1114,7 @@ index 4394755..2e0af33 100755 break fi done -@@ -24540,6 +24576,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" +@@ -24869,6 +24905,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -1125,7 +1123,7 @@ index 4394755..2e0af33 100755 # # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody -@@ -26930,6 +26968,8 @@ report() { +@@ -27248,6 +27286,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1134,16 +1132,16 @@ index 4394755..2e0af33 100755 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -26970,6 +27010,8 @@ report() { +@@ -27288,6 +27328,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" - test "no" = "$atf" || echo " Automated Testing Framework (--with-atf)" + test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" + echo " Cryptographic library for DNSSEC: $CRYPTOLIB" + echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -27017,6 +27059,8 @@ report() { +@@ -27335,6 +27377,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1152,11 +1150,11 @@ index 4394755..2e0af33 100755 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" -diff --git a/configure.in b/configure.in -index b07895f..898b4ac 100644 ---- a/configure.in -+++ b/configure.in -@@ -1542,6 +1542,7 @@ case "$use_openssl" in +diff --git a/configure.ac b/configure.ac +index 7c5ad51..fddc63a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1503,6 +1503,7 @@ case "$use_openssl" in AC_MSG_RESULT(disabled because of native PKCS11) DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -1164,7 +1162,7 @@ index b07895f..898b4ac 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1555,6 +1556,7 @@ case "$use_openssl" in +@@ -1516,6 +1517,7 @@ case "$use_openssl" in AC_MSG_RESULT(no) DST_OPENSSL_INC="" CRYPTO="" @@ -1172,7 +1170,7 @@ index b07895f..898b4ac 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1567,6 +1569,7 @@ case "$use_openssl" in +@@ -1528,6 +1530,7 @@ case "$use_openssl" in auto) DST_OPENSSL_INC="" CRYPTO="" @@ -1180,7 +1178,7 @@ index b07895f..898b4ac 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1577,7 +1580,7 @@ case "$use_openssl" in +@@ -1538,7 +1541,7 @@ case "$use_openssl" in OPENSSLLINKSRCS="" AC_MSG_ERROR( [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -1189,7 +1187,7 @@ index b07895f..898b4ac 100644 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -1607,6 +1610,7 @@ If you don't want OpenSSL, use --without-openssl]) +@@ -1568,6 +1571,7 @@ If you don't want OpenSSL, use --without-openssl]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) fi CRYPTO='-DOPENSSL' @@ -1197,7 +1195,7 @@ index b07895f..898b4ac 100644 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -2080,7 +2084,6 @@ fi +@@ -2041,7 +2045,6 @@ fi # Use OpenSSL for hash functions # @@ -1205,7 +1203,7 @@ index b07895f..898b4ac 100644 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -2347,6 +2350,67 @@ if test "rt" = "$have_clock_gt"; then +@@ -2313,6 +2316,67 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -1273,7 +1271,7 @@ index b07895f..898b4ac 100644 # # was --with-lmdb specified? # -@@ -4139,12 +4203,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -4109,12 +4173,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -1287,7 +1285,7 @@ index b07895f..898b4ac 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -4153,7 +4217,6 @@ if test "yes" = "$use_atomic"; then +@@ -4123,7 +4187,6 @@ if test "yes" = "$use_atomic"; then fi ;; x86_64-*|amd64-*) @@ -1295,7 +1293,7 @@ index b07895f..898b4ac 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -5517,6 +5580,8 @@ report() { +@@ -5541,6 +5604,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1304,16 +1302,16 @@ index b07895f..898b4ac 100644 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -5557,6 +5622,8 @@ report() { +@@ -5581,6 +5646,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" - test "no" = "$atf" || echo " Automated Testing Framework (--with-atf)" + test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" + echo " Cryptographic library for DNSSEC: $CRYPTOLIB" + echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -5604,6 +5671,8 @@ report() { +@@ -5628,6 +5695,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1323,7 +1321,7 @@ index b07895f..898b4ac 100644 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c -index 5703f9c..afb4d80 100644 +index 320c0f8..b55ebe0 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -276,6 +276,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx, @@ -1359,7 +1357,7 @@ index 5703f9c..afb4d80 100644 if (dst__memory_pool != NULL) isc_mem_detach(&dst__memory_pool); if (dst_entropy_pool != NULL) -@@ -1998,13 +2012,17 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) { +@@ -2001,13 +2015,17 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) { flags &= ~ISC_ENTROPY_GOODONLY; else flags |= ISC_ENTROPY_BLOCKING; @@ -1378,7 +1376,7 @@ index 5703f9c..afb4d80 100644 #ifdef GSSAPI unsigned int flags = dst_entropy_flags; isc_result_t ret; -@@ -2027,6 +2045,7 @@ dst__entropy_status(void) { +@@ -2030,6 +2048,7 @@ dst__entropy_status(void) { #endif return (isc_entropy_status(dst_entropy_pool)); #else @@ -1387,10 +1385,10 @@ index 5703f9c..afb4d80 100644 #endif } diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h -index 32b0742..78e1277 100644 +index 1924e74..6813c96 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h -@@ -160,6 +160,14 @@ dst_lib_destroy(void); +@@ -159,6 +159,14 @@ dst_lib_destroy(void); * Releases all resources allocated by DST. */ @@ -1461,7 +1459,7 @@ index 304814b..60543c4 100644 isc_hash_destroy(); cleanup_db: diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c -index a30a2ab..d88d643 100644 +index d65ce26..6849732 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -31,6 +31,7 @@ @@ -1499,7 +1497,7 @@ index a30a2ab..d88d643 100644 #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) static void -@@ -190,7 +193,7 @@ _set_thread_id(CRYPTO_THREADID *id) +@@ -192,7 +195,7 @@ _set_thread_id(CRYPTO_THREADID *id) isc_result_t dst__openssl_init(const char *engine) { isc_result_t result; @@ -1508,7 +1506,7 @@ index a30a2ab..d88d643 100644 ENGINE *re; #else UNUSED(engine); -@@ -220,6 +223,7 @@ dst__openssl_init(const char *engine) { +@@ -222,6 +225,7 @@ dst__openssl_init(const char *engine) { ERR_load_crypto_strings(); #endif @@ -1516,7 +1514,7 @@ index a30a2ab..d88d643 100644 rm = mem_alloc(sizeof(RAND_METHOD) FILELINE); if (rm == NULL) { result = ISC_R_NOMEMORY; -@@ -231,6 +235,7 @@ dst__openssl_init(const char *engine) { +@@ -233,6 +237,7 @@ dst__openssl_init(const char *engine) { rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; rm->status = entropy_status; @@ -1524,7 +1522,7 @@ index a30a2ab..d88d643 100644 #if !defined(OPENSSL_NO_ENGINE) #if !defined(CONF_MFLAGS_DEFAULT_SECTION) -@@ -264,6 +269,7 @@ dst__openssl_init(const char *engine) { +@@ -266,6 +271,7 @@ dst__openssl_init(const char *engine) { } } @@ -1532,7 +1530,7 @@ index a30a2ab..d88d643 100644 re = ENGINE_get_default_RAND(); if (re == NULL) { re = ENGINE_new(); -@@ -276,9 +282,21 @@ dst__openssl_init(const char *engine) { +@@ -278,9 +284,21 @@ dst__openssl_init(const char *engine) { ENGINE_free(re); } else ENGINE_finish(re); @@ -1554,7 +1552,7 @@ index a30a2ab..d88d643 100644 return (ISC_R_SUCCESS); #if !defined(OPENSSL_NO_ENGINE) -@@ -286,10 +304,14 @@ dst__openssl_init(const char *engine) { +@@ -288,10 +306,14 @@ dst__openssl_init(const char *engine) { if (e != NULL) ENGINE_free(e); e = NULL; @@ -1569,7 +1567,7 @@ index a30a2ab..d88d643 100644 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); -@@ -304,14 +326,17 @@ void +@@ -306,14 +328,17 @@ void dst__openssl_destroy(void) { #if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) OPENSSL_cleanup(); @@ -1587,7 +1585,7 @@ index a30a2ab..d88d643 100644 if (rm != NULL) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L RAND_cleanup(); -@@ -319,6 +344,7 @@ dst__openssl_destroy(void) { +@@ -321,6 +346,7 @@ dst__openssl_destroy(void) { mem_free(rm FILELINE); rm = NULL; } @@ -1595,7 +1593,7 @@ index a30a2ab..d88d643 100644 #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) CONF_modules_free(); #endif -@@ -454,11 +480,45 @@ dst__openssl_getengine(const char *engine) { +@@ -456,11 +482,45 @@ dst__openssl_getengine(const char *engine) { } #endif @@ -1700,35 +1698,23 @@ index 5a2c502..8eaef53 100644 #endif /* PKCS11CRYPTO */ /*! \file */ -diff --git a/lib/dns/tests/Atffile b/lib/dns/tests/Atffile -index 953082d..603c4b5 100644 ---- a/lib/dns/tests/Atffile -+++ b/lib/dns/tests/Atffile -@@ -10,6 +10,7 @@ tp: dbversion_test - tp: dh_test - tp: dispatch_test - tp: dnstap_test -+tp: dstrandom_test - tp: dst_test - tp: geoip_test - tp: gost_test diff --git a/lib/dns/tests/Kyuafile b/lib/dns/tests/Kyuafile -index 0353a73..cb2324d 100644 +index 937b548..f3c0e38 100644 --- a/lib/dns/tests/Kyuafile +++ b/lib/dns/tests/Kyuafile -@@ -10,6 +10,7 @@ atf_test_program{name='dh_test'} - atf_test_program{name='dispatch_test'} - atf_test_program{name='dnstap_test'} - atf_test_program{name='dst_test'} -+atf_test_program{name='dstrandom_test'} - atf_test_program{name='geoip_test'} - atf_test_program{name='gost_test'} - atf_test_program{name='keytable_test'} +@@ -10,6 +10,7 @@ tap_test_program{name='dh_test'} + tap_test_program{name='dispatch_test'} + tap_test_program{name='dnstap_test'} + tap_test_program{name='dst_test'} ++tap_test_program{name='dstrandom_test'} + tap_test_program{name='geoip_test'} + tap_test_program{name='gost_test'} + tap_test_program{name='keytable_test'} diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in -index 58fa872..625e809 100644 +index 0897579..9f1781a 100644 --- a/lib/dns/tests/Makefile.in +++ b/lib/dns/tests/Makefile.in -@@ -40,6 +40,7 @@ SRCS = acl_test.c \ +@@ -37,6 +37,7 @@ SRCS = acl_test.c \ dnstap_test.c \ dst_test.c \ dnstest.c \ @@ -1736,7 +1722,7 @@ index 58fa872..625e809 100644 geoip_test.c \ gost_test.c \ keytable_test.c \ -@@ -71,6 +72,7 @@ TARGETS = acl_test@EXEEXT@ \ +@@ -69,6 +70,7 @@ TARGETS = acl_test@EXEEXT@ \ dh_test@EXEEXT@ \ dispatch_test@EXEEXT@ \ dnstap_test@EXEEXT@ \ @@ -1744,9 +1730,9 @@ index 58fa872..625e809 100644 dst_test@EXEEXT@ \ geoip_test@EXEEXT@ \ gost_test@EXEEXT@ \ -@@ -255,6 +257,11 @@ tsig_test@EXEEXT@: tsig_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} - tsig_test.@O@ dnstest.@O@ ${DNSLIBS} \ - ${ISCLIBS} ${LIBS} +@@ -258,6 +260,11 @@ zt_test@EXEEXT@: zt_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LDFLAGS} -o $@ zt_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} +dstrandom_test@EXEEXT@: dstrandom_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ @@ -1756,51 +1742,12 @@ index 58fa872..625e809 100644 unit:: sh ${top_builddir}/unit/unittest.sh -diff --git a/lib/dns/tests/dnstest.c b/lib/dns/tests/dnstest.c -index 51bb90b..1b25b90 100644 ---- a/lib/dns/tests/dnstest.c -+++ b/lib/dns/tests/dnstest.c -@@ -122,12 +122,12 @@ dns_test_begin(FILE *logfile, bool start_managers) { - CHECK(isc_mem_create(0, 0, &mctx)); - CHECK(isc_entropy_create(mctx, &ectx)); - -- CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)); -- hash_active = true; -- - CHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING)); - dst_active = true; - -+ CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)); -+ hash_active = true; -+ - if (logfile != NULL) { - isc_logdestination_t destination; - isc_logconfig_t *logconfig = NULL; -@@ -171,14 +171,14 @@ dns_test_begin(FILE *logfile, bool start_managers) { - - void - dns_test_end(void) { -- if (dst_active) { -- dst_lib_destroy(); -- dst_active = false; -- } - if (hash_active) { - isc_hash_destroy(); - hash_active = false; - } -+ if (dst_active) { -+ dst_lib_destroy(); -+ dst_active = false; -+ } - if (ectx != NULL) - isc_entropy_detach(&ectx); - diff --git a/lib/dns/tests/dstrandom_test.c b/lib/dns/tests/dstrandom_test.c new file mode 100644 -index 0000000..b980d8a +index 0000000..bd3d164 --- /dev/null +++ b/lib/dns/tests/dstrandom_test.c -@@ -0,0 +1,99 @@ +@@ -0,0 +1,115 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * @@ -1812,18 +1759,25 @@ index 0000000..b980d8a + * information regarding copyright ownership. + */ + -+/*! \file */ -+ +#include + -+#include ++#if HAVE_CMOCKA ++ ++#include ++#include ++#include + ++#include +#include +#include +#include + ++#define UNIT_TESTING ++#include ++ +#include +#include ++#include +#include +#include + @@ -1833,26 +1787,23 @@ index 0000000..b980d8a +isc_entropy_t *ectx = NULL; +unsigned char buffer[128]; + -+ATF_TC(isc_entropy_getdata); -+ATF_TC_HEAD(isc_entropy_getdata, tc) { -+ atf_tc_set_md_var(tc, "descr", -+ "isc_entropy_getdata() examples"); -+ atf_tc_set_md_var(tc, "X-randomfile", -+ "testdata/dstrandom/random.data"); -+} -+ATF_TC_BODY(isc_entropy_getdata, tc) { ++/* isc_entropy_getdata() examples */ ++static void ++isc_entropy_getdata_test(void **state) { + isc_result_t result; + unsigned int returned, status; ++ const char *randomfile = "testdata/dstrandom/random.data"; + int ret; -+ const char *randomfile = atf_tc_get_md_var(tc, "X-randomfile"); ++ ++ UNUSED(state); + + isc_mem_debugging |= ISC_MEM_DEBUGRECORD; + result = isc_mem_create(0, 0, &mctx); -+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); ++ assert_int_equal(result, ISC_R_SUCCESS); + result = isc_entropy_create(mctx, &ectx); -+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); ++ assert_int_equal(result, ISC_R_SUCCESS); + result = dst_lib_init(mctx, ectx, 0); -+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); ++ assert_int_equal(result, ISC_R_SUCCESS); + +#ifdef ISC_PLATFORM_CRYPTORANDOM + isc_entropy_usehook(ectx, true); @@ -1860,51 +1811,63 @@ index 0000000..b980d8a + returned = 0; + result = isc_entropy_getdata(ectx, buffer, sizeof(buffer), + &returned, 0); -+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); -+ ATF_REQUIRE(returned == sizeof(buffer)); ++ assert_int_equal(result, ISC_R_SUCCESS); ++ assert_int_equal(returned, sizeof(buffer)); + + status = isc_entropy_status(ectx); -+ ATF_REQUIRE_EQ(status, 0); ++ assert_int_equal(status, 0); + + isc_entropy_usehook(ectx, false); +#endif + + ret = chdir(TESTS); -+ ATF_REQUIRE_EQ(ret, 0); ++ assert_int_equal(ret, 0); + + result = isc_entropy_createfilesource(ectx, randomfile); -+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); ++ assert_int_equal(result, ISC_R_SUCCESS); + + returned = 0; + result = isc_entropy_getdata(ectx, buffer, sizeof(buffer), + &returned, 0); -+ ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); -+ ATF_REQUIRE(returned == sizeof(buffer)); ++ assert_int_equal(result, ISC_R_SUCCESS); ++ assert_int_equal(returned, sizeof(buffer)); + + status = isc_entropy_status(ectx); -+ ATF_REQUIRE(status > 0); ++ assert_true(status > 0); + + dst_lib_destroy(); + isc_entropy_detach(&ectx); -+ ATF_REQUIRE(ectx == NULL); ++ assert_null(ectx); ++ + isc_mem_destroy(&mctx); -+ ATF_REQUIRE(mctx == NULL); ++ assert_null(mctx); +} + -+/* -+ * Main -+ */ -+ATF_TP_ADD_TCS(tp) { -+ ATF_TP_ADD_TC(tp, isc_entropy_getdata); ++int ++main(void) { ++ const struct CMUnitTest tests[] = { ++ cmocka_unit_test(isc_entropy_getdata_test), ++ }; + -+ return (atf_no_error()); ++ return (cmocka_run_group_tests(tests, NULL, NULL)); +} + ++#else /* HAVE_CMOCKA */ ++ ++#include ++ ++int ++main(void) { ++ printf("1..0 # Skipped: cmocka not available\n"); ++ return (0); ++} ++ ++#endif diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in -index 62a156c..bf83fe5 100644 +index 5c45d59..34b660c 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in -@@ -1483,6 +1483,13 @@ dst_lib_destroy +@@ -1484,6 +1484,13 @@ dst_lib_destroy dst_lib_init dst_lib_init2 dst_lib_initmsgcat @@ -2029,7 +1992,7 @@ index 42ff7e0..8d87c44 100644 typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int); diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c -index a01e698..875c232 100644 +index bb9912b..1f583a3 100644 --- a/lib/isc/pk11.c +++ b/lib/isc/pk11.c @@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) { @@ -2071,7 +2034,7 @@ index 5b8a2c9..913a2ce 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure -index ff596b7..09b476f 100644 +index ad99f89..2c55946 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -381,6 +381,7 @@ my @substdefh = ("AES_CC", @@ -2082,7 +2045,7 @@ index ff596b7..09b476f 100644 "ISC_PLATFORM_HAVEATOMICSTORE", "ISC_PLATFORM_HAVEATOMICSTOREQ", "ISC_PLATFORM_HAVECMPXCHG", -@@ -509,7 +510,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); +@@ -510,7 +511,8 @@ my @allcond = (@substcond, "NOTYET", "NOLONGER"); # enable-xxx/disable-xxx @@ -2092,7 +2055,7 @@ index ff596b7..09b476f 100644 "fixed-rrset", "intrinsics", "isc-spnego", -@@ -571,6 +573,7 @@ my @help = ( +@@ -573,6 +575,7 @@ my @help = ( "\nOptional Features:\n", " enable-intrinsics enable instrinsic/atomic functions [default=yes]\n", " enable-native-pkcs11 use native PKCS#11 for all crypto [default=no]\n", @@ -2100,7 +2063,7 @@ index ff596b7..09b476f 100644 " enable-openssl-hash use OpenSSL for hash functions [default=yes]\n", " enable-isc-spnego use SPNEGO from lib/dns [default=yes]\n", " enable-filter-aaaa enable filtering of AAAA records [default=yes]\n", -@@ -614,7 +617,9 @@ my $want_clean = "no"; +@@ -617,7 +620,9 @@ my $want_clean = "no"; my $want_unknown = "no"; my $unknown_value; my $enable_intrinsics = "yes"; @@ -2110,7 +2073,7 @@ index ff596b7..09b476f 100644 my $enable_openssl_hash = "auto"; my $enable_filter_aaaa = "yes"; my $enable_isc_spnego = "yes"; -@@ -823,6 +828,10 @@ sub myenable { +@@ -828,6 +833,10 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_native_pkcs11 = "yes"; } @@ -2121,7 +2084,7 @@ index ff596b7..09b476f 100644 } elsif ($key =~ /^openssl-hash$/i) { if ($val =~ /^yes$/i) { $enable_openssl_hash = "yes"; -@@ -1106,6 +1115,11 @@ if ($verbose) { +@@ -1119,6 +1128,11 @@ if ($verbose) { } else { print "native-pkcs11: disabled\n"; } @@ -2133,7 +2096,7 @@ index ff596b7..09b476f 100644 if ($enable_openssl_hash eq "yes") { print "openssl-hash: enabled\n"; } else { -@@ -1454,6 +1468,7 @@ if ($enable_intrinsics eq "yes") { +@@ -1472,6 +1486,7 @@ if ($enable_intrinsics eq "yes") { # enable-native-pkcs11 if ($enable_native_pkcs11 eq "yes") { @@ -2141,7 +2104,7 @@ index ff596b7..09b476f 100644 if ($use_openssl eq "auto") { $use_openssl = "no"; } -@@ -1663,6 +1678,7 @@ if ($use_openssl eq "yes") { +@@ -1681,6 +1696,7 @@ if ($use_openssl eq "yes") { $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); } @@ -2149,7 +2112,7 @@ index ff596b7..09b476f 100644 $configcond{"OPENSSL"} = 1; $configdefd{"CRYPTO"} = "OPENSSL"; $configvar{"OPENSSL_PATH"} = "$openssl_path"; -@@ -2214,6 +2230,15 @@ if ($cookie_algorithm eq "sha1") { +@@ -2232,6 +2248,15 @@ if ($cookie_algorithm eq "sha1") { die "Unrecognized cookie algorithm: $cookie_algorithm\n"; } @@ -2165,7 +2128,7 @@ index ff596b7..09b476f 100644 # enable-openssl-hash if ($enable_openssl_hash eq "yes") { if ($use_openssl eq "no") { -@@ -3536,6 +3561,7 @@ exit 0; +@@ -3558,6 +3583,7 @@ exit 0; # --enable-developer partially supported # --enable-newstats (9.9/9.9sub only) # --enable-native-pkcs11 supported @@ -2173,7 +2136,7 @@ index ff596b7..09b476f 100644 # --enable-openssl-version-check included without a way to disable it # --enable-openssl-hash supported # --enable-threads included without a way to disable it -@@ -3561,6 +3587,7 @@ exit 0; +@@ -3583,6 +3609,7 @@ exit 0; # --with-gost supported # --with-aes supported # --with-cc-alg supported @@ -2182,5 +2145,5 @@ index ff596b7..09b476f 100644 # --with-gssapi supported with MIT (K)erberos (f)or (W)indows # --with-lmdb no supported on WIN32 (port is not reliable) -- -2.14.4 +2.20.1 diff --git a/bind-9.11-rt46047.patch b/bind-9.11-rt46047.patch index 3cb3c0f..1f40a16 100644 --- a/bind-9.11-rt46047.patch +++ b/bind-9.11-rt46047.patch @@ -1,4 +1,4 @@ -From 9a074d5cd6c6276d95bc1cce3a14afaabc88c6c5 Mon Sep 17 00:00:00 2001 +From 2b7a633f29c2ae8fe801f2a98541013837ebaeaa Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 28 Sep 2017 10:09:22 -0700 Subject: [PATCH] completed and corrected the crypto-random change @@ -24,29 +24,29 @@ Subject: [PATCH] completed and corrected the crypto-random change "configure --disable-crypto-rand". [RT #31459] [RT #46047] --- - bin/confgen/keygen.c | 12 +++---- - bin/dnssec/dnssec-keygen.docbook | 24 +++++++++----- - bin/dnssec/dnssectool.c | 12 +++---- + bin/confgen/keygen.c | 12 +++--- + bin/dnssec/dnssec-keygen.docbook | 24 +++++++---- + bin/dnssec/dnssectool.c | 12 +++--- bin/named/client.c | 3 +- - bin/named/config.c | 4 ++- - bin/named/controlconf.c | 19 +++++++---- - bin/named/include/named/server.h | 2 ++ + bin/named/config.c | 4 +- + bin/named/controlconf.c | 19 +++++--- + bin/named/include/named/server.h | 2 + bin/named/interfacemgr.c | 1 + bin/named/query.c | 1 + - bin/named/server.c | 53 ++++++++++++++++++------------ - bin/nsupdate/nsupdate.c | 4 +-- - bin/tests/system/pipelined/pipequeries.c | 4 +-- - bin/tests/system/tkey/keycreate.c | 4 +-- - bin/tests/system/tkey/keydelete.c | 4 +-- - doc/arm/Bv9ARM-book.xml | 55 ++++++++++++++++++++++---------- - doc/arm/notes.xml | 26 +++++++++++++++ - lib/dns/dst_api.c | 4 ++- - lib/dns/include/dst/dst.h | 14 ++++++-- + bin/named/server.c | 51 ++++++++++++++-------- + bin/nsupdate/nsupdate.c | 4 +- + bin/tests/system/pipelined/pipequeries.c | 4 +- + bin/tests/system/tkey/keycreate.c | 4 +- + bin/tests/system/tkey/keydelete.c | 4 +- + doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++------- + doc/arm/notes.xml | 26 +++++++++++ + lib/dns/dst_api.c | 4 +- + lib/dns/include/dst/dst.h | 14 +++++- lib/dns/openssl_link.c | 3 +- - lib/isc/include/isc/entropy.h | 50 +++++++++++++++++++++-------- - lib/isc/include/isc/random.h | 28 ++++++++++------ + lib/isc/include/isc/entropy.h | 50 +++++++++++++++------ + lib/isc/include/isc/random.h | 28 +++++++----- lib/isccfg/namedconf.c | 2 +- - 22 files changed, 221 insertions(+), 108 deletions(-) + 22 files changed, 220 insertions(+), 107 deletions(-) diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c index 295e16f..0f79aa8 100644 @@ -76,10 +76,10 @@ index 295e16f..0f79aa8 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook -index 96dfef6..1c84b06 100644 +index ee6a489..17dddb6 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook -@@ -349,15 +349,23 @@ +@@ -350,15 +350,23 @@ -r randomdev @@ -140,10 +140,10 @@ index 31a99e7..38c83ed 100644 usekeyboard); diff --git a/bin/named/client.c b/bin/named/client.c -index 0f6e162..5e39b82 100644 +index d425df2..7ab3dec 100644 --- a/bin/named/client.c +++ b/bin/named/client.c -@@ -1608,7 +1608,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, +@@ -1609,7 +1609,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, isc_buffer_init(&buf, cookie, sizeof(cookie)); isc_stdtime_get(&now); @@ -154,7 +154,7 @@ index 0f6e162..5e39b82 100644 compute_cookie(client, now, nonce, ns_g_server->secret, &buf); diff --git a/bin/named/config.c b/bin/named/config.c -index 2c4c93c..16ed248 100644 +index a153172..8d46bc3 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -93,7 +93,9 @@ options {\n\ @@ -253,7 +253,7 @@ index 419927b..d721f47 100644 #include #include diff --git a/bin/named/query.c b/bin/named/query.c -index f8dbef2..2f3c0ca 100644 +index 1d3edbc..193efde 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -19,6 +19,7 @@ @@ -265,10 +265,10 @@ index f8dbef2..2f3c0ca 100644 #include #include diff --git a/bin/named/server.c b/bin/named/server.c -index 9258e7f..f4320df 100644 +index 30e7eac..27ea3bf 100644 --- a/bin/named/server.c +++ b/bin/named/server.c -@@ -8164,21 +8164,30 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8203,21 +8203,30 @@ load_configuration(const char *filename, ns_server_t *server, * Open the source of entropy. */ if (first_time) { @@ -277,11 +277,6 @@ index 9258e7f..f4320df 100644 obj = NULL; result = ns_config_get(maps, "random-device", &obj); - if (result != ISC_R_SUCCESS) { -- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, -- NS_LOGMODULE_SERVER, ISC_LOG_INFO, -- "no source of entropy found"); -- } else { -- const char *randomdev = cfg_obj_asstring(obj); + if (result == ISC_R_SUCCESS) { + if (!cfg_obj_isvoid(obj)) { + level = ISC_LOG_INFO; @@ -289,28 +284,32 @@ index 9258e7f..f4320df 100644 + } + } + if (randomdev == NULL) { - #ifdef ISC_PLATFORM_CRYPTORANDOM -- if (strcmp(randomdev, ISC_PLATFORM_CRYPTORANDOM) == 0) -- isc_entropy_usehook(ns_g_entropy, true); ++#ifdef ISC_PLATFORM_CRYPTORANDOM + isc_entropy_usehook(ns_g_entropy, true); - #else -- int level = ISC_LOG_ERROR; -- result = isc_entropy_createfilesource(ns_g_entropy, -- randomdev); ++#else + if ((obj != NULL) && !cfg_obj_isvoid(obj)) + level = ISC_LOG_INFO; -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, +- NS_LOGMODULE_SERVER, ISC_LOG_INFO, + NS_LOGMODULE_SERVER, level, -+ "no source of entropy found"); + "no source of entropy found"); + if ((obj == NULL) || cfg_obj_isvoid(obj)) { + CHECK(ISC_R_FAILURE); + } +#endif -+ } else { + } else { +- const char *randomdev = cfg_obj_asstring(obj); +-#ifdef ISC_PLATFORM_CRYPTORANDOM +- if (strcmp(randomdev, ISC_PLATFORM_CRYPTORANDOM) == 0) +- isc_entropy_usehook(ns_g_entropy, true); +-#else +- int level = ISC_LOG_ERROR; +- result = isc_entropy_createfilesource(ns_g_entropy, +- randomdev); #ifdef PATH_RANDOMDEV if (ns_g_fallbackentropy != NULL) { level = ISC_LOG_INFO; -@@ -8189,8 +8198,8 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8228,8 +8237,8 @@ load_configuration(const char *filename, ns_server_t *server, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, level, @@ -321,7 +320,7 @@ index 9258e7f..f4320df 100644 randomdev, isc_result_totext(result)); } -@@ -8210,7 +8219,6 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8249,7 +8258,6 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -329,7 +328,7 @@ index 9258e7f..f4320df 100644 #endif } } -@@ -8998,6 +9006,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { +@@ -9040,6 +9048,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy, &server->tkeyctx), "creating TKEY context"); @@ -339,7 +338,7 @@ index 9258e7f..f4320df 100644 /* * Setup the server task, which is responsible for coordinating -@@ -9204,7 +9215,8 @@ ns_server_destroy(ns_server_t **serverp) { +@@ -9246,7 +9257,8 @@ ns_server_destroy(ns_server_t **serverp) { if (server->zonemgr != NULL) dns_zonemgr_detach(&server->zonemgr); @@ -349,7 +348,7 @@ index 9258e7f..f4320df 100644 if (server->tkeyctx != NULL) dns_tkeyctx_destroy(&server->tkeyctx); -@@ -13105,10 +13117,10 @@ newzone_cfgctx_destroy(void **cfgp) { +@@ -13197,10 +13209,10 @@ newzone_cfgctx_destroy(void **cfgp) { static isc_result_t generate_salt(unsigned char *salt, size_t saltlen) { @@ -362,7 +361,7 @@ index 9258e7f..f4320df 100644 } rnd; unsigned char text[512 + 1]; isc_region_t r; -@@ -13118,9 +13130,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { +@@ -13210,9 +13222,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { if (saltlen > 256U) return (ISC_R_RANGE); @@ -377,7 +376,7 @@ index 9258e7f..f4320df 100644 memmove(salt, rnd.rnd, saltlen); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c -index 1559a33..68b9a99 100644 +index 6d7a02e..626b1cf 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -283,9 +283,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { @@ -437,10 +436,10 @@ index 2146f9b..ac2c311 100644 } #endif diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index baff8d3..00a50e4 100644 +index dd5365c..1a463b0 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml -@@ -5070,22 +5070,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] +@@ -5071,22 +5071,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] random-device @@ -503,11 +502,11 @@ index baff8d3..00a50e4 100644 diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml -index d9537a3..5c2cc13 100644 +index ad4b34c..2685b8e 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml -@@ -180,6 +180,32 @@ - option. [GL #105] +@@ -229,6 +229,32 @@ + is used from the shell scripts. + @@ -535,15 +534,15 @@ index d9537a3..5c2cc13 100644 + case /dev/random will be the default + entropy source. [RT #31459] [RT #46047] + -+ ++ diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c -index afb4d80..4e62a97 100644 +index b55ebe0..d2b43d3 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c -@@ -2013,10 +2013,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) { +@@ -2016,10 +2016,12 @@ dst__entropy_getdata(void *buf, unsigned int len, bool pseudo) { else flags |= ISC_ENTROPY_BLOCKING; #ifdef ISC_PLATFORM_CRYPTORANDOM @@ -558,10 +557,10 @@ index afb4d80..4e62a97 100644 } diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h -index 78e1277..10293d0 100644 +index 6813c96..665574d 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h -@@ -164,8 +164,18 @@ isc_result_t +@@ -163,8 +163,18 @@ isc_result_t dst_random_getdata(void *data, unsigned int length, unsigned int *returned, unsigned int flags); /*%< @@ -583,10 +582,10 @@ index 78e1277..10293d0 100644 bool diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c -index d88d643..7a233dd 100644 +index 6849732..e00a0e4 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c -@@ -482,7 +482,8 @@ dst__openssl_getengine(const char *engine) { +@@ -484,7 +484,8 @@ dst__openssl_getengine(const char *engine) { isc_result_t dst_random_getdata(void *data, unsigned int length, @@ -740,7 +739,7 @@ index f8aed34..17c551b 100644 ISC_LANG_ENDDECLS diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c -index cd797a6..589da07 100644 +index fbc62cc..9cad61d 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -1109,7 +1109,7 @@ options_clauses[] = { @@ -753,5 +752,5 @@ index cd797a6..589da07 100644 { "recursive-clients", &cfg_type_uint32, 0 }, { "reserved-sockets", &cfg_type_uint32, 0 }, -- -2.14.4 +2.20.1 diff --git a/bind-9.11-tests-variants.patch b/bind-9.11-tests-variants.patch index b8ab1c0..55f4491 100644 --- a/bind-9.11-tests-variants.patch +++ b/bind-9.11-tests-variants.patch @@ -1,4 +1,4 @@ -From 118c70ab26f54f8ecd38da36f3e7d7ed66e2e764 Mon Sep 17 00:00:00 2001 +From 7d689f77714430a4ef6cead040ec304dca0b8bd3 Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Fri, 1 Mar 2019 15:48:20 +0100 Subject: [PATCH] Make alternative named builds testable in system tests @@ -17,19 +17,19 @@ export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in -index 0b9706a..a446c18 100644 +index b072af8..d2cb8ed 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in -@@ -20,7 +20,7 @@ TOP=${SYSTEMTESTTOP:=.}/../../.. - # Make it absolute so that it continues to work after we cd. - TOP=`cd $TOP && pwd` +@@ -27,7 +27,7 @@ ALTERNATIVE_ALGORITHM=RSASHA1 + ALTERNATIVE_ALGORITHM_NUMBER=5 + ALTERNATIVE_BITS=1280 -NAMED=$TOP/bin/named/named +NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT} # We must use "named -l" instead of "lwresd" because argv[0] is lost # if the program is libtoolized. LWRESD="$TOP/bin/named/named -l" -@@ -31,13 +31,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate +@@ -38,13 +38,14 @@ NSUPDATE=$TOP/bin/nsupdate/nsupdate DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen @@ -51,7 +51,7 @@ index 0b9706a..a446c18 100644 CHECKDS=$TOP/bin/python/dnssec-checkds COVERAGE=$TOP/bin/python/dnssec-coverage KEYMGR=$TOP/bin/python/dnssec-keymgr -@@ -57,7 +58,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read +@@ -64,7 +65,7 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read MDIG=$TOP/bin/tools/mdig NZD2NZF=$TOP/bin/tools/named-nzd2nzf FSTRM_CAPTURE=@FSTRM_CAPTURE@ diff --git a/bind-9.11-unit-disable-random.patch b/bind-9.11-unit-disable-random.patch index 5658d12..553f725 100644 --- a/bind-9.11-unit-disable-random.patch +++ b/bind-9.11-unit-disable-random.patch @@ -1,4 +1,4 @@ -From c89b0e288f923af69b97e8acc29250b262be7d1e Mon Sep 17 00:00:00 2001 +From 373f07148217a8e70e33446f5108fb42d1079ba6 Mon Sep 17 00:00:00 2001 From: Petr Mensik Date: Thu, 21 Feb 2019 22:42:27 +0100 Subject: [PATCH] Disable random_test @@ -9,37 +9,22 @@ subtests can occasionally fail, stop it. It can be used again by defining 'unstable' variable in Kyuafile. --- - lib/isc/tests/Atffile | 3 ++- lib/isc/tests/Kyuafile | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) + 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/lib/isc/tests/Atffile b/lib/isc/tests/Atffile -index 8681844..74a4a77 100644 ---- a/lib/isc/tests/Atffile -+++ b/lib/isc/tests/Atffile -@@ -20,7 +20,8 @@ tp: pool_test - tp: print_test - tp: queue_test - tp: radix_test --tp: random_test -+# random test fails too often -+#tp: random_test - tp: regex_test - tp: result_test - tp: safe_test diff --git a/lib/isc/tests/Kyuafile b/lib/isc/tests/Kyuafile -index 1c510c1..a86824a 100644 +index 4cd2574..9df2340 100644 --- a/lib/isc/tests/Kyuafile +++ b/lib/isc/tests/Kyuafile -@@ -19,7 +19,7 @@ atf_test_program{name='pool_test'} - atf_test_program{name='print_test'} - atf_test_program{name='queue_test'} - atf_test_program{name='radix_test'} --atf_test_program{name='random_test'} -+atf_test_program{name='random_test', required_configs='unstable'} - atf_test_program{name='regex_test'} - atf_test_program{name='result_test'} - atf_test_program{name='safe_test'} +@@ -19,7 +19,7 @@ tap_test_program{name='pool_test'} + tap_test_program{name='print_test'} + tap_test_program{name='queue_test'} + tap_test_program{name='radix_test'} +-tap_test_program{name='random_test'} ++tap_test_program{name='random_test', required_configs='unstable'} + tap_test_program{name='regex_test'} + tap_test_program{name='result_test'} + tap_test_program{name='safe_test'} -- 2.20.1 diff --git a/bind-9.11-unit-dnstap-pkcs11.patch b/bind-9.11-unit-dnstap-pkcs11.patch deleted file mode 100644 index 8620e9f..0000000 --- a/bind-9.11-unit-dnstap-pkcs11.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c -index 56e3da4..1f31542 100644 ---- a/lib/dns/tests/dnstap_test.c -+++ b/lib/dns/tests/dnstap_test.c -@@ -297,6 +297,9 @@ ATF_TC_BODY(totext, tc) { - - UNUSED(tc); - -+ /* make sure text conversion gets the right local time */ -+ setenv("TZ", "PST8", 1); -+ - result = dns_test_begin(NULL, true); - ATF_REQUIRE(result == ISC_R_SUCCESS); - -@@ -306,9 +309,6 @@ ATF_TC_BODY(totext, tc) { - result = isc_stdio_open(TAPTEXT, "r", &fp); - ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); - -- /* make sure text conversion gets the right local time */ -- setenv("TZ", "PST8", 1); -- - while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) { - dns_dtdata_t *dtdata = NULL; - isc_buffer_t *b = NULL; diff --git a/bind-9.9.1-P2-multlib-conflict.patch b/bind-9.9.1-P2-multlib-conflict.patch index 96506dd..8768b86 100644 --- a/bind-9.9.1-P2-multlib-conflict.patch +++ b/bind-9.9.1-P2-multlib-conflict.patch @@ -1,8 +1,8 @@ diff --git a/config.h.in b/config.h.in -index e1364dd921..1dc65cfb21 100644 +index 4ecaa8f..2f65ccc 100644 --- a/config.h.in +++ b/config.h.in -@@ -588,7 +588,7 @@ int sigwait(const unsigned int *set, int *sig); +@@ -600,7 +600,7 @@ int sigwait(const unsigned int *set, int *sig); #undef PREFER_GOSTASN1 /* The size of `void *', as computed by sizeof. */ @@ -11,39 +11,8 @@ index e1364dd921..1dc65cfb21 100644 /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS -diff --git a/configure.in b/configure.in -index 73b1c8ccbb..129fc3f311 100644 ---- a/configure.in -+++ b/configure.in -@@ -3523,14 +3523,14 @@ AC_TRY_COMPILE([ - #include - #include - int getnameinfo(const struct sockaddr *, socklen_t, char *, -- socklen_t, char *, socklen_t, unsigned int);], -+ socklen_t, char *, socklen_t, int);], - [ return (0);], -- [AC_MSG_RESULT(socklen_t for buflen; u_int for flags) -+ [AC_MSG_RESULT(socklen_t for buflen; int for flags) - AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, socklen_t, - [Define to the sockaddr length type used by getnameinfo(3).]) - AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, socklen_t, - [Define to the buffer length type used by getnameinfo(3).]) -- AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, unsigned int, -+ AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, int, - [Define to the flags type used by getnameinfo(3).])], - [AC_TRY_COMPILE([ - #include -@@ -3557,7 +3557,7 @@ int getnameinfo(const struct sockaddr *, size_t, char *, - [AC_MSG_RESULT(not match any subspecies; assume standard definition) - AC_DEFINE(IRS_GETNAMEINFO_SOCKLEN_T, socklen_t) - AC_DEFINE(IRS_GETNAMEINFO_BUFLEN_T, socklen_t) --AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, int)])])]) -+AC_DEFINE(IRS_GETNAMEINFO_FLAGS_T, unsigned int)])])]) - - # - # ...and same for gai_strerror(). diff --git a/isc-config.sh.in b/isc-config.sh.in -index a8a0a89e88..b5e94ed13e 100644 +index a8a0a89..b5e94ed 100644 --- a/isc-config.sh.in +++ b/isc-config.sh.in @@ -13,7 +13,18 @@ prefix=@prefix@ diff --git a/bind.spec b/bind.spec index aa765cc..ef1be71 100644 --- a/bind.spec +++ b/bind.spec @@ -128,18 +128,12 @@ Patch159:bind-9.11-rt46047.patch Patch160:bind-9.11-rh1624100.patch # https://gitlab.isc.org/isc-projects/bind9/issues/555 Patch161:bind-9.11-host-idn-disable.patch -# https://gitlab.isc.org/isc-projects/bind9/issues/624 -Patch162:bind-9.11-unit-dnstap-pkcs11.patch # https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e Patch163:bind-9.11-rh1663318.patch # https://gitlab.isc.org/isc-projects/bind9/issues/819 Patch164:bind-9.11-rh1666814.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1647829 Patch165:bind-9.11-rh1647829.patch -# commit 8e1cc95c943b7dfaaaaf2d9a4971861735cc3fb2 -Patch166:bind-9.11-rh1647829-2.patch -# https://gitlab.isc.org/isc-projects/bind9/issues/225 -Patch167:bind-9.11-ed448-disable.patch # random_test fails too often by random, disable it Patch168:bind-9.11-unit-disable-random.patch Patch169:bind-9.11-feature-test-dlz.patch @@ -520,12 +514,9 @@ are used for building ISC DHCP. %patch159 -p1 -b .rt46047 %patch160 -p1 -b .rh1624100 %patch161 -p1 -b .host-idn-disable -%patch162 -p1 -b .dnstap-pkcs11 %patch163 -p1 -b .rh1663318 %patch164 -p1 -b .rh1666814 %patch165 -p1 -b .rh1647829 -%patch166 -p1 -b .rh1647829-2 -%patch167 -p1 -b .noed448 %patch168 -p1 -b .random_test-disable %patch169 -p1 -b .featuretest-dlz %patch170 -p1 -b .featuretest-named diff --git a/bind97-rh478718.patch b/bind97-rh478718.patch index ef44490..dfc4165 100644 --- a/bind97-rh478718.patch +++ b/bind97-rh478718.patch @@ -1,8 +1,8 @@ -diff --git a/configure.in b/configure.in -index 896e81c1ce..73b1c8ccbb 100644 ---- a/configure.in -+++ b/configure.in -@@ -4275,6 +4275,10 @@ if test "yes" = "$use_atomic"; then +diff --git a/configure.ac b/configure.ac +index 26c509e..c1bfd62 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -4152,6 +4152,10 @@ if test "yes" = "$use_atomic"; then AC_MSG_RESULT($arch) fi @@ -14,10 +14,10 @@ index 896e81c1ce..73b1c8ccbb 100644 AC_MSG_CHECKING([compiler support for inline assembly code]) diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in -index 2ff522342f..58df86adb3 100644 +index c902d46..9c7c342 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in -@@ -289,19 +289,25 @@ +@@ -284,19 +284,25 @@ * If the "xaddq" operation (64bit xadd) is available on this architecture, * ISC_PLATFORM_HAVEXADDQ will be defined. */ diff --git a/bind98-rh735103.patch b/bind98-rh735103.patch deleted file mode 100644 index 51bf290..0000000 --- a/bind98-rh735103.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up bind-9.10.1b1/lib/isc/unix/socket.c.rh735103 bind-9.10.1b1/lib/isc/unix/socket.c ---- bind-9.10.1b1/lib/isc/unix/socket.c.rh735103 2014-06-23 06:47:35.000000000 +0200 -+++ bind-9.10.1b1/lib/isc/unix/socket.c 2014-07-29 16:25:27.172818662 +0200 -@@ -67,6 +67,20 @@ - #include - #include - -+/* See task.c about the following definition: */ -+#ifdef BIND9 -+#ifdef ISC_PLATFORM_USETHREADS -+#define USE_WATCHER_THREAD -+#else -+#define USE_SHARED_MANAGER -+#endif /* ISC_PLATFORM_USETHREADS */ -+#else /* BIND9 */ -+#undef ISC_PLATFORM_HAVESYSUNH -+#undef ISC_PLATFORM_HAVEKQUEUE -+#undef ISC_PLATFORM_HAVEEPOLL -+#undef ISC_PLATFORM_HAVEDEVPOLL -+#endif /* BIND9 */ -+ - #ifdef ISC_PLATFORM_HAVESYSUNH - #include - #endif -@@ -86,13 +100,6 @@ - - #include "errno2result.h" - --/* See task.c about the following definition: */ --#ifdef ISC_PLATFORM_USETHREADS --#define USE_WATCHER_THREAD --#else --#define USE_SHARED_MANAGER --#endif /* ISC_PLATFORM_USETHREADS */ -- - #ifndef USE_WATCHER_THREAD - #include "socket_p.h" - #include "../task_p.h"