From fb6b37da16554c8b39ae88d5d1403777a061359d Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Aug 21 2020 17:15:01 +0000 Subject: Update to 9.11.22 https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html (cherry picked from commit 745f43ac05493cd67566f330deaa81e080cdb86a) --- diff --git a/.gitignore b/.gitignore index 2c71b88..a41a75a 100644 --- a/.gitignore +++ b/.gitignore @@ -112,3 +112,5 @@ bind-9.7.2b1.tar.gz /bind-9.11.20.tar.gz.asc /bind-9.11.21.tar.gz /bind-9.11.21.tar.gz.asc +/bind-9.11.22.tar.gz +/bind-9.11.22.tar.gz.asc diff --git a/bind-9.11-fips-tests.patch b/bind-9.11-fips-tests.patch index 29dda07..c08fca6 100644 --- a/bind-9.11-fips-tests.patch +++ b/bind-9.11-fips-tests.patch @@ -1,4 +1,4 @@ -From c23daf334d5487fa53fef88c82312e439a2d8523 Mon Sep 17 00:00:00 2001 +From da45a97312a63f815b295167c3f3abb9fe8941a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:46:45 +0200 Subject: [PATCH] FIPS tests changes @@ -80,7 +80,7 @@ Date: Wed Mar 7 10:44:23 2018 +0100 bin/tests/system/digdelv/tests.sh | 20 +++--- bin/tests/system/dlv/ns1/sign.sh | 4 +- bin/tests/system/dlv/ns2/sign.sh | 4 +- - bin/tests/system/dlv/ns6/sign.sh | 66 +++++++++--------- + bin/tests/system/dlv/ns6/sign.sh | 66 ++++++++++--------- bin/tests/system/dnssec/ns2/sign.sh | 8 +-- bin/tests/system/dnssec/ns5/trusted.conf.bad | 2 +- bin/tests/system/dnssec/tests.sh | 4 +- @@ -92,18 +92,17 @@ Date: Wed Mar 7 10:44:23 2018 +0100 bin/tests/system/nsupdate/ns1/named.conf.in | 2 +- bin/tests/system/nsupdate/ns2/named.conf.in | 2 +- bin/tests/system/nsupdate/setup.sh | 7 +- - bin/tests/system/nsupdate/tests.sh | 11 ++- + bin/tests/system/nsupdate/tests.sh | 11 +++- bin/tests/system/rndc/setup.sh | 2 +- bin/tests/system/rndc/tests.sh | 23 ++++--- - bin/tests/system/tsig/clean.sh | 1 + bin/tests/system/tsig/ns1/named.conf.in | 10 +-- + bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++ bin/tests/system/tsig/setup.sh | 5 ++ - bin/tests/system/tsig/tests.sh | 67 ++++++++++++------- + bin/tests/system/tsig/tests.sh | 65 +++++++++++------- bin/tests/system/tsiggss/setup.sh | 2 +- bin/tests/system/upforwd/ns1/named.conf.in | 2 +- bin/tests/system/upforwd/tests.sh | 2 +- - bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++ - 45 files changed, 232 insertions(+), 171 deletions(-) + 44 files changed, 230 insertions(+), 170 deletions(-) create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in @@ -563,10 +562,10 @@ index 21be03e..e57c308 100644 }; diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf -index 9ab35b3..486551a 100644 +index 09d188a..7cf4030 100644 --- a/bin/tests/system/checkconf/good.conf +++ b/bin/tests/system/checkconf/good.conf -@@ -153,6 +153,6 @@ dyndb "name" "library.so" { +@@ -159,6 +159,6 @@ dyndb "name" "library.so" { system; }; key "mykey" { @@ -601,10 +600,10 @@ index f4e30f5..9f53e31 100644 ; TTL of 3 weeks weeks 1814400 A 10.53.0.2 diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh -index ade45ce..d3aff24 100644 +index 3d1010e..fa9eb92 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh -@@ -106,7 +106,7 @@ if [ -x "$DIG" ] ; then +@@ -155,7 +155,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +rrcomments works for DNSKEY($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -613,7 +612,7 @@ index ade45ce..d3aff24 100644 check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -115,7 +115,7 @@ if [ -x "$DIG" ] ; then +@@ -164,7 +164,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +rrcomments works for DNSKEY ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -622,7 +621,7 @@ index ade45ce..d3aff24 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -123,7 +123,7 @@ if [ -x "$DIG" ] ; then +@@ -172,7 +172,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +nosplit works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -631,7 +630,7 @@ index ade45ce..d3aff24 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -131,7 +131,7 @@ if [ -x "$DIG" ] ; then +@@ -180,7 +180,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +rrcomments works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -640,7 +639,7 @@ index ade45ce..d3aff24 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -148,7 +148,7 @@ if [ -x "$DIG" ] ; then +@@ -197,7 +197,7 @@ if [ -x "$DIG" ] ; then echo_i "checking dig +short +rrcomments works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 @@ -649,7 +648,7 @@ index ade45ce..d3aff24 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -695,7 +695,7 @@ if [ -x ${DELV} ] ; then +@@ -799,7 +799,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +rrcomments works for DNSKEY($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -658,7 +657,7 @@ index ade45ce..d3aff24 100644 check_ttl_range delv.out.test$n "DNSKEY" 300 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -704,7 +704,7 @@ if [ -x ${DELV} ] ; then +@@ -808,7 +808,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +rrcomments works for DNSKEY ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -667,7 +666,7 @@ index ade45ce..d3aff24 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -712,7 +712,7 @@ if [ -x ${DELV} ] ; then +@@ -816,7 +816,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +rrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -676,7 +675,7 @@ index ade45ce..d3aff24 100644 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -@@ -720,7 +720,7 @@ if [ -x ${DELV} ] ; then +@@ -824,7 +824,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +nosplit works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -685,7 +684,7 @@ index ade45ce..d3aff24 100644 if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi f=`awk '{print NF}' < delv.out.test$n` test "${f:-0}" -eq 14 || ret=1 -@@ -731,7 +731,7 @@ if [ -x ${DELV} ] ; then +@@ -835,7 +835,7 @@ if [ -x ${DELV} ] ; then echo_i "checking delv +short +nosplit +norrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 @@ -912,7 +911,7 @@ index 1e39862..4ed19ac 100755 cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh -index 13fb924..1ffa279 100644 +index 7f95c8a..3a9251b 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -126,8 +126,8 @@ zone=in-addr.arpa. @@ -956,10 +955,10 @@ index ed30460..e6b1126 100644 + "." 256 3 8 "AwEAAarwAdjV4gIhpBCjXVAScRFEx3co7k8smJdxrnqoGsl5NB7EZ9jRdgvCXbJn6v8y9jlNWVHvaC8ilhfhLh0A1vLWiWv4ijd/12xcnrY7xpG7Cu3YkxUxaXJ7Jdg/Iw1+9mGgXF1v4UbCIcw/3U3cxyk7OxYg+VSb5KBAQSR0upxV"; }; diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh -index b31c1b4..a5e237b 100644 +index 6f7eaa7..bd2778b 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh -@@ -3235,8 +3235,8 @@ do +@@ -3257,8 +3257,8 @@ do alg=`expr $alg + 1` continue;; 3) size="-b 512";; @@ -1065,7 +1064,7 @@ index cfcfe8f..0a1614d 100644 }; diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh -index 1f6e6d0..c08bd25 100644 +index c112d2c..987b6de 100644 --- a/bin/tests/system/notify/tests.sh +++ b/bin/tests/system/notify/tests.sh @@ -212,16 +212,16 @@ ret=0 @@ -1089,7 +1088,7 @@ index 1f6e6d0..c08bd25 100644 grep "test string" dig.out.b.ns5.test$n > /dev/null && grep "test string" dig.out.c.ns5.test$n > /dev/null && diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in -index 1d999ad..26b6b7c 100644 +index e90907a..540a984 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf.in +++ b/bin/tests/system/nsupdate/ns1/named.conf.in @@ -32,7 +32,7 @@ controls { @@ -1115,10 +1114,10 @@ index 4549184..cb7dccd 100644 }; diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh -index 21805c5..0d3d85c 100644 +index a35b8ee..8383162 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh -@@ -58,7 +58,12 @@ EOF +@@ -53,7 +53,12 @@ EOF $DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key @@ -1133,10 +1132,10 @@ index 21805c5..0d3d85c 100644 $DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key $DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh -index 4da4849..b3bc807 100755 +index 14952c8..5c51972 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh -@@ -708,7 +708,14 @@ fi +@@ -760,7 +760,14 @@ fi n=`expr $n + 1` ret=0 echo_i "check TSIG key algorithms ($n)" @@ -1152,7 +1151,7 @@ index 4da4849..b3bc807 100755 $NSUPDATE -k ns1/${alg}.key < /dev/null || ret=1 server 10.53.0.1 ${PORT} update add ${alg}.keytests.nil. 600 A 10.10.10.3 -@@ -716,7 +723,7 @@ send +@@ -768,7 +775,7 @@ send END done sleep 2 @@ -1162,10 +1161,10 @@ index 4da4849..b3bc807 100755 done if [ $ret -ne 0 ]; then diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh -index 343869e..c30efb0 100644 +index 8521ff8..565a1d7 100644 --- a/bin/tests/system/rndc/setup.sh +++ b/bin/tests/system/rndc/setup.sh -@@ -37,7 +37,7 @@ make_key () { +@@ -35,7 +35,7 @@ make_key () { sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf } @@ -1208,15 +1207,6 @@ index 57e066d..186a723 100644 n=`expr $n + 1` echo_i "testing rndc with hmac-sha1 ($n)" -diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh -index 576ec70..cb7a852 100644 ---- a/bin/tests/system/tsig/clean.sh -+++ b/bin/tests/system/tsig/clean.sh -@@ -20,3 +20,4 @@ rm -f */named.run - rm -f ns*/named.lock - rm -f Kexample.net.+163+* - rm -f keygen.out? -+rm -f ns1/named.conf diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in index fbf30c6..f61657d 100644 --- a/bin/tests/system/tsig/ns1/named.conf.in @@ -1245,11 +1235,27 @@ index fbf30c6..f61657d 100644 key "sha1-trunc" { secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; +diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in +new file mode 100644 +index 0000000..0682194 +--- /dev/null ++++ b/bin/tests/system/tsig/ns1/rndc5.conf.in +@@ -0,0 +1,10 @@ ++# Conditionally included when support for MD5 is available ++key "md5" { ++ secret "97rnFx24Tfna4mHPfgnerA=="; ++ algorithm hmac-md5; ++}; ++ ++key "md5-trunc" { ++ secret "97rnFx24Tfna4mHPfgnerA=="; ++ algorithm hmac-md5-80; ++}; diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh -index 4dd4a25..aa0f966 100644 +index 9a8ab2e..1311689 100644 --- a/bin/tests/system/tsig/setup.sh +++ b/bin/tests/system/tsig/setup.sh -@@ -17,3 +17,8 @@ $SHELL clean.sh +@@ -15,3 +15,8 @@ SYSTEMTESTTOP=.. copy_setports ns1/named.conf.in ns1/named.conf test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE @@ -1259,7 +1265,7 @@ index 4dd4a25..aa0f966 100644 + cat ns1/rndc5.conf.in >> ns1/named.conf +fi diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh -index f731fa6..cade35b 100644 +index 526dbca..bf359a4 100644 --- a/bin/tests/system/tsig/tests.sh +++ b/bin/tests/system/tsig/tests.sh @@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f @@ -1273,13 +1279,6 @@ index f731fa6..cade35b 100644 -if [ $ret -eq 1 ] ; then - echo_i "failed"; status=1 -fi -- --echo_i "fetching using hmac-md5 (new form)" --ret=0 --$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1 --grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1 --if [ $ret -eq 1 ] ; then -- echo_i "failed"; status=1 +if $FEATURETEST --md5 +then + echo_i "fetching using hmac-md5 (old form)" @@ -1289,7 +1288,13 @@ index f731fa6..cade35b 100644 + if [ $ret -eq 1 ] ; then + echo_i "failed"; status=1 + fi -+ + +-echo_i "fetching using hmac-md5 (new form)" +-ret=0 +-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1 +-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1 +-if [ $ret -eq 1 ] ; then +- echo_i "failed"; status=1 + echo_i "fetching using hmac-md5 (new form)" + ret=0 + $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1 @@ -1351,10 +1356,10 @@ index f731fa6..cade35b 100644 echo_i "fetching using hmac-sha1-80 (BADTRUNC)" diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh -index 0d21c7b..dbcb7b4 100644 +index 49510b4..8d8bb2a 100644 --- a/bin/tests/system/tsiggss/setup.sh +++ b/bin/tests/system/tsiggss/setup.sh -@@ -18,5 +18,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE +@@ -16,5 +16,5 @@ test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE copy_setports ns1/named.conf.in ns1/named.conf @@ -1387,22 +1392,6 @@ index b0694bb..9adae82 100644 server 10.53.0.3 ${PORT} update add updated.example. 600 A 10.10.10.1 update add updated.example. 600 TXT Foo -diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in -new file mode 100644 -index 0000000..0682194 ---- /dev/null -+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in -@@ -0,0 +1,10 @@ -+# Conditionally included when support for MD5 is available -+key "md5" { -+ secret "97rnFx24Tfna4mHPfgnerA=="; -+ algorithm hmac-md5; -+}; -+ -+key "md5-trunc" { -+ secret "97rnFx24Tfna4mHPfgnerA=="; -+ algorithm hmac-md5-80; -+}; -- -2.20.1 +2.26.2 diff --git a/bind-9.11-rt46047.patch b/bind-9.11-rt46047.patch index ee9bae8..90ea7a4 100644 --- a/bind-9.11-rt46047.patch +++ b/bind-9.11-rt46047.patch @@ -1,4 +1,4 @@ -From 344c19ad4b3f058e65a4b41650bb0ee20692cc5c Mon Sep 17 00:00:00 2001 +From 8a064944dc10421a387725a365650d656d2a97f1 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 28 Sep 2017 10:09:22 -0700 Subject: [PATCH] completed and corrected the crypto-random change @@ -142,7 +142,7 @@ index 5654435..24c0d5a 100644 usekeyboard); diff --git a/bin/named/client.c b/bin/named/client.c -index 9a0d3c8..c573177 100644 +index f4a5ff9..58549d3 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1765,7 +1765,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, @@ -156,7 +156,7 @@ index 9a0d3c8..c573177 100644 compute_cookie(client, now, nonce, ns_g_server->secret, &buf); diff --git a/bin/named/config.c b/bin/named/config.c -index dbdff64..63da4b0 100644 +index eef8181..ff868b8 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -98,7 +98,9 @@ options {\n\ @@ -267,10 +267,10 @@ index 203f1e6..25eeced 100644 #include #include diff --git a/bin/named/server.c b/bin/named/server.c -index f27071f..f132c19 100644 +index 7b3b736..4aaa92f 100644 --- a/bin/named/server.c +++ b/bin/named/server.c -@@ -8210,21 +8210,32 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8234,21 +8234,32 @@ load_configuration(const char *filename, ns_server_t *server, * Open the source of entropy. */ if (first_time) { @@ -312,7 +312,7 @@ index f27071f..f132c19 100644 #ifdef PATH_RANDOMDEV if (ns_g_fallbackentropy != NULL) { level = ISC_LOG_INFO; -@@ -8235,8 +8246,8 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8259,8 +8270,8 @@ load_configuration(const char *filename, ns_server_t *server, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, level, @@ -323,7 +323,7 @@ index f27071f..f132c19 100644 randomdev, isc_result_totext(result)); } -@@ -8256,7 +8267,6 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8280,7 +8291,6 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -331,7 +331,7 @@ index f27071f..f132c19 100644 #endif } -@@ -9025,6 +9035,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { +@@ -9049,6 +9059,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->in_roothints = NULL; server->blackholeacl = NULL; server->keepresporder = NULL; @@ -339,7 +339,7 @@ index f27071f..f132c19 100644 /* Must be first. */ CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy, -@@ -9051,6 +9062,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { +@@ -9075,6 +9086,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy, &server->tkeyctx), "creating TKEY context"); @@ -349,7 +349,7 @@ index f27071f..f132c19 100644 /* * Setup the server task, which is responsible for coordinating -@@ -9257,7 +9271,8 @@ ns_server_destroy(ns_server_t **serverp) { +@@ -9281,7 +9295,8 @@ ns_server_destroy(ns_server_t **serverp) { if (server->zonemgr != NULL) dns_zonemgr_detach(&server->zonemgr); @@ -359,7 +359,7 @@ index f27071f..f132c19 100644 if (server->tkeyctx != NULL) dns_tkeyctx_destroy(&server->tkeyctx); -@@ -13263,10 +13278,10 @@ newzone_cfgctx_destroy(void **cfgp) { +@@ -13316,10 +13331,10 @@ newzone_cfgctx_destroy(void **cfgp) { static isc_result_t generate_salt(unsigned char *salt, size_t saltlen) { @@ -372,7 +372,7 @@ index f27071f..f132c19 100644 } rnd; unsigned char text[512 + 1]; isc_region_t r; -@@ -13276,9 +13291,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { +@@ -13329,9 +13344,10 @@ generate_salt(unsigned char *salt, size_t saltlen) { if (saltlen > 256U) return (ISC_R_RANGE); @@ -387,10 +387,10 @@ index f27071f..f132c19 100644 memmove(salt, rnd.rnd, saltlen); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c -index 0286987..0376377 100644 +index 2436731..6f59456 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c -@@ -283,9 +283,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { +@@ -284,9 +284,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { } #ifdef ISC_PLATFORM_CRYPTORANDOM @@ -455,22 +455,22 @@ index 2146f9b..64b8e74 100644 } #endif diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index 93c7a08..bb1e81d 100644 +index 1da0565..7eef5b2 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml -@@ -5081,22 +5081,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] +@@ -5034,22 +5034,45 @@ badresp:1,adberr:0,findfail:0,valfail:0] random-device -- The source of entropy to be used by the server. Entropy is +- This specifies a source of entropy to be used by the server. Entropy is - primarily needed - for DNSSEC operations, such as TKEY transactions and dynamic - update of signed -- zones. This options specifies the device (or file) from which +- zones. This option specifies the device (or file) from which - to read -- entropy. If this is a file, operations requiring entropy will +- entropy. If it is a file, operations requiring entropy will - fail when the -- file has been exhausted. If not specified, the default value +- file has been exhausted. If random-device is not specified, the default value - is - /dev/random - (or equivalent) when present, and none otherwise. The @@ -569,10 +569,10 @@ index 0000000..89a4961 + + diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml -index 589a347..052a0bd 100644 +index adffaa0..2ffe344 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml -@@ -40,6 +40,7 @@ +@@ -45,6 +45,7 @@ @@ -785,5 +785,5 @@ index 1c45d5c..91693b5 100644 { "recursive-clients", &cfg_type_uint32, 0 }, { "reserved-sockets", &cfg_type_uint32, 0 }, -- -2.21.1 +2.26.2 diff --git a/bind-9.11-serve-stale.patch b/bind-9.11-serve-stale.patch index 724a57b..d18077c 100644 --- a/bind-9.11-serve-stale.patch +++ b/bind-9.11-serve-stale.patch @@ -1,4 +1,4 @@ -From 521fc8dcc0ac064ae8bc521418f5b03f0ceec657 Mon Sep 17 00:00:00 2001 +From 5400119bfb19243b37e4f4f27baad4f610fff8da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 7 Nov 2019 14:31:03 +0100 Subject: [PATCH] Implement serve-stale in 9.11 @@ -240,7 +240,7 @@ Signed-off-by: Petr Menšík bin/tests/system/serve-stale/prereq.sh | 38 ++ bin/tests/system/serve-stale/setup.sh | 13 + bin/tests/system/serve-stale/tests.sh | 536 ++++++++++++++++++ - doc/arm/Bv9ARM-book.xml | 69 ++- + doc/arm/Bv9ARM-book.xml | 77 ++- doc/arm/logging-categories.xml | 11 + doc/arm/notes-rh-changes.xml | 14 +- doc/misc/options | 10 + @@ -263,7 +263,7 @@ Signed-off-by: Petr Menšík lib/dns/tests/db_test.c | 198 ++++++- lib/dns/view.c | 3 + lib/isccfg/namedconf.c | 5 + - 48 files changed, 2122 insertions(+), 102 deletions(-) + 48 files changed, 2126 insertions(+), 106 deletions(-) create mode 100644 bin/tests/system/serve-stale/.gitignore create mode 100644 bin/tests/system/serve-stale/ans2/ans.pl.in create mode 100644 bin/tests/system/serve-stale/clean.sh @@ -276,7 +276,7 @@ Signed-off-by: Petr Menšík create mode 100755 bin/tests/system/serve-stale/tests.sh diff --git a/bin/named/config.c b/bin/named/config.c -index 63da4b0..b598f9b 100644 +index ff868b8..f23bed1 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -182,13 +182,14 @@ options {\n\ @@ -733,7 +733,7 @@ index 25eeced..162e4ea 100644 (!PARTIALANSWER(client) || WANTRECURSION(client) || eresult == DNS_R_DROP)) { diff --git a/bin/named/server.c b/bin/named/server.c -index 1f23cf0..1fa836f 100644 +index 1cbb9a0..0c899ba 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1720,7 +1720,8 @@ static bool @@ -843,7 +843,7 @@ index 1f23cf0..1fa836f 100644 /* * Set supported DNSSEC algorithms. */ -@@ -14456,3 +14500,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) { +@@ -14509,3 +14553,132 @@ ns_server_dnstap(ns_server_t *server, isc_lex_t *lex, isc_buffer_t **text) { return (ISC_R_NOTIMPLEMENTED); #endif } @@ -994,7 +994,7 @@ index 4b8d972..8c68737 100644 /* Initialize resolver statistics */ diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c -index 8083654..d519983 100644 +index 1b48861..f50635b 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -160,6 +160,8 @@ command is one of the following:\n\ @@ -1052,7 +1052,7 @@ index f3f1939..9ff3f07 100644 + exit 1 +fi diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in -index 22749b9..a247fd5 100644 +index 4c122c8..a2eb833 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -128,7 +128,7 @@ PARALLELDIRS="dnssec rpzrecurse \ @@ -2039,10 +2039,10 @@ index 0000000..201c996 +echo "I:exit status: $status" +[ $status -eq 0 ] || exit 1 diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml -index bb1e81d..6dbbfad 100644 +index 7eef5b2..b16b239 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml -@@ -4381,6 +4381,9 @@ badresp:1,adberr:0,findfail:0,valfail:0] +@@ -4336,6 +4336,9 @@ badresp:1,adberr:0,findfail:0,valfail:0] statement in the named.conf file: @@ -2052,7 +2052,7 @@ index bb1e81d..6dbbfad 100644
<command>options</command> Statement Definition and -@@ -4474,6 +4477,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] +@@ -4429,6 +4432,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] <command>dnssec-validation</command>, <command>max-cache-ttl</command>, <command>max-ncache-ttl</command>, @@ -2060,7 +2060,7 @@ index bb1e81d..6dbbfad 100644 <command>max-cache-size</command>, and <command>zero-no-soa-ttl</command>. </para> -@@ -5485,7 +5489,6 @@ options { +@@ -5438,7 +5442,6 @@ options { </listitem> </varlistentry> @@ -2068,7 +2068,7 @@ index bb1e81d..6dbbfad 100644 <varlistentry> <term><command>max-zone-ttl</command></term> <listitem> -@@ -5521,6 +5524,21 @@ options { +@@ -5474,6 +5477,21 @@ options { </listitem> </varlistentry> @@ -2090,7 +2090,7 @@ index bb1e81d..6dbbfad 100644 <varlistentry> <term><command>serial-update-method</command></term> <listitem> -@@ -6280,6 +6298,22 @@ options { +@@ -6227,6 +6245,22 @@ options { </listitem> </varlistentry> @@ -2113,31 +2113,34 @@ index bb1e81d..6dbbfad 100644 <varlistentry> <term><command>nocookie-udp-size</command></term> <listitem> -@@ -7501,14 +7535,20 @@ options { +@@ -7448,13 +7482,19 @@ options { <term><command>resolver-query-timeout</command></term> <listitem> <para> -- The amount of time in seconds that the resolver -+ The amount of time in milliseconds that the resolver - will spend attempting to resolve a recursive - query before failing. The default and minimum +- This is the amount of time in seconds that the +- resolver spends attempting to resolve a recursive +- query before failing. The default and minimum - is <literal>10</literal> and the maximum is - <literal>30</literal>. Setting it to +- <literal>0</literal> results in the default +- being used. ++ The amount of time in milliseconds that the resolver ++ will spend attempting to resolve a recursive ++ query before failing. The default and minimum + is <literal>10000</literal> and the maximum is + <literal>30000</literal>. Setting it to - <literal>0</literal> will result in the default - being used. - </para> ++ <literal>0</literal> will result in the default ++ being used. ++ </para> + <para> + This value was originally specified in seconds. + Values less than or equal to 300 will be be treated + as seconds and converted to milliseconds before + applying the above limits. -+ </para> + </para> </listitem> </varlistentry> - </variablelist> -@@ -8994,6 +9034,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; +@@ -8928,6 +8968,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; </listitem> </varlistentry> @@ -2166,7 +2169,7 @@ index bb1e81d..6dbbfad 100644 <term><command>min-roots</command></term> <listitem> diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml -index 181def7..59f6afb 100644 +index e41bd3b..2f505c8 100644 --- a/doc/arm/logging-categories.xml +++ b/doc/arm/logging-categories.xml @@ -311,6 +311,17 @@ @@ -2869,7 +2872,7 @@ index 567e8a8..7bf2b60 100644 * Functions. */ diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h -index c849dec..647ca2a 100644 +index 09a9725..8e3b3cb 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -229,6 +229,9 @@ struct dns_view { @@ -2979,7 +2982,7 @@ index 13d1a3e..873b694 100644 RUNTIME_CHECK(result == ISC_R_SUCCESS); isc_buffer_usedregion(&buffer, &r); diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c -index 02f2c84..fda991d 100644 +index baf7641..a8f4609 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -490,6 +490,7 @@ typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t; @@ -3155,7 +3158,7 @@ index 02f2c84..fda991d 100644 /* * Caller must be holding the node lock. */ -@@ -3313,6 +3406,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, +@@ -3318,6 +3411,12 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header, rdataset->attributes |= DNS_RDATASETATTR_OPTOUT; if (PREFETCH(header)) rdataset->attributes |= DNS_RDATASETATTR_PREFETCH; @@ -3168,7 +3171,7 @@ index 02f2c84..fda991d 100644 rdataset->private1 = rbtdb; rdataset->private2 = node; raw = (unsigned char *)header + sizeof(*header); -@@ -4653,6 +4752,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, +@@ -4674,6 +4773,19 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, #endif if (!ACTIVE(header, search->now)) { @@ -3188,7 +3191,7 @@ index 02f2c84..fda991d 100644 /* * This rdataset is stale. If no one else is using the * node, we can clean it up right now, otherwise we mark -@@ -4692,7 +4804,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, +@@ -4713,7 +4825,7 @@ check_stale_header(dns_rbtnode_t *node, rdatasetheader_t *header, node->data = header->next; free_rdataset(search->rbtdb, mctx, header); } else { @@ -3197,7 +3200,7 @@ index 02f2c84..fda991d 100644 *header_prev = header; } } else -@@ -5130,7 +5242,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, +@@ -5154,7 +5266,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, &locktype, lock, &search, &header_prev)) { /* Do nothing. */ @@ -3206,7 +3209,7 @@ index 02f2c84..fda991d 100644 /* * We now know that there is at least one active * non-stale rdataset at this node. -@@ -5608,7 +5720,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { +@@ -5637,7 +5749,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { * refcurrent(rbtnode) must be non-zero. This is so * because 'node' is an argument to the function. */ @@ -3215,7 +3218,7 @@ index 02f2c84..fda991d 100644 if (log) isc_log_write(dns_lctx, category, module, level, "overmem cache: stale %s", -@@ -5616,7 +5728,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { +@@ -5645,7 +5757,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { } else if (force_expire) { if (! RETAIN(header)) { set_ttl(rbtdb, header, 0); @@ -3224,7 +3227,7 @@ index 02f2c84..fda991d 100644 } else if (log) { isc_log_write(dns_lctx, category, module, level, "overmem cache: " -@@ -5873,9 +5985,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, +@@ -5904,9 +6016,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * non-zero. This is so because 'node' is an * argument to the function. */ @@ -3236,7 +3239,7 @@ index 02f2c84..fda991d 100644 if (header->type == matchtype) found = header; else if (header->type == RBTDB_RDATATYPE_NCACHEANY || -@@ -6167,7 +6279,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6206,7 +6318,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, topheader = topheader->next) { set_ttl(rbtdb, topheader, 0); @@ -3245,7 +3248,7 @@ index 02f2c84..fda991d 100644 } goto find_header; } -@@ -6225,7 +6337,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6267,7 +6379,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * ncache entry. */ set_ttl(rbtdb, topheader, 0); @@ -3254,7 +3257,7 @@ index 02f2c84..fda991d 100644 topheader = NULL; goto find_header; } -@@ -6263,8 +6375,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6305,8 +6417,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, } /* @@ -3268,7 +3271,7 @@ index 02f2c84..fda991d 100644 */ if (rbtversion == NULL && trust < header->trust && (ACTIVE(header, now) || header_nx)) { -@@ -6293,6 +6408,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6336,6 +6451,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, if ((options & DNS_DBADD_EXACT) != 0) flags |= DNS_RDATASLAB_EXACT; @@ -3279,7 +3282,7 @@ index 02f2c84..fda991d 100644 if ((options & DNS_DBADD_EXACTTTL) != 0 && newheader->rdh_ttl != header->rdh_ttl) result = DNS_R_NOTEXACT; -@@ -6336,11 +6455,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6379,11 +6498,12 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, } } /* @@ -3297,7 +3300,7 @@ index 02f2c84..fda991d 100644 */ if (IS_CACHE(rbtdb) && ACTIVE(header, now) && header->type == dns_rdatatype_ns && -@@ -6511,10 +6631,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, +@@ -6556,10 +6676,10 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, changed->dirty = true; if (rbtversion == NULL) { set_ttl(rbtdb, header, 0); @@ -3310,7 +3313,7 @@ index 02f2c84..fda991d 100644 } } if (rbtversion != NULL && !header_nx) { -@@ -8331,6 +8451,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) { +@@ -8410,6 +8530,30 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) { return (result); } @@ -3341,7 +3344,7 @@ index 02f2c84..fda991d 100644 static dns_dbmethods_t zone_methods = { attach, detach, -@@ -8376,7 +8520,9 @@ static dns_dbmethods_t zone_methods = { +@@ -8455,7 +8599,9 @@ static dns_dbmethods_t zone_methods = { NULL, hashsize, nodefullname, @@ -3352,7 +3355,7 @@ index 02f2c84..fda991d 100644 }; static dns_dbmethods_t cache_methods = { -@@ -8424,7 +8570,9 @@ static dns_dbmethods_t cache_methods = { +@@ -8503,7 +8649,9 @@ static dns_dbmethods_t cache_methods = { setcachestats, hashsize, nodefullname, @@ -3363,7 +3366,7 @@ index 02f2c84..fda991d 100644 }; isc_result_t -@@ -8695,7 +8843,7 @@ dns_rbtdb_create +@@ -8774,7 +8922,7 @@ dns_rbtdb_create rbtdb->rpzs = NULL; rbtdb->load_rpzs = NULL; rbtdb->rpz_num = DNS_RPZ_INVALID_NUM; @@ -3372,7 +3375,7 @@ index 02f2c84..fda991d 100644 /* * Version Initialization. */ -@@ -9113,7 +9261,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { +@@ -9192,7 +9340,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { * rdatasets to work. */ if (NONEXISTENT(header) || @@ -3382,7 +3385,7 @@ index 02f2c84..fda991d 100644 header = NULL; break; } else -@@ -10322,7 +10471,7 @@ static inline bool +@@ -10401,7 +10550,7 @@ static inline bool need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) { if ((header->attributes & (RDATASET_ATTR_NONEXISTENT | @@ -3391,7 +3394,7 @@ index 02f2c84..fda991d 100644 RDATASET_ATTR_ZEROTTL)) != 0) return (false); -@@ -10428,7 +10577,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, +@@ -10507,7 +10656,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked, expire_t reason) { set_ttl(rbtdb, header, 0); @@ -3401,7 +3404,7 @@ index 02f2c84..fda991d 100644 /* * Caller must hold the node (write) lock. diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 337a2f3..24e14d2 100644 +index f7f73cd..7a77bde 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -141,16 +141,17 @@ @@ -3434,7 +3437,7 @@ index 337a2f3..24e14d2 100644 #endif /* The default maximum number of recursions to follow before giving up. */ -@@ -515,6 +516,11 @@ struct dns_resolver { +@@ -523,6 +524,11 @@ struct dns_resolver { dns_fetch_t * primefetch; /* Locked by nlock. */ unsigned int nfctx; @@ -3446,7 +3449,7 @@ index 337a2f3..24e14d2 100644 }; #define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!') -@@ -1625,14 +1631,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) { +@@ -1633,14 +1639,12 @@ fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) { unsigned int seconds; unsigned int us; @@ -3465,7 +3468,7 @@ index 337a2f3..24e14d2 100644 /* * Add a fudge factor to the expected rtt based on the current -@@ -4494,7 +4498,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, +@@ -4518,7 +4522,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, /* * Compute an expiration time for the entire fetch. */ @@ -3475,7 +3478,7 @@ index 337a2f3..24e14d2 100644 iresult = isc_time_nowplusinterval(&fctx->expires, &interval); if (iresult != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, -@@ -8983,6 +8988,8 @@ dns_resolver_create(dns_view_t *view, +@@ -9005,6 +9010,8 @@ dns_resolver_create(dns_view_t *view, res->spillattimer = NULL; res->zspill = 0; res->zero_no_soa_ttl = false; @@ -3484,7 +3487,7 @@ index 337a2f3..24e14d2 100644 res->query_timeout = DEFAULT_QUERY_TIMEOUT; res->maxdepth = DEFAULT_RECURSION_DEPTH; res->maxqueries = DEFAULT_MAX_QUERIES; -@@ -10317,17 +10324,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) { +@@ -10339,17 +10346,20 @@ dns_resolver_gettimeout(dns_resolver_t *resolver) { } void @@ -3513,7 +3516,7 @@ index 337a2f3..24e14d2 100644 } void -@@ -10424,3 +10434,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which) +@@ -10446,3 +10456,34 @@ dns_resolver_getquotaresponse(dns_resolver_t *resolver, dns_quotatype_t which) return (resolver->quotaresp[which]); } @@ -3549,10 +3552,10 @@ index 337a2f3..24e14d2 100644 + resolver->nonbackofftries = tries; +} diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c -index d4c8c67..ee9be79 100644 +index 8afaa52..b370e05 100644 --- a/lib/dns/sdb.c +++ b/lib/dns/sdb.c -@@ -1368,7 +1368,9 @@ static dns_dbmethods_t sdb_methods = { +@@ -1370,7 +1370,9 @@ static dns_dbmethods_t sdb_methods = { NULL, /* setcachestats */ NULL, /* hashsize */ NULL, /* nodefullname */ @@ -3855,5 +3858,5 @@ index 91693b5..5771774 100644 { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP }, { "transfer-format", &cfg_type_transferformat, 0 }, -- -2.21.1 +2.26.2 diff --git a/bind.spec b/bind.spec index e68190f..d802dd1 100644 --- a/bind.spec +++ b/bind.spec @@ -58,14 +58,14 @@ # lib*.so.X versions of selected libraries %global sover_dns 1110 -%global sover_isc 1105 +%global sover_isc 1107 %global sover_irs 161 %global sover_isccfg 163 Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.11.21 +Version: 9.11.22 Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ @@ -1604,6 +1604,9 @@ fi; %changelog +* Thu Aug 20 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.22-1 +- Update to 9.11.22 + * Wed Jul 15 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.21-1 - Update to 9.11.21 diff --git a/sources b/sources index be00cf2..51de436 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.11.21.tar.gz) = d807c6fdc2ab46f14f0f72db2d991166e7fe1d37b6f458256b4e25de1fd5c5291c2338e407733388e0fa49da447941db1323a1b6fead813134101d2d5c331064 -SHA512 (bind-9.11.21.tar.gz.asc) = 172c7c21f6f17f7e8c421b8f09f4da6bf907ce39c5da564d0f731fd262e265cb26b0f95c907d473cc17ff8c0b2f37d32df8371dd7d0992ca3633b557f325502a +SHA512 (bind-9.11.22.tar.gz) = 8ed2ed661b87705bbb7ddde3076a132b4e53971d669600997abfa104404e0c8b4bf04cc04c6be1c2c701123db5e0d4645ab797e5a985a18f5a1d68824a3df3ed +SHA512 (bind-9.11.22.tar.gz.asc) = 009c2035f8ed992771b863369f480575e91b2dbaad50fbfd5322cd8761bf4dced0870c448375ad746271717b6847012a2ba5f9dcc862f63c05ff6b1fcd77885f