diff --git a/.gitignore b/.gitignore index ad0da8a..eb390f1 100644 --- a/.gitignore +++ b/.gitignore @@ -76,3 +76,4 @@ bind-9.7.2b1.tar.gz /bind-9.11.1-P2.tar.gz /bind-9.11.1-P3.tar.gz /bind-9.11.2-P1.tar.gz +/bind-9.11.3b1.tar.gz diff --git a/bind-9.10-dist-native-pkcs11.patch b/bind-9.10-dist-native-pkcs11.patch index 1562b84..cb36e04 100644 --- a/bind-9.10-dist-native-pkcs11.patch +++ b/bind-9.10-dist-native-pkcs11.patch @@ -137,10 +137,10 @@ index 8c6627a..c070881 100644 CWARNINGS = diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in -index 903023b..b40303d 100644 +index 83bce80..5170f47 100644 --- a/bin/named-pkcs11/Makefile.in +++ b/bin/named-pkcs11/Makefile.in -@@ -36,26 +36,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@ +@@ -40,26 +40,26 @@ DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ @@ -174,7 +174,7 @@ index 903023b..b40303d 100644 LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@ BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ -@@ -64,15 +64,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ +@@ -68,15 +68,15 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \ @@ -193,7 +193,7 @@ index 903023b..b40303d 100644 GEOIPLINKOBJS = geoip.@O@ -@@ -83,8 +83,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ +@@ -87,8 +87,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \ zoneconf.@O@ \ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ @@ -203,7 +203,7 @@ index 903023b..b40303d 100644 UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ -@@ -99,8 +98,7 @@ SRCS = builtin.c client.c config.c control.c \ +@@ -103,8 +102,7 @@ SRCS = builtin.c client.c config.c control.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ @@ -213,16 +213,25 @@ index 903023b..b40303d 100644 MANPAGES = named.8 lwresd.8 named.conf.5 -@@ -139,7 +137,7 @@ server.@O@: server.c +@@ -143,14 +141,14 @@ server.@O@: server.c -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c --named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS} -+named-pkcs11@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS} +-named@EXEEXT@: ${OBJS} ${DEPLIBS} ++named-pkcs11@EXEEXT@: ${OBJS} ${DEPLIBS} export MAKE_SYMTABLE="yes"; \ export BASEOBJS="${OBJS} ${UOBJS}"; \ ${FINALBUILDCMD} -@@ -166,22 +164,12 @@ statschannel.@O@: bind9.xsl.h + +-lwresd@EXEEXT@: named@EXEEXT@ ++lwresd@EXEEXT@: named-pkcs11@EXEEXT@ + rm -f lwresd@EXEEXT@ +- @LN@ named@EXEEXT@ lwresd@EXEEXT@ ++ @LN@ named-pkcs11@EXEEXT@ lwresd@EXEEXT@ + + doc man:: ${MANOBJS} + +@@ -170,22 +168,12 @@ statschannel.@O@: bind9.xsl.h installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} @@ -249,10 +258,10 @@ index 903023b..b40303d 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index 903023b..9c14b73 100644 +index 83bce80..f217965 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -40,7 +40,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ +@@ -44,7 +44,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@ @@ -283,10 +292,10 @@ index d9aa66b..1900e3c 100644 DEPLIBS = ${ISCDEPLIBS} diff --git a/configure.in b/configure.in -index 832b1a4..fc913b8 100644 +index 71dadbf..127de9b 100644 --- a/configure.in +++ b/configure.in -@@ -1116,12 +1116,14 @@ AC_SUBST(USE_GSSAPI) +@@ -1152,12 +1152,14 @@ AC_SUBST(USE_GSSAPI) AC_SUBST(DST_GSSAPI_INC) AC_SUBST(DNS_GSSAPI_LIBS) DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_LIBS" @@ -301,7 +310,7 @@ index 832b1a4..fc913b8 100644 # # was --with-randomdev specified? -@@ -1495,11 +1497,11 @@ fi +@@ -1542,11 +1544,11 @@ fi AC_MSG_CHECKING(for OpenSSL library) OPENSSL_WARNING= openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw" @@ -318,15 +327,15 @@ index 832b1a4..fc913b8 100644 if test "auto" = "$use_openssl" then -@@ -1512,6 +1514,7 @@ then +@@ -1559,6 +1561,7 @@ then fi done fi +CRYPTO_PK11="" OPENSSL_ECDSA="" OPENSSL_GOST="" - gosttype="raw" -@@ -1532,16 +1535,17 @@ case "$with_gost" in + OPENSSL_ED25519="" +@@ -1580,11 +1583,10 @@ case "$with_gost" in ;; esac @@ -338,8 +347,11 @@ index 832b1a4..fc913b8 100644 DST_OPENSSL_INC="" - CRYPTO="-DPKCS11CRYPTO" + CRYPTO_PK11="-DPKCS11CRYPTO" - OPENSSLGOSTLINKOBJS="" - OPENSSLGOSTLINKSRS="" + OPENSSLECDSALINKOBJS="" + OPENSSLECDSALINKSRCS="" + OPENSSLEDDSALINKOBJS="" +@@ -1593,7 +1595,9 @@ case "$use_openssl" in + OPENSSLGOSTLINKSRCS="" OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" - ;; @@ -349,24 +361,24 @@ index 832b1a4..fc913b8 100644 no) AC_MSG_RESULT(no) DST_OPENSSL_INC="" -@@ -1563,11 +1567,11 @@ case "$use_openssl" in +@@ -1623,11 +1627,11 @@ case "$use_openssl" in If you don't want OpenSSL, use --without-openssl]) ;; *) - if test "yes" = "$want_native_pkcs11" - then -- AC_MSG_RESULT() +- AC_MSG_RESULT() - AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.]) - fi -+# if test "yes" = "$want_native_pkcs11" -+# then -+# AC_MSG_RESULT() -+# AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.]) -+# fi ++ # if test "yes" = "$want_native_pkcs11" ++ # then ++ # AC_MSG_RESULT() ++ # AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.]) ++ # fi if test "yes" = "$use_openssl" then # User did not specify a path - guess it -@@ -1923,6 +1927,7 @@ AC_SUBST(OPENSSL_ECDSA) +@@ -2085,6 +2089,7 @@ AC_SUBST(OPENSSL_ED25519) AC_SUBST(OPENSSL_GOST) DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS" @@ -374,15 +386,15 @@ index 832b1a4..fc913b8 100644 ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES" if test "yes" = "$with_aes" -@@ -2218,6 +2223,7 @@ esac +@@ -2404,6 +2409,7 @@ esac AC_SUBST(PKCS11LINKOBJS) AC_SUBST(PKCS11LINKSRCS) AC_SUBST(CRYPTO) +AC_SUBST(CRYPTO_PK11) AC_SUBST(PKCS11_ECDSA) AC_SUBST(PKCS11_GOST) - AC_SUBST(PKCS11_TEST) -@@ -5131,8 +5137,11 @@ AC_CONFIG_FILES([ + AC_SUBST(PKCS11_ED25519) +@@ -5398,8 +5404,11 @@ AC_CONFIG_FILES([ bin/delv/Makefile bin/dig/Makefile bin/dnssec/Makefile @@ -394,7 +406,7 @@ index 832b1a4..fc913b8 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5233,6 +5242,10 @@ AC_CONFIG_FILES([ +@@ -5500,6 +5509,10 @@ AC_CONFIG_FILES([ lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile @@ -405,7 +417,7 @@ index 832b1a4..fc913b8 100644 lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile -@@ -5257,6 +5270,24 @@ AC_CONFIG_FILES([ +@@ -5524,6 +5537,24 @@ AC_CONFIG_FILES([ lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isc/unix/include/pkcs11/Makefile @@ -444,7 +456,7 @@ index 318450c..87cde21 100644 @BIND9_MAKE_RULES@ diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in -index 257d5e5..4abcc49 100644 +index f7556f3..8e29a5c 100644 --- a/lib/dns-pkcs11/Makefile.in +++ b/lib/dns-pkcs11/Makefile.in @@ -23,16 +23,16 @@ VERSION=@BIND9_VERSION@ @@ -469,7 +481,7 @@ index 257d5e5..4abcc49 100644 LIBS = @LIBS@ -@@ -135,15 +135,15 @@ version.@O@: version.c +@@ -142,15 +142,15 @@ version.@O@: version.c -DLIBAGE=${LIBAGE} \ -c ${srcdir}/version.c @@ -489,7 +501,7 @@ index 257d5e5..4abcc49 100644 include: gen ${MAKE} include/dns/enumtype.h -@@ -169,25 +169,25 @@ code.h: gen +@@ -176,25 +176,25 @@ code.h: gen ./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; } gen: gen.c diff --git a/bind-9.10-sdb.patch b/bind-9.10-sdb.patch index f2179b0..0318e9e 100644 --- a/bind-9.10-sdb.patch +++ b/bind-9.10-sdb.patch @@ -14,10 +14,10 @@ index 7d21984..015ff45 100644 @BIND9_MAKE_RULES@ diff --git a/bin/named-sdb/Makefile.in b/bin/named-sdb/Makefile.in -index 9c14b73..36e7916 100644 +index f217965..b79d6fe 100644 --- a/bin/named-sdb/Makefile.in +++ b/bin/named-sdb/Makefile.in -@@ -23,10 +23,10 @@ VERSION=@BIND9_VERSION@ +@@ -27,10 +27,10 @@ VERSION=@BIND9_VERSION@ # # Add database drivers here. # @@ -31,7 +31,7 @@ index 9c14b73..36e7916 100644 DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers -@@ -72,7 +72,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ +@@ -76,7 +76,7 @@ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ SUBDIRS = unix @@ -40,16 +40,16 @@ index 9c14b73..36e7916 100644 GEOIPLINKOBJS = geoip.@O@ -@@ -139,7 +139,7 @@ server.@O@: server.c +@@ -143,7 +143,7 @@ server.@O@: server.c -DPRODUCT=\"${PRODUCT}\" \ -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c --named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS} -+named-sdb@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS} +-named@EXEEXT@: ${OBJS} ${DEPLIBS} ++named-sdb@EXEEXT@: ${OBJS} ${DEPLIBS} export MAKE_SYMTABLE="yes"; \ export BASEOBJS="${OBJS} ${UOBJS}"; \ ${FINALBUILDCMD} -@@ -166,22 +166,12 @@ statschannel.@O@: bind9.xsl.h +@@ -170,22 +170,12 @@ statschannel.@O@: bind9.xsl.h installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} @@ -76,7 +76,7 @@ index 9c14b73..36e7916 100644 @DLZ_DRIVER_RULES@ diff --git a/bin/named-sdb/main.c b/bin/named-sdb/main.c -index 00002a9..cb9b5f5 100644 +index 64ee3ce..218d9b0 100644 --- a/bin/named-sdb/main.c +++ b/bin/named-sdb/main.c @@ -88,6 +88,10 @@ @@ -90,7 +90,7 @@ index 00002a9..cb9b5f5 100644 #ifdef CONTRIB_DLZ /* -@@ -1052,6 +1056,11 @@ setup(void) { +@@ -1060,6 +1064,11 @@ setup(void) { ns_main_earlyfatal("isc_app_start() failed: %s", isc_result_totext(result)); @@ -102,7 +102,7 @@ index 00002a9..cb9b5f5 100644 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting %s %s%s%s ", ns_g_product, ns_g_version, -@@ -1173,6 +1182,75 @@ setup(void) { +@@ -1181,6 +1190,75 @@ setup(void) { isc_result_totext(result)); #endif @@ -178,7 +178,7 @@ index 00002a9..cb9b5f5 100644 ns_server_create(ns_g_mctx, &ns_g_server); #ifdef HAVE_LIBSECCOMP -@@ -1215,6 +1293,11 @@ cleanup(void) { +@@ -1223,6 +1301,11 @@ cleanup(void) { dns_name_destroy(); @@ -191,10 +191,10 @@ index 00002a9..cb9b5f5 100644 ISC_LOG_NOTICE, "exiting"); ns_log_shutdown(); diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in -index 9c14b73..08318a2 100644 +index f217965..05b8699 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in -@@ -38,9 +38,9 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ +@@ -42,9 +42,9 @@ DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ @@ -206,7 +206,7 @@ index 9c14b73..08318a2 100644 CWARNINGS = -@@ -64,11 +64,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ +@@ -68,11 +68,11 @@ DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \ @@ -220,7 +220,7 @@ index 9c14b73..08318a2 100644 SUBDIRS = unix -@@ -83,8 +83,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ +@@ -87,8 +87,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \ zoneconf.@O@ \ lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \ @@ -230,7 +230,7 @@ index 9c14b73..08318a2 100644 UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ -@@ -99,8 +98,7 @@ SRCS = builtin.c client.c config.c control.c \ +@@ -103,8 +102,7 @@ SRCS = builtin.c client.c config.c control.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ @@ -240,7 +240,7 @@ index 9c14b73..08318a2 100644 MANPAGES = named.8 lwresd.8 named.conf.5 -@@ -183,7 +181,5 @@ uninstall:: +@@ -187,7 +185,5 @@ uninstall:: rm -f ${DESTDIR}${sbindir}/lwresd@EXEEXT@ ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@ @@ -284,10 +284,10 @@ index c7e0868..95ab742 100644 + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2sqlite@EXEEXT@ ${DESTDIR}${sbindir} ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 diff --git a/configure.in b/configure.in -index 6435274..5e614a7 100644 +index 1a0cc5f..b59a549 100644 --- a/configure.in +++ b/configure.in -@@ -5125,6 +5125,8 @@ AC_CONFIG_FILES([ +@@ -5409,6 +5409,8 @@ AC_CONFIG_FILES([ bin/named/unix/Makefile bin/named-pkcs11/Makefile bin/named-pkcs11/unix/Makefile @@ -296,7 +296,7 @@ index 6435274..5e614a7 100644 bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile -@@ -5149,6 +5151,7 @@ AC_CONFIG_FILES([ +@@ -5433,6 +5435,7 @@ AC_CONFIG_FILES([ bin/python/isc/tests/dnskey_test.py bin/python/isc/tests/policy_test.py bin/rndc/Makefile diff --git a/bind-9.11-kyua-unit-oot.patch b/bind-9.11-kyua-unit-oot.patch new file mode 100644 index 0000000..7409ebd --- /dev/null +++ b/bind-9.11-kyua-unit-oot.patch @@ -0,0 +1,95 @@ +diff --git a/Makefile.in b/Makefile.in +index b2681ed..c6e14a4 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -7,6 +7,7 @@ + srcdir = @srcdir@ + VPATH = @srcdir@ + top_srcdir = @top_srcdir@ ++top_builddir = @top_builddir@ + + VERSION=@BIND9_VERSION@ + +@@ -86,7 +87,8 @@ force-test: test-force + test-force: + status=0; \ + (cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \ +- (test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \ ++ (test -f ${top_builddir}/unit/unittest.sh && \ ++ $(SHELL) ${top_builddir}/unit/unittest.sh) || status=1; \ + exit $$status + + README: README.md +@@ -102,6 +104,6 @@ OPTIONS: OPTIONS.md + ${W3M} -dump -cols 75 -O ascii -T text/html > $@ + + unit:: +- sh ${top_srcdir}/unit/unittest.sh ++ sh ${top_builddir}/unit/unittest.sh + + clean:: +diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in +index c7fd4ed..2a6571b 100644 +--- a/lib/dns/tests/Makefile.in ++++ b/lib/dns/tests/Makefile.in +@@ -234,7 +234,7 @@ tsig_test@EXEEXT@: tsig_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${ISCLIBS} ${LIBS} + + unit:: +- sh ${top_srcdir}/unit/unittest.sh ++ sh ${top_builddir}/unit/unittest.sh + + clean distclean:: + rm -f ${TARGETS} +diff --git a/lib/irs/tests/Makefile.in b/lib/irs/tests/Makefile.in +index 2ecf8b0..38bf342 100644 +--- a/lib/irs/tests/Makefile.in ++++ b/lib/irs/tests/Makefile.in +@@ -45,7 +45,7 @@ resconf_test@EXEEXT@: resconf_test.@O@ ${CFGDEPLIBS} ${DNSDEPLIBS} ${IRSDEPLIBS} + resconf_test.@O@ ${LIBS} + + unit:: +- sh ${top_srcdir}/unit/unittest.sh ++ sh ${top_builddir}/unit/unittest.sh + + clean distclean:: + rm -f ${TARGETS} +diff --git a/lib/isc/tests/Makefile.in b/lib/isc/tests/Makefile.in +index 20c7e25..f7fa538 100644 +--- a/lib/isc/tests/Makefile.in ++++ b/lib/isc/tests/Makefile.in +@@ -159,7 +159,7 @@ time_test@EXEEXT@: time_test.@O@ ${ISCDEPLIBS} + time_test.@O@ ${ISCLIBS} ${LIBS} + + unit:: +- sh ${top_srcdir}/unit/unittest.sh ++ sh ${top_builddir}/unit/unittest.sh + + clean distclean:: + rm -f ${TARGETS} +diff --git a/lib/isccfg/tests/Makefile.in b/lib/isccfg/tests/Makefile.in +index be64b92..cbd444a 100644 +--- a/lib/isccfg/tests/Makefile.in ++++ b/lib/isccfg/tests/Makefile.in +@@ -44,7 +44,7 @@ parser_test@EXEEXT@: parser_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} ${ISCCFGDEPLIBS + ${ISCLIBS} ${LIBS} + + unit:: +- sh ${top_srcdir}/unit/unittest.sh ++ sh ${top_builddir}/unit/unittest.sh + + clean distclean:: + rm -f ${TARGETS} +diff --git a/lib/lwres/tests/Makefile.in b/lib/lwres/tests/Makefile.in +index 7166d44..10db3e7 100644 +--- a/lib/lwres/tests/Makefile.in ++++ b/lib/lwres/tests/Makefile.in +@@ -39,7 +39,7 @@ config_test@EXEEXT@: config_test.@O@ ${LWRESDEPLIBS} + config_test.@O@ ${LWRESLIBS} ${LIBS} + + unit:: +- sh ${top_srcdir}/unit/unittest.sh ++ sh ${top_builddir}/unit/unittest.sh + + clean distclean:: + rm -f ${TARGETS} diff --git a/bind-9.11-rh1484451.patch b/bind-9.11-rh1484451.patch deleted file mode 100644 index c2596b2..0000000 --- a/bind-9.11-rh1484451.patch +++ /dev/null @@ -1,27 +0,0 @@ -From a8a20462b516b0cc39e9b1fb1a8dd514eb1aed29 Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Fri, 1 Sep 2017 11:17:59 +1000 -Subject: [PATCH] 4697. [bug] Restore workaround for Microsoft - Windows TSIG hash computation bug. [RT #45854] - ---- - lib/dns/rdataset.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c -index 1386840..e563963 100644 ---- a/lib/dns/rdataset.c -+++ b/lib/dns/rdataset.c -@@ -466,6 +466,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, - dns_name_copy(owner_name, name, NULL); - dns_rdataset_getownercase(rdataset, name); - -+ if ((owner_name->attributes & DNS_NAMEATTR_NOCOMPRESS) != 0) -+ name->attributes |= DNS_NAMEATTR_NOCOMPRESS; -+ - do { - /* - * Copy out the name, type, class, ttl. --- -2.9.5 - diff --git a/bind-9.11-rh1500017.patch b/bind-9.11-rh1500017.patch deleted file mode 100644 index 0605a75..0000000 --- a/bind-9.11-rh1500017.patch +++ /dev/null @@ -1,75 +0,0 @@ -From e3856204645c6547a7aae854e4f4138710864612 Mon Sep 17 00:00:00 2001 -From: Evan Hunt -Date: Wed, 11 Oct 2017 08:51:03 -0700 -Subject: [PATCH] Move KRB5_CONFIG=/dev/null to conf.sh.* so the named run in - the tests gets the setting - -(cherry picked from commit 74f46c45b0868219512f52bb54d105ed65212f71) ---- - bin/tests/system/conf.sh.in | 4 ++++ - bin/tests/system/conf.sh.win32 | 4 ++++ - bin/tests/system/tsiggss/tests.sh | 4 ---- - 3 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in -index 8f73dbf..7b99e83 100644 ---- a/bin/tests/system/conf.sh.in -+++ b/bin/tests/system/conf.sh.in -@@ -67,6 +67,9 @@ MAKEJOURNAL=$TOP/bin/tests/makejournal - PIPEQUERIES=$TOP/bin/tests/system/pipelined/pipequeries - SAMPLEUPDATE=$TOP/lib/samples/sample-update - -+# we don't want a KRB5_CONFIG setting breaking the tests -+KRB5_CONFIG=/dev/null -+ - # The "stress" test is not run by default since it creates enough - # load on the machine to make it unusable to other users. - # v6synth -@@ -150,6 +153,7 @@ export KEYFRLAB - export KEYGEN - export KEYSETTOOL - export KEYSIGNER -+export KRB5_CONFIG - export LWRESD - export LWTEST - export MAKEJOURNAL -diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32 -index e2d7855..55175b4 100644 ---- a/bin/tests/system/conf.sh.win32 -+++ b/bin/tests/system/conf.sh.win32 -@@ -73,6 +73,9 @@ LWTEST=$TOP/Build/$VSCONF/lwtest@EXEEXT@ - MAKEJOURNAL=$TOP/Build/$VSCONF/makejournal@EXEEXT@ - PIPEQUERIES=$TOP/Build/$VSCONF/pipequeries@EXEEXT@ - -+# we don't want a KRB5_CONFIG setting breaking the tests -+KRB5_CONFIG=/dev/null -+ - # The "stress" test is not run by default since it creates enough - # load on the machine to make it unusable to other users. - # v6synth -@@ -150,6 +153,7 @@ export KEYFRLAB - export KEYGEN - export KEYSETTOOL - export KEYSIGNER -+export KRB5_CONFIG - export LWRESD - export LWTEST - export MAKEJOURNAL -diff --git a/bin/tests/system/tsiggss/tests.sh b/bin/tests/system/tsiggss/tests.sh -index 7576a93..2198cf1 100644 ---- a/bin/tests/system/tsiggss/tests.sh -+++ b/bin/tests/system/tsiggss/tests.sh -@@ -15,10 +15,6 @@ status=0 - - DIGOPTS="@10.53.0.1 -p 5300" - --# we don't want a KRB5_CONFIG setting breaking the tests --KRB5_CONFIG=/dev/null --export KRB5_CONFIG -- - test_update() { - host="$1" - type="$2" --- -2.9.5 - diff --git a/bind-9.5-dlz-64bit.patch b/bind-9.5-dlz-64bit.patch index 5994e68..06b5545 100644 --- a/bind-9.5-dlz-64bit.patch +++ b/bind-9.5-dlz-64bit.patch @@ -1,6 +1,7 @@ -diff -up bind-9.10.1b1/contrib/dlz/config.dlz.in.64bit bind-9.10.1b1/contrib/dlz/config.dlz.in ---- bind-9.10.1b1/contrib/dlz/config.dlz.in.64bit 2014-06-23 06:47:35.000000000 +0200 -+++ bind-9.10.1b1/contrib/dlz/config.dlz.in 2014-07-29 15:29:06.956527598 +0200 +diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in +index 5d65a85..2677b26 100644 +--- a/contrib/dlz/config.dlz.in ++++ b/contrib/dlz/config.dlz.in @@ -17,6 +17,13 @@ # dlzdir='${DLZ_DRIVER_DIR}' @@ -15,19 +16,66 @@ diff -up bind-9.10.1b1/contrib/dlz/config.dlz.in.64bit bind-9.10.1b1/contrib/dlz # # Private autoconf macro to simplify configuring drivers: # -@@ -140,9 +147,9 @@ then - then - use_dlz_mysql=$d - mysql_include=$d/include/mysql -- if test -d $d/lib/mysql -+ if test -d $d/${target_lib}/mysql +@@ -152,23 +159,11 @@ then then + use_dlz_mysql=$d + mysql_include=$d/include/mysql +- if test -d $d/lib/mysql +- then - mysql_lib=$d/lib/mysql -+ mysql_lib=$d/${target_lib}/mysql - else - mysql_lib=$d/lib +- else +- mysql_lib=$d/lib +- fi + break + elif test -f $d/include/mysql.h + then + use_dlz_mysql=$d + mysql_include=$d/include +- if test -d $d/lib/mysql +- then +- mysql_lib=$d/lib/mysql +- else +- mysql_lib=$d/lib +- fi + break fi -@@ -288,9 +295,9 @@ case "$use_dlz_bdb" in + done +@@ -179,21 +174,9 @@ then + if test -f $d/include/mysql/mysql.h + then + mysql_include=$d/include/mysql +- if test -d $d/lib/mysql +- then +- mysql_lib=$d/lib/mysql +- else +- mysql_lib=$d/lib +- fi + elif test -f $d/include/mysql.h + then + mysql_include=$d/include +- if test -d $d/lib/mysql +- then +- mysql_lib=$d/lib/mysql +- else +- mysql_lib=$d/lib +- fi + fi + fi + +@@ -217,6 +200,12 @@ case "$use_dlz_mysql" in + [using mysql with libs ${mysql_lib} and includes ${mysql_include}]) + ;; + *) ++ if test -d $use_dlz_mysql/${target_lib}/mysql ++ then ++ mysql_lib=$use_dlz_mysql/${target_lib}/mysql ++ else ++ mysql_lib=$use_dlz_mysql/${target_lib} ++ fi + DLZ_ADD_DRIVER(MYSQL, dlz_mysql_driver, + [-I${mysql_include}], + [-L${mysql_lib} -lmysqlclient -lz -lcrypt -lm]) +@@ -310,9 +299,9 @@ case "$use_dlz_bdb" in then break fi @@ -39,7 +87,7 @@ diff -up bind-9.10.1b1/contrib/dlz/config.dlz.in.64bit bind-9.10.1b1/contrib/dlz break fi done -@@ -390,7 +397,7 @@ case "$use_dlz_ldap" in +@@ -414,7 +403,7 @@ case "$use_dlz_ldap" in *) DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver, [-I$use_dlz_ldap/include], @@ -48,7 +96,7 @@ diff -up bind-9.10.1b1/contrib/dlz/config.dlz.in.64bit bind-9.10.1b1/contrib/dlz AC_MSG_RESULT( [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include]) -@@ -425,11 +432,11 @@ then +@@ -450,11 +439,11 @@ then odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do diff --git a/bind.spec b/bind.spec index 3c65714..0077dea 100644 --- a/bind.spec +++ b/bind.spec @@ -2,8 +2,8 @@ # Red Hat BIND package .spec file # -%global PATCHVER P1 -#%%global PREVER rc1 +#%%global PATCHVER P1 +%global PREVER b1 %global BINDVERSION %{version}%{?PREVER}%{?PATCHVER:-%{PATCHVER}} %{?!SDB: %global SDB 1} @@ -24,7 +24,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.11.2 +Version: 9.11.3 Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ @@ -80,9 +80,7 @@ Patch136:bind-9.10-dist-native-pkcs11.patch # introduced by https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=fc9f0ac5778f78003a7acc957a23711811fec122 Patch137:bind-9.10-use-of-strlcat.patch Patch140:bind-9.11-rh1410433.patch -Patch142:bind-9.11-rh1484451.patch Patch145:bind-9.11-rh1205168.patch -Patch146:bind-9.11-rh1500017.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -323,9 +321,7 @@ This package provides a module which allows commands to be sent to rndc directly %patch130 -p1 -b .libdb %patch131 -p1 -b .multlib-conflict %patch140 -p1 -b .rh1410433 -%patch142 -p1 -b .rh1484451 %patch145 -p1 -b .rh1205168 -%patch146 -p1 -b .rh1500017 %if %{PKCS11} cp -r bin/named{,-pkcs11} @@ -844,9 +840,9 @@ rm -rf ${RPM_BUILD_ROOT} %files libs-lite %defattr(-,root,root,-) -%{_libdir}/libdns.so.169* +%{_libdir}/libdns.so.1100* %{_libdir}/libirs.so.160* -%{_libdir}/libisc.so.166* +%{_libdir}/libisc.so.169* %{_libdir}/libisccfg.so.160* %files license @@ -1009,8 +1005,8 @@ rm -rf ${RPM_BUILD_ROOT} %files pkcs11-libs %defattr(-,root,root,-) -%{_libdir}/libdns-pkcs11.so.169* -%{_libdir}/libisc-pkcs11.so.166* +%{_libdir}/libdns-pkcs11.so.1100* +%{_libdir}/libisc-pkcs11.so.169* %files pkcs11-devel %defattr(-,root,root,-) @@ -1027,6 +1023,9 @@ rm -rf ${RPM_BUILD_ROOT} %{python3_sitelib}/isc/ %changelog +* Thu Feb 15 2018 Petr Menšík - 32:9.11.3-1.b1 +- Rebase to 9.11.3b1 + * Thu Jan 18 2018 Petr Menšík - 32:9.11.2-1.P1 - Fix CVE-2017-3145, rebase to 9.11.2-P1 diff --git a/bind97-rh693982.patch b/bind97-rh693982.patch index 34e6f73..0e73764 100644 --- a/bind97-rh693982.patch +++ b/bind97-rh693982.patch @@ -1,15 +1,15 @@ diff --git a/bin/named/server.c b/bin/named/server.c -index 529ba5e..a936597 100644 +index 20a6e31..dececd5 100644 --- a/bin/named/server.c +++ b/bin/named/server.c -@@ -7892,15 +7892,6 @@ load_configuration(const char *filename, ns_server_t *server, - if (first_time) +@@ -8126,15 +8126,6 @@ load_configuration(const char *filename, ns_server_t *server, ns_os_changeuser(); + } - /* - * Check that the working directory is writable. - */ -- if (access(".", W_OK) != 0) { +- if (!isc_file_isdirwritable(".")) { - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_ERROR, - "the working directory is not writable"); @@ -18,19 +18,19 @@ index 529ba5e..a936597 100644 #ifdef HAVE_LMDB /* * Reopen NZD databases. -@@ -7976,6 +7967,15 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8209,6 +8200,15 @@ load_configuration(const char *filename, ns_server_t *server, + "config file"); } - /* ++ /* + * Check that the working directory is writable. + */ -+ if (access(".", W_OK) != 0) { ++ if (!isc_file_isdirwritable(".")) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), + "the working directory is not writable"); + } + -+ /* + /* * Set the default value of the query logging flag depending * whether a "queries" category has been defined. This is - * a disgusting hack, but we need to do this for BIND 8 diff --git a/sources b/sources index 95b4bc9..946b163 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.11.2-P1.tar.gz) = 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597 +SHA512 (bind-9.11.3b1.tar.gz) = 5cd841d4d4457b89770fb1e4e42416a90a24d9e5f2487bf8e195558f8478aaa97db05c93f26f573deb01b46601d1d0159f59de8da1ac1f73e675c126a1931fe1 SHA512 (config-16.tar.bz2) = 983e0a8de3bb0c16fb21331894cc97ea516233796158eb5d1c932608227b31889496d0467c3e43953bf504dbf8b5f19210d2c9f8e0e3742aea2c7609245bf3f7