Sync with rawhide
This commit is contained in:
parent
d0e91f75a2
commit
056fe70b7c
|
@ -0,0 +1 @@
|
|||
1
|
|
@ -92,7 +92,6 @@ bind-9.7.2b1.tar.gz
|
|||
/bind-9.11.5-P4.tar.gz
|
||||
/bind-9.11.6.tar.gz
|
||||
/bind-9.11.6-P1.tar.gz
|
||||
/bind-9.14.4.tar.gz
|
||||
/bind-9.11.7.tar.gz
|
||||
/bind-9.11.8.tar.gz
|
||||
/bind-9.11.9.tar.gz
|
||||
|
@ -103,18 +102,91 @@ bind-9.7.2b1.tar.gz
|
|||
/bind-9.11.13.tar.gz.asc
|
||||
/bind-9.11.14.tar.gz
|
||||
/bind-9.11.14.tar.gz.asc
|
||||
/bind-9.11.17.tar.gz
|
||||
/bind-9.11.17.tar.gz.asc
|
||||
/bind-9.11.18.tar.gz
|
||||
/bind-9.11.18.tar.gz.asc
|
||||
/bind-9.11.19.tar.gz
|
||||
/bind-9.11.19.tar.gz.asc
|
||||
/bind-9.11.20.tar.gz
|
||||
/bind-9.11.20.tar.gz.asc
|
||||
/bind-9.11.21.tar.gz
|
||||
/bind-9.11.21.tar.gz.asc
|
||||
/bind-9.11.22.tar.gz
|
||||
/bind-9.11.22.tar.gz.asc
|
||||
/bind-9.11.23.tar.gz
|
||||
/bind-9.11.23.tar.gz.asc
|
||||
/bind-9.11.24.tar.gz
|
||||
/bind-9.11.24.tar.gz.asc
|
||||
/bind-9.11.25.tar.gz
|
||||
/bind-9.11.25.tar.gz.asc
|
||||
/bind-9.11.26.tar.gz
|
||||
/bind-9.11.26.tar.gz.asc
|
||||
/bind-9.16.1.tar.xz
|
||||
/bind-9.16.1.tar.xz.asc
|
||||
/bind-9.17.0.tar.xz
|
||||
/bind-9.17.0.tar.xz.asc
|
||||
/bind-9.17.4.tar.xz
|
||||
/bind-9.17.4.tar.xz.asc
|
||||
/bind-9.17.15.tar.xz
|
||||
/bind-9.17.15.tar.xz.asc
|
||||
/bind-9.17.20.tar.xz
|
||||
/bind-9.17.20.tar.xz.asc
|
||||
/isc-logo.pdf
|
||||
/bind-9.17.21.tar.xz
|
||||
/bind-9.17.21.tar.xz.asc
|
||||
/bind-9.17.22.tar.xz
|
||||
/bind-9.17.22.tar.xz.asc
|
||||
/bind-9.16.2.tar.xz
|
||||
/bind-9.16.2.tar.xz.asc
|
||||
/bind-9.16.4.tar.xz
|
||||
/bind-9.16.4.tar.xz.asc
|
||||
/bind-9.16.5.tar.xz
|
||||
/bind-9.16.5.tar.xz.asc
|
||||
/bind-9.16.6.tar.xz
|
||||
/bind-9.16.6.tar.xz.asc
|
||||
/bind-9.16.7.tar.xz
|
||||
/bind-9.16.7.tar.xz.asc
|
||||
/bind-9.16.8.tar.xz
|
||||
/bind-9.16.8.tar.xz.asc
|
||||
/bind-9.16.9.tar.xz
|
||||
/bind-9.16.9.tar.xz.asc
|
||||
/bind-9.16.10.tar.xz
|
||||
/bind-9.16.10.tar.xz.asc
|
||||
/bind-9.16.11.tar.xz
|
||||
/bind-9.16.11.tar.xz.asc
|
||||
/bind-9.16.13.tar.xz
|
||||
/bind-9.16.13.tar.xz.asc
|
||||
/bind-9.16.15.tar.xz
|
||||
/bind-9.16.15.tar.xz.asc
|
||||
/bind-9.16.16.tar.xz
|
||||
/bind-9.16.16.tar.xz.asc
|
||||
/bind-9.16.17.tar.xz
|
||||
/bind-9.16.17.tar.xz.asc
|
||||
/bind-9.16.18.tar.xz
|
||||
/bind-9.16.18.tar.xz.asc
|
||||
/bind-9.16.19.tar.xz
|
||||
/bind-9.16.19.tar.xz.asc
|
||||
/bind-9.16.20.tar.xz
|
||||
/bind-9.16.20.tar.xz.asc
|
||||
/bind-9.16.21.tar.xz
|
||||
/bind-9.16.21.tar.xz.asc
|
||||
/bind-9.16.22.tar.xz
|
||||
/bind-9.16.22.tar.xz.asc
|
||||
/bind-9.16.23.tar.xz
|
||||
/bind-9.16.23.tar.xz.asc
|
||||
/bind-9.16.24.tar.xz
|
||||
/bind-9.16.24.tar.xz.asc
|
||||
/bind-9.16.25.tar.xz
|
||||
/bind-9.16.25.tar.xz.asc
|
||||
/bind-9.16.26.tar.xz
|
||||
/bind-9.16.26.tar.xz.asc
|
||||
/bind-9.16.27.tar.xz
|
||||
/bind-9.16.27.tar.xz.asc
|
||||
/bind-9.16.28.tar.xz
|
||||
/bind-9.16.28.tar.xz.asc
|
||||
/bind-9.16.29.tar.xz
|
||||
/bind-9.16.29.tar.xz.asc
|
||||
/bind-9.16.30.tar.xz
|
||||
/bind-9.16.30.tar.xz.asc
|
||||
/bind-9.18.0.tar.xz
|
||||
/bind-9.18.0.tar.xz.asc
|
||||
/bind-9.18.1.tar.xz
|
||||
/bind-9.18.1.tar.xz.asc
|
||||
/bind-9.18.2.tar.xz
|
||||
/bind-9.18.2.tar.xz.asc
|
||||
/bind-9.18.3.tar.xz
|
||||
/bind-9.18.3.tar.xz.asc
|
||||
/bind-9.18.4.tar.xz
|
||||
/bind-9.18.4.tar.xz.asc
|
||||
/bind-9.18.5.tar.xz
|
||||
/bind-9.18.5.tar.xz.asc
|
||||
/bind-9.18.6.tar.xz
|
||||
/bind-9.18.6.tar.xz.asc
|
||||
|
|
45
Changes.md
45
Changes.md
|
@ -1,12 +1,43 @@
|
|||
= Changes in BIND9 package =
|
||||
# Significant Changes in BIND9 package
|
||||
|
||||
== 9.14 ==
|
||||
## BIND 9.16
|
||||
|
||||
- single thread support removed. Cannot provide bind-export-libs for DHCP
|
||||
- lwres support completely removed. Both daemon and library
|
||||
- common parts of daemon moved into libns shared library
|
||||
### New features
|
||||
|
||||
- *libuv* is used for network subsystem as a mandatory dependency
|
||||
- *dnssec-policy* support in named.conf is introduced, providing a a key and signing policy
|
||||
([KASP](https://gitlab.isc.org/isc-projects/bind9/-/wikis/DNSSEC-Key-and-Signing-Policy-(KASP)))
|
||||
- *trusted-keys* and *managed-keys* are deprecated, replaced by *trust-anchors*
|
||||
- *trust-anchors* support also anchor in a *DS* format, in addition to *DNSKEY* format
|
||||
- **dig, mdig** and **delv** support **+yaml** parameter to print detailed machine parseable output
|
||||
|
||||
### Feature changes
|
||||
|
||||
- Static trust anchor and *dnssec-validation auto;* are incompatible and cause fatal error, when used together.
|
||||
- *DS* and *CDS* now generates only SHA-256 digest, SHA-1 is no longer generated by default
|
||||
- SipHash 2-4 DNS Cookie ([RFC 7873](https://www.rfc-editor.org/rfc/rfc7873.html) is now default).
|
||||
Only AES alternative algorithm is kept, HMAC-SHA cookie support were removed.
|
||||
- **dnssec-signzone** and **dnssec-verify** commands print output to stdout, *-q* parameter can silence them
|
||||
|
||||
### Features removed
|
||||
|
||||
- *dnssec-enable* option is obsolete, DNSSEC support is always enabled
|
||||
- *dnssec-lookaside* option is deprecated and support for it removed from all tools
|
||||
- *cleaning-interval* option is removed
|
||||
|
||||
### Upstream release notes
|
||||
|
||||
- [9.16.10 notes](https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10)
|
||||
- [9.16.0 notes](https://downloads.isc.org/isc/bind9/9.16.0/doc/arm/html/notes.html#notes-for-bind-9-16-0)
|
||||
|
||||
## BIND 9.14
|
||||
|
||||
- single thread support removed. Cannot provide *bind-export-libs* for DHCP
|
||||
- *lwres* support completely removed. Both daemon and library
|
||||
- common parts of daemon moved into *libns* shared library
|
||||
- introduced plugin for filtering aaaa responses
|
||||
- some SDB utilities no longer supported
|
||||
|
||||
=== 9.14.7 ===
|
||||
[notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)
|
||||
### Upstream release notes
|
||||
|
||||
- [9.14.7 notes](https://downloads.isc.org/isc/bind9/9.14.7/RELEASE-NOTES-bind-9.14.7.html)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
From 22a56b67a27b0ab63050ce6a287a15df6ac96f94 Mon Sep 17 00:00:00 2001
|
||||
From 09030b066846a9b7252b5cb4f483d4a55b4639fc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
|
@ -81,21 +81,23 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
|||
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/setup.sh | 6 +-
|
||||
bin/tests/system/nsupdate/tests.sh | 11 +++-
|
||||
bin/tests/system/nsupdate/tests.sh | 11 ++-
|
||||
bin/tests/system/rndc/setup.sh | 2 +-
|
||||
bin/tests/system/rndc/tests.sh | 22 ++++---
|
||||
bin/tests/system/rndc/tests.sh | 22 +++---
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 65 ++++++++++++-------
|
||||
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
31 files changed, 148 insertions(+), 105 deletions(-)
|
||||
32 files changed, 159 insertions(+), 106 deletions(-)
|
||||
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 60f22e1..249f672 100644
|
||||
index 745048a..93cb411 100644
|
||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
|
@ -111,10 +113,10 @@ index 60f22e1..249f672 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
index ada97bc..f82d858 100644
|
||||
index 21aa991..78e71cc 100644
|
||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
|
@ -130,10 +132,10 @@ index ada97bc..f82d858 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
index 97684e4..de6a2e9 100644
|
||||
index 3208c92..bed6325 100644
|
||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
@@ -33,17 +33,17 @@ options {
|
||||
@@ -35,17 +35,17 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
|
@ -155,28 +157,9 @@ index 97684e4..de6a2e9 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
index 462b3fa..994b35c 100644
|
||||
index 14e82ed..a22cafe 100644
|
||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
@@ -33,12 +33,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index 728da58..8f00d09 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
};
|
||||
|
||||
|
@ -192,11 +175,30 @@ index 728da58..8f00d09 100644
|
|||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index f43f33c..f4a865a 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -37,12 +37,12 @@ options {
|
||||
};
|
||||
|
||||
key one {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
- algorithm hmac-md5;
|
||||
+ algorithm hmac-sha256;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
||||
index a48f868..fab277b 100644
|
||||
index ad98fa1..7a7ff4a 100644
|
||||
--- a/bin/tests/system/acl/tests.sh
|
||||
+++ b/bin/tests/system/acl/tests.sh
|
||||
@@ -21,14 +21,14 @@ echo_i "testing basic ACL processing"
|
||||
@@ -23,14 +23,14 @@ echo_i "testing basic ACL processing"
|
||||
# key "one" should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
|
@ -213,7 +215,7 @@ index a48f868..fab277b 100644
|
|||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
copy_setports ns2/named2.conf.in ns2/named.conf
|
||||
@@ -38,18 +38,18 @@ sleep 5
|
||||
@@ -40,18 +40,18 @@ sleep 5
|
||||
# prefix 10/8 should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
|
@ -235,7 +237,7 @@ index a48f868..fab277b 100644
|
|||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing nested ACL processing"
|
||||
@@ -61,31 +61,31 @@ sleep 5
|
||||
@@ -63,31 +63,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
|
@ -272,7 +274,7 @@ index a48f868..fab277b 100644
|
|||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
@@ -96,7 +96,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
||||
@@ -98,7 +98,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
||||
# and other values? right out
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
|
@ -281,7 +283,7 @@ index a48f868..fab277b 100644
|
|||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
|
||||
@@ -107,31 +107,31 @@ sleep 5
|
||||
@@ -109,31 +109,31 @@ sleep 5
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
|
@ -319,10 +321,10 @@ index a48f868..fab277b 100644
|
|||
|
||||
echo_i "testing allow-query-on ACL processing"
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
index 7d43e36..f7b25f9 100644
|
||||
index b91d19a..7d777c2 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
|
@ -332,10 +334,10 @@ index 7d43e36..f7b25f9 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
index 2952518..121557e 100644
|
||||
index 308c4ca..00f6f40 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
@@ -12,12 +12,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
|
@ -351,10 +353,10 @@ index 2952518..121557e 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
index 0c01071..ceabbb5 100644
|
||||
index 6b0fe55..491e514 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
|
@ -364,10 +366,10 @@ index 0c01071..ceabbb5 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
index 4c17292..9cd9d1f 100644
|
||||
index aefc474..7c06596 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
|
@ -377,10 +379,10 @@ index 4c17292..9cd9d1f 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
index a2690a4..f488730 100644
|
||||
index 27eccc2..eecb990 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||
@@ -10,12 +10,12 @@
|
||||
@@ -12,12 +12,12 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
|
@ -396,10 +398,10 @@ index a2690a4..f488730 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
index a0708c8..51fa457 100644
|
||||
index adbb203..744d122 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key one {
|
||||
|
@ -409,10 +411,10 @@ index a0708c8..51fa457 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
index 687768e..d24d6d2 100644
|
||||
index 364f94b..9518f82 100644
|
||||
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||
@@ -14,12 +14,12 @@ acl accept { 10.53.0.2; };
|
||||
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
||||
acl badaccept { 10.53.0.1; };
|
||||
|
||||
key one {
|
||||
|
@ -428,10 +430,10 @@ index 687768e..d24d6d2 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
|
||||
index c0398fe..cc1962a 100644
|
||||
index bbffe07..80da0fe 100644
|
||||
--- a/bin/tests/system/allow-query/tests.sh
|
||||
+++ b/bin/tests/system/allow-query/tests.sh
|
||||
@@ -198,7 +198,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -200,7 +200,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key allowed - query allowed"
|
||||
ret=0
|
||||
|
@ -440,7 +442,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -211,7 +211,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -213,7 +213,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key not allowed - query refused"
|
||||
ret=0
|
||||
|
@ -449,7 +451,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
@@ -225,7 +225,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -227,7 +227,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key disallowed - query refused"
|
||||
ret=0
|
||||
|
@ -458,7 +460,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
@@ -364,7 +364,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key allowed - query allowed"
|
||||
ret=0
|
||||
|
@ -467,7 +469,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -377,7 +377,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -379,7 +379,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key not allowed - query refused"
|
||||
ret=0
|
||||
|
@ -476,7 +478,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
@@ -391,7 +391,7 @@ rndc_reload ns2 10.53.0.2
|
||||
@@ -393,7 +393,7 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key disallowed - query refused"
|
||||
ret=0
|
||||
|
@ -485,7 +487,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
@@ -531,7 +531,7 @@ status=`expr $status + $ret`
|
||||
@@ -533,7 +533,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key allowed - query allowed"
|
||||
ret=0
|
||||
|
@ -494,7 +496,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -541,7 +541,7 @@ status=`expr $status + $ret`
|
||||
@@ -543,7 +543,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key not allowed - query refused"
|
||||
ret=0
|
||||
|
@ -503,7 +505,7 @@ index c0398fe..cc1962a 100644
|
|||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
@@ -552,7 +552,7 @@ status=`expr $status + $ret`
|
||||
@@ -554,7 +554,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key disallowed - query refused"
|
||||
ret=0
|
||||
|
@ -513,10 +515,10 @@ index c0398fe..cc1962a 100644
|
|||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
||||
index 1218669..e62715e 100644
|
||||
index 1421281..424afb8 100644
|
||||
--- a/bin/tests/system/catz/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
||||
@@ -61,5 +61,5 @@ zone "catalog4.example" {
|
||||
@@ -122,5 +122,5 @@ view "ch" ch {
|
||||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
|
@ -524,10 +526,10 @@ index 1218669..e62715e 100644
|
|||
+ algorithm hmac-sha256;
|
||||
};
|
||||
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
index 21be03e..e57c308 100644
|
||||
index 4af25b0..9f202d5 100644
|
||||
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
||||
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
||||
@@ -11,7 +11,7 @@
|
||||
@@ -13,7 +13,7 @@
|
||||
|
||||
/* Bad secret */
|
||||
key "badtsig" {
|
||||
|
@ -537,10 +539,10 @@ index 21be03e..e57c308 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
||||
index 2373425..7b87b04 100644
|
||||
index 897dc86..e4b6dc1 100644
|
||||
--- a/bin/tests/system/checkconf/good.conf
|
||||
+++ b/bin/tests/system/checkconf/good.conf
|
||||
@@ -268,6 +268,6 @@ dyndb "name" "library.so" {
|
||||
@@ -270,6 +270,6 @@ dyndb "name" "library.so" {
|
||||
system;
|
||||
};
|
||||
key "mykey" {
|
||||
|
@ -549,10 +551,10 @@ index 2373425..7b87b04 100644
|
|||
secret "qwertyuiopasdfgh";
|
||||
};
|
||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||
index 72c09ae..4095d92 100644
|
||||
index 3435c91..aaaa264 100644
|
||||
--- a/bin/tests/system/feature-test.c
|
||||
+++ b/bin/tests/system/feature-test.c
|
||||
@@ -14,6 +14,7 @@
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
|
@ -560,7 +562,7 @@ index 72c09ae..4095d92 100644
|
|||
#include <isc/net.h>
|
||||
#include <isc/print.h>
|
||||
#include <isc/util.h>
|
||||
@@ -129,6 +130,19 @@ main(int argc, char **argv) {
|
||||
@@ -133,6 +134,19 @@ main(int argc, char **argv) {
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -581,10 +583,10 @@ index 72c09ae..4095d92 100644
|
|||
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
||||
int s;
|
||||
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
||||
index 1ee8df4..2b75d9a 100644
|
||||
index 5cab276..d4a7bf3 100644
|
||||
--- a/bin/tests/system/notify/ns5/named.conf.in
|
||||
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
||||
@@ -10,17 +10,17 @@
|
||||
@@ -12,17 +12,17 @@
|
||||
*/
|
||||
|
||||
key "a" {
|
||||
|
@ -606,10 +608,10 @@ index 1ee8df4..2b75d9a 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
||||
index e8a00ea..978082c 100644
|
||||
index 04fd34b..e5476ea 100644
|
||||
--- a/bin/tests/system/notify/tests.sh
|
||||
+++ b/bin/tests/system/notify/tests.sh
|
||||
@@ -211,16 +211,16 @@ ret=0
|
||||
@@ -179,7 +179,7 @@ test_start "checking notify to multiple views using tsig"
|
||||
$NSUPDATE << EOF
|
||||
server 10.53.0.5 ${PORT}
|
||||
zone x21
|
||||
|
@ -618,22 +620,23 @@ index e8a00ea..978082c 100644
|
|||
update add added.x21 0 in txt "test string"
|
||||
send
|
||||
EOF
|
||||
|
||||
@@ -187,9 +187,9 @@ fnb="dig.out.b.ns5.test$n"
|
||||
fnc="dig.out.c.ns5.test$n"
|
||||
for i in 1 2 3 4 5 6 7 8 9
|
||||
do
|
||||
- $DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
txt > dig.out.b.ns5.test$n || ret=1
|
||||
- $DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
||||
+ $DIG $DIGOPTS added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
||||
txt > dig.out.c.ns5.test$n || ret=1
|
||||
grep "test string" dig.out.b.ns5.test$n > /dev/null &&
|
||||
grep "test string" dig.out.c.ns5.test$n > /dev/null &&
|
||||
- dig_plus_opts added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
+ dig_plus_opts added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
||||
txt > "$fnb" || ret=1
|
||||
- dig_plus_opts added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
||||
+ dig_plus_opts added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
||||
txt > "$fnc" || ret=1
|
||||
grep "test string" "$fnb" > /dev/null &&
|
||||
grep "test string" "$fnc" > /dev/null &&
|
||||
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
index b51e700..436c97d 100644
|
||||
index 81d0c99..effbe2e 100644
|
||||
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
@@ -37,7 +37,7 @@ controls {
|
||||
@@ -39,7 +39,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
|
@ -643,10 +646,10 @@ index b51e700..436c97d 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
index da6b3b4..c547e47 100644
|
||||
index f1a1735..da2b3d1 100644
|
||||
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
@@ -32,7 +32,7 @@ controls {
|
||||
@@ -34,7 +34,7 @@ controls {
|
||||
};
|
||||
|
||||
key altkey {
|
||||
|
@ -656,10 +659,10 @@ index da6b3b4..c547e47 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||
index be8c7f8..e465216 100644
|
||||
index 50056dc..a4a1a3f 100644
|
||||
--- a/bin/tests/system/nsupdate/setup.sh
|
||||
+++ b/bin/tests/system/nsupdate/setup.sh
|
||||
@@ -70,7 +70,11 @@ EOF
|
||||
@@ -72,7 +72,11 @@ EOF
|
||||
|
||||
$TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
|
||||
|
||||
|
@ -673,10 +676,10 @@ index be8c7f8..e465216 100644
|
|||
$TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
|
||||
$TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index 7b9c0e6..26e6b01 100755
|
||||
index 0863d0a..559def7 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -823,7 +823,14 @@ fi
|
||||
@@ -841,7 +841,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
|
||||
|
@ -692,7 +695,7 @@ index 7b9c0e6..26e6b01 100755
|
|||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -831,7 +838,7 @@ send
|
||||
@@ -849,7 +856,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
|
@ -702,10 +705,10 @@ index 7b9c0e6..26e6b01 100755
|
|||
done
|
||||
if [ $ret -ne 0 ]; then
|
||||
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
||||
index b7721a3..0204e4d 100644
|
||||
index 4dd6fa7..1b79263 100644
|
||||
--- a/bin/tests/system/rndc/setup.sh
|
||||
+++ b/bin/tests/system/rndc/setup.sh
|
||||
@@ -45,7 +45,7 @@ make_key () {
|
||||
@@ -47,7 +47,7 @@ make_key () {
|
||||
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
||||
}
|
||||
|
||||
|
@ -715,10 +718,10 @@ index b7721a3..0204e4d 100644
|
|||
make_key 3 ${EXTRAPORT3} hmac-sha224
|
||||
make_key 4 ${EXTRAPORT4} hmac-sha256
|
||||
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
||||
index df3ef3a..eaaffe6 100644
|
||||
index e678153..e7ec855 100644
|
||||
--- a/bin/tests/system/rndc/tests.sh
|
||||
+++ b/bin/tests/system/rndc/tests.sh
|
||||
@@ -348,15 +348,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@@ -350,15 +350,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status+ret))
|
||||
|
||||
n=$((n+1))
|
||||
|
@ -731,7 +734,7 @@ index df3ef3a..eaaffe6 100644
|
|||
-done
|
||||
-if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
-status=$((status+ret))
|
||||
+if $FEATURETEST --md5
|
||||
+if $FEATURETEST --md5; then
|
||||
+ echo_i "testing rndc with hmac-md5 ($n)"
|
||||
+ ret=0
|
||||
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
||||
|
@ -748,10 +751,10 @@ index df3ef3a..eaaffe6 100644
|
|||
n=$((n+1))
|
||||
echo_i "testing rndc with hmac-sha1 ($n)"
|
||||
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
index 3470c4f..cf539cd 100644
|
||||
index 76cf970..22637af 100644
|
||||
--- a/bin/tests/system/tsig/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/tsig/ns1/named.conf.in
|
||||
@@ -21,10 +21,7 @@ options {
|
||||
@@ -23,10 +23,7 @@ options {
|
||||
notify no;
|
||||
};
|
||||
|
||||
|
@ -763,7 +766,7 @@ index 3470c4f..cf539cd 100644
|
|||
|
||||
key "sha1" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
@@ -51,10 +48,7 @@ key "sha512" {
|
||||
@@ -53,10 +50,7 @@ key "sha512" {
|
||||
algorithm hmac-sha512;
|
||||
};
|
||||
|
||||
|
@ -775,11 +778,27 @@ index 3470c4f..cf539cd 100644
|
|||
|
||||
key "sha1-trunc" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
new file mode 100644
|
||||
index 0000000..0682194
|
||||
--- /dev/null
|
||||
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Conditionally included when support for MD5 is available
|
||||
+key "md5" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5;
|
||||
+};
|
||||
+
|
||||
+key "md5-trunc" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5-80;
|
||||
+};
|
||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||
index 3210f1b..5b5e992 100644
|
||||
index 34cc73b..d51ff21 100644
|
||||
--- a/bin/tests/system/tsig/setup.sh
|
||||
+++ b/bin/tests/system/tsig/setup.sh
|
||||
@@ -14,3 +14,8 @@
|
||||
@@ -16,3 +16,8 @@
|
||||
$SHELL clean.sh
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
|
@ -789,10 +808,10 @@ index 3210f1b..5b5e992 100644
|
|||
+ cat ns1/rndc5.conf.in >> ns1/named.conf
|
||||
+fi
|
||||
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
||||
index a9bf42b..f95ee09 100644
|
||||
index 1067227..ee05e83 100644
|
||||
--- a/bin/tests/system/tsig/tests.sh
|
||||
+++ b/bin/tests/system/tsig/tests.sh
|
||||
@@ -25,20 +25,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
@@ -27,20 +27,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
||||
|
||||
status=0
|
||||
|
||||
|
@ -803,6 +822,13 @@ index a9bf42b..f95ee09 100644
|
|||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
-fi
|
||||
-
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ echo_i "fetching using hmac-md5 (old form)"
|
||||
|
@ -812,13 +838,7 @@ index a9bf42b..f95ee09 100644
|
|||
+ if [ $ret -eq 1 ] ; then
|
||||
+ echo_i "failed"; status=1
|
||||
+ fi
|
||||
|
||||
-echo_i "fetching using hmac-md5 (new form)"
|
||||
-ret=0
|
||||
-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
||||
-if [ $ret -eq 1 ] ; then
|
||||
- echo_i "failed"; status=1
|
||||
+
|
||||
+ echo_i "fetching using hmac-md5 (new form)"
|
||||
+ ret=0
|
||||
+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
||||
|
@ -831,7 +851,7 @@ index a9bf42b..f95ee09 100644
|
|||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1"
|
||||
@@ -86,12 +91,17 @@ fi
|
||||
@@ -88,12 +93,17 @@ fi
|
||||
# Truncated TSIG
|
||||
#
|
||||
#
|
||||
|
@ -855,7 +875,7 @@ index a9bf42b..f95ee09 100644
|
|||
fi
|
||||
|
||||
echo_i "fetching using hmac-sha1 (trunc)"
|
||||
@@ -140,12 +150,17 @@ fi
|
||||
@@ -142,12 +152,17 @@ fi
|
||||
# Check for bad truncation.
|
||||
#
|
||||
#
|
||||
|
@ -880,10 +900,10 @@ index a9bf42b..f95ee09 100644
|
|||
|
||||
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
||||
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
index 3873c7c..b359a5a 100644
|
||||
index c2b57dd..cb13aa1 100644
|
||||
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||
@@ -10,7 +10,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
key "update.example." {
|
||||
|
@ -893,10 +913,10 @@ index 3873c7c..b359a5a 100644
|
|||
};
|
||||
|
||||
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
||||
index 2011b7f..052170e 100644
|
||||
index a6de312..ebcadb1 100644
|
||||
--- a/bin/tests/system/upforwd/tests.sh
|
||||
+++ b/bin/tests/system/upforwd/tests.sh
|
||||
@@ -78,7 +78,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
@@ -80,7 +80,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
||||
|
||||
echo_i "updating zone (signed) ($n)"
|
||||
ret=0
|
||||
|
@ -906,5 +926,5 @@ index 2011b7f..052170e 100644
|
|||
update add updated.example. 600 A 10.10.10.1
|
||||
update add updated.example. 600 TXT Foo
|
||||
--
|
||||
2.31.1
|
||||
2.37.3
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
From baec1c0c1822d3ba89cc7e5e530888c865a899f7 Mon Sep 17 00:00:00 2001
|
||||
From 402403b4bbb4f603693378e86b6c97997ccb0401 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 23:17:13 +0200
|
||||
Subject: [PATCH] Update man named with Red Hat specifics
|
||||
|
@ -6,15 +6,15 @@ Subject: [PATCH] Update man named with Red Hat specifics
|
|||
This is almost unmodified text and requires revalidation. Some of those
|
||||
statements are no longer correct.
|
||||
---
|
||||
bin/named/named.rst | 40 ++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 40 insertions(+)
|
||||
bin/named/named.rst | 41 +++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 41 insertions(+)
|
||||
|
||||
diff --git a/bin/named/named.rst b/bin/named/named.rst
|
||||
index 3fa96e0..4390e73 100644
|
||||
index ea440b2..fa51984 100644
|
||||
--- a/bin/named/named.rst
|
||||
+++ b/bin/named/named.rst
|
||||
@@ -236,6 +236,46 @@ Files
|
||||
``/var/run/named/named.pid``
|
||||
@@ -212,6 +212,47 @@ Files
|
||||
|named_pid|
|
||||
The default process-id file.
|
||||
|
||||
+Notes
|
||||
|
@ -56,10 +56,11 @@ index 3fa96e0..4390e73 100644
|
|||
+these directories, named will work normally and no further operator action is
|
||||
+required. Files in these directories are automatically assigned the '*named_cache_t*'
|
||||
+file context, which SELinux allows named to write.
|
||||
+
|
||||
+
|
||||
See Also
|
||||
~~~~~~~~
|
||||
|
||||
--
|
||||
2.31.1
|
||||
2.34.1
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,48 @@
|
|||
From 87a2eac7a8264a0e8d64a8db85d44ec22454e256 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Wed, 7 Sep 2022 13:46:31 +0200
|
||||
Subject: [PATCH 1/3] Add ENGINE_init and ENGINE_finish calls
|
||||
|
||||
According to manual page of ENGINE_init, it should be called explicitly
|
||||
before any key operations happens. Make it active whole lifetime.
|
||||
---
|
||||
lib/dns/openssl_link.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
|
||||
index 333f34cb37..a3f63885fa 100644
|
||||
--- a/lib/dns/openssl_link.c
|
||||
+++ b/lib/dns/openssl_link.c
|
||||
@@ -85,14 +85,20 @@ dst__openssl_init(const char *engine) {
|
||||
result = DST_R_NOENGINE;
|
||||
goto cleanup_rm;
|
||||
}
|
||||
+ if (!ENGINE_init(e)) {
|
||||
+ result = DST_R_NOENGINE;
|
||||
+ goto cleanup_rm;
|
||||
+ }
|
||||
/* This will init the engine. */
|
||||
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
|
||||
result = DST_R_NOENGINE;
|
||||
- goto cleanup_rm;
|
||||
+ goto cleanup_init;
|
||||
}
|
||||
}
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
+cleanup_init:
|
||||
+ ENGINE_finish(e);
|
||||
cleanup_rm:
|
||||
if (e != NULL) {
|
||||
ENGINE_free(e);
|
||||
@@ -108,6 +114,7 @@ void
|
||||
dst__openssl_destroy(void) {
|
||||
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
|
||||
if (e != NULL) {
|
||||
+ ENGINE_finish(e);
|
||||
ENGINE_free(e);
|
||||
}
|
||||
e = NULL;
|
||||
--
|
||||
2.37.2
|
||||
|
|
@ -0,0 +1,245 @@
|
|||
From cc8edfc6670ba97434bc5acb595539fd9c7d9123 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 8 Sep 2022 16:33:38 +0200
|
||||
Subject: [PATCH 3/3] Remove engine related parts for OpenSSL 3.0
|
||||
|
||||
OpenSSL just cannot work with mixing ENGINE_* api mixed with OSSL_PARAM
|
||||
builders. But it can be built in legacy mode, where deprecated but still
|
||||
working API would be used.
|
||||
|
||||
It can work under OpenSSL 3.0, but only if using legacy code paths
|
||||
matching OpenSSL 1.1 calls and functions.
|
||||
|
||||
Remove fromlabel processing by OpenSSL 3.0 only functions. They can
|
||||
return later with a proper provider support for pkcs11.
|
||||
---
|
||||
lib/dns/opensslecdsa_link.c | 55 -------------------------------------
|
||||
lib/dns/opensslrsa_link.c | 32 ---------------------
|
||||
2 files changed, 87 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
|
||||
index 04f0d80b5e..f04f076e42 100644
|
||||
--- a/lib/dns/opensslecdsa_link.c
|
||||
+++ b/lib/dns/opensslecdsa_link.c
|
||||
@@ -1311,15 +1311,9 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
|
||||
isc_result_t ret = ISC_R_SUCCESS;
|
||||
ENGINE *e;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
EC_KEY *eckey = NULL;
|
||||
EC_KEY *pubeckey = NULL;
|
||||
int group_nid;
|
||||
-#else
|
||||
- size_t len;
|
||||
- const char *curve_name, *nist_curve_name;
|
||||
- char buf[128]; /* Sufficient for all of the supported curves' names. */
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
EVP_PKEY *pkey = NULL;
|
||||
EVP_PKEY *pubpkey = NULL;
|
||||
|
||||
@@ -1336,22 +1330,11 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
DST_RET(DST_R_NOENGINE);
|
||||
}
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (key->key_alg == DST_ALG_ECDSA256) {
|
||||
group_nid = NID_X9_62_prime256v1;
|
||||
} else {
|
||||
group_nid = NID_secp384r1;
|
||||
}
|
||||
-#else
|
||||
- /* Get the expected curve names */
|
||||
- if (key->key_alg == DST_ALG_ECDSA256) {
|
||||
- curve_name = "prime256v1";
|
||||
- nist_curve_name = "P-256";
|
||||
- } else {
|
||||
- curve_name = "secp384r1";
|
||||
- nist_curve_name = "P-384";
|
||||
- }
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
/* Load private key. */
|
||||
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
|
||||
@@ -1363,7 +1346,6 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
|
||||
DST_RET(DST_R_INVALIDPRIVATEKEY);
|
||||
}
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
eckey = EVP_PKEY_get1_EC_KEY(pkey);
|
||||
if (eckey == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
@@ -1371,20 +1353,6 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
if (EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey)) != group_nid) {
|
||||
DST_RET(DST_R_INVALIDPRIVATEKEY);
|
||||
}
|
||||
-#else
|
||||
- len = 0;
|
||||
- if (EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
|
||||
- buf, sizeof buf, &len) != 1 ||
|
||||
- len == 0 || len >= sizeof buf)
|
||||
- {
|
||||
- DST_RET(DST_R_INVALIDPRIVATEKEY);
|
||||
- }
|
||||
- if (strncasecmp(buf, curve_name, strlen(curve_name)) != 0 &&
|
||||
- strncasecmp(buf, nist_curve_name, strlen(nist_curve_name)) != 0)
|
||||
- {
|
||||
- DST_RET(DST_R_INVALIDPRIVATEKEY);
|
||||
- }
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
/* Load public key. */
|
||||
pubpkey = ENGINE_load_public_key(e, label, NULL, NULL);
|
||||
@@ -1396,7 +1364,6 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
if (EVP_PKEY_base_id(pubpkey) != EVP_PKEY_EC) {
|
||||
DST_RET(DST_R_INVALIDPUBLICKEY);
|
||||
}
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
pubeckey = EVP_PKEY_get1_EC_KEY(pubpkey);
|
||||
if (pubeckey == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
@@ -1404,30 +1371,10 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
if (EC_GROUP_get_curve_name(EC_KEY_get0_group(pubeckey)) != group_nid) {
|
||||
DST_RET(DST_R_INVALIDPUBLICKEY);
|
||||
}
|
||||
-#else
|
||||
- len = 0;
|
||||
- if (EVP_PKEY_get_utf8_string_param(pubpkey, OSSL_PKEY_PARAM_GROUP_NAME,
|
||||
- buf, sizeof buf, &len) != 1 ||
|
||||
- len == 0 || len >= sizeof buf)
|
||||
- {
|
||||
- DST_RET(DST_R_INVALIDPUBLICKEY);
|
||||
- }
|
||||
- if (strncasecmp(buf, curve_name, strlen(curve_name)) != 0 &&
|
||||
- strncasecmp(buf, nist_curve_name, strlen(nist_curve_name)) != 0)
|
||||
- {
|
||||
- DST_RET(DST_R_INVALIDPUBLICKEY);
|
||||
- }
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (ecdsa_check(eckey, pubeckey) != ISC_R_SUCCESS) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
}
|
||||
-#else
|
||||
- if (ecdsa_check(&pkey, pubpkey) != ISC_R_SUCCESS) {
|
||||
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
- }
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
key->label = isc_mem_strdup(key->mctx, label);
|
||||
key->engine = isc_mem_strdup(key->mctx, engine);
|
||||
@@ -1442,14 +1389,12 @@ err:
|
||||
if (pkey != NULL) {
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (pubeckey != NULL) {
|
||||
EC_KEY_free(pubeckey);
|
||||
}
|
||||
if (eckey != NULL) {
|
||||
EC_KEY_free(eckey);
|
||||
}
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
return (ret);
|
||||
#else
|
||||
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
|
||||
index 867b486a2f..cf350610ba 100644
|
||||
--- a/lib/dns/opensslrsa_link.c
|
||||
+++ b/lib/dns/opensslrsa_link.c
|
||||
@@ -1167,7 +1167,6 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
key->engine = isc_mem_strdup(key->mctx, engine);
|
||||
key->label = isc_mem_strdup(key->mctx, label);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
if (rsa == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
@@ -1176,16 +1175,6 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
}
|
||||
RSA_get0_key(rsa, NULL, &ex, NULL);
|
||||
-#else
|
||||
- if (rsa_check(pkey, pub != NULL ? pub->keydata.pkey : NULL) !=
|
||||
- ISC_R_SUCCESS) {
|
||||
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
- }
|
||||
- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &ex) !=
|
||||
- 1) {
|
||||
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
- }
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
if (ex == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
@@ -1437,12 +1426,8 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
ENGINE *e = NULL;
|
||||
isc_result_t ret = ISC_R_SUCCESS;
|
||||
EVP_PKEY *pkey = NULL, *pubpkey = NULL;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
RSA *rsa = NULL, *pubrsa = NULL;
|
||||
const BIGNUM *ex = NULL;
|
||||
-#else
|
||||
- BIGNUM *ex = NULL;
|
||||
-#endif
|
||||
|
||||
UNUSED(pin);
|
||||
|
||||
@@ -1459,12 +1444,10 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
DST_RET(dst__openssl_toresult2("ENGINE_load_public_key",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
pubrsa = EVP_PKEY_get1_RSA(pubpkey);
|
||||
if (pubrsa == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
|
||||
if (pkey == NULL) {
|
||||
@@ -1475,7 +1458,6 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
key->engine = isc_mem_strdup(key->mctx, engine);
|
||||
key->label = isc_mem_strdup(key->mctx, label);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
if (rsa == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
@@ -1484,14 +1466,6 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
}
|
||||
RSA_get0_key(rsa, NULL, &ex, NULL);
|
||||
-#else
|
||||
- if (rsa_check(pkey, pubpkey) != ISC_R_SUCCESS) {
|
||||
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
- }
|
||||
- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &ex) != 1) {
|
||||
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
- }
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
|
||||
if (ex == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
|
||||
@@ -1505,18 +1479,12 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
|
||||
pkey = NULL;
|
||||
|
||||
err:
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
if (rsa != NULL) {
|
||||
RSA_free(rsa);
|
||||
}
|
||||
if (pubrsa != NULL) {
|
||||
RSA_free(pubrsa);
|
||||
}
|
||||
-#else
|
||||
- if (ex != NULL) {
|
||||
- BN_free(ex);
|
||||
- }
|
||||
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
|
||||
if (pkey != NULL) {
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
--
|
||||
2.37.2
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
From 0f3a398fe813189c5dd56b0367a72c7b3f19504b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Wed, 14 Sep 2022 13:06:24 +0200
|
||||
Subject: [PATCH] Disable some often failing tests
|
||||
|
||||
Make those tests skipped in default build, when CI=true environment is
|
||||
set. It is not clear why they fail mostly on COPR, but they do fail
|
||||
often.
|
||||
---
|
||||
tests/isc/netmgr_test.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tests/isc/netmgr_test.c b/tests/isc/netmgr_test.c
|
||||
index 94e4bf7..7f9629c 100644
|
||||
--- a/tests/isc/netmgr_test.c
|
||||
+++ b/tests/isc/netmgr_test.c
|
||||
@@ -1567,13 +1567,13 @@ stream_half_recv_half_send(void **state __attribute__((unused))) {
|
||||
/* TCP */
|
||||
ISC_RUN_TEST_IMPL(tcp_noop) { stream_noop(state); }
|
||||
|
||||
-ISC_RUN_TEST_IMPL(tcp_noresponse) { stream_noresponse(state); }
|
||||
+ISC_RUN_TEST_IMPL(tcp_noresponse) { SKIP_IN_CI; stream_noresponse(state); }
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_timeout_recovery) { stream_timeout_recovery(state); }
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_recv_one) { stream_recv_one(state); }
|
||||
|
||||
-ISC_RUN_TEST_IMPL(tcp_recv_two) { stream_recv_two(state); }
|
||||
+ISC_RUN_TEST_IMPL(tcp_recv_two) { SKIP_IN_CI; stream_recv_two(state); }
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_recv_send) {
|
||||
SKIP_IN_CI;
|
||||
@@ -1623,6 +1623,7 @@ ISC_RUN_TEST_IMPL(tcp_recv_one_quota) {
|
||||
}
|
||||
|
||||
ISC_RUN_TEST_IMPL(tcp_recv_two_quota) {
|
||||
+ SKIP_IN_CI;
|
||||
atomic_store(&check_listener_quota, true);
|
||||
stream_recv_two(state);
|
||||
}
|
||||
@@ -1836,6 +1837,7 @@ ISC_RUN_TEST_IMPL(tcpdns_recv_two) {
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
isc_nmsocket_t *listen_sock = NULL;
|
||||
|
||||
+ SKIP_IN_CI;
|
||||
atomic_store(&nsends, 2);
|
||||
|
||||
result = isc_nm_listentcpdns(listen_nm, &tcp_listen_addr,
|
||||
@@ -2095,6 +2097,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one) {
|
||||
}
|
||||
|
||||
ISC_RUN_TEST_IMPL(tls_recv_two) {
|
||||
+ SKIP_IN_CI;
|
||||
stream_use_TLS = true;
|
||||
stream_recv_two(state);
|
||||
}
|
||||
@@ -2160,6 +2163,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one_quota) {
|
||||
}
|
||||
|
||||
ISC_RUN_TEST_IMPL(tls_recv_two_quota) {
|
||||
+ SKIP_IN_CI;
|
||||
stream_use_TLS = true;
|
||||
atomic_store(&check_listener_quota, true);
|
||||
stream_recv_two(state);
|
||||
@@ -2395,6 +2399,7 @@ ISC_RUN_TEST_IMPL(tlsdns_recv_two) {
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
isc_nmsocket_t *listen_sock = NULL;
|
||||
|
||||
+ SKIP_IN_CI;
|
||||
atomic_store(&nsends, 2);
|
||||
|
||||
result = isc_nm_listentlsdns(listen_nm, &tcp_listen_addr,
|
||||
--
|
||||
2.37.2
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am
|
||||
index 7065a90..e2e485b 100644
|
||||
index 57a023b..085f2f7 100644
|
||||
--- a/bin/named/Makefile.am
|
||||
+++ b/bin/named/Makefile.am
|
||||
@@ -32,6 +32,7 @@ AM_CPPFLAGS += \
|
||||
@@ -32,9 +32,12 @@ AM_CPPFLAGS += \
|
||||
endif HAVE_LIBXML2
|
||||
|
||||
AM_CPPFLAGS += \
|
||||
|
@ -10,11 +10,8 @@ index 7065a90..e2e485b 100644
|
|||
-DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNAMED_SYSCONFDIR=\"${sysconfdir}\"
|
||||
|
||||
@@ -122,5 +123,7 @@ named_LDADD += \
|
||||
$(LIBNGHTTP2_LIBS)
|
||||
endif HAVE_LIBNGHTTP2
|
||||
|
||||
+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
|
||||
+
|
||||
MAINTAINERCLEANFILES = \
|
||||
named.conf.rst
|
||||
sbin_PROGRAMS = named
|
||||
|
||||
nodist_named_SOURCES = xsl.c
|
||||
|
|
409
bind9-next.spec
409
bind9-next.spec
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Red Hat BIND package .spec file
|
||||
# Red Hat BIND9 package .spec file
|
||||
#
|
||||
# vim:expandtab ts=2:
|
||||
|
||||
|
@ -7,16 +7,15 @@
|
|||
# bcond_with is built only when --with X is passed to build
|
||||
%bcond_with SYSTEMTEST
|
||||
%bcond_without GSSTSIG
|
||||
# it is not possible to build the package without PKCS11 sub-package
|
||||
# due to extensive changes to Makefiles
|
||||
%bcond_with PKCS11 # TODO: Remove
|
||||
%bcond_without JSON
|
||||
# FIXME: Not ready. Should it be worked on?
|
||||
%bcond_with DLZ
|
||||
%bcond_without DLZ
|
||||
# New MaxMind GeoLite support
|
||||
%bcond_without GEOIP2
|
||||
# Disabled temporarily until kyua is fixed on rawhide, bug #1926779
|
||||
%bcond_without UNITTEST
|
||||
# Do not set CI environment, include more unit tests, even less stable
|
||||
%bcond_with UNITTEST_ALL
|
||||
%bcond_without DNSTAP
|
||||
%bcond_without LMDB
|
||||
%bcond_without DOC
|
||||
|
@ -55,16 +54,17 @@
|
|||
%global upname bind
|
||||
%define upname_compat() \
|
||||
%if "%{name}" != "%{upname}" \
|
||||
Provides: %1 = %{version}-%{release} \
|
||||
Provides: %1 = %{epoch}:%{version}-%{release} \
|
||||
Obsoletes: %1 < 32:9.17.0 \
|
||||
Conflicts: %1 \
|
||||
%endif
|
||||
|
||||
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
|
||||
Name: bind9-next
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.17.22
|
||||
Release: 2%{?dist}
|
||||
Version: 9.18.6
|
||||
Release: 4%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
Source0: https://downloads.isc.org/isc/bind9/%{version}/%{upname}-%{version}.tar.xz
|
||||
|
@ -91,16 +91,21 @@ Source42: generate-rndc-key.sh
|
|||
Source43: named.rwtab
|
||||
Source44: named-chroot-setup.service
|
||||
Source46: named-setup-rndc.service
|
||||
Source47: named-pkcs11.service
|
||||
Source48: setup-named-softhsm.sh
|
||||
Source49: named-chroot.files
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/issues/3032
|
||||
Source50: https://gitlab.isc.org/isc-projects/bind9/-/raw/main/doc/arm/isc-logo.pdf
|
||||
|
||||
# Common patches
|
||||
Patch18: bind-9.5-PIE.patch
|
||||
Patch19: bind-9.16-redhat_doc.patch
|
||||
# FIXME: Is this still required?
|
||||
Patch10: bind-9.5-PIE.patch
|
||||
Patch16: bind-9.16-redhat_doc.patch
|
||||
Patch22: bind-9.11-fips-tests.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5385
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2122841
|
||||
Patch23: bind-9.18-pkcs11-engine-init.patch
|
||||
Patch24: bind-9.18-pkcs11-engine-compat-api.patch
|
||||
Patch25: bind-9.18-pkcs11-engine-remove-deadcode.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2122010
|
||||
Patch26: bind-9.18-unittest-netmgr-unstable.patch
|
||||
|
||||
%{?systemd_ordering}
|
||||
Requires: coreutils
|
||||
|
@ -108,13 +113,10 @@ Requires(pre): shadow-utils
|
|||
Requires(post): shadow-utils
|
||||
Requires(post): glibc-common
|
||||
Requires(post): grep
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
# This wild require should satisfy %%selinux_set_boolean macro only
|
||||
# in case it needs to be used
|
||||
Requires(post): ((policycoreutils-python-utils and libselinux-utils) if (selinux-policy-targeted or selinux-policy-mls))
|
||||
Requires(post): ((selinux-policy and selinux-policy-base) if (selinux-policy-targeted or selinux-policy-mls))
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Recommends: %{name}-utils %{name}-dnssec-utils
|
||||
%upname_compat %{upname}
|
||||
Obsoletes: %{name}-pkcs11 < 32:9.18.4-2
|
||||
|
||||
BuildRequires: gcc, make
|
||||
BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
|
||||
|
@ -123,8 +125,8 @@ BuildRequires: systemd-rpm-macros
|
|||
BuildRequires: selinux-policy
|
||||
BuildRequires: findutils sed
|
||||
BuildRequires: libnghttp2-devel
|
||||
BuildRequires: jemalloc-devel
|
||||
%if 0%{?fedora}
|
||||
BuildRequires: jemalloc-devel
|
||||
BuildRequires: gnupg2
|
||||
%endif
|
||||
BuildRequires: libuv-devel
|
||||
|
@ -135,7 +137,7 @@ BuildRequires: openldap-devel, libpq-devel, sqlite-devel, mariadb-connector-c-d
|
|||
# make unit dependencies
|
||||
BuildRequires: libcmocka-devel
|
||||
%endif
|
||||
%if %{with PKCS11} && (%{with UNITTEST} || %{with SYSTEMTEST})
|
||||
%if %{with UNITTEST} || %{with SYSTEMTEST}
|
||||
BuildRequires: softhsm
|
||||
%endif
|
||||
%if %{with SYSTEMTEST}
|
||||
|
@ -179,60 +181,12 @@ which resolves host names to IP addresses; a resolver library
|
|||
(routines for applications to use when interfacing with DNS); and
|
||||
tools for verifying that the DNS server is operating properly.
|
||||
|
||||
%if %{with PKCS11}
|
||||
%package pkcs11
|
||||
Summary: Bind with native PKCS#11 functionality for crypto
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-pkcs11-libs%{?_isa} = %{version}-%{release}
|
||||
Recommends: softhsm
|
||||
|
||||
%description pkcs11
|
||||
This is a version of BIND server built with native PKCS#11 functionality.
|
||||
It is important to have SoftHSM v2+ installed and some token initialized.
|
||||
For other supported HSM modules please check the BIND documentation.
|
||||
|
||||
# TODO: Those utils can be used also without pkcs11 variant, but are not?
|
||||
%package pkcs11-utils
|
||||
Summary: Bind tools with native PKCS#11 for using DNSSEC
|
||||
Obsoletes: %{name}-pkcs11 < 32:9.9.4-16.P2
|
||||
Requires: %{name}-dnssec-doc = %{version}-%{release}
|
||||
%if %{with PKCS11}
|
||||
Requires: %{name}-pkcs11-libs%{?_isa} = %{version}-%{release}
|
||||
%endif
|
||||
|
||||
%description pkcs11-utils
|
||||
This is a set of PKCS#11 utilities that when used together create rsa
|
||||
keys in a PKCS11 keystore.
|
||||
%if %{with PKCS11}
|
||||
Also utilities for working with DNSSEC
|
||||
compiled with native PKCS#11 functionality are included.
|
||||
%endif
|
||||
|
||||
%package pkcs11-libs
|
||||
Summary: Bind libraries compiled with native PKCS#11
|
||||
Requires: %{name}-license = %{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description pkcs11-libs
|
||||
This is a set of BIND libraries (dns, isc) compiled with native PKCS#11
|
||||
functionality.
|
||||
|
||||
%package pkcs11-devel
|
||||
Summary: Development files for Bind libraries compiled with native PKCS#11
|
||||
Requires: %{name}-pkcs11-libs%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description pkcs11-devel
|
||||
This a set of development files for BIND libraries (dns, isc) compiled
|
||||
with native PKCS#11 functionality.
|
||||
%endif
|
||||
|
||||
%package libs
|
||||
Summary: Libraries used by the BIND DNS packages
|
||||
Requires: %{name}-license = %{version}-%{release}
|
||||
Provides: %{name}-libs-lite = %{version}-%{release}
|
||||
Requires: %{name}-license = %{epoch}:%{version}-%{release}
|
||||
Provides: %{name}-libs-lite = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-libs-lite < 32:9.16.13
|
||||
Obsoletes: %{name}-pkcs11-libs < 32:9.18.4-2
|
||||
|
||||
%description libs
|
||||
Contains heavyweight version of BIND suite libraries used by both named DNS
|
||||
|
@ -247,9 +201,10 @@ Contains license of the BIND DNS suite.
|
|||
|
||||
%package utils
|
||||
Summary: Utilities for querying DNS name servers
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
# For compatibility with Debian package
|
||||
Provides: dnsutils = %{version}-%{release}
|
||||
Provides: dnsutils = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-pkcs11-utils < 32:9.18.4-2
|
||||
%upname_compat %{upname}-utils
|
||||
|
||||
%description utils
|
||||
|
@ -264,9 +219,10 @@ servers.
|
|||
|
||||
%package dnssec-utils
|
||||
Summary: DNSSEC keys and zones management utilities
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Recommends: %{name}-utils
|
||||
Requires: %{name}-dnssec-doc = %{version}-%{release}
|
||||
Obsoletes: python3-%{name} < 32:9.18.0
|
||||
Obsoletes: %{name}-dnssec-doc < 32:9.18.4-2
|
||||
%upname_compat %{upname}-dnssec-utils
|
||||
|
||||
%description dnssec-utils
|
||||
|
@ -277,19 +233,11 @@ revocation and verification of keys and DNSSEC signatures in zone files.
|
|||
You should install %{name}-dnssec-utils if you need to sign a DNS zone
|
||||
or maintain keys for it.
|
||||
|
||||
%package dnssec-doc
|
||||
Summary: Manual pages of DNSSEC utilities
|
||||
Requires: %{name}-license = %{version}-%{release}
|
||||
BuildArch:noarch
|
||||
|
||||
%description dnssec-doc
|
||||
%{name}-dnssec-doc contains manual pages for %{name}-dnssec-utils.
|
||||
|
||||
%package devel
|
||||
Summary: Header files and libraries needed for bind-dyndb-ldap
|
||||
Provides: %{name}-lite-devel = %{version}-%{release}
|
||||
Provides: %{name}-lite-devel = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-lite-devel < 32:9.16.6-3
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa}
|
||||
Requires: libcap-devel%{?_isa}
|
||||
%if %{with GSSTSIG}
|
||||
|
@ -318,7 +266,7 @@ Summary: A chroot runtime environment for the ISC BIND DNS server, named(
|
|||
Prefix: %{chroot_prefix}
|
||||
# grep is required due to setup-named-chroot.sh script
|
||||
Requires: grep
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description chroot
|
||||
This package contains a tree of files which can be used as a
|
||||
|
@ -329,22 +277,22 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
|
|||
%if %{with DLZ}
|
||||
%package dlz-filesystem
|
||||
Summary: BIND server filesystem DLZ module
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description dlz-filesystem
|
||||
Dynamic Loadable Zones filesystem module for BIND server.
|
||||
|
||||
%package dlz-ldap
|
||||
Summary: BIND server ldap DLZ module
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description dlz-ldap
|
||||
Dynamic Loadable Zones LDAP module for BIND server.
|
||||
|
||||
%package dlz-mysql
|
||||
Summary: BIND server mysql and mysqldyn DLZ modules
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Provides: %{name}-dlz-mysqldyn = %{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Provides: %{name}-dlz-mysqldyn = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: %{name}-dlz-mysqldyn < 32:9.16.6-3
|
||||
|
||||
%description dlz-mysql
|
||||
|
@ -353,7 +301,7 @@ Contains also mysqldyn module with dynamic DNS updates (DDNS) support.
|
|||
|
||||
%package dlz-sqlite3
|
||||
Summary: BIND server sqlite3 DLZ module
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description dlz-sqlite3
|
||||
Dynamic Loadable Zones sqlite3 module for BIND server.
|
||||
|
@ -362,7 +310,7 @@ Dynamic Loadable Zones sqlite3 module for BIND server.
|
|||
%if %{with DOC}
|
||||
%package doc
|
||||
Summary: BIND 9 Administrator Reference Manual
|
||||
Requires: %{name}-license = %{version}-%{release}
|
||||
Requires: %{name}-license = %{epoch}:%{version}-%{release}
|
||||
Requires: python3-sphinx_rtd_theme
|
||||
BuildArch: noarch
|
||||
|
||||
|
@ -384,8 +332,7 @@ in HTML and PDF format.
|
|||
# RHEL does not yet support this verification
|
||||
%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
|
||||
%endif
|
||||
%autosetup -n %{upname}-%{version} -p1 -N
|
||||
%autopatch -p1 -m 18
|
||||
%autosetup -n %{upname}-%{version} -p1
|
||||
|
||||
# Sparc and s390 arches need to use -fPIE
|
||||
%ifarch sparcv9 sparc64 s390 s390x
|
||||
|
@ -394,9 +341,6 @@ for i in bin/named/Makefile.am; do
|
|||
done
|
||||
%endif
|
||||
|
||||
%if %{with DOCPDF}
|
||||
install -pD %{SOURCE50} doc/arm/isc-logo.pdf
|
||||
%endif
|
||||
:;
|
||||
|
||||
|
||||
|
@ -414,10 +358,11 @@ install -pD %{SOURCE50} doc/arm/isc-logo.pdf
|
|||
cp -Tuav bin/tests "%{1}/bin/tests/" \
|
||||
|
||||
CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
|
||||
CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=10100"
|
||||
%if %{with TSAN}
|
||||
CFLAGS+=" -O1 -fsanitize=thread -fPIE -pie"
|
||||
%endif
|
||||
export CFLAGS
|
||||
export CFLAGS CPPFLAGS
|
||||
export STD_CDEFINES="$CPPFLAGS"
|
||||
|
||||
|
||||
|
@ -448,10 +393,6 @@ export LIBDIR_SUFFIX
|
|||
%if %{with GEOIP2}
|
||||
--with-maxminddb \
|
||||
%endif
|
||||
%if %{with PKCS11}
|
||||
--enable-native-pkcs11 \
|
||||
--with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
|
||||
%endif
|
||||
%if %{with GSSTSIG}
|
||||
--with-gssapi=yes \
|
||||
%endif
|
||||
|
@ -471,6 +412,7 @@ export LIBDIR_SUFFIX
|
|||
%endif
|
||||
--enable-fixed-rrset \
|
||||
--enable-full-report \
|
||||
CPPFLAGS="$CPPFLAGS" \
|
||||
;
|
||||
%if %{with DNSTAP}
|
||||
pushd lib
|
||||
|
@ -495,13 +437,8 @@ fmtutil-user --missing || :
|
|||
|
||||
%if %{with DLZ}
|
||||
pushd contrib/dlz/modules
|
||||
for DIR in mysql mysqldyn; do
|
||||
sed -e 's/@DLZ_DRIVER_MYSQL_INCLUDES@/$(shell mysql_config --cflags)/' \
|
||||
-e 's/@DLZ_DRIVER_MYSQL_LIBS@/$(shell mysql_config --libs)/' \
|
||||
$DIR/Makefile.in > $DIR/Makefile
|
||||
done
|
||||
for DIR in filesystem ldap mysql mysqldyn sqlite3; do
|
||||
make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"
|
||||
make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS -DPTHREADS=1" LDFLAGS="$LDFLAGS"
|
||||
done
|
||||
popd
|
||||
%endif
|
||||
|
@ -511,7 +448,7 @@ popd # build
|
|||
%systemtest_prepare_build build
|
||||
|
||||
%check
|
||||
%if %{with PKCS11} && (%{with UNITTEST} || %{with SYSTEMTEST})
|
||||
%if %{with UNITTEST} || %{with SYSTEMTEST}
|
||||
# Tests require initialization of pkcs11 token
|
||||
eval "$(bash %{SOURCE48} -A "`pwd`/softhsm-tokens")"
|
||||
%endif
|
||||
|
@ -523,12 +460,19 @@ export TSAN_OPTIONS="log_exe_name=true log_path=ThreadSanitizer exitcode=0"
|
|||
%if %{with UNITTEST}
|
||||
pushd build
|
||||
CPUS=$(lscpu -p=cpu,core | grep -v '^#' | wc -l)
|
||||
THREADS="$CPUS"
|
||||
%if %{without UNITTEST_ALL}
|
||||
export CI=true
|
||||
%endif
|
||||
if [ "$CPUS" -gt 16 ]; then
|
||||
ORIGFILES=$(ulimit -n)
|
||||
ulimit -n 4096 || : # Requires on some machines with many cores
|
||||
THREADS=16
|
||||
ulimit -n 8092 || : # Requires on some machines with many cores
|
||||
fi
|
||||
make unit
|
||||
e=$?
|
||||
e=0
|
||||
make unit -j${THREADS} || e=$?
|
||||
# Display details of failure
|
||||
cat tests/*/test-suite.log
|
||||
if [ "$e" -ne 0 ]; then
|
||||
echo "ERROR: this build of BIND failed 'make unit'. Aborting."
|
||||
exit $e;
|
||||
|
@ -606,17 +550,11 @@ install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
|
|||
install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
|
||||
install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}
|
||||
|
||||
%if %{with PKCS11}
|
||||
install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}
|
||||
%endif
|
||||
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
|
||||
install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
|
||||
install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
|
||||
|
||||
%if %{with PKCS11}
|
||||
install -m 755 %{SOURCE48} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh
|
||||
%endif
|
||||
|
||||
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
|
||||
|
@ -651,22 +589,6 @@ popd
|
|||
# Remove libtool .la files:
|
||||
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
|
||||
|
||||
# PKCS11 versions manpages
|
||||
%if %{with PKCS11}
|
||||
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
|
||||
ln -s named.8.gz named-pkcs11.8.gz
|
||||
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
|
||||
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
|
||||
ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz
|
||||
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
|
||||
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
|
||||
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
|
||||
ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz
|
||||
ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz
|
||||
ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
|
||||
popd
|
||||
%endif
|
||||
|
||||
# 9.16.4 installs even manual pages for tools not generated
|
||||
%if %{without DNSTAP}
|
||||
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/dnstap-read.1* || true
|
||||
|
@ -686,6 +608,8 @@ popd
|
|||
mkdir -p ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
cp -a build/doc/arm/_build/html ${RPM_BUILD_ROOT}%{_pkgdocdir}
|
||||
rm -rf ${RPM_BUILD_ROOT}%{_pkgdocdir}/html/.{buildinfo,doctrees}
|
||||
# Backward compatible link to 9.11 documentation
|
||||
(cd ${RPM_BUILD_ROOT}%{_pkgdocdir} && ln -s html/index.html Bv9ARM.html)
|
||||
# Share static data from original sphinx package
|
||||
for DIR in %{python3_sitelib}/sphinx_rtd_theme/static/*
|
||||
do
|
||||
|
@ -748,10 +672,6 @@ fi;
|
|||
|
||||
%post
|
||||
%?ldconfig
|
||||
if [ -e "%{_sysconfdir}/selinux/config" ]; then
|
||||
%selinux_set_booleans -s targeted %{selinuxbooleans}
|
||||
%selinux_set_booleans -s mls %{selinuxbooleans}
|
||||
fi
|
||||
if [ "$1" -eq 1 ]; then
|
||||
# Initial installation
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
|
||||
|
@ -785,24 +705,6 @@ fi
|
|||
%?ldconfig
|
||||
# Package upgrade, not uninstall
|
||||
%systemd_postun_with_restart named.service
|
||||
if [ -e "%{_sysconfdir}/selinux/config" ]; then
|
||||
%selinux_unset_booleans -s targeted %{selinuxbooleans}
|
||||
%selinux_unset_booleans -s mls %{selinuxbooleans}
|
||||
fi
|
||||
|
||||
%if %{with PKCS11}
|
||||
%post pkcs11
|
||||
# Initial installation
|
||||
%systemd_post named-pkcs11.service
|
||||
|
||||
%preun pkcs11
|
||||
# Package removal, not upgrade
|
||||
%systemd_preun named-pkcs11.service
|
||||
|
||||
%postun pkcs11
|
||||
# Package upgrade, not uninstall
|
||||
%systemd_postun_with_restart named-pkcs11.service
|
||||
%endif
|
||||
|
||||
# Fix permissions on existing device files on upgrade
|
||||
%define chroot_fix_devices() \
|
||||
|
@ -820,11 +722,18 @@ fi
|
|||
/sbin/chkconfig --del named >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
|
||||
|
||||
%ldconfig_scriptlets libs
|
||||
%triggerpostun -- bind < 32:9.18.4-2, selinux-policy, policycoreutils
|
||||
if [ -x %{_sbindir}/selinuxenabled ] && [ -x %{_sbindir}/getsebool ] && [ -x %{_sbindir}/setsebool ] \
|
||||
&& %{_sbindir}/selinuxenabled && [ -x %{_sbindir}/named ]; then
|
||||
# Return master zones after upgrade from selinux_booleans version
|
||||
WRITEBOOL="$(LC_ALL=C %{_sbindir}/getsebool named_write_master_zones)"
|
||||
if [ "echo ${WRITEBOOL#named_write_master_zones --> }" = "off" ]; then
|
||||
echo "Restoring new sebool default of named_write_master_zones..."
|
||||
%{_sbindir}/setsebool -P named_write_master_zones=1 || :
|
||||
fi
|
||||
fi
|
||||
|
||||
%if %{with PKCS11}
|
||||
%ldconfig_scriptlets pkcs11-libs
|
||||
%endif
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%post chroot
|
||||
%systemd_post named-chroot.service
|
||||
|
@ -868,6 +777,7 @@ fi;
|
|||
%{_sbindir}/rndc*
|
||||
%{_sbindir}/named-checkconf
|
||||
%{_libexecdir}/generate-rndc-key.sh
|
||||
%{_libexecdir}/setup-named-softhsm.sh
|
||||
%{_mandir}/man1/mdig.1*
|
||||
%{_mandir}/man1/named-rrchecker.1*
|
||||
%{_mandir}/man5/named.conf.5*
|
||||
|
@ -956,15 +866,7 @@ fi;
|
|||
|
||||
%files dnssec-utils
|
||||
%{_bindir}/dnssec*
|
||||
%if %{with PKCS11}
|
||||
%exclude %{_sbindir}/dnssec*pkcs11
|
||||
%endif
|
||||
|
||||
%files dnssec-doc
|
||||
%{_mandir}/man1/dnssec*.1*
|
||||
%if %{with PKCS11}
|
||||
%exclude %{_mandir}/man1/dnssec*-pkcs11.1*
|
||||
%endif
|
||||
|
||||
%files devel
|
||||
%{_libdir}/libbind9.so
|
||||
|
@ -1021,33 +923,6 @@ fi;
|
|||
%dir %{chroot_prefix}/run/named
|
||||
%{chroot_prefix}%{_localstatedir}/run
|
||||
|
||||
%if %{with PKCS11}
|
||||
%files pkcs11
|
||||
%{_sbindir}/named-pkcs11
|
||||
%{_unitdir}/named-pkcs11.service
|
||||
%{_mandir}/man8/named-pkcs11.8*
|
||||
%{_libexecdir}/setup-named-softhsm.sh
|
||||
|
||||
%files pkcs11-utils
|
||||
%{_bindir}/pkcs11-destroy
|
||||
%{_bindir}/pkcs11-keygen
|
||||
%{_bindir}/pkcs11-list
|
||||
%{_bindir}/pkcs11-tokens
|
||||
%{_mandir}/man1/pkcs11-*.1*
|
||||
%if %{with PKCS11}
|
||||
%{_bindir}/dnssec*pkcs11
|
||||
%{_mandir}/man1/dnssec*-pkcs11.1*
|
||||
%endif
|
||||
|
||||
%files pkcs11-libs
|
||||
%{_libdir}/libdns-pkcs11-%{version}*.so
|
||||
%{_libdir}/libns-pkcs11-%{version}*.so
|
||||
|
||||
%files pkcs11-devel
|
||||
%{_libdir}/libdns-pkcs11.so
|
||||
%{_libdir}/libns-pkcs11.so
|
||||
%endif
|
||||
|
||||
%if %{with DLZ}
|
||||
%files dlz-filesystem
|
||||
%{_libdir}/{named,bind}/dlz_filesystem_dynamic.so
|
||||
|
@ -1072,32 +947,146 @@ fi;
|
|||
%files doc
|
||||
%dir %{_pkgdocdir}
|
||||
%doc %{_pkgdocdir}/html
|
||||
%doc %{_pkgdocdir}/Bv9ARM.html
|
||||
%endif
|
||||
%if %{with DOCPDF}
|
||||
%doc %{_pkgdocdir}/Bv9ARM.pdf
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jan 25 2022 Petr Menšík <pemensik@redhat.com> - 9.17.22-2
|
||||
* Wed Sep 14 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.6-4
|
||||
- Disable yet another test (##2122010)
|
||||
|
||||
* Tue Sep 06 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.6-3
|
||||
- Return OpenSSL engine implementation for pkcs11 interface (#2122841)
|
||||
- Skip problematic netmgr unit tests (#2122010)
|
||||
- Properly obsolete bind-dnssec-doc
|
||||
|
||||
* Thu Sep 01 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.6-2
|
||||
- Always show error details for failed unittests (#2122010)
|
||||
|
||||
* Tue Aug 30 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.6-1
|
||||
- Update to 9.18.6 (#2119132)
|
||||
- Report unit tests detailed results
|
||||
|
||||
* Thu Aug 04 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.5-2
|
||||
- Use multiple threads on unit tests, but 16 at most
|
||||
|
||||
* Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.5-1
|
||||
- Update to 9.18.5 (#2109170)
|
||||
- Return doc symlink to main page
|
||||
|
||||
* Wed Jul 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.4-2
|
||||
- Stop enabling selinux booleans on every upgrade
|
||||
- Deprecate python3-bind for smooth upgrade
|
||||
- Remove PKCS1111 native utilities, libs and daemon
|
||||
|
||||
* Wed Jul 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.4-1
|
||||
- Update to 9.18.4 (#2057493)
|
||||
|
||||
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.16.30-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Mon Jun 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.30-1
|
||||
- Update to 9.16.30 (#2097312)
|
||||
|
||||
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 32:9.16.29-2
|
||||
- Rebuilt for Python 3.11
|
||||
|
||||
* Thu May 26 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.29-1
|
||||
- Update to 9.16.29 (#2087920)
|
||||
- Fix netmgr_test fails on s390x (#2088125)
|
||||
|
||||
* Tue May 17 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.28-2
|
||||
- Parse again timeout and attempts from resolv.conf (#2087156)
|
||||
- Reenable unit tests during build
|
||||
|
||||
* Wed Apr 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.28-1
|
||||
- Update to 9.16.28 (#2076941)
|
||||
|
||||
* Thu Mar 17 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.27-1
|
||||
- Upgrade to 9.16.27 (#2055120)
|
||||
|
||||
* Tue Mar 01 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.26-2
|
||||
- Switch to locked queue (#2048235)
|
||||
|
||||
* Thu Feb 17 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.26-1
|
||||
- Update to 9.16.26 (#2055120)
|
||||
|
||||
* Fri Feb 11 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.25-3
|
||||
- Allow reservation of extra hp threads (#2048235)
|
||||
|
||||
* Tue Jan 25 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.25-2
|
||||
- Replace master with primary in configuration
|
||||
|
||||
* Fri Jan 21 2022 Petr Menšík <pemensik@redhat.com> - 9.17.22-1
|
||||
- Update to 9.17.22
|
||||
* Fri Jan 21 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.25-1
|
||||
- Update to 9.16.25 (#2042504)
|
||||
|
||||
* Mon Dec 20 2021 Petr Menšík <pemensik@redhat.com> - 9.17.21-1
|
||||
- Update to 9.17.21, enable jemalloc support
|
||||
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.16.24-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Mon Nov 29 2021 Petr Menšík <pemensik@redhat.com> - 32:9.17.20-1
|
||||
- Update to 9.17.20
|
||||
- Propagate ephemeral port ranges to chroot (#2013597)
|
||||
* Wed Dec 22 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.24-2
|
||||
- Build with OpenLDAP 2.6 (#2032704)
|
||||
|
||||
* Wed Dec 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.24-1
|
||||
- Update to 9.16.24 (#2032934)
|
||||
|
||||
* Fri Nov 26 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-2
|
||||
- Correct with GEOIP2 condition (#2026823)
|
||||
- Import changes for simple rename (#1873486)
|
||||
- Do not depend on systemd package
|
||||
- Move backward compatibility to shared define
|
||||
|
||||
* Fri Jun 25 2021 Petr Menšík <pemensik@redhat.com> - 32:9.17.15-1
|
||||
- Update to 9.17.15
|
||||
- Moved some utilities from /usr/sbin to /usr/bin
|
||||
* Fri Nov 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-1
|
||||
- Update to 9.16.23 (#2024210)
|
||||
|
||||
* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 32:9.16.22-2
|
||||
- Rebuilt for protobuf 3.19.0
|
||||
|
||||
* Wed Oct 27 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.22-1
|
||||
- Update to 9.16.22
|
||||
|
||||
* Sun Oct 24 2021 Adrian Reber <adrian@lisas.de> - 32:9.16.21-3
|
||||
- Rebuilt for protobuf 3.18.1
|
||||
|
||||
* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.21-2
|
||||
- Propagate ephemeral port ranges to chroot (#2013597)
|
||||
|
||||
* Wed Sep 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.21-1
|
||||
- Update to 9.16.21
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 32:9.16.20-4
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
* Wed Aug 25 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-3
|
||||
- Increase map format version, lower memory consuption a bit (#1997504)
|
||||
- Remove unneeded test variants changes
|
||||
- Include documentation of dig return codes
|
||||
|
||||
* Thu Aug 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-2
|
||||
- Fix map file format regression
|
||||
|
||||
* Tue Aug 17 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-1
|
||||
- Update to 9.16.20
|
||||
|
||||
* Thu Aug 05 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-4
|
||||
- Do not depend on systemd package
|
||||
|
||||
* Tue Aug 03 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-3
|
||||
- Reenable PDF building again (#1984687)
|
||||
|
||||
* Fri Jul 23 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-2
|
||||
- Include backward compatible html symlink in doc subpackage
|
||||
|
||||
* Wed Jul 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-1
|
||||
- Update to 9.16.19 (#1984627)
|
||||
- Disable PDF rebuild on Rawhide (#1984687)
|
||||
|
||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.16.18-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Sat Jul 10 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.18-4
|
||||
- Disable PDF building on ELN
|
||||
|
||||
* Sat Jul 10 2021 Björn Esser <besser82@fedoraproject.org> - 32:9.16.18-3
|
||||
- Rebuild for versioned symbols in json-c
|
||||
|
||||
* Tue Jun 22 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.18-2
|
||||
- Re-enable building of PDF ARM documentation
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_contexts: [bodhi_update_push_testing]
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
||||
|
||||
#gating rawhide
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_contexts: [bodhi_update_push_stable]
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
|
@ -1,10 +1,21 @@
|
|||
#!/bin/bash
|
||||
|
||||
. /etc/rc.d/init.d/functions
|
||||
if [ -r /etc/rc.d/init.d/functions ]; then
|
||||
. /etc/rc.d/init.d/functions
|
||||
else
|
||||
success() {
|
||||
echo $" OK "
|
||||
}
|
||||
|
||||
failure() {
|
||||
echo -n " "
|
||||
echo $"FAILED"
|
||||
}
|
||||
fi
|
||||
|
||||
# This script generates /etc/rndc.key if doesn't exist AND if there is no rndc.conf
|
||||
|
||||
if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
|
||||
if [ ! -s /etc/rndc.key ] && [ ! -s /etc/rndc.conf ]; then
|
||||
echo -n $"Generating /etc/rndc.key:"
|
||||
if /usr/sbin/rndc-confgen -a -A hmac-sha256 > /dev/null 2>&1
|
||||
then
|
||||
|
@ -14,8 +25,9 @@ if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then
|
|||
success $"/etc/rndc.key generation"
|
||||
echo
|
||||
else
|
||||
rc=$?
|
||||
failure $"/etc/rndc.key generation"
|
||||
echo
|
||||
exit 1
|
||||
exit $rc
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
summary: Test plan with all beakerlib tests
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
execute:
|
||||
how: tmt
|
|
@ -0,0 +1,7 @@
|
|||
summary: Public (Fedora) Tier1 beakerlib tests
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://src.fedoraproject.org/tests/bind.git
|
||||
filter: 'tier: 1'
|
||||
execute:
|
||||
how: tmt
|
4
sources
4
sources
|
@ -1,2 +1,2 @@
|
|||
SHA512 (bind-9.17.22.tar.xz) = 61dafd317cf10a73961c885b6d0bf75dc0c06df6163708c4fd2a60d6bf72bd2628bb0d1c111ceb725bc4ac9d5229f39f63a36ef7c05dc20a1b9b25acabfe8b92
|
||||
SHA512 (bind-9.17.22.tar.xz.asc) = f75a2361a5ffea8f85ae3053841a0c618217c7bbe3428d3ffaba900c9692f5f315f572b4c48f8d219e2293a3dc0df0085d425da0bc4a9598fced4b712efa8fd2
|
||||
SHA512 (bind-9.18.6.tar.xz) = 6b31eb56cf25b2cb1d8af0f76f9cac0e0985c78cbe3ba80164d773cb0bf77116dd98b5c4b84e3c74fd35b5da501ee6ba2dc0fae12267104edde2cb2daa1e1ba7
|
||||
SHA512 (bind-9.18.6.tar.xz.asc) = 13629b56acb02ca1fe861e6a17e949fee276de83624d972174893e48cc5de650a2a0081262e5e0d6913360861e2c91fed6b808ed8ae702e5cb2e2380eacf163b
|
||||
|
|
Loading…
Reference in New Issue