Sun Sep 23 14:27:07 2018 UTC ()
net/bind910: backport from bind911
Backport changes between BIND 9.11.4-P1 and 9.11.4-P2.
Bump PKGREVISION.
(taca)
diff -r1.46 -r1.47 pkgsrc/net/bind910/Makefile
diff -r1.36 -r1.37 pkgsrc/net/bind910/distinfo
diff -r0 -r1.1 pkgsrc/net/bind910/patches/patch-bin_named_server.c
diff -r0 -r1.1 pkgsrc/net/bind910/patches/patch-bin_named_zoneconf.c
diff -r0 -r1.1 pkgsrc/net/bind910/patches/patch-lib_dns_zone.c
--- pkgsrc/net/bind910/Attic/Makefile 2018/09/20 02:56:45 1.46
+++ pkgsrc/net/bind910/Attic/Makefile 2018/09/23 14:27:07 1.47
| @@ -1,18 +1,18 @@ | | | @@ -1,18 +1,18 @@ |
1 | # $NetBSD: Makefile,v 1.46 2018/09/20 02:56:45 taca Exp $ | | 1 | # $NetBSD: Makefile,v 1.47 2018/09/23 14:27:07 taca Exp $ |
2 | | | 2 | |
3 | DISTNAME= bind-${BIND_VERSION} | | 3 | DISTNAME= bind-${BIND_VERSION} |
4 | PKGNAME= ${DISTNAME:S/-P/pl/} | | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} |
5 | PKGREVISION= 2 | | 5 | PKGREVISION= 3 |
6 | CATEGORIES= net | | 6 | CATEGORIES= net |
7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ | | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ |
8 | | | 8 | |
9 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
10 | HOMEPAGE= http://www.isc.org/software/bind/ | | 10 | HOMEPAGE= http://www.isc.org/software/bind/ |
11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.10 | | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.10 |
12 | LICENSE= mpl-2.0 | | 12 | LICENSE= mpl-2.0 |
13 | | | 13 | |
14 | CONFLICTS+= host-[0-9]* | | 14 | CONFLICTS+= host-[0-9]* |
15 | | | 15 | |
16 | MAKE_JOBS_SAFE= no | | 16 | MAKE_JOBS_SAFE= no |
17 | | | 17 | |
18 | BIND_VERSION= 9.10.8-P1 | | 18 | BIND_VERSION= 9.10.8-P1 |
--- pkgsrc/net/bind910/Attic/distinfo 2018/08/13 13:41:49 1.36
+++ pkgsrc/net/bind910/Attic/distinfo 2018/09/23 14:27:07 1.37
| @@ -1,16 +1,19 @@ | | | @@ -1,16 +1,19 @@ |
1 | $NetBSD: distinfo,v 1.36 2018/08/13 13:41:49 maya Exp $ | | 1 | $NetBSD: distinfo,v 1.37 2018/09/23 14:27:07 taca Exp $ |
2 | | | 2 | |
3 | SHA1 (bind-9.10.8-P1.tar.gz) = 70505825897b78868eb5f38ebf1a7b9fd3a7b588 | | 3 | SHA1 (bind-9.10.8-P1.tar.gz) = 70505825897b78868eb5f38ebf1a7b9fd3a7b588 |
4 | RMD160 (bind-9.10.8-P1.tar.gz) = 6cea25616dc1e0a280db3ea9784afe109f68db5c | | 4 | RMD160 (bind-9.10.8-P1.tar.gz) = 6cea25616dc1e0a280db3ea9784afe109f68db5c |
5 | SHA512 (bind-9.10.8-P1.tar.gz) = 1b4d871b7baddf0552b56f1f667974f29684b1a85e1cf7cbe9c62c72f113337bf3cf4c4d806b565b551c8eca45bbc8290b173de6b0188b7e17f648e2a0986ce8 | | 5 | SHA512 (bind-9.10.8-P1.tar.gz) = 1b4d871b7baddf0552b56f1f667974f29684b1a85e1cf7cbe9c62c72f113337bf3cf4c4d806b565b551c8eca45bbc8290b173de6b0188b7e17f648e2a0986ce8 |
6 | Size (bind-9.10.8-P1.tar.gz) = 9247135 bytes | | 6 | Size (bind-9.10.8-P1.tar.gz) = 9247135 bytes |
7 | SHA1 (patch-bin_dig_dighost.c) = 983e23a30d519982cbe88ed2277fcffc9cad616e | | 7 | SHA1 (patch-bin_dig_dighost.c) = 983e23a30d519982cbe88ed2277fcffc9cad616e |
| | | 8 | SHA1 (patch-bin_named_server.c) = ee015eb38c174e0f559218b4435a9925b7474d77 |
| | | 9 | SHA1 (patch-bin_named_zoneconf.c) = b1a5510a5ef80187103a43b1236663e840d21371 |
8 | SHA1 (patch-bin_tests_system_Makefile.in) = ba368204f8eeaa12be366a532c75a2e3cc8fae98 | | 10 | SHA1 (patch-bin_tests_system_Makefile.in) = ba368204f8eeaa12be366a532c75a2e3cc8fae98 |
9 | SHA1 (patch-bin_tests_system_metadata_tests.sh) = f18aa93a93cadd5d9da4bba75a512b5c599fb4dd | | 11 | SHA1 (patch-bin_tests_system_metadata_tests.sh) = f18aa93a93cadd5d9da4bba75a512b5c599fb4dd |
10 | SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 | | 12 | SHA1 (patch-config.threads.in) = 227b83efe9cb3e301aaac9b97cf42f1fb8ad06b2 |
11 | SHA1 (patch-configure) = ac796249d34884e87d51602762df1f29cd1fe0bd | | 13 | SHA1 (patch-configure) = ac796249d34884e87d51602762df1f29cd1fe0bd |
12 | SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f | | 14 | SHA1 (patch-contrib_dlz_config.dlz.in) = f18bec63fbfce7cb2cd72929058ce3770fce458f |
13 | SHA1 (patch-lib_dns_rbt.c) = 7e37f411d084e5363c6a5023e1915d224321c3e3 | | 15 | SHA1 (patch-lib_dns_rbt.c) = 7e37f411d084e5363c6a5023e1915d224321c3e3 |
| | | 16 | SHA1 (patch-lib_dns_zone.c) = d876680089f6ebedf2c9af96057088fc1c37c378 |
14 | SHA1 (patch-lib_isc_unix_socket.c) = b2ab2d914c6be15639ca4fc63255f928d318704c | | 17 | SHA1 (patch-lib_isc_unix_socket.c) = b2ab2d914c6be15639ca4fc63255f928d318704c |
15 | SHA1 (patch-lib_lwres_getaddrinfo.c) = 69e9c8049fedcb93bd219c6053163f21ce3b2535 | | 18 | SHA1 (patch-lib_lwres_getaddrinfo.c) = 69e9c8049fedcb93bd219c6053163f21ce3b2535 |
16 | SHA1 (patch-lib_lwres_getnameinfo.c) = 418ad349cf52925c9e8051b5c71d9d51ea8d2fb1 | | 19 | SHA1 (patch-lib_lwres_getnameinfo.c) = 418ad349cf52925c9e8051b5c71d9d51ea8d2fb1 |
$NetBSD: patch-bin_named_server.c,v 1.1 2018/09/23 14:27:07 taca Exp $
* Backport change between BIND 9.11.4-P1 and 9.11.4-P2.
--- bin/named/server.c.orig 2018-07-24 17:26:47.000000000 +0000
+++ bin/named/server.c
@@ -9345,7 +9345,7 @@ ns_server_freeze(ns_server_t *server, is
isc_lex_t *lex, isc_buffer_t *text)
{
isc_result_t result, tresult;
- dns_zone_t *zone = NULL, *raw = NULL;
+ dns_zone_t *mayberaw = NULL, *raw = NULL;
dns_zonetype_t type;
char classstr[DNS_RDATACLASS_FORMATSIZE];
char zonename[DNS_NAME_FORMATSIZE];
@@ -9354,11 +9354,11 @@ ns_server_freeze(ns_server_t *server, is
isc_boolean_t frozen;
const char *msg = NULL;
- result = zone_from_args(server, lex, NULL, &zone, NULL,
+ result = zone_from_args(server, lex, NULL, &mayberaw, NULL,
text, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
- if (zone == NULL) {
+ if (mayberaw == NULL) {
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
tresult = ISC_R_SUCCESS;
@@ -9378,26 +9378,26 @@ ns_server_freeze(ns_server_t *server, is
isc_result_totext(tresult));
return (tresult);
}
- dns_zone_getraw(zone, &raw);
+ dns_zone_getraw(mayberaw, &raw);
if (raw != NULL) {
- dns_zone_detach(&zone);
- dns_zone_attach(raw, &zone);
+ dns_zone_detach(&mayberaw);
+ dns_zone_attach(raw, &mayberaw);
dns_zone_detach(&raw);
}
- type = dns_zone_gettype(zone);
+ type = dns_zone_gettype(mayberaw);
if (type != dns_zone_master) {
- dns_zone_detach(&zone);
+ dns_zone_detach(&mayberaw);
return (DNS_R_NOTMASTER);
}
- if (freeze && !dns_zone_isdynamic(zone, ISC_TRUE)) {
- dns_zone_detach(&zone);
+ if (freeze && !dns_zone_isdynamic(mayberaw, ISC_TRUE)) {
+ dns_zone_detach(&mayberaw);
return (DNS_R_NOTDYNAMIC);
}
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- frozen = dns_zone_getupdatedisabled(zone);
+ frozen = dns_zone_getupdatedisabled(mayberaw);
if (freeze) {
if (frozen) {
msg = "WARNING: The zone was already frozen.\n"
@@ -9406,16 +9406,16 @@ ns_server_freeze(ns_server_t *server, is
result = DNS_R_FROZEN;
}
if (result == ISC_R_SUCCESS) {
- result = dns_zone_flush(zone);
+ result = dns_zone_flush(mayberaw);
if (result != ISC_R_SUCCESS)
msg = "Flushing the zone updates to "
"disk failed.";
}
if (result == ISC_R_SUCCESS)
- dns_zone_setupdatedisabled(zone, freeze);
+ dns_zone_setupdatedisabled(mayberaw, freeze);
} else {
if (frozen) {
- result = dns_zone_loadandthaw(zone);
+ result = dns_zone_loadandthaw(mayberaw);
switch (result) {
case ISC_R_SUCCESS:
case DNS_R_UPTODATE:
@@ -9437,7 +9437,7 @@ ns_server_freeze(ns_server_t *server, is
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
- view = dns_zone_getview(zone);
+ view = dns_zone_getview(mayberaw);
if (strcmp(view->name, "_default") == 0 ||
strcmp(view->name, "_bind") == 0)
{
@@ -9447,9 +9447,9 @@ ns_server_freeze(ns_server_t *server, is
vname = view->name;
sep = " ";
}
- dns_rdataclass_format(dns_zone_getclass(zone), classstr,
+ dns_rdataclass_format(dns_zone_getclass(mayberaw), classstr,
sizeof(classstr));
- dns_name_format(dns_zone_getorigin(zone),
+ dns_name_format(dns_zone_getorigin(mayberaw),
zonename, sizeof(zonename));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
@@ -9457,7 +9457,7 @@ ns_server_freeze(ns_server_t *server, is
freeze ? "freezing" : "thawing",
zonename, classstr, sep, vname,
isc_result_totext(result));
- dns_zone_detach(&zone);
+ dns_zone_detach(&mayberaw);
return (result);
}
$NetBSD: patch-bin_named_zoneconf.c,v 1.1 2018/09/23 14:27:07 taca Exp $
* Backport change between BIND 9.11.4-P1 and 9.11.4-P2.
--- bin/named/zoneconf.c.orig 2018-07-24 17:26:47.000000000 +0000
+++ bin/named/zoneconf.c
@@ -1214,7 +1214,7 @@ ns_zone_configure(const cfg_obj_t *confi
dns_zone_setoption(raw, DNS_ZONEOPT_IXFRFROMDIFFS,
ISC_TRUE);
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
- ISC_TRUE);
+ ISC_FALSE);
} else
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
ixfrdiff);
$NetBSD: patch-lib_dns_zone.c,v 1.1 2018/09/23 14:27:07 taca Exp $
* Backport change between BIND 9.11.4-P1 and 9.11.4-P2.
--- lib/dns/zone.c.orig 2018-07-24 17:26:47.000000000 +0000
+++ lib/dns/zone.c
@@ -1725,6 +1725,10 @@ dns_zone_isdynamic(dns_zone_t *zone, isc
(zone->type == dns_zone_redirect && zone->masters != NULL))
return (ISC_TRUE);
+ /* Inline zones are always dynamic. */
+ if (zone->type == dns_zone_master && zone->raw != NULL)
+ return (ISC_TRUE);
+
/* If !ignore_freeze, we need check whether updates are disabled. */
if (zone->type == dns_zone_master &&
(!zone->update_disabled || ignore_freeze) &&
@@ -1737,6 +1741,11 @@ dns_zone_isdynamic(dns_zone_t *zone, isc
}
/*
+ * Note: when dealing with inline-signed zones, external callers will always
+ * call zone_load() for the secure zone; zone_load() calls itself recursively
+ * in order to load the raw zone.
+ */
+/*
* Set the response policy index and information for a zone.
*/
isc_result_t
@@ -1830,6 +1839,28 @@ zone_load(dns_zone_t *zone, unsigned int
INSIST(zone != zone->raw);
hasraw = inline_secure(zone);
if (hasraw) {
+ /*
+ * We are trying to load an inline-signed zone. First call
+ * self recursively to try loading the raw version of the zone.
+ * Assuming the raw zone file is readable, there are two
+ * possibilities:
+ *
+ * a) the raw zone was not yet loaded and thus it will be
+ * loaded now, synchronously; if this succeeds, a
+ * subsequent attempt to load the signed zone file will
+ * take place and thus zone_postload() will be called
+ * twice: first for the raw zone and then for the secure
+ * zone; the latter call will take care of syncing the raw
+ * version with the secure version,
+ *
+ * b) the raw zone was already loaded and we are trying to
+ * reload it, which will happen asynchronously; this means
+ * zone_postload() will only be called for the raw zone
+ * because "result" returned by the zone_load() call below
+ * will not be ISC_R_SUCCESS but rather DNS_R_CONTINUE;
+ * zone_postload() called for the raw zone will take care
+ * of syncing the raw version with the secure version.
+ */
result = zone_load(zone->raw, flags, ISC_FALSE);
if (result != ISC_R_SUCCESS) {
if (!locked)
@@ -1869,7 +1900,7 @@ zone_load(dns_zone_t *zone, unsigned int
* zone being reloaded. Do nothing - the database
* we already have is guaranteed to be up-to-date.
*/
- if (zone->type == dns_zone_master)
+ if (zone->type == dns_zone_master && !hasraw)
result = DNS_R_DYNAMIC;
else
result = ISC_R_SUCCESS;
@@ -1912,7 +1943,6 @@ zone_load(dns_zone_t *zone, unsigned int
goto cleanup;
}
-
/*
* If the file modification time is in the past
* set loadtime to that value.
@@ -4401,11 +4431,13 @@ zone_postload(dns_zone_t *zone, dns_db_t
! DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOMERGE) &&
! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
{
- if (zone->type == dns_zone_master &&
- (zone->update_acl != NULL || zone->ssutable != NULL))
+ if (zone->type == dns_zone_master && (inline_secure(zone) ||
+ (zone->update_acl != NULL || zone->ssutable != NULL)))
+ {
options = DNS_JOURNALOPT_RESIGN;
- else
+ } else {
options = 0;
+ }
result = dns_journal_rollforward(zone->mctx, db, options,
zone->journal);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND &&
@@ -4547,14 +4579,14 @@ zone_postload(dns_zone_t *zone, dns_db_t
!isc_serial_gt(serial, oldserial)) {
isc_uint32_t serialmin, serialmax;
- INSIST(zone->type == dns_zone_master);
+ INSIST(zone->raw == NULL);
if (serial == oldserial &&
zone_unchanged(zone->db, db, zone->mctx)) {
dns_zone_log(zone, ISC_LOG_INFO,
"ixfr-from-differences: "
"unchanged");
- return(ISC_R_SUCCESS);
+ goto done;
}
serialmin = (oldserial + 1) & 0xffffffffU;
@@ -4778,8 +4810,7 @@ zone_postload(dns_zone_t *zone, dns_db_t
dns_db_issecure(db) ? " (DNSSEC signed)" : "");
zone->loadtime = loadtime;
- DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADPENDING);
- return (result);
+ goto done;
cleanup:
for (inc = ISC_LIST_HEAD(zone->newincludes);
@@ -4816,6 +4847,23 @@ zone_postload(dns_zone_t *zone, dns_db_t
result = ISC_R_SUCCESS;
}
+ done:
+ DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADPENDING);
+ /*
+ * If this is an inline-signed zone and we were called for the raw
+ * zone, we need to clear DNS_ZONEFLG_LOADPENDING for the secure zone
+ * as well, but only if this is a reload, not an initial zone load: in
+ * the former case, zone_postload() will not be run for the secure
+ * zone; in the latter case, it will be. Check which case we are
+ * dealing with by consulting the DNS_ZONEFLG_LOADED flag for the
+ * secure zone: if it is set, this must be a reload.
+ */
+ if (inline_raw(zone) &&
+ DNS_ZONE_FLAG(zone->secure, DNS_ZONEFLG_LOADED))
+ {
+ DNS_ZONE_CLRFLAG(zone->secure, DNS_ZONEFLG_LOADPENDING);
+ }
+
return (result);
}