Pullup ticket #6736 - requested by taca
net/bind918: security update
Revisions pulled up:
- net/bind918/Makefile 1.6
- net/bind918/PLIST 1.2
- net/bind918/distinfo 1.4
- net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh deleted
- net/bind918/patches/patch-lib_isc_siphash.c 1.2
- net/bind918/patches/patch-lib_isc_time.c 1.2
- net/bind918/patches/patch-lib_ns_update.c 1.2
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 8 00:13:44 UTC 2023
Modified Files:
pkgsrc/net/bind918: Makefile PLIST distinfo
pkgsrc/net/bind918/patches: patch-lib_isc_siphash.c
patch-lib_isc_time.c patch-lib_ns_update.c
Removed Files:
pkgsrc/net/bind918/patches:
patch-bin_tests_system_keyfromlabel_tests.sh
Log Message:
net/bind918: update to 9.18.11
Approved by MAINTAINER (sekiya@).
--- 9.18.11 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has been
nonfunctional for some time, is now marked as
obsolete and the implementation has been removed.
Configuring DSCP values in named.conf has no
effect, and a warning will be logged that
the feature should no longer be used. [GL #3773]
6061. [bug] Fix unexpected "Prohibited" extended DNS error
on allow-recursion. [GL #3743]
6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
by detaching from the zone manager outside of the write
lock. [GL #3768]
6059. [bug] In some serve stale scenarios, like when following an
expired CNAME record, named could return SERVFAIL if the
previous request wasn't successful. Consider non-stale
data when in serve-stale mode. [GL #3678]
6058. [bug] Prevent named from crashing when "rndc delzone"
attempts to delete a zone added by a catalog zone.
[GL #3745]
6053. [bug] Fix an ADB quota management bug in resolver. [GL #3752]
6051. [bug] Improve thread safety in the dns_dispatch unit.
[GL #3178] [GL #3636]
6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]
6049. [bug] Exclude ABD hashtables from the ADB memory
overmem checks and don't clean ADB names
and ADB entries used in the last 10 seconds
(ADB_CACHE_MINIMUM). [GL #3739]
6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]
6047. [bug] Try the next server instead of trying the same
server again on an outgoing query timeout.
[GL #3637]
6046. [bug] TLS session resumption might lead to handshake
failures when client certificates are used for
authentication (Mutual TLS). This has been fixed.
[GL #3725]
6045. [cleanup] The list of supported DNSSEC algorithms changed log
level from "warning" to "notice" to match named's other
startup messages. [GL !7217]
6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]
5830. [func] Implement incremental resizing of isc_ht hash tables to
perform the rehashing gradually. The catalog zone
implementation has been optimized to work with hundreds
of thousands of member zones. [GL #3212] [GL #3744]
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind918/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind918/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c \
pkgsrc/net/bind918/patches/patch-lib_isc_time.c \
pkgsrc/net/bind918/patches/patch-lib_ns_update.c
(spz)
diff -r1.3 -r1.3.2.1 pkgsrc/net/bind918/Makefile| @@ -1,32 +1,31 @@ | @@ -1,32 +1,31 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.3 2022/12/14 21:44:03 sekiya Exp $ | 1 | # $NetBSD: Makefile,v 1.3.2.1 2023/02/12 19:52:24 spz Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
| 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-P/pl/} | |
| 5 | PKGREVISION= 1 | |||
| 6 | CATEGORIES= net | 5 | CATEGORIES= net | |
| 7 | MASTER_SITES= https://downloads.isc.org/isc/bind9/${BIND_VERSION}/ | 6 | MASTER_SITES= https://downloads.isc.org/isc/bind9/${BIND_VERSION}/ | |
| 8 | EXTRACT_SUFX= .tar.xz | 7 | EXTRACT_SUFX= .tar.xz | |
| 9 | 8 | |||
| 10 | MAINTAINER= sekiya@NetBSD.org | 9 | MAINTAINER= sekiya@NetBSD.org | |
| 11 | HOMEPAGE= https://www.isc.org/software/bind/ | 10 | HOMEPAGE= https://www.isc.org/software/bind/ | |
| 12 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.18 | 11 | COMMENT= Berkeley Internet Name Daemon implementation of DNS, version 9.18 | |
| 13 | LICENSE= mpl-2.0 | 12 | LICENSE= mpl-2.0 | |
| 14 | 13 | |||
| 15 | CONFLICTS+= host-[0-9]* | 14 | CONFLICTS+= host-[0-9]* | |
| 16 | 15 | |||
| 17 | MAKE_JOBS_SAFE= no | 16 | MAKE_JOBS_SAFE= no | |
| 18 | 17 | |||
| 19 | BIND_VERSION= 9.18.9 | 18 | BIND_VERSION= 9.18.11 | |
| 20 | 19 | |||
| 21 | BUILD_DEFS+= BIND_DIR VARBASE | 20 | BUILD_DEFS+= BIND_DIR VARBASE | |
| 22 | 21 | |||
| 23 | .include "options.mk" | 22 | .include "options.mk" | |
| 24 | 23 | |||
| 25 | USE_TOOLS+= aclocal autoconf automake pax perl pkg-config | 24 | USE_TOOLS+= aclocal autoconf automake pax perl pkg-config | |
| 26 | USE_LIBTOOL= yes | 25 | USE_LIBTOOL= yes | |
| 27 | GNU_CONFIGURE= yes | 26 | GNU_CONFIGURE= yes | |
| 28 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | 27 | CHECK_FILES_SKIP= bin/tests/system/system-test-driver.sh | |
| 29 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | 28 | MAKE_ENV+= WRKDIR=${WRKDIR} PREFIX=${PREFIX} | |
| 30 | 29 | |||
| 31 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | 30 | .if ${OPSYS} == "Linux" && !exists(/usr/include/sys/capability.h) | |
| 32 | CONFIGURE_ARGS+= --disable-linux-caps | 31 | CONFIGURE_ARGS+= --disable-linux-caps |
| @@ -1,38 +1,37 @@ | @@ -1,38 +1,37 @@ | |||
| 1 | $NetBSD: distinfo,v 1.3 2022/12/12 22:07:04 sekiya Exp $ | 1 | $NetBSD: distinfo,v 1.3.2.1 2023/02/12 19:52:24 spz Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (bind-9.18.9.tar.xz) = 8c3f2dcb57205959f78c02fd32a12d0897050897af9136b58972fde41468ec55 | 3 | BLAKE2s (bind-9.18.11.tar.xz) = c4aae1223078ef089a3f35ae15e3ea552383d235b7a9dfe1c0423a958409891f | |
| 4 | SHA512 (bind-9.18.9.tar.xz) = 7d9bca47e29e8634416ab52819d78ce4ec6196c0dcbd9fe95a24687337f71c69b6472cf20bf49ea0ae1751a861944f354f9122acfb01780f51278ad4a3fdd817 | 4 | SHA512 (bind-9.18.11.tar.xz) = 1f71560efca3b6886d71861c76d4a11d59c28f0ffed684f040a59dd9c14be594985a3f15e6d610a4d88a40a16a19e259977d4a254e146469323d15587b23f3ad | |
| 5 | Size (bind-9.18.9.tar.xz) = 5281732 bytes | 5 | Size (bind-9.18.11.tar.xz) = 5284184 bytes | |
| 6 | SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1 | 6 | SHA1 (patch-bin_named_main.c) = 4e4a763c478f1fcecb7e65968cf6ca20dacf01f1 | |
| 7 | SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b | 7 | SHA1 (patch-bin_named_os.c) = 5ecb0883076575d8ac5fcad68f9daad6c9be0d0b | |
| 8 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | 8 | SHA1 (patch-bin_named_server.c) = 6e59d3f637ebb829eec2f76ba7c350fb5cf9be6d | |
| 9 | SHA1 (patch-bin_tests_system_keyfromlabel_tests.sh) = 63a1516b573adabe6ff2719532fd58bcf3ecd65b | |||
| 10 | SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36 | 9 | SHA1 (patch-config.h.in) = 6072793048cdf590863046355eeffa1d93524c36 | |
| 11 | SHA1 (patch-configure.ac) = a6f10aec356691ca1075262a3e87c809cd3a558a | 10 | SHA1 (patch-configure.ac) = a6f10aec356691ca1075262a3e87c809cd3a558a | |
| 12 | SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3 | 11 | SHA1 (patch-lib_dns_byaddr.c) = 647ddaaaf040233e18d1a87d83bc2bd63d2a20e3 | |
| 13 | SHA1 (patch-lib_dns_gssapi__link.c) = 72296598b0bdd2a57d0f38ecf1775e2898a041c6 | 12 | SHA1 (patch-lib_dns_gssapi__link.c) = 72296598b0bdd2a57d0f38ecf1775e2898a041c6 | |
| 14 | SHA1 (patch-lib_dns_include_dns_zone.h) = e6dfcd43430538ac2a39b217fcae0d81e4c4d163 | 13 | SHA1 (patch-lib_dns_include_dns_zone.h) = e6dfcd43430538ac2a39b217fcae0d81e4c4d163 | |
| 15 | SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3 | 14 | SHA1 (patch-lib_dns_lookup.c) = 6c7463aca16abf6bd578aba1733a3217608a39d3 | |
| 16 | SHA1 (patch-lib_dns_rbtdb.c) = e8d61e1ba613b2a2fdcd3ff077e2e5b6ce2e45b2 | 15 | SHA1 (patch-lib_dns_rbtdb.c) = e8d61e1ba613b2a2fdcd3ff077e2e5b6ce2e45b2 | |
| 17 | SHA1 (patch-lib_dns_request.c) = 4a9d0409afcf9f989aa9297efb97c578b4863d9c | 16 | SHA1 (patch-lib_dns_request.c) = 4a9d0409afcf9f989aa9297efb97c578b4863d9c | |
| 18 | SHA1 (patch-lib_dns_sdb.c) = ed447ec7a134e620765b25ee36124a19dfd9fab0 | 17 | SHA1 (patch-lib_dns_sdb.c) = ed447ec7a134e620765b25ee36124a19dfd9fab0 | |
| 19 | SHA1 (patch-lib_dns_sdlz.c) = 4fc15a577c64501c10c144eab147e54686e80309 | 18 | SHA1 (patch-lib_dns_sdlz.c) = 4fc15a577c64501c10c144eab147e54686e80309 | |
| 20 | SHA1 (patch-lib_dns_validator.c) = 03dd60d4c38be7248d1e07f2c29ddd543b5f7454 | 19 | SHA1 (patch-lib_dns_validator.c) = 03dd60d4c38be7248d1e07f2c29ddd543b5f7454 | |
| 21 | SHA1 (patch-lib_dns_view.c) = 5b092f0344b92d003f1fe1f28e4cc4c76b2505cf | 20 | SHA1 (patch-lib_dns_view.c) = 5b092f0344b92d003f1fe1f28e4cc4c76b2505cf | |
| 22 | SHA1 (patch-lib_dns_zone.c) = cd7bc1e76caf1d664393efa318786c2b33c000de | 21 | SHA1 (patch-lib_dns_zone.c) = cd7bc1e76caf1d664393efa318786c2b33c000de | |
| 23 | SHA1 (patch-lib_isc_app.c) = 8f9fd079d00d34f0d20e6d9e676446d322f9e0fb | 22 | SHA1 (patch-lib_isc_app.c) = 8f9fd079d00d34f0d20e6d9e676446d322f9e0fb | |
| 24 | SHA1 (patch-lib_isc_include_isc_netmgr.h) = 48ac44c6a9b81e6b442deba6c075653d3691464b | 23 | SHA1 (patch-lib_isc_include_isc_netmgr.h) = 48ac44c6a9b81e6b442deba6c075653d3691464b | |
| 25 | SHA1 (patch-lib_isc_net.c) = 743de2701fa96ef25e5689f40e381628cff641d5 | 24 | SHA1 (patch-lib_isc_net.c) = 743de2701fa96ef25e5689f40e381628cff641d5 | |
| 26 | SHA1 (patch-lib_isc_netmgr_netmgr-int.h) = d84993edf254605f85421fbdd2fc523255c7316d | 25 | SHA1 (patch-lib_isc_netmgr_netmgr-int.h) = d84993edf254605f85421fbdd2fc523255c7316d | |
| 27 | SHA1 (patch-lib_isc_netmgr_netmgr.c) = 3df1d37061f6ceb37e309a0dc4f782fc35863146 | 26 | SHA1 (patch-lib_isc_netmgr_netmgr.c) = 3df1d37061f6ceb37e309a0dc4f782fc35863146 | |
| 28 | SHA1 (patch-lib_isc_rwlock.c) = 1d114248ddee20db7a7429afab446f8b2f0dca82 | 27 | SHA1 (patch-lib_isc_rwlock.c) = 1d114248ddee20db7a7429afab446f8b2f0dca82 | |
| 29 | SHA1 (patch-lib_isc_siphash.c) = 8999deb002e4fdb6b13e6f297298ef73c97042c3 | 28 | SHA1 (patch-lib_isc_siphash.c) = 2dd80dde7bd8e869a3cf03c1699665b56eaaf866 | |
| 30 | SHA1 (patch-lib_isc_time.c) = 04719dce1ad7328909fd584104b7bc20170b3c5e | 29 | SHA1 (patch-lib_isc_time.c) = 22780fd25d89a0ece46ec1624b3977ca4c46281a | |
| 31 | SHA1 (patch-lib_isc_timer.c) = aea2019bbf3d84cad77af432a2bbdf0da8f2f893 | 30 | SHA1 (patch-lib_isc_timer.c) = aea2019bbf3d84cad77af432a2bbdf0da8f2f893 | |
| 32 | SHA1 (patch-lib_ns_Makefile.am) = a91e1713185c4366e96bf52ebee38e3b7e35a0c6 | 31 | SHA1 (patch-lib_ns_Makefile.am) = a91e1713185c4366e96bf52ebee38e3b7e35a0c6 | |
| 33 | SHA1 (patch-lib_ns_client.c) = 4093c82254321e6c6eaa40ea1cf738b3f9bda0bb | 32 | SHA1 (patch-lib_ns_client.c) = 4093c82254321e6c6eaa40ea1cf738b3f9bda0bb | |
| 34 | SHA1 (patch-lib_ns_include_ns_pfilter.h) = cc86752971b4f9f7492283c4ad3ff29bc1bae237 | 33 | SHA1 (patch-lib_ns_include_ns_pfilter.h) = cc86752971b4f9f7492283c4ad3ff29bc1bae237 | |
| 35 | SHA1 (patch-lib_ns_pfilter.c) = b0345f9b27e2bdd4f9a992cfc23616e027de4988 | 34 | SHA1 (patch-lib_ns_pfilter.c) = b0345f9b27e2bdd4f9a992cfc23616e027de4988 | |
| 36 | SHA1 (patch-lib_ns_query.c) = d947318dc6a261931928c4bf8b7f48efa9004a38 | 35 | SHA1 (patch-lib_ns_query.c) = d947318dc6a261931928c4bf8b7f48efa9004a38 | |
| 37 | SHA1 (patch-lib_ns_update.c) = 2fb3457da333143508d28420490cbc1cb69ddb19 | 36 | SHA1 (patch-lib_ns_update.c) = 941ca5601904e9b4cc5314148e955f5490a5d071 | |
| 38 | SHA1 (patch-lib_ns_xfrout.c) = 79d9e4add58ffd75ea9718f5501f1517e67416e3 | 37 | SHA1 (patch-lib_ns_xfrout.c) = 79d9e4add58ffd75ea9718f5501f1517e67416e3 |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.1 2022/12/11 01:57:55 sekiya Exp $ | 1 | @comment $NetBSD: PLIST,v 1.1.2.1 2023/02/12 19:52:24 spz Exp $ | |
| 2 | bin/arpaname | 2 | bin/arpaname | |
| 3 | bin/delv | 3 | bin/delv | |
| 4 | bin/dig | 4 | bin/dig | |
| 5 | bin/dnssec-cds | 5 | bin/dnssec-cds | |
| 6 | bin/dnssec-dsfromkey | 6 | bin/dnssec-dsfromkey | |
| 7 | bin/dnssec-importkey | 7 | bin/dnssec-importkey | |
| 8 | bin/dnssec-keyfromlabel | 8 | bin/dnssec-keyfromlabel | |
| 9 | bin/dnssec-keygen | 9 | bin/dnssec-keygen | |
| 10 | bin/dnssec-revoke | 10 | bin/dnssec-revoke | |
| 11 | bin/dnssec-settime | 11 | bin/dnssec-settime | |
| 12 | bin/dnssec-signzone | 12 | bin/dnssec-signzone | |
| 13 | bin/dnssec-verify | 13 | bin/dnssec-verify | |
| 14 | ${PLIST.dnstap}bin/dnstap-read | 14 | ${PLIST.dnstap}bin/dnstap-read | |
| @@ -243,39 +243,32 @@ include/ns/hooks.h | @@ -243,39 +243,32 @@ include/ns/hooks.h | |||
| 243 | include/ns/interfacemgr.h | 243 | include/ns/interfacemgr.h | |
| 244 | include/ns/listenlist.h | 244 | include/ns/listenlist.h | |
| 245 | include/ns/log.h | 245 | include/ns/log.h | |
| 246 | include/ns/notify.h | 246 | include/ns/notify.h | |
| 247 | include/ns/query.h | 247 | include/ns/query.h | |
| 248 | include/ns/server.h | 248 | include/ns/server.h | |
| 249 | include/ns/sortlist.h | 249 | include/ns/sortlist.h | |
| 250 | include/ns/stats.h | 250 | include/ns/stats.h | |
| 251 | include/ns/types.h | 251 | include/ns/types.h | |
| 252 | include/ns/update.h | 252 | include/ns/update.h | |
| 253 | include/ns/xfrout.h | 253 | include/ns/xfrout.h | |
| 254 | lib/bind/filter-a.la | 254 | lib/bind/filter-a.la | |
| 255 | lib/bind/filter-aaaa.la | 255 | lib/bind/filter-aaaa.la | |
| 256 | lib/libbind9-9.18.9.so | |||
| 257 | lib/libbind9.la | 256 | lib/libbind9.la | |
| 258 | lib/libdns-9.18.9.so | |||
| 259 | lib/libdns.la | 257 | lib/libdns.la | |
| 260 | lib/libirs-9.18.9.so | |||
| 261 | lib/libirs.la | 258 | lib/libirs.la | |
| 262 | lib/libisc-9.18.9.so | |||
| 263 | lib/libisc.la | 259 | lib/libisc.la | |
| 264 | lib/libisccc-9.18.9.so | |||
| 265 | lib/libisccc.la | 260 | lib/libisccc.la | |
| 266 | lib/libisccfg-9.18.9.so | |||
| 267 | lib/libisccfg.la | 261 | lib/libisccfg.la | |
| 268 | lib/libns-9.18.9.so | |||
| 269 | lib/libns.la | 262 | lib/libns.la | |
| 270 | man/man1/arpaname.1 | 263 | man/man1/arpaname.1 | |
| 271 | man/man1/delv.1 | 264 | man/man1/delv.1 | |
| 272 | man/man1/dig.1 | 265 | man/man1/dig.1 | |
| 273 | man/man1/dnssec-cds.1 | 266 | man/man1/dnssec-cds.1 | |
| 274 | man/man1/dnssec-dsfromkey.1 | 267 | man/man1/dnssec-dsfromkey.1 | |
| 275 | man/man1/dnssec-importkey.1 | 268 | man/man1/dnssec-importkey.1 | |
| 276 | man/man1/dnssec-keyfromlabel.1 | 269 | man/man1/dnssec-keyfromlabel.1 | |
| 277 | man/man1/dnssec-keygen.1 | 270 | man/man1/dnssec-keygen.1 | |
| 278 | man/man1/dnssec-revoke.1 | 271 | man/man1/dnssec-revoke.1 | |
| 279 | man/man1/dnssec-settime.1 | 272 | man/man1/dnssec-settime.1 | |
| 280 | man/man1/dnssec-signzone.1 | 273 | man/man1/dnssec-signzone.1 | |
| 281 | man/man1/dnssec-verify.1 | 274 | man/man1/dnssec-verify.1 |
| @@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
| 1 | $NetBSD: patch-lib_isc_siphash.c,v 1.1 2022/12/11 01:57:55 sekiya Exp $ | 1 | $NetBSD: patch-lib_isc_siphash.c,v 1.1.2.1 2023/02/12 19:52:24 spz Exp $ | |
| 2 | 2 | |||
| 3 | * Take from NetBSD base. | 3 | * Take from NetBSD base. | |
| 4 | 4 | |||
| 5 | --- lib/isc/siphash.c.orig 2021-09-07 09:37:05.000000000 +0000 | 5 | --- lib/isc/siphash.c.orig 2023-01-12 22:21:15.270402532 +0000 | |
| 6 | +++ lib/isc/siphash.c | 6 | +++ lib/isc/siphash.c | |
| 7 | @@ -90,8 +90,14 @@ isc_siphash24(const uint8_t *k, const ui | 7 | @@ -93,8 +93,14 @@ isc_siphash24(const uint8_t *k, const ui | |
| 8 | REQUIRE(k != NULL); | |||
| 9 | REQUIRE(out != NULL); | 8 | REQUIRE(out != NULL); | |
| 9 | REQUIRE(inlen == 0 || in != NULL); | |||
| 10 | 10 | |||
| 11 | - uint64_t k0 = U8TO64_LE(k); | 11 | - uint64_t k0 = U8TO64_LE(k); | |
| 12 | - uint64_t k1 = U8TO64_LE(k + 8); | 12 | - uint64_t k1 = U8TO64_LE(k + 8); | |
| 13 | + uint64_t k0; | 13 | + uint64_t k0; | |
| 14 | + uint64_t k1; | 14 | + uint64_t k1; | |
| 15 | + | 15 | + | |
| 16 | + memcpy(&k0, k, sizeof(k0)); | 16 | + memcpy(&k0, k, sizeof(k0)); | |
| 17 | + memcpy(&k1, k + sizeof(k0), sizeof(k1)); | 17 | + memcpy(&k1, k + sizeof(k0), sizeof(k1)); | |
| 18 | + | 18 | + | |
| 19 | + k0 = le64toh(k0); | 19 | + k0 = le64toh(k0); | |
| 20 | + k1 = le64toh(k1); | 20 | + k1 = le64toh(k1); | |
| 21 | 21 | |||
| 22 | uint64_t v0 = UINT64_C(0x736f6d6570736575) ^ k0; | 22 | uint64_t v0 = UINT64_C(0x736f6d6570736575) ^ k0; |
| @@ -1,29 +1,29 @@ | @@ -1,29 +1,29 @@ | |||
| 1 | $NetBSD: patch-lib_isc_time.c,v 1.1 2022/12/11 01:57:55 sekiya Exp $ | 1 | $NetBSD: patch-lib_isc_time.c,v 1.1.2.1 2023/02/12 19:52:24 spz Exp $ | |
| 2 | 2 | |||
| 3 | * More check time_t range. | 3 | * More check time_t range. | |
| 4 | 4 | |||
| 5 | --- lib/isc/time.c.orig 2020-05-06 09:59:35.000000000 +0000 | 5 | --- lib/isc/time.c.orig 2023-01-12 22:21:15.270402532 +0000 | |
| 6 | +++ lib/isc/time.c | 6 | +++ lib/isc/time.c | |
| 7 | @@ -285,7 +285,7 @@ isc_time_seconds(const isc_time_t *t) { | 7 | @@ -318,7 +318,7 @@ isc_time_seconds(const isc_time_t *t) { | |
| 8 | 8 | |||
| 9 | isc_result_t | 9 | isc_result_t | |
| 10 | isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp) { | 10 | isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp) { | |
| 11 | - time_t seconds; | 11 | - time_t seconds; | |
| 12 | + time_t seconds, i; | 12 | + time_t seconds, i; | |
| 13 | 13 | |||
| 14 | REQUIRE(t != NULL); | 14 | REQUIRE(t != NULL); | |
| 15 | INSIST(t->nanoseconds < NS_PER_S); | 15 | INSIST(t->nanoseconds < NS_PER_SEC); | |
| 16 | @@ -312,7 +312,18 @@ isc_time_secondsastimet(const isc_time_t | 16 | @@ -345,7 +345,18 @@ isc_time_secondsastimet(const isc_time_t | |
| 17 | INSIST(sizeof(unsigned int) == sizeof(uint32_t)); | 17 | INSIST(sizeof(unsigned int) == sizeof(uint32_t)); | |
| 18 | INSIST(sizeof(time_t) >= sizeof(uint32_t)); | 18 | INSIST(sizeof(time_t) >= sizeof(uint32_t)); | |
| 19 | 19 | |||
| 20 | - if (t->seconds > (~0U >> 1) && seconds <= (time_t)(~0U >> 1)) { | 20 | - if (t->seconds > (~0U >> 1) && seconds <= (time_t)(~0U >> 1)) { | |
| 21 | + if (sizeof(time_t) == sizeof(uint32_t) && /* Same size. */ | 21 | + if (sizeof(time_t) == sizeof(uint32_t) && /* Same size. */ | |
| 22 | + (time_t)0.5 != 0.5 && /* Not a floating point type. */ | 22 | + (time_t)0.5 != 0.5 && /* Not a floating point type. */ | |
| 23 | + (i = (time_t)-1) != 4294967295u && /* Is signed. */ | 23 | + (i = (time_t)-1) != 4294967295u && /* Is signed. */ | |
| 24 | + (seconds & | 24 | + (seconds & | |
| 25 | + (1ULL << (sizeof(time_t) * CHAR_BIT - 1))) != 0ULL) { /* Negative. */ | 25 | + (1ULL << (sizeof(time_t) * CHAR_BIT - 1))) != 0ULL) { /* Negative. */ | |
| 26 | + /* | 26 | + /* | |
| 27 | + * This UNUSED() is here to shut up the IRIX compiler: | 27 | + * This UNUSED() is here to shut up the IRIX compiler: | |
| 28 | + * variable "i" was set but never used | 28 | + * variable "i" was set but never used | |
| 29 | + * when the value of i *was* used in the third test. | 29 | + * when the value of i *was* used in the third test. |
| @@ -1,47 +1,47 @@ | @@ -1,47 +1,47 @@ | |||
| 1 | $NetBSD: patch-lib_ns_update.c,v 1.1 2022/12/11 01:57:55 sekiya Exp $ | 1 | $NetBSD: patch-lib_ns_update.c,v 1.1.2.1 2023/02/12 19:52:24 spz Exp $ | |
| 2 | 2 | |||
| 3 | * Based on NetBSD, add support for blocklist(blacklist). | 3 | * Based on NetBSD, add support for blocklist(blacklist). | |
| 4 | 4 | |||
| 5 | --- lib/ns/update.c.orig 2020-12-07 08:16:53.000000000 +0000 | 5 | --- lib/ns/update.c.orig 2023-01-12 22:21:15.274402517 +0000 | |
| 6 | +++ lib/ns/update.c | 6 | +++ lib/ns/update.c | |
| 7 | @@ -52,6 +52,10 @@ | 7 | @@ -55,6 +55,10 @@ | |
| 8 | #include <ns/stats.h> | 8 | #include <ns/stats.h> | |
| 9 | #include <ns/update.h> | 9 | #include <ns/update.h> | |
| 10 | 10 | |||
| 11 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | 11 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | |
| 12 | +#include <ns/pfilter.h> | 12 | +#include <ns/pfilter.h> | |
| 13 | +#endif | 13 | +#endif | |
| 14 | + | 14 | + | |
| 15 | /*! \file | 15 | /*! \file | |
| 16 | * \brief | 16 | * \brief | |
| 17 | * This module implements dynamic update as in RFC2136. | 17 | * This module implements dynamic update as in RFC2136. | |
| 18 | @@ -340,6 +344,9 @@ checkqueryacl(ns_client_t *client, dns_a | 18 | @@ -358,6 +362,9 @@ checkqueryacl(ns_client_t *client, dns_a | |
| 19 | ||||
| 20 | result = ns_client_checkaclsilent(client, NULL, queryacl, true); | |||
| 21 | if (result != ISC_R_SUCCESS) { | 19 | if (result != ISC_R_SUCCESS) { | |
| 20 | int level = update_possible ? ISC_LOG_ERROR : ISC_LOG_INFO; | |||
| 21 | ||||
| 22 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | 22 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | |
| 23 | + pfilter_notify(result, client, "queryacl"); | 23 | + pfilter_notify(result, client, "queryacl"); | |
| 24 | +#endif | 24 | +#endif | |
| 25 | dns_name_format(zonename, namebuf, sizeof(namebuf)); | 25 | dns_name_format(zonename, namebuf, sizeof(namebuf)); | |
| 26 | dns_rdataclass_format(client->view->rdclass, classbuf, | 26 | dns_rdataclass_format(client->view->rdclass, classbuf, | |
| 27 | sizeof(classbuf)); | 27 | sizeof(classbuf)); | |
| 28 | @@ -352,6 +359,9 @@ checkqueryacl(ns_client_t *client, dns_a | 28 | @@ -367,6 +374,9 @@ checkqueryacl(ns_client_t *client, dns_a | |
| 29 | "update '%s/%s' denied due to allow-query", | 29 | "update '%s/%s' denied due to allow-query", | |
| 30 | namebuf, classbuf); | 30 | namebuf, classbuf); | |
| 31 | } else if (updateacl == NULL && ssutable == NULL) { | 31 | } else if (!update_possible) { | |
| 32 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | 32 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | |
| 33 | + pfilter_notify(result, client, "updateacl"); | 33 | + pfilter_notify(result, client, "updateacl"); | |
| 34 | +#endif | 34 | +#endif | |
| 35 | dns_name_format(zonename, namebuf, sizeof(namebuf)); | 35 | dns_name_format(zonename, namebuf, sizeof(namebuf)); | |
| 36 | dns_rdataclass_format(client->view->rdclass, classbuf, | 36 | dns_rdataclass_format(client->view->rdclass, classbuf, | |
| 37 | sizeof(classbuf)); | 37 | sizeof(classbuf)); | |
| 38 | @@ -393,6 +403,9 @@ checkupdateacl(ns_client_t *client, dns_ | 38 | @@ -409,6 +419,9 @@ checkupdateacl(ns_client_t *client, dns_ | |
| 39 | msg = "disabled"; | 39 | msg = "disabled"; | |
| 40 | } else { | 40 | } else { | |
| 41 | result = ns_client_checkaclsilent(client, NULL, acl, false); | 41 | result = ns_client_checkaclsilent(client, NULL, acl, false); | |
| 42 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | 42 | +#if defined(HAVE_BLACKLIST_H) || defined(HAVE_BLOCKLIST_H) | |
| 43 | + pfilter_notify(result, client, "updateacl"); | 43 | + pfilter_notify(result, client, "updateacl"); | |
| 44 | +#endif | 44 | +#endif | |
| 45 | if (result == ISC_R_SUCCESS) { | 45 | if (result == ISC_R_SUCCESS) { | |
| 46 | level = ISC_LOG_DEBUG(3); | 46 | level = ISC_LOG_DEBUG(3); | |
| 47 | msg = "approved"; | 47 | msg = "approved"; |