Version in base suite: 9.18.33-1~deb12u2 Base version: bind9_9.18.33-1~deb12u2 Target version: bind9_9.18.41-1~deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/b/bind9/bind9_9.18.33-1~deb12u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/b/bind9/bind9_9.18.41-1~deb12u1.dsc ChangeLog | 34 Makefile.in | 66 NEWS | 13 SECURITY.md | 20 aclocal.m4 | 484 ar-lib | 14 bin/Makefile.in | 19 bin/check/Makefile.in | 44 bin/confgen/Makefile.in | 44 bin/delv/Makefile.in | 36 bin/delv/delv.c | 2 bin/dig/Makefile.in | 44 bin/dig/dig.c | 43 bin/dig/dig.rst | 9 bin/dig/dighost.c | 6 bin/dig/dighost.h | 9 bin/dnssec/Makefile.in | 44 bin/dnssec/dnssec-dsfromkey.c | 11 bin/dnssec/dnssec-dsfromkey.rst | 73 bin/dnssec/dnssec-keyfromlabel.c | 34 bin/dnssec/dnssec-keyfromlabel.rst | 34 bin/dnssec/dnssec-keygen.c | 51 bin/dnssec/dnssec-keygen.rst | 31 bin/dnssec/dnssec-signzone.c | 5 bin/dnssec/dnssec-signzone.rst | 9 bin/named/Makefile.in | 40 bin/named/config.c | 2 bin/named/dlz_dlopen_driver.c | 5 bin/named/main.c | 11 bin/named/named.rst | 2 bin/named/server.c | 148 bin/named/zoneconf.c | 23 bin/nsupdate/Makefile.in | 36 bin/plugins/Makefile.in | 40 bin/rndc/Makefile.in | 36 bin/tests/Makefile.in | 34 bin/tests/convert-trs-to-junit.py | 6 bin/tests/system/Makefile.in | 128 bin/tests/system/autosign/tests_sh_autosign.py | 4 bin/tests/system/cacheclean/tests.sh | 45 bin/tests/system/chain/ans3/ans.pl | 143 bin/tests/system/chain/ans3/ans.py | 217 bin/tests/system/chain/ans4/ans.py | 57 bin/tests/system/checkconf/kasp-deprecated.conf | 19 bin/tests/system/checkconf/tests.sh | 11 bin/tests/system/checkds/tests_checkds.py | 11 bin/tests/system/checkzone/tests.sh | 105 bin/tests/system/checkzone/zones/bad-cname-and-a.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-a6.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-aaaa.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-afsdb.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-apl.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-atma.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-atmrelay.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-avc.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-caa.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-cdnskey.db | 20 bin/tests/system/checkzone/zones/bad-cname-and-cds.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-cert.db | 20 bin/tests/system/checkzone/zones/bad-cname-and-csync.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-dhcid.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-dlv.db | 19 bin/tests/system/checkzone/zones/bad-cname-and-dname.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-doa.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-eid.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-eui48.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-eui64.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-gpos.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-hinfo.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-hip.db | 19 bin/tests/system/checkzone/zones/bad-cname-and-https.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-ipseckey.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-isdn.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-kx.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-l32.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-l64.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-loc.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-lp.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-md.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-mg.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-minfo.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-mx.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-naptr.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-nid.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-nimloc.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-ninfo.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-ns-soa.db | 16 bin/tests/system/checkzone/zones/bad-cname-and-nsap-ptr.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-nsap.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-opengpgkey.db | 20 bin/tests/system/checkzone/zones/bad-cname-and-ptr.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-px.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-resinfo.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-rkey.db | 20 bin/tests/system/checkzone/zones/bad-cname-and-rp.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-rt.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-sink.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-smimea.db | 20 bin/tests/system/checkzone/zones/bad-cname-and-spf.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-srv.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-sshfp.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-svcb.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-ta.db | 19 bin/tests/system/checkzone/zones/bad-cname-and-talink.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-tlsa.db | 20 bin/tests/system/checkzone/zones/bad-cname-and-txt.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-type54.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-type66.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-uri.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-wallet.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-wks.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-x25.db | 17 bin/tests/system/checkzone/zones/bad-cname-and-zonemd.db | 21 bin/tests/system/checkzone/zones/good-cname-and-key.db | 20 bin/tests/system/checkzone/zones/warn.deprecated.cds-sha1.db | 44 bin/tests/system/checkzone/zones/warn.deprecated.digest-sha1.db | 51 bin/tests/system/checkzone/zones/warn.deprecated.ds-alg.db | 51 bin/tests/system/checkzone/zones/warn.deprecated.key-alg.db | 53 bin/tests/system/checkzone/zones/warn.deprecated.nsec3rsasha1.db | 71 bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db | 71 bin/tests/system/conf.sh.common | 2 bin/tests/system/conftest.py | 68 bin/tests/system/cookie/ans9/ans.py | 25 bin/tests/system/cookie/tests.sh | 17 bin/tests/system/cookie/tests_sh_cookie.py | 1 bin/tests/system/cpu/tests.sh | 3 bin/tests/system/database/tests_database.py | 6 bin/tests/system/dialup/tests_dialup_zone_transfer.py | 3 bin/tests/system/digdelv/tests.sh | 59 bin/tests/system/dlzexternal/driver/Makefile.in | 33 bin/tests/system/dnssec/ans10/ans.py | 6 bin/tests/system/dnssec/ns1/root.db.in | 8 bin/tests/system/dnssec/ns1/sign.sh | 3 bin/tests/system/dnssec/ns2/child.ds-rrsigs-stripped.db.in | 27 bin/tests/system/dnssec/ns2/dnskey-rrsigs-stripped.db.in | 27 bin/tests/system/dnssec/ns2/ds-rrsigs-stripped.db.in | 29 bin/tests/system/dnssec/ns2/inconsistent.db.in | 24 bin/tests/system/dnssec/ns2/named.conf.in | 20 bin/tests/system/dnssec/ns2/sign.sh | 56 bin/tests/system/dnssec/ns4/named3.conf.in | 1 bin/tests/system/dnssec/ns9/named.conf.in | 1 bin/tests/system/dnssec/tests.sh | 134 bin/tests/system/dnssec/tests_sh_dnssec.py | 9 bin/tests/system/dnstap/tests_dnstap.py | 5 bin/tests/system/dnstap/tests_sh_dnstap.py | 3 bin/tests/system/doth/example.axfr.good | 3 bin/tests/system/doth/example8.axfr.good | 3 bin/tests/system/doth/tests_gnutls.py | 9 bin/tests/system/dsdigest/tests_dsdigest.py | 8 bin/tests/system/dyndb/driver/Makefile.in | 33 bin/tests/system/emptyzones/tests_emptyzones.py | 6 bin/tests/system/fetchlimit/tests_sh_fetchlimit.py | 4 bin/tests/system/genzone.sh | 28 bin/tests/system/glue/tests_glue.py | 5 bin/tests/system/hooks/driver/Makefile.in | 33 bin/tests/system/hooks/tests_async_plugin.py | 6 bin/tests/system/ifconfig.sh.in | 6 bin/tests/system/include-multiplecfg/tests_include_multiplecfg.py | 6 bin/tests/system/isctest/__init__.py | 6 bin/tests/system/isctest/check.py | 68 bin/tests/system/isctest/hypothesis/__init__.py | 24 bin/tests/system/isctest/hypothesis/strategies.py | 21 bin/tests/system/isctest/instance.py | 67 bin/tests/system/isctest/log/basic.py | 11 bin/tests/system/isctest/log/watchlog.py | 496 bin/tests/system/isctest/mark.py | 42 bin/tests/system/isctest/name.py | 192 bin/tests/system/isctest/query.py | 45 bin/tests/system/isctest/run.py | 46 bin/tests/system/isctest/util.py | 18 bin/tests/system/kasp/ns4/named.conf.in | 16 bin/tests/system/kasp/ns4/purgekeys1.conf | 28 bin/tests/system/kasp/ns4/purgekeys2.conf | 21 bin/tests/system/kasp/ns4/setup.sh | 19 bin/tests/system/kasp/tests.sh | 41 bin/tests/system/kasp/tests_sh_kasp.py | 2 bin/tests/system/keepalive/expected | 4 bin/tests/system/keepalive/tests.sh | 99 bin/tests/system/keepalive/tests_keepalive.py | 69 bin/tests/system/keepalive/tests_sh_keepalive.py | 24 bin/tests/system/keyfromlabel/prereq.sh | 21 bin/tests/system/keyfromlabel/setup.sh | 23 bin/tests/system/keyfromlabel/tests.sh | 91 bin/tests/system/keyfromlabel/tests_keyfromlabel.py | 199 bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py | 32 bin/tests/system/limits/tests_limits.py | 11 bin/tests/system/masterfile/tests_masterfile.py | 10 bin/tests/system/mirror-root-zone/ns1/named.conf.j2 | 28 bin/tests/system/mirror-root-zone/tests_mirror_root_zone.py | 27 bin/tests/system/mirror/tests.sh | 1 bin/tests/system/mkeys/tests_sh_mkeys.py | 3 bin/tests/system/names/tests.sh | 51 bin/tests/system/names/tests_names.py | 31 bin/tests/system/names/tests_sh_names.py | 22 bin/tests/system/nsec3-answer/ns1/named.conf.j2 | 31 bin/tests/system/nsec3-answer/ns1/root.db.in | 51 bin/tests/system/nsec3-answer/ns1/sign.sh | 34 bin/tests/system/nsec3-answer/ns2/named.conf.j2 | 39 bin/tests/system/nsec3-answer/setup.sh | 22 bin/tests/system/nsec3-answer/tests_nsec3.py | 415 bin/tests/system/nsupdate/tests_sh_nsupdate.py | 4 bin/tests/system/pipelined/ans5/ans.py | 12 bin/tests/system/qmin/ans2/ans.py | 97 bin/tests/system/qmin/ans3/ans.py | 17 bin/tests/system/qmin/ans4/ans.py | 34 bin/tests/system/qmin/tests.sh | 10 bin/tests/system/qmin/tests_sh_qmin.py | 4 bin/tests/system/reclimit/ns1/big.db | 4 bin/tests/system/reclimit/ns3/named5.conf.in | 4 bin/tests/system/reclimit/ns3/named6.conf.in | 4 bin/tests/system/reclimit/tests.sh | 50 bin/tests/system/reclimit/tests_sh_reclimit.py | 4 bin/tests/system/resolver/ans3/ans.pl | 12 bin/tests/system/resolver/tests.sh | 31 bin/tests/system/resolver/tests_sh_resolver.py | 1 bin/tests/system/rfc5011/ns1/named.conf.j2 | 32 bin/tests/system/rfc5011/tests_rfc5011.py | 32 bin/tests/system/rndc/tests.sh | 6 bin/tests/system/rndc/tests_cve-2023-3341.py | 5 bin/tests/system/rndc/tests_sh_rndc.py | 4 bin/tests/system/rpz/test2 | 4 bin/tests/system/rpz/tests.sh | 2 bin/tests/system/rpzextra/tests_rpzextra.py | 13 bin/tests/system/rrchecker/tests_rrchecker.py | 17 bin/tests/system/rrl/tests_sh_rrl.py | 4 bin/tests/system/rsabigexponent/tests_rsabigexponent.py | 2 bin/tests/system/run.sh | 6 bin/tests/system/runtime/tests.sh | 2 bin/tests/system/selftest/tests_zone_analyzer.py | 228 bin/tests/system/serve-stale/ans2/ans.pl | 9 bin/tests/system/serve-stale/tests.sh | 14 bin/tests/system/serve-stale/tests_sh_serve_stale.py | 1 bin/tests/system/shutdown/tests_shutdown.py | 2 bin/tests/system/start.pl | 5 bin/tests/system/statistics/tests_sh_statistics.py | 4 bin/tests/system/statschannel/tests.sh | 3 bin/tests/system/statschannel/tests_json.py | 2 bin/tests/system/statschannel/tests_xml.py | 2 bin/tests/system/stress/tests_stress_update.py | 4 bin/tests/system/tcp/ans6/ans.py | 4 bin/tests/system/timeouts/tests_tcp_timeouts.py | 3 bin/tests/system/tools/tests_tools_nsec3hash.py | 54 bin/tests/system/tsig/tests_tsig_hypothesis.py | 136 bin/tests/system/tsiggss/tests_isc_spnego_flaws.py | 13 bin/tests/system/ttl/tests_cache_ttl.py | 5 bin/tests/system/verify/tests_verify.py | 4 bin/tests/system/vulture_ignore_list.py | 12 bin/tests/system/wildcard/tests_wildcard.py | 20 bin/tests/system/xfer/dig1.good | 3 bin/tests/system/xfer/dig2.good | 3 bin/tests/system/xferquota/tests_xferquota.py | 15 bin/tests/wire_test.c | 2 bin/tools/Makefile.in | 36 bin/tools/named-rrchecker.c | 2 bin/tools/named-rrchecker.rst | 197 compile | 11 config.guess | 111 config.h.in | 187 config.sub | 942 + configure | 5792 ++++++---- configure.ac | 20 contrib/gitchangelog/gitchangelog.py | 3 debian/changelog | 23 debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch | 16 debian/patches/0003-Disable-RTLD_DEEPBIND-in-Samba-DLZ-module.patch | 4 depcomp | 15 doc/Makefile.in | 19 doc/arm/Makefile.in | 19 doc/arm/advanced.inc.rst | 9 doc/arm/build.inc.rst | 9 doc/arm/changelog.rst | 13 doc/arm/conf.py | 23 doc/arm/dnssec.inc.rst | 5 doc/arm/general.rst | 2 doc/arm/index.rst | 6 doc/arm/intro-dns-bind.inc.rst | 2 doc/arm/notes.rst | 8 doc/arm/pkcs11.inc.rst | 2 doc/arm/platforms.inc.rst | 15 doc/arm/reference.rst | 189 doc/arm/rpz.inc.rst | 6 doc/arm/troubleshooting.inc.rst | 2 doc/changelog/changelog-9.18.29-S1.rst | 11 doc/changelog/changelog-9.18.30-S1.rst | 11 doc/changelog/changelog-9.18.31-S1.rst | 11 doc/changelog/changelog-9.18.32-S1.rst | 11 doc/changelog/changelog-9.18.33-S1.rst | 11 doc/changelog/changelog-9.18.34.rst | 112 doc/changelog/changelog-9.18.35.rst | 134 doc/changelog/changelog-9.18.36.rst | 85 doc/changelog/changelog-9.18.37.rst | 26 doc/changelog/changelog-9.18.38.rst | 58 doc/changelog/changelog-9.18.39.rst | 84 doc/changelog/changelog-9.18.40.rst | 18 doc/changelog/changelog-9.18.41.rst | 148 doc/dnssec-guide/introduction.rst | 2 doc/dnssec-guide/preface.rst | 2 doc/dnssec-guide/validation.rst | 2 doc/man/Makefile.in | 30 doc/man/dig.1in | 10 doc/man/dnssec-dsfromkey.1in | 73 doc/man/dnssec-keyfromlabel.1in | 32 doc/man/dnssec-keygen.1in | 29 doc/man/dnssec-signzone.1in | 9 doc/man/named-rrchecker.1in | 317 doc/man/named.8in | 2 doc/man/named.conf.5in | 4 doc/misc/Makefile.in | 38 doc/misc/options | 4 doc/notes/notes-9.18.34.rst | 80 doc/notes/notes-9.18.35.rst | 52 doc/notes/notes-9.18.36.rst | 57 doc/notes/notes-9.18.37.rst | 13 doc/notes/notes-9.18.38.rst | 51 doc/notes/notes-9.18.39.rst | 66 doc/notes/notes-9.18.40.rst | 18 doc/notes/notes-9.18.41.rst | 106 fuzz/Makefile.in | 104 install-sh | 14 lib/Makefile.in | 19 lib/bind9/Makefile.in | 40 lib/dns/Makefile.am | 7 lib/dns/Makefile.in | 59 lib/dns/adb.c | 135 lib/dns/byaddr.c | 8 lib/dns/client.c | 11 lib/dns/dispatch.c | 4 lib/dns/dnsrps.c | 2 lib/dns/dnssec.c | 53 lib/dns/dst_api.c | 4 lib/dns/include/dns/db.h | 13 lib/dns/include/dns/ds.h | 2 lib/dns/include/dns/dsync.h | 27 lib/dns/include/dns/keymgr.h | 13 lib/dns/include/dns/keyvalues.h | 143 lib/dns/include/dns/librpz.h | 21 lib/dns/include/dns/message.h | 11 lib/dns/include/dns/rdataset.h | 5 lib/dns/include/dns/types.h | 1 lib/dns/include/dns/view.h | 6 lib/dns/include/dns/zone.h | 72 lib/dns/include/dst/dst.h | 4 lib/dns/key.c | 3 lib/dns/keymgr.c | 26 lib/dns/keytable.c | 2 lib/dns/masterdump.c | 22 lib/dns/message.c | 97 lib/dns/ncache.c | 2 lib/dns/nsec3.c | 6 lib/dns/rbtdb.c | 341 lib/dns/rcode.c | 43 lib/dns/rdata.c | 4 lib/dns/rdata/any_255/tsig_250.c | 4 lib/dns/rdata/ch_3/a_1.c | 4 lib/dns/rdata/generic/afsdb_18.c | 4 lib/dns/rdata/generic/amtrelay_260.c | 4 lib/dns/rdata/generic/avc_258.c | 4 lib/dns/rdata/generic/brid_68.c | 214 lib/dns/rdata/generic/brid_68.h | 21 lib/dns/rdata/generic/caa_257.c | 4 lib/dns/rdata/generic/cdnskey_60.c | 4 lib/dns/rdata/generic/cds_59.c | 4 lib/dns/rdata/generic/cert_37.c | 4 lib/dns/rdata/generic/cname_5.c | 4 lib/dns/rdata/generic/csync_62.c | 4 lib/dns/rdata/generic/dlv_32769.c | 4 lib/dns/rdata/generic/dname_39.c | 4 lib/dns/rdata/generic/dnskey_48.c | 4 lib/dns/rdata/generic/doa_259.c | 4 lib/dns/rdata/generic/ds_43.c | 4 lib/dns/rdata/generic/dsync_66.c | 359 lib/dns/rdata/generic/dsync_66.h | 24 lib/dns/rdata/generic/eui48_108.c | 4 lib/dns/rdata/generic/eui64_109.c | 4 lib/dns/rdata/generic/gpos_27.c | 4 lib/dns/rdata/generic/hhit_67.c | 214 lib/dns/rdata/generic/hhit_67.h | 21 lib/dns/rdata/generic/hinfo_13.c | 4 lib/dns/rdata/generic/hip_55.c | 4 lib/dns/rdata/generic/ipseckey_45.c | 4 lib/dns/rdata/generic/isdn_20.c | 4 lib/dns/rdata/generic/key_25.c | 4 lib/dns/rdata/generic/keydata_65533.c | 4 lib/dns/rdata/generic/l32_105.c | 4 lib/dns/rdata/generic/l64_106.c | 4 lib/dns/rdata/generic/loc_29.c | 4 lib/dns/rdata/generic/lp_107.c | 4 lib/dns/rdata/generic/mb_7.c | 4 lib/dns/rdata/generic/md_3.c | 4 lib/dns/rdata/generic/mf_4.c | 4 lib/dns/rdata/generic/mg_8.c | 4 lib/dns/rdata/generic/minfo_14.c | 4 lib/dns/rdata/generic/mr_9.c | 4 lib/dns/rdata/generic/mx_15.c | 4 lib/dns/rdata/generic/naptr_35.c | 4 lib/dns/rdata/generic/nid_104.c | 4 lib/dns/rdata/generic/ninfo_56.c | 4 lib/dns/rdata/generic/ns_2.c | 4 lib/dns/rdata/generic/nsec3_50.c | 4 lib/dns/rdata/generic/nsec3param_51.c | 4 lib/dns/rdata/generic/nsec_47.c | 4 lib/dns/rdata/generic/null_10.c | 4 lib/dns/rdata/generic/nxt_30.c | 4 lib/dns/rdata/generic/openpgpkey_61.c | 4 lib/dns/rdata/generic/opt_41.c | 6 lib/dns/rdata/generic/ptr_12.c | 4 lib/dns/rdata/generic/resinfo_261.c | 4 lib/dns/rdata/generic/rkey_57.c | 4 lib/dns/rdata/generic/rp_17.c | 4 lib/dns/rdata/generic/rrsig_46.c | 102 lib/dns/rdata/generic/rt_21.c | 4 lib/dns/rdata/generic/sig_24.c | 31 lib/dns/rdata/generic/sink_40.c | 4 lib/dns/rdata/generic/smimea_53.c | 4 lib/dns/rdata/generic/soa_6.c | 4 lib/dns/rdata/generic/spf_99.c | 4 lib/dns/rdata/generic/sshfp_44.c | 4 lib/dns/rdata/generic/ta_32768.c | 4 lib/dns/rdata/generic/talink_58.c | 4 lib/dns/rdata/generic/tkey_249.c | 4 lib/dns/rdata/generic/tlsa_52.c | 4 lib/dns/rdata/generic/txt_16.c | 4 lib/dns/rdata/generic/uri_256.c | 4 lib/dns/rdata/generic/wallet_262.c | 4 lib/dns/rdata/generic/x25_19.c | 4 lib/dns/rdata/generic/zonemd_63.c | 4 lib/dns/rdata/hs_4/a_1.c | 4 lib/dns/rdata/in_1/a6_38.c | 4 lib/dns/rdata/in_1/a_1.c | 4 lib/dns/rdata/in_1/aaaa_28.c | 4 lib/dns/rdata/in_1/apl_42.c | 4 lib/dns/rdata/in_1/atma_34.c | 4 lib/dns/rdata/in_1/dhcid_49.c | 4 lib/dns/rdata/in_1/eid_31.c | 4 lib/dns/rdata/in_1/kx_36.c | 4 lib/dns/rdata/in_1/nimloc_32.c | 4 lib/dns/rdata/in_1/nsap-ptr_23.c | 4 lib/dns/rdata/in_1/nsap_22.c | 4 lib/dns/rdata/in_1/px_26.c | 4 lib/dns/rdata/in_1/srv_33.c | 4 lib/dns/rdata/in_1/svcb_64.c | 4 lib/dns/rdata/in_1/wks_11.c | 4 lib/dns/rdatalist.c | 2 lib/dns/rdataset.c | 4 lib/dns/resolver.c | 693 - lib/dns/rpz.c | 11 lib/dns/sdb.c | 2 lib/dns/sdlz.c | 2 lib/dns/stats.c | 22 lib/dns/tkey.c | 7 lib/dns/ttl.c | 10 lib/dns/validator.c | 224 lib/dns/view.c | 21 lib/dns/zone.c | 350 lib/irs/Makefile.in | 40 lib/irs/resconf.c | 2 lib/isc/Makefile.in | 48 lib/isc/include/isc/attributes.h | 6 lib/isc/include/isc/random.h | 2 lib/isc/include/isc/sockaddr.h | 8 lib/isc/mem.c | 4 lib/isc/netaddr.c | 4 lib/isc/netmgr/http.c | 216 lib/isc/netmgr/netmgr-int.h | 7 lib/isc/netmgr/tlsdns.c | 40 lib/isc/os.c | 6 lib/isc/picohttpparser.c | 41 lib/isc/quota.c | 26 lib/isc/radix.c | 2 lib/isc/random.c | 225 lib/isc/result.c | 6 lib/isc/rwlock.c | 18 lib/isc/sockaddr.c | 35 lib/isc/string.c | 6 lib/isccc/Makefile.in | 40 lib/isccfg/Makefile.in | 40 lib/isccfg/kaspconf.c | 14 lib/isccfg/namedconf.c | 5 lib/isccfg/parser.c | 6 lib/ns/Makefile.in | 40 lib/ns/client.c | 23 lib/ns/include/ns/query.h | 1 lib/ns/include/ns/server.h | 35 lib/ns/interfacemgr.c | 6 lib/ns/query.c | 42 lib/ns/update.c | 6 ltmain.sh | 749 - m4/libtool.m4 | 448 m4/ltoptions.m4 | 106 m4/ltsugar.m4 | 2 m4/ltversion.m4 | 12 m4/lt~obsolete.m4 | 2 missing | 75 srcid | 2 test-driver | 15 tests/Makefile.in | 28 tests/dns/Makefile.in | 98 tests/dns/dst_test.c | 4 tests/dns/name_test.c | 4 tests/dns/private_test.c | 2 tests/dns/rdata_test.c | 143 tests/irs/Makefile.in | 96 tests/isc/Makefile.in | 96 tests/isc/crc64_test.c | 2 tests/isc/hmac_test.c | 2 tests/isc/md_test.c | 2 tests/isc/random_test.c | 4 tests/isc/task_test.c | 12 tests/isccfg/Makefile.in | 96 tests/libtest/Makefile.in | 95 tests/ns/Makefile.am | 4 tests/ns/Makefile.in | 116 tests/ns/netmgr_wrap.c | 28 util/check-make-install.in | 61 util/check-make-install.sh.in | 61 515 files changed, 17522 insertions(+), 7234 deletions(-) diff -Nru bind9-9.18.33/ChangeLog bind9-9.18.41/ChangeLog --- bind9-9.18.33/ChangeLog 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/ChangeLog 2025-10-18 10:21:03.052258742 +0000 @@ -0,0 +1,34 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +.. _changelog: + +Changelog +========= + +.. note:: The following list contains detailed information about BIND 9 + development. Regular users should refer to :ref:`Release Notes ` + for changes relevant to them. + +.. include:: ../changelog/changelog-9.18.41.rst +.. include:: ../changelog/changelog-9.18.40.rst +.. include:: ../changelog/changelog-9.18.39.rst +.. include:: ../changelog/changelog-9.18.38.rst +.. include:: ../changelog/changelog-9.18.37.rst +.. include:: ../changelog/changelog-9.18.36.rst +.. include:: ../changelog/changelog-9.18.35.rst +.. include:: ../changelog/changelog-9.18.34.rst +.. include:: ../changelog/changelog-9.18.33.rst +.. include:: ../changelog/changelog-9.18.32.rst +.. include:: ../changelog/changelog-9.18.31.rst +.. include:: ../changelog/changelog-9.18.30.rst +.. include:: ../changelog/changelog-9.18.29.rst +.. include:: ../changelog/changelog-history.rst diff -Nru bind9-9.18.33/Makefile.in bind9-9.18.41/Makefile.in --- bind9-9.18.33/Makefile.in 2025-01-20 13:40:38.022377890 +0000 +++ bind9-9.18.41/Makefile.in 2025-10-18 10:21:42.748294270 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -121,7 +123,7 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = doc/doxygen/doxygen-input-filter \ - util/check-make-install + util/check-make-install.sh CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -172,10 +174,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(sysconfdir)" DATA = $(dist_sysconf_DATA) @@ -211,16 +212,16 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(top_srcdir)/Makefile.top \ $(top_srcdir)/doc/doxygen/doxygen-input-filter.in \ - $(top_srcdir)/util/check-make-install.in AUTHORS COPYING NEWS \ - README.md ar-lib compile config.guess config.sub install-sh \ - ltmain.sh missing + $(top_srcdir)/util/check-make-install.sh.in AUTHORS COPYING \ + ChangeLog NEWS README.md ar-lib compile config.guess \ + config.sub install-sh ltmain.sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ - find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -rf "$(distdir)" \ + find "$(distdir)" -type d ! -perm -700 -exec chmod u+rwx {} ';' \ + ; rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) @@ -249,7 +250,7 @@ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" -GZIP_ENV = --best +GZIP_ENV = -9 DIST_ARCHIVES = $(distdir).tar.xz DIST_TARGETS = dist-xz # Exists only to be overridden by the user if desired. @@ -257,7 +258,9 @@ distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' -distcleancheck_listfiles = find . -type f -print +distcleancheck_listfiles = \ + find . \( -type f -a \! \ + \( -name .nfs* -o -name .smb* -o -name .__afs* \) \) -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ @@ -409,8 +412,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -574,18 +579,18 @@ @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status - @rm -f stamp-h1 - cd $(top_builddir) && $(SHELL) ./config.status config.h + $(AM_V_at)rm -f stamp-h1 + $(AM_V_GEN)cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) - rm -f stamp-h1 - touch $@ + $(AM_V_GEN)($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + $(AM_V_at)rm -f stamp-h1 + $(AM_V_at)touch $@ distclean-hdr: -rm -f config.h stamp-h1 doc/doxygen/doxygen-input-filter: $(top_builddir)/config.status $(top_srcdir)/doc/doxygen/doxygen-input-filter.in cd $(top_builddir) && $(SHELL) ./config.status $@ -util/check-make-install: $(top_builddir)/config.status $(top_srcdir)/util/check-make-install.in +util/check-make-install.sh: $(top_builddir)/config.status $(top_srcdir)/util/check-make-install.sh.in cd $(top_builddir) && $(SHELL) ./config.status $@ mostlyclean-libtool: @@ -731,7 +736,7 @@ distdir-am: $(DISTFILES) $(am__remove_distdir) - test -d "$(distdir)" || mkdir "$(distdir)" + $(AM_V_at)$(MKDIR_P) "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -844,7 +849,7 @@ distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -854,7 +859,7 @@ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ *.tar.zst*) \ @@ -958,16 +963,16 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + -$(am__rm_f) $(CLEANFILES) distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) + -$(am__rm_f) $(BUILT_SOURCES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am @@ -1087,3 +1092,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/NEWS bind9-9.18.41/NEWS --- bind9-9.18.33/NEWS 2025-01-20 13:39:31.178355493 +0000 +++ bind9-9.18.41/NEWS 2025-10-18 10:21:03.052258742 +0000 @@ -18,14 +18,17 @@ development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. -.. include:: ../changelog/changelog-9.18.33-S1.rst +.. include:: ../changelog/changelog-9.18.41.rst +.. include:: ../changelog/changelog-9.18.40.rst +.. include:: ../changelog/changelog-9.18.39.rst +.. include:: ../changelog/changelog-9.18.38.rst +.. include:: ../changelog/changelog-9.18.37.rst +.. include:: ../changelog/changelog-9.18.36.rst +.. include:: ../changelog/changelog-9.18.35.rst +.. include:: ../changelog/changelog-9.18.34.rst .. include:: ../changelog/changelog-9.18.33.rst -.. include:: ../changelog/changelog-9.18.32-S1.rst .. include:: ../changelog/changelog-9.18.32.rst -.. include:: ../changelog/changelog-9.18.31-S1.rst .. include:: ../changelog/changelog-9.18.31.rst -.. include:: ../changelog/changelog-9.18.30-S1.rst .. include:: ../changelog/changelog-9.18.30.rst -.. include:: ../changelog/changelog-9.18.29-S1.rst .. include:: ../changelog/changelog-9.18.29.rst .. include:: ../changelog/changelog-history.rst diff -Nru bind9-9.18.33/SECURITY.md bind9-9.18.41/SECURITY.md --- bind9-9.18.33/SECURITY.md 2025-01-20 13:39:30.925351043 +0000 +++ bind9-9.18.41/SECURITY.md 2025-10-18 10:21:02.790251738 +0000 @@ -17,10 +17,12 @@ ## Reporting possible security issues -If you think you may be seeing a potential security vulnerability in -BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure), -please report it immediately by [opening a confidential GitLab issue][2] -(preferred) or emailing bind-security@isc.org. +If you think you may be seeing a potential security vulnerability in BIND (for +example, a crash with a REQUIRE, INSIST, or ASSERT failure), please report it +immediately by [opening a confidential GitLab issue][2]. If a GitLab issue is +not an option, please use the template from the file +.gitlab/issue_templates/Security_issue.mde-mail and send it to +bind-security@isc.org. Please do not discuss undisclosed security vulnerabilities on any public mailing list. ISC has a long history of handling reported @@ -30,6 +32,14 @@ If you have a crash, you may want to consult the Knowledgebase article entitled ["What to do if your BIND or DHCP server has crashed"][3]. +## Reporting bugs + +We are working with the interests of the greater Internet at heart, and +we hope you are too. In that vein, we do not offer bug bounties. If you +think you have found a bug in any ISC software, we encourage you to +[report it responsibly][2]; if verified, we will be happy to credit you +in our Release Notes. + [1]: https://kb.isc.org/docs/aa-00861 -[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug +[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Security_issue [3]: https://kb.isc.org/docs/aa-00340 diff -Nru bind9-9.18.33/aclocal.m4 bind9-9.18.41/aclocal.m4 --- bind9-9.18.33/aclocal.m4 2025-01-20 13:40:36.459353264 +0000 +++ bind9-9.18.41/aclocal.m4 2025-10-18 10:21:41.444260544 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.5 -*- Autoconf -*- +# generated automatically by aclocal 1.17 -*- Autoconf -*- -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,8 +14,8 @@ m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],, -[m4_warning([this file was generated for autoconf 2.71. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.72],, +[m4_warning([this file was generated for autoconf 2.72. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) @@ -364,7 +364,7 @@ [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])]) ])dnl PKG_HAVE_DEFINE_WITH_MODULES -# Copyright (C) 2002-2021 Free Software Foundation, Inc. +# Copyright (C) 2002-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -376,10 +376,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.16' +[am__api_version='1.17' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.5], [], +m4_if([$1], [1.17], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -395,12 +395,12 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.5])dnl +[AM_AUTOMAKE_VERSION([1.17])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) -# Copyright (C) 2011-2021 Free Software Foundation, Inc. +# Copyright (C) 2011-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -414,16 +414,18 @@ AC_DEFUN([AM_PROG_AR], [AC_BEFORE([$0], [LT_INIT])dnl AC_BEFORE([$0], [AC_PROG_LIBTOOL])dnl +AC_BEFORE([$0], [AC_PROG_AR])dnl AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([ar-lib])dnl AC_CHECK_TOOLS([AR], [ar lib "link -lib"], [false]) : ${AR=ar} +: ${ARFLAGS=cr} AC_CACHE_CHECK([the archiver ($AR) interface], [am_cv_ar_interface], [AC_LANG_PUSH([C]) am_cv_ar_interface=ar AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int some_variable = 0;]])], - [am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&AS_MESSAGE_LOG_FD' + [am_ar_try='$AR $ARFLAGS libconftest.a conftest.$ac_objext >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([am_ar_try]) if test "$ac_status" -eq 0; then am_cv_ar_interface=ar @@ -462,7 +464,7 @@ # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -514,7 +516,7 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2021 Free Software Foundation, Inc. +# Copyright (C) 1997-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -545,7 +547,7 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -677,7 +679,7 @@ # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: + # When given -MP, icc 7.0 and 7.1 complain thus: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported @@ -736,7 +738,7 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -804,7 +806,7 @@ # AM_EXTRA_RECURSIVE_TARGETS -*- Autoconf -*- -# Copyright (C) 2012-2021 Free Software Foundation, Inc. +# Copyright (C) 2012-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -821,7 +823,7 @@ # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -955,7 +957,7 @@ fi AC_SUBST([CSCOPE]) -AC_REQUIRE([AM_SILENT_RULES])dnl +AC_REQUIRE([_AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. @@ -963,47 +965,9 @@ [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl -# POSIX will say in a future version that running "rm -f" with no argument -# is OK; and we want to be able to make that assumption in our Makefile -# recipes. So use an aggressive probe to check that the usage we want is -# actually supported "in the wild" to an acceptable degree. -# See automake bug#10828. -# To make any issue more visible, cause the running configure to be aborted -# by default if the 'rm' program in use doesn't match our expectations; the -# user can still override this though. -if rm -f && rm -fr && rm -rf; then : OK; else - cat >&2 <<'END' -Oops! - -Your 'rm' program seems unable to run without file operands specified -on the command line, even when the '-f' option is present. This is contrary -to the behaviour of most rm programs out there, and not conforming with -the upcoming POSIX standard: - -Please tell bug-automake@gnu.org about your system, including the value -of your $PATH and any error possibly output before this message. This -can help us improve future automake versions. +AC_REQUIRE([_AM_PROG_RM_F]) +AC_REQUIRE([_AM_PROG_XARGS_N]) -END - if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then - echo 'Configuration will proceed anyway, since you have set the' >&2 - echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 - echo >&2 - else - cat >&2 <<'END' -Aborting the configuration process, to ensure you take notice of the issue. - -You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . - -If you want to complete the configuration process using your problematic -'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM -to "yes", and re-run configure. - -END - AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) - fi -fi dnl The trailing newline in this macro's definition is deliberate, for dnl backward compatibility and to allow trailing 'dnl'-style comments dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. @@ -1036,7 +1000,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1057,7 +1021,7 @@ fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2021 Free Software Foundation, Inc. +# Copyright (C) 2003-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1079,7 +1043,7 @@ # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1114,7 +1078,7 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1157,7 +1121,7 @@ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2021 Free Software Foundation, Inc. +# Copyright (C) 1997-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1191,7 +1155,7 @@ # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1220,7 +1184,7 @@ AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1267,7 +1231,7 @@ # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1301,10 +1265,12 @@ dnl Find a Python interpreter. Python versions prior to 2.0 are not dnl supported. (2.0 was released on October 16, 2000). m4_define_default([_AM_PYTHON_INTERPRETER_LIST], -[python python2 python3 dnl - python3.11 python3.10 dnl +[python python3 dnl + python3.20 python3.19 python3.18 python3.17 python3.16 dnl + python3.15 python3.14 python3.13 python3.12 python3.11 python3.10 dnl python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl python3.2 python3.1 python3.0 dnl + python2 dnl python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl python2.0]) @@ -1499,15 +1465,29 @@ if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': can_use_sysconfig = 0 except ImportError: - pass" + pass" # end of am_python_setup_sysconfig + + # More repeated code, for figuring out the installation scheme to use. + am_python_setup_scheme="if hasattr(sysconfig, 'get_default_scheme'): + scheme = sysconfig.get_default_scheme() + else: + scheme = sysconfig._get_default_scheme() + if scheme == 'posix_local': + if '$am_py_prefix' == '/usr': + scheme = 'deb_system' # should only happen during Debian package builds + else: + # Debian's default scheme installs to /usr/local/ but we want to + # follow the prefix, as we always have. + # See bugs#54412, #64837, et al. + scheme = 'posix_prefix'" # end of am_python_setup_scheme dnl emacs-page Set up 4 directories: dnl 1. pythondir: where to install python scripts. This is the dnl site-packages directory, not the python standard library - dnl directory like in previous automake betas. This behavior + dnl directory as in early automake betas. This behavior dnl is more consistent with lispdir.m4 for example. - dnl Query distutils for this directory. + dnl Query sysconfig or distutils (per above) for this directory. dnl AC_CACHE_CHECK([for $am_display_PYTHON script directory (pythondir)], [am_cv_python_pythondir], @@ -1519,14 +1499,11 @@ am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: - if hasattr(sysconfig, 'get_default_scheme'): - scheme = sysconfig.get_default_scheme() - else: - scheme = sysconfig._get_default_scheme() - if scheme == 'posix_local': - # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ - scheme = 'posix_prefix' - sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'}) + try: + $am_python_setup_scheme + sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'}) + except: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') @@ -1556,7 +1533,8 @@ dnl 3. pyexecdir: directory for installing python extension modules dnl (shared libraries). - dnl Query distutils for this directory. + dnl Query sysconfig or distutils for this directory. + dnl Much of this is the same as for prefix setup above. dnl AC_CACHE_CHECK([for $am_display_PYTHON extension module directory (pyexecdir)], [am_cv_python_pyexecdir], @@ -1568,14 +1546,11 @@ am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: - if hasattr(sysconfig, 'get_default_scheme'): - scheme = sysconfig.get_default_scheme() - else: - scheme = sysconfig._get_default_scheme() - if scheme == 'posix_local': - # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ - scheme = 'posix_prefix' - sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'}) + try: + $am_python_setup_scheme + sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'}) + except: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_exec_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix') @@ -1626,7 +1601,23 @@ sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# Copyright (C) 2022-2024 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_RM_F +# --------------- +# Check whether 'rm -f' without any arguments works. +# https://bugs.gnu.org/10828 +AC_DEFUN([_AM_PROG_RM_F], +[am__rm_f_notfound= +AS_IF([(rm -f && rm -fr && rm -rf) 2>/dev/null], [], [am__rm_f_notfound='""']) +AC_SUBST(am__rm_f_notfound) +]) + +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1645,16 +1636,169 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2021 Free Software Foundation, Inc. +# Copyright (C) 1996-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# _AM_SLEEP_FRACTIONAL_SECONDS +# ---------------------------- +AC_DEFUN([_AM_SLEEP_FRACTIONAL_SECONDS], [dnl +AC_CACHE_CHECK([whether sleep supports fractional seconds], + am_cv_sleep_fractional_seconds, [dnl +AS_IF([sleep 0.001 2>/dev/null], [am_cv_sleep_fractional_seconds=yes], + [am_cv_sleep_fractional_seconds=no]) +])]) + +# _AM_FILESYSTEM_TIMESTAMP_RESOLUTION +# ----------------------------------- +# Determine the filesystem's resolution for file modification +# timestamps. The coarsest we know of is FAT, with a resolution +# of only two seconds, even with the most recent "exFAT" extensions. +# The finest (e.g. ext4 with large inodes, XFS, ZFS) is one +# nanosecond, matching clock_gettime. However, it is probably not +# possible to delay execution of a shell script for less than one +# millisecond, due to process creation overhead and scheduling +# granularity, so we don't check for anything finer than that. (See below.) +AC_DEFUN([_AM_FILESYSTEM_TIMESTAMP_RESOLUTION], [dnl +AC_REQUIRE([_AM_SLEEP_FRACTIONAL_SECONDS]) +AC_CACHE_CHECK([filesystem timestamp resolution], + am_cv_filesystem_timestamp_resolution, [dnl +# Default to the worst case. +am_cv_filesystem_timestamp_resolution=2 + +# Only try to go finer than 1 sec if sleep can do it. +# Don't try 1 sec, because if 0.01 sec and 0.1 sec don't work, +# - 1 sec is not much of a win compared to 2 sec, and +# - it takes 2 seconds to perform the test whether 1 sec works. +# +# Instead, just use the default 2s on platforms that have 1s resolution, +# accept the extra 1s delay when using $sleep in the Automake tests, in +# exchange for not incurring the 2s delay for running the test for all +# packages. +# +am_try_resolutions= +if test "$am_cv_sleep_fractional_seconds" = yes; then + # Even a millisecond often causes a bunch of false positives, + # so just try a hundredth of a second. The time saved between .001 and + # .01 is not terribly consequential. + am_try_resolutions="0.01 0.1 $am_try_resolutions" +fi + +# In order to catch current-generation FAT out, we must *modify* files +# that already exist; the *creation* timestamp is finer. Use names +# that make ls -t sort them differently when they have equal +# timestamps than when they have distinct timestamps, keeping +# in mind that ls -t prints the *newest* file first. +rm -f conftest.ts? +: > conftest.ts1 +: > conftest.ts2 +: > conftest.ts3 + +# Make sure ls -t actually works. Do 'set' in a subshell so we don't +# clobber the current shell's arguments. (Outer-level square brackets +# are removed by m4; they're present so that m4 does not expand +# ; be careful, easy to get confused.) +if ( + set X `[ls -t conftest.ts[12]]` && + { + test "$[]*" != "X conftest.ts1 conftest.ts2" || + test "$[]*" != "X conftest.ts2 conftest.ts1"; + } +); then :; else + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + _AS_ECHO_UNQUOTED( + ["Bad output from ls -t: \"`[ls -t conftest.ts[12]]`\""], + [AS_MESSAGE_LOG_FD]) + AC_MSG_FAILURE([ls -t produces unexpected output. +Make sure there is not a broken ls alias in your environment.]) +fi + +for am_try_res in $am_try_resolutions; do + # Any one fine-grained sleep might happen to cross the boundary + # between two values of a coarser actual resolution, but if we do + # two fine-grained sleeps in a row, at least one of them will fall + # entirely within a coarse interval. + echo alpha > conftest.ts1 + sleep $am_try_res + echo beta > conftest.ts2 + sleep $am_try_res + echo gamma > conftest.ts3 + + # We assume that 'ls -t' will make use of high-resolution + # timestamps if the operating system supports them at all. + if (set X `ls -t conftest.ts?` && + test "$[]2" = conftest.ts3 && + test "$[]3" = conftest.ts2 && + test "$[]4" = conftest.ts1); then + # + # Ok, ls -t worked. If we're at a resolution of 1 second, we're done, + # because we don't need to test make. + make_ok=true + if test $am_try_res != 1; then + # But if we've succeeded so far with a subsecond resolution, we + # have one more thing to check: make. It can happen that + # everything else supports the subsecond mtimes, but make doesn't; + # notably on macOS, which ships make 3.81 from 2006 (the last one + # released under GPLv2). https://bugs.gnu.org/68808 + # + # We test $MAKE if it is defined in the environment, else "make". + # It might get overridden later, but our hope is that in practice + # it does not matter: it is the system "make" which is (by far) + # the most likely to be broken, whereas if the user overrides it, + # probably they did so with a better, or at least not worse, make. + # https://lists.gnu.org/archive/html/automake/2024-06/msg00051.html + # + # Create a Makefile (real tab character here): + rm -f conftest.mk + echo 'conftest.ts1: conftest.ts2' >conftest.mk + echo ' touch conftest.ts2' >>conftest.mk + # + # Now, running + # touch conftest.ts1; touch conftest.ts2; make + # should touch ts1 because ts2 is newer. This could happen by luck, + # but most often, it will fail if make's support is insufficient. So + # test for several consecutive successes. + # + # (We reuse conftest.ts[12] because we still want to modify existing + # files, not create new ones, per above.) + n=0 + make=${MAKE-make} + until test $n -eq 3; do + echo one > conftest.ts1 + sleep $am_try_res + echo two > conftest.ts2 # ts2 should now be newer than ts1 + if $make -f conftest.mk | grep 'up to date' >/dev/null; then + make_ok=false + break # out of $n loop + fi + n=`expr $n + 1` + done + fi + # + if $make_ok; then + # Everything we know to check worked out, so call this resolution good. + am_cv_filesystem_timestamp_resolution=$am_try_res + break # out of $am_try_res loop + fi + # Otherwise, we'll go on to check the next resolution. + fi +done +rm -f conftest.ts? +# (end _am_filesystem_timestamp_resolution) +])]) + # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], -[AC_MSG_CHECKING([whether build environment is sane]) +[AC_REQUIRE([_AM_FILESYSTEM_TIMESTAMP_RESOLUTION]) +# This check should not be cached, as it may vary across builds of +# different projects. +AC_MSG_CHECKING([whether build environment is sane]) # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -1673,49 +1817,40 @@ # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). -if ( - am_has_slept=no - for am_try in 1 2; do - echo "timestamp, slept: $am_has_slept" > conftest.file - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$[*]" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - if test "$[*]" != "X $srcdir/configure conftest.file" \ - && test "$[*]" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken - alias in your environment]) - fi - if test "$[2]" = conftest.file || test $am_try -eq 2; then - break - fi - # Just in case. - sleep 1 - am_has_slept=yes - done - test "$[2]" = conftest.file - ) -then - # Ok. - : -else - AC_MSG_ERROR([newly created file is older than distributed files! +am_build_env_is_sane=no +am_has_slept=no +rm -f conftest.file +for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[]*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + test "$[]2" = conftest.file + ); then + am_build_env_is_sane=yes + break + fi + # Just in case. + sleep "$am_cv_filesystem_timestamp_resolution" + am_has_slept=yes +done + +AC_MSG_RESULT([$am_build_env_is_sane]) +if test "$am_build_env_is_sane" = no; then + AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi -AC_MSG_RESULT([yes]) + # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= -if grep 'slept: no' conftest.file >/dev/null 2>&1; then - ( sleep 1 ) & +AS_IF([test -e conftest.file || grep 'slept: no' conftest.file >/dev/null 2>&1],, [dnl + ( sleep "$am_cv_filesystem_timestamp_resolution" ) & am_sleep_pid=$! -fi +]) AC_CONFIG_COMMANDS_PRE( [AC_MSG_CHECKING([that generated files are newer than configure]) if test -n "$am_sleep_pid"; then @@ -1726,18 +1861,18 @@ rm -f conftest.file ]) -# Copyright (C) 2009-2021 Free Software Foundation, Inc. +# Copyright (C) 2009-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# AM_SILENT_RULES([DEFAULT]) -# -------------------------- -# Enable less verbose build rules; with the default set to DEFAULT -# ("yes" being less verbose, "no" or empty being verbose). -AC_DEFUN([AM_SILENT_RULES], -[AC_ARG_ENABLE([silent-rules], [dnl +# _AM_SILENT_RULES +# ---------------- +# Enable less verbose build rules support. +AC_DEFUN([_AM_SILENT_RULES], +[AM_DEFAULT_VERBOSITY=1 +AC_ARG_ENABLE([silent-rules], [dnl AS_HELP_STRING( [--enable-silent-rules], [less verbose build output (undo: "make V=1")]) @@ -1745,11 +1880,6 @@ [--disable-silent-rules], [verbose build output (undo: "make V=0")])dnl ]) -case $enable_silent_rules in @%:@ ((( - yes) AM_DEFAULT_VERBOSITY=0;; - no) AM_DEFAULT_VERBOSITY=1;; - *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; -esac dnl dnl A few 'make' implementations (e.g., NonStop OS and NextStep) dnl do not support nested variable expansions. @@ -1768,14 +1898,6 @@ else am_cv_make_support_nested_variables=no fi]) -if test $am_cv_make_support_nested_variables = yes; then - dnl Using '$V' instead of '$(V)' breaks IRIX make. - AM_V='$(V)' - AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' -else - AM_V=$AM_DEFAULT_VERBOSITY - AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY -fi AC_SUBST([AM_V])dnl AM_SUBST_NOTMAKE([AM_V])dnl AC_SUBST([AM_DEFAULT_V])dnl @@ -1784,9 +1906,33 @@ AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl +dnl Delay evaluation of AM_DEFAULT_VERBOSITY to the end to allow multiple calls +dnl to AM_SILENT_RULES to change the default value. +AC_CONFIG_COMMANDS_PRE([dnl +case $enable_silent_rules in @%:@ ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; +esac +if test $am_cv_make_support_nested_variables = yes; then + dnl Using '$V' instead of '$(V)' breaks IRIX make. + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +])dnl ]) -# Copyright (C) 2001-2021 Free Software Foundation, Inc. +# AM_SILENT_RULES([DEFAULT]) +# -------------------------- +# Set the default verbosity level to DEFAULT ("yes" being less verbose, "no" or +# empty being verbose). +AC_DEFUN([AM_SILENT_RULES], +[AC_REQUIRE([_AM_SILENT_RULES]) +AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1])]) + +# Copyright (C) 2001-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1814,7 +1960,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2021 Free Software Foundation, Inc. +# Copyright (C) 2006-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1833,7 +1979,7 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2021 Free Software Foundation, Inc. +# Copyright (C) 2004-2024 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1879,15 +2025,19 @@ am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) - if test $am_uid -le $am_max_uid; then - AC_MSG_RESULT([yes]) + if test x$am_uid = xunknown; then + AC_MSG_WARN([ancient id detected; assuming current UID is ok, but dist-ustar might not work]) + elif test $am_uid -le $am_max_uid; then + AC_MSG_RESULT([yes]) else - AC_MSG_RESULT([no]) - _am_tools=none + AC_MSG_RESULT([no]) + _am_tools=none fi AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) - if test $am_gid -le $am_max_gid; then - AC_MSG_RESULT([yes]) + if test x$gm_gid = xunknown; then + AC_MSG_WARN([ancient id detected; assuming current GID is ok, but dist-ustar might not work]) + elif test $am_gid -le $am_max_gid; then + AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none @@ -1964,6 +2114,26 @@ AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +# Copyright (C) 2022-2024 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_XARGS_N +# ---------------- +# Check whether 'xargs -n' works. It should work everywhere, so the fallback +# is not optimized at all as we never expect to use it. +AC_DEFUN([_AM_PROG_XARGS_N], +[AC_CACHE_CHECK([xargs -n works], am_cv_xargs_n_works, [dnl +AS_IF([test "`echo 1 2 3 | xargs -n2 echo`" = "1 2 +3"], [am_cv_xargs_n_works=yes], [am_cv_xargs_n_works=no])]) +AS_IF([test "$am_cv_xargs_n_works" = yes], [am__xargs_n='xargs -n'], [dnl + am__xargs_n='am__xargs_n () { shift; sed "s/ /\\n/g" | while read am__xargs_n_arg; do "$@" "$am__xargs_n_arg"; done; }' +])dnl +AC_SUBST(am__xargs_n) +]) + m4_include([m4/ax_check_compile_flag.m4]) m4_include([m4/ax_check_link_flag.m4]) m4_include([m4/ax_check_openssl.m4]) diff -Nru bind9-9.18.33/ar-lib bind9-9.18.41/ar-lib --- bind9-9.18.33/ar-lib 2025-01-20 13:40:37.936376535 +0000 +++ bind9-9.18.41/ar-lib 2025-10-18 10:21:42.666292149 +0000 @@ -2,9 +2,9 @@ # Wrapper for Microsoft lib.exe me=ar-lib -scriptversion=2019-07-04.01; # UTC +scriptversion=2024-06-19.01; # UTC -# Copyright (C) 2010-2021 Free Software Foundation, Inc. +# Copyright (C) 2010-2024 Free Software Foundation, Inc. # Written by Peter Rosin . # # This program is free software; you can redistribute it and/or modify @@ -105,11 +105,15 @@ Usage: $me [--help] [--version] PROGRAM ACTION ARCHIVE [MEMBER...] Members may be specified in a file named with @FILE. + +Report bugs to . +GNU Automake home page: . +General help using GNU software: . EOF exit $? ;; -v | --v*) - echo "$me, version $scriptversion" + echo "$me (GNU Automake) $scriptversion" exit $? ;; esac @@ -135,6 +139,10 @@ AR="$AR $1" shift ;; + -nologo | -NOLOGO) + # We always invoke AR with -nologo, so don't need to add it again. + shift + ;; *) action=$1 shift diff -Nru bind9-9.18.33/bin/Makefile.in bind9-9.18.41/bin/Makefile.in --- bind9-9.18.33/bin/Makefile.in 2025-01-20 13:40:38.036378110 +0000 +++ bind9-9.18.41/bin/Makefile.in 2025-10-18 10:21:42.763294658 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -69,6 +69,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -344,8 +346,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -624,8 +628,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -730,3 +734,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/check/Makefile.in bind9-9.18.41/bin/check/Makefile.in --- bind9-9.18.33/bin/check/Makefile.in 2025-01-20 13:40:38.063378536 +0000 +++ bind9-9.18.41/bin/check/Makefile.in 2025-10-18 10:21:42.793295434 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -365,8 +367,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -553,27 +557,20 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files + cd "$(DESTDIR)$(bindir)" && $(am__rm_f) $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(bin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(bin_PROGRAMS:$(EXEEXT)=) clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + -$(am__rm_f) $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libcheck-tool.la: $(libcheck_tool_la_OBJECTS) $(libcheck_tool_la_DEPENDENCIES) $(EXTRA_libcheck_tool_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libcheck_tool_la_OBJECTS) $(libcheck_tool_la_LIBADD) $(LIBS) @@ -598,7 +595,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -750,8 +747,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -762,7 +759,7 @@ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/check-tool.Plo + -rm -f ./$(DEPDIR)/check-tool.Plo -rm -f ./$(DEPDIR)/named-checkconf.Po -rm -f ./$(DEPDIR)/named-checkzone.Po -rm -f Makefile @@ -815,7 +812,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/check-tool.Plo + -rm -f ./$(DEPDIR)/check-tool.Plo -rm -f ./$(DEPDIR)/named-checkconf.Po -rm -f ./$(DEPDIR)/named-checkzone.Po -rm -f Makefile @@ -877,3 +874,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/confgen/Makefile.in bind9-9.18.41/bin/confgen/Makefile.in --- bind9-9.18.33/bin/confgen/Makefile.in 2025-01-20 13:40:38.088378930 +0000 +++ bind9-9.18.41/bin/confgen/Makefile.in 2025-10-18 10:21:42.820296132 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -362,8 +364,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -552,27 +556,20 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files + cd "$(DESTDIR)$(sbindir)" && $(am__rm_f) $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(sbin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(sbin_PROGRAMS:$(EXEEXT)=) clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + -$(am__rm_f) $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libconfgen.la: $(libconfgen_la_OBJECTS) $(libconfgen_la_DEPENDENCIES) $(EXTRA_libconfgen_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libconfgen_la_OBJECTS) $(libconfgen_la_LIBADD) $(LIBS) @@ -599,7 +596,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -751,8 +748,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -763,7 +760,7 @@ clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/keygen.Plo + -rm -f ./$(DEPDIR)/keygen.Plo -rm -f ./$(DEPDIR)/os.Plo -rm -f ./$(DEPDIR)/rndc-confgen.Po -rm -f ./$(DEPDIR)/tsig-keygen.Po @@ -818,7 +815,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/keygen.Plo + -rm -f ./$(DEPDIR)/keygen.Plo -rm -f ./$(DEPDIR)/os.Plo -rm -f ./$(DEPDIR)/rndc-confgen.Po -rm -f ./$(DEPDIR)/tsig-keygen.Po @@ -882,3 +879,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/delv/Makefile.in bind9-9.18.41/bin/delv/Makefile.in --- bind9-9.18.33/bin/delv/Makefile.in 2025-01-20 13:40:38.111379292 +0000 +++ bind9-9.18.41/bin/delv/Makefile.in 2025-10-18 10:21:42.845296779 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -349,8 +351,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -540,16 +544,11 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files + cd "$(DESTDIR)$(bindir)" && $(am__rm_f) $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(bin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(bin_PROGRAMS:$(EXEEXT)=) delv$(EXEEXT): $(delv_OBJECTS) $(delv_DEPENDENCIES) $(EXTRA_delv_DEPENDENCIES) @rm -f delv$(EXEEXT) @@ -565,7 +564,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -717,8 +716,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -728,7 +727,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/delv.Po + -rm -f ./$(DEPDIR)/delv.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -778,7 +777,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/delv.Po + -rm -f ./$(DEPDIR)/delv.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -828,3 +827,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/delv/delv.c bind9-9.18.41/bin/delv/delv.c --- bind9-9.18.33/bin/delv/delv.c 2025-01-20 13:39:30.928351096 +0000 +++ bind9-9.18.41/bin/delv/delv.c 2025-10-18 10:21:02.792251792 +0000 @@ -358,7 +358,7 @@ if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { strlcat(buf, "negative response", sizeof(buf)); - strlcat(buf, (yaml ? "_" : ", "), sizeof(buf)); + strlcat(buf, yaml ? "_" : ", ", sizeof(buf)); } switch (rdataset->trust) { diff -Nru bind9-9.18.33/bin/dig/Makefile.in bind9-9.18.41/bin/dig/Makefile.in --- bind9-9.18.33/bin/dig/Makefile.in 2025-01-20 13:40:38.139379733 +0000 +++ bind9-9.18.41/bin/dig/Makefile.in 2025-10-18 10:21:42.876297580 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -376,8 +378,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -566,27 +570,20 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files + cd "$(DESTDIR)$(bindir)" && $(am__rm_f) $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(bin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(bin_PROGRAMS:$(EXEEXT)=) clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + -$(am__rm_f) $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libdighost.la: $(libdighost_la_OBJECTS) $(libdighost_la_DEPENDENCIES) $(EXTRA_libdighost_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libdighost_la_OBJECTS) $(libdighost_la_LIBADD) $(LIBS) @@ -616,7 +613,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -782,8 +779,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -794,7 +791,7 @@ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/dig.Po + -rm -f ./$(DEPDIR)/dig.Po -rm -f ./$(DEPDIR)/dighost.Plo -rm -f ./$(DEPDIR)/host.Po -rm -f ./$(DEPDIR)/nslookup-nslookup.Po @@ -847,7 +844,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/dig.Po + -rm -f ./$(DEPDIR)/dig.Po -rm -f ./$(DEPDIR)/dighost.Plo -rm -f ./$(DEPDIR)/host.Po -rm -f ./$(DEPDIR)/nslookup-nslookup.Po @@ -901,3 +898,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/dig/dig.c bind9-9.18.41/bin/dig/dig.c --- bind9-9.18.33/bin/dig/dig.c 2025-01-20 13:39:30.929351113 +0000 +++ bind9-9.18.41/bin/dig/dig.c 2025-10-18 10:21:02.793251819 +0000 @@ -196,6 +196,9 @@ " +[no]cmd (Control display of " "command line -\n" " global option)\n" + " +[no]coflag (Set compact denial of " + "existence ok flag)\n" + " in query)\n" " +[no]comments (Control display of " "packet " "header\n" @@ -213,7 +216,8 @@ " +[no]dnssec (Request DNSSEC records)\n" " +domain=### (Set default domainname)\n" " +[no]edns[=###] (Set EDNS version) [0]\n" - " +ednsflags=### (Set EDNS flag bits)\n" + " +ednsflags=### (Set undefined EDNS flag " + "bits)\n" " +[no]ednsnegotiation (Set EDNS version " "negotiation)\n" " +ednsopt=###[:value] (Send specified EDNS " @@ -229,12 +233,14 @@ " +[no]https[=###] (DNS-over-HTTPS mode) " "[/]\n" " +[no]https-get (Use GET instead of " - "default POST method while using HTTPS)\n" - " +[no]http-plain[=###] (DNS over plain HTTP " - "mode) " - "[/]\n" - " +[no]http-plain-get (Use GET instead of " - "default POST method while using plain HTTP)\n" + "default POST method\n" + " while using HTTPS)\n" + " +[no]http-plain[=###] (DNS over plain HTTP " + "mode) [/]\n" + " +[no]http-plain-get (Use GET instead of " + "default POST " + "method\n" + " while using plain HTTP)\n" " +[no]identify (ID responders in short " "answers)\n" #ifdef HAVE_LIBIDN2 @@ -263,7 +269,8 @@ " +padding=### (Set padding block size " "[0])\n" " +qid=### (Specify the query ID to " - "use when sending queries)\n" + "use when sending\n" + " queries)\n" " +[no]qr (Print question before " "sending)\n" " +[no]question (Control display of " @@ -300,16 +307,19 @@ " +timeout=### (Set query timeout) [5]\n" " +[no]tls (DNS-over-TLS mode)\n" " +[no]tls-ca[=file] (Enable remote server's " - "TLS certificate validation)\n" + "TLS certificate\n" + " validation)\n" " +[no]tls-hostname=hostname (Explicitly set " - "the expected TLS hostname)\n" + "the expected TLS\n" + " hostname)\n" " +[no]tls-certfile=file (Load client TLS " - "certificate chain from file)\n" + "certificate chain from\n" + " file)\n" " +[no]tls-keyfile=file (Load client TLS " "private key from file)\n" " +[no]trace (Trace delegation down " - "from root " - "[+dnssec])\n" + "from root [implies\n" + " +dnssec])\n" " +tries=### (Set number of UDP " "attempts) [3]\n" " +[no]ttlid (Control display of ttls " @@ -1285,6 +1295,11 @@ break; case 'o': /* comments */ switch (cmd[2]) { + case 'f': + case '\0': /* +co is a synonym for +coflag */ + FULLCHECK("coflag"); + lookup->coflag = state; + break; case 'm': FULLCHECK("comments"); lookup->comments = state; @@ -2403,7 +2418,7 @@ printgreeting(argc, argv, *lookup); *firstarg = false; } - ISC_LIST_APPEND(lookup_list, (*lookup), link); + ISC_LIST_APPEND(lookup_list, *lookup, link); debug("looking up %s", (*lookup)->textname); } return value_from_next; diff -Nru bind9-9.18.33/bin/dig/dig.rst bind9-9.18.41/bin/dig/dig.rst --- bind9-9.18.33/bin/dig/dig.rst 2025-01-20 13:39:30.929351113 +0000 +++ bind9-9.18.41/bin/dig/dig.rst 2025-10-18 10:21:02.793251819 +0000 @@ -298,6 +298,13 @@ always has a global effect; it cannot be set globally and then overridden on a per-lookup basis. The default is to print this comment. +.. option:: +coflag, +co, +nocoflag, +noco + + This option sets [or does not set] the CO (Compact denial of + existence Ok) EDNS bit in the query. If set, it tells servers + that Compact Denial of Existence responses are acceptable when + replying to queries. The default is ``+nocoflag``. + .. option:: +comments, +nocomments This option toggles the display of some comment lines in the output, with @@ -363,7 +370,7 @@ This option sets the must-be-zero EDNS flags bits (Z bits) to the specified value. Decimal, hex, and octal encodings are accepted. Setting a named flag - (e.g., DO) is silently ignored. By default, no Z bits are set. + (e.g. DO, CO) is silently ignored. By default, no Z bits are set. .. option:: +ednsnegotiation, +noednsnegotiation diff -Nru bind9-9.18.33/bin/dig/dighost.c bind9-9.18.41/bin/dig/dighost.c --- bind9-9.18.33/bin/dig/dighost.c 2025-01-20 13:39:30.930351131 +0000 +++ bind9-9.18.41/bin/dig/dighost.c 2025-10-18 10:21:02.794251845 +0000 @@ -789,6 +789,7 @@ looknew->aaonly = lookold->aaonly; looknew->adflag = lookold->adflag; looknew->cdflag = lookold->cdflag; + looknew->coflag = lookold->coflag; looknew->raflag = lookold->raflag; looknew->tcflag = lookold->tcflag; looknew->print_unknown_format = lookold->print_unknown_format; @@ -2655,10 +2656,13 @@ } flags = lookup->ednsflags; - flags &= ~DNS_MESSAGEEXTFLAG_DO; + flags &= ~(DNS_MESSAGEEXTFLAG_DO | DNS_MESSAGEEXTFLAG_CO); if (lookup->dnssec) { flags |= DNS_MESSAGEEXTFLAG_DO; } + if (lookup->coflag) { + flags |= DNS_MESSAGEEXTFLAG_CO; + } add_opt(lookup->sendmsg, lookup->udpsize, lookup->edns, flags, opts, i); } diff -Nru bind9-9.18.33/bin/dig/dighost.h bind9-9.18.41/bin/dig/dighost.h --- bind9-9.18.33/bin/dig/dighost.h 2025-01-20 13:39:30.930351131 +0000 +++ bind9-9.18.41/bin/dig/dighost.h 2025-10-18 10:21:02.794251845 +0000 @@ -105,11 +105,10 @@ struct dig_lookup { unsigned int magic; isc_refcount_t references; - bool aaonly, adflag, badcookie, besteffort, cdflag, cleared, comments, - dns64prefix, dnssec, doing_xfr, done_as_is, ednsneg, expandaaaa, - expire, fuzzing, header_only, identify, /*%< Append an "on - server " message - */ + bool aaonly, adflag, badcookie, besteffort, cdflag, cleared, coflag, + comments, dns64prefix, dnssec, doing_xfr, done_as_is, ednsneg, + expandaaaa, expire, fuzzing, header_only, + identify, /*%< Append an "on server " message */ identify_previous_line, /*% Prepend a "Nameserver :" message, with newline and tab */ idnin, idnout, ignore, multiline, need_search, new_search, diff -Nru bind9-9.18.33/bin/dnssec/Makefile.in bind9-9.18.41/bin/dnssec/Makefile.in --- bind9-9.18.33/bin/dnssec/Makefile.in 2025-01-20 13:40:38.170380222 +0000 +++ bind9-9.18.41/bin/dnssec/Makefile.in 2025-10-18 10:21:42.911298486 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -412,8 +414,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -606,27 +610,20 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files + cd "$(DESTDIR)$(bindir)" && $(am__rm_f) $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(bin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(bin_PROGRAMS:$(EXEEXT)=) clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + -$(am__rm_f) $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libdnssectool.la: $(libdnssectool_la_OBJECTS) $(libdnssectool_la_DEPENDENCIES) $(EXTRA_libdnssectool_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libdnssectool_la_OBJECTS) $(libdnssectool_la_LIBADD) $(LIBS) @@ -686,7 +683,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -852,8 +849,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -864,7 +861,7 @@ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/dnssec-cds.Po + -rm -f ./$(DEPDIR)/dnssec-cds.Po -rm -f ./$(DEPDIR)/dnssec-dsfromkey.Po -rm -f ./$(DEPDIR)/dnssec-importkey.Po -rm -f ./$(DEPDIR)/dnssec-keyfromlabel.Po @@ -923,7 +920,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/dnssec-cds.Po + -rm -f ./$(DEPDIR)/dnssec-cds.Po -rm -f ./$(DEPDIR)/dnssec-dsfromkey.Po -rm -f ./$(DEPDIR)/dnssec-importkey.Po -rm -f ./$(DEPDIR)/dnssec-keyfromlabel.Po @@ -983,3 +980,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/dnssec/dnssec-dsfromkey.c bind9-9.18.41/bin/dnssec/dnssec-dsfromkey.c --- bind9-9.18.33/bin/dnssec/dnssec-dsfromkey.c 2025-01-20 13:39:30.931351148 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-dsfromkey.c 2025-10-18 10:21:02.795251872 +0000 @@ -318,6 +318,11 @@ n = sizeof(dtype) / sizeof(dtype[0]); for (i = 0; i < n; i++) { + if (dtype[i] == DNS_DSDIGEST_SHA1) { + fprintf(stderr, + "WARNING: DS digest type %u is deprecated\n", + i); + } if (dtype[i] != 0) { emit(dtype[i], showall, cds, rdata); } @@ -336,10 +341,10 @@ fprintf(stderr, " %s [-h|-V]\n\n", program); fprintf(stderr, "Version: %s\n", PACKAGE_VERSION); fprintf(stderr, "Options:\n" - " -1: digest algorithm SHA-1\n" + " -1: digest algorithm SHA-1 (deprecated)\n" " -2: digest algorithm SHA-256\n" - " -a algorithm: digest algorithm (SHA-1, SHA-256 or " - "SHA-384)\n" + " -a algorithm: digest algorithm (SHA-1 " + "(deprecated), SHA-256 or SHA-384)\n" " -A: include all keys in DS set, not just KSKs (-f " "only)\n" " -c class: rdata class for DS set (default IN) (-f " diff -Nru bind9-9.18.33/bin/dnssec/dnssec-dsfromkey.rst bind9-9.18.41/bin/dnssec/dnssec-dsfromkey.rst --- bind9-9.18.33/bin/dnssec/dnssec-dsfromkey.rst 2025-01-20 13:39:30.931351148 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-dsfromkey.rst 2025-10-18 10:21:02.795251872 +0000 @@ -32,30 +32,34 @@ Description ~~~~~~~~~~~ -The :program:`dnssec-dsfromkey` command outputs DS (Delegation Signer) resource records -(RRs), or CDS (Child DS) RRs with the :option:`-C` option. +The :program:`dnssec-dsfromkey` command outputs DS (Delegation +Signer) resource records (RRs), or CDS (Child DS) RRs with the +:option:`-C` option. By default, only KSKs are converted (keys with flags = 257). The -:option:`-A` option includes ZSKs (flags = 256). Revoked keys are never -included. +:option:`-A` option includes ZSKs (flags = 256). Revoked keys are +never included. The input keys can be specified in a number of ways: -By default, :program:`dnssec-dsfromkey` reads a key file named in the format -``Knnnn.+aaa+iiiii.key``, as generated by :iscman:`dnssec-keygen`. +By default, :program:`dnssec-dsfromkey` reads a key file named in +the format ``Knnnn.+aaa+iiiii.key``, as generated by +:iscman:`dnssec-keygen`. + +With the :option:`-f file <-f>` option, :program:`dnssec-dsfromkey` +reads keys from a zone file or partial zone file (which can contain +just the DNSKEY records). -With the :option:`-f file <-f>` option, :program:`dnssec-dsfromkey` reads keys from a zone -file or partial zone file (which can contain just the DNSKEY records). - -With the :option:`-s` option, :program:`dnssec-dsfromkey` reads a ``keyset-`` file, -as generated by :iscman:`dnssec-keygen` :option:`-C`. +With the :option:`-s` option, :program:`dnssec-dsfromkey` reads a +``keyset-`` file, as generated by :iscman:`dnssec-keygen` :option:`-C`. Options ~~~~~~~ .. option:: -1 - This option is an abbreviation for :option:`-a SHA1 <-a>`. + This option is an abbreviation for :option:`-a SHA1 <-a>`. This + digest is deprecated. .. option:: -2 @@ -63,24 +67,26 @@ .. option:: -a algorithm - This option specifies a digest algorithm to use when converting DNSKEY records to - DS records. This option can be repeated, so that multiple DS records - are created for each DNSKEY record. - - The algorithm must be one of SHA-1, SHA-256, or SHA-384. These values - are case-insensitive, and the hyphen may be omitted. If no algorithm - is specified, the default is SHA-256. + This option specifies a digest algorithm to use when converting + DNSKEY records to DS records. This option can be repeated, so + that multiple DS records are created for each DNSKEY record. + + The algorithm must be one of SHA-1 (deprecated), SHA-256, or + SHA-384. These values are case-insensitive, and the hyphen may + be omitted. If no algorithm is specified, the default is SHA-256. .. option:: -A - This option indicates that ZSKs are to be included when generating DS records. Without this option, only - keys which have the KSK flag set are converted to DS records and - printed. This option is only useful in :option:`-f` zone file mode. + This option indicates that ZSKs are to be included when generating + DS records. Without this option, only keys which have the KSK + flag set are converted to DS records and printed. This option + is only useful in :option:`-f` zone file mode. .. option:: -c class - This option specifies the DNS class; the default is IN. This option is only useful in :option:`-s` keyset - or :option:`-f` zone file mode. + This option specifies the DNS class; the default is IN. This + option is only useful in :option:`-s` keyset or :option:`-f` + zone file mode. .. option:: -C @@ -88,10 +94,10 @@ .. option:: -f file - This option sets zone file mode, in which the final dnsname argument of :program:`dnssec-dsfromkey` is the - DNS domain name of a zone whose master file can be read from - ``file``. If the zone name is the same as ``file``, then it may be - omitted. + This option sets zone file mode, in which the final dnsname + argument of :program:`dnssec-dsfromkey` is the DNS domain name + of a zone whose master file can be read from ``file``. If the + zone name is the same as ``file``, then it may be omitted. If ``file`` is ``-``, then the zone data is read from the standard input. This makes it possible to use the output of the :iscman:`dig` @@ -105,16 +111,19 @@ .. option:: -K directory - This option tells BIND 9 to look for key files or ``keyset-`` files in ``directory``. + This option tells BIND 9 to look for key files or ``keyset-`` + files in ``directory``. .. option:: -s - This option enables keyset mode, in which the final dnsname argument from :program:`dnssec-dsfromkey` is the DNS - domain name used to locate a ``keyset-`` file. + This option enables keyset mode, in which the final dnsname + argument from :program:`dnssec-dsfromkey` is the DNS domain name + used to locate a ``keyset-`` file. .. option:: -T TTL - This option specifies the TTL of the DS records. By default the TTL is omitted. + This option specifies the TTL of the DS records. By default the + TTL is omitted. .. option:: -v level diff -Nru bind9-9.18.33/bin/dnssec/dnssec-keyfromlabel.c bind9-9.18.41/bin/dnssec/dnssec-keyfromlabel.c --- bind9-9.18.33/bin/dnssec/dnssec-keyfromlabel.c 2025-01-20 13:39:30.931351148 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-keyfromlabel.c 2025-10-18 10:21:02.796251899 +0000 @@ -57,8 +57,8 @@ fprintf(stderr, " name: owner of the key\n"); fprintf(stderr, "Other options:\n"); fprintf(stderr, " -a algorithm: \n" - " DH | RSASHA1 |\n" - " NSEC3RSASHA1 |\n" + " RSASHA1 (deprecated) |\n" + " NSEC3RSASHA1 (deprecated) |\n" " RSASHA256 | RSASHA512 |\n" " ECDSAP256SHA256 | ECDSAP384SHA384 |\n" " ED25519 | ED448\n"); @@ -563,7 +563,7 @@ { flags |= DNS_KEYOWNER_ENTITY; } else if (strcasecmp(nametype, "user") == 0) { - flags |= DNS_KEYOWNER_USER; + /* no owner flags */ } else { fatal("invalid KEY nametype %s", nametype); } @@ -571,6 +571,21 @@ fatal("invalid DNSKEY nametype %s", nametype); } + switch (alg) { + case DST_ALG_RSASHA1: + case DST_ALG_NSEC3RSASHA1: { + char algstr[DNS_SECALG_FORMATSIZE]; + dns_secalg_format(alg, algstr, sizeof(algstr)); + fprintf(stderr, + "WARNING: DNSKEY algorithm '%s' is deprecated. Please " + "migrate to another algorithm\n", + algstr); + break; + } + default: + break; + } + rdclass = strtoclass(classname); if (directory == NULL) { @@ -592,19 +607,6 @@ fatal("invalid DNSKEY protocol: %d", protocol); } - if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { - if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0) { - fatal("specified null key with signing authority"); - } - } - - if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE && - alg == DNS_KEYALG_DH) - { - fatal("a key with algorithm '%s' cannot be a zone key", - algname); - } - isc_buffer_init(&buf, filename, sizeof(filename) - 1); /* associate the key */ diff -Nru bind9-9.18.33/bin/dnssec/dnssec-keyfromlabel.rst bind9-9.18.41/bin/dnssec/dnssec-keyfromlabel.rst --- bind9-9.18.33/bin/dnssec/dnssec-keyfromlabel.rst 2025-01-20 13:39:30.932351166 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-keyfromlabel.rst 2025-10-18 10:21:02.796251899 +0000 @@ -41,27 +41,31 @@ .. option:: -a algorithm - This option selects the cryptographic algorithm. The value of ``algorithm`` must - be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, - ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. - - These values are case-insensitive. In some cases, abbreviations are - supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for - ECDSAP384SHA384. If RSASHA1 is specified along with the :option:`-3` - option, then NSEC3RSASHA1 is used instead. + This option selects the cryptographic algorithm. The value of + ``algorithm`` must be one of RSASHA1 (deprecated), NSEC3RSASHA1 + (deprecated), RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, + ED25519, or ED448. + + These values are case-insensitive. In some cases, abbreviations + are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 + for ECDSAP384SHA384. If RSASHA1 (deprecated) is specified along + with the :option:`-3` option, then NSEC3RSASHA1 (deprecated) is + used instead. - This option is mandatory except when using the - :option:`-S` option, which copies the algorithm from the predecessory key. + This option is mandatory except when using the :option:`-S` + option, which copies the algorithm from the predecessory key. .. versionchanged:: 9.12.0 - The default value RSASHA1 for newly generated keys was removed. + The default value RSASHA1 (deprecated) for newly generated + keys was removed. .. option:: -3 - This option uses an NSEC3-capable algorithm to generate a DNSSEC key. If this - option is used with an algorithm that has both NSEC and NSEC3 - versions, then the NSEC3 version is used; for example, - ``dnssec-keygen -3a RSASHA1`` specifies the NSEC3RSASHA1 algorithm. + This option uses an NSEC3-capable algorithm to generate a DNSSEC + key. If this option is used with an algorithm that has both NSEC + and NSEC3 versions, then the NSEC3 version is used; for example, + ``dnssec-keygen -3a RSASHA1`` specifies the NSEC3RSASHA1 + (deprecated) algorithm. .. option:: -E engine diff -Nru bind9-9.18.33/bin/dnssec/dnssec-keygen.c bind9-9.18.41/bin/dnssec/dnssec-keygen.c --- bind9-9.18.33/bin/dnssec/dnssec-keygen.c 2025-01-20 13:39:30.932351166 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-keygen.c 2025-10-18 10:21:02.796251899 +0000 @@ -141,14 +141,17 @@ fprintf(stderr, " -l : configuration file with dnssec-policy " "statement\n"); fprintf(stderr, " -a :\n"); - fprintf(stderr, " RSASHA1 | NSEC3RSASHA1 |\n"); + fprintf(stderr, + " RSASHA1 (deprecated) | NSEC3RSASHA1 (deprecated) |\n"); fprintf(stderr, " RSASHA256 | RSASHA512 |\n"); fprintf(stderr, " ECDSAP256SHA256 | ECDSAP384SHA384 |\n"); fprintf(stderr, " ED25519 | ED448 | DH\n"); fprintf(stderr, " -3: use NSEC3-capable algorithm\n"); fprintf(stderr, " -b :\n"); - fprintf(stderr, " RSASHA1:\t[1024..%d]\n", MAX_RSA); - fprintf(stderr, " NSEC3RSASHA1:\t[1024..%d]\n", MAX_RSA); + fprintf(stderr, " RSASHA1 (deprecated) :\t[1024..%d]\n", + MAX_RSA); + fprintf(stderr, " NSEC3RSASHA1 (deprecated) :\t[1024..%d]\n", + MAX_RSA); fprintf(stderr, " RSASHA256:\t[1024..%d]\n", MAX_RSA); fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA); fprintf(stderr, " DH:\t\t[128..4096]\n"); @@ -179,7 +182,7 @@ "(default: AUTHCONF)\n"); fprintf(stderr, " -h: print usage and exit\n"); fprintf(stderr, " -m :\n"); - fprintf(stderr, " usage | trace | record | size | mctx\n"); + fprintf(stderr, " usage | trace | record\n"); fprintf(stderr, " -v : set verbosity level (0 - 10)\n"); fprintf(stderr, " -V: print version information\n"); fprintf(stderr, "Timing options:\n"); @@ -453,10 +456,10 @@ fatal("-S and -G cannot be used together"); } - ret = dst_key_fromnamedfile( - ctx->predecessor, ctx->directory, - (DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_STATE), - mctx, &prevkey); + ret = dst_key_fromnamedfile(ctx->predecessor, ctx->directory, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | + DST_TYPE_STATE, + mctx, &prevkey); if (ret != ISC_R_SUCCESS) { fatal("Invalid keyfile %s: %s", ctx->predecessor, isc_result_totext(ret)); @@ -522,21 +525,34 @@ } switch (ctx->alg) { - case DNS_KEYALG_RSASHA1: - case DNS_KEYALG_NSEC3RSASHA1: - case DNS_KEYALG_RSASHA256: + case DST_ALG_RSASHA1: + case DST_ALG_NSEC3RSASHA1: + dns_secalg_format(ctx->alg, algstr, sizeof(algstr)); + fprintf(stderr, + "WARNING: DNSKEY algorithm '%s' is deprecated. Please " + "migrate to another algorithm\n", + algstr); + break; + default: + break; + } + + switch (ctx->alg) { + case DST_ALG_RSASHA1: + case DST_ALG_NSEC3RSASHA1: + case DST_ALG_RSASHA256: if (ctx->size != 0 && (ctx->size < 1024 || ctx->size > MAX_RSA)) { fatal("RSA key size %d out of range", ctx->size); } break; - case DNS_KEYALG_RSASHA512: + case DST_ALG_RSASHA512: if (ctx->size != 0 && (ctx->size < 1024 || ctx->size > MAX_RSA)) { fatal("RSA key size %d out of range", ctx->size); } break; - case DNS_KEYALG_DH: + case DST_ALG_DH: if (ctx->size != 0 && (ctx->size < 128 || ctx->size > 4096)) { fatal("DH key size %d out of range", ctx->size); } @@ -572,7 +588,7 @@ { flags |= DNS_KEYOWNER_ENTITY; } else if (strcasecmp(ctx->nametype, "user") == 0) { - flags |= DNS_KEYOWNER_USER; + /* no owner flags */ } else { fatal("invalid KEY nametype %s", ctx->nametype); } @@ -603,9 +619,6 @@ if (ctx->size > 0) { fatal("specified null key with non-zero size"); } - if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0) { - fatal("specified null key with signing authority"); - } } if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE && @@ -634,7 +647,9 @@ break; } - if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { + if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY && + (ctx->options & DST_TYPE_KEY) != 0) + { null_key = true; } diff -Nru bind9-9.18.33/bin/dnssec/dnssec-keygen.rst bind9-9.18.41/bin/dnssec/dnssec-keygen.rst --- bind9-9.18.33/bin/dnssec/dnssec-keygen.rst 2025-01-20 13:39:30.932351166 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-keygen.rst 2025-10-18 10:21:02.796251899 +0000 @@ -38,23 +38,26 @@ .. option:: -3 - This option uses an NSEC3-capable algorithm to generate a DNSSEC key. If this - option is used with an algorithm that has both NSEC and NSEC3 - versions, then the NSEC3 version is selected; for example, - ``dnssec-keygen -3 -a RSASHA1`` specifies the NSEC3RSASHA1 algorithm. + This option uses an NSEC3-capable algorithm to generate a DNSSEC + key. If this option is used with an algorithm that has both NSEC + and NSEC3 versions, then the NSEC3 version is selected; for + example, ``dnssec-keygen -3 -a RSASHA1`` specifies the NSEC3RSASHA1 + (deprecated) algorithm. .. option:: -a algorithm - This option selects the cryptographic algorithm. For DNSSEC keys, the value of - ``algorithm`` must be one of RSASHA1, NSEC3RSASHA1, RSASHA256, - RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. For - TKEY, the value must be DH (Diffie-Hellman); specifying this value - automatically sets the :option:`-T KEY <-T>` option as well. - - These values are case-insensitive. In some cases, abbreviations are - supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for - ECDSAP384SHA384. If RSASHA1 is specified along with the :option:`-3` - option, NSEC3RSASHA1 is used instead. + This option selects the cryptographic algorithm. For DNSSEC keys, + the value of ``algorithm`` must be one of RSASHA1 (deprecated), + NSEC3RSASHA1 deprecated), RSASHA256, RSASHA512, ECDSAP256SHA256, + ECDSAP384SHA384, ED25519, or ED448. For TKEY, the value must be + DH (Diffie-Hellman); specifying this value automatically sets + the :option:`-T KEY <-T>` option as well. + + These values are case-insensitive. In some cases, abbreviations + are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 + for ECDSAP384SHA384. If RSASHA1 (deprecated) is specified along + with the :option:`-3` option, NSEC3RSASHA1 (deprecated) is used + instead. This parameter *must* be specified except when using the :option:`-S` option, which copies the algorithm from the predecessor key. diff -Nru bind9-9.18.33/bin/dnssec/dnssec-signzone.c bind9-9.18.41/bin/dnssec/dnssec-signzone.c --- bind9-9.18.33/bin/dnssec/dnssec-signzone.c 2025-01-20 13:39:30.933351183 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-signzone.c 2025-10-18 10:21:02.797251926 +0000 @@ -3200,6 +3200,8 @@ } static void +print_time(FILE *fp) ISC_ATTR_NONNULL(1); +static void print_time(FILE *fp) { time_t currenttime = time(NULL); struct tm t, *tm = localtime_r(¤ttime, &t); @@ -3216,6 +3218,8 @@ } static void +print_version(FILE *fp) ISC_ATTR_NONNULL(1); +static void print_version(FILE *fp) { if (outputformat != dns_masterformat_text) { return; @@ -4021,6 +4025,7 @@ fatal("failed to open temporary output file: %s", isc_result_totext(result)); } + INSIST(outfp != NULL); removefile = true; setfatalcallback(&removetempfile); } diff -Nru bind9-9.18.33/bin/dnssec/dnssec-signzone.rst bind9-9.18.41/bin/dnssec/dnssec-signzone.rst --- bind9-9.18.33/bin/dnssec/dnssec-signzone.rst 2025-01-20 13:39:30.933351183 +0000 +++ bind9-9.18.41/bin/dnssec/dnssec-signzone.rst 2025-10-18 10:21:02.797251926 +0000 @@ -165,6 +165,11 @@ days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they are replaced. + Note that the calculation of cycle interval is based upon the validity + period of the replacement signatures that would be generated by + ``dnssec-signzone``, not on the valid lifetimes of the input RRSIGs being + considered for pre-expiry replacement. + .. option:: -I input-format This option sets the format of the input zone file. Possible formats are @@ -260,7 +265,7 @@ with cached copies of the old DNSKEY RRset. The :option:`-Q` option forces :program:`dnssec-signzone` to remove signatures from keys that are no longer active. This enables ZSK rollover using the procedure described in - :rfc:`6781#4.1.1.1` ("Pre-Publish Key Rollover"). + :rfc:`6781#section-4.1.1.1` ("Pre-Publish Zone Signing Key Rollover"). .. option:: -q @@ -277,7 +282,7 @@ This option is similar to :option:`-Q`, except it forces :program:`dnssec-signzone` to remove signatures from keys that are no longer published. This enables ZSK rollover using the procedure described in - :rfc:`6781#4.1.1.2` ("Double Signature Zone Signing Key + :rfc:`6781#section-4.1.1.2` ("Double Signature Zone Signing Key Rollover"). .. option:: -S diff -Nru bind9-9.18.33/bin/named/Makefile.in bind9-9.18.41/bin/named/Makefile.in --- bind9-9.18.33/bin/named/Makefile.in 2025-01-20 13:40:38.197380647 +0000 +++ bind9-9.18.41/bin/named/Makefile.in 2025-10-18 10:21:42.941299262 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -405,8 +407,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -615,16 +619,11 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files + cd "$(DESTDIR)$(sbindir)" && $(am__rm_f) $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(sbin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(sbin_PROGRAMS:$(EXEEXT)=) named$(EXEEXT): $(named_OBJECTS) $(named_DEPENDENCIES) $(EXTRA_named_DEPENDENCIES) @rm -f named$(EXEEXT) @@ -657,7 +656,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -810,23 +809,23 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + -$(am__rm_f) $(CLEANFILES) distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) + -$(am__rm_f) $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/builtin.Po + -rm -f ./$(DEPDIR)/builtin.Po -rm -f ./$(DEPDIR)/config.Po -rm -f ./$(DEPDIR)/control.Po -rm -f ./$(DEPDIR)/controlconf.Po @@ -893,7 +892,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/builtin.Po + -rm -f ./$(DEPDIR)/builtin.Po -rm -f ./$(DEPDIR)/config.Po -rm -f ./$(DEPDIR)/control.Po -rm -f ./$(DEPDIR)/controlconf.Po @@ -968,3 +967,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/named/config.c bind9-9.18.41/bin/named/config.c --- bind9-9.18.33/bin/named/config.c 2025-01-20 13:39:30.934351201 +0000 +++ bind9-9.18.41/bin/named/config.c 2025-10-18 10:21:02.799251979 +0000 @@ -69,7 +69,7 @@ #endif /* if defined(HAVE_GEOIP2) */ "\ heartbeat-interval 60;\n\ - interface-interval 60;\n\ + interface-interval 60m;\n\ # keep-response-order {none;};\n\ listen-on {any;};\n\ listen-on-v6 {any;};\n\ diff -Nru bind9-9.18.33/bin/named/dlz_dlopen_driver.c bind9-9.18.41/bin/named/dlz_dlopen_driver.c --- bind9-9.18.33/bin/named/dlz_dlopen_driver.c 2025-01-20 13:39:30.935351219 +0000 +++ bind9-9.18.41/bin/named/dlz_dlopen_driver.c 2025-10-18 10:21:02.799251979 +0000 @@ -224,6 +224,7 @@ } isc_mem_create(&mctx); + isc_mem_setname(mctx, "dlz"); cd = isc_mem_get(mctx, sizeof(*cd)); memset(cd, 0, sizeof(*cd)); @@ -269,13 +270,13 @@ cd->dlz_allowzonexfr = (dlz_dlopen_allowzonexfr_t *)dl_load_symbol( cd, "dlz_allowzonexfr", false); cd->dlz_allnodes = (dlz_dlopen_allnodes_t *)dl_load_symbol( - cd, "dlz_allnodes", (cd->dlz_allowzonexfr != NULL)); + cd, "dlz_allnodes", cd->dlz_allowzonexfr != NULL); cd->dlz_authority = (dlz_dlopen_authority_t *)dl_load_symbol( cd, "dlz_authority", false); cd->dlz_newversion = (dlz_dlopen_newversion_t *)dl_load_symbol( cd, "dlz_newversion", false); cd->dlz_closeversion = (dlz_dlopen_closeversion_t *)dl_load_symbol( - cd, "dlz_closeversion", (cd->dlz_newversion != NULL)); + cd, "dlz_closeversion", cd->dlz_newversion != NULL); cd->dlz_configure = (dlz_dlopen_configure_t *)dl_load_symbol( cd, "dlz_configure", false); cd->dlz_ssumatch = (dlz_dlopen_ssumatch_t *)dl_load_symbol( diff -Nru bind9-9.18.33/bin/named/main.c bind9-9.18.41/bin/named/main.c --- bind9-9.18.33/bin/named/main.c 2025-01-20 13:39:30.937351254 +0000 +++ bind9-9.18.41/bin/named/main.c 2025-10-18 10:21:02.802252059 +0000 @@ -125,6 +125,7 @@ /* * -T options: */ +static bool cookiealwaysvalid = false; static bool dropedns = false; static bool ednsformerr = false; static bool ednsnotimp = false; @@ -318,7 +319,7 @@ " [-S sockets] [-t chrootdir] [-u " "username] [-U listeners]\n" " [-X lockfile] [-m " - "{usage|trace|record|size|mctx}]\n" + "{usage|trace|record}]\n" " [-M fill|nofill]\n" "usage: named [-v|-V|-C]\n"); } @@ -644,6 +645,7 @@ printf("threads support is enabled\n"); isc_mem_create(&mctx); + isc_mem_setname(mctx, "main"); result = dst_lib_init(mctx, named_g_engine); if (result == ISC_R_SUCCESS) { isc_buffer_init(&b, buf, sizeof(buf)); @@ -723,7 +725,9 @@ * force the server to behave (or misbehave) in * specified ways for testing purposes. */ - if (!strcmp(option, "dropedns")) { + if (!strcmp(option, "cookiealwaysvalid")) { + cookiealwaysvalid = true; + } else if (!strcmp(option, "dropedns")) { dropedns = true; } else if (!strcmp(option, "ednsformerr")) { ednsformerr = true; @@ -1344,6 +1348,9 @@ /* * Modify server context according to command line options */ + if (cookiealwaysvalid) { + ns_server_setoption(sctx, NS_SERVER_COOKIEALWAYSVALID, true); + } if (disable4) { ns_server_setoption(sctx, NS_SERVER_DISABLE4, true); } diff -Nru bind9-9.18.33/bin/named/named.rst bind9-9.18.41/bin/named/named.rst --- bind9-9.18.33/bin/named/named.rst 2025-01-20 13:39:30.937351254 +0000 +++ bind9-9.18.41/bin/named/named.rst 2025-10-18 10:21:02.802252059 +0000 @@ -111,7 +111,7 @@ .. option:: -m flag This option turns on memory usage debugging flags. Possible flags are ``usage``, - ``trace``, ``record``, ``size``, and ``mctx``. These correspond to the + ``trace`` and ``record``. These correspond to the ``ISC_MEM_DEBUGXXXX`` flags described in ````. .. option:: -n #cpus diff -Nru bind9-9.18.33/bin/named/server.c bind9-9.18.41/bin/named/server.c --- bind9-9.18.33/bin/named/server.c 2025-01-20 13:39:30.939351289 +0000 +++ bind9-9.18.41/bin/named/server.c 2025-10-18 10:21:02.803252086 +0000 @@ -155,12 +155,6 @@ #define SIZE_AS_PERCENT ((size_t)-2) #endif /* ifndef SIZE_AS_PERCENT */ -#ifdef TUNE_LARGE -#define RESOLVER_NTASKS_PERCPU 32 -#else -#define RESOLVER_NTASKS_PERCPU 8 -#endif /* TUNE_LARGE */ - /* RFC7828 defines timeout as 16-bit value specified in units of 100 * milliseconds, so the maximum and minimum advertised and keepalive * timeouts are capped by the data type (it's ~109 minutes) @@ -383,10 +377,11 @@ "255.255.255.255.IN-ADDR.ARPA", /* BROADCAST */ /* Local IPv6 Unicast Addresses */ - "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6." - "ARPA", - "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6." - "ARPA", + /* clang-format off */ + "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", + "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", + /* clang-format on */ + /* LOCALLY ASSIGNED LOCAL ADDRESS SCOPE */ "D.F.IP6.ARPA", "8.E.F.IP6.ARPA", /* LINK LOCAL */ "9.E.F.IP6.ARPA", /* LINK LOCAL */ @@ -507,6 +502,104 @@ nzf_append(dns_view_t *view, const cfg_obj_t *zconfig); #endif /* ifdef HAVE_LMDB */ +static const uint32_t primes[] = { + 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, + 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, + 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, + 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, + 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, + 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, + 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997, + 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 1051, 1061, 1063, 1069, + 1087, 1091, 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, + 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, 1229, 1231, 1237, 1249, + 1259, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, + 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, 1427, 1429, 1433, 1439, + 1447, 1451, 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, + 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, 1579, 1583, 1597, 1601, + 1607, 1609, 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, + 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, 1753, 1759, 1777, 1783, + 1787, 1789, 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, + 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, 1951, 1973, 1979, 1987, + 1993, 1997, 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, + 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, 2131, 2137, 2141, 2143, + 2153, 2161, 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, + 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, 2333, 2339, 2341, 2347, + 2351, 2357, 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, + 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, 2521, 2531, 2539, 2543, + 2549, 2551, 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, + 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, 2699, 2707, 2711, 2713, + 2719, 2729, 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, + 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, 2879, 2887, 2897, 2903, + 2909, 2917, 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, + 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, 3083, 3089, 3109, 3119, + 3121, 3137, 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, + 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, 3307, 3313, 3319, 3323, + 3329, 3331, 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, + 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, 3499, 3511, 3517, 3527, + 3529, 3533, 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, + 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, 3673, 3677, 3691, 3697, + 3701, 3709, 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, + 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, 3877, 3881, 3889, 3907, + 3911, 3917, 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, + 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, 4073, 4079, 4091, 4093, + 4099, 4111, 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, + 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, 4261, 4271, 4273, 4283, + 4289, 4297, 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, + 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, 4483, 4493, 4507, 4513, + 4517, 4519, 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, + 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, 4679, 4691, 4703, 4721, + 4723, 4729, 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, + 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, 4919, 4931, 4933, 4937, + 4943, 4951, 4957, 4967, 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, + 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, 5099, 5101, 5107, 5113, + 5119, 5147, 5153, 5167, 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, + 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, 5323, 5333, 5347, 5351, + 5381, 5387, 5393, 5399, 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, + 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, 5519, 5521, 5527, 5531, + 5557, 5563, 5569, 5573, 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, + 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, 5717, 5737, 5741, 5743, + 5749, 5779, 5783, 5791, 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, + 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, 5903, 5923, 5927, 5939, + 5953, 5981, 5987, 6007, 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, + 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, 6143, 6151, 6163, 6173, + 6197, 6199, 6203, 6211, 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, + 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, 6337, 6343, 6353, 6359, + 6361, 6367, 6373, 6379, 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, + 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, 6569, 6571, 6577, 6581, + 6599, 6607, 6619, 6637, 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, + 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, 6781, 6791, 6793, 6803, + 6823, 6827, 6829, 6833, 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, + 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, 6977, 6983, 6991, 6997, + 7001, 7013, 7019, 7027, 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, + 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, 7211, 7213, 7219, 7229, + 7237, 7243, 7247, 7253, 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, + 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, 7459, 7477, 7481, 7487, + 7489, 7499, 7507, 7517, 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, + 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, 7639, 7643, 7649, 7669, + 7673, 7681, 7687, 7691, 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, + 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, 7867, 7873, 7877, 7879, + 7883, 7901, 7907, 7919, +}; + +static uint32_t +closest_prime(uint32_t n) { + for (size_t i = 0; i < ARRAY_SIZE(primes); i++) { + if (primes[i] >= n) { + return primes[i]; + } + } + + return primes[ARRAY_SIZE(primes) - 1]; +} + /*% * Configure a single view ACL at '*aclp'. Get its configuration from * 'vconfig' (for per-view configuration) and maybe from 'config' @@ -4225,7 +4318,7 @@ named_cache_t *nsc; bool zero_no_soattl; dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL; - unsigned int query_timeout, ndisp; + unsigned int query_timeout, ndisp, ntasks; bool old_rpz_ok = false; dns_dyndbctx_t *dctx = NULL; unsigned int resolver_param; @@ -4861,12 +4954,10 @@ /* * Resolver. */ - CHECK(get_view_querysource_dispatch( - maps, AF_INET, &dispatch4, - (ISC_LIST_PREV(view, link) == NULL))); - CHECK(get_view_querysource_dispatch( - maps, AF_INET6, &dispatch6, - (ISC_LIST_PREV(view, link) == NULL))); + CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4, + ISC_LIST_PREV(view, link) == NULL)); + CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6, + ISC_LIST_PREV(view, link) == NULL)); if (dispatch4 == NULL && dispatch6 == NULL) { UNEXPECTED_ERROR("unable to obtain either an IPv4 or" " an IPv6 dispatch"); @@ -4884,11 +4975,12 @@ } dns_view_setresquerystats(view, resquerystats); + ntasks = closest_prime(2 * named_g_cpus); ndisp = 4 * ISC_MIN(named_g_udpdisp, MAX_UDP_DISPATCH); - CHECK(dns_view_createresolver( - view, named_g_taskmgr, RESOLVER_NTASKS_PERCPU * named_g_cpus, - ndisp, named_g_netmgr, named_g_timermgr, resopts, - named_g_dispatchmgr, dispatch4, dispatch6)); + CHECK(dns_view_createresolver(view, named_g_taskmgr, ntasks, ndisp, + named_g_netmgr, named_g_timermgr, resopts, + named_g_dispatchmgr, dispatch4, + dispatch6)); /* * Set the ADB cache size to 1/8th of the max-cache-size or @@ -9267,6 +9359,13 @@ server->interface_interval = interface_interval; /* + * FreeBSD workaround: Trigger the interface rescan immediately + * otherwise the server will start listening only after + * 'interface-interval' first tick, possibly never. + */ + (void)ns_interfacemgr_scan(server->interfacemgr, false, false); + + /* * Enable automatic interface scans. */ obj = NULL; @@ -10844,7 +10943,7 @@ } } else { result = dns_viewlist_findzone(&server->viewlist, name, - (classtxt == NULL), + classtxt == NULL, rdclass, zonep); if (result == ISC_R_NOTFOUND) { snprintf(problem, sizeof(problem), @@ -12548,9 +12647,8 @@ reload_status = atomic_load(&server->reload_status); if (reload_status != NAMED_RELOAD_DONE) { snprintf(line, sizeof(line), "reload/reconfig %s\n", - (reload_status == NAMED_RELOAD_FAILED - ? "failed" - : "in progress")); + reload_status == NAMED_RELOAD_FAILED ? "failed" + : "in progress"); CHECK(putstr(text, line)); } diff -Nru bind9-9.18.33/bin/named/zoneconf.c bind9-9.18.41/bin/named/zoneconf.c --- bind9-9.18.33/bin/named/zoneconf.c 2025-01-20 13:39:30.941351324 +0000 +++ bind9-9.18.41/bin/named/zoneconf.c 2025-10-18 10:21:02.805252139 +0000 @@ -1302,30 +1302,28 @@ obj = NULL; result = named_config_get(maps, "parental-source", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - - CHECK(dns_zone_setparentalsrc4(zone, cfg_obj_assockaddr(obj))); + dns_zone_setparentalsrc4(zone, cfg_obj_assockaddr(obj)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = named_config_get(maps, "parental-source-v6", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - - CHECK(dns_zone_setparentalsrc6(zone, cfg_obj_assockaddr(obj))); + dns_zone_setparentalsrc6(zone, cfg_obj_assockaddr(obj)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = named_config_get(maps, "notify-source", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - CHECK(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj))); + dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = named_config_get(maps, "notify-source-v6", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - CHECK(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj))); + dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); @@ -1956,29 +1954,26 @@ obj = NULL; result = named_config_get(maps, "transfer-source", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - CHECK(dns_zone_setxfrsource4(mayberaw, - cfg_obj_assockaddr(obj))); + dns_zone_setxfrsource4(mayberaw, cfg_obj_assockaddr(obj)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = named_config_get(maps, "transfer-source-v6", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - CHECK(dns_zone_setxfrsource6(mayberaw, - cfg_obj_assockaddr(obj))); + dns_zone_setxfrsource6(mayberaw, cfg_obj_assockaddr(obj)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = named_config_get(maps, "alt-transfer-source", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - CHECK(dns_zone_setaltxfrsource4(mayberaw, - cfg_obj_assockaddr(obj))); + dns_zone_setaltxfrsource4(mayberaw, cfg_obj_assockaddr(obj)); + obj = NULL; result = named_config_get(maps, "alt-transfer-source-v6", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - CHECK(dns_zone_setaltxfrsource6(mayberaw, - cfg_obj_assockaddr(obj))); + dns_zone_setaltxfrsource6(mayberaw, cfg_obj_assockaddr(obj)); obj = NULL; (void)named_config_get(maps, "use-alt-transfer-source", &obj); if (obj == NULL) { diff -Nru bind9-9.18.33/bin/nsupdate/Makefile.in bind9-9.18.41/bin/nsupdate/Makefile.in --- bind9-9.18.33/bin/nsupdate/Makefile.in 2025-01-20 13:40:38.221381025 +0000 +++ bind9-9.18.41/bin/nsupdate/Makefile.in 2025-10-18 10:21:42.969299986 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -356,8 +358,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -544,16 +548,11 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files + cd "$(DESTDIR)$(bindir)" && $(am__rm_f) $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(bin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(bin_PROGRAMS:$(EXEEXT)=) nsupdate$(EXEEXT): $(nsupdate_OBJECTS) $(nsupdate_DEPENDENCIES) $(EXTRA_nsupdate_DEPENDENCIES) @rm -f nsupdate$(EXEEXT) @@ -569,7 +568,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -721,8 +720,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -732,7 +731,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/nsupdate.Po + -rm -f ./$(DEPDIR)/nsupdate.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -782,7 +781,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/nsupdate.Po + -rm -f ./$(DEPDIR)/nsupdate.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -832,3 +831,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/plugins/Makefile.in bind9-9.18.41/bin/plugins/Makefile.in --- bind9-9.18.33/bin/plugins/Makefile.in 2025-01-20 13:40:38.244381388 +0000 +++ bind9-9.18.41/bin/plugins/Makefile.in 2025-10-18 10:21:42.997300710 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -140,10 +142,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(pkglibdir)" LTLIBRARIES = $(pkglib_LTLIBRARIES) @@ -380,8 +381,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -553,15 +556,13 @@ done clean-pkglibLTLIBRARIES: - -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES) + -$(am__rm_f) $(pkglib_LTLIBRARIES) @list='$(pkglib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} filter-a.la: $(filter_a_la_OBJECTS) $(filter_a_la_DEPENDENCIES) $(EXTRA_filter_a_la_DEPENDENCIES) $(AM_V_CCLD)$(filter_a_la_LINK) -rpath $(pkglibdir) $(filter_a_la_OBJECTS) $(filter_a_la_LIBADD) $(LIBS) @@ -580,7 +581,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -732,8 +733,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -744,7 +745,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/filter-a.Plo + -rm -f ./$(DEPDIR)/filter-a.Plo -rm -f ./$(DEPDIR)/filter-aaaa.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ @@ -795,7 +796,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/filter-a.Plo + -rm -f ./$(DEPDIR)/filter-a.Plo -rm -f ./$(DEPDIR)/filter-aaaa.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -847,3 +848,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/rndc/Makefile.in bind9-9.18.41/bin/rndc/Makefile.in --- bind9-9.18.33/bin/rndc/Makefile.in 2025-01-20 13:40:38.268381766 +0000 +++ bind9-9.18.41/bin/rndc/Makefile.in 2025-10-18 10:21:43.024301408 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -349,8 +351,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -544,16 +548,11 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files + cd "$(DESTDIR)$(sbindir)" && $(am__rm_f) $$files clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(sbin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(sbin_PROGRAMS:$(EXEEXT)=) rndc$(EXEEXT): $(rndc_OBJECTS) $(rndc_DEPENDENCIES) $(EXTRA_rndc_DEPENDENCIES) @rm -f rndc$(EXEEXT) @@ -570,7 +569,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -722,8 +721,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -734,7 +733,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/rndc.Po + -rm -f ./$(DEPDIR)/rndc.Po -rm -f ./$(DEPDIR)/util.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ @@ -785,7 +784,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/rndc.Po + -rm -f ./$(DEPDIR)/rndc.Po -rm -f ./$(DEPDIR)/util.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -836,3 +835,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/tests/Makefile.in bind9-9.18.41/bin/tests/Makefile.in --- bind9-9.18.33/bin/tests/Makefile.in 2025-01-20 13:40:38.296382207 +0000 +++ bind9-9.18.41/bin/tests/Makefile.in 2025-10-18 10:21:43.055302210 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -398,8 +400,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -569,13 +573,8 @@ $(am__aclocal_m4_deps): clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(noinst_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(noinst_PROGRAMS:$(EXEEXT)=) test_client$(EXEEXT): $(test_client_OBJECTS) $(test_client_DEPENDENCIES) $(EXTRA_test_client_DEPENDENCIES) @rm -f test_client$(EXEEXT) @@ -601,7 +600,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -865,8 +864,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -877,7 +876,7 @@ mostlyclean-am distclean: distclean-recursive - -rm -f ./$(DEPDIR)/test_client-test_client.Po + -rm -f ./$(DEPDIR)/test_client-test_client.Po -rm -f ./$(DEPDIR)/test_server-test_server.Po -rm -f ./$(DEPDIR)/wire_test-wire_test.Po -rm -f Makefile @@ -929,7 +928,7 @@ installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -f ./$(DEPDIR)/test_client-test_client.Po + -rm -f ./$(DEPDIR)/test_client-test_client.Po -rm -f ./$(DEPDIR)/test_server-test_server.Po -rm -f ./$(DEPDIR)/wire_test-wire_test.Po -rm -f Makefile @@ -982,3 +981,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/tests/convert-trs-to-junit.py bind9-9.18.41/bin/tests/convert-trs-to-junit.py --- bind9-9.18.33/bin/tests/convert-trs-to-junit.py 2025-01-20 13:39:30.943351359 +0000 +++ bind9-9.18.41/bin/tests/convert-trs-to-junit.py 2025-10-18 10:21:02.807252193 +0000 @@ -28,14 +28,14 @@ items = line.split() if len(items) < 2: raise ValueError("unsupported line in trs file", filename, line) - if items[0] != (":test-result:"): + if items[0] != (":global-test-result:"): continue if result is not None: - raise NotImplementedError("double :test-result:", filename) + raise NotImplementedError("double :global-test-result:", filename) result = items[1].upper() if result is None: - raise ValueError(":test-result: not found", filename) + raise ValueError(":global-test-result: not found", filename) return result diff -Nru bind9-9.18.33/bin/tests/system/Makefile.in bind9-9.18.41/bin/tests/system/Makefile.in --- bind9-9.18.33/bin/tests/system/Makefile.in 2025-01-20 13:40:38.360383215 +0000 +++ bind9-9.18.41/bin/tests/system/Makefile.in 2025-10-18 10:21:43.128304098 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -304,10 +306,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__recheck_rx = ^[ ]*:recheck:[ ]* am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* @@ -395,6 +396,7 @@ # Default flags passed to test drivers. am__common_driver_flags = \ --color-tests "$$am__color_tests" \ + $$am__collect_skipped_logs \ --enable-hard-errors "$$am__enable_hard_errors" \ --expect-failure "$$am__expect_failure" # To be inserted before the command running the test. Creates the @@ -419,6 +421,11 @@ elif test -f "$$f"; then dir=; \ else dir="$(srcdir)/"; fi; \ tst=$$dir$$f; log='$@'; \ +if test -n '$(IGNORE_SKIPPED_LOGS)'; then \ + am__collect_skipped_logs='--collect-skipped-logs no'; \ +else \ + am__collect_skipped_logs=''; \ +fi; \ if test -n '$(DISABLE_HARD_ERRORS)'; then \ am__enable_hard_errors=no; \ else \ @@ -646,8 +653,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -978,13 +987,8 @@ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(noinst_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(noinst_PROGRAMS:$(EXEEXT)=) feature-test$(EXEEXT): $(feature_test_OBJECTS) $(feature_test_DEPENDENCIES) $(EXTRA_feature_test_DEPENDENCIES) @rm -f feature-test$(EXEEXT) @@ -995,10 +999,10 @@ $(AM_V_CCLD)$(LINK) $(makejournal_OBJECTS) $(makejournal_LDADD) $(LIBS) pipelined/$(am__dirstamp): @$(MKDIR_P) pipelined - @: > pipelined/$(am__dirstamp) + @: >>pipelined/$(am__dirstamp) pipelined/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) pipelined/$(DEPDIR) - @: > pipelined/$(DEPDIR)/$(am__dirstamp) + @: >>pipelined/$(DEPDIR)/$(am__dirstamp) pipelined/pipequeries-pipequeries.$(OBJEXT): \ pipelined/$(am__dirstamp) pipelined/$(DEPDIR)/$(am__dirstamp) @@ -1011,10 +1015,10 @@ $(AM_V_CCLD)$(LINK) $(resolve_OBJECTS) $(resolve_LDADD) $(LIBS) rndc/$(am__dirstamp): @$(MKDIR_P) rndc - @: > rndc/$(am__dirstamp) + @: >>rndc/$(am__dirstamp) rndc/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) rndc/$(DEPDIR) - @: > rndc/$(DEPDIR)/$(am__dirstamp) + @: >>rndc/$(DEPDIR)/$(am__dirstamp) rndc/gencheck.$(OBJEXT): rndc/$(am__dirstamp) \ rndc/$(DEPDIR)/$(am__dirstamp) @@ -1023,10 +1027,10 @@ $(AM_V_CCLD)$(LINK) $(rndc_gencheck_OBJECTS) $(rndc_gencheck_LDADD) $(LIBS) rpz/$(am__dirstamp): @$(MKDIR_P) rpz - @: > rpz/$(am__dirstamp) + @: >>rpz/$(am__dirstamp) rpz/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) rpz/$(DEPDIR) - @: > rpz/$(DEPDIR)/$(am__dirstamp) + @: >>rpz/$(DEPDIR)/$(am__dirstamp) rpz/dnsrps-dnsrps.$(OBJEXT): rpz/$(am__dirstamp) \ rpz/$(DEPDIR)/$(am__dirstamp) @@ -1035,10 +1039,10 @@ $(AM_V_CCLD)$(LINK) $(rpz_dnsrps_OBJECTS) $(rpz_dnsrps_LDADD) $(LIBS) tkey/$(am__dirstamp): @$(MKDIR_P) tkey - @: > tkey/$(am__dirstamp) + @: >>tkey/$(am__dirstamp) tkey/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) tkey/$(DEPDIR) - @: > tkey/$(DEPDIR)/$(am__dirstamp) + @: >>tkey/$(DEPDIR)/$(am__dirstamp) tkey/keycreate-keycreate.$(OBJEXT): tkey/$(am__dirstamp) \ tkey/$(DEPDIR)/$(am__dirstamp) @@ -1073,7 +1077,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -1324,7 +1328,6 @@ am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) am--force-recheck: @: - $(TEST_SUITE_LOG): $(TEST_LOGS) @$(am__set_TESTS_bases); \ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ @@ -1400,10 +1403,37 @@ result_count $$1 "XPASS:" $$xpass "$$red"; \ result_count $$1 "ERROR:" $$error "$$mgn"; \ }; \ + output_system_information () \ + { \ + echo; \ + { uname -a | $(AWK) '{ \ + printf "System information (uname -a):"; \ + for (i = 1; i < NF; ++i) \ + { \ + if (i != 2) \ + printf " %s", $$i; \ + } \ + printf "\n"; \ +}'; } 2>&1; \ + if test -r /etc/os-release; then \ + echo "Distribution information (/etc/os-release):"; \ + sed 8q /etc/os-release; \ + elif test -r /etc/issue; then \ + echo "Distribution information (/etc/issue):"; \ + cat /etc/issue; \ + fi; \ + }; \ + please_report () \ + { \ +echo "Some test(s) failed. Please report this to $(PACKAGE_BUGREPORT),"; \ +echo "together with the test-suite.log file (gzipped) and your system"; \ +echo "information. Thanks."; \ + }; \ { \ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ $(am__rst_title); \ create_testsuite_report --no-color; \ + output_system_information; \ echo; \ echo ".. contents:: :depth: 2"; \ echo; \ @@ -1423,26 +1453,25 @@ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ if $$success; then :; else \ - echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG) for debugging.$${std}";\ if test -n "$(PACKAGE_BUGREPORT)"; then \ - echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + please_report | sed -e "s/^/$${col}/" -e s/'$$'/"$${std}"/; \ fi; \ echo "$$col$$br$$std"; \ fi; \ $$success || exit 1 check-TESTS: - @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list - @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @$(am__rm_f) $(RECHECK_LOGS) + @$(am__rm_f) $(RECHECK_LOGS:.log=.trs) + @$(am__rm_f) $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ log_list=`for i in $$bases; do echo $$i.log; done`; \ - trs_list=`for i in $$bases; do echo $$i.trs; done`; \ - log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + log_list=`echo $$log_list`; \ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ exit $$?; recheck: all - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @$(am__rm_f) $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ bases=`for i in $$bases; do echo $$i; done \ | $(am__list_recheck_tests)` || exit 1; \ @@ -2351,23 +2380,23 @@ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: - -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) - -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) - -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + -$(am__rm_f) $(TEST_LOGS) + -$(am__rm_f) $(TEST_LOGS:.log=.trs) + -$(am__rm_f) $(TEST_SUITE_LOG) clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -rm -f pipelined/$(DEPDIR)/$(am__dirstamp) - -rm -f pipelined/$(am__dirstamp) - -rm -f rndc/$(DEPDIR)/$(am__dirstamp) - -rm -f rndc/$(am__dirstamp) - -rm -f rpz/$(DEPDIR)/$(am__dirstamp) - -rm -f rpz/$(am__dirstamp) - -rm -f tkey/$(DEPDIR)/$(am__dirstamp) - -rm -f tkey/$(am__dirstamp) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) pipelined/$(DEPDIR)/$(am__dirstamp) + -$(am__rm_f) pipelined/$(am__dirstamp) + -$(am__rm_f) rndc/$(DEPDIR)/$(am__dirstamp) + -$(am__rm_f) rndc/$(am__dirstamp) + -$(am__rm_f) rpz/$(DEPDIR)/$(am__dirstamp) + -$(am__rm_f) rpz/$(am__dirstamp) + -$(am__rm_f) tkey/$(DEPDIR)/$(am__dirstamp) + -$(am__rm_f) tkey/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -2378,7 +2407,7 @@ mostlyclean-am distclean: distclean-recursive - -rm -f ./$(DEPDIR)/feature_test-feature-test.Po + -rm -f ./$(DEPDIR)/feature_test-feature-test.Po -rm -f ./$(DEPDIR)/makejournal-makejournal.Po -rm -f ./$(DEPDIR)/resolve-resolve.Po -rm -f pipelined/$(DEPDIR)/pipequeries-pipequeries.Po @@ -2435,7 +2464,7 @@ installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -f ./$(DEPDIR)/feature_test-feature-test.Po + -rm -f ./$(DEPDIR)/feature_test-feature-test.Po -rm -f ./$(DEPDIR)/makejournal-makejournal.Po -rm -f ./$(DEPDIR)/resolve-resolve.Po -rm -f pipelined/$(DEPDIR)/pipequeries-pipequeries.Po @@ -2515,3 +2544,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/tests/system/autosign/tests_sh_autosign.py bind9-9.18.41/bin/tests/system/autosign/tests_sh_autosign.py --- bind9-9.18.33/bin/tests/system/autosign/tests_sh_autosign.py 2025-01-20 13:39:30.959351641 +0000 +++ bind9-9.18.41/bin/tests/system/autosign/tests_sh_autosign.py 2025-10-18 10:21:02.823252621 +0000 @@ -11,8 +11,6 @@ import pytest -import isctest.mark - pytestmark = pytest.mark.extra_artifacts( [ "active.key", @@ -147,6 +145,6 @@ ) -@isctest.mark.flaky(max_runs=2) +@pytest.mark.flaky(max_runs=2) def test_autosign(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/cacheclean/tests.sh bind9-9.18.41/bin/tests/system/cacheclean/tests.sh --- bind9-9.18.33/bin/tests/system/cacheclean/tests.sh 2025-01-20 13:39:30.961351676 +0000 +++ bind9-9.18.41/bin/tests/system/cacheclean/tests.sh 2025-10-18 10:21:02.826252701 +0000 @@ -239,25 +239,38 @@ if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) +run_adb_flush_test() { + ret=0 + load_cache + dump_cache + mv ns2/named_dump.db.test$n ns2/named_dump.db.test$n.a + sed -n '/plain success\/timeout/,/Unassociated entries/p' \ + ns2/named_dump.db.test$n.a >sed.out.$n.a + grep 'plain success/timeout' sed.out.$n.a >/dev/null 2>&1 || ret=1 + grep 'Unassociated entries' sed.out.$n.a >/dev/null 2>&1 || ret=1 + grep 'ns.flushtest.example' sed.out.$n.a >/dev/null 2>&1 || ret=1 + $RNDC $RNDCOPTS "$@" || ret=1 + dump_cache + mv ns2/named_dump.db.test$n ns2/named_dump.db.test$n.b + sed -n '/plain success\/timeout/,/Unassociated entries/p' \ + ns2/named_dump.db.test$n.b >sed.out.$n.b + grep 'plain success/timeout' sed.out.$n.b >/dev/null 2>&1 || ret=1 + grep 'Unassociated entries' sed.out.$n.b >/dev/null 2>&1 || ret=1 + grep 'ns.flushtest.example' sed.out.$n.b >/dev/null 2>&1 && ret=1 + return $ret +} + +n=$((n + 1)) +echo_i "check flushname clears adb correctly ($n)" +ret=0 +run_adb_flush_test flushname ns.flushtest.example || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + n=$((n + 1)) echo_i "check flushtree clears adb correctly ($n)" ret=0 -load_cache -dump_cache -mv ns2/named_dump.db.test$n ns2/named_dump.db.test$n.a -sed -n '/plain success\/timeout/,/Unassociated entries/p' \ - ns2/named_dump.db.test$n.a >sed.out.$n.a -grep 'plain success/timeout' sed.out.$n.a >/dev/null 2>&1 || ret=1 -grep 'Unassociated entries' sed.out.$n.a >/dev/null 2>&1 || ret=1 -grep 'ns.flushtest.example' sed.out.$n.a >/dev/null 2>&1 || ret=1 -$RNDC $RNDCOPTS flushtree flushtest.example || ret=1 -dump_cache -mv ns2/named_dump.db.test$n ns2/named_dump.db.test$n.b -sed -n '/plain success\/timeout/,/Unassociated entries/p' \ - ns2/named_dump.db.test$n.b >sed.out.$n.b -grep 'plain success/timeout' sed.out.$n.b >/dev/null 2>&1 || ret=1 -grep 'Unassociated entries' sed.out.$n.b >/dev/null 2>&1 || ret=1 -grep 'ns.flushtest.example' sed.out.$n.b >/dev/null 2>&1 && ret=1 +run_adb_flush_test flushtree flushtest.example || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) diff -Nru bind9-9.18.33/bin/tests/system/chain/ans3/ans.pl bind9-9.18.41/bin/tests/system/chain/ans3/ans.pl --- bind9-9.18.33/bin/tests/system/chain/ans3/ans.pl 2025-01-20 13:39:30.966351764 +0000 +++ bind9-9.18.41/bin/tests/system/chain/ans3/ans.pl 1970-01-01 00:00:00.000000000 +0000 @@ -1,143 +0,0 @@ -#!/usr/bin/env perl - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -use strict; -use warnings; - -use IO::File; -use Getopt::Long; -use Net::DNS::Nameserver; - -my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; -print $pidf "$$\n" or die "cannot write pid file: $!"; -$pidf->close or die "cannot close pid file: $!"; -sub rmpid { unlink "ans.pid"; exit 1; }; -sub term { }; - -$SIG{INT} = \&rmpid; -if ($Net::DNS::VERSION > 1.41) { - $SIG{TERM} = \&term; -} else { - $SIG{TERM} = \&rmpid; -} - -my $localaddr = "10.53.0.3"; - -my $localport = int($ENV{'PORT'}); -if (!$localport) { $localport = 5300; } - -my $verbose = 0; -my $ttl = 60; -my $zone = "example.broken"; -my $nsname = "ns3.$zone"; -my $synth = "synth-then-dname.$zone"; -my $synth2 = "synth2-then-dname.$zone"; - -sub reply_handler { - my ($qname, $qclass, $qtype, $peerhost, $query, $conn) = @_; - my ($rcode, @ans, @auth, @add); - - print ("request: $qname/$qtype\n"); - STDOUT->flush(); - - if ($qname eq "example.broken") { - if ($qtype eq "SOA") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass SOA . . 0 0 0 0 0"); - push @ans, $rr; - } elsif ($qtype eq "NS") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass NS $nsname"); - push @ans, $rr; - $rr = new Net::DNS::RR("$nsname $ttl $qclass A $localaddr"); - push @add, $rr; - } - $rcode = "NOERROR"; - } elsif ($qname eq "cname-to-$synth2") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME name.$synth2"); - push @ans, $rr; - $rr = new Net::DNS::RR("name.$synth2 $ttl $qclass CNAME name"); - push @ans, $rr; - $rr = new Net::DNS::RR("$synth2 $ttl $qclass DNAME ."); - push @ans, $rr; - $rcode = "NOERROR"; - } elsif ($qname eq "$synth" || $qname eq "$synth2") { - if ($qtype eq "DNAME") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass DNAME ."); - push @ans, $rr; - } - $rcode = "NOERROR"; - } elsif ($qname eq "name.$synth") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME name."); - push @ans, $rr; - $rr = new Net::DNS::RR("$synth $ttl $qclass DNAME ."); - push @ans, $rr; - $rcode = "NOERROR"; - } elsif ($qname eq "name.$synth2") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME name."); - push @ans, $rr; - $rr = new Net::DNS::RR("$synth2 $ttl $qclass DNAME ."); - push @ans, $rr; - $rcode = "NOERROR"; - # The following three code branches referring to the "example.dname" - # zone are necessary for the resolver variant of the CVE-2021-25215 - # regression test to work. A named instance cannot be used for - # serving the DNAME records below as a version of BIND vulnerable to - # CVE-2021-25215 would crash while answering the queries asked by - # the tested resolver. - } elsif ($qname eq "ns3.example.dname") { - if ($qtype eq "A") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass A 10.53.0.3"); - push @ans, $rr; - } - if ($qtype eq "AAAA") { - my $rr = new Net::DNS::RR("example.dname. $ttl $qclass SOA . . 0 0 0 0 $ttl"); - push @auth, $rr; - } - $rcode = "NOERROR"; - } elsif ($qname eq "self.example.self.example.dname") { - my $rr = new Net::DNS::RR("self.example.dname. $ttl $qclass DNAME dname."); - push @ans, $rr; - $rr = new Net::DNS::RR("$qname $ttl $qclass CNAME self.example.dname."); - push @ans, $rr; - $rcode = "NOERROR"; - } elsif ($qname eq "self.example.dname") { - if ($qtype eq "DNAME") { - my $rr = new Net::DNS::RR("$qname $ttl $qclass DNAME dname."); - push @ans, $rr; - } - $rcode = "NOERROR"; - } else { - $rcode = "REFUSED"; - } - return ($rcode, \@ans, \@auth, \@add, { aa => 1 }); -} - -GetOptions( - 'port=i' => \$localport, - 'verbose!' => \$verbose, -); - -my $ns = Net::DNS::Nameserver->new( - LocalAddr => $localaddr, - LocalPort => $localport, - ReplyHandler => \&reply_handler, - Verbose => $verbose, -); - -if ($Net::DNS::VERSION >= 1.42) { - $ns->start_server(); - select(undef, undef, undef, undef); - $ns->stop_server(); - unlink "ans.pid"; -} else { - $ns->main_loop; -} diff -Nru bind9-9.18.33/bin/tests/system/chain/ans3/ans.py bind9-9.18.41/bin/tests/system/chain/ans3/ans.py --- bind9-9.18.33/bin/tests/system/chain/ans3/ans.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/chain/ans3/ans.py 2025-10-18 10:21:02.831252834 +0000 @@ -0,0 +1,217 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +############################################################################ +# ans.py: See README.anspy for details. +############################################################################ + +from __future__ import print_function +import os +import sys +import signal +import socket +import select +from datetime import datetime, timedelta +import functools + +import dns, dns.message, dns.query +from dns.rdatatype import * +from dns.rdataclass import * +from dns.rcode import * +from dns.name import * + + +############################################################################ +# Respond to a DNS query. +############################################################################ +def create_response(msg): + ttl = 60 + zone = "example.broken." + nsname = f"ns3.{zone}" + synth = f"synth-then-dname.{zone}" + synth2 = f"synth2-then-dname.{zone}" + + m = dns.message.from_wire(msg) + qname = m.question[0].name.to_text() + + # prepare the response and convert to wire format + r = dns.message.make_response(m) + + # get qtype + rrtype = m.question[0].rdtype + qtype = dns.rdatatype.to_text(rrtype) + print(f"request: {qname}/{qtype}") + + rcode = "NOERROR" + if qname == zone: + if qtype == "SOA": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, SOA, ". . 0 0 0 0 0")) + elif qtype == "NS": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, NS, nsname)) + r.additional.append(dns.rrset.from_text(nsname, ttl, IN, A, ip4)) + elif qname == f"cname-to-{synth2}": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, CNAME, f"name.{synth2}")) + r.answer.append(dns.rrset.from_text(f"name.{synth2}", ttl, IN, CNAME, "name.")) + r.answer.append(dns.rrset.from_text(synth2, ttl, IN, DNAME, ".")) + elif qname == f"{synth}" or qname == f"{synth2}": + if qtype == "DNAME": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, DNAME, ".")) + elif qname == f"name.{synth}": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, CNAME, "name.")) + r.answer.append(dns.rrset.from_text(synth, ttl, IN, DNAME, ".")) + elif qname == f"name.{synth2}": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, CNAME, "name.")) + r.answer.append(dns.rrset.from_text(synth2, ttl, IN, DNAME, ".")) + elif qname == "ns3.example.dname.": + # This and the next two code branches referring to the "example.dname" + # zone are necessary for the resolver variant of the CVE-2021-25215 + # regression test to work. A named instance cannot be used for + # serving the DNAME records below as a version of BIND vulnerable to + # CVE-2021-25215 would crash while answering the queries asked by + # the tested resolver. + if qtype == "A": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, A, ip4)) + elif qtype == "AAAA": + r.authority.append( + dns.rrset.from_text("example.dname.", ttl, IN, SOA, ". . 0 0 0 0 0") + ) + elif qname == "self.example.self..example.dname.": + r.answer.append( + dns.rrset.from_text("self.example.dname.", ttl, IN, DNAME, "dname.") + ) + r.answer.append( + dns.rrset.from_text(qname, ttl, IN, CNAME, "self.example.dname.") + ) + elif qname == "self.example.dname.": + if qtype == "DNAME": + r.answer.append(dns.rrset.from_text(qname, ttl, IN, DNAME, "dname.")) + else: + rcode = "REFUSED" + + r.flags |= dns.flags.AA + r.use_edns() + return r.to_wire() + + +def sigterm(signum, frame): + print("Shutting down now...") + os.remove("ans.pid") + running = False + sys.exit(0) + + +############################################################################ +# Main +# +# Set up responder and control channel, open the pid file, and start +# the main loop, listening for queries on the query channel or commands +# on the control channel and acting on them. +############################################################################ +ip4 = "10.53.0.3" +ip6 = "fd92:7065:b8e:ffff::3" + +try: + port = int(os.environ["PORT"]) +except: + port = 5300 + +query4_udp = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +query4_udp.bind((ip4, port)) + +query4_tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +query4_tcp.bind((ip4, port)) +query4_tcp.listen(1) +query4_tcp.settimeout(1) + +havev6 = True +try: + query6_udp = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) + try: + query6_udp.bind((ip6, port)) + except: + query6_udp.close() + havev6 = False + + query6_tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + query6_tcp.bind((ip4, port)) + query6_tcp.listen(1) + query6_tcp.settimeout(1) + except: + query6_tcp.close() + havev6 = False +except: + havev6 = False + +signal.signal(signal.SIGTERM, sigterm) + +f = open("ans.pid", "w") +pid = os.getpid() +print(pid, file=f) +f.close() + +running = True + +print("Listening on %s port %d" % (ip4, port)) +if havev6: + print("Listening on %s port %d" % (ip6, port)) +print("Ctrl-c to quit") + +if havev6: + input = [query4_udp, query4_tcp, query6_udp, query6_tcp] +else: + input = [query4_udp, query4_tcp] + +while running: + try: + inputready, outputready, exceptready = select.select(input, [], []) + except select.error as e: + break + except socket.error as e: + break + except KeyboardInterrupt: + break + + for s in inputready: + if s == query4_udp or s == query6_udp: + print("Query received on %s" % (ip4 if s == query4_udp else ip6)) + # Handle incoming queries + msg = s.recvfrom(65535) + rsp = create_response(msg[0]) + if rsp: + s.sendto(rsp, msg[1]) + elif s == query4_tcp or s == query6_tcp: + try: + conn, _ = s.accept() + if s == query4_tcp or s == query6_tcp: + print( + "TCP Query received on %s" % (ip4 if s == query4_tcp else ip6), + end=" ", + ) + # get TCP message length + msg = conn.recv(2) + if len(msg) != 2: + print("couldn't read TCP message length") + continue + length = struct.unpack(">H", msg[:2])[0] + msg = conn.recv(length) + if len(msg) != length: + print("couldn't read TCP message") + continue + rsp = create_response(msg) + if rsp: + conn.send(struct.pack(">H", len(rsp))) + conn.send(rsp) + conn.close() + except socket.error as e: + print("error: %s" % str(e)) + if not running: + break diff -Nru bind9-9.18.33/bin/tests/system/chain/ans4/ans.py bind9-9.18.41/bin/tests/system/chain/ans4/ans.py --- bind9-9.18.33/bin/tests/system/chain/ans4/ans.py 2025-01-20 13:39:30.967351781 +0000 +++ bind9-9.18.41/bin/tests/system/chain/ans4/ans.py 2025-10-18 10:21:02.831252834 +0000 @@ -316,16 +316,30 @@ except: ctrlport = 5300 -query4_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) -query4_socket.bind((ip4, port)) +query4_udp = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +query4_udp.bind((ip4, port)) + +query4_tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +query4_tcp.bind((ip4, port)) +query4_tcp.listen(1) +query4_tcp.settimeout(1) havev6 = True try: - query6_socket = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) + query6_udp = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) + try: + query6_udp.bind((ip6, port)) + except: + query6_udp.close() + havev6 = False + + query6_tcp = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: - query6_socket.bind((ip6, port)) + query6_tcp.bind((ip4, port)) + query6_tcp.listen(1) + query6_tcp.settimeout(1) except: - query6_socket.close() + query6_tcp.close() havev6 = False except: havev6 = False @@ -350,9 +364,9 @@ print("Ctrl-c to quit") if havev6: - input = [query4_socket, query6_socket, ctrl_socket] + input = [query4_udp, query4_tcp, query6_udp, query6_tcp, ctrl_socket] else: - input = [query4_socket, ctrl_socket] + input = [query4_udp, query4_tcp, ctrl_socket] while running: try: @@ -375,12 +389,37 @@ break ctl_channel(msg) conn.close() - if s == query4_socket or s == query6_socket: - print("Query received on %s" % (ip4 if s == query4_socket else ip6)) + elif s == query4_udp or s == query6_udp: + print("Query received on %s" % (ip4 if s == query4_udp else ip6)) # Handle incoming queries msg = s.recvfrom(65535) rsp = create_response(msg[0]) if rsp: s.sendto(rsp, msg[1]) + elif s == query4_tcp or s == query6_tcp: + try: + conn, _ = s.accept() + if s == query4_tcp or s == query6_tcp: + print( + "TCP Query received on %s" % (ip4 if s == query4_tcp else ip6), + end=" ", + ) + # get TCP message length + msg = conn.recv(2) + if len(msg) != 2: + print("couldn't read TCP message length") + continue + length = struct.unpack(">H", msg[:2])[0] + msg = conn.recv(length) + if len(msg) != length: + print("couldn't read TCP message") + continue + rsp = create_response(msg) + if rsp: + conn.send(struct.pack(">H", len(rsp))) + conn.send(rsp) + conn.close() + except socket.error as e: + print("error: %s" % str(e)) if not running: break diff -Nru bind9-9.18.33/bin/tests/system/checkconf/kasp-deprecated.conf bind9-9.18.41/bin/tests/system/checkconf/kasp-deprecated.conf --- bind9-9.18.33/bin/tests/system/checkconf/kasp-deprecated.conf 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkconf/kasp-deprecated.conf 2025-10-18 10:21:02.855253476 +0000 @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy deprecated { + keys { + csk lifetime unlimited algorithm rsasha1; + csk lifetime unlimited algorithm nsec3rsasha1; + }; +}; diff -Nru bind9-9.18.33/bin/tests/system/checkconf/tests.sh bind9-9.18.41/bin/tests/system/checkconf/tests.sh --- bind9-9.18.33/bin/tests/system/checkconf/tests.sh 2025-01-20 13:39:30.992352221 +0000 +++ bind9-9.18.41/bin/tests/system/checkconf/tests.sh 2025-10-18 10:21:02.857253530 +0000 @@ -650,7 +650,7 @@ $CHECKCONF kasp-bad-nsec3-iter.conf >checkconf.out$n 2>&1 && ret=1 grep "dnssec-policy: nsec3 iterations value 151 out of range" /dev/null || ret=1 lines=$(wc -l <"checkconf.out$n") -if [ $lines -ne 3 ]; then ret=1; fi +if [ $lines -ne 5 ]; then ret=1; fi if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -712,6 +712,15 @@ if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) +n=$((n + 1)) +echo_i "checking named-checkconf kasp deprecated algorithms ($n)" +ret=0 +$CHECKCONF kasp-deprecated.conf >checkconf.out$n 2>&1 || ret=1 +grep "dnssec-policy: DNSSEC algorithm rsasha1 is deprecated" checkconf.out$n >/dev/null || ret=1 +grep "dnssec-policy: DNSSEC algorithm nsec3rsasha1 is deprecated" checkconf.out$n >/dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + n=$((n + 1)) echo_i "check that a good 'kasp' configuration is accepted ($n)" ret=0 diff -Nru bind9-9.18.33/bin/tests/system/checkds/tests_checkds.py bind9-9.18.41/bin/tests/system/checkds/tests_checkds.py --- bind9-9.18.33/bin/tests/system/checkds/tests_checkds.py 2025-01-20 13:39:30.995352274 +0000 +++ bind9-9.18.41/bin/tests/system/checkds/tests_checkds.py 2025-10-18 10:21:02.860253610 +0000 @@ -71,15 +71,15 @@ has_rrsig = True if not has_nsec: - print("error: missing apex NSEC record in response") + isctest.log.error("missing apex NSEC record in response") if not has_rrsig: - print("error: missing NSEC signature in response") + isctest.log.error("missing NSEC signature in response") return has_nsec and has_rrsig def do_query(server, qname, qtype, tcp=False): - msg = dns.message.make_query(qname, qtype, use_edns=True, want_dnssec=True) + msg = isctest.query.create(qname, qtype) query_func = isctest.query.tcp if tcp else isctest.query.udp response = query_func(msg, server.ip, expected_rcode=dns.rcode.NOERROR) return response @@ -101,8 +101,7 @@ verifier = isctest.run.cmd(verify_cmd) if verifier.returncode != 0: - print(f"error: dnssec-verify {zone}. failed") - sys.stderr.buffer.write(verifier.stderr) + isctest.log.error(f"dnssec-verify {zone}. failed") return verifier.returncode == 0 @@ -130,7 +129,7 @@ ), f"expected a single DS in response for {zone} from {server.ip}, got {count}" filename = f"ns9/K{zone}.+013+{keyid:05d}.state" - print(f"read state file {filename}") + isctest.log.debug(f"read state file {filename}") try: with open(filename, "r", encoding="utf-8") as file: diff -Nru bind9-9.18.33/bin/tests/system/checkzone/tests.sh bind9-9.18.41/bin/tests/system/checkzone/tests.sh --- bind9-9.18.33/bin/tests/system/checkzone/tests.sh 2025-01-20 13:39:30.997352309 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/tests.sh 2025-10-18 10:21:02.862253663 +0000 @@ -44,6 +44,10 @@ zones/bad-dns-sd-reverse.db | zones/bad-svcb-servername.db) $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db >test.out.$n 2>&1 || v=$? ;; + bad-cname-and*.db) + $CHECKZONE -i local example $db >test.out.$n 2>&1 || v=$? + grep "CNAME and other data" test.out.$n >/dev/null || ret=1 + ;; *) $CHECKZONE -i local example $db >test.out.$n 2>&1 || v=$? ;; @@ -135,28 +139,28 @@ echo_i "checking that expirations that loop using serial arithmetic are handled ($n)" ret=0 q=-q -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 -test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 +test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -203,10 +207,65 @@ echo_i "checking integer overflow is prevented in \$GENERATE ($n)" $CHECKZONE -D example.com zones/generate-overflow.db >test.out.$n 2>&1 || ret=1 lines=$(grep -c CNAME test.out.$n) -echo $lines [ "$lines" -eq 1 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) +echo_i "Checking for RSASHA1 deprecated warning ($n)" +ret=0 +$CHECKZONE example zones/warn.deprecated.rsasha1.db >test.out.$n || ret=1 +grep "deprecated DNSKEY algorithm found: 5 (RSASHA1)" test.out.$n >/dev/null || ret=1 +grep "all DNSKEY algorithms found are deprecated" test.out.$n >/dev/null || ret=1 +grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1 +n=$((n + 1)) +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "Checking for NSECRSASHA1 deprected warning ($n)" +ret=0 +$CHECKZONE example zones/warn.deprecated.nsec3rsasha1.db >test.out.$n || ret=1 +grep "deprecated DNSKEY algorithm found: 7 (NSEC3RSASHA1)" test.out.$n >/dev/null || ret=1 +grep "all DNSKEY algorithms found are deprecated" test.out.$n >/dev/null || ret=1 +grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1 +n=$((n + 1)) +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "Checking for SHA1 CDS digest warning ($n)" +ret=0 +$CHECKZONE example zones/warn.deprecated.cds-sha1.db >test.out.$n || ret=1 +grep "zone example/IN: deprecated CDS digest type 1 (SHA-1)" test.out.$n >/dev/null || ret=1 +grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1 +n=$((n + 1)) +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "Checking for SHA1 DS digest warning ($n)" +ret=0 +$CHECKZONE example zones/warn.deprecated.digest-sha1.db >test.out.$n || ret=1 +grep "zone example/IN: child.example/DS deprecated digest type 1 (SHA-1)" test.out.$n >/dev/null || ret=1 +grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1 +n=$((n + 1)) +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "Checking for RSASHA1 DS algorithm warning ($n)" +ret=0 +$CHECKZONE example zones/warn.deprecated.ds-alg.db >test.out.$n || ret=1 +grep "zone example/IN: child.example/DS deprecated algorithm 5 (RSASHA1)" test.out.$n >/dev/null || ret=1 +grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1 +n=$((n + 1)) +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "Checking for RSASHA1 KEY algorithm warning ($n)" +ret=0 +$CHECKZONE example zones/warn.deprecated.key-alg.db >test.out.$n || ret=1 +grep "zone example/IN: example/KEY deprecated algorithm 5 (RSASHA1)" test.out.$n >/dev/null || ret=1 +grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1 +n=$((n + 1)) +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-a.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-a.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-a.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-a.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad A 192.0.2.1 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-a6.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-a6.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-a6.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-a6.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A6 0 ::1 +bad WKS 10.0.0.1 tcp telnet ftp 0 1 2 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-aaaa.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-aaaa.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-aaaa.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-aaaa.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad AAAA ::1 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-afsdb.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-afsdb.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-afsdb.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-afsdb.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad BAD 65535 . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-apl.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-apl.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-apl.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-apl.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad APL +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-atma.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-atma.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-atma.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-atma.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad ATMA +61200000000 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-atmrelay.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-atmrelay.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-atmrelay.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-atmrelay.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad ATMRELAY 0 0 0 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-avc.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-avc.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-avc.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-avc.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad AVC foo:bar +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-caa.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-caa.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-caa.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-caa.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad CAA 128 tbs "Unknown" +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-cdnskey.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-cdnskey.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-cdnskey.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-cdnskey.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad CDNSKEY 512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY + 9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV + sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg + a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-cds.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-cds.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-cds.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-cds.db 2025-10-18 10:21:02.863253690 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad CDS 30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEA A3B9 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-cert.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-cert.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-cert.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-cert.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad CERT 65534 65535 254 ( + MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45I + kskceFGgiWCn/GxHhai6VAuHAoNUz4YoU1t + VfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-csync.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-csync.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-csync.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-csync.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad CSYNC 0 0 A NS AAAA +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-dhcid.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-dhcid.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-dhcid.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-dhcid.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69l OjxfNuVAA2kjEA= +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-dlv.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-dlv.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-dlv.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-dlv.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad DLV 30795 1 1 ( + 310D27F4D82C1FC2400704EA9939FE6E1CEA + A3B9 ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-dname.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-dname.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-dname.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-dname.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad DNAME @ +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-doa.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-doa.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-doa.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-doa.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad DOA 0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8= +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-eid.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-eid.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-eid.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-eid.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad EID 12 89 AB +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-eui48.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-eui48.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-eui48.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-eui48.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad EUI48 01-23-45-67-89-ab +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-eui64.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-eui64.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-eui64.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-eui64.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad EUI64 01-23-45-67-89-ab-cd-ef +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-gpos.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-gpos.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-gpos.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-gpos.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad GPOS -22.6882 116.8652 250.0 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-hinfo.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-hinfo.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-hinfo.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-hinfo.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad HINFO . . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-hip.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-hip.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-hip.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-hip.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad HIP ( 2 200100107B1A74DF365639CC39F1D578 + AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D + rvs.example.com. ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-https.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-https.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-https.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-https.db 2025-10-18 10:21:02.864253717 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad HTTPS 0 example.net. +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ipseckey.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ipseckey.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ipseckey.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ipseckey.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad IPSECKEY 10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-isdn.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-isdn.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-isdn.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-isdn.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad ISDN isdn-address +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-kx.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-kx.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-kx.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-kx.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad KX 10 kcd +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-l32.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-l32.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-l32.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-l32.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad L32 10 1.2.3.4 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-l64.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-l64.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-l64.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-l64.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad L64 10 0014:4fff:ff20:ee64 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-loc.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-loc.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-loc.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-loc.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad LOC 60 9 N 24 39 E 10 20 2000 20 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-lp.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-lp.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-lp.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-lp.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad LP 10 example.net. +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-md.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-md.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-md.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-md.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad MD madname +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-mg.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-mg.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-mg.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-mg.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad MG mgmname +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-minfo.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-minfo.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-minfo.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-minfo.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad MINFO . . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-mx.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-mx.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-mx.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-mx.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad MX 10 . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-naptr.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-naptr.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-naptr.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-naptr.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad NAPTR 0 0 "" "" "" . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nid.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nid.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nid.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nid.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad NID 10 0014:4fff:ff20:ee64 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nimloc.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nimloc.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nimloc.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nimloc.db 2025-10-18 10:21:02.865253743 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad NIMLOC 12 89 AB +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ninfo.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ninfo.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ninfo.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ninfo.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad NINFO "foo" +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ns-soa.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ns-soa.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ns-soa.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ns-soa.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +@ CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nsap-ptr.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nsap-ptr.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nsap-ptr.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nsap-ptr.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad NSAP-PTR . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nsap.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nsap.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-nsap.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-nsap.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad NSAP 0x47.0005.80.005a00.0000.0001.e133.ffffff000161.00 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-opengpgkey.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-opengpgkey.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-opengpgkey.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-opengpgkey.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad OPENGPGKEY ( AQMFD5raczCJHViKtLYhWGz8hMY + 9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV + sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg + a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ptr.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ptr.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ptr.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ptr.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad PTR . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-px.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-px.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-px.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-px.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad PX 65535 . . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-resinfo.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-resinfo.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-resinfo.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-resinfo.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad RESINFO qnamemin exterr=15,16,17 infourl=https://resolver.example.com/guide +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-rkey.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-rkey.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-rkey.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-rkey.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad RKEY 0 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY + 9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV + sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg + a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-rp.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-rp.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-rp.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-rp.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad RP . . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-rt.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-rt.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-rt.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-rt.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad RT 65535 . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-sink.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-sink.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-sink.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-sink.db 2025-10-18 10:21:02.866253770 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad SINK 8 0 2 l4ik +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-smimea.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-smimea.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-smimea.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-smimea.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad SMIMES ( 1 1 2 92003ba34942dc74152e2f2c408d29ec + a5a520e7f2e06bb944f4dca346baf63c + 1b177615d466f6c4b71c216a50292bd5 + 8c9ebdd2f74e38fe51ffd48c43326cbc ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-spf.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-spf.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-spf.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-spf.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad SPF "v=spf1 -all" +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-srv.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-srv.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-srv.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-srv.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad SRV 0 0 0 . +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-sshfp.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-sshfp.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-sshfp.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-sshfp.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad SSHFP 4 2 C76D8329954DA2835751E371544E963EFDA099080D6C58DD2BFD9A31 6E162C83 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-svcb.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-svcb.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-svcb.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-svcb.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad SVCB 0 example.net. +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ta.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ta.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-ta.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-ta.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad TA 30795 1 1 ( + 310D27F4D82C1FC2400704EA9939FE6E1CEA + A3B9 ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-talink.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-talink.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-talink.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-talink.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad TALINK . talink1 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-tlsa.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-tlsa.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-tlsa.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-tlsa.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad TLSA ( 1 1 2 92003ba34942dc74152e2f2c408d29ec + a5a520e7f2e06bb944f4dca346baf63c + 1b177615d466f6c4b71c216a50292bd5 + 8c9ebdd2f74e38fe51ffd48c43326cbc ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-txt.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-txt.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-txt.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-txt.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad TXT 10.0.0.1 tcp telnet ftp 0 1 2 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-type54.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-type54.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-type54.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-type54.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad TYPE54 \# 0 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-type66.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-type66.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-type66.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-type66.db 2025-10-18 10:21:02.867253797 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad TYPE66 \# 1 00 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-uri.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-uri.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-uri.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-uri.db 2025-10-18 10:21:02.868253824 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad URI 10 20 "https://www.isc.org/" +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-wallet.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-wallet.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-wallet.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-wallet.db 2025-10-18 10:21:02.868253824 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad WALLET currency-identifer wallet-identifier +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-wks.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-wks.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-wks.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-wks.db 2025-10-18 10:21:02.868253824 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad WKS 10.0.0.1 tcp telnet ftp 0 1 2 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-x25.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-x25.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-x25.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-x25.db 2025-10-18 10:21:02.868253824 +0000 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad X25 123456789 +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-zonemd.db bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-zonemd.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/bad-cname-and-zonemd.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/bad-cname-and-zonemd.db 2025-10-18 10:21:02.868253824 +0000 @@ -0,0 +1,21 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +bad ZONEMD 2019020700 1 1 ( + C220B8A6ED5728A971902F7E3D4FD93A + DEEA88B0453C2E8E8C863D465AB06CF3 + 4EB95B266398C98B59124FA239CB7EEB + ) +bad CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/good-cname-and-key.db bind9-9.18.41/bin/tests/system/checkzone/zones/good-cname-and-key.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/good-cname-and-key.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/good-cname-and-key.db 2025-10-18 10:21:02.871253904 +0000 @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ SOA ns hostmaster 2011012708 3600 1200 604800 1200 + NS ns +ns A 192.0.2.1 +good KEY 0 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY + 9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV + sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg + a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= ) +good CNAME @ diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.cds-sha1.db bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.cds-sha1.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.cds-sha1.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.cds-sha1.db 2025-10-18 10:21:02.872253930 +0000 @@ -0,0 +1,44 @@ +; File written on Wed Jul 2 14:27:34 2025 +; dnssec-signzone version 9.21.3-dev +example. 3600 IN SOA . . ( + 0 ; serial + 0 ; refresh (0 seconds) + 0 ; retry (0 seconds) + 0 ; expire (0 seconds) + 3600 ; minimum (1 hour) + ) + 3600 RRSIG SOA 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP + 4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd + PArExFsuaKcWgQ== ) + 3600 NS . + 3600 RRSIG NS 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb + XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w + t+AfDiT2Mak9Lg== ) + 3600 NSEC example. NS SOA RRSIG NSEC DNSKEY CDS + 3600 RRSIG NSEC 13 1 3600 ( + 20901231235959 20250702032734 46204 example. + aPkaoO9OMYZwldpUPJeqFZoGCc8XQcmQHig2 + zJmp2Qv2QGRH1faoWosYy5jwQskxtpoyE0Eh + yxEoUhHZNCKogQ== ) + 3600 DNSKEY 256 3 13 ( + Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x + joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE + 5CT4INCzzeTuZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204 + 3600 RRSIG DNSKEY 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx + 9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa + OmTOsXrBWly7ng== ) + 3600 CDS 46204 13 1 ( + 712DD9926EDF2A5E81E76D3BC5F5637BEA06 + 2E67 ) + 3600 RRSIG CDS 13 1 3600 ( + 20901231235959 20250702032734 46204 example. + nS9qKdj0dfWNe6U0ttuKSMiKMhxLq4Yo6WPT + 9j/cmjbaOdKO1DBoDxzZ7G4M34msvBcKq31L + mn8qUlrzSOfD9A== ) diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.digest-sha1.db bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.digest-sha1.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.digest-sha1.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.digest-sha1.db 2025-10-18 10:21:02.872253930 +0000 @@ -0,0 +1,51 @@ +; File written on Mon Jun 30 15:20:51 2025 +; dnssec-signzone version 9.21.3-dev +example. 3600 IN SOA . . ( + 0 ; serial + 0 ; refresh (0 seconds) + 0 ; retry (0 seconds) + 0 ; expire (0 seconds) + 3600 ; minimum (1 hour) + ) + 3600 RRSIG SOA 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP + 4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd + PArExFsuaKcWgQ== ) + 3600 NS . + 3600 RRSIG NS 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb + XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w + t+AfDiT2Mak9Lg== ) + 3600 NSEC child.example. NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + jgKjQOGLqw7JY1qsyjWZGxL/47mc9dMeZ7yB + KtrRfFCsT7mCe/lMV3u7FOwM2r9/ta8U9/j2 + YRVJGECc6/rdcg== ) + 3600 DNSKEY 256 3 13 ( + Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x + joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE + 5CT4INCzzeTuZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204 + 3600 RRSIG DNSKEY 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx + 9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa + OmTOsXrBWly7ng== ) +child.example. 3600 IN NS . + 3600 DS 30914 13 1 ( + 3FFB809FC091FDC931815B50E5DA9C00B5C1 + 454F ) + 3600 RRSIG DS 13 2 3600 ( + 20901231235959 20250630042051 46204 example. + 5Y/jx0eePoUztptSLwE9DeY2GlVNVHSr3lF4 + R8IajnK7zXs2QtoRIdmKwWZ1um1JICh59Xk7 + R/BXFAbO6FMaPA== ) + 3600 NSEC example. NS DS RRSIG NSEC + 3600 RRSIG NSEC 13 2 3600 ( + 20901231235959 20250630042051 46204 example. + A662/raRKle9b45C5douUufAne7iRtKw0u7C + gcnf3tSrJS+plT3e/jHOE5ZRttkloHSDVhYT + 7+Wv86G8MGt+3Q== ) diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.ds-alg.db bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.ds-alg.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.ds-alg.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.ds-alg.db 2025-10-18 10:21:02.872253930 +0000 @@ -0,0 +1,51 @@ +; File written on Wed Jul 2 12:22:09 2025 +; dnssec-signzone version 9.21.3-dev +example. 3600 IN SOA . . ( + 0 ; serial + 0 ; refresh (0 seconds) + 0 ; retry (0 seconds) + 0 ; expire (0 seconds) + 3600 ; minimum (1 hour) + ) + 3600 RRSIG SOA 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP + 4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd + PArExFsuaKcWgQ== ) + 3600 NS . + 3600 RRSIG NS 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb + XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w + t+AfDiT2Mak9Lg== ) + 3600 NSEC child.example. NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + jgKjQOGLqw7JY1qsyjWZGxL/47mc9dMeZ7yB + KtrRfFCsT7mCe/lMV3u7FOwM2r9/ta8U9/j2 + YRVJGECc6/rdcg== ) + 3600 DNSKEY 256 3 13 ( + Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x + joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE + 5CT4INCzzeTuZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204 + 3600 RRSIG DNSKEY 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx + 9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa + OmTOsXrBWly7ng== ) +child.example. 3600 IN NS . + 3600 DS 58246 5 2 ( + 641AFA5ACB8099E4E571585B7B9A416078FF + 79D40D1C2E85F9179E28BF08D61D ) + 3600 RRSIG DS 13 2 3600 ( + 20901231235959 20250702012209 46204 example. + g17c5sfC0OAucFLA0n9C5EfPActxuPMpHN6G + spGmkkDUaU5UosWkdcapd20Yb29NaEKvJO3Q + Qn6K53MKtWt7zQ== ) + 3600 NSEC example. NS DS RRSIG NSEC + 3600 RRSIG NSEC 13 2 3600 ( + 20901231235959 20250630042051 46204 example. + A662/raRKle9b45C5douUufAne7iRtKw0u7C + gcnf3tSrJS+plT3e/jHOE5ZRttkloHSDVhYT + 7+Wv86G8MGt+3Q== ) diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.key-alg.db bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.key-alg.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.key-alg.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.key-alg.db 2025-10-18 10:21:02.872253930 +0000 @@ -0,0 +1,53 @@ +; File written on Wed Jul 2 16:48:02 2025 +; dnssec-signzone version 9.21.3-dev +example. 3600 IN SOA . . ( + 0 ; serial + 0 ; refresh (0 seconds) + 0 ; retry (0 seconds) + 0 ; expire (0 seconds) + 3600 ; minimum (1 hour) + ) + 3600 RRSIG SOA 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP + 4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd + PArExFsuaKcWgQ== ) + 3600 NS . + 3600 RRSIG NS 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb + XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w + t+AfDiT2Mak9Lg== ) + 3600 KEY 512 3 5 ( + AwEAAZwLHbB7cjvlEt0evebAMsJtuNYXgiyt + qe3lu0RO/ChFdddyHv+O9M1zLrCnWMBSLHad + YHSXfG3BMyMAnBh7om+1pgrHCShlmMaxZ5cC + sug5buS3E8eVRVAf7Qje63owxm2iF3G9kKWY + FgfE+Ml5Uv7etHkmxqAmFb3jYuXzYWfMz1qY + rICsJnw7qcKzNphl71tDvJUYD5pDA7izhzs3 + 8tdDH8qMQgK/yNU3Q/RAOg2VRvYuwYOteCAx + 6RB/z+rtNTKNbphrPrzSsekOurLo1B+AvDct + o/orbilbQ8qdq0cknKlqdMKuYcqQ1BbBMrdV + w1fBTLDwiFwiRBjYazPqPiE= + ); alg = RSASHA1 ; key id = 13684 + 3600 RRSIG KEY 13 1 3600 ( + 20901231235959 20250702054802 46204 example. + GvfNtx1F8crebI/QrPb2meHplhSpAsIDqJ48 + iMg6aT22mGBagR698GS+9ehg0ExMumfIDPSO + k/1wtwRKYqrKow== ) + 3600 NSEC example. NS SOA KEY RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 13 1 3600 ( + 20901231235959 20250702054802 46204 example. + Nah5tUuwQiiDKWpdgtqPp7LppMOoDUJkyTZB + pAzmbT8UA7kNJN2K5kfkLJgPqWAt4h2P0Ys1 + 9lkLcXqYUH0x5g== ) + 3600 DNSKEY 256 3 13 ( + Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x + joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE + 5CT4INCzzeTuZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204 + 3600 RRSIG DNSKEY 13 1 3600 ( + 20901231235959 20250630042051 46204 example. + KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx + 9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa + OmTOsXrBWly7ng== ) diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.nsec3rsasha1.db bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.nsec3rsasha1.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.nsec3rsasha1.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.nsec3rsasha1.db 2025-10-18 10:21:02.873253957 +0000 @@ -0,0 +1,71 @@ +; File written on Mon Jun 30 14:55:37 2025 +; dnssec-signzone version 9.21.3-dev +example. 3600 IN SOA . . ( + 0 ; serial + 0 ; refresh (0 seconds) + 0 ; retry (0 seconds) + 0 ; expire (0 seconds) + 3600 ; minimum (1 hour) + ) + 3600 RRSIG SOA 7 1 3600 ( + 20901231235959 20250630035537 41424 example. + oqX2MaQSaMj2YPYWA/8echxn7QHBerVEs426 + z8IJ88lv8Ih3Rrsldur6hXCieYI46wK3xOft + p0VMAw9iIK5T49PXnaf7+hdaIJFDTAvuhzco + e1IcdfmS26a6rRZHG8QKNjVjn/Du3J2gbdoB + ubyio+7BY45Mk1S0sb0QzkmfTRZodULfvlW7 + BkmC9k0ixU1f1R+k26I0TJHYwH6Tw3O/0nPG + SkUKnIcgqjzXsnUN1XGR+gD9TVF8Hp+JYWCz + 5fFTR733OiScIK+Xlon+ydg1GixW1rOR2MOP + lowGJIHeE8nDYEgncKv91wFCp1IRHjgN/6zg + c6JBClYMhe0RS66I6A== ) + 3600 NS . + 3600 RRSIG NS 7 1 3600 ( + 20901231235959 20250630035411 41424 example. + pQUeJTZvpEPBZOdatA79eUE+qunKTasFyjgT + xB+hpvXujxFqf6FDs/TdfE9jGo5T8Rwb3Gu0 + 7+uo5ATwKuQL0TywDVm7DMj07iWoXpCGWge9 + q+iZ9sVXTzGKbb+1f8w9b/E9qW/s9Uir/tZq + pPWhEgy61ip/pjkcyoIi3wQtffBMckApBgao + Nk6YPi0TSl3W+cQUDkT2BeCoZDHuhuvS+Z3x + URTu5FnqT3YPKJ5xb4N3mr4um4oI9sy+TJIj + yuSW/ie0Bzy8x8ha1capfhlbPsZI6SKe0ldR + vC9dr0gertISQzAnl9GqxFne6Ya5DyYHKye+ + khVrRKAu2YIFRWYrOg== ) + 3600 NSEC example. NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 7 1 3600 ( + 20901231235959 20250630035537 41424 example. + IMgNRFY4qWHDFz/gWiXn6jrCSW4Az/5sE7ML + dyJgY8OHtM2Kq+ThRsgZn7gN47T7QJv8Dvc3 + oYNRH7R6sjGJBZmfoqfdZmJOrR1bdKhHjhHR + 0b3NuXlVAG7eqMu4eJvsKZCUTKxa3+iFStw/ + pTsHWEVT9ozMaAfQdzM86Pq6x8VVQCRwuw9g + JWkjt0/4VGA/tTj713o0/7Ju0055wSVnFNvH + XaAW2PG9nRDyFvoOq1lFSFEPm9gXDFfDmTZn + 40v+qIer/vPGMkHyizZAbZ0qnM7lwNAhDukz + catwpgsbpMWHrBUgnDCbxpzfl24n7wmHyCUa + ArewJH9UphjytrxHjw== ) + 3600 DNSKEY 256 3 7 ( + AwEAAakdlaNNa6UNEKTh7g0TPBLuEecXezJ2 + mz7kaBxIEx7t3IPxWymt5XezCtR7NilHW+zo + d42hzKrtqFilt5SBrsjnWr5ipczEySEYCtOz + Jx0P9xLj8MjCf5D6+elSY4zm9gtqlIo6ryhf + SuCJQ9XZOIFD10/8efr0HYxkc0N4msZhVcuB + yJ650Pjc0EFWEe2yseM+uXZCIc/0Q4OayMJA + 5GEJwvq/POH/POU7HlQR5RKzT0babm4Jvmpx + F1jf7gSRL44LgVLl/m4fKjseK1w0shOxhrwc + gAXI5ZMpspN9Mnhy+HNemkw9xyw3XkAtcTuN + yUHvCLEyaklh6latwxFQTLM= + ) ; ZSK; alg = NSEC3RSASHA1 ; key id = 41424 + 3600 RRSIG DNSKEY 7 1 3600 ( + 20901231235959 20250630035411 41424 example. + G2lr1Q+xjDnefyPbxLTy0yZ8wUg1+GcaBb9H + 7YX0FzZroRLTNr8SN2VYge4CbNZkTIC98dmV + TRwoBp4HbrWY5jDGT2oQS1zDc92dz0TuD0Ys + JMI2/IEVpA9wBcqsRssmAwzSuh4dMLqfMkrm + KzWk7CRNxqC1JXJ1MgbRCRuES22HGO3O7ZXZ + HjsFANBQt+7PebgdmAtS61RvztyJE+o6LyaA + qA9qawqYDBi7Lcar/U+arrfg77kQ8BmC+ZZV + toLkus9VsM9GShmMo2/KMu+PYWHKWUuHwRas + v9hSvLh/+b7mymssp/WtmX79a3WXlHovNP2v + Sh2S4RjDq4lFsyqTAA== ) diff -Nru bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db --- bind9-9.18.33/bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db 2025-10-18 10:21:02.873253957 +0000 @@ -0,0 +1,71 @@ +; File written on Mon Jun 30 14:57:52 2025 +; dnssec-signzone version 9.21.3-dev +example. 3600 IN SOA . . ( + 0 ; serial + 0 ; refresh (0 seconds) + 0 ; retry (0 seconds) + 0 ; expire (0 seconds) + 3600 ; minimum (1 hour) + ) + 3600 RRSIG SOA 5 1 3600 ( + 20901231235959 20250630035752 3495 example. + gq16Xp8iCErMp/R6jdzvws3MMvWAMowfYOa5 + K3Dwo3MXUruWhsDa4XjH3CJIk4LtSRDWcVSj + /STy/R4CEvz83/2VMjQ7L73hFZZNVrMHKrLi + SfRhnUueOHiYrv8sLM2ZHy0EYM/gULmcX51j + j0XJlSf9DfkT/nh3ZwqS+lD/RA+1Gg73xVkS + tRh5AZMWAGrjyBMOC0iW9qexqINmM0nR40K7 + 5L+17OL2Ay/Fp7zliN+g9bAEfgITQlFRO32Y + sZrPRguzavP5xad4m3GOCAQoTQJpnci7id2u + DhIwkh6+7Do3zjZOQy74IvbuPVUS5nVRiEd8 + XqF3Z7hHMYWWCEdslw== ) + 3600 NS . + 3600 RRSIG NS 5 1 3600 ( + 20901231235959 20250630034615 3495 example. + FrY8Bi8StW34PADKfVn2uPDIgDzbhyinoQDw + HjklP8PFXvl2VLhroGZy5EfoGQlC+eOL7Ffb + ZlKMvSOtGHpIIdqWg6GmGBWqCYoC3EoaFVXh + A2SBxOPdcbGbwzVk6MWnrpFRsxwMqX+7vjJg + eB7XVh1tZf90N6Yfswfy/UFf5Qbaj69gE7/7 + Eu3lkNNsFr5UVLPU4K4/dzNalllZjZ++w68T + 5Y97UmIJH+aXpNndibJU9c25F1/ou5NJLQQN + LxyWXIi1CRaF88sjQwXemO8xutnh2b3ULKI0 + pelDtKThLWWYAMhgMnhr5HktL69++cMZiZ4z + 3heBavJIPY2QTYOLZw== ) + 3600 NSEC example. NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 5 1 3600 ( + 20901231235959 20250630035752 3495 example. + N5mNbNXTSbLOya8baU6SaGao8bPquA4rO2hb + 5mkYjM+wzAJRNKSrViA5Ev7iFJolXKM+NCV3 + fpKtT+5v8mqhGZf80H1Z7inmAMX+Gz9B0YfO + yhmSTD7qnIgoxw+W/dFAeBx18XyCRDBRlGyj + 2FEqZa46AVuDaYgQoUJLfM4SkOhbsDdDfQV1 + uQinjRnhvOQEOd0wYRbqR7S8BMqppnahwyai + lH5tx8qsBVFTR7P8D5UlTfHCBM+d0VI5jXjt + 45eCwzqQBTl4ot4Tbc/nGaUvPU5ffkW8fmsk + BygQeKd97xPnzK0tt1KJaYGTiqc3UgUId929 + XniHMB6YmxkpIb2qrg== ) + 3600 DNSKEY 256 3 5 ( + AwEAAZmABvQsJBvsRu2fMlU1CtN58u7+yO5x + ioxkg8O2mH29NDFoMKtxZKlk74+hT8m0aAKV + hqEywM9S2NaWEXctv2lF6t/f8E8YJkY+cnLb + iZmxuJmScxce8u32KlX0MiKN2JQHIokDTz7m + 2AqUaLTnERyIXNUHJfHx1nzvhhz4G7TV41Pk + U1MSX3gCrgsSQ7IUzLOsyy6iQn4wFml+eXlO + qmypFvjRDhmjXAHms3nSOgDmDu6kF+9R0ccL + Lh4YAEYZlx2UoDigcEtRfMeYQwb76tC7xAkx + EEJAUo+oRkaw2in8kVjpwuXSWF5WlX+Cpie9 + o3r+4EpI/IV6z63QO9zqMEE= + ) ; ZSK; alg = RSASHA1 ; key id = 3495 + 3600 RRSIG DNSKEY 5 1 3600 ( + 20901231235959 20250630034615 3495 example. + gpKH6gf+47UNqMlTdtylpSW/yRNEyPtpj7Tu + Y939pwRPgQcPBscIwcZzezV0r4y2O5xMTKQ1 + fQZTidfCwvessYTxYJYSjE1i+pChblLmqY/j + JNjwUv0nH9rs8ZSXRSFiqPsC7tl4jBQsD1N+ + UdV3a/rEFCON1C+KirQlrdSq+/bAic0A4afZ + g746kgnLsNCu/FnVucfoOBGaAk6na9dYIt0+ + l7IKI+4dg+tHsaGdRVv2h2JXO6g1I2LtCiIB + FlKxFDCrMFV9+xduLFNnNxVsvnK7RtlAAPo5 + n4WBinbW5CpGJnc7n/0BknnecqZb63qkQgia + 50FJvVZCJ4WTZ+Hh0g== ) diff -Nru bind9-9.18.33/bin/tests/system/conf.sh.common bind9-9.18.41/bin/tests/system/conf.sh.common --- bind9-9.18.33/bin/tests/system/conf.sh.common 2025-01-20 13:39:31.002352397 +0000 +++ bind9-9.18.41/bin/tests/system/conf.sh.common 2025-10-18 10:21:02.873253957 +0000 @@ -647,7 +647,7 @@ __ret=0 __dump_complete=0 __server="${1}" - __ip="10.53.0.$(echo "${__server}" | tr -c -d "0-9")" + __ip="10.53.0.$(echo "${__server}" | tr -c -d '[:digit:]')" shift ${RNDC} -c ../_common/rndc.conf -p "${CONTROLPORT}" -s "${__ip}" dumpdb "$@" > "rndc.out.test${n}" 2>&1 || __ret=1 diff -Nru bind9-9.18.33/bin/tests/system/conftest.py bind9-9.18.41/bin/tests/system/conftest.py --- bind9-9.18.33/bin/tests/system/conftest.py 2025-01-20 13:39:31.002352397 +0000 +++ bind9-9.18.41/bin/tests/system/conftest.py 2025-10-18 10:21:02.873253957 +0000 @@ -315,6 +315,9 @@ env[portname] = str(portnum) env["builddir"] = f"{env['TOP_BUILDDIR']}/{SYSTEM_TEST_DIR_GIT_PATH}" env["srcdir"] = f"{env['TOP_SRCDIR']}/{SYSTEM_TEST_DIR_GIT_PATH}" + env["HYPOTHESIS_STORAGE_DIRECTORY"] = ( + f"{env['TOP_BUILDDIR']}/{SYSTEM_TEST_DIR_GIT_PATH}/.hypothesis" + ) return env @@ -381,7 +384,7 @@ if test_specific_artifacts: return common_artifacts + test_specific_artifacts.args[0] - return common_artifacts + return None @pytest.fixture(scope="module") @@ -410,12 +413,13 @@ if node.nodeid in all_test_results } assert len(test_results) - messages = [] for node, result in test_results.items(): - isctest.log.debug("%s %s", result.outcome.upper(), node) - messages.extend(result.messages.values()) - for message in messages: - isctest.log.debug("\n" + message) + message = f"{result.outcome.upper()} {node}" + nonempty_extra = [msg for msg in result.messages.values() if msg.strip()] + if nonempty_extra: + message += "\n" + message += "\n\n".join(nonempty_extra) + isctest.log.debug(message) failed = any(res.outcome == "failed" for res in test_results.values()) skipped = any(res.outcome == "skipped" for res in test_results.values()) if failed: @@ -713,7 +717,7 @@ request.node.stash[FIXTURE_OK] = True -@pytest.fixture +@pytest.fixture(scope="module") def servers(ports, system_test_dir): instances = {} for entry in system_test_dir.rglob("*"): @@ -729,3 +733,53 @@ except ValueError: continue return instances + + +@pytest.fixture(scope="module") +def ns1(servers): + return servers["ns1"] + + +@pytest.fixture(scope="module") +def ns2(servers): + return servers["ns2"] + + +@pytest.fixture(scope="module") +def ns3(servers): + return servers["ns3"] + + +@pytest.fixture(scope="module") +def ns4(servers): + return servers["ns4"] + + +@pytest.fixture(scope="module") +def ns5(servers): + return servers["ns5"] + + +@pytest.fixture(scope="module") +def ns6(servers): + return servers["ns6"] + + +@pytest.fixture(scope="module") +def ns7(servers): + return servers["ns7"] + + +@pytest.fixture(scope="module") +def ns8(servers): + return servers["ns8"] + + +@pytest.fixture(scope="module") +def ns9(servers): + return servers["ns9"] + + +@pytest.fixture(scope="module") +def ns10(servers): + return servers["ns10"] diff -Nru bind9-9.18.33/bin/tests/system/cookie/ans9/ans.py bind9-9.18.41/bin/tests/system/cookie/ans9/ans.py --- bind9-9.18.33/bin/tests/system/cookie/ans9/ans.py 2025-01-20 13:39:31.003352414 +0000 +++ bind9-9.18.41/bin/tests/system/cookie/ans9/ans.py 2025-10-18 10:21:02.874253984 +0000 @@ -104,22 +104,35 @@ r.answer.append(dns.rrset.from_text(qname, 1, IN, A, "10.53.0.10")) dopass2 = True elif rrtype == NS: - r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, ".")) + length = len(labels) + if length == 2: + r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, "ns." + qname)) + if ns10: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.10") + ) + else: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.9") + ) + else: + tld = ".".join(labels[length - 2 :]) + r.authority.append(dns.rrset.from_text(tld, 2, IN, SOA, ". . 0 0 0 0 2")) elif rrtype == SOA: - r.answer.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.answer.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) else: - r.authority.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.authority.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) # Add a server cookie to the response - if labels[0] != "nocookie": + if labels[0] != "nocookie" or rrtype != A: for o in m.options: if o.otype == 10: # Use 10 instead of COOKIE - if first and labels[0] == "withtsig" and not tcp: + if first and labels[0] == "withtsig" and not tcp and rrtype == A: r.use_tsig( keyring=keyring, keyname=dns.name.from_text("fake"), algorithm=HMAC_SHA256, ) - elif labels[0] != "tcponly" or tcp: + elif labels[0] != "tcponly" or tcp or rrtype != A: cookie = o try: if len(o.server) == 0: diff -Nru bind9-9.18.33/bin/tests/system/cookie/tests.sh bind9-9.18.41/bin/tests/system/cookie/tests.sh --- bind9-9.18.33/bin/tests/system/cookie/tests.sh 2025-01-20 13:39:31.005352449 +0000 +++ bind9-9.18.41/bin/tests/system/cookie/tests.sh 2025-10-18 10:21:02.876254037 +0000 @@ -339,6 +339,23 @@ status=$((status + ret)) n=$((n + 1)) +echo_i "Restart NS4 with -T cookiealwaysvalid ($n)" +stop_server ns4 +touch ns4/named.cookiealwaysvalid +start_server --noclean --restart --port ${PORT} ns4 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) +echo_i "test NS6 cookie on NS4 with -T cookiealwaysvalid (expect success) ($n)" +ret=0 +$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 >dig.out.test$n || ret=1 +grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1 +grep "status: NOERROR," dig.out.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) echo_i "check that test server is correctly configured ($n)" ret=0 pat="; COOKIE: ................................ (good)" diff -Nru bind9-9.18.33/bin/tests/system/cookie/tests_sh_cookie.py bind9-9.18.41/bin/tests/system/cookie/tests_sh_cookie.py --- bind9-9.18.33/bin/tests/system/cookie/tests_sh_cookie.py 2025-01-20 13:39:31.005352449 +0000 +++ bind9-9.18.41/bin/tests/system/cookie/tests_sh_cookie.py 2025-10-18 10:21:02.876254037 +0000 @@ -19,6 +19,7 @@ "ans*/ans.run", "ans*/query.log", "ns1/named_dump.db*", + "ns4/named.cookiealwaysvalid", ] ) diff -Nru bind9-9.18.33/bin/tests/system/cpu/tests.sh bind9-9.18.41/bin/tests/system/cpu/tests.sh --- bind9-9.18.33/bin/tests/system/cpu/tests.sh 2025-01-20 13:39:31.005352449 +0000 +++ bind9-9.18.41/bin/tests/system/cpu/tests.sh 2025-10-18 10:21:02.876254037 +0000 @@ -54,7 +54,8 @@ for cpu in $(cpulist); do n=$((n + 1)) echo_i "testing that limiting CPU sets to 0-${cpu} works ($n)" - cpulimit 0 "$cpu" "$NAMED" -g >named.run.$n 2>&1 || true + # intentionally fail running the named, but print number of detected cpus during it + cpulimit 0 "$cpu" "$NAMED" -g -c missing.conf >named.run.$n 2>&1 || true ncpus=$(sed -ne 's/.*found \([0-9]*\) CPU.*\([0-9]*\) worker thread.*/\1/p' named.run.$n) [ "$ncpus" -eq "$((cpu + 1))" ] || ret=1 done diff -Nru bind9-9.18.33/bin/tests/system/database/tests_database.py bind9-9.18.41/bin/tests/system/database/tests_database.py --- bind9-9.18.33/bin/tests/system/database/tests_database.py 2025-01-20 13:39:31.006352467 +0000 +++ bind9-9.18.41/bin/tests/system/database/tests_database.py 2025-10-18 10:21:02.877254064 +0000 @@ -9,13 +9,13 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -import isctest +import dns -import dns.message +import isctest def test_database(servers, templates): - msg = dns.message.make_query("database.", "SOA") + msg = isctest.query.create("database.", "SOA") # checking pre reload zone res = isctest.query.tcp(msg, "10.53.0.1") diff -Nru bind9-9.18.33/bin/tests/system/dialup/tests_dialup_zone_transfer.py bind9-9.18.41/bin/tests/system/dialup/tests_dialup_zone_transfer.py --- bind9-9.18.33/bin/tests/system/dialup/tests_dialup_zone_transfer.py 2025-01-20 13:39:31.007352485 +0000 +++ bind9-9.18.41/bin/tests/system/dialup/tests_dialup_zone_transfer.py 2025-10-18 10:21:02.878254091 +0000 @@ -28,10 +28,9 @@ # Drop the RD flag from the query msg.flags &= ~dns.flags.RD ns1response = isctest.query.tcp(msg, "10.53.0.1") - with servers[f"ns{ns}"].watch_log_from_start() as watcher: + with servers[f"ns{ns}"].watch_log_from_start(timeout=90) as watcher: watcher.wait_for_line( f"transfer of 'example/IN' from 10.53.0.{ns-1}#{named_port}: Transfer status: success", - timeout=90, ) response = isctest.query.tcp(msg, f"10.53.0.{ns}") if response.rcode() != dns.rcode.SERVFAIL: diff -Nru bind9-9.18.33/bin/tests/system/digdelv/tests.sh bind9-9.18.41/bin/tests/system/digdelv/tests.sh --- bind9-9.18.33/bin/tests/system/digdelv/tests.sh 2025-01-20 13:39:31.008352502 +0000 +++ bind9-9.18.41/bin/tests/system/digdelv/tests.sh 2025-10-18 10:21:02.880254144 +0000 @@ -285,6 +285,27 @@ status=$((status + ret)) n=$((n + 1)) + echo_i "checking dig +coflag works ($n)" + ret=0 + dig_with_opts +tcp @10.53.0.3 +coflag +qr example >dig.out.test$n || ret=1 + grep "^; EDNS: version: 0, flags: co;" /dev/null || ret=1 + check_ttl_range dig.out.test$n "SOA" 300 || ret=1 + if [ $ret -ne 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + + if [ $HAS_PYYAML -ne 0 ]; then + n=$((n + 1)) + echo_i "checking dig +coflag +yaml works ($n)" + ret=0 + dig_with_opts +yaml +tcp @10.53.0.3 +coflag +qr example >dig.out.test$n || ret=1 + $PYTHON yamlget.py dig.out.test$n 0 message query_message_data OPT_PSEUDOSECTION EDNS flags >yamlget.out.test$n 2>&1 || ret=1 + read -r value dig.out.test$n || ret=1 @@ -919,7 +940,7 @@ if [ $HAS_PYYAML -ne 0 ]; then n=$((n + 1)) - echo_i "check dig +yaml output ($n)" + echo_i "check dig +yaml ANY output ($n)" ret=0 dig_with_opts +qr +yaml @10.53.0.3 any ns2.example >dig.out.test$n 2>&1 || ret=1 $PYTHON yamlget.py dig.out.test$n 0 message query_message_data status >yamlget.out.test$n 2>&1 || ret=1 @@ -1397,7 +1418,7 @@ if [ $HAS_PYYAML -ne 0 ]; then n=$((n + 1)) - echo_i "check delv +yaml output ($n)" + echo_i "check delv +yaml ANY output ($n)" ret=0 delv_with_opts +yaml @10.53.0.3 any ns2.example >delv.out.test$n || ret=1 $PYTHON yamlget.py delv.out.test$n status >yamlget.out.test$n 2>&1 || ret=1 @@ -1410,6 +1431,40 @@ read -r value delv.out.test$n || ret=1 + $PYTHON yamlget.py delv.out.test$n status >yamlget.out.test$n 2>&1 || ret=1 + read -r value yamlget.out.test$n 2>&1 || ret=1 + read -r value yamlget.out.test$n 2>&1 || ret=1 + read -r value delv.out.test$n || ret=1 + $PYTHON yamlget.py delv.out.test$n status >yamlget.out.test$n 2>&1 || ret=1 + read -r value yamlget.out.test$n 2>&1 || ret=1 + read -r value yamlget.out.test$n 2>&1 || ret=1 + read -r value $@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -666,8 +668,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -678,7 +680,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/driver.Plo + -rm -f ./$(DEPDIR)/driver.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -728,7 +730,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/driver.Plo + -rm -f ./$(DEPDIR)/driver.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -778,3 +780,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ans10/ans.py bind9-9.18.41/bin/tests/system/dnssec/ans10/ans.py --- bind9-9.18.33/bin/tests/system/dnssec/ans10/ans.py 2025-01-20 13:39:31.013352590 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ans10/ans.py 2025-10-18 10:21:02.885254278 +0000 @@ -38,6 +38,7 @@ # NS gets a unsigned response. # DNSKEY get a unsigned NODATA response. # A gets a signed response. +# TXT gets a signed NODATA response without RRSIG. # All other types get a unsigned NODATA response. ############################################################################ def create_response(msg): @@ -72,6 +73,11 @@ r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, ".")) elif rrtype == SOA: r.answer.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + elif rrtype == TXT: + r.authority.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.authority.append( + dns.rrset.from_text(qname, 1, IN, NSEC, qname + " A NS SOA RRSIG NSEC") + ) else: r.authority.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) r.flags |= dns.flags.AA diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns1/root.db.in bind9-9.18.41/bin/tests/system/dnssec/ns1/root.db.in --- bind9-9.18.33/bin/tests/system/dnssec/ns1/root.db.in 2025-01-20 13:39:31.014352608 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns1/root.db.in 2025-10-18 10:21:02.885254278 +0000 @@ -37,3 +37,11 @@ ns10.inprogress. A 10.53.0.10 too-many-iterations. NS ns2.too-many-iterations. ns2.too-many-iterations. A 10.53.0.2 +dnskey-rrsigs-stripped. NS ns2.dnskey-rrsigs-stripped. +ns2.dnskey-rrsigs-stripped. A 10.53.0.2 +ds-rrsigs-stripped. NS ns2.ds-rrsigs-stripped. +ns2.ds-rrsigs-stripped. A 10.53.0.2 +inconsistent. NS ns2.inconsistent. +ns2.inconsistent. A 10.53.0.2 +nsec-rrsigs-stripped. NS ns10.nsec-rrsigs-stripped. +ns10.nsec-rrsigs-stripped. A 10.53.0.10 diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns1/sign.sh bind9-9.18.41/bin/tests/system/dnssec/ns1/sign.sh --- bind9-9.18.33/bin/tests/system/dnssec/ns1/sign.sh 2025-01-20 13:39:31.014352608 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns1/sign.sh 2025-10-18 10:21:02.885254278 +0000 @@ -30,6 +30,9 @@ cp "../ns2/dsset-in-addr.arpa." . cp "../ns2/dsset-too-many-iterations." . cp "../ns2/dsset-lazy-ksk." . +cp "../ns2/dsset-dnskey-rrsigs-stripped." . +cp "../ns2/dsset-ds-rrsigs-stripped." . +cp "../ns2/dsset-inconsistent." . grep "$DEFAULT_ALGORITHM_NUMBER [12] " "../ns2/dsset-algroll." >"dsset-algroll." cp "../ns6/dsset-optout-tld." . diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns2/child.ds-rrsigs-stripped.db.in bind9-9.18.41/bin/tests/system/dnssec/ns2/child.ds-rrsigs-stripped.db.in --- bind9-9.18.33/bin/tests/system/dnssec/ns2/child.ds-rrsigs-stripped.db.in 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns2/child.ds-rrsigs-stripped.db.in 2025-10-18 10:21:02.886254305 +0000 @@ -0,0 +1,27 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + NS ns3 +ns2 A 10.53.0.2 +ns3 A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns2/dnskey-rrsigs-stripped.db.in bind9-9.18.41/bin/tests/system/dnssec/ns2/dnskey-rrsigs-stripped.db.in --- bind9-9.18.33/bin/tests/system/dnssec/ns2/dnskey-rrsigs-stripped.db.in 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns2/dnskey-rrsigs-stripped.db.in 2025-10-18 10:21:02.886254305 +0000 @@ -0,0 +1,27 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + NS ns3 +ns2 A 10.53.0.2 +ns3 A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns2/ds-rrsigs-stripped.db.in bind9-9.18.41/bin/tests/system/dnssec/ns2/ds-rrsigs-stripped.db.in --- bind9-9.18.33/bin/tests/system/dnssec/ns2/ds-rrsigs-stripped.db.in 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns2/ds-rrsigs-stripped.db.in 2025-10-18 10:21:02.886254305 +0000 @@ -0,0 +1,29 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + NS ns3 +ns2 A 10.53.0.2 +ns3 A 10.53.0.3 + +child NS ns2.child +ns2.child A 10.53.0.2 +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns2/inconsistent.db.in bind9-9.18.41/bin/tests/system/dnssec/ns2/inconsistent.db.in --- bind9-9.18.33/bin/tests/system/dnssec/ns2/inconsistent.db.in 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns2/inconsistent.db.in 2025-10-18 10:21:02.887254331 +0000 @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns2.example. . ( + 2010042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2.example. + NS ns3.example. + A 10.53.0.1 +ns2 A 10.53.0.2 +ns3 A 10.53.0.3 diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns2/named.conf.in bind9-9.18.41/bin/tests/system/dnssec/ns2/named.conf.in --- bind9-9.18.33/bin/tests/system/dnssec/ns2/named.conf.in 2025-01-20 13:39:31.015352625 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns2/named.conf.in 2025-10-18 10:21:02.887254331 +0000 @@ -209,6 +209,11 @@ file "too-many-iterations.db.signed"; }; +zone "inconsistent" { + type primary; + file "inconsistent.db.signed"; +}; + zone "lazy-ksk" { type primary; file "lazy-ksk.db"; @@ -216,4 +221,19 @@ allow-update { any; }; }; +zone "dnskey-rrsigs-stripped" { + type primary; + file "dnskey-rrsigs-stripped.db.signed"; +}; + +zone "ds-rrsigs-stripped" { + type primary; + file "ds-rrsigs-stripped.db.signed"; +}; + +zone "child.ds-rrsigs-stripped" { + type primary; + file "child.ds-rrsigs-stripped.db.signed"; +}; + include "trusted.conf"; diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns2/sign.sh bind9-9.18.41/bin/tests/system/dnssec/ns2/sign.sh --- bind9-9.18.33/bin/tests/system/dnssec/ns2/sign.sh 2025-01-20 13:39:31.016352643 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns2/sign.sh 2025-10-18 10:21:02.887254331 +0000 @@ -369,3 +369,59 @@ rm "$rm1.private" rm "$rm2.key" rm "$rm2.private" + +# +# A zone with the DNSKEY RRSIGS stripped +# +zone=dnskey-rrsigs-stripped +infile=dnskey-rrsigs-stripped.db.in +zonefile=dnskey-rrsigs-stripped.db +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" +"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 +"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \ + | awk '$4 == "RRSIG" && $5 == "DNSKEY" { next } { print }' >"$zonefile.stripped" +"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \ + | awk '$4 == "SOA" { $7 = $7 + 1; print; next } { print }' >"$zonefile.next" +"$SIGNER" -g -o "$zone" -f "$zonefile.next" "$zonefile.next" >/dev/null 2>&1 +cp "$zonefile.stripped" "$zonefile.signed" + +# +# A child zone for the stripped DS RRSIGs test +# +zone=child.ds-rrsigs-stripped +infile=child.ds-rrsigs-stripped.db.in +zonefile=child.ds-rrsigs-stripped.db +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" +"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 + +# +# A zone with the DNSKEY RRSIGS stripped +# +zone=ds-rrsigs-stripped +infile=ds-rrsigs-stripped.db.in +zonefile=ds-rrsigs-stripped.db +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" +"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 +"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \ + | awk '$4 == "RRSIG" && $5 == "DS" { next } { print }' >"$zonefile.stripped" +"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \ + | awk '$4 == "SOA" { $7 = $7 + 1; print; next } { print }' >"$zonefile.next" +"$SIGNER" -g -o "$zone" -f "$zonefile.next" "$zonefile.next" >/dev/null 2>&1 +cp "$zonefile.stripped" "$zonefile.signed" + +# +# Inconsistent NS RRset between parent and child +# +zone=inconsistent +infile=inconsistent.db.in +zonefile=inconsistent.db +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +cat "$infile" "$key1.key" "$key2.key" >"$zonefile" +"$SIGNER" -3 - -g -o "$zone" "$zonefile" >/dev/null 2>&1 diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns4/named3.conf.in bind9-9.18.41/bin/tests/system/dnssec/ns4/named3.conf.in --- bind9-9.18.33/bin/tests/system/dnssec/ns4/named3.conf.in 2025-01-20 13:39:31.020352713 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns4/named3.conf.in 2025-10-18 10:21:02.892254465 +0000 @@ -26,6 +26,7 @@ bindkeys-file "managed.conf"; dnssec-accept-expired yes; minimal-responses no; + servfail-ttl 0; }; key rndc_key { diff -Nru bind9-9.18.33/bin/tests/system/dnssec/ns9/named.conf.in bind9-9.18.41/bin/tests/system/dnssec/ns9/named.conf.in --- bind9-9.18.33/bin/tests/system/dnssec/ns9/named.conf.in 2025-01-20 13:39:31.021352731 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/ns9/named.conf.in 2025-10-18 10:21:02.893254492 +0000 @@ -25,6 +25,7 @@ dnssec-validation yes; forward only; forwarders { 10.53.0.4; }; + servfail-ttl 0; }; key rndc_key { diff -Nru bind9-9.18.33/bin/tests/system/dnssec/tests.sh bind9-9.18.41/bin/tests/system/dnssec/tests.sh --- bind9-9.18.33/bin/tests/system/dnssec/tests.sh 2025-01-20 13:39:31.024352783 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/tests.sh 2025-10-18 10:21:02.896254572 +0000 @@ -184,6 +184,46 @@ test "$ret" -eq 0 || echo_i "failed" status=$((status + ret)) +echo_i "checking recovery from stripped DNSKEY RRSIG ($n)" +ret=0 +# prime cache with DNSKEY without RRSIGs +dig_with_opts +noauth +cd dnskey-rrsigs-stripped. @10.53.0.4 dnskey >dig.out.prime.ns4.test$n || ret=1 +grep ";; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1" dig.out.prime.ns4.test$n >/dev/null || ret=1 +grep "status: NOERROR" dig.out.prime.ns4.test$n >/dev/null || ret=1 +grep "RRSIG.DNSKEY" dig.out.prime.ns4.test$n >/dev/null && ret=1 +# reload server with properly signed zone +cp ns2/dnskey-rrsigs-stripped.db.next ns2/dnskey-rrsigs-stripped.db.signed +nextpart ns2/named.run >/dev/null +rndccmd 10.53.0.2 reload dnskey-rrsigs-stripped | sed 's/^/ns2 /' | cat_i +wait_for_log 5 "zone dnskey-rrsigs-stripped/IN: loaded serial 2000042408" ns2/named.run || ret=1 +dig_with_opts +noauth b.dnskey-rrsigs-stripped. @10.53.0.2 a >dig.out.ns2.test$n || ret=1 +dig_with_opts +noauth b.dnskey-rrsigs-stripped. @10.53.0.4 a >dig.out.ns4.test$n || ret=1 +digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1 +n=$((n + 1)) +test "$ret" -eq 0 || echo_i "failed" +status=$((status + ret)) + +echo_i "checking recovery from stripped DS RRSIG ($n)" +ret=0 +# prime cache with DS without RRSIGs +dig_with_opts +noauth +cd child.ds-rrsigs-stripped. @10.53.0.4 ds >dig.out.prime.ns4.test$n || ret=1 +grep ";; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.prime.ns4.test$n >/dev/null || ret=1 +grep "status: NOERROR" dig.out.prime.ns4.test$n >/dev/null || ret=1 +grep "RRSIG.DS" dig.out.prime.ns4.test$n >/dev/null && ret=1 +# reload server with properly signed zone +cp ns2/ds-rrsigs-stripped.db.next ns2/ds-rrsigs-stripped.db.signed +nextpart ns2/named.run >/dev/null +rndccmd 10.53.0.2 reload ds-rrsigs-stripped | sed 's/^/ns2 /' | cat_i +wait_for_log 5 "zone ds-rrsigs-stripped/IN: loaded serial 2000042408" ns2/named.run || ret=1 +dig_with_opts +noauth b.child.ds-rrsigs-stripped. @10.53.0.2 a >dig.out.ns2.test$n || ret=1 +dig_with_opts +noauth b.child.ds-rrsigs-stripped. @10.53.0.4 a >dig.out.ns4.test$n || ret=1 +digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1 +n=$((n + 1)) +test "$ret" -eq 0 || echo_i "failed" +status=$((status + ret)) + echo_i "checking that 'example/DS' from the referral was used in previous validation ($n)" ret=0 grep "query 'example/DS/IN' approved" ns1/named.run >/dev/null && ret=1 @@ -4468,6 +4508,57 @@ if [ "$ret" -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) +echo_i "checking NSEC3 nxdomain response closest encloser with 0 ENT ($n)" +ret=0 +dig_with_opts @10.53.0.4 b.b.b.b.b.a.nsec3.example. >dig.out.ns4.test$n +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +# closest encloser (a.nsec3.example) +pat1="^6OVDUHTN094ML2PV8AN90U0DPU823GH2\.nsec3\.example\..*NSEC3 1 0 0 - 7AT0S0RIDCJRFF2M5H5AAV22CSFJBUL4 A RRSIG\$" +grep "$pat1" dig.out.ns4.test$n >/dev/null || ret=1 +# no QNAME proof (b.a.nsec3.example / DSPF4R9UKOEPJ9O34E1H4539LSOTL14E) +pat2="^CG2DVCNE20EKU1PDRLMI2L4DGC2FO1H3\.nsec3\.example\..*NSEC3 1 0 0 - EF2S05SGK1IR2K5SKMFIRERGQCLMR18M A RRSIG\$" +grep "$pat2" dig.out.ns4.test$n >/dev/null || ret=1 +# no WILDCARD proof (*.a.nsec3.example / TFGQ60S97BS31IT1EBEDO63ETM0T5JFA) +pat3="^R8EVDMNIGNOKME4LH2H90OSP2PRSNJ1Q\.nsec3\.example\..*NSEC3 1 0 0 - VH656EQUD4J02OFVSO4GKOK5D02MS1TL NS DS RRSIG\$" +grep "$pat3" dig.out.ns4.test$n >/dev/null || ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking NSEC3 nxdomain response closest encloser with 1 ENTs ($n)" +ret=0 +dig_with_opts @10.53.0.4 b.b.b.b.b.a.a.nsec3.example. >dig.out.ns4.test$n +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +# closest encloser (a.a.nsec3.example) +pat1="^NGCJFSOLJUUE27PFNQNJIME4TQ0OU2DH\.nsec3\.example\..*NSEC3 1 0 0 - R8EVDMNIGNOKME4LH2H90OSP2PRSNJ1Q\$" +grep "$pat1" dig.out.ns4.test$n >/dev/null || ret=1 +# no QNAME proof (b.a.a.nsec3.example / V8I8SAIIVC3HOVMOVENSDRA6ATDCEMJI) +pat2="^R8EVDMNIGNOKME4LH2H90OSP2PRSNJ1Q\.nsec3\.example\..*NSEC3 1 0 0 - VH656EQUD4J02OFVSO4GKOK5D02MS1TL NS DS RRSIG\$" +grep "$pat2" dig.out.ns4.test$n >/dev/null || ret=1 +# no WILDCARD proof (*.a.a.nsec3.example / V7JNNDJ4NLRIU195FRB7DLUCSLU4LLFM) +pat3="^R8EVDMNIGNOKME4LH2H90OSP2PRSNJ1Q\.nsec3\.example\..*NSEC3 1 0 0 - VH656EQUD4J02OFVSO4GKOK5D02MS1TL NS DS RRSIG\$" +grep "$pat3" dig.out.ns4.test$n >/dev/null || ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking NSEC3 nxdomain response closest encloser with 2 ENTs ($n)" +ret=0 +dig_with_opts @10.53.0.4 b.b.b.b.b.a.a.a.nsec3.example. >dig.out.ns4.test$n +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +# closest encloser (a.a.a.nsec3.example) +pat1="^H7RHPDCHSVVRAND332F878C8AB6IBJQV\.nsec3\.example\..*NSEC3 1 0 0 - K8IG76R2UPQ13IKFO49L7IB9JRVB6QJI\$" +grep "$pat1" dig.out.ns4.test$n >/dev/null || ret=1 +# no QNAME proof (b.a.a.a.nsec3.example / 18Q8D89RM8GGRSSOPFRB05QS6VEGB1P4) +pat2="^VH656EQUD4J02OFVSO4GKOK5D02MS1TL\.nsec3\.example\..*NSEC3 1 0 0 - 1HARMGSKJH0EBU2EI2OJIKTDPIQA6KBI NS DS RRSIG\$" +grep "$pat2" dig.out.ns4.test$n >/dev/null || ret=1 +# no WILDCARD proof (*.a.a.a.nsec3.example / 8113LDMSEFPUAG4VGFF1C8KLOUT4Q6PH) +pat3="^7AT0S0RIDCJRFF2M5H5AAV22CSFJBUL4\.nsec3\.example\..*NSEC3 1 0 0 - BEJ5GMQA872JF4DAGQ0R3O5Q7A2O5S9L A RRSIG\$" +grep "$pat3" dig.out.ns4.test$n >/dev/null || ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + echo_i "checking that records other than DNSKEY are not signed by a revoked key by dnssec-signzone ($n)" ret=0 ( @@ -4496,6 +4587,49 @@ n=$((n + 1)) if [ "$ret" -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) + +echo_i "checking validator behavior with mismatching NS ($n)" +ret=0 +rndccmd 10.53.0.4 flush 2>&1 | sed 's/^/ns4 /' | cat_i +$DIG +tcp +cd -p "$PORT" -t ns inconsistent @10.53.0.4 >dig.out.ns4.test$n.1 || ret=1 +grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2" dig.out.ns4.test$n.1 >/dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n.1 >/dev/null && ret=1 +$DIG +tcp +cd +dnssec -p "$PORT" -t ns inconsistent @10.53.0.4 >dig.out.ns4.test$n.2 || ret=1 +grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2" dig.out.ns4.test$n.2 >/dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n.2 >/dev/null && ret=1 +$DIG +tcp +dnssec -p "$PORT" -t ns inconsistent @10.53.0.4 >dig.out.ns4.test$n.3 || ret=1 +grep "ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1" dig.out.ns4.test$n.3 >/dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n.3 >/dev/null || ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "checking that a insecure negative response where there is a NSEC without a RRSIG succeeds ($n)" +ret=0 +# check server preconditions +dig_with_opts +notcp @10.53.0.10 nsec-rrsigs-stripped. TXT +dnssec >dig.out.ns10.test$n +grep "status: NOERROR" dig.out.ns10.test$n >/dev/null || ret=1 +grep "QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1" dig.out.ns10.test$n >/dev/null || ret=1 +grep "IN.RRSIG.NSEC" dig.out.ns10.test$n >/dev/null && ret=1 +# check resolver succeeds +dig_with_opts @10.53.0.4 nsec-rrsigs-stripped. TXT +dnssec >dig.out.ns4.test$n +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1" dig.out.ns4.test$n >/dev/null || ret=1 +grep "IN.RRSIG.NSEC" dig.out.ns4.test$n >/dev/null && ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "test that RRSIGS are returned for glue name with CD=1 ($n)" +ret=0 +dig_with_opts @10.53.0.4 ns3.secure.example A +cd >dig.out.ns4.test$n +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "ANSWER: 2," dig.out.ns4.test$n >/dev/null || ret=1 +grep "ns3\.secure\.example\..[0-9]*.IN.A.10\.53\.0.3" dig.out.ns4.test$n >/dev/null || ret=1 +grep "ns3\.secure\.example\..[0-9]*.IN.RRSIG.A " dig.out.ns4.test$n >/dev/null || ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff -Nru bind9-9.18.33/bin/tests/system/dnssec/tests_sh_dnssec.py bind9-9.18.41/bin/tests/system/dnssec/tests_sh_dnssec.py --- bind9-9.18.33/bin/tests/system/dnssec/tests_sh_dnssec.py 2025-01-20 13:39:31.024352783 +0000 +++ bind9-9.18.41/bin/tests/system/dnssec/tests_sh_dnssec.py 2025-10-18 10:21:02.896254572 +0000 @@ -13,6 +13,7 @@ pytestmark = pytest.mark.extra_artifacts( [ + ".hypothesis/examples/*", "K*", "canonical*", "delv.out*", @@ -56,6 +57,13 @@ "ns2/cds-x.secure.db", "ns2/cds-x.secure.db", "ns2/cds.secure.db", + "ns2/dnskey-rrsigs-stripped.db", + "ns2/dnskey-rrsigs-stripped.db.next", + "ns2/dnskey-rrsigs-stripped.db.stripped", + "ns2/child.ds-rrsigs-stripped.db", + "ns2/ds-rrsigs-stripped.db", + "ns2/ds-rrsigs-stripped.db.next", + "ns2/ds-rrsigs-stripped.db.stripped", "ns2/example.db", "ns2/in-addr.arpa.db", "ns2/lazy-ksk.db", @@ -63,6 +71,7 @@ "ns2/nsec3chain-test.db", "ns2/single-nsec3.db", "ns2/too-many-iterations.db", + "ns2/inconsistent.db", "ns2/trusted.db", "ns2/updatecheck-kskonly.secure.ksk.id", "ns2/updatecheck-kskonly.secure.ksk.key", diff -Nru bind9-9.18.33/bin/tests/system/dnstap/tests_dnstap.py bind9-9.18.41/bin/tests/system/dnstap/tests_dnstap.py --- bind9-9.18.33/bin/tests/system/dnstap/tests_dnstap.py 2025-01-20 13:39:31.027352836 +0000 +++ bind9-9.18.41/bin/tests/system/dnstap/tests_dnstap.py 2025-10-18 10:21:02.899254652 +0000 @@ -18,9 +18,8 @@ import isctest import pytest -import dns.message - pytest.importorskip("dns", minversion="2.0.0") +import dns.rrset pytestmark = pytest.mark.extra_artifacts( [ @@ -46,7 +45,7 @@ def test_dnstap_dispatch_socket_addresses(): # Send some query to ns3 so that it records something in its dnstap file. - msg = dns.message.make_query("mail.example.", "A") + msg = isctest.query.create("mail.example.", "A") res = isctest.query.tcp(msg, "10.53.0.2", expected_rcode=dns.rcode.NOERROR) assert res.answer == [ dns.rrset.from_text("mail.example.", 300, "IN", "A", "10.0.0.2") diff -Nru bind9-9.18.33/bin/tests/system/dnstap/tests_sh_dnstap.py bind9-9.18.41/bin/tests/system/dnstap/tests_sh_dnstap.py --- bind9-9.18.33/bin/tests/system/dnstap/tests_sh_dnstap.py 2025-01-20 13:39:31.027352836 +0000 +++ bind9-9.18.41/bin/tests/system/dnstap/tests_sh_dnstap.py 2025-10-18 10:21:02.899254652 +0000 @@ -11,6 +11,8 @@ import pytest +import isctest.mark + pytestmark = pytest.mark.extra_artifacts( [ "dig.out*", @@ -26,5 +28,6 @@ ) +@pytest.mark.flaky(max_runs=2, rerun_filter=isctest.mark.is_host_freebsd_13) def test_dnstap(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/doth/example.axfr.good bind9-9.18.41/bin/tests/system/doth/example.axfr.good --- bind9-9.18.33/bin/tests/system/doth/example.axfr.good 2025-01-20 13:39:31.031352907 +0000 +++ bind9-9.18.41/bin/tests/system/doth/example.axfr.good 2025-10-18 10:21:02.903254759 +0000 @@ -2524,6 +2524,7 @@ biganswer.example. 3600 IN A 10.10.50.48 biganswer.example. 3600 IN A 10.10.50.49 biganswer.example. 3600 IN A 10.10.50.50 +brid.example. 3600 IN BRID abcd caa01.example. 3600 IN CAA 0 issue "ca.example.net; policy=ev" caa02.example. 3600 IN CAA 128 tbs "Unknown" caa03.example. 3600 IN CAA 128 tbs "" @@ -2548,12 +2549,14 @@ ds01.example. 3600 IN DS 12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13 ds02.example. 3600 IN NS ns43.example. ds02.example. 3600 IN DS 12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390 +dsync01.example. 3600 IN DSYNC CDS NOTIFY 53 . eid01.example. 3600 IN EID 1289AB eui48.example. 3600 IN EUI48 01-23-45-67-89-ab eui64.example. 3600 IN EUI64 01-23-45-67-89-ab-cd-ef gid01.example. 3600 IN GID \# 1 03 gpos01.example. 3600 IN GPOS "-22.6882" "116.8652" "250.0" gpos02.example. 3600 IN GPOS "" "" "" +hhit.example. 3600 IN HHIT abcd hinfo01.example. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4" hinfo02.example. 3600 IN HINFO "PC" "NetBSD" hip1.example. 3600 IN HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D diff -Nru bind9-9.18.33/bin/tests/system/doth/example8.axfr.good bind9-9.18.41/bin/tests/system/doth/example8.axfr.good --- bind9-9.18.33/bin/tests/system/doth/example8.axfr.good 2025-01-20 13:39:31.032352924 +0000 +++ bind9-9.18.41/bin/tests/system/doth/example8.axfr.good 2025-10-18 10:21:02.903254759 +0000 @@ -2524,6 +2524,7 @@ biganswer.example8. 3600 IN A 10.10.50.48 biganswer.example8. 3600 IN A 10.10.50.49 biganswer.example8. 3600 IN A 10.10.50.50 +brid.example8. 3600 IN BRID abcd caa01.example8. 3600 IN CAA 0 issue "ca.example.net; policy=ev" caa02.example8. 3600 IN CAA 128 tbs "Unknown" caa03.example8. 3600 IN CAA 128 tbs "" @@ -2548,12 +2549,14 @@ ds01.example8. 3600 IN NS ns42.example8. ds02.example8. 3600 IN DS 12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390 ds02.example8. 3600 IN NS ns43.example8. +dsync01.example8. 3600 IN DSYNC CDS NOTIFY 53 . eid01.example8. 3600 IN EID 1289AB eui48.example8. 3600 IN EUI48 01-23-45-67-89-ab eui64.example8. 3600 IN EUI64 01-23-45-67-89-ab-cd-ef gid01.example8. 3600 IN GID \# 1 03 gpos01.example8. 3600 IN GPOS "-22.6882" "116.8652" "250.0" gpos02.example8. 3600 IN GPOS "" "" "" +hhit.example8. 3600 IN HHIT abcd hinfo01.example8. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4" hinfo02.example8. 3600 IN HINFO "PC" "NetBSD" hip1.example8. 3600 IN HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D diff -Nru bind9-9.18.33/bin/tests/system/doth/tests_gnutls.py bind9-9.18.41/bin/tests/system/doth/tests_gnutls.py --- bind9-9.18.33/bin/tests/system/doth/tests_gnutls.py 2025-01-20 13:39:31.034352959 +0000 +++ bind9-9.18.41/bin/tests/system/doth/tests_gnutls.py 2025-10-18 10:21:02.906254839 +0000 @@ -20,11 +20,12 @@ pytest.importorskip("dns") import dns.exception -import dns.message import dns.name import dns.rdataclass import dns.rdatatype +import isctest + pytestmark = pytest.mark.extra_artifacts( [ "gnutls-cli.*", @@ -35,7 +36,7 @@ def test_gnutls_cli_query(gnutls_cli_executable, named_tlsport): # Prepare the example/SOA query which will be sent over TLS. - query = dns.message.make_query("example.", dns.rdatatype.SOA) + query = isctest.query.create("example.", dns.rdatatype.SOA) query_wire = query.to_wire() query_with_length = struct.pack(">H", len(query_wire)) + query_wire @@ -72,11 +73,11 @@ # upon receiving a DNS response. selector = selectors.DefaultSelector() selector.register(gnutls_cli.stdout, selectors.EVENT_READ) - deadline = time.time() + 10 + deadline = time.monotonic() + 10 gnutls_cli_output = b"" response = b"" while not response and not gnutls_cli.poll(): - if not selector.select(timeout=deadline - time.time()): + if not selector.select(timeout=deadline - time.monotonic()): break gnutls_cli_output += gnutls_cli.stdout.read(512) try: diff -Nru bind9-9.18.33/bin/tests/system/dsdigest/tests_dsdigest.py bind9-9.18.41/bin/tests/system/dsdigest/tests_dsdigest.py --- bind9-9.18.33/bin/tests/system/dsdigest/tests_dsdigest.py 2025-01-20 13:39:31.035352977 +0000 +++ bind9-9.18.41/bin/tests/system/dsdigest/tests_dsdigest.py 2025-10-18 10:21:02.907254866 +0000 @@ -9,7 +9,7 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -import dns.message +import dns.flags import pytest import isctest @@ -29,7 +29,7 @@ def test_dsdigest_good(): """Check that validation with enabled digest types works""" - msg = dns.message.make_query("a.good.", "A", want_dnssec=True) + msg = isctest.query.create("a.good.", "A") res = isctest.query.tcp( msg, "10.53.0.3", @@ -51,7 +51,7 @@ def test_dsdigest_insecure(): """Check that validation with not supported digest algorithms is insecure""" - msg_ds = dns.message.make_query("bad.", "DS", want_dnssec=True) + msg_ds = isctest.query.create("bad.", "DS") res_ds = isctest.query.tcp( msg_ds, "10.53.0.4", @@ -59,7 +59,7 @@ isctest.check.noerror(res_ds) assert res_ds.flags & dns.flags.AD - msg_a = dns.message.make_query("a.bad.", "A", want_dnssec=True) + msg_a = isctest.query.create("a.bad.", "A") res_a = isctest.query.tcp( msg_a, "10.53.0.4", diff -Nru bind9-9.18.33/bin/tests/system/dyndb/driver/Makefile.in bind9-9.18.41/bin/tests/system/dyndb/driver/Makefile.in --- bind9-9.18.33/bin/tests/system/dyndb/driver/Makefile.in 2025-01-20 13:40:38.408383971 +0000 +++ bind9-9.18.41/bin/tests/system/dyndb/driver/Makefile.in 2025-10-18 10:21:43.180305443 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -348,8 +350,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -509,15 +513,13 @@ $(am__aclocal_m4_deps): clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + -$(am__rm_f) $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} sample.la: $(sample_la_OBJECTS) $(sample_la_DEPENDENCIES) $(EXTRA_sample_la_DEPENDENCIES) $(AM_V_CCLD)$(sample_la_LINK) $(sample_la_OBJECTS) $(sample_la_LIBADD) $(LIBS) @@ -538,7 +540,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -687,8 +689,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -699,7 +701,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/db.Plo + -rm -f ./$(DEPDIR)/db.Plo -rm -f ./$(DEPDIR)/driver.Plo -rm -f ./$(DEPDIR)/instance.Plo -rm -f ./$(DEPDIR)/lock.Plo @@ -755,7 +757,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/db.Plo + -rm -f ./$(DEPDIR)/db.Plo -rm -f ./$(DEPDIR)/driver.Plo -rm -f ./$(DEPDIR)/instance.Plo -rm -f ./$(DEPDIR)/lock.Plo @@ -811,3 +813,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/tests/system/emptyzones/tests_emptyzones.py bind9-9.18.41/bin/tests/system/emptyzones/tests_emptyzones.py --- bind9-9.18.33/bin/tests/system/emptyzones/tests_emptyzones.py 2025-01-20 13:39:31.041353082 +0000 +++ bind9-9.18.41/bin/tests/system/emptyzones/tests_emptyzones.py 2025-10-18 10:21:02.913255026 +0000 @@ -9,8 +9,6 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -import dns.message - import isctest @@ -20,11 +18,11 @@ ns1.rndc("reload") templates.render("ns1/named.conf", {"automatic_empty_zones": True}) ns1.rndc("reload") - msg = dns.message.make_query("version.bind", "TXT", "CH") + msg = isctest.query.create("version.bind", "TXT", "CH") res = isctest.query.tcp(msg, "10.53.0.1") isctest.check.noerror(res) # check that allow-transfer { none; } works - msg = dns.message.make_query("10.in-addr.arpa", "AXFR") + msg = isctest.query.create("10.in-addr.arpa", "AXFR") res = isctest.query.tcp(msg, "10.53.0.1") isctest.check.refused(res) diff -Nru bind9-9.18.33/bin/tests/system/fetchlimit/tests_sh_fetchlimit.py bind9-9.18.41/bin/tests/system/fetchlimit/tests_sh_fetchlimit.py --- bind9-9.18.33/bin/tests/system/fetchlimit/tests_sh_fetchlimit.py 2025-01-20 13:39:31.043353118 +0000 +++ bind9-9.18.41/bin/tests/system/fetchlimit/tests_sh_fetchlimit.py 2025-10-18 10:21:02.915255080 +0000 @@ -24,9 +24,7 @@ ] ) -import isctest.mark - -@isctest.mark.flaky(max_runs=2) +@pytest.mark.flaky(max_runs=3) def test_fetchlimit(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/genzone.sh bind9-9.18.41/bin/tests/system/genzone.sh --- bind9-9.18.33/bin/tests/system/genzone.sh 2025-01-20 13:39:31.052353276 +0000 +++ bind9-9.18.41/bin/tests/system/genzone.sh 2025-10-18 10:21:02.925255347 +0000 @@ -365,11 +365,11 @@ sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= ) -;type 62 +; type 62 csync01 CSYNC 0 0 A NS AAAA csync02 CSYNC 0 0 -;type 63 +; type 63 zonemd01 ZONEMD 2019020700 1 1 ( C220B8A6ED5728A971902F7E3D4FD93A DEEA88B0453C2E8E8C863D465AB06CF3 @@ -381,8 +381,24 @@ 4E114D884E66F176EAB121CB02DB7D65 2E0CC4827E7A3204F166B47E5613FD27 ) +; type 64 +svcb0 SVCB 0 example.net. +svcb1 SVCB 1 . port=60 + +; type 65 +https0 HTTPS 0 example.net. +https1 HTTPS 1 . port=60 + +; type 66 +dsync01 DSYNC CDS NOTIFY 53 . + +; type 67 +hhit HHIT abcd -; type 64 -- 98 (unassigned) +; type 68 +brid BRID abcd + +; type 69 -- 98 (unassigned) ; type 99 spf01 SPF "v=spf1 -all" @@ -503,12 +519,6 @@ ; type 65280-65534 (private use) -https0 HTTPS 0 example.net. -https1 HTTPS 1 . port=60 - -svcb0 SVCB 0 example.net. -svcb1 SVCB 1 . port=60 - ; keydata (internal type used for managed keys) keydata TYPE65533 \# 0 keydata TYPE65533 \# 6 010203040506 diff -Nru bind9-9.18.33/bin/tests/system/glue/tests_glue.py bind9-9.18.41/bin/tests/system/glue/tests_glue.py --- bind9-9.18.33/bin/tests/system/glue/tests_glue.py 2025-01-20 13:39:31.056353346 +0000 +++ bind9-9.18.41/bin/tests/system/glue/tests_glue.py 2025-10-18 10:21:02.928255427 +0000 @@ -10,6 +10,7 @@ # information regarding copyright ownership. +import dns.flags import dns.message import pytest @@ -20,7 +21,7 @@ def test_glue_full_glue_set(): """test that a ccTLD referral gets a full glue set from the root zone""" - msg = dns.message.make_query("foo.bar.fi", "A") + msg = isctest.query.create("foo.bar.fi", "A") msg.flags &= ~dns.flags.RD res = isctest.query.udp(msg, "10.53.0.1") @@ -51,7 +52,7 @@ def test_glue_no_glue_set(): """test that out-of-zone glue is not found""" - msg = dns.message.make_query("example.net.", "A") + msg = isctest.query.create("example.net.", "A") msg.flags &= ~dns.flags.RD res = isctest.query.udp(msg, "10.53.0.1") diff -Nru bind9-9.18.33/bin/tests/system/hooks/driver/Makefile.in bind9-9.18.41/bin/tests/system/hooks/driver/Makefile.in --- bind9-9.18.33/bin/tests/system/hooks/driver/Makefile.in 2025-01-20 13:40:38.431384334 +0000 +++ bind9-9.18.41/bin/tests/system/hooks/driver/Makefile.in 2025-10-18 10:21:43.206306115 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -344,8 +346,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -491,15 +495,13 @@ $(am__aclocal_m4_deps): clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + -$(am__rm_f) $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} test-async.la: $(test_async_la_OBJECTS) $(test_async_la_DEPENDENCIES) $(EXTRA_test_async_la_DEPENDENCIES) $(AM_V_CCLD)$(test_async_la_LINK) $(test_async_la_OBJECTS) $(test_async_la_LIBADD) $(LIBS) @@ -514,7 +516,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -663,8 +665,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -675,7 +677,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/test-async.Plo + -rm -f ./$(DEPDIR)/test-async.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -725,7 +727,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/test-async.Plo + -rm -f ./$(DEPDIR)/test-async.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -775,3 +777,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/tests/system/hooks/tests_async_plugin.py bind9-9.18.41/bin/tests/system/hooks/tests_async_plugin.py --- bind9-9.18.33/bin/tests/system/hooks/tests_async_plugin.py 2025-01-20 13:39:31.056353346 +0000 +++ bind9-9.18.41/bin/tests/system/hooks/tests_async_plugin.py 2025-10-18 10:21:02.929255454 +0000 @@ -9,15 +9,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -import pytest import isctest -pytest.importorskip("dns") -import dns.message - def test_async_hook(): - msg = dns.message.make_query("example.com.", "A") + msg = isctest.query.create("example.com.", "A") res = isctest.query.udp(msg, "10.53.0.1") # the test-async plugin changes the status of any positive answer to NOTIMP isctest.check.notimp(res) diff -Nru bind9-9.18.33/bin/tests/system/ifconfig.sh.in bind9-9.18.41/bin/tests/system/ifconfig.sh.in --- bind9-9.18.33/bin/tests/system/ifconfig.sh.in 2025-01-20 13:39:31.058353381 +0000 +++ bind9-9.18.41/bin/tests/system/ifconfig.sh.in 2025-10-18 10:21:02.930255481 +0000 @@ -82,11 +82,11 @@ ;; *-*-linux*) if [ "$use_ip" ]; then - ip address add $a/24 dev lo:$int - ip link set dev lo:$int mtu 1500 + [ "$a" ] && ip address add $a/24 dev lo:$int + [ "$a" ] && ip link set dev lo:$int mtu 1500 [ "$aaaa" ] && ip address add $aaaa/64 dev lo else - ifconfig lo:$int $a up netmask 255.255.255.0 mtu 1500 + [ "$a" ] && ifconfig lo:$int $a up netmask 255.255.255.0 mtu 1500 [ "$aaaa" ] && ifconfig lo inet6 add $aaaa/64 fi ;; diff -Nru bind9-9.18.33/bin/tests/system/include-multiplecfg/tests_include_multiplecfg.py bind9-9.18.41/bin/tests/system/include-multiplecfg/tests_include_multiplecfg.py --- bind9-9.18.33/bin/tests/system/include-multiplecfg/tests_include_multiplecfg.py 2025-01-20 13:39:31.059353399 +0000 +++ bind9-9.18.41/bin/tests/system/include-multiplecfg/tests_include_multiplecfg.py 2025-10-18 10:21:02.931255507 +0000 @@ -11,10 +11,10 @@ import os -import isctest +import dns.rrset import pytest -import dns.message +import isctest @pytest.mark.parametrize( @@ -26,7 +26,7 @@ ], ) def test_include_multiplecfg(qname): - msg = dns.message.make_query(qname, "A") + msg = isctest.query.create(qname, "A") res = isctest.query.tcp(msg, "10.53.0.2") isctest.check.noerror(res) diff -Nru bind9-9.18.33/bin/tests/system/isctest/__init__.py bind9-9.18.41/bin/tests/system/isctest/__init__.py --- bind9-9.18.33/bin/tests/system/isctest/__init__.py 2025-01-20 13:39:31.063353470 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/__init__.py 2025-10-18 10:21:02.935255614 +0000 @@ -12,12 +12,14 @@ from . import check from . import instance from . import query -from . import name from . import rndc from . import run from . import template from . import log -from . import hypothesis + +# isctest.hypothesis is intentionally NOT imported, because it detects proper +# hypothesis support and instructs pytest to skip the tests otherwise. It +# should be manually imported only in the modules that require hypothesis. # isctest.mark module is intentionally NOT imported, because it relies on # environment variables which might not be set at the time of import of the diff -Nru bind9-9.18.33/bin/tests/system/isctest/check.py bind9-9.18.41/bin/tests/system/isctest/check.py --- bind9-9.18.33/bin/tests/system/isctest/check.py 2025-01-20 13:39:31.063353470 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/check.py 2025-10-18 10:21:02.935255614 +0000 @@ -12,8 +12,9 @@ import shutil from typing import Optional -import dns.rcode +import dns.flags import dns.message +import dns.rcode import dns.zone import isctest.log @@ -40,6 +41,55 @@ rcode(message, dns_rcode.SERVFAIL) +def adflag(message: dns.message.Message) -> None: + assert (message.flags & dns.flags.AD) != 0, str(message) + + +def noadflag(message: dns.message.Message) -> None: + assert (message.flags & dns.flags.AD) == 0, str(message) + + +def rdflag(message: dns.message.Message) -> None: + assert (message.flags & dns.flags.RD) != 0, str(message) + + +def nordflag(message: dns.message.Message) -> None: + assert (message.flags & dns.flags.RD) == 0, str(message) + + +def raflag(message: dns.message.Message) -> None: + assert (message.flags & dns.flags.RA) != 0, str(message) + + +def noraflag(message: dns.message.Message) -> None: + assert (message.flags & dns.flags.RA) == 0, str(message) + + +def section_equal(first_section: list, second_section: list) -> None: + for rrset in first_section: + assert ( + rrset in second_section + ), f"No corresponding RRset found in second section: {rrset}" + for rrset in second_section: + assert ( + rrset in first_section + ), f"No corresponding RRset found in first section: {rrset}" + + +def same_data(res1: dns.message.Message, res2: dns.message.Message): + section_equal(res1.question, res2.question) + section_equal(res1.answer, res2.answer) + section_equal(res1.authority, res2.authority) + section_equal(res1.additional, res2.additional) + assert res1.rcode() == res2.rcode() + + +def same_answer(res1: dns.message.Message, res2: dns.message.Message): + section_equal(res1.question, res2.question) + section_equal(res1.answer, res2.answer) + assert res1.rcode() == res2.rcode() + + def rrsets_equal( first_rrset: dns.rrset.RRset, second_rrset: dns.rrset.RRset, @@ -102,6 +152,16 @@ assert executable is not None, errmsg +def named_alive(named_proc, resolver_ip): + assert named_proc.poll() is None, "named isn't running" + msg = isctest.query.create("version.bind", "TXT", "CH") + isctest.query.tcp(msg, resolver_ip, expected_rcode=dns_rcode.NOERROR) + + +def notauth(message: dns.message.Message) -> None: + rcode(message, dns.rcode.NOTAUTH) + + def nxdomain(message: dns.message.Message) -> None: rcode(message, dns.rcode.NXDOMAIN) @@ -114,6 +174,12 @@ assert not message.answer, str(message) +def rr_count_eq(section: list, expected: int): + # NOTE: OPT and TSIG records aren't included in the count for ADDITIONAL section + count = sum(len(rrset) for rrset in section) + assert count == expected, str(section) + + def is_response_to(response: dns.message.Message, query: dns.message.Message) -> None: single_question(response) single_question(query) diff -Nru bind9-9.18.33/bin/tests/system/isctest/hypothesis/__init__.py bind9-9.18.41/bin/tests/system/isctest/hypothesis/__init__.py --- bind9-9.18.33/bin/tests/system/isctest/hypothesis/__init__.py 2025-01-20 13:39:31.063353470 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/hypothesis/__init__.py 2025-10-18 10:21:02.935255614 +0000 @@ -9,10 +9,20 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -try: - import hypothesis as _ -except ImportError: - pass -else: - from . import settings - from . import strategies +# This ensures we're using a suitable hypothesis version. A newer version is +# required for FIPS-enabled platforms. + +import hashlib + +import pytest + +MIN_HYPOTHESIS_VERSION = None + +if "md5" not in hashlib.algorithms_available: + # FIPS mode is enabled, use hypothesis 4.41.2 which doesn't use md5 + MIN_HYPOTHESIS_VERSION = "4.41.2" + +pytest.importorskip("hypothesis", minversion=MIN_HYPOTHESIS_VERSION) + +from . import settings +from . import strategies diff -Nru bind9-9.18.33/bin/tests/system/isctest/hypothesis/strategies.py bind9-9.18.41/bin/tests/system/isctest/hypothesis/strategies.py --- bind9-9.18.33/bin/tests/system/isctest/hypothesis/strategies.py 2025-01-20 13:39:31.063353470 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/hypothesis/strategies.py 2025-10-18 10:21:02.935255614 +0000 @@ -11,7 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -from typing import List +import collections.abc +from typing import List, Union from warnings import warn from hypothesis.strategies import ( @@ -22,6 +23,7 @@ just, nothing, permutations, + sampled_from, ) import dns.name @@ -37,7 +39,9 @@ draw, *, prefix: dns.name.Name = dns.name.empty, - suffix: dns.name.Name = dns.name.root, + suffix: Union[ + dns.name.Name, collections.abc.Iterable[dns.name.Name] + ] = dns.name.root, min_labels: int = 1, max_labels: int = 128, ) -> dns.name.Name: @@ -71,6 +75,14 @@ """ prefix = prefix.relativize(dns.name.root) + # Python str is iterable, but that's most probably not what user actually wanted + if isinstance(suffix, str): + raise NotImplementedError( + "ambiguous API use, convert suffix to Name or list to express intent" + ) + if isinstance(suffix, collections.abc.Iterable): + suffix = draw(sampled_from(sorted(suffix))) + assert isinstance(suffix, dns.name.Name) suffix = suffix.derelativize(dns.name.root) try: @@ -168,3 +180,8 @@ # NOTE: Some of the remaining bytes will usually not be assigned to any label, but we don't care. return draw(permutations(partition)) + + +def uint(byte_size: int): + max_value = 2**byte_size - 1 + return integers(min_value=0, max_value=max_value) diff -Nru bind9-9.18.33/bin/tests/system/isctest/instance.py bind9-9.18.41/bin/tests/system/isctest/instance.py --- bind9-9.18.33/bin/tests/system/isctest/instance.py 2025-01-20 13:39:31.063353470 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/instance.py 2025-10-18 10:21:02.935255614 +0000 @@ -83,35 +83,28 @@ The RNDC command will be logged to `rndc.log` (along with the server's response) unless `log` is set to `False`. - >>> # Instances of the `NamedInstance` class are expected to be passed - >>> # to pytest tests as fixtures; here, some instances are created - >>> # directly (with a fake RNDC executor) so that doctest can work. - >>> import unittest.mock - >>> mock_rndc_executor = unittest.mock.Mock() - >>> ns1 = NamedInstance("ns1", rndc_executor=mock_rndc_executor) - >>> ns2 = NamedInstance("ns2", rndc_executor=mock_rndc_executor) - >>> ns3 = NamedInstance("ns3", rndc_executor=mock_rndc_executor) - >>> ns4 = NamedInstance("ns4", rndc_executor=mock_rndc_executor) - - >>> # Send the "status" command to ns1. An `RNDCException` will be - >>> # raised if the RNDC command fails. This command will be logged. - >>> response = ns1.rndc("status") - - >>> # Send the "thaw foo" command to ns2. No exception will be raised - >>> # in case the RNDC command fails. This command will be logged - >>> # (even if it fails). - >>> response = ns2.rndc("thaw foo", ignore_errors=True) - - >>> # Send the "stop" command to ns3. An `RNDCException` will be - >>> # raised if the RNDC command fails, but this command will not be - >>> # logged (the server's response will still be returned to the - >>> # caller, though). - >>> response = ns3.rndc("stop", log=False) - - >>> # Send the "halt" command to ns4 in "fire & forget mode": no - >>> # exceptions will be raised and no logging will take place (the - >>> # server's response will still be returned to the caller, though). - >>> response = ns4.rndc("stop", ignore_errors=True, log=False) + ```python + def test_foo(servers): + # Send the "status" command to ns1. An `RNDCException` will be + # raised if the RNDC command fails. This command will be logged. + response = servers["ns1"].rndc("status") + + # Send the "thaw foo" command to ns2. No exception will be raised + # in case the RNDC command fails. This command will be logged + # (even if it fails). + response = servers["ns2"].rndc("thaw foo", ignore_errors=True) + + # Send the "stop" command to ns3. An `RNDCException` will be + # raised if the RNDC command fails, but this command will not be + # logged (the server's response will still be returned to the + # caller, though). + response = servers["ns3"].rndc("stop", log=False) + + # Send the "halt" command to ns4 in "fire & forget mode": no + # exceptions will be raised and no logging will take place (the + # server's response will still be returned to the caller, though). + response = servers["ns4"].rndc("stop", ignore_errors=True, log=False) + ``` """ try: response = self._rndc_executor.call(self.ip, self.ports.rndc, command) @@ -126,27 +119,31 @@ return response - def watch_log_from_start(self) -> WatchLogFromStart: + def watch_log_from_start( + self, timeout: float = WatchLogFromStart.DEFAULT_TIMEOUT + ) -> WatchLogFromStart: """ Return an instance of the `WatchLogFromStart` context manager for this `named` instance's log file. """ - return WatchLogFromStart(self.log.path) + return WatchLogFromStart(self.log.path, timeout) - def watch_log_from_here(self) -> WatchLogFromHere: + def watch_log_from_here( + self, timeout: float = WatchLogFromHere.DEFAULT_TIMEOUT + ) -> WatchLogFromHere: """ Return an instance of the `WatchLogFromHere` context manager for this `named` instance's log file. """ - return WatchLogFromHere(self.log.path) + return WatchLogFromHere(self.log.path, timeout) - def reconfigure(self) -> None: + def reconfigure(self, **kwargs) -> None: """ Reconfigure this named `instance` and wait until reconfiguration is finished. Raise an `RNDCException` if reconfiguration fails. """ with self.watch_log_from_here() as watcher: - self.rndc("reconfig") + self.rndc("reconfig", **kwargs) watcher.wait_for_line("any newly configured zones are now loaded") def _rndc_log(self, command: str, response: str) -> None: diff -Nru bind9-9.18.33/bin/tests/system/isctest/log/basic.py bind9-9.18.41/bin/tests/system/isctest/log/basic.py --- bind9-9.18.33/bin/tests/system/isctest/log/basic.py 2025-01-20 13:39:31.064353487 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/log/basic.py 2025-10-18 10:21:02.936255641 +0000 @@ -11,11 +11,13 @@ import logging from pathlib import Path +import textwrap from typing import Dict, Optional CONFTEST_LOGGER = logging.getLogger("conftest") LOG_FORMAT = "%(asctime)s %(levelname)7s:%(name)s %(message)s" +LOG_INDENT = 4 LOGGERS = { "conftest": None, @@ -82,6 +84,13 @@ LOGGERS["test"] = None +def indent_message(msg): + lines = msg.splitlines() + first = lines[0] + "\n" + to_indent = "\n".join(lines[1:]) + return first + textwrap.indent(to_indent, " " * LOG_INDENT) + + def log(lvl: int, msg: str, *args, **kwargs): """Log message with the most-specific logger currently available.""" logger = LOGGERS["test"] @@ -90,6 +99,8 @@ if logger is None: logger = LOGGERS["conftest"] assert logger is not None + if "\n" in msg: + msg = indent_message(msg) logger.log(lvl, msg, *args, **kwargs) diff -Nru bind9-9.18.33/bin/tests/system/isctest/log/watchlog.py bind9-9.18.41/bin/tests/system/isctest/log/watchlog.py --- bind9-9.18.33/bin/tests/system/isctest/log/watchlog.py 2025-01-20 13:39:31.064353487 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/log/watchlog.py 2025-10-18 10:21:02.936255641 +0000 @@ -9,17 +9,27 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -from typing import Iterator, Optional, TextIO, Dict, Any, Union, Pattern +from typing import Any, Iterator, List, Match, Optional, Pattern, TextIO, TypeVar, Union import abc import os +import re import time +FlexPattern = Union[str, Pattern] +T = TypeVar("T") +OneOrMore = Union[T, List[T]] + + class WatchLogException(Exception): pass +class WatchLogTimeout(WatchLogException): + pass + + class LogFile: """ Log file wrapper with a path and means to find a string in its contents. @@ -54,6 +64,94 @@ assert False, f"forbidden message appeared in log {self.path}: {msg}" +class LineReader: + """ + >>> import io + + >>> file = io.StringIO("complete line\\n") + >>> line_reader = LineReader(file) + >>> for line in line_reader.readlines(): + ... print(line.strip()) + complete line + + >>> file = io.StringIO("complete line\\nand then incomplete line") + >>> line_reader = LineReader(file) + >>> for line in line_reader.readlines(): + ... print(line.strip()) + complete line + + >>> file = io.StringIO("complete line\\nand then another complete line\\n") + >>> line_reader = LineReader(file) + >>> for line in line_reader.readlines(): + ... print(line.strip()) + complete line + and then another complete line + + >>> file = io.StringIO() + >>> line_reader = LineReader(file) + >>> for chunk in ( + ... "first line\\nsecond line\\nthi", + ... "rd ", + ... "line\\nfour", + ... "th line\\n\\nfifth line\\n" + ... ): + ... print("=== OUTER ITERATION ===") + ... pos = file.tell() + ... print(chunk, end="", file=file) + ... _ = file.seek(pos) + ... for line in line_reader.readlines(): + ... print("--- inner iteration ---") + ... print(line.strip() or "") + === OUTER ITERATION === + --- inner iteration --- + first line + --- inner iteration --- + second line + === OUTER ITERATION === + === OUTER ITERATION === + --- inner iteration --- + third line + === OUTER ITERATION === + --- inner iteration --- + fourth line + --- inner iteration --- + + --- inner iteration --- + fifth line + """ + + def __init__(self, stream: TextIO): + self._stream = stream + self._linebuf = "" + + def readline(self) -> Optional[str]: + """ + Wrapper around io.readline() function to handle unfinished lines. + + If a line ends with newline character, it's returned immediately. + If a line doesn't end with a newline character, the read contents are + buffered until the next call of this function and None is returned + instead. + """ + read = self._stream.readline() + if not read.endswith("\n"): + self._linebuf += read + return None + read = self._linebuf + read + self._linebuf = "" + return read + + def readlines(self) -> Iterator[str]: + """ + Wrapper around io.readline() which only returns finished lines. + """ + while True: + line = self.readline() + if line is None: + return + yield line + + class WatchLog(abc.ABC): """ Wait for a log message to appear in a text file. @@ -65,44 +163,95 @@ by the `NamedInstance` class (see below for recommended usage patterns). """ - def __init__(self, path: str) -> None: + DEFAULT_TIMEOUT = 10.0 + + def __init__(self, path: str, timeout: float = DEFAULT_TIMEOUT) -> None: """ `path` is the path to the log file to watch. + `timeout` is the number of seconds (float) to wait for each wait call. Every instance of this class must call one of the `wait_for_*()` - methods exactly once or else an `Exception` is thrown. + methods at least once or else an `Exception` is thrown. >>> with WatchLogFromStart("/dev/null") as watcher: ... print("Just print something without waiting for a log line") Traceback (most recent call last): ... - Exception: wait_for_*() was not called + isctest.log.watchlog.WatchLogException: wait_for_*() was not called - >>> with WatchLogFromHere("/dev/null") as watcher: - ... try: - ... watcher.wait_for_line("foo", timeout=0) - ... except TimeoutError: - ... pass - ... try: - ... watcher.wait_for_lines({"bar": 42}, timeout=0) - ... except TimeoutError: - ... pass + >>> with WatchLogFromHere("/dev/null", timeout=0.0) as watcher: + ... watcher.wait_for_line("foo") Traceback (most recent call last): ... - Exception: wait_for_*() was already called + isctest.log.watchlog.WatchLogException: timeout must be greater than 0 """ - self._fd = None # type: Optional[TextIO] + self._fd: Optional[TextIO] = None + self._reader: Optional[LineReader] = None self._path = path self._wait_function_called = False + if timeout <= 0.0: + raise WatchLogException("timeout must be greater than 0") + self._timeout = timeout + self._deadline = 0.0 - def wait_for_line(self, string: str, timeout: int = 10) -> None: + def _setup_wait(self, patterns: OneOrMore[FlexPattern]) -> List[Pattern]: + self._wait_function_called = True + self._deadline = time.monotonic() + self._timeout + return self._prepare_patterns(patterns) + + def _prepare_patterns(self, strings: OneOrMore[FlexPattern]) -> List[Pattern]: + """ + Convert a mix of string(s) and/or pattern(s) into a list of patterns. + + Any strings are converted into regular expression patterns that match + the string verbatim. + """ + patterns = [] + if not isinstance(strings, list): + strings = [strings] + for string in strings: + if isinstance(string, Pattern): + patterns.append(string) + elif isinstance(string, str): + pattern = re.compile(re.escape(string)) + patterns.append(pattern) + else: + raise WatchLogException( + "only string and re.Pattern allowed for matching" + ) + return patterns + + def _wait_for_match(self, regexes: List[Pattern]) -> Match: + if not self._reader: + raise WatchLogException( + "use WatchLog as context manager before calling wait_for_*() functions" + ) + while time.monotonic() < self._deadline: + for line in self._reader.readlines(): + for regex in regexes: + match = regex.search(line) + if match: + return match + time.sleep(0.1) + raise WatchLogTimeout( + f"Timeout reached watching {self._path} for " + f"{' | '.join([regex.pattern for regex in regexes])}" + ) + + def wait_for_line(self, patterns: OneOrMore[FlexPattern]) -> Match: """ - Block execution until a line containing the provided `string` appears - in the log file. Return `None` once the line is found or raise a - `TimeoutError` after `timeout` seconds (default: 10) if `string` does - not appear in the log file (strings and regular expressions are - supported). (Catching this exception is discouraged as it indicates - that the test code did not behave as expected.) + Block execution until any line of interest appears in the log file. + + `patterns` accepts one value or a list of values, with each value being + either a regular expression pattern, or a string which should be + matched verbatim (without interpreting it as a regular expression). + + If any of the patterns is found anywhere within a line in the log file, + return the match, allowing access to the matched line, the regex + groups, and the regex which matched. See re.Match for more. + + A `WatchLogTimeout` is raised if the function fails to find any of the + `patterns` in the allotted time. Recommended use: @@ -110,13 +259,27 @@ import isctest def test_foo(servers): + with servers["ns1"].watch_log_from_start() as watcher: + watcher.wait_for_line("all zones loaded") + + pattern = re.compile(r"next key event in ([0-9]+) seconds") with servers["ns1"].watch_log_from_here() as watcher: # ... do stuff here ... - watcher.wait_for_line("foo bar") + match = watcher.wait_for_line(pattern) + seconds = int(match.groups(1)) + + strings = [ + "freezing zone", + "thawing zone", + ] + with servers["ns1"].watch_log_from_here() as watcher: + # ... do stuff here ... + match = watcher.wait_for_line(strings) + line = match.string ``` - One of `wait_for_line()` or `wait_for_lines()` must be called exactly - once for every `WatchLogFrom*` instance. + `wait_for_line()` must be called exactly once for every `WatchLog` + instance. >>> # For `WatchLogFromStart`, `wait_for_line()` returns without >>> # raising an exception as soon as the line being looked for appears @@ -124,135 +287,205 @@ >>> # after the `with` statement is reached. >>> import tempfile >>> with tempfile.NamedTemporaryFile("w") as file: - ... print("foo", file=file, flush=True) + ... print("foo bar baz", file=file, flush=True) ... with WatchLogFromStart(file.name) as watcher: - ... retval = watcher.wait_for_line("foo", timeout=1) - >>> print(retval) - None + ... match = watcher.wait_for_line("bar") + >>> print(match.string.strip()) + foo bar baz >>> with tempfile.NamedTemporaryFile("w") as file: ... with WatchLogFromStart(file.name) as watcher: - ... print("foo", file=file, flush=True) - ... retval = watcher.wait_for_line("foo", timeout=1) - >>> print(retval) - None + ... print("foo bar baz", file=file, flush=True) + ... match = watcher.wait_for_line("bar") + >>> print(match.group(0)) + bar >>> # For `WatchLogFromHere`, `wait_for_line()` only returns without >>> # raising an exception if the string being looked for appears in >>> # the log file after the `with` statement is reached. >>> import tempfile >>> with tempfile.NamedTemporaryFile("w") as file: - ... print("foo", file=file, flush=True) - ... with WatchLogFromHere(file.name) as watcher: - ... watcher.wait_for_line("foo", timeout=1) #doctest: +ELLIPSIS + ... print("foo bar baz", file=file, flush=True) + ... with WatchLogFromHere(file.name, timeout=0.1) as watcher: + ... watcher.wait_for_line("bar") #doctest: +ELLIPSIS Traceback (most recent call last): ... - TimeoutError: Timeout reached watching ... + isctest.log.watchlog.WatchLogTimeout: ... >>> with tempfile.NamedTemporaryFile("w") as file: - ... print("foo", file=file, flush=True) + ... print("foo bar baz", file=file, flush=True) ... with WatchLogFromHere(file.name) as watcher: - ... print("foo", file=file, flush=True) - ... retval = watcher.wait_for_line("foo", timeout=1) - >>> print(retval) - None - """ - return self._wait_for({string: None}, timeout) - - def wait_for_lines( - self, strings: Dict[Union[str, Pattern], Any], timeout: int = 10 - ) -> None: - """ - Block execution until a line of interest appears in the log file. This - function is a "multi-match" variant of `wait_for_line()` which is - useful when some action may cause several different (mutually - exclusive) messages to appear in the log file. - - `strings` is a `dict` associating each string to look for with the - value this function should return when that string is found in the log - file (strings and regular expressions are supported). If none of the - `strings` being looked for appear in the log file after `timeout` - seconds, a `TimeoutError` is raised. (Catching this exception is - discouraged as it indicates that the test code did not behave as - expected.) - - Since `strings` is a `dict` and preserves key order (in CPython 3.6 as - implementation detail, since 3.7 by language design), each line is - checked against each key in order until the first match. Values provided - in the `strings` dictionary (i.e. values which this function is expected - to return upon a successful match) can be of any type. + ... print("bar qux", file=file, flush=True) + ... match = watcher.wait_for_line("bar") + >>> print(match.string.strip()) + bar qux - Recommended use: + >>> # Different values must be returned depending on which line is + >>> # found in the log file. + >>> import tempfile + >>> patterns = [re.compile(r"bar ([0-9])"), "qux"] + >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("foo bar 3", file=file, flush=True) + ... with WatchLogFromStart(file.name) as watcher: + ... match1 = watcher.wait_for_line(patterns) + ... with WatchLogFromHere(file.name) as watcher: + ... print("baz qux", file=file, flush=True) + ... match2 = watcher.wait_for_line(patterns) + >>> print(match1.group(1)) + 3 + >>> print(match2.group(0)) + qux + """ + regexes = self._setup_wait(patterns) - ```python - import isctest + return self._wait_for_match(regexes) - def test_foo(servers): - triggers = { - "message A": "value returned when message A is found", - "message B": "value returned when message B is found", - } - with servers["ns1"].watch_log_from_here() as watcher: - # ... do stuff here ... - retval = watcher.wait_for_lines(triggers) - ``` + def wait_for_sequence(self, patterns: List[FlexPattern]) -> List[Match]: + """ + Block execution until the specified pattern sequence is found in the + log file. - One of `wait_for_line()` or `wait_for_lines()` must be called exactly - once for every `WatchLogFromHere` instance. + `patterns` is a list of values, with each value being either a regular + expression pattern, or a string which should be matched verbatim + (without interpreting it as a regular expression). Order of patterns is + important, as each pattern is looked for only after all the previous + patterns have matched. + + All the matches are returned as a list. + + A `WatchLogTimeout` is raised if the function fails to find all of the + `patterns` in the given order in the allotted time. + + >>> import tempfile + >>> seq = ['a', 'b', 'c'] + >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("b", file=file, flush=True) + ... print("a", file=file, flush=True) + ... print("b", file=file, flush=True) + ... print("z", file=file, flush=True) + ... print("c", file=file, flush=True) + ... with WatchLogFromStart(file.name) as watcher: + ... ret = watcher.wait_for_sequence(seq) + >>> assert ret[0].group(0) == "a" + >>> assert ret[1].group(0) == "b" + >>> assert ret[2].group(0) == "c" + + >>> import tempfile + >>> seq = ['a', 'b', 'c'] + >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("b", file=file, flush=True) + ... print("a", file=file, flush=True) + ... print("c", file=file, flush=True) + ... with WatchLogFromStart(file.name, timeout=0.1) as watcher: + ... ret = watcher.wait_for_sequence(seq) #doctest: +ELLIPSIS + Traceback (most recent call last): + ... + isctest.log.watchlog.WatchLogTimeout: ... - >>> # Different values must be returned depending on which line is - >>> # found in the log file. >>> import tempfile - >>> triggers = {"foo": 42, "bar": 1337} + >>> seq = ['a', 'b', 'c'] >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("b", file=file, flush=True) + ... print("a", file=file, flush=True) + ... print("b", file=file, flush=True) + ... with WatchLogFromStart(file.name, timeout=0.1) as watcher: + ... ret = watcher.wait_for_sequence(seq) #doctest: +ELLIPSIS + Traceback (most recent call last): + ... + isctest.log.watchlog.WatchLogTimeout: ... + + >>> import tempfile + >>> seq = ['a', 'b', 'c'] + >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("b", file=file, flush=True) + ... print("a", file=file, flush=True) + ... print("c", file=file, flush=True) + ... print("b", file=file, flush=True) + ... with WatchLogFromStart(file.name, timeout=0.1) as watcher: + ... ret = watcher.wait_for_sequence(seq) #doctest: +ELLIPSIS + Traceback (most recent call last): + ... + isctest.log.watchlog.WatchLogTimeout: ... + """ + regexes = self._setup_wait(patterns) + matches = [] + + for regex in regexes: + match = self._wait_for_match([regex]) + matches.append(match) + + return matches + + def wait_for_all(self, patterns: List[FlexPattern]) -> List[Match]: + """ + Block execution until all the specified patterns are found in the + log file in any order. + + `patterns` is a list of values, with each value being either a regular + expression pattern, or a string which should be matched verbatim + (without interpreting it as a regular expression). Order of patterns is + irrelevant and they may appear in any order. + + All the matches are returned as a list. The matches are listed in the + order of appearance. Pattern may match more than once, and all the + matches are included. To pair matches with the patterns, re.Match.re + may be used. + + A `WatchLogTimeout` is raised if the function fails to find all of the + `patterns` in the allotted time. + + >>> import tempfile + >>> patterns = ['foo', 'bar'] + >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("bar", file=file, flush=True) ... print("foo", file=file, flush=True) ... with WatchLogFromStart(file.name) as watcher: - ... retval1 = watcher.wait_for_lines(triggers, timeout=1) - ... with WatchLogFromHere(file.name) as watcher: - ... print("bar", file=file, flush=True) - ... retval2 = watcher.wait_for_lines(triggers, timeout=1) - >>> print(retval1) - 42 - >>> print(retval2) - 1337 - """ - return self._wait_for(strings, timeout) - - def _wait_for(self, patterns: Dict[Union[str, Pattern], Any], timeout: int) -> Any: - """ - Block execution until one of the `strings` being looked for appears in - the log file. Raise a `TimeoutError` if none of the `strings` being - looked for are found in the log file for `timeout` seconds. + ... ret = watcher.wait_for_all(patterns) + >>> assert ret[0].group(0) == "bar" + >>> assert ret[1].group(0) == "foo" + + >>> import tempfile + >>> bar_pattern = re.compile('bar') + >>> patterns = ['foo', bar_pattern] + >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("bar", file=file, flush=True) + ... print("baz", file=file, flush=True) + ... print("bar", file=file, flush=True) + ... print("foo", file=file, flush=True) + ... with WatchLogFromStart(file.name) as watcher: + ... ret = watcher.wait_for_all(patterns) + >>> assert len(ret) == 3 + >>> assert ret[0].group(0) == "bar" + >>> assert ret[1].group(0) == "bar" + >>> assert ret[2].group(0) == "foo" + >>> assert ret[0].re == bar_pattern + >>> assert ret[1].re == bar_pattern + >>> assert ret[2].re.pattern == "foo" + + >>> import tempfile + >>> patterns = ['foo', 'bar'] + >>> with tempfile.NamedTemporaryFile("w") as file: + ... print("foo", file=file, flush=True) + ... print("quux", file=file, flush=True) + ... with WatchLogFromStart(file.name, timeout=0.1) as watcher: + ... ret = watcher.wait_for_all(patterns) #doctest: +ELLIPSIS + Traceback (most recent call last): + ... + isctest.log.watchlog.WatchLogTimeout: ... """ - if self._wait_function_called: - raise WatchLogException("wait_for_*() was already called") - self._wait_function_called = True - if not self._fd: - raise WatchLogException("No file to watch") - leftover = "" - assert timeout, "Do not use this class unless you want to WAIT for something." - deadline = time.time() + timeout - while time.time() < deadline: - for line in self._fd.readlines(): - if line[-1] != "\n": - # Line is not completely written yet, buffer and keep on waiting - leftover += line - else: - line = leftover + line - leftover = "" - for string, retval in patterns.items(): - if isinstance(string, Pattern) and string.search(line): - return retval - if isinstance(string, str) and string in line: - return retval - time.sleep(0.1) - raise TimeoutError( - "Timeout reached watching {} for {}".format( - self._path, list(patterns.keys()) - ) - ) + regexes = self._setup_wait(patterns) + unmatched_regexes = set(regexes) + matches = [] + + while unmatched_regexes: + match = self._wait_for_match(regexes) + matches.append(match) + unmatched_regexes.discard(match.re) + + return matches def __enter__(self) -> Any: self._fd = open(self._path, encoding="utf-8") self._seek_on_enter() + self._reader = LineReader(self._fd) return self @abc.abstractmethod @@ -269,8 +502,9 @@ def __exit__(self, *_: Any) -> None: if not self._wait_function_called: raise WatchLogException("wait_for_*() was not called") - if self._fd: - self._fd.close() + self._reader = None + assert self._fd + self._fd.close() class WatchLogFromStart(WatchLog): @@ -291,5 +525,5 @@ """ def _seek_on_enter(self) -> None: - if self._fd: - self._fd.seek(0, os.SEEK_END) + assert self._fd + self._fd.seek(0, os.SEEK_END) diff -Nru bind9-9.18.33/bin/tests/system/isctest/mark.py bind9-9.18.41/bin/tests/system/isctest/mark.py --- bind9-9.18.33/bin/tests/system/isctest/mark.py 2025-01-20 13:39:31.064353487 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/mark.py 2025-10-18 10:21:02.936255641 +0000 @@ -13,6 +13,8 @@ import os from pathlib import Path +import platform +import shutil import ssl import subprocess @@ -20,12 +22,19 @@ long_test = pytest.mark.skipif( - not os.environ.get("CI_ENABLE_ALL_TESTS"), reason="CI_ENABLE_ALL_TESTS not set" + not os.environ.get("CI_ENABLE_LONG_TESTS"), reason="CI_ENABLE_LONG_TESTS not set" +) + +live_internet_test = pytest.mark.skipif( + not os.environ.get("CI_ENABLE_LIVE_INTERNET_TESTS"), + reason="CI_ENABLE_LIVE_INTERNET_TESTS not set", ) def feature_test(feature): - feature_test_bin = os.environ["FEATURETEST"] + feature_test_bin = os.environ.get("FEATURETEST") + if not feature_test_bin: # this can be the case when running doctest + return False try: subprocess.run([feature_test_bin, feature], check=True) except subprocess.CalledProcessError as exc: @@ -48,8 +57,8 @@ return True -def with_tsan(*args): # pylint: disable=unused-argument - return feature_test("--tsan") +def is_host_freebsd_13(*_): + return platform.system() == "FreeBSD" and platform.release().startswith("13") have_libxml2 = pytest.mark.skipif( @@ -71,19 +80,12 @@ ) -try: - import flaky as flaky_pkg # type: ignore -except ModuleNotFoundError: - # In case the flaky package is not installed, run the tests as usual - # without any attempts to re-run them. - # pylint: disable=unused-argument - def flaky(*args, **kwargs): - """Mock decorator that doesn't do anything special, just returns the function.""" - - def wrapper(wrapped_obj): - return wrapped_obj - - return wrapper - -else: - flaky = flaky_pkg.flaky +softhsm2_environment = pytest.mark.skipif( + not ( + os.getenv("SOFTHSM2_CONF") + and os.getenv("SOFTHSM2_MODULE") + and shutil.which("pkcs11-tool") + and shutil.which("softhsm2-util") + ), + reason="SOFTHSM2_CONF and SOFTHSM2_MODULE environmental variables must be set and pkcs11-tool and softhsm2-util tools present", +) diff -Nru bind9-9.18.33/bin/tests/system/isctest/name.py bind9-9.18.41/bin/tests/system/isctest/name.py --- bind9-9.18.33/bin/tests/system/isctest/name.py 2025-01-20 13:39:31.064353487 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/name.py 2025-10-18 10:21:02.936255641 +0000 @@ -9,12 +9,196 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -import dns.name +from typing import Container, Iterable, FrozenSet +import pytest -def prepend_label(label: str, name: dns.name.Name) -> dns.name.Name: - return dns.name.Name((label,) + name.labels) +pytest.importorskip("dns", minversion="2.3.0") # NameRelation +from dns.name import Name, NameRelation +import dns.zone +import dns.rdatatype -def len_wire_uncompressed(name: dns.name.Name) -> int: +def prepend_label(label: str, name: Name) -> Name: + return Name((label,) + name.labels) + + +def len_wire_uncompressed(name: Name) -> int: return len(name) + sum(map(len, name.labels)) + + +def get_wildcard_names(names: Iterable[Name]) -> FrozenSet[Name]: + return frozenset(name for name in names if name.is_wild()) + + +class ZoneAnalyzer: + """ + Categorize names in zone and provide list of ENTs: + + - delegations - names with NS RR + - dnames - names with DNAME RR + - wildcards - names with leftmost label '*' + - reachable - non-empty authoritative nodes in zone + - have at least one auth RR set and are not occluded + - ents - reachable empty non-terminals + - occluded - names under a parent node which has DNAME or a non-apex NS + - reachable_delegations + - have NS RR on it, are not zone's apex, and are not occluded + - reachable_dnames - have DNAME RR on it and are not occluded + - reachable_wildcards - have leftmost label '*' and are not occluded + - reachable_wildcard_parents - reachable_wildcards with leftmost '*' stripped + + Warnings: + - Quadratic complexity ahead! Use only on small test zones. + - Zone must be constant. + """ + + @classmethod + def read_path(cls, zpath, origin): + with open(zpath, encoding="ascii") as zf: + zonedb = dns.zone.from_file(zf, origin, relativize=False) + return cls(zonedb) + + def __init__(self, zone: dns.zone.Zone): + self.zone = zone + assert self.zone.origin # mypy hack + # based on individual nodes but not relationship between nodes + self.delegations = self.get_names_with_type(dns.rdatatype.NS) - { + self.zone.origin + } + self.dnames = self.get_names_with_type(dns.rdatatype.DNAME) + self.wildcards = get_wildcard_names(self.zone) + + # takes relationship between nodes into account + self._categorize_names() + self.ents = self.generate_ents() + self.reachable_dnames = self.dnames.intersection(self.reachable) + self.reachable_wildcards = self.wildcards.intersection(self.reachable) + self.reachable_wildcard_parents = { + Name(wname[1:]) for wname in self.reachable_wildcards + } + + # (except for wildcard expansions) all names in zone which result in NOERROR answers + self.all_existing_names = ( + self.reachable.union(self.ents) + .union(self.reachable_delegations) + .union(self.reachable_dnames) + ) + + def get_names_with_type(self, rdtype) -> FrozenSet[Name]: + return frozenset( + name for name in self.zone if self.zone.get_rdataset(name, rdtype) + ) + + def _categorize_names( + self, + ) -> None: + """ + Split names defined in a zone into three sets: + Generally reachable, reachable delegations, and occluded. + + Delegations are set aside because they are a weird hybrid with different + rules for different RR types (NS, DS, NSEC, everything else). + """ + assert self.zone.origin # mypy workaround + reachable = set(self.zone) + # assume everything is reachable until proven otherwise + reachable_delegations = set(self.delegations) + occluded = set() + + def _mark_occluded(name: Name) -> None: + occluded.add(name) + if name in reachable: + reachable.remove(name) + if name in reachable_delegations: + reachable_delegations.remove(name) + + # sanity check, should be impossible with dnspython 2.7.0 zone reader + for name in reachable: + relation, _, _ = name.fullcompare(self.zone.origin) + if relation in ( + NameRelation.NONE, # out of zone? + NameRelation.SUPERDOMAIN, # parent of apex?! + ): + raise NotImplementedError + + for maybe_occluded in reachable.copy(): + for cut in self.delegations: + rel, _, _ = maybe_occluded.fullcompare(cut) + if rel == NameRelation.EQUAL: + # data _on_ a parent-side of a zone cut are in limbo: + # - are not really authoritative (except for DS) + # - but NS is not really 'occluded' + # We remove them from 'reachable' but do not add them to 'occluded' set, + # i.e. leave them in 'reachable_delegations'. + if maybe_occluded in reachable: + reachable.remove(maybe_occluded) + + if rel == NameRelation.SUBDOMAIN: + _mark_occluded(maybe_occluded) + # do not break cycle - handle also nested NS and DNAME + + # DNAME itself is authoritative but nothing under it is reachable + for dname in self.dnames: + rel, _, _ = maybe_occluded.fullcompare(dname) + if rel == NameRelation.SUBDOMAIN: + _mark_occluded(maybe_occluded) + # do not break cycle - handle also nested NS and DNAME + + self.reachable = frozenset(reachable) + self.reachable_delegations = frozenset(reachable_delegations) + self.occluded = frozenset(occluded) + + def generate_ents(self) -> FrozenSet[Name]: + """ + Generate reachable names of empty nodes "between" all reachable + names with a RR and the origin. + """ + assert self.zone.origin + all_reachable_names = self.reachable.union(self.reachable_delegations) + ents = set() + for name in all_reachable_names: + _, super_name = name.split(len(name) - 1) + while len(super_name) > len(self.zone.origin): + if super_name not in all_reachable_names: + ents.add(super_name) + _, super_name = super_name.split(len(super_name) - 1) + + return frozenset(ents) + + def closest_encloser(self, qname: Name): + """ + Get (closest encloser, next closer name) for given qname. + """ + ce = None # Closest encloser, RFC 4592 + nce = None # Next closer name, RFC 5155 + for zname in self.all_existing_names: + relation, _, common_labels = qname.fullcompare(zname) + if relation == NameRelation.SUBDOMAIN: + if not ce or common_labels > len(ce): + # longest match so far + ce = zname + _, nce = qname.split(len(ce) + 1) + assert ce is not None + assert nce is not None + return ce, nce + + def source_of_synthesis(self, qname: Name) -> Name: + """ + Return source of synthesis according to RFC 4592 section 3.3.1. + Name is not guaranteed to exist or be reachable. + """ + ce, _ = self.closest_encloser(qname) + return Name("*") + ce + + +def is_related_to_any( + test_name: Name, + acceptable_relations: Container[NameRelation], + candidates: Iterable[Name], +) -> bool: + for maybe_parent in candidates: + relation, _, _ = test_name.fullcompare(maybe_parent) + if relation in acceptable_relations: + return True + return False diff -Nru bind9-9.18.33/bin/tests/system/isctest/query.py bind9-9.18.41/bin/tests/system/isctest/query.py --- bind9-9.18.33/bin/tests/system/isctest/query.py 2025-01-20 13:39:31.064353487 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/query.py 2025-10-18 10:21:02.936255641 +0000 @@ -31,26 +31,39 @@ timeout: int = QUERY_TIMEOUT, attempts: int = 10, expected_rcode: dns_rcode = None, + log_query: bool = True, + log_response: bool = True, ) -> Any: if port is None: port = int(os.environ["PORT"]) res = None for attempt in range(attempts): + log_msg = ( + f"isc.query.{query_func.__name__}(): ip={ip}, port={port}, source={source}, " + f"timeout={timeout}, attempts left={attempts-attempt}" + ) + if log_query: + log_msg += f"\n{message.to_text()}" + log_query = False # only log query on first attempt + isctest.log.debug(log_msg) try: + res = query_func(message, ip, timeout, port=port, source=source) + except (dns.exception.Timeout, ConnectionRefusedError) as e: isctest.log.debug( - f"{query_func.__name__}(): ip={ip}, port={port}, source={source}, " - f"timeout={timeout}, attempts left={attempts-attempt}" + f"isc.query.{query_func.__name__}(): the '{e}' exception raised" ) - res = query_func(message, ip, timeout, port=port, source=source) + else: + if log_response: + isctest.log.debug( + f"isc.query.{query_func.__name__}(): response\n{res.to_text()}" + ) if res.rcode() == expected_rcode or expected_rcode is None: return res - except (dns.exception.Timeout, ConnectionRefusedError) as e: - isctest.log.debug(f"{query_func.__name__}(): the '{e}' exceptio raised") time.sleep(1) if expected_rcode is not None: last_rcode = dns_rcode.to_text(res.rcode()) if res else None isctest.log.debug( - f"{query_func.__name__}(): expected rcode={dns_rcode.to_text(expected_rcode)}, last rcode={last_rcode}" + f"isc.query.{query_func.__name__}(): expected rcode={dns_rcode.to_text(expected_rcode)}, last rcode={last_rcode}" ) raise dns.exception.Timeout @@ -61,3 +74,23 @@ def tcp(*args, **kwargs) -> Any: return generic_query(dns.query.tcp, *args, **kwargs) + + +def create( + qname, + qtype, + qclass=dns.rdataclass.IN, + dnssec: bool = True, + cd: bool = False, + ad: bool = True, +) -> dns.message.Message: + """Create DNS query with defaults suitable for our tests.""" + msg = dns.message.make_query( + qname, qtype, qclass, use_edns=True, want_dnssec=dnssec + ) + msg.flags = dns.flags.RD + if ad: + msg.flags |= dns.flags.AD + if cd: + msg.flags |= dns.flags.CD + return msg diff -Nru bind9-9.18.33/bin/tests/system/isctest/run.py bind9-9.18.41/bin/tests/system/isctest/run.py --- bind9-9.18.33/bin/tests/system/isctest/run.py 2025-01-20 13:39:31.064353487 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/run.py 2025-10-18 10:21:02.936255641 +0000 @@ -26,25 +26,29 @@ timeout=60, stdout=subprocess.PIPE, stderr=subprocess.PIPE, - log_stdout=False, + log_stdout=True, log_stderr=True, input_text: Optional[bytes] = None, raise_on_exception=True, + env: Optional[dict] = None, ): """Execute a command with given args as subprocess.""" - isctest.log.debug(f"command: {' '.join(args)}") + isctest.log.debug(f"isctest.run.cmd(): {' '.join(args)}") def print_debug_logs(procdata): if procdata: if log_stdout and procdata.stdout: isctest.log.debug( - f"~~~ cmd stdout ~~~\n{procdata.stdout.decode('utf-8')}\n~~~~~~~~~~~~~~~~~~" + f"isctest.run.cmd(): (stdout)\n{procdata.stdout.decode('utf-8')}" ) if log_stderr and procdata.stderr: isctest.log.debug( - f"~~~ cmd stderr ~~~\n{procdata.stderr.decode('utf-8')}\n~~~~~~~~~~~~~~~~~~" + f"isctest.run.cmd(): (stderr)\n{procdata.stderr.decode('utf-8')}" ) + if env is None: + env = dict(os.environ) + try: proc = subprocess.run( args, @@ -54,25 +58,47 @@ check=True, cwd=cwd, timeout=timeout, + env=env, ) print_debug_logs(proc) return proc except subprocess.CalledProcessError as exc: print_debug_logs(exc) - isctest.log.debug(f" return code: {exc.returncode}") + isctest.log.debug(f"isctest.run.cmd(): (return code) {exc.returncode}") if raise_on_exception: raise exc return exc +class Dig: + def __init__(self, base_params: str = ""): + self.base_params = base_params + + def __call__(self, params: str) -> str: + """Run the dig command with the given parameters and return the decoded output.""" + return cmd( + [os.environ.get("DIG")] + f"{self.base_params} {params}".split(), + ).stdout.decode("utf-8") + + def retry_with_timeout(func, timeout, delay=1, msg=None): - start_time = time.time() - while time.time() < start_time + timeout: - if func(): - return + start_time = time.monotonic() + exc_msg = None + while time.monotonic() < start_time + timeout: + exc_msg = None + try: + if func(): + return + except AssertionError as exc: + exc_msg = str(exc) time.sleep(delay) + if exc_msg is not None: + isctest.log.error(exc_msg) if msg is None: - msg = f"{func.__module__}.{func.__qualname__} timed out after {timeout} s" + if exc_msg is not None: + msg = exc_msg + else: + msg = f"{func.__module__}.{func.__qualname__} timed out after {timeout} s" assert False, msg diff -Nru bind9-9.18.33/bin/tests/system/isctest/util.py bind9-9.18.41/bin/tests/system/isctest/util.py --- bind9-9.18.33/bin/tests/system/isctest/util.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/isctest/util.py 2025-10-18 10:21:02.937255668 +0000 @@ -0,0 +1,18 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import pytest + + +def param(*args, **kwargs): + if "id" not in kwargs: + kwargs["id"] = args[0] # use first argument as test ID + return pytest.param(*args, **kwargs) diff -Nru bind9-9.18.33/bin/tests/system/kasp/ns4/named.conf.in bind9-9.18.41/bin/tests/system/kasp/ns4/named.conf.in --- bind9-9.18.33/bin/tests/system/kasp/ns4/named.conf.in 2025-01-20 13:39:31.069353575 +0000 +++ bind9-9.18.41/bin/tests/system/kasp/ns4/named.conf.in 2025-10-18 10:21:02.941255775 +0000 @@ -13,6 +13,8 @@ // NS4 +include "purgekeys.conf"; + key rndc_key { secret "1234abcd8765"; algorithm @DEFAULT_HMAC@; @@ -157,6 +159,13 @@ type primary; file "example1.db"; }; + + zone "purgekeys.kasp" { + type primary; + file "purgekeys.kasp.example1.db"; + dnssec-policy "purgekeys"; + inline-signing yes; + }; }; view "example2" { @@ -167,6 +176,13 @@ file "example2.db"; inline-signing yes; }; + + zone "purgekeys.kasp" { + type primary; + file "purgekeys.kasp.example2.db"; + dnssec-policy "purgekeys"; + inline-signing yes; + }; }; view "example3" { diff -Nru bind9-9.18.33/bin/tests/system/kasp/ns4/purgekeys1.conf bind9-9.18.41/bin/tests/system/kasp/ns4/purgekeys1.conf --- bind9-9.18.33/bin/tests/system/kasp/ns4/purgekeys1.conf 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/kasp/ns4/purgekeys1.conf 2025-10-18 10:21:02.942255801 +0000 @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "purgekeys" { + keys { + ksk key-directory lifetime 0 algorithm 13; + zsk key-directory lifetime P30D algorithm 13; + }; + /* + * Initially set to 0, so no keys are purged. Keys that are no longer + * in use will still be in the zone's keyring, one per view. After + * reconfig the purge-keys value is set to 7 days, at least one key + * will be eligible for purging, and should be purged from both + * keyrings without issues. + */ + purge-keys 0; + //purge-keys P7D; +}; diff -Nru bind9-9.18.33/bin/tests/system/kasp/ns4/purgekeys2.conf bind9-9.18.41/bin/tests/system/kasp/ns4/purgekeys2.conf --- bind9-9.18.33/bin/tests/system/kasp/ns4/purgekeys2.conf 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/kasp/ns4/purgekeys2.conf 2025-10-18 10:21:02.942255801 +0000 @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "purgekeys" { + keys { + ksk key-directory lifetime 0 algorithm 13; + zsk key-directory lifetime P30D algorithm 13; + }; + //purge-keys 0; + purge-keys P7D; +}; diff -Nru bind9-9.18.33/bin/tests/system/kasp/ns4/setup.sh bind9-9.18.41/bin/tests/system/kasp/ns4/setup.sh --- bind9-9.18.33/bin/tests/system/kasp/ns4/setup.sh 2025-01-20 13:39:31.069353575 +0000 +++ bind9-9.18.41/bin/tests/system/kasp/ns4/setup.sh 2025-10-18 10:21:02.942255801 +0000 @@ -30,3 +30,22 @@ cp example1.db.in example1.db cp example2.db.in example2.db + +# Regression test for GL #5315 +cp purgekeys1.conf purgekeys.conf +cp example1.db.in purgekeys.kasp.example1.db +cp example2.db.in purgekeys.kasp.example2.db + +zone="purgekeys.kasp" +H="HIDDEN" +O="OMNIPRESENT" +T="now-9mo" +# KSK omnipresent +KSK=$($KEYGEN -fk -a 13 -L 3600 $zone 2>keygen.out.$zone.1) +$SETTIME -s -g $O -d $O $T -k $O $T -r $O $T "$KSK" >settime.out.$zone.1 2>&1 +# ZSK omnipresent +ZSK1=$($KEYGEN -a 13 -L 3600 $zone 2>keygen.out.$zone.2) +$SETTIME -s -g $O -k $O $T -z $O $T "$ZSK1" >settime.out.$zone.2 2>&1 +# ZSK hidden (may be purged) +ZSK2=$($KEYGEN -a 13 -L 3600 $zone 2>keygen.out.$zone.2) +$SETTIME -s -g $H -k $H $T -z $H $T "$ZSK2" >settime.out.$zone.2 2>&1 diff -Nru bind9-9.18.33/bin/tests/system/kasp/tests.sh bind9-9.18.41/bin/tests/system/kasp/tests.sh --- bind9-9.18.33/bin/tests/system/kasp/tests.sh 2025-01-20 13:39:31.071353610 +0000 +++ bind9-9.18.41/bin/tests/system/kasp/tests.sh 2025-10-18 10:21:02.944255855 +0000 @@ -312,7 +312,7 @@ nextpart $DIR/named.run >/dev/null rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" -wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run || ret=1 +wait_for_log 10 "keymgr: $ZONE done" $DIR/named.run || ret=1 privkey_stat2=$(key_stat "${basefile}.private") pubkey_stat2=$(key_stat "${basefile}.key") state_stat2=$(key_stat "${basefile}.state") @@ -328,7 +328,7 @@ nextpart $DIR/named.run >/dev/null rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" -wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run || ret=1 +wait_for_log 10 "keymgr: $ZONE done" $DIR/named.run || ret=1 privkey_stat2=$(key_stat "${basefile}.private") pubkey_stat2=$(key_stat "${basefile}.key") state_stat2=$(key_stat "${basefile}.state") @@ -379,7 +379,7 @@ basefile=$(key_get KEY1 BASEFILE) mv "${basefile}.private" "${basefile}.offline" rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" -wait_for_log 3 "zone $ZONE/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" $DIR/named.run || ret=1 +wait_for_log 10 "zone $ZONE/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" $DIR/named.run || ret=1 mv "${basefile}.offline" "${basefile}.private" test "$ret" -eq 0 || echo_i "failed" status=$((status + ret)) @@ -1596,7 +1596,7 @@ echo_i "load keys for $ZONE, making sure a recently purged key is not an issue when verifying keys ($n)" ret=0 rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" -wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run || ret=1 +wait_for_log 10 "keymgr: $ZONE done" $DIR/named.run || ret=1 grep "zone $ZONE/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" $DIR/named.run && ret=1 test "$ret" -eq 0 || echo_i "failed" status=$((status + ret)) @@ -1750,7 +1750,7 @@ rm_keyfiles "KEY2" rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" -wait_for_log 3 "zone $ZONE/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" $DIR/named.run || ret=1 +wait_for_log 10 "zone $ZONE/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" $DIR/named.run || ret=1 # Check keys again, make sure no new keys are created. set_policy "autosign" "0" "300" key_clear "KEY1" @@ -2105,6 +2105,33 @@ test "$ret" -eq 0 || echo_i "failed" status=$((status + ret)) +# +# Test purge-keys in combination with views [GL #5315]. +# +set_zone "purgekeys.kasp" +set_policy "purgekeys" "2" "3600" +set_server "ns4" "10.53.0.4" + +TSIG="$DEFAULT_HMAC:keyforview1:$VIEW1" +wait_for_nsec +dnssec_verify + +TSIG="$DEFAULT_HMAC:keyforview2:$VIEW2" +wait_for_nsec +dnssec_verify + +# Reconfig, make sure the purged key is not an issue when verifying keys. +cp ns4/purgekeys2.conf ns4/purgekeys.conf || ret=1 +nextpart ns4/named.run >/dev/null +rndccmd 10.53.0.4 reconfig || ret=1 +wait_for_log 10 "keymgr: $ZONE done" ns4/named.run || ret=1 + +grep "zone $ZONE/IN/example1 (signed): zone_rekey:zone_verifykeys failed: some key files are missing" ns4/named.run && ret=1 +grep "zone $ZONE/IN/example2 (signed): zone_rekey:zone_verifykeys failed: some key files are missing" ns4/named.run && ret=1 + +test "$ret" -eq 0 || echo_i "failed" +status=$((status + ret)) + # Clear TSIG. TSIG="" @@ -5058,7 +5085,7 @@ cp ns6/example2.db.in ns6/example.db || ret=1 nextpart ns6/named.run >/dev/null rndccmd 10.53.0.6 reload || ret=1 -wait_for_log 3 "all zones loaded" ns6/named.run || ret=1 +wait_for_log 10 "all zones loaded" ns6/named.run || ret=1 # Check that the SOA SERIAL increases and check the TTLs (should be 300 as # defined in ns6/example2.db.in). retry_quiet 10 _check_soa_ttl 300 300 || ret=1 @@ -5076,7 +5103,7 @@ rm ns6/example.db.jnl nextpart ns6/named.run >/dev/null start_server --noclean --restart --port ${PORT} ns6 -wait_for_log 3 "all zones loaded" ns6/named.run || ret=1 +wait_for_log 10 "all zones loaded" ns6/named.run || ret=1 # Check that the SOA SERIAL increases and check the TTLs (should be changed # from 300 to 400 as defined in ns6/example3.db.in). retry_quiet 10 _check_soa_ttl 300 400 || ret=1 diff -Nru bind9-9.18.33/bin/tests/system/kasp/tests_sh_kasp.py bind9-9.18.41/bin/tests/system/kasp/tests_sh_kasp.py --- bind9-9.18.33/bin/tests/system/kasp/tests_sh_kasp.py 2025-01-20 13:39:31.071353610 +0000 +++ bind9-9.18.41/bin/tests/system/kasp/tests_sh_kasp.py 2025-10-18 10:21:02.944255855 +0000 @@ -58,6 +58,8 @@ "ns*/*.zsk2", "ns3/legacy-keys.*", "ns3/dynamic-signed-inline-signing.kasp.db.signed.signed", + "ns4/purgekeys.conf", + "ns4/purgekeys2.conf", ] ) diff -Nru bind9-9.18.33/bin/tests/system/keepalive/expected bind9-9.18.41/bin/tests/system/keepalive/expected --- bind9-9.18.33/bin/tests/system/keepalive/expected 2025-01-20 13:39:31.071353610 +0000 +++ bind9-9.18.41/bin/tests/system/keepalive/expected 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -tcp-initial-timeout=300 -tcp-idle-timeout=300 -tcp-keepalive-timeout=300 -tcp-advertised-timeout=200 diff -Nru bind9-9.18.33/bin/tests/system/keepalive/tests.sh bind9-9.18.41/bin/tests/system/keepalive/tests.sh --- bind9-9.18.33/bin/tests/system/keepalive/tests.sh 2025-01-20 13:39:31.072353628 +0000 +++ bind9-9.18.41/bin/tests/system/keepalive/tests.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,99 +0,0 @@ -#!/bin/sh - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -set -e - -. ../conf.sh - -DIGOPTS="-p ${PORT}" -RNDCCMD="$RNDC -c ../_common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT}" - -n=0 -status=0 - -echo_i "checking that dig handles TCP keepalive ($n)" -ret=0 -n=$((n + 1)) -$DIG $DIGOPTS +qr +keepalive foo.example @10.53.0.2 >dig.out.test$n || ret=1 -grep "; TCP KEEPALIVE" dig.out.test$n >/dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "checking that dig added TCP keepalive ($n)" -ret=0 -n=$((n + 1)) -$RNDCCMD stats -grep "EDNS TCP keepalive option received" ns2/named.stats >/dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "checking that TCP keepalive is added for TCP responses ($n)" -ret=0 -n=$((n + 1)) -$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 >dig.out.test$n || ret=1 -grep "; TCP KEEPALIVE" dig.out.test$n >/dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "checking that TCP keepalive requires TCP ($n)" -ret=0 -n=$((n + 1)) -$DIG $DIGOPTS +keepalive foo.example @10.53.0.2 >dig.out.test$n || ret=1 -grep "; TCP KEEPALIVE" dig.out.test$n >/dev/null && ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "checking default value ($n)" -ret=0 -n=$((n + 1)) -$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.3 >dig.out.test$n || ret=1 -grep "; TCP KEEPALIVE: 30.0 secs" dig.out.test$n >/dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "checking configured value ($n)" -ret=0 -n=$((n + 1)) -$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 >dig.out.test$n || ret=1 -grep "; TCP KEEPALIVE: 15.0 secs" dig.out.test$n >/dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "checking re-configured value ($n)" -ret=0 -n=$((n + 1)) -$RNDCCMD tcp-timeouts 300 300 300 200 >output -diff -b output expected || ret=1 -$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 >dig.out.test$n || ret=1 -grep "; TCP KEEPALIVE: 20.0 secs" dig.out.test$n >/dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "checking server config entry ($n)" -ret=0 -n=$((n + 1)) -$RNDCCMD stats -oka=$(grep "EDNS TCP keepalive option received" ns2/named.stats \ - | tail -1 | awk '{ print $1}') -$DIG $DIGOPTS bar.example @10.53.0.3 >dig.out.test$n || ret=1 -$RNDCCMD stats -nka=$(grep "EDNS TCP keepalive option received" ns2/named.stats \ - | tail -1 | awk '{ print $1}') -#echo oka ':' $oka -#echo nka ':' $nka -if [ "$oka" -eq "$nka" ]; then ret=1; fi -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "exit status: $status" -[ $status -eq 0 ] || exit 1 diff -Nru bind9-9.18.33/bin/tests/system/keepalive/tests_keepalive.py bind9-9.18.41/bin/tests/system/keepalive/tests_keepalive.py --- bind9-9.18.33/bin/tests/system/keepalive/tests_keepalive.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/keepalive/tests_keepalive.py 2025-10-18 10:21:02.944255855 +0000 @@ -0,0 +1,69 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import isctest +import pytest + + +pytestmark = pytest.mark.extra_artifacts( + ["ns2/named.stats"], +) + + +def test_dig_tcp_keepalive_handling(named_port, servers): + def get_keepalive_options_received(): + servers["ns2"].rndc("stats", log=False) + options_received = 0 + with open("ns2/named.stats", "r", encoding="utf-8") as ns2_stats_file: + for line in ns2_stats_file: + if "EDNS TCP keepalive option received" in line: + options_received = line.split()[0] + return int(options_received) + + dig = isctest.run.Dig(f"-p {str(named_port)}") + + isctest.log.info("check that dig handles TCP keepalive in query") + assert "; TCP KEEPALIVE" in dig("+qr +keepalive foo.example. @10.53.0.2") + + isctest.log.info("check that dig added TCP keepalive was received") + assert get_keepalive_options_received() == 1 + + isctest.log.info("check that TCP keepalive is added for TCP responses") + assert "; TCP KEEPALIVE" in dig("+tcp +keepalive foo.example. @10.53.0.2") + + isctest.log.info("check that TCP keepalive requires TCP") + assert "; TCP KEEPALIVE" not in dig("+keepalive foo.example. @10.53.0.2") + + isctest.log.info("check the default keepalive value") + assert "; TCP KEEPALIVE: 30.0 secs" in dig( + "+tcp +keepalive foo.example. @10.53.0.3" + ) + + isctest.log.info("check a keepalive configured value") + assert "; TCP KEEPALIVE: 15.0 secs" in dig( + "+tcp +keepalive foo.example. @10.53.0.2" + ) + + isctest.log.info("check a re-configured keepalive value") + response = servers["ns2"].rndc("tcp-timeouts 300 300 300 200", log=False) + assert "tcp-initial-timeout=300" in response + assert "tcp-idle-timeout=300" in response + assert "tcp-keepalive-timeout=300" in response + assert "tcp-advertised-timeout=200" in response + assert "; TCP KEEPALIVE: 20.0 secs" in dig( + "+tcp +keepalive foo.example. @10.53.0.2" + ) + + isctest.log.info("check server config entry") + base_options_received = get_keepalive_options_received() + dig("bar.example. @10.53.0.3") + next_options_received = get_keepalive_options_received() + assert base_options_received < next_options_received diff -Nru bind9-9.18.33/bin/tests/system/keepalive/tests_sh_keepalive.py bind9-9.18.41/bin/tests/system/keepalive/tests_sh_keepalive.py --- bind9-9.18.33/bin/tests/system/keepalive/tests_sh_keepalive.py 2025-01-20 13:39:31.072353628 +0000 +++ bind9-9.18.41/bin/tests/system/keepalive/tests_sh_keepalive.py 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -import pytest - -pytestmark = pytest.mark.extra_artifacts( - [ - "dig.out.*", - "output", - "ns2/named.stats", - ] -) - - -def test_keepalive(run_tests_sh): - run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/keyfromlabel/prereq.sh bind9-9.18.41/bin/tests/system/keyfromlabel/prereq.sh --- bind9-9.18.33/bin/tests/system/keyfromlabel/prereq.sh 2025-01-20 13:39:31.072353628 +0000 +++ bind9-9.18.41/bin/tests/system/keyfromlabel/prereq.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -#!/bin/sh -e -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -. ../conf.sh - -if [ -n "${SOFTHSM2_MODULE}" ] && command -v pkcs11-tool >/dev/null && command -v softhsm2-util >/dev/null; then - exit 0 -fi - -echo_i "skip: softhsm2-util or pkcs11-tool not available" -exit 255 diff -Nru bind9-9.18.33/bin/tests/system/keyfromlabel/setup.sh bind9-9.18.41/bin/tests/system/keyfromlabel/setup.sh --- bind9-9.18.33/bin/tests/system/keyfromlabel/setup.sh 2025-01-20 13:39:31.072353628 +0000 +++ bind9-9.18.41/bin/tests/system/keyfromlabel/setup.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -# shellcheck source=conf.sh -. ../conf.sh - -set -e - -softhsm2-util --delete-token --token "softhsm2-keyfromlabel" >/dev/null 2>&1 || echo_i "softhsm2-keyfromlabel token not found for cleaning" -softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-keyfromlabel" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }' - -printf '%s' "${HSMPIN:-1234}" >pin -PWD=$(pwd) diff -Nru bind9-9.18.33/bin/tests/system/keyfromlabel/tests.sh bind9-9.18.41/bin/tests/system/keyfromlabel/tests.sh --- bind9-9.18.33/bin/tests/system/keyfromlabel/tests.sh 2025-01-20 13:39:31.072353628 +0000 +++ bind9-9.18.41/bin/tests/system/keyfromlabel/tests.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,91 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -set -e - -# shellcheck source=conf.sh -. ../conf.sh - -PWD=$(pwd) - -keygen() { - type="$1" - bits="$2" - zone="$3" - id="$4" - - label="${id}-${zone}" - p11id=$(echo "${label}" | openssl sha1 -r | awk '{print $1}') - pkcs11-tool --module $SOFTHSM2_MODULE --token-label "softhsm2-keyfromlabel" -l -k --key-type $type:$bits --label "${label}" --id "${p11id}" --pin $(cat $PWD/pin) >pkcs11-tool.out.$zone.$id || return 1 -} - -keyfromlabel() { - alg="$1" - zone="$2" - id="$3" - shift 3 - - $KEYFRLAB -E pkcs11 -a $alg -l "token=softhsm2-keyfromlabel;object=${id}-${zone};pin-source=$PWD/pin" "$@" $zone >>keyfromlabel.out.$zone.$id 2>>/dev/null || return 1 - cat keyfromlabel.out.$zone.$id -} - -infile="template.db.in" -for algtypebits in rsasha256:rsa:2048 rsasha512:rsa:2048 \ - ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1; do # Edwards curves are not yet supported by OpenSC - # ed25519:EC:edwards25519 ed448:EC:edwards448 - alg=$(echo "$algtypebits" | cut -f 1 -d :) - type=$(echo "$algtypebits" | cut -f 2 -d :) - bits=$(echo "$algtypebits" | cut -f 3 -d :) - - if $SHELL ../testcrypto.sh $alg; then - zone="$alg.example" - zonefile="zone.$alg.example.db" - ret=0 - - echo_i "Generate keys $alg $type:$bits for zone $zone" - keygen $type $bits $zone keyfromlabel-zsk || ret=1 - keygen $type $bits $zone keyfromlabel-ksk || ret=1 - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - # Skip dnssec-keyfromlabel if key generation failed. - test $ret -eq 0 || continue - - echo_i "Get ZSK $alg $zone $type:$bits" - ret=0 - zsk=$(keyfromlabel $alg $zone keyfromlabel-zsk) - test -z "$zsk" && ret=1 - test "$ret" -eq 0 || echo_i "failed (zsk=$zsk)" - status=$((status + ret)) - - echo_i "Get KSK $alg $zone $type:$bits" - ret=0 - ksk=$(keyfromlabel $alg $zone keyfromlabel-ksk -f KSK) - test -z "$ksk" && ret=1 - test "$ret" -eq 0 || echo_i "failed (ksk=$ksk)" - status=$((status + ret)) - - # Skip signing if dnssec-keyfromlabel failed. - test $ret -eq 0 || continue - - echo_i "Sign zone with $ksk $zsk" - ret=0 - cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" - $SIGNER -E pkcs11 -S -a -g -o "$zone" "$zonefile" >signer.out.$zone || ret=1 - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - fi -done - -echo_i "exit status: $status" -[ $status -eq 0 ] || exit 1 diff -Nru bind9-9.18.33/bin/tests/system/keyfromlabel/tests_keyfromlabel.py bind9-9.18.41/bin/tests/system/keyfromlabel/tests_keyfromlabel.py --- bind9-9.18.33/bin/tests/system/keyfromlabel/tests_keyfromlabel.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/keyfromlabel/tests_keyfromlabel.py 2025-10-18 10:21:02.944255855 +0000 @@ -0,0 +1,199 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import hashlib +import os +import re +import shutil + +import pytest + +import isctest.mark + + +pytestmark = [ + isctest.mark.supported_openssl_version, + isctest.mark.softhsm2_environment, + pytest.mark.extra_artifacts( + [ + "*.example.db", + "*.example.db.signed", + "K*", + "dsset-*", + "keyfromlabel.out.*", + "pin", + "pkcs11-tool.out.*", + "signer.out.*", + ], + ), +] + + +EMPTY_OPENSSL_CONF_ENV = {**os.environ, "OPENSSL_CONF": ""} + +HSMPIN = "1234" + + +@pytest.fixture(autouse=True) +def token_init_and_cleanup(): + + # Create pin file for the $KEYFRLAB command + with open("pin", "w", encoding="utf-8") as pinfile: + pinfile.write(HSMPIN) + + token_init_command = [ + "softhsm2-util", + "--init-token", + "--free", + "--pin", + HSMPIN, + "--so-pin", + HSMPIN, + "--label", + "softhsm2-keyfromlabel", + ] + + token_cleanup_command = [ + "softhsm2-util", + "--delete-token", + "--token", + "softhsm2-keyfromlabel", + ] + + isctest.run.cmd( + token_cleanup_command, + env=EMPTY_OPENSSL_CONF_ENV, + raise_on_exception=False, + ) + + try: + output = isctest.run.cmd( + token_init_command, env=EMPTY_OPENSSL_CONF_ENV + ).stdout.decode("utf-8") + assert "The token has been initialized and is reassigned to slot" in output + yield + finally: + output = isctest.run.cmd( + token_cleanup_command, + env=EMPTY_OPENSSL_CONF_ENV, + raise_on_exception=False, + ).stdout.decode("utf-8") + assert re.search("Found token (.*) with matching token label", output) + + +# pylint: disable-msg=too-many-locals +@pytest.mark.parametrize( + "alg_name,alg_type,alg_bits", + [ + ("rsasha256", "rsa", "2048"), + ("rsasha512", "rsa", "2048"), + ("ecdsap256sha256", "EC", "prime256v1"), + ("ecdsap384sha384", "EC", "prime384v1"), + # Edwards curves are not yet supported by OpenSC + # ("ed25519","EC","edwards25519"), + # ("ed448","EC","edwards448") + ], +) +def test_keyfromlabel(alg_name, alg_type, alg_bits): + + def keygen(alg_type, alg_bits, zone, key_id): + label = f"{key_id}-{zone}" + p11_id = hashlib.sha1(label.encode("utf-8")).hexdigest() + + pkcs11_command = [ + "pkcs11-tool", + "--module", + os.environ.get("SOFTHSM2_MODULE"), + "--token-label", + "softhsm2-keyfromlabel", + "-l", + "-k", + "--key-type", + f"{alg_type}:{alg_bits}", + "--label", + label, + "--id", + p11_id, + "--pin", + HSMPIN, + ] + + output = isctest.run.cmd( + pkcs11_command, env=EMPTY_OPENSSL_CONF_ENV + ).stdout.decode("utf-8") + + assert "Key pair generated" in output + + def keyfromlabel(alg_name, zone, key_id, key_flag): + key_flag = key_flag.split() if key_flag else [] + + keyfrlab_command = [ + os.environ["KEYFRLAB"], + "-E", + "pkcs11", + "-a", + alg_name, + "-l", + f"pkcs11:token=softhsm2-keyfromlabel;object={key_id}-{zone};pin-source=pin", + *key_flag, + zone, + ] + + output = isctest.run.cmd(keyfrlab_command) + output_decoded = output.stdout.decode("utf-8").rstrip() + ".key" + + assert os.path.exists(output_decoded) + + return output_decoded + + if ( + isctest.run.cmd( + [os.environ["SHELL"], "../testcrypto.sh", alg_name], + raise_on_exception=False, + ).returncode + != 0 + ): + pytest.skip(f"{alg_name} is not supported") + + # Generate keys for the $zone zone + zone = f"{alg_name}.example" + + keygen(alg_type, alg_bits, zone, "keyfromlabel-zsk") + keygen(alg_type, alg_bits, zone, "keyfromlabel-ksk") + + # Get ZSK + zsk_file = keyfromlabel(alg_name, zone, "keyfromlabel-zsk", "") + + # Get KSK + ksk_file = keyfromlabel(alg_name, zone, "keyfromlabel-ksk", "-f KSK") + + # Sign zone with KSK and ZSK + zone_file = f"zone.{alg_name}.example.db" + + with open(zone_file, "w", encoding="utf-8") as outfile: + for f in ["template.db.in", ksk_file, zsk_file]: + with open(f, "r", encoding="utf-8") as fd: + shutil.copyfileobj(fd, outfile) + + signer_command = [ + os.environ["SIGNER"], + "-E", + "pkcs11", + "-S", + "-a", + "-g", + "-o", + zone, + zone_file, + ] + isctest.run.cmd(signer_command) + + assert os.path.exists(f"{zone_file}.signed") diff -Nru bind9-9.18.33/bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py bind9-9.18.41/bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py --- bind9-9.18.33/bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py 2025-01-20 13:39:31.072353628 +0000 +++ bind9-9.18.41/bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -import pytest - -import isctest.mark - -pytestmark = pytest.mark.extra_artifacts( - [ - "*.example.db", - "*.example.db.signed", - "K*", - "dsset-*", - "keyfromlabel.out.*", - "pin", - "pkcs11-tool.out.*", - "signer.out.*", - ] -) - - -@isctest.mark.supported_openssl_version -def test_keyfromlabel(run_tests_sh): - run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/limits/tests_limits.py bind9-9.18.41/bin/tests/system/limits/tests_limits.py --- bind9-9.18.33/bin/tests/system/limits/tests_limits.py 2025-01-20 13:39:31.078353733 +0000 +++ bind9-9.18.41/bin/tests/system/limits/tests_limits.py 2025-10-18 10:21:02.951256042 +0000 @@ -14,11 +14,10 @@ import isctest import pytest -import dns.message - # Everything from getting a big answer to creating an RR set with thousands # of records takes minutes of CPU and real time with dnspython < 2.0.0. pytest.importorskip("dns", minversion="2.0.0") +import dns.rrset @pytest.mark.parametrize( @@ -32,8 +31,8 @@ ], ) def test_limits(name, limit): - msg_query = dns.message.make_query(f"{name}.example.", "A") - res = isctest.query.tcp(msg_query, "10.53.0.1") + msg_query = isctest.query.create(f"{name}.example.", "A") + res = isctest.query.tcp(msg_query, "10.53.0.1", log_response=False) iplist = [ f"10.0.{x}.{y}" @@ -46,7 +45,7 @@ def test_limit_exceeded(): - msg_query = dns.message.make_query("5000.example.", "A") - res = isctest.query.tcp(msg_query, "10.53.0.1") + msg_query = isctest.query.create("5000.example.", "A") + res = isctest.query.tcp(msg_query, "10.53.0.1", log_response=False) assert res.flags & dns.flags.TC, "TC flag was not set" diff -Nru bind9-9.18.33/bin/tests/system/masterfile/tests_masterfile.py bind9-9.18.41/bin/tests/system/masterfile/tests_masterfile.py --- bind9-9.18.33/bin/tests/system/masterfile/tests_masterfile.py 2025-01-20 13:39:31.080353769 +0000 +++ bind9-9.18.41/bin/tests/system/masterfile/tests_masterfile.py 2025-10-18 10:21:02.953256095 +0000 @@ -19,7 +19,7 @@ def test_masterfile_include_semantics(): """Test master file $INCLUDE semantics""" - msg_axfr = dns.message.make_query("include.", "AXFR") + msg_axfr = isctest.query.create("include.", "AXFR") res_axfr = isctest.query.tcp(msg_axfr, "10.53.0.1") axfr_include_semantics = """;ANSWER include. 300 IN SOA ns.include. hostmaster.include. 1 3600 1800 1814400 3600 @@ -40,7 +40,7 @@ def test_masterfile_bind_8_compat_semantics(): """Test master file BIND 8 TTL and $TTL semantics compatibility""" - msg_axfr = dns.message.make_query("ttl1.", "AXFR") + msg_axfr = isctest.query.create("ttl1.", "AXFR") res_axfr = isctest.query.tcp(msg_axfr, "10.53.0.1") axfr_ttl_semantics = """;ANSWER ttl1. 3 IN SOA ns.ttl1. hostmaster.ttl1. 1 3600 1800 1814400 3 @@ -59,7 +59,7 @@ def test_masterfile_rfc_1035_semantics(): """Test master file RFC1035 TTL and $TTL semantics""" - msg_axfr = dns.message.make_query("ttl2.", "AXFR") + msg_axfr = isctest.query.create("ttl2.", "AXFR") res_axfr = isctest.query.tcp(msg_axfr, "10.53.0.1") axfr_ttl_semantics = """;ANSWER ttl2. 1 IN SOA ns.ttl2. hostmaster.ttl2. 1 3600 1800 1814400 3 @@ -78,7 +78,7 @@ def test_masterfile_missing_master_file(): """Test nameserver running with a missing master file""" - msg_soa = dns.message.make_query("example.", "SOA") + msg_soa = isctest.query.create("example.", "SOA") res_soa = isctest.query.tcp(msg_soa, "10.53.0.2") expected_soa_rr = """;ANSWER example. 300 IN SOA mname1. . 2010042407 20 20 1814400 3600 @@ -89,7 +89,7 @@ def test_masterfile_missing_master_file_servfail(): """Test nameserver returning SERVFAIL for a missing master file""" - msg_soa = dns.message.make_query("missing.", "SOA") + msg_soa = isctest.query.create("missing.", "SOA") res_soa = isctest.query.tcp(msg_soa, "10.53.0.2") isctest.check.servfail(res_soa) diff -Nru bind9-9.18.33/bin/tests/system/mirror/tests.sh bind9-9.18.41/bin/tests/system/mirror/tests.sh --- bind9-9.18.33/bin/tests/system/mirror/tests.sh 2025-01-20 13:39:31.084353839 +0000 +++ bind9-9.18.41/bin/tests/system/mirror/tests.sh 2025-10-18 10:21:02.956256176 +0000 @@ -129,6 +129,7 @@ echo_i "checking that an AXFR of an updated, correctly signed mirror zone is accepted ($n)" ret=0 nextpart ns3/named.run >/dev/null +sleep 1 cat ns2/verify-axfr.db.good.signed >ns2/verify-axfr.db.signed reload_zone verify-axfr ${UPDATED_SERIAL_GOOD} $RNDCCMD 10.53.0.3 retransfer verify-axfr >/dev/null 2>&1 diff -Nru bind9-9.18.33/bin/tests/system/mirror-root-zone/ns1/named.conf.j2 bind9-9.18.41/bin/tests/system/mirror-root-zone/ns1/named.conf.j2 --- bind9-9.18.33/bin/tests/system/mirror-root-zone/ns1/named.conf.j2 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/mirror-root-zone/ns1/named.conf.j2 2025-10-18 10:21:02.955256149 +0000 @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +options { + pid-file "named.pid"; + listen-on port @PORT@ {10.53.0.1;}; +}; + +zone "." { type mirror; }; diff -Nru bind9-9.18.33/bin/tests/system/mirror-root-zone/tests_mirror_root_zone.py bind9-9.18.41/bin/tests/system/mirror-root-zone/tests_mirror_root_zone.py --- bind9-9.18.33/bin/tests/system/mirror-root-zone/tests_mirror_root_zone.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/mirror-root-zone/tests_mirror_root_zone.py 2025-10-18 10:21:02.955256149 +0000 @@ -0,0 +1,27 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +from typing import Dict + +from isctest.instance import NamedInstance +from isctest.mark import live_internet_test + + +@live_internet_test +def test_mirror_root_zone(servers: Dict[str, NamedInstance]): + """ + This test pulls the root zone from the Internet, so let's only run + it when CI_ENABLE_LIVE_INTERNET_TESTS is set. + """ + ns1 = servers["ns1"] + with ns1.watch_log_from_start() as watch_log: + # TimeoutError is raised if the line is not found and the test will fail. + watch_log.wait_for_line("Transfer status: success") diff -Nru bind9-9.18.33/bin/tests/system/mkeys/tests_sh_mkeys.py bind9-9.18.41/bin/tests/system/mkeys/tests_sh_mkeys.py --- bind9-9.18.33/bin/tests/system/mkeys/tests_sh_mkeys.py 2025-01-20 13:39:31.086353874 +0000 +++ bind9-9.18.41/bin/tests/system/mkeys/tests_sh_mkeys.py 2025-10-18 10:21:02.959256256 +0000 @@ -11,7 +11,6 @@ import pytest -import isctest.mark pytestmark = pytest.mark.extra_artifacts( [ @@ -48,6 +47,6 @@ ) -@isctest.mark.flaky(max_runs=2) # GL#3098 +@pytest.mark.flaky(max_runs=2) # GL#3098 def test_mkeys(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/names/tests.sh bind9-9.18.41/bin/tests/system/names/tests.sh --- bind9-9.18.33/bin/tests/system/names/tests.sh 2025-01-20 13:39:31.087353892 +0000 +++ bind9-9.18.41/bin/tests/system/names/tests.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,51 +0,0 @@ -#!/bin/sh - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -set -e - -. ../conf.sh - -DIGOPTS="+nosea +stat +noquest +nocomm +nocmd -p ${PORT}" - -status=0 - -echo_i "Getting message size with compression enabled" -$DIG $DIGOPTS -b 10.53.0.1 @10.53.0.1 mx example >dig.compen.test || ret=1 -COMPEN=$(grep ';; MSG SIZE' dig.compen.test | sed -e "s/.*: //g") -cat dig.compen.test | grep -v ';;' | sort >dig.compen.sorted.test - -echo_i "Getting message size with compression disabled" -$DIG $DIGOPTS -b 10.53.0.2 @10.53.0.1 mx example >dig.compdis.test || ret=1 -COMPDIS=$(grep ';; MSG SIZE' dig.compdis.test | sed -e "s/.*: //g") -cat dig.compdis.test | grep -v ';;' | sort >dig.compdis.sorted.test - -# the compression disabled message should be at least twice as large as with -# compression disabled, but the content should be the same -echo_i "Checking if responses are identical other than in message size" -{ - diff dig.compdis.sorted.test dig.compen.sorted.test >/dev/null - ret=$? -} || true -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "Checking if message with compression disabled is significantly larger" -echo_i "Disabled $COMPDIS vs enabled $COMPEN" -val=$(((COMPDIS * 3 / 2) / COMPEN)) -if [ $val -le 1 ]; then - echo_i "failed" - status=$((status + 1)) -fi - -echo_i "exit status: $status" -[ $status -eq 0 ] || exit 1 diff -Nru bind9-9.18.33/bin/tests/system/names/tests_names.py bind9-9.18.41/bin/tests/system/names/tests_names.py --- bind9-9.18.33/bin/tests/system/names/tests_names.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/names/tests_names.py 2025-10-18 10:21:02.959256256 +0000 @@ -0,0 +1,31 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import pytest + +pytest.importorskip("dns", minversion="2.7.0") + +import isctest + + +# The query answer sent with compression disabled should have a size that is +# about twice as large as the answer with compression enabled, while +# maintaining identical content. +def test_names(): + msg = isctest.query.create("example.", "MX") + # Getting message size with compression enabled + res_enabled = isctest.query.tcp(msg, ip="10.53.0.1", source="10.53.0.1") + # Getting message size with compression disabled + res_disabled = isctest.query.tcp(msg, ip="10.53.0.1", source="10.53.0.2") + # Checking if responses are identical content-wise + isctest.check.rrsets_equal(res_enabled.answer, res_disabled.answer) + # Checking if message with compression disabled is significantly (say 70%) larger + assert len(res_disabled.wire) > len(res_enabled.wire) * 1.7 diff -Nru bind9-9.18.33/bin/tests/system/names/tests_sh_names.py bind9-9.18.41/bin/tests/system/names/tests_sh_names.py --- bind9-9.18.33/bin/tests/system/names/tests_sh_names.py 2025-01-20 13:39:31.087353892 +0000 +++ bind9-9.18.41/bin/tests/system/names/tests_sh_names.py 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -import pytest - -pytestmark = pytest.mark.extra_artifacts( - [ - "dig.*.test*", - ] -) - - -def test_names(run_tests_sh): - run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/nsec3-answer/ns1/named.conf.j2 bind9-9.18.41/bin/tests/system/nsec3-answer/ns1/named.conf.j2 --- bind9-9.18.33/bin/tests/system/nsec3-answer/ns1/named.conf.j2 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/nsec3-answer/ns1/named.conf.j2 2025-10-18 10:21:02.961256309 +0000 @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS1 + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + dnssec-validation no; +}; + +zone "." { + type primary; + file "root.db.signed"; +}; diff -Nru bind9-9.18.33/bin/tests/system/nsec3-answer/ns1/root.db.in bind9-9.18.41/bin/tests/system/nsec3-answer/ns1/root.db.in --- bind9-9.18.33/bin/tests/system/nsec3-answer/ns1/root.db.in 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/nsec3-answer/ns1/root.db.in 2025-10-18 10:21:02.961256309 +0000 @@ -0,0 +1,51 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +. IN SOA . . ( + 2025063000 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +. NS a.root-servers.nil. + +02hc3em7bdd011a0gms3hkkjt2if5vp8. A 10.0.0.0 +a. A 10.0.0.1 +*.a.a. A 10.0.0.6 +a.a.a.a. A 10.0.0.3 +b. A 10.0.0.2 +b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b.b. A 10.0.0.2 +cname. CNAME does-not-exist. +cname.cname. CNAME cname. +cname.ent.cname. CNAME cname.cname. +d. A 10.0.0.4 +dname-to-nowhere. DNAME does-not-exist. +; DNAME owner longer than target to avoid YXDOMAIN dependent on QNAME +insecure. NS a.root-servers.nil. +ns.insecure. A 10.53.0.3 +a.root-servers.nil. A 10.53.0.1 +secure. NS a.root-servers.nil. +secure. DS 11111 13 255 00 +occluded.secure. A 0.0.0.0 +*.wild. A 10.0.0.6 +explicit.wild. A 192.0.2.66 +z. A 10.0.0.26 + +; randomly generated subtree to excercise unknown corner cases +; intentionally small, to not blow up algorithms with quadratic complexity in ZoneAnalyzer and name generator +a.a.a.b.a.a.a.b.a.a.b.b.a.random. TXT "r" +b.b.a.a.b.b.a.a.a.b.b.a.b.a.a.a.a.a.b.a.a.b.a.b.a.b.b.b.b.b.a.a.a.a.b.a.a.a.b.a.a.b.b.a.random. TXT "r" +a.a.a.b.b.a.b.b.a.b.a.b.a.b.a.b.b.b.a.random. TXT "r" +b.b.a.b.a.b.a.a.a.b.a.a.b.a.a.a.a.b.b.a.b.b.a.b.a.b.a.b.a.b.b.b.a.random. TXT "r" +a.b.a.a.b.a.b.a.b.a.a.b.a.b.a.a.a.b.b.a.b.b.a.a.b.b.a.a.b.a.b.a.b.b.b.b.a.a.a.a.a.a.a.a.b.a.b.a.b.b.a.b.a.b.a.a.a.b.a.a.b.a.a.a.a.b.b.a.b.b.a.b.a.b.a.b.a.b.b.b.a.random. TXT "r" +a.a.a.a.a.b.b.a.a.a.a.a.b.b.a.a.b.a.a.b.a.a.b.b.a.a.a.b.a.a.a.b.b.b.b.b.a.a.a.b.b.b.b.b.b.a.b.b.b.a.a.b.b.b.b.a.a.a.a.b.a.b.b.a.b.a.a.b.b.b.b.b.b.b.a.b.b.a.b.a.b.a.a.a.b.b.a.a.b.b.a.b.a.b.b.a.b.b.b.a.b.b.b.b.b.a.a.b.a.a.a.b.b.a.a.a.b.b.b.b.b.a.random. TXT "r" diff -Nru bind9-9.18.33/bin/tests/system/nsec3-answer/ns1/sign.sh bind9-9.18.41/bin/tests/system/nsec3-answer/ns1/sign.sh --- bind9-9.18.33/bin/tests/system/nsec3-answer/ns1/sign.sh 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/nsec3-answer/ns1/sign.sh 2025-10-18 10:21:02.961256309 +0000 @@ -0,0 +1,34 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# shellcheck source=conf.sh +. ../../conf.sh + +set -e + +zone=. +infile=root.db.in +zonefile=root.db + +echo_i "ns1/sign.sh" + +ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") + +cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" + +SALT="$(printf "%04x" "$(($(date +%s) / 3600 % 65536))")" +echo_ic "NSEC3 salt for this hour: $SALT" +"$SIGNER" -3 "$SALT" -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log" + +keyfile_to_initial_ds "$ksk" >managed-keys.conf diff -Nru bind9-9.18.33/bin/tests/system/nsec3-answer/ns2/named.conf.j2 bind9-9.18.41/bin/tests/system/nsec3-answer/ns2/named.conf.j2 --- bind9-9.18.33/bin/tests/system/nsec3-answer/ns2/named.conf.j2 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/nsec3-answer/ns2/named.conf.j2 2025-10-18 10:21:02.961256309 +0000 @@ -0,0 +1,39 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// validating resolver + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation yes; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +include "../../_common/rndc.key"; + +zone "." { + type hint; + file "../../_common/root.hint"; +}; + +include "../ns1/managed-keys.conf"; diff -Nru bind9-9.18.33/bin/tests/system/nsec3-answer/setup.sh bind9-9.18.41/bin/tests/system/nsec3-answer/setup.sh --- bind9-9.18.33/bin/tests/system/nsec3-answer/setup.sh 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/nsec3-answer/setup.sh 2025-10-18 10:21:02.961256309 +0000 @@ -0,0 +1,22 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# shellcheck source=conf.sh +. ../conf.sh + +set -e + +( + cd ns1 + $SHELL sign.sh +) diff -Nru bind9-9.18.33/bin/tests/system/nsec3-answer/tests_nsec3.py bind9-9.18.41/bin/tests/system/nsec3-answer/tests_nsec3.py --- bind9-9.18.33/bin/tests/system/nsec3-answer/tests_nsec3.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/nsec3-answer/tests_nsec3.py 2025-10-18 10:21:02.961256309 +0000 @@ -0,0 +1,415 @@ +#!/usr/bin/python3 + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +from dataclasses import dataclass +import os +from pathlib import Path +from typing import Optional, Set, Tuple + +import pytest + +pytest.importorskip("dns", minversion="2.5.0") +import dns.dnssec +import dns.message +import dns.name +import dns.query +import dns.rcode +import dns.rdataclass +import dns.rdatatype +import dns.rdtypes.ANY.RRSIG +import dns.rdtypes.ANY.NSEC3 +import dns.rrset + +from isctest.hypothesis.strategies import dns_names, sampled_from +import isctest +import isctest.name + +from hypothesis import assume, given + +SUFFIX = dns.name.from_text(".") +AUTH = "10.53.0.1" +RESOLVER = "10.53.0.2" +TIMEOUT = 5 +ZONE = isctest.name.ZoneAnalyzer.read_path( + Path(os.environ["TOP_SRCDIR"]) + / "bin" + / "tests" + / "system" + / "nsec3-answer/ns1/root.db.in", + origin=SUFFIX, +) + + +def do_test_query( + qname: dns.name.Name, qtype: dns.rdatatype.RdataType, server: str, named_port: int +) -> Tuple[dns.message.QueryMessage, "NSEC3Checker"]: + query = dns.message.make_query(qname, qtype, use_edns=True, want_dnssec=True) + response = isctest.query.tcp(query, server, named_port, timeout=TIMEOUT) + isctest.check.is_response_to(response, query) + assert response.rcode() in (dns.rcode.NOERROR, dns.rcode.NXDOMAIN) + return response, NSEC3Checker(response) + + +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns1"), pytest.param(RESOLVER, id="ns2")] +) +@given( + qname=sampled_from( + sorted(ZONE.reachable - ZONE.get_names_with_type(dns.rdatatype.CNAME)) + ) +) +def test_nodata(server: str, qname: dns.name.Name, named_port: int) -> None: + """An existing name, no wildcards, but a query type for RRset which does not exist""" + _, nsec3check = do_test_query(qname, dns.rdatatype.HINFO, server, named_port) + check_nodata(qname, nsec3check) + + +@pytest.mark.parametrize("server", [pytest.param(AUTH, id="ns1")]) +@given( + qname=dns_names( + suffix=(ZONE.delegations - ZONE.get_names_with_type(dns.rdatatype.DS)) + ) +) +def test_nodata_ds(server: str, qname: dns.name.Name, named_port: int) -> None: + """Auth sends proof of nonexistance with referral without DS RR. Opt-out is not supported.""" + response, nsec3check = do_test_query(qname, dns.rdatatype.HINFO, server, named_port) + + nsrr = None + for rrset in response.authority: + if rrset.rdtype == dns.rdatatype.NS: + nsrr = rrset + break + assert nsrr is not None, "NS RRset missing in delegation answer" + + # DS RR does not exist so we must prove it by having NSEC3 with QNAME + check_nodata(nsrr.name, nsec3check) + + +def check_nodata(name: dns.name.Name, nsec3check: "NSEC3Checker") -> None: + assert nsec3check.response.rcode() is dns.rcode.NOERROR + + nsec3check.prove_name_exists(name) + nsec3check.check_extraneous_rrs() + + +def assume_nx_and_no_delegation(qname: dns.name.Name) -> None: + assume(qname not in ZONE.all_existing_names) + + # name must not be under a delegation or DNAME: + # it would not work with resolver ns2 + assume( + not isctest.name.is_related_to_any( + qname, + (dns.name.NameRelation.EQUAL, dns.name.NameRelation.SUBDOMAIN), + ZONE.reachable_delegations.union(ZONE.reachable_dnames), + ) + ) + + +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns1"), pytest.param(RESOLVER, id="ns2")] +) +@given(qname=dns_names(suffix=SUFFIX)) +def test_nxdomain(server: str, qname: dns.name.Name, named_port: int) -> None: + """A real NXDOMAIN, no wildcards involved""" + assume_nx_and_no_delegation(qname) + wname = ZONE.source_of_synthesis(qname) + assume(wname not in ZONE.reachable_wildcards) + + _, nsec3check = do_test_query(qname, dns.rdatatype.A, server, named_port) + check_nxdomain(qname, nsec3check) + + +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns1"), pytest.param(RESOLVER, id="ns2")] +) +@given(qname=sampled_from(sorted(ZONE.get_names_with_type(dns.rdatatype.CNAME)))) +def test_cname_nxdomain(server: str, qname: dns.name.Name, named_port: int) -> None: + """CNAME which terminates by NXDOMAIN, no wildcards involved""" + response, nsec3check = do_test_query(qname, dns.rdatatype.A, server, named_port) + chain = response.resolve_chaining() + assume_nx_and_no_delegation(chain.canonical_name) + + wname = ZONE.source_of_synthesis(chain.canonical_name) + assume(wname not in ZONE.reachable_wildcards) + + check_nxdomain(chain.canonical_name, nsec3check) + + +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns1"), pytest.param(RESOLVER, id="ns2")] +) +@given(qname=dns_names(suffix=ZONE.get_names_with_type(dns.rdatatype.DNAME))) +def test_dname_nxdomain(server: str, qname: dns.name.Name, named_port: int) -> None: + """DNAME which terminates by NXDOMAIN, no wildcards involved""" + assume(qname not in ZONE.reachable) + + response, nsec3check = do_test_query(qname, dns.rdatatype.A, server, named_port) + chain = response.resolve_chaining() + assume_nx_and_no_delegation(chain.canonical_name) + + wname = ZONE.source_of_synthesis(chain.canonical_name) + assume(wname not in ZONE.reachable_wildcards) + + check_nxdomain(chain.canonical_name, nsec3check) + + +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns1"), pytest.param(RESOLVER, id="ns2")] +) +@given(qname=dns_names(suffix=ZONE.ents)) +def test_ents(server: str, qname: dns.name.Name, named_port: int) -> None: + """ENT can have a wildcard under it""" + assume_nx_and_no_delegation(qname) + + _, nsec3check = do_test_query(qname, dns.rdatatype.A, server, named_port) + + wname = ZONE.source_of_synthesis(qname) + # does qname match a wildcard under ENT? + if wname in ZONE.reachable_wildcards: + check_wildcard_synthesis(qname, nsec3check) + else: + check_nxdomain(qname, nsec3check) + + +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns1"), pytest.param(RESOLVER, id="ns2")] +) +@given(qname=dns_names(suffix=ZONE.reachable_wildcard_parents)) +def test_wildcard_synthesis(server: str, qname: dns.name.Name, named_port: int) -> None: + assume(qname not in ZONE.all_existing_names) + + wname = ZONE.source_of_synthesis(qname) + assume(wname in ZONE.reachable_wildcards) + + _, nsec3check = do_test_query(qname, dns.rdatatype.A, server, named_port) + check_wildcard_synthesis(qname, nsec3check) + + +@pytest.mark.parametrize( + "server", [pytest.param(AUTH, id="ns1"), pytest.param(RESOLVER, id="ns2")] +) +@given(qname=dns_names(suffix=ZONE.reachable_wildcard_parents)) +def test_wildcard_nodata(server: str, qname: dns.name.Name, named_port: int) -> None: + assume(qname not in ZONE.all_existing_names) + + wname = ZONE.source_of_synthesis(qname) + assume(wname in ZONE.reachable_wildcards) + + _, nsec3check = do_test_query(qname, dns.rdatatype.AAAA, server, named_port) + check_wildcard_nodata(qname, nsec3check) + + +def check_wildcard_nodata(qname: dns.name.Name, nsec3check: "NSEC3Checker") -> None: + assert nsec3check.response.rcode() is dns.rcode.NOERROR + + ce, nce = ZONE.closest_encloser(qname) + nsec3check.prove_name_exists(ce) + nsec3check.prove_name_does_not_exist(nce) + + wname = ZONE.source_of_synthesis(qname) + # expecting proof that wildcard owner does not have rdatatype requested + nsec3check.prove_name_exists(wname) + nsec3check.check_extraneous_rrs() + + +def check_nxdomain(qname: dns.name.Name, nsec3check: "NSEC3Checker") -> None: + assert nsec3check.response.rcode() is dns.rcode.NXDOMAIN + + ce, nce = ZONE.closest_encloser(qname) + nsec3check.prove_name_exists(ce) + nsec3check.prove_name_does_not_exist(nce) + + wname = ZONE.source_of_synthesis(qname) + nsec3check.prove_name_does_not_exist(wname) + nsec3check.check_extraneous_rrs() + + +def check_wildcard_synthesis(qname: dns.name.Name, nsec3check: "NSEC3Checker") -> None: + """Expect wildcard response with a signed A RRset""" + assert nsec3check.response.rcode() is dns.rcode.NOERROR + + answer_sig = nsec3check.response.get_rrset( + section="ANSWER", + name=qname, + rdclass=dns.rdataclass.IN, + rdtype=dns.rdatatype.RRSIG, + covers=dns.rdatatype.A, + ) + assert answer_sig is not None + assert len(answer_sig) == 1 + rrsig = answer_sig[0] + assert isinstance(rrsig, dns.rdtypes.ANY.RRSIG.RRSIG) + # RRSIG labels field RFC 4034 section 3.1.3 does not count: + # - root label + # - leftmost * label + wildcard_parent_labels = rrsig.labels + 1 # add root but not leftmost * + assert wildcard_parent_labels < len(qname) + + # 1. We have RRSIG from the wildcard '*.something', which proves the node + # 'something' exists (by definition - it has a child, so it exists, but + # maybe it is an ENT). Thus we expect closest encloser = 'something' + # 2. If wildcard synthesis is legitimate, QNAME itself and no nodes between + # QNAME and the closest encloser can exist. Because of DNS node existence + # rules it's sufficient to prove non-existence of next-closer name, i.e. + # ., to deny existence of the whole + # subtree down to QNAME. + + ce, nce = ZONE.closest_encloser(qname) + assert ce == qname.split(wildcard_parent_labels)[1] + # ce is proven to exist by the RRSIG + assert nce == qname.split(wildcard_parent_labels + 1)[1] + nsec3check.prove_name_does_not_exist(nce) + nsec3check.check_extraneous_rrs() + + +@dataclass(frozen=True) +class NSEC3Params: + """Common values from a single DNS response""" + + algorithm: int + flags: int + iterations: int + salt: Optional[bytes] + + +class NSEC3Checker: + def __init__(self, response: dns.message.Message): + for rrset in response.answer: + assert not rrset.match( + dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE + ), f"unexpected NSEC3 RR in ANSWER section:\n{response}" + for rrset in response.additional: + assert not rrset.match( + dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE + ), f"unexpected NSEC3 RR in ADDITIONAL section:\n{response}" + + attrs_seen = { + "algorithm": None, + "flags": None, + "iterations": None, + "salt": None, + } + first = True + owners_seen = set() + self.rrsets = [] + for rrset in response.authority: + if not rrset.match( + dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE + ): + continue + assert ( + rrset.name not in owners_seen + ), f"duplicate NSEC3 owner {rrset.name}:\n{response}" + owners_seen.add(rrset.name) + + assert len(rrset) == 1 + rr = rrset[0] + assert isinstance(rr, dns.rdtypes.ANY.NSEC3.NSEC3) + + assert ( + "NSEC3" + not in dns.rdtypes.ANY.NSEC3.Bitmap(rr.windows).to_text().split() + ), f"NSEC3 RRset with NSEC3 in type bitmap:\n{response}" + + # NSEC3 parameters MUST be consistent across all NSEC3 RRs: + # RFC 5155 section 7.2, last paragraph + for attr_name, value_seen in attrs_seen.items(): + current = getattr(rr, attr_name) + if first: + attrs_seen[attr_name] = current + else: + assert ( + current == value_seen + ), f"inconsistent {attr_name}\n{response}" + first = False + self.rrsets.append(rrset) + + assert attrs_seen["algorithm"] is not None, f"no NSEC3 found\n{response}" + self.params: NSEC3Params = NSEC3Params(**attrs_seen) + self.response: dns.message.Message = response + self.owners_present: Set[dns.name.Name] = owners_seen + self.owners_used: Set[dns.name.Name] = set() + + @staticmethod + def nsec3_covers(rrset: dns.rrset.RRset, hashed_name: dns.name.Name) -> bool: + """ + Test if 'hashed_name' is covered by an NSEC3 record in 'rrset', i.e. the name does not exist. + """ + prev_name = rrset.name + + assert len(rrset) == 1 + nsec3 = rrset[0] + assert isinstance(nsec3, dns.rdtypes.ANY.NSEC3.NSEC3) + assert nsec3.flags == 0, "opt-out not supported by test logic" + next_name = nsec3.next_name(SUFFIX) + + # Single name case. + if prev_name == next_name: + return prev_name != hashed_name + + # Standard case. + if prev_name < next_name: + if prev_name < hashed_name < next_name: + return True + + # The cover wraps. + if next_name < prev_name: + # Case 1: The covered name is at the end of the chain. + if hashed_name > prev_name: + return True + # Case 2: The covered name is at the start of the chain. + if hashed_name < next_name: + return True + return False + + def hash_name(self, name: dns.name.Name) -> dns.name.Name: + nhash = dns.dnssec.nsec3_hash( + name, + salt=self.params.salt, + iterations=self.params.iterations, + algorithm=self.params.algorithm, + ) + return dns.name.from_text(nhash, SUFFIX) + + def prove_name_does_not_exist(self, name: dns.name.Name) -> dns.rrset.RRset: + """Hash of a given name must fall between an NSEC3 owner and 'next' name""" + hashed_name = self.hash_name(name) + for rrset in self.rrsets: + name_is_covered = self.nsec3_covers(rrset, hashed_name) + if name_is_covered: + self.owners_used.add(rrset.name) + return rrset + + assert ( + False + ), f"Expected covering NSEC3 for {name} (hash={hashed_name}) not found:\n{self.response}" + + def prove_name_exists(self, owner: dns.name.Name) -> dns.rrset.RRset: + """Check response has NSEC3 RR matching given owner name, i.e. the name exists.""" + nsec3_owner = self.hash_name(owner) + for rrset in self.rrsets: + if rrset.match( + nsec3_owner, dns.rdataclass.IN, dns.rdatatype.NSEC3, dns.rdatatype.NONE + ): + self.owners_used.add(rrset.name) + return rrset + assert ( + False + ), f"Expected matching NSEC3 for {owner} (hash={nsec3_owner}) not found:\n{self.response}" + + def check_extraneous_rrs(self) -> None: + """Check that all NSEC3 RRs present in the message were actually needed for proofs""" + assert ( + self.owners_used == self.owners_present + ), f"extraneous NSEC3 RRs detected\n{self.response}" diff -Nru bind9-9.18.33/bin/tests/system/nsupdate/tests_sh_nsupdate.py bind9-9.18.41/bin/tests/system/nsupdate/tests_sh_nsupdate.py --- bind9-9.18.33/bin/tests/system/nsupdate/tests_sh_nsupdate.py 2025-01-20 13:39:31.095354032 +0000 +++ bind9-9.18.41/bin/tests/system/nsupdate/tests_sh_nsupdate.py 2025-10-18 10:21:02.968256496 +0000 @@ -13,8 +13,6 @@ import pytest -import isctest.mark - pytestmark = pytest.mark.extra_artifacts( [ "Kxxx*", @@ -80,6 +78,6 @@ MAX_RUNS = 2 if platform.system() == "FreeBSD" else 1 # GL#3846 -@isctest.mark.flaky(max_runs=MAX_RUNS) +@pytest.mark.flaky(max_runs=MAX_RUNS) def test_nsupdate(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/pipelined/ans5/ans.py bind9-9.18.41/bin/tests/system/pipelined/ans5/ans.py --- bind9-9.18.33/bin/tests/system/pipelined/ans5/ans.py 2025-01-20 13:39:31.099354103 +0000 +++ bind9-9.18.41/bin/tests/system/pipelined/ans5/ans.py 2025-10-18 10:21:02.972256603 +0000 @@ -84,7 +84,7 @@ while self.running: curr_timeout = 0.5 try: - curr_timeout = self.queue[0][0] - time.time() + curr_timeout = self.queue[0][0] - time.monotonic() except StopIteration: pass if curr_timeout > 0: @@ -97,14 +97,14 @@ data = self.conn.recv(65535) if not data: return - self.queue.append((time.time() + DELAY, data)) + self.queue.append((time.monotonic() + DELAY, data)) if self.cconn in rfds: data = self.cconn.recv(65535) if not data == 0: return self.conn.send(data) try: - while self.queue[0][0] - time.time() < 0: + while self.queue[0][0] - time.monotonic() < 0: _, data = self.queue.pop(0) self.cconn.send(data) except StopIteration: @@ -133,7 +133,7 @@ while self.running: curr_timeout = 0.5 if self.queue: - curr_timeout = self.queue[0][0] - time.time() + curr_timeout = self.queue[0][0] - time.monotonic() if curr_timeout >= 0: if curr_timeout == 0: curr_timeout = 0.5 @@ -144,7 +144,7 @@ data, addr = self.sock.recvfrom(65535) if not data: return - self.queue.append((time.time() + DELAY, data)) + self.queue.append((time.monotonic() + DELAY, data)) qid = struct.unpack(">H", data[:2])[0] log("Received a query from %s, queryid %d" % (str(addr), qid)) self.qid_mapping[qid] = addr @@ -160,7 +160,7 @@ "Received a response from %s, queryid %d, sending to %s" % (str(addr), qid, str(dst)) ) - while self.queue and self.queue[0][0] - time.time() < 0: + while self.queue and self.queue[0][0] - time.monotonic() < 0: _, data = self.queue.pop(0) qid = struct.unpack(">H", data[:2])[0] log("Sending a query to %s, queryid %d" % (str(self.dst), qid)) diff -Nru bind9-9.18.33/bin/tests/system/qmin/ans2/ans.py bind9-9.18.41/bin/tests/system/qmin/ans2/ans.py --- bind9-9.18.33/bin/tests/system/qmin/ans2/ans.py 2025-01-20 13:39:31.100354121 +0000 +++ bind9-9.18.41/bin/tests/system/qmin/ans2/ans.py 2025-10-18 10:21:02.973256630 +0000 @@ -212,6 +212,19 @@ "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" ) ) + r.flags |= dns.flags.AA + elif lqname == "ns2.stale.": + if rrtype == A: + r.additional.append( + dns.rrset.from_text("ns.b.stale.", 2, IN, A, "10.53.0.2") + ) + else: + r.authority.append( + dns.rrset.from_text( + "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" + ) + ) + r.flags |= dns.flags.AA else: # NXDOMAIN r.authority.append( @@ -257,30 +270,72 @@ elif lqname == "" and rrtype == NS: r.answer.append(dns.rrset.from_text(suffix, 30, IN, NS, "ns2." + suffix)) r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2")) - r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2") - ) - r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3")) + elif lqname == "ns2.": r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3") - ) - r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4")) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns3.": r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4") - ) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3") + ) + elif lqname == "ns3." and rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns4.": r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) elif lqname == "a.bit.longer.ns.name." and rrtype == A: r.answer.append( dns.rrset.from_text("a.bit.longer.ns.name." + suffix, 1, IN, A, "10.53.0.4") diff -Nru bind9-9.18.33/bin/tests/system/qmin/ans3/ans.py bind9-9.18.41/bin/tests/system/qmin/ans3/ans.py --- bind9-9.18.33/bin/tests/system/qmin/ans3/ans.py 2025-01-20 13:39:31.101354138 +0000 +++ bind9-9.18.41/bin/tests/system/qmin/ans3/ans.py 2025-10-18 10:21:02.973256630 +0000 @@ -97,17 +97,16 @@ ip6req = True elif endswith(lqname, "a.b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "peekaboo")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -115,7 +114,6 @@ lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA else: # NODATA. r.authority.append( @@ -123,7 +121,20 @@ lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) + else: + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) else: + r.flags |= dns.flags.AA r.authority.append( dns.rrset.from_text( lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" diff -Nru bind9-9.18.33/bin/tests/system/qmin/ans4/ans.py bind9-9.18.41/bin/tests/system/qmin/ans4/ans.py --- bind9-9.18.33/bin/tests/system/qmin/ans4/ans.py 2025-01-20 13:39:31.101354138 +0000 +++ bind9-9.18.41/bin/tests/system/qmin/ans4/ans.py 2025-10-18 10:21:02.974256657 +0000 @@ -98,17 +98,16 @@ ip6req = True elif endswith(lqname, "b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "hooray")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -116,7 +115,19 @@ lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) else: # NODATA. r.authority.append( @@ -125,13 +136,13 @@ ) ) elif lqname == "b.stale.": + r.flags |= dns.flags.AA if rrtype == NS: # NS b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.b.stale.")) r.additional.append( dns.rrset.from_text("ns.b.stale.", 1, IN, A, "10.53.0.4") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA b. r.answer.append( @@ -139,7 +150,20 @@ lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + # SOA a.b. + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.4") + ) else: # NODATA. r.authority.append( diff -Nru bind9-9.18.33/bin/tests/system/qmin/tests.sh bind9-9.18.41/bin/tests/system/qmin/tests.sh --- bind9-9.18.33/bin/tests/system/qmin/tests.sh 2025-01-20 13:39:31.102354156 +0000 +++ bind9-9.18.41/bin/tests/system/qmin/tests.sh 2025-10-18 10:21:02.974256657 +0000 @@ -318,7 +318,7 @@ grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1 grep "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa. 1 IN PTR nee.com." dig.out.test$n >/dev/null || ret=1 sleep 1 -grep -v ADDR ans2/query.log >ans2/query.log.trimmed +grep -F "ip6.arpa." ans2/query.log >ans2/query.log.trimmed cat <<__EOF | diff ans2/query.log.trimmed - >/dev/null || ret=1 NS 1.0.0.2.ip6.arpa. NS 8.f.4.0.1.0.0.2.ip6.arpa. @@ -493,18 +493,22 @@ echo_i "query for .stale is properly minimized when qname-minimization is in strict mode (stale cache) ($n)" ret=0 $CLEANQL +$RNDCCMD 10.53.0.6 flush $DIG $DIGOPTS @10.53.0.6 txt a.b.stale. >dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1 grep "a\.b\.stale\..*1.*IN.*TXT.*hooray" dig.out.test$n >/dev/null || ret=1 sleep 1 sort ans2/query.log >ans2/query.log.sorted cat <<__EOF | diff ans2/query.log.sorted - >/dev/null || ret=1 +ADDR ns.b.stale. +ADDR ns2.stale. NS b.stale. NS stale. __EOF test -f ans3/query.log && ret=1 sort ans4/query.log >ans4/query.log.sorted cat <<__EOF | diff ans4/query.log.sorted - >/dev/null || ret=1 +ADDR ns.b.stale. NS b.stale. TXT a.b.stale. __EOF @@ -516,17 +520,21 @@ echo_i "query for .stale is properly minimized when qname-minimization is in relaxed mode (stale cache) ($n)" ret=0 $CLEANQL +$RNDCCMD 10.53.0.7 flush $DIG $DIGOPTS @10.53.0.7 txt a.b.stale. >dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1 grep "a\.b\.stale\..*1.*IN.*TXT.*hooray" dig.out.test$n >/dev/null || ret=1 sleep 1 sort ans2/query.log >ans2/query.log.sorted cat <<__EOF | diff ans2/query.log.sorted - >/dev/null || ret=1 +ADDR ns.b.stale. +ADDR ns2.stale. NS b.stale. __EOF test -f ans3/query.log && ret=1 sort ans4/query.log >ans4/query.log.sorted cat <<__EOF | diff ans4/query.log.sorted - >/dev/null || ret=1 +ADDR ns.b.stale. TXT a.b.stale. __EOF for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done diff -Nru bind9-9.18.33/bin/tests/system/qmin/tests_sh_qmin.py bind9-9.18.41/bin/tests/system/qmin/tests_sh_qmin.py --- bind9-9.18.33/bin/tests/system/qmin/tests_sh_qmin.py 2025-01-20 13:39:31.102354156 +0000 +++ bind9-9.18.41/bin/tests/system/qmin/tests_sh_qmin.py 2025-10-18 10:21:02.975256684 +0000 @@ -11,8 +11,6 @@ import pytest -import isctest.mark - pytestmark = pytest.mark.extra_artifacts( [ "dig.out.*", @@ -25,6 +23,6 @@ # The qmin test is inherently unstable, see GL #904 for details. -@isctest.mark.flaky(max_runs=3) +@pytest.mark.flaky(max_runs=3) def test_qmin(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/reclimit/ns1/big.db bind9-9.18.41/bin/tests/system/reclimit/ns1/big.db --- bind9-9.18.33/bin/tests/system/reclimit/ns1/big.db 2025-01-20 13:39:31.102354156 +0000 +++ bind9-9.18.41/bin/tests/system/reclimit/ns1/big.db 2025-10-18 10:21:02.975256684 +0000 @@ -9,9 +9,9 @@ ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. -$TTL 60 +$TTL 120 -big. IN SOA ns.big. hostmaster.ns.big. 1 0 0 0 60 +big. IN SOA ns.big. hostmaster.ns.big. 1 0 0 0 120 big. IN NS ns.big. ns.big. IN A 10.53.0.1 diff -Nru bind9-9.18.33/bin/tests/system/reclimit/ns3/named5.conf.in bind9-9.18.41/bin/tests/system/reclimit/ns3/named5.conf.in --- bind9-9.18.33/bin/tests/system/reclimit/ns3/named5.conf.in 2025-01-20 13:39:31.103354173 +0000 +++ bind9-9.18.41/bin/tests/system/reclimit/ns3/named5.conf.in 2025-10-18 10:21:02.976256710 +0000 @@ -24,13 +24,11 @@ qname-minimization disabled; max-recursion-depth 12; recursion yes; - dnssec-validation yes; + dnssec-validation no; max-records-per-type 0; max-types-per-name 10; }; -trust-anchors { }; - key rndc_key { secret "1234abcd8765"; algorithm @DEFAULT_HMAC@; diff -Nru bind9-9.18.33/bin/tests/system/reclimit/ns3/named6.conf.in bind9-9.18.41/bin/tests/system/reclimit/ns3/named6.conf.in --- bind9-9.18.33/bin/tests/system/reclimit/ns3/named6.conf.in 2025-01-20 13:39:31.103354173 +0000 +++ bind9-9.18.41/bin/tests/system/reclimit/ns3/named6.conf.in 2025-10-18 10:21:02.976256710 +0000 @@ -24,13 +24,11 @@ qname-minimization disabled; max-recursion-depth 12; recursion yes; - dnssec-validation yes; + dnssec-validation no; max-records-per-type 0; max-types-per-name 0; }; -trust-anchors { }; - key rndc_key { secret "1234abcd8765"; algorithm @DEFAULT_HMAC@; diff -Nru bind9-9.18.33/bin/tests/system/reclimit/tests.sh bind9-9.18.41/bin/tests/system/reclimit/tests.sh --- bind9-9.18.33/bin/tests/system/reclimit/tests.sh 2025-01-20 13:39:31.104354191 +0000 +++ bind9-9.18.41/bin/tests/system/reclimit/tests.sh 2025-10-18 10:21:02.976256710 +0000 @@ -280,11 +280,11 @@ # Query for NXDOMAIN for items on our priority list - these should get cached for rrtype in AAAA MX NS; do - check_manytypes 1 manytypes.big "${rrtype}" NOERROR big SOA 60 || ret=1 + check_manytypes 1 manytypes.big "${rrtype}" NOERROR big SOA 120 || ret=1 done # Wait at least 1 second for rrtype in AAAA MX NS; do - check_manytypes 2 manytypes.big "${rrtype}" NOERROR big SOA "" 60 || ret=1 + check_manytypes 2 manytypes.big "${rrtype}" NOERROR big SOA "" 120 || ret=1 done if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -299,13 +299,13 @@ # Query for 10 NXDOMAIN types for ntype in $(seq 65270 65279); do - check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR big SOA 60 || ret=1 + check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR big SOA 120 || ret=1 done # Wait at least 1 second sleep 1 # Query for 10 NXDOMAIN types again - these should be cached for ntype in $(seq 65270 65279); do - check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR big SOA "" 60 || ret=1 + check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR big SOA "" 120 || ret=1 done if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -318,13 +318,13 @@ # Limited to 10 types - these should be cached and the previous record should be evicted for ntype in $(seq 65280 65289); do - check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1 + check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 120 || ret=1 done # Wait at least one second sleep 1 # Limited to 10 types - these should be cached for ntype in $(seq 65280 65289); do - check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 60 || ret=1 + check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 120 || ret=1 done if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -356,11 +356,11 @@ # Query for NXDOMAIN for items on our priority list - these should get cached for rrtype in AAAA MX NS; do - check_manytypes 1 manytypes.big "${rrtype}" NOERROR big SOA 60 || ret=1 + check_manytypes 1 manytypes.big "${rrtype}" NOERROR big SOA 120 || ret=1 done # Wait at least 1 second for rrtype in AAAA MX NS; do - check_manytypes 2 manytypes.big "${rrtype}" NOERROR big SOA "" 60 || ret=1 + check_manytypes 2 manytypes.big "${rrtype}" NOERROR big SOA "" 120 || ret=1 done if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -372,11 +372,11 @@ echo_i "checking that priority name over the max-types-per-name get cached ($n)" # Query for an item on our priority list - it should get cached -check_manytypes 1 manytypes.big "A" NOERROR manytypes.big A 60 || ret=1 +check_manytypes 1 manytypes.big "A" NOERROR manytypes.big A 120 || ret=1 # Wait at least 1 second sleep 1 # Query the same name again - it should be in the cache -check_manytypes 2 manytypes.big "A" NOERROR big manytypes.A "" 60 || ret=1 +check_manytypes 2 manytypes.big "A" NOERROR big manytypes.A "" 120 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -389,7 +389,7 @@ echo_i "checking that priority name over the max-types-per-name don't get evicted ($n)" # Query for an item on our priority list - it should get cached -check_manytypes 1 manytypes.big "A" NOERROR manytypes.big A 60 || ret=1 +check_manytypes 1 manytypes.big "A" NOERROR manytypes.big A 120 || ret=1 # Query for 10 more types - this should not evict A record for ntype in $(seq 65280 65289); do check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big || ret=1 @@ -397,9 +397,9 @@ # Wait at least 1 second sleep 1 # Query the same name again - it should be in the cache -check_manytypes 2 manytypes.big "A" NOERROR manytypes.big A "" 60 || ret=1 +check_manytypes 2 manytypes.big "A" NOERROR manytypes.big A "" 120 || ret=1 # This one was first in the list and should have been evicted -check_manytypes 2 manytypes.big "TYPE65280" NOERROR manytypes.big TYPE65280 60 || ret=1 +check_manytypes 2 manytypes.big "TYPE65280" NOERROR manytypes.big TYPE65280 120 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -413,21 +413,21 @@ # Everything on top of that will cause the cache eviction for ntype in $(seq 65280 65299); do - check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1 + check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 120 || ret=1 done # Wait at least one second sleep 1 -# These should have TTL != 60 now +# These should have TTL != 120 now for ntype in $(seq 65290 65299); do - check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 60 || ret=1 + check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 120 || ret=1 done # These should have been evicted for ntype in $(seq 65280 65289); do - check_manytypes 3 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1 + check_manytypes 3 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 120 || ret=1 done # These should have been evicted by the previous block for ntype in $(seq 65290 65299); do - check_manytypes 4 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1 + check_manytypes 4 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 120 || ret=1 done if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -442,25 +442,25 @@ # Go through the 10 items, this should result in 20 items (type + rrsig(type)) for ntype in $(seq 65280 65289); do - check_manytypes 1 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 60 || ret=1 + check_manytypes 1 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 120 || ret=1 done # Wait at least one second sleep 1 -# These should have TTL != 60 now +# These should have TTL != 120 now for ntype in $(seq 65285 65289); do - check_manytypes 2 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" "" 60 || ret=1 + check_manytypes 2 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" "" 120 || ret=1 done # These should have been evicted for ntype in $(seq 65280 65284); do - check_manytypes 3 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 60 || ret=1 + check_manytypes 3 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 120 || ret=1 done # These should have been evicted by the previous block for ntype in $(seq 65285 65289); do - check_manytypes 4 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 60 || ret=1 + check_manytypes 4 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 120 || ret=1 done if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -475,12 +475,12 @@ ns3_reset ns3/named6.conf.in for ntype in $(seq 65280 65534); do - check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1 + check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 120 || ret=1 done # Wait at least one second sleep 1 for ntype in $(seq 65280 65534); do - check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 60 || ret=1 + check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 120 || ret=1 done if [ $ret -ne 0 ]; then echo_i "failed"; fi diff -Nru bind9-9.18.33/bin/tests/system/reclimit/tests_sh_reclimit.py bind9-9.18.41/bin/tests/system/reclimit/tests_sh_reclimit.py --- bind9-9.18.33/bin/tests/system/reclimit/tests_sh_reclimit.py 2025-01-20 13:39:31.104354191 +0000 +++ bind9-9.18.41/bin/tests/system/reclimit/tests_sh_reclimit.py 2025-10-18 10:21:02.976256710 +0000 @@ -11,8 +11,6 @@ import pytest -import isctest.mark - pytestmark = pytest.mark.extra_artifacts( [ "dig.out.*", @@ -27,6 +25,6 @@ # The reclimit is known to be quite unstable. GL #1587 -@isctest.mark.flaky(max_runs=2) +@pytest.mark.flaky(max_runs=2) def test_reclimit(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/resolver/ans3/ans.pl bind9-9.18.41/bin/tests/system/resolver/ans3/ans.pl --- bind9-9.18.33/bin/tests/system/resolver/ans3/ans.pl 2025-01-20 13:39:31.108354261 +0000 +++ bind9-9.18.41/bin/tests/system/resolver/ans3/ans.pl 2025-10-18 10:21:02.980256817 +0000 @@ -74,6 +74,10 @@ $packet->push("answer", new Net::DNS::RR($qname . " 300 A 10.53.0.3")); } elsif ($qname eq "nodata.example.net") { # Do not add a SOA RRset. + } elsif ($qname eq "noresponse.example.net") { + # Do not response. + print "RESPONSE:\n"; + return ""; } elsif ($qname eq "nxdomain.example.net") { # Do not add a SOA RRset. $packet->header->rcode(NXDOMAIN); @@ -185,8 +189,12 @@ print "TCP request\n"; my $result = handleQuery($buf); $len = length($result); - $conn->syswrite(pack("n", $len), 2); - $n = $conn->syswrite($result, $len); + if ($len != 0) { + $conn->syswrite(pack("n", $len), 2); + $n = $conn->syswrite($result, $len); + } else { + $n = 0; + } print " Sent: $n chars via TCP\n"; } $conn->close; diff -Nru bind9-9.18.33/bin/tests/system/resolver/tests.sh bind9-9.18.41/bin/tests/system/resolver/tests.sh --- bind9-9.18.33/bin/tests/system/resolver/tests.sh 2025-01-20 13:39:31.112354331 +0000 +++ bind9-9.18.41/bin/tests/system/resolver/tests.sh 2025-10-18 10:21:02.983256897 +0000 @@ -85,6 +85,37 @@ status=$((status + ret)) fi +rndccmd 10.53.0.1 stats || ret=1 # Get the responses, RTT and timeout statistics before the following timeout tests +grep -F 'responses received' ns1/named.stats >ns1/named.stats.responses-before || true +grep -F 'queries with RTT' ns1/named.stats >ns1/named.stats.rtt-before || true +grep -F 'query timeouts' ns1/named.stats >ns1/named.stats.timeouts-before || true +mv ns1/named.stats ns1/named.stats-before + +# Checking if the "hung fetch" timer kicks in and interrupts a non-responsive query. +n=$((n + 1)) +echo_i "checking no response timeout handling ($n)" +ret=0 +dig_with_opts +tcp +tries=1 +timeout=15 noresponse.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1 +grep -F "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) +echo_i "checking that the timeout didn't skew the resolver responses counters and did update the timeout counter ($n)" +ret=0 +rndccmd 10.53.0.1 stats || ret=1 +grep -F 'responses received' ns1/named.stats >ns1/named.stats.responses-after || true +grep -F 'queries with RTT' ns1/named.stats >ns1/named.stats.rtt-after || true +grep -F 'query timeouts' ns1/named.stats >ns1/named.stats.timeouts-after || true +mv ns1/named.stats ns1/named.stats-after +diff ns1/named.stats.responses-before ns1/named.stats.responses-after >/dev/null || ret=1 +diff ns1/named.stats.rtt-before ns1/named.stats.rtt-after >/dev/null || ret=1 +# The following check is disabled in this branch, because TCP timeouts don't +# work well here, and instead the "hung fetch" timer interrupts the query. +#diff ns1/named.stats.timeouts-before ns1/named.stats.timeouts-after >/dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + n=$((n + 1)) echo_i "checking handling of bogus referrals ($n)" # If the server has the "INSIST(!external)" bug, this query will kill it. diff -Nru bind9-9.18.33/bin/tests/system/resolver/tests_sh_resolver.py bind9-9.18.41/bin/tests/system/resolver/tests_sh_resolver.py --- bind9-9.18.33/bin/tests/system/resolver/tests_sh_resolver.py 2025-01-20 13:39:31.112354331 +0000 +++ bind9-9.18.41/bin/tests/system/resolver/tests_sh_resolver.py 2025-10-18 10:21:02.984256924 +0000 @@ -22,6 +22,7 @@ "resolve.out.*", "ans*/ans.run", "ans*/query.log", + "ns1/named.stats*", "ns4/tld.db", "ns5/trusted.conf", "ns6/K*", diff -Nru bind9-9.18.33/bin/tests/system/rfc5011/ns1/named.conf.j2 bind9-9.18.41/bin/tests/system/rfc5011/ns1/named.conf.j2 --- bind9-9.18.33/bin/tests/system/rfc5011/ns1/named.conf.j2 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/rfc5011/ns1/named.conf.j2 2025-10-18 10:21:02.984256924 +0000 @@ -0,0 +1,32 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * ns1 is a resolver + */ + +options { + pid-file "named.pid"; + listen-on port @PORT@ { 10.53.0.1; }; + recursion yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + diff -Nru bind9-9.18.33/bin/tests/system/rfc5011/tests_rfc5011.py bind9-9.18.41/bin/tests/system/rfc5011/tests_rfc5011.py --- bind9-9.18.33/bin/tests/system/rfc5011/tests_rfc5011.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/rfc5011/tests_rfc5011.py 2025-10-18 10:21:02.984256924 +0000 @@ -0,0 +1,32 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import pytest +from isctest.mark import live_internet_test + +pytestmark = pytest.mark.extra_artifacts( + [ + "ns1/managed-keys.bind.jnl", + ] +) + + +@live_internet_test +def test_rfc5011_rootdnskeyrefresh(servers): + with servers["ns1"].watch_log_from_start() as watcher: + watcher.wait_for_line( + "managed-keys-zone: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 20326 is now trusted, waiving the normal 30-day waiting period" + ) + + with servers["ns1"].watch_log_from_start() as watcher: + watcher.wait_for_line( + "managed-keys-zone: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 38696 is now trusted, waiving the normal 30-day waiting period" + ) diff -Nru bind9-9.18.33/bin/tests/system/rndc/tests.sh bind9-9.18.41/bin/tests/system/rndc/tests.sh --- bind9-9.18.33/bin/tests/system/rndc/tests.sh 2025-01-20 13:39:31.113354349 +0000 +++ bind9-9.18.41/bin/tests/system/rndc/tests.sh 2025-10-18 10:21:02.985256951 +0000 @@ -551,8 +551,9 @@ n=$((n + 1)) echo_i "test 'rndc reconfig' with a broken config ($n)" ret=0 +nextpart ns4/named.run >/dev/null $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1 -sleep 1 +wait_for_log 3 "running" ns4/named.run mv ns4/named.conf ns4/named.conf.save echo "error error error" >>ns4/named.conf $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >rndc.out.1.test$n 2>&1 && ret=1 @@ -571,10 +572,11 @@ n=$((n + 1)) echo_i "restore working config ($n)" ret=0 +nextpart ns4/named.run >/dev/null mv ns4/named.conf.save ns4/named.conf sleep 1 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1 -sleep 1 +wait_for_log 3 "running" ns4/named.run if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) diff -Nru bind9-9.18.33/bin/tests/system/rndc/tests_cve-2023-3341.py bind9-9.18.41/bin/tests/system/rndc/tests_cve-2023-3341.py --- bind9-9.18.33/bin/tests/system/rndc/tests_cve-2023-3341.py 2025-01-20 13:39:31.113354349 +0000 +++ bind9-9.18.41/bin/tests/system/rndc/tests_cve-2023-3341.py 2025-10-18 10:21:02.985256951 +0000 @@ -15,10 +15,9 @@ import time import pytest + import isctest -pytest.importorskip("dns") -import dns.message pytestmark = pytest.mark.extra_artifacts( [ @@ -66,6 +65,6 @@ # Wait for named to (possibly) crash time.sleep(10) - msg = dns.message.make_query("version.bind", "TXT", "CH") + msg = isctest.query.create("version.bind", "TXT", "CH") res = isctest.query.udp(msg, "10.53.0.2") isctest.check.noerror(res) diff -Nru bind9-9.18.33/bin/tests/system/rndc/tests_sh_rndc.py bind9-9.18.41/bin/tests/system/rndc/tests_sh_rndc.py --- bind9-9.18.33/bin/tests/system/rndc/tests_sh_rndc.py 2025-01-20 13:39:31.113354349 +0000 +++ bind9-9.18.41/bin/tests/system/rndc/tests_sh_rndc.py 2025-10-18 10:21:02.986256978 +0000 @@ -35,3 +35,7 @@ "ns7/test.db.jnl", ] ) + + +def test_rndc(run_tests_sh): + run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/rpz/test2 bind9-9.18.41/bin/tests/system/rpz/test2 --- bind9-9.18.33/bin/tests/system/rpz/test2 2025-01-20 13:39:31.119354455 +0000 +++ bind9-9.18.41/bin/tests/system/rpz/test2 2025-10-18 10:21:02.991257111 +0000 @@ -51,7 +51,11 @@ ; prefer first conflicting IP zone for a5-3.tld2 ; 12 update add 32.3.5.168.192.rpz-ip.bl 300 A 127.0.0.1 +; non canonical form entry to trigger log message +update add 128.2.0.0.0.0.3.2.2001.rpz-ip.bl 300 CNAME . send + +; update add 32.3.5.168.192.rpz-ip.bl-2 300 A 127.0.0.2 send diff -Nru bind9-9.18.33/bin/tests/system/rpz/tests.sh bind9-9.18.41/bin/tests/system/rpz/tests.sh --- bind9-9.18.33/bin/tests/system/rpz/tests.sh 2025-01-20 13:39:31.119354455 +0000 +++ bind9-9.18.41/bin/tests/system/rpz/tests.sh 2025-10-18 10:21:02.992257138 +0000 @@ -549,6 +549,8 @@ ckstats $ns6 test1 ns6 0 start_group "IP rewrites" test2 +msg='rpz IP address "128.2.0.0.0.0.3.2.2001" is not the canonical "128.2.zz.3.2.2001"' +grep "$msg" ns3/named.run >/dev/null || setret "expected 'is not the canonical' message not logged" nodata a3-1.tld2 # 1 NODATA nochange a3-2.tld2 # 2 no policy record so no change nochange a4-1.tld2 # 3 obsolete PASSTHRU record style diff -Nru bind9-9.18.33/bin/tests/system/rpzextra/tests_rpzextra.py bind9-9.18.41/bin/tests/system/rpzextra/tests_rpzextra.py --- bind9-9.18.33/bin/tests/system/rpzextra/tests_rpzextra.py 2025-01-20 13:39:31.121354490 +0000 +++ bind9-9.18.41/bin/tests/system/rpzextra/tests_rpzextra.py 2025-10-18 10:21:02.993257165 +0000 @@ -12,13 +12,16 @@ # information regarding copyright ownership. import os + import pytest pytest.importorskip("dns", minversion="2.0.0") +import dns.rcode +import dns.rrset + import isctest from isctest.compat import dns_rcode -import dns.message pytestmark = pytest.mark.extra_artifacts( [ @@ -70,7 +73,7 @@ ) def test_rpz_multiple_views(qname, source, rcode): # Wait for the rpz-external.local zone transfer - msg = dns.message.make_query("rpz-external.local", "SOA") + msg = isctest.query.create("rpz-external.local", "SOA") isctest.query.tcp( msg, ip="10.53.0.3", @@ -84,7 +87,7 @@ expected_rcode=dns_rcode.NOERROR, ) - msg = dns.message.make_query(qname, "A") + msg = isctest.query.create(qname, "A") res = isctest.query.udp(msg, "10.53.0.3", source=source, expected_rcode=rcode) if rcode == dns.rcode.NOERROR: assert res.answer == [dns.rrset.from_text(qname, 300, "IN", "A", "10.53.0.2")] @@ -94,7 +97,7 @@ resolver_ip = "10.53.0.3" # Should generate a log entry into rpz_passthru.txt - msg_allowed = dns.message.make_query("allowed.", "A") + msg_allowed = isctest.query.create("allowed.", "A") res_allowed = isctest.query.udp( msg_allowed, resolver_ip, source="10.53.0.1", expected_rcode=dns.rcode.NOERROR ) @@ -104,7 +107,7 @@ # baddomain.com isn't allowed (CNAME .), should return NXDOMAIN # Should generate a log entry into rpz.txt - msg_not_allowed = dns.message.make_query("baddomain.", "A") + msg_not_allowed = isctest.query.create("baddomain.", "A") res_not_allowed = isctest.query.udp( msg_not_allowed, resolver_ip, diff -Nru bind9-9.18.33/bin/tests/system/rrchecker/tests_rrchecker.py bind9-9.18.41/bin/tests/system/rrchecker/tests_rrchecker.py --- bind9-9.18.33/bin/tests/system/rrchecker/tests_rrchecker.py 2025-01-20 13:39:31.125354560 +0000 +++ bind9-9.18.41/bin/tests/system/rrchecker/tests_rrchecker.py 2025-10-18 10:21:02.997257272 +0000 @@ -37,6 +37,7 @@ "APL", "ATMA", "AVC", + "BRID", "CAA", "CDNSKEY", "CDS", @@ -49,11 +50,13 @@ "DNSKEY", "DOA", "DS", + "DSYNC", "EID", "EUI48", "EUI64", "GID", "GPOS", + "HHIT", "HINFO", "HIP", "HTTPS", @@ -136,7 +139,10 @@ return rrchecker_output.split() -@pytest.mark.parametrize("option", ["-p", "-u"]) +@pytest.mark.parametrize( + "option", + ["-p", "-u", "multi-line at class", " multi-line at type", "multi-line at data"], +) def test_rrchecker_conversions(option): tempzone_file = "tempzone" with open(tempzone_file, "w", encoding="utf-8") as file: @@ -175,6 +181,15 @@ "-u", rr_class_orig, rr_type_orig, rr_rest_orig ) rr_rest = " ".join(rr_rest) + elif option == "multi-line at class": + rr_class = "(" + rr_class + rr_rest = rr_rest + ")" + elif option == "multi-line at type": + rr_type = "(" + rr_type + rr_rest = rr_rest + ")" + elif option == "multi-line at data": + rr_rest = "(" + rr_rest + rr_rest = rr_rest + ")" rr_class, rr_type, *rr_rest = run_rrchecker("-p", rr_class, rr_type, rr_rest) diff -Nru bind9-9.18.33/bin/tests/system/rrl/tests_sh_rrl.py bind9-9.18.41/bin/tests/system/rrl/tests_sh_rrl.py --- bind9-9.18.33/bin/tests/system/rrl/tests_sh_rrl.py 2025-01-20 13:39:31.126354578 +0000 +++ bind9-9.18.41/bin/tests/system/rrl/tests_sh_rrl.py 2025-10-18 10:21:02.998257299 +0000 @@ -11,8 +11,6 @@ import pytest -import isctest.mark - pytestmark = pytest.mark.extra_artifacts( [ "*mdig.out*", @@ -24,6 +22,6 @@ # The rrl is known to be quite unstable. GL #172 -@isctest.mark.flaky(max_runs=2) +@pytest.mark.flaky(max_runs=2) def test_rrl(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/rsabigexponent/tests_rsabigexponent.py bind9-9.18.41/bin/tests/system/rsabigexponent/tests_rsabigexponent.py --- bind9-9.18.33/bin/tests/system/rsabigexponent/tests_rsabigexponent.py 2025-01-20 13:39:31.130354648 +0000 +++ bind9-9.18.41/bin/tests/system/rsabigexponent/tests_rsabigexponent.py 2025-10-18 10:21:03.002257405 +0000 @@ -43,7 +43,7 @@ def test_max_rsa_exponent_size_bad(exponent_size, templates): templates.render("options.conf", {"max_rsa_exponent_size": exponent_size}) with pytest.raises(subprocess.CalledProcessError): - isctest.run.cmd([CHECKCONF, "options.conf"], log_stdout=True) + isctest.run.cmd([CHECKCONF, "options.conf"]) def test_rsa_big_exponent_keys_cant_load(): diff -Nru bind9-9.18.33/bin/tests/system/run.sh bind9-9.18.41/bin/tests/system/run.sh --- bind9-9.18.33/bin/tests/system/run.sh 2025-01-20 13:39:31.130354648 +0000 +++ bind9-9.18.41/bin/tests/system/run.sh 2025-10-18 10:21:03.003257432 +0000 @@ -22,9 +22,11 @@ fi system_test_dir="$1" +system_test="$(basename $system_test_dir)" shift ( - cd "$system_test_dir" || exit 2 - /usr/bin/env python3 -m pytest "$@" + [ -d "$system_test_dir" ] || exit 2 + cd "${system_test_dir}/.." + /usr/bin/env python3 -m pytest "$@" "$system_test" ) diff -Nru bind9-9.18.33/bin/tests/system/runtime/tests.sh bind9-9.18.41/bin/tests/system/runtime/tests.sh --- bind9-9.18.33/bin/tests/system/runtime/tests.sh 2025-01-20 13:39:31.131354666 +0000 +++ bind9-9.18.41/bin/tests/system/runtime/tests.sh 2025-10-18 10:21:03.004257459 +0000 @@ -62,7 +62,7 @@ ) check_pid() ( - return $(! kill -0 "${1}" >/dev/null 2>&1) + ! kill -0 "${1}" >/dev/null 2>&1 ) status=0 diff -Nru bind9-9.18.33/bin/tests/system/selftest/tests_zone_analyzer.py bind9-9.18.41/bin/tests/system/selftest/tests_zone_analyzer.py --- bind9-9.18.33/bin/tests/system/selftest/tests_zone_analyzer.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/selftest/tests_zone_analyzer.py 2025-10-18 10:21:03.004257459 +0000 @@ -0,0 +1,228 @@ +#!/usr/bin/python3 +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. +""" +isctest.name.ZoneAnalyzer self-test +Generate insane test zone and check expected output of ZoneAnalyzer utility class +""" + + +import collections +import itertools +from pathlib import Path + +import dns.name +from dns.name import Name +import pytest + +import isctest +import isctest.name + +# set of properies present in the tested zone - read by tests_zone_analyzer.py +CATEGORIES = frozenset( + [ + "all_existing_names", + "delegations", + "dnames", + "ents", + "occluded", + "reachable", + "reachable_delegations", + "reachable_dnames", + "reachable_wildcards", + "reachable_wildcard_parents", + "wildcards", + ] +) + + +pytestmark = pytest.mark.extra_artifacts(["analyzer.db"]) +SUFFIX = dns.name.from_text("nsec3.example.") + +LABELS = (b"*", b"dname", b"ent", b"ns", b"txt") +LABEL2RRTYPE = { # leftmost label encodes RR type we will synthesize for given name + b"*": "TXT", + b"dname": "DNAME", + b"ent": None, # ENT is not really a 'type' + b"ns": "NS", + b"txt": "TXT", +} +LABEL2TAGS = { # leftmost label encodes 'initial' meaning of a complete name + b"*": {"wildcards"}, + b"dname": {"dnames"}, + b"ns": {"delegations"}, + b"txt": set(), # perhaps reachable, perhaps not, we need to decide based on other labels +} + + +def name2tags(name): + """ + Decode meaning hidden in labels and their relationships + and return all tags expected from ZoneAnalyzer + """ + tags = LABEL2TAGS[name[0]].copy() + + parent_labels = name[1:] + if b"ns" in parent_labels or b"dname" in parent_labels: + tags.add("occluded") + + if "occluded" not in tags: + tags.add("all_existing_names") + if "delegations" in tags: + # delegations are ambiguous and don't count as 'reachable' + tags.add("reachable_delegations") + elif "dnames" in tags: + tags.add("reachable") + tags.add("reachable_dnames") + elif "wildcards" in tags: + tags.add("reachable") + tags.add("reachable_wildcards") + else: + tags.add("reachable") + + return tags + + +def gen_node(nodes, labels): + name = Name(labels) + nodes[name] = name2tags(name) + + +def add_ents(nodes): + """ + Non-occluded nodes with 'ent' as a parent label imply existence of 'ent' nodes. + """ + new_ents = {} + for name, tags in nodes.items(): + if "occluded" in tags: + continue + + # check if any parent is ENT + entidx = 1 + while True: + try: + entidx = name.labels.index(b"ent", entidx) + except ValueError: + break + entname = Name(name[entidx:]) + new_ents[entname] = {"all_existing_names", "ents"} + entidx += 1 + + return new_ents + + +def tag_wildcard_parents(nodes): + """ + Non-occluded nodes with '*' as a leftmost label tag their immediate parent + nodes as 'reachable_wildcard_parents'. + """ + for name, tags in nodes.items(): + if "occluded" in tags or not name.is_wild(): + continue + + parent_name = Name(name[1:]) + nodes[parent_name].add("reachable_wildcard_parents") + + +def is_non_ent(labels): + """ + Filter out nodes with 'ent' at leftmost position. To become ENT a name must + not have data by itself but have some other node defined underneath it, + and must not be occluded, which is something itertools.product() cannot + decide. + """ + return labels[0] != b"ent" + + +def gen_zone(nodes): + """ + Generate zone file in text format. + + All names are relative. + Right-hand side of RRs contains dot-separated list of categories a node + belongs to (except for zone origin). + """ + for name, tags in sorted(nodes.items()): + if len(name) == 0: + # origin, very special case + yield "@\tSOA\treachable. origin-special-case. 0 0 0 0 0\n" + yield "@\tNS\treachable.\n" + yield "@\tA\t192.0.2.1\n" + continue + + rrtype = LABEL2RRTYPE[name[0]] + if rrtype is None: # ENT + prefix = "; " + else: + prefix = "" + assert tags + yield f"{prefix}{name}\t{rrtype}\t{'.'.join(sorted(tags))}.\n" + + +def gen_expected_output(nodes): + """ + {category: set(names)} mapping used by the pytest check + """ + categories = collections.defaultdict(set) + for name, tags in nodes.items(): + for tag in tags: + categories[tag].add(name) + + assert set(categories.keys()) == CATEGORIES, ( + "CATEGORIES needs updating", + CATEGORIES.symmetric_difference(set(categories.keys())), + ) + + return categories + + +def generate_test_data(): + """ + Prepare the analyzer.db zone file in the current working directory and + return the expected attribute values for the ZoneAnalyzer instance that + will be tested using that file. + """ + nodes = {} + + for length in range(1, len(LABELS) + 1): + for labelseq in filter(is_non_ent, itertools.product(LABELS, repeat=length)): + gen_node(nodes, labelseq) + + # special-case to make this look as a valid DNS zone - it needs zone origin node + nodes[Name([])] = {"all_existing_names", "reachable"} + + nodes.update(add_ents(nodes)) + tag_wildcard_parents(nodes) + + with open("analyzer.db", "w", encoding="ascii") as outf: + outf.writelines(gen_zone(nodes)) + + return gen_expected_output(nodes) + + +if __name__ == "__main__": + generate_test_data() + + +@pytest.fixture(scope="module") +def analyzer_fixture(): + expected_results = generate_test_data() # creates the "analyzer.db" file + analyzer = isctest.name.ZoneAnalyzer.read_path(Path("analyzer.db"), origin=SUFFIX) + return expected_results, analyzer + + +# pylint: disable=redefined-outer-name +@pytest.mark.parametrize("category", sorted(CATEGORIES)) +def test_analyzer_attrs(category, analyzer_fixture): + expected_results, analyzer = analyzer_fixture + # relativize results to zone name to make debugging easier + results = {name.relativize(SUFFIX) for name in getattr(analyzer, category)} + assert results == expected_results[category] diff -Nru bind9-9.18.33/bin/tests/system/serve-stale/ans2/ans.pl bind9-9.18.41/bin/tests/system/serve-stale/ans2/ans.pl --- bind9-9.18.33/bin/tests/system/serve-stale/ans2/ans.pl 2025-01-20 13:39:31.132354684 +0000 +++ bind9-9.18.41/bin/tests/system/serve-stale/ans2/ans.pl 2025-10-18 10:21:03.005257486 +0000 @@ -195,13 +195,8 @@ } $rcode = "NOERROR"; } elsif ($qname eq "shortttl.cname.example") { - if ($qtype eq "A") { - my $rr = new Net::DNS::RR($SHORTCNAME); - push @ans, $rr; - } else { - my $rr = new Net::DNS::RR($negSOA); - push @auth, $rr; - } + my $rr = new Net::DNS::RR($SHORTCNAME); + push @ans, $rr; $rcode = "NOERROR"; } elsif ($qname eq "longttl.target.example") { if ($slow_response) { diff -Nru bind9-9.18.33/bin/tests/system/serve-stale/tests.sh bind9-9.18.41/bin/tests/system/serve-stale/tests.sh --- bind9-9.18.33/bin/tests/system/serve-stale/tests.sh 2025-01-20 13:39:31.134354719 +0000 +++ bind9-9.18.41/bin/tests/system/serve-stale/tests.sh 2025-10-18 10:21:03.007257539 +0000 @@ -115,8 +115,8 @@ # stale for somewhere between 3500-3599 seconds. echo_i "check rndc dump stale data.example ($n)" rndc_dumpdb ns1 || ret=1 -awk '/; stale/ { x=$0; getline; print x, $0}' ns1/named_dump.db.test$n \ - | grep "; stale data\.example.*3[56]...*TXT.*A text record with a 2 second ttl" >/dev/null 2>&1 || ret=1 +awk '/; stale since [0-9]*/ { x=$0; getline; print x, $0}' ns1/named_dump.db.test$n \ + | grep "; stale since [0-9]* data\.example.*3[56]...*TXT.*A text record with a 2 second ttl" >/dev/null 2>&1 || ret=1 # Also make sure the not expired data does not have a stale comment. awk '/; authanswer/ { x=$0; getline; print x, $0}' ns1/named_dump.db.test$n \ | grep "; authanswer longttl\.example.*[56]...*TXT.*A text record with a 600 second ttl" >/dev/null 2>&1 || ret=1 @@ -1612,7 +1612,7 @@ status=$((status + ret)) # Check that expired records are not dumped. ret=0 -grep "; expired since .* (awaiting cleanup)" ns5/named_dump.db.test$n && ret=1 +grep "; expired (awaiting cleanup)" ns5/named_dump.db.test$n && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -1628,13 +1628,13 @@ echo_i "check rndc dump expired data.example ($n)" ret=0 awk '/; expired/ { x=$0; getline; print x, $0}' ns5/named_dump.db.test$n \ - | grep "; expired since .* (awaiting cleanup) data\.example\..*A text record with a 2 second ttl" >/dev/null 2>&1 || ret=1 + | grep "; expired (awaiting cleanup) data\.example\..*A text record with a 2 second ttl" >/dev/null 2>&1 || ret=1 awk '/; expired/ { x=$0; getline; print x, $0}' ns5/named_dump.db.test$n \ - | grep "; expired since .* (awaiting cleanup) nodata\.example\." >/dev/null 2>&1 || ret=1 + | grep "; expired (awaiting cleanup) nodata\.example\." >/dev/null 2>&1 || ret=1 awk '/; expired/ { x=$0; getline; print x, $0}' ns5/named_dump.db.test$n \ - | grep "; expired since .* (awaiting cleanup) nxdomain\.example\." >/dev/null 2>&1 || ret=1 + | grep "; expired (awaiting cleanup) nxdomain\.example\." >/dev/null 2>&1 || ret=1 awk '/; expired/ { x=$0; getline; print x, $0}' ns5/named_dump.db.test$n \ - | grep "; expired since .* (awaiting cleanup) othertype\.example\." >/dev/null 2>&1 || ret=1 + | grep "; expired (awaiting cleanup) othertype\.example\." >/dev/null 2>&1 || ret=1 # Also make sure the not expired data does not have an expired comment. awk '/; authanswer/ { x=$0; getline; print x, $0}' ns5/named_dump.db.test$n \ | grep "; authanswer longttl\.example.*A text record with a 600 second ttl" >/dev/null 2>&1 || ret=1 diff -Nru bind9-9.18.33/bin/tests/system/serve-stale/tests_sh_serve_stale.py bind9-9.18.41/bin/tests/system/serve-stale/tests_sh_serve_stale.py --- bind9-9.18.33/bin/tests/system/serve-stale/tests_sh_serve_stale.py 2025-01-20 13:39:31.134354719 +0000 +++ bind9-9.18.41/bin/tests/system/serve-stale/tests_sh_serve_stale.py 2025-10-18 10:21:03.007257539 +0000 @@ -24,5 +24,6 @@ ) +@pytest.mark.flaky(max_runs=2) def test_serve_stale(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/shutdown/tests_shutdown.py bind9-9.18.41/bin/tests/system/shutdown/tests_shutdown.py --- bind9-9.18.33/bin/tests/system/shutdown/tests_shutdown.py 2025-01-20 13:39:31.136354754 +0000 +++ bind9-9.18.41/bin/tests/system/shutdown/tests_shutdown.py 2025-10-18 10:21:03.009257593 +0000 @@ -105,7 +105,7 @@ ) qname = relname + ".test" - msg = dns.message.make_query(qname, "A") + msg = isctest.query.create(qname, "A") futures[ executor.submit( isctest.query.udp, msg, resolver_ip, timeout=1, attempts=1 diff -Nru bind9-9.18.33/bin/tests/system/start.pl bind9-9.18.41/bin/tests/system/start.pl --- bind9-9.18.33/bin/tests/system/start.pl 2025-01-20 13:39:31.137354771 +0000 +++ bind9-9.18.41/bin/tests/system/start.pl 2025-10-18 10:21:03.010257619 +0000 @@ -234,7 +234,7 @@ $command = "taskset $taskset $NAMED "; } elsif ($ENV{'USE_RR'}) { $ENV{'_RR_TRACE_DIR'} = "."; - $command = "rr record --chaos $NAMED "; + $command = "$ENV{'TOP_BUILDDIR'}/libtool --mode=execute rr record --chaos $NAMED "; } else { $command = "$NAMED "; } @@ -265,7 +265,8 @@ foreach my $t_option( "dropedns", "ednsformerr", "ednsnotimp", "ednsrefused", - "noaa", "noedns", "nosoa", "maxudp512", "maxudp1460", + "cookiealwaysvalid", "noaa", "noedns", "nosoa", + "maxudp512", "maxudp1460", ) { if (-e "$testdir/$server/named.$t_option") { $command .= "-T $t_option " diff -Nru bind9-9.18.33/bin/tests/system/statistics/tests_sh_statistics.py bind9-9.18.41/bin/tests/system/statistics/tests_sh_statistics.py --- bind9-9.18.33/bin/tests/system/statistics/tests_sh_statistics.py 2025-01-20 13:39:31.142354859 +0000 +++ bind9-9.18.41/bin/tests/system/statistics/tests_sh_statistics.py 2025-10-18 10:21:03.015257753 +0000 @@ -11,8 +11,6 @@ import pytest -import isctest.mark - pytestmark = pytest.mark.extra_artifacts( [ "curl.out.*", @@ -26,6 +24,6 @@ ) -@isctest.mark.flaky(max_runs=2) # GL#1621 +@pytest.mark.flaky(max_runs=2) # GL#1621 def test_statistics(run_tests_sh): run_tests_sh() diff -Nru bind9-9.18.33/bin/tests/system/statschannel/tests.sh bind9-9.18.41/bin/tests/system/statschannel/tests.sh --- bind9-9.18.33/bin/tests/system/statschannel/tests.sh 2025-01-20 13:39:31.143354877 +0000 +++ bind9-9.18.41/bin/tests/system/statschannel/tests.sh 2025-10-18 10:21:03.016257780 +0000 @@ -591,7 +591,8 @@ if [ -x "${CURL_NEXT}" ]; then # build input stream. printf 'X-Bloat: ' >header.in$n - while test $i -lt 5000; do + # curl 8.13 and newer rejects to read line larger than 100KB + while test $i -lt 1023; do printf '%s' "VGhlIG1vc3QgY29tbW9uIHJlYXNvbiBmb3IgYmxvYXRpbmcgaXMgaGF2aW5nIGEgbG90IG9mIGdhcyBpbiB5b3VyIGd1dC4gCg==" >>header.in$n i=$((i + 1)) done diff -Nru bind9-9.18.33/bin/tests/system/statschannel/tests_json.py bind9-9.18.41/bin/tests/system/statschannel/tests_json.py --- bind9-9.18.33/bin/tests/system/statschannel/tests_json.py 2025-01-20 13:39:31.143354877 +0000 +++ bind9-9.18.41/bin/tests/system/statschannel/tests_json.py 2025-10-18 10:21:03.016257780 +0000 @@ -119,6 +119,6 @@ ) -@isctest.mark.flaky(max_runs=2, rerun_filter=isctest.mark.with_tsan) +@pytest.mark.flaky(max_runs=2) def test_traffic_json(statsport): generic.test_traffic(fetch_traffic_json, statsip="10.53.0.2", statsport=statsport) diff -Nru bind9-9.18.33/bin/tests/system/statschannel/tests_xml.py bind9-9.18.41/bin/tests/system/statschannel/tests_xml.py --- bind9-9.18.33/bin/tests/system/statschannel/tests_xml.py 2025-01-20 13:39:31.144354895 +0000 +++ bind9-9.18.41/bin/tests/system/statschannel/tests_xml.py 2025-10-18 10:21:03.016257780 +0000 @@ -148,6 +148,6 @@ ) -@isctest.mark.flaky(max_runs=2, rerun_filter=isctest.mark.with_tsan) +@pytest.mark.flaky(max_runs=2) def test_traffic_xml(statsport): generic.test_traffic(fetch_traffic_xml, statsip="10.53.0.2", statsport=statsport) diff -Nru bind9-9.18.33/bin/tests/system/stress/tests_stress_update.py bind9-9.18.41/bin/tests/system/stress/tests_stress_update.py --- bind9-9.18.33/bin/tests/system/stress/tests_stress_update.py 2025-01-20 13:39:31.145354912 +0000 +++ bind9-9.18.41/bin/tests/system/stress/tests_stress_update.py 2025-10-18 10:21:03.018257833 +0000 @@ -55,7 +55,9 @@ update = dns.update.UpdateMessage(zone) update.add(f"dynamic-{i}.{zone}", 300, "TXT", f"txt-{i}") try: - response = isctest.query.udp(update, server) + response = isctest.query.udp( + update, server, log_query=False, log_response=False + ) assert response.rcode() == dns.rcode.NOERROR except dns.exception.Timeout: isctest.log.info(f"error: query timeout for {zone}") diff -Nru bind9-9.18.33/bin/tests/system/tcp/ans6/ans.py bind9-9.18.41/bin/tests/system/tcp/ans6/ans.py --- bind9-9.18.33/bin/tests/system/tcp/ans6/ans.py 2025-01-20 13:39:31.149354983 +0000 +++ bind9-9.18.41/bin/tests/system/tcp/ans6/ans.py 2025-10-18 10:21:03.022257940 +0000 @@ -71,9 +71,9 @@ else: queued.append(sock) - start = time.time() + start = time.monotonic() while queued: - now = time.time() + now = time.monotonic() time_left = OPEN_TIMEOUT - (now - start) if time_left <= 0: break diff -Nru bind9-9.18.33/bin/tests/system/timeouts/tests_tcp_timeouts.py bind9-9.18.41/bin/tests/system/timeouts/tests_tcp_timeouts.py --- bind9-9.18.33/bin/tests/system/timeouts/tests_tcp_timeouts.py 2025-01-20 13:39:31.151355018 +0000 +++ bind9-9.18.41/bin/tests/system/timeouts/tests_tcp_timeouts.py 2025-10-18 10:21:03.024257993 +0000 @@ -67,6 +67,7 @@ raise EOFError from e +@pytest.mark.flaky(max_runs=2, rerun_filter=isctest.mark.is_host_freebsd_13) def test_idle_timeout(named_port): # # The idle timeout is 5 seconds, so the third message should fail @@ -188,7 +189,7 @@ assert soa is not None -@isctest.mark.flaky(max_runs=3) +@pytest.mark.flaky(max_runs=3) def test_send_timeout(named_port): with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: sock.connect(("10.53.0.1", named_port)) diff -Nru bind9-9.18.33/bin/tests/system/tools/tests_tools_nsec3hash.py bind9-9.18.41/bin/tests/system/tools/tests_tools_nsec3hash.py --- bind9-9.18.33/bin/tests/system/tools/tests_tools_nsec3hash.py 2025-01-20 13:39:31.152355035 +0000 +++ bind9-9.18.41/bin/tests/system/tools/tests_tools_nsec3hash.py 2025-10-18 10:21:03.025258020 +0000 @@ -15,6 +15,12 @@ import pytest import isctest +from isctest.hypothesis.strategies import dns_names + +from hypothesis import strategies, given, settings + +from dns.dnssectypes import NSEC3Hash +import dns.dnssec NSEC3HASH = os.environ.get("NSEC3HASH") @@ -120,3 +126,51 @@ def test_nsec3_bad_option(): with pytest.raises(subprocess.CalledProcessError): isctest.run.cmd([NSEC3HASH, "-?"]) + + +@given( + domain=dns_names(), + it=strategies.integers(min_value=0, max_value=65535), + salt_bytes=strategies.binary(min_size=0, max_size=255), +) +def test_nsec3hash_acceptable_values(domain, it, salt_bytes) -> None: + if not salt_bytes: + salt_text = "-" + else: + salt_text = salt_bytes.hex() + # calculate the hash using dnspython: + hash1 = dns.dnssec.nsec3_hash( + domain, salt=salt_bytes, iterations=it, algorithm=NSEC3Hash.SHA1 + ) + + # calculate the hash using nsec3hash: + output = isctest.run.cmd( + [NSEC3HASH, salt_text, "1", str(it), str(domain)] + ).stdout.decode("ascii") + hash2 = output.partition(" ")[0] + + assert hash1 == hash2 + + +@settings(max_examples=5) +@given( + domain=dns_names(), + it=strategies.integers(min_value=0, max_value=65535), + salt_bytes=strategies.binary(min_size=256), +) +def test_nsec3hash_salt_too_long(domain, it, salt_bytes) -> None: + salt_text = salt_bytes.hex() + with pytest.raises(subprocess.CalledProcessError): + isctest.run.cmd([NSEC3HASH, salt_text, "1", str(it), str(domain)]) + + +@settings(max_examples=5) +@given( + domain=dns_names(), + it=strategies.integers(min_value=65536), + salt_bytes=strategies.binary(min_size=0, max_size=255), +) +def test_nsec3hash_too_many_iterations(domain, it, salt_bytes) -> None: + salt_text = salt_bytes.hex() + with pytest.raises(subprocess.CalledProcessError): + isctest.run.cmd([NSEC3HASH, salt_text, "1", str(it), str(domain)]) diff -Nru bind9-9.18.33/bin/tests/system/tsig/tests_tsig_hypothesis.py bind9-9.18.41/bin/tests/system/tsig/tests_tsig_hypothesis.py --- bind9-9.18.33/bin/tests/system/tsig/tests_tsig_hypothesis.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/tsig/tests_tsig_hypothesis.py 2025-10-18 10:21:03.028258100 +0000 @@ -0,0 +1,136 @@ +#!/usr/bin/python3 + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import time + +import pytest + +pytest.importorskip("dns", minversion="2.7.0") # TSIG parsing without validation + +import dns.exception +import dns.message +import dns.name +import dns.rdataclass +import dns.rdatatype +import dns.rdtypes.ANY.TSIG +import dns.rrset +import dns.tsig + +import isctest +from isctest.hypothesis.strategies import dns_names, uint + +from hypothesis import assume, example, given, HealthCheck, settings +from hypothesis.strategies import binary, booleans, composite, just, sampled_from + + +pytestmark = pytest.mark.extra_artifacts( + [ + "ans*/ans.run", + "ns1/named-fips.conf", + ] +) + + +@composite +def generate_known_algoritm_and_matching_len_mac(draw): + candidates = tuple(dns.tsig.mac_sizes.items()) + alg, mac_size = draw(sampled_from(candidates)) + mac = draw(binary(min_size=mac_size, max_size=mac_size)) + return alg, mac + + +@composite +def generate_known_algoritm_and_wrong_len_mac(draw): + candidates = tuple(dns.tsig.mac_sizes.items()) + alg, correct_mac_len = draw(sampled_from(candidates)) + mac = draw(binary()) + assume(len(mac) != correct_mac_len) + return alg, mac + + +@composite +def generate_unknown_but_likely_algoritm_and_mac(draw): + alg = draw(dns_names(min_labels=2, max_labels=2)) + mac = draw(binary()) + return alg, mac + + +@composite +def generate_random_alg_and_mac(draw): + alg = draw(dns_names()) + mac = draw(binary()) + return alg, mac + + +@settings(suppress_health_check=[HealthCheck.function_scoped_fixture]) +@given( + keyname=dns_names(max_labels=3) | dns_names(), + alg_and_mac=generate_known_algoritm_and_matching_len_mac() + | generate_known_algoritm_and_wrong_len_mac() + | generate_unknown_but_likely_algoritm_and_mac() + | generate_random_alg_and_mac(), + time_signed=just(int(time.time())) | uint(48), + fudge=just(300) | uint(16), + mangle_orig_id=booleans(), + error=just(0) | uint(12), + other=just(b"") | binary(), +) +@example( + keyname=dns.name.from_text("."), + alg_and_mac=(dns.name.from_text("."), b""), + time_signed=0, + fudge=300, + mangle_orig_id=False, + error=0, + other=b"", +) +def test_tsig_fuzz_rdata( + keyname, + alg_and_mac, + time_signed, + fudge, + error, + mangle_orig_id, + other, + servers, + named_port, +): + alg, mac = alg_and_mac + ns1 = servers["ns1"] + msg = dns.message.make_query("example.com.", "AXFR") + msg.keyring = False # don't validate received TSIG # noqa + + tsig_orig_id = msg.id + if mangle_orig_id: + tsig_orig_id = (msg.id - 0xABCD) % 0x10000 + + tsig = dns.rdtypes.ANY.TSIG.TSIG( + dns.rdataclass.ANY, + dns.rdatatype.TSIG, + alg, + time_signed, + fudge, + mac, + tsig_orig_id, + error, + other, + ) + rrs = dns.rrset.from_rdata(keyname, 0, tsig) + msg.additional.append(rrs) + + try: + isctest.query.tcp(msg, ns1.ip, named_port) + except dns.tsig.PeerError: + pass # any error from named is fine + except dns.exception.TooBig: + assume(False) # some randomly generated value did not fit into message diff -Nru bind9-9.18.33/bin/tests/system/tsiggss/tests_isc_spnego_flaws.py bind9-9.18.41/bin/tests/system/tsiggss/tests_isc_spnego_flaws.py --- bind9-9.18.33/bin/tests/system/tsiggss/tests_isc_spnego_flaws.py 2025-01-20 13:39:31.156355106 +0000 +++ bind9-9.18.41/bin/tests/system/tsiggss/tests_isc_spnego_flaws.py 2025-10-18 10:21:03.029258127 +0000 @@ -17,7 +17,6 @@ """ import argparse -import datetime import struct import time @@ -57,7 +56,7 @@ rrset = dns.rrset.from_rdata(dns.name.root, dns.rdatatype.TKEY, rdata) # Prepare complete TKEY query to send - self.msg = dns.message.make_query( + self.msg = isctest.query.create( dns.name.root, dns.rdatatype.TKEY, dns.rdataclass.ANY ) self.msg.additional.append(rrset) @@ -177,14 +176,8 @@ """ query = CraftedTKEYQuery(opts).msg - print("# > " + str(datetime.datetime.now())) - print(query.to_text()) - print() - - response = isctest.query.tcp(query, opts.server_ip, timeout=2) - print("# < " + str(datetime.datetime.now())) - print(response.to_text()) - print() + + isctest.query.tcp(query, opts.server_ip, timeout=2) def test_cve_2020_8625(): diff -Nru bind9-9.18.33/bin/tests/system/ttl/tests_cache_ttl.py bind9-9.18.41/bin/tests/system/ttl/tests_cache_ttl.py --- bind9-9.18.33/bin/tests/system/ttl/tests_cache_ttl.py 2025-01-20 13:39:31.156355106 +0000 +++ bind9-9.18.41/bin/tests/system/ttl/tests_cache_ttl.py 2025-10-18 10:21:03.030258154 +0000 @@ -13,9 +13,6 @@ import isctest -pytest.importorskip("dns") -import dns.message - @pytest.mark.parametrize( "qname,rdtype,expected_ttl", @@ -27,7 +24,7 @@ ], ) def test_cache_ttl(qname, rdtype, expected_ttl): - msg = dns.message.make_query(qname, rdtype) + msg = isctest.query.create(qname, rdtype) response = isctest.query.udp(msg, "10.53.0.2") for rr in response.answer + response.authority: assert rr.ttl == expected_ttl diff -Nru bind9-9.18.33/bin/tests/system/verify/tests_verify.py bind9-9.18.41/bin/tests/system/verify/tests_verify.py --- bind9-9.18.33/bin/tests/system/verify/tests_verify.py 2025-01-20 13:39:31.160355176 +0000 +++ bind9-9.18.41/bin/tests/system/verify/tests_verify.py 2025-10-18 10:21:03.034258261 +0000 @@ -47,7 +47,7 @@ ], ) def test_verify_good_zone_files(zone): - isctest.run.cmd([VERIFY, "-z", "-o", zone, f"zones/{zone}.good"], log_stdout=True) + isctest.run.cmd([VERIFY, "-z", "-o", zone, f"zones/{zone}.good"]) def test_verify_good_zone_nsec_next_name_case_mismatch(): @@ -58,7 +58,6 @@ "nsec-next-name-case-mismatch", "zones/nsec-next-name-case-mismatch.good", ], - log_stdout=True, ) @@ -67,7 +66,6 @@ output = isctest.run.cmd( [VERIFY, *only_opt, "-o", zone, f"zones/{zone}.bad"], raise_on_exception=False, - log_stdout=True, ) stream = (output.stdout + output.stderr).decode("utf-8").replace("\n", "") return stream diff -Nru bind9-9.18.33/bin/tests/system/vulture_ignore_list.py bind9-9.18.41/bin/tests/system/vulture_ignore_list.py --- bind9-9.18.33/bin/tests/system/vulture_ignore_list.py 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/bin/tests/system/vulture_ignore_list.py 2025-10-18 10:21:03.036258314 +0000 @@ -0,0 +1,12 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +token_init_and_cleanup # unused function (keyfromlabel/tests_keyfromlabel.py:43) diff -Nru bind9-9.18.33/bin/tests/system/wildcard/tests_wildcard.py bind9-9.18.41/bin/tests/system/wildcard/tests_wildcard.py --- bind9-9.18.33/bin/tests/system/wildcard/tests_wildcard.py 2025-01-20 13:39:31.164355246 +0000 +++ bind9-9.18.41/bin/tests/system/wildcard/tests_wildcard.py 2025-10-18 10:21:03.038258368 +0000 @@ -38,17 +38,9 @@ import dns.rdatatype import dns.rrset -# in FIPs mode md5 fails so we need 4.41.2 or later which does not use md5 -try: - import hashlib - - hashlib.md5(b"1234") - pytest.importorskip("hypothesis") -except ValueError: - pytest.importorskip("hypothesis", minversion="4.41.2") +from isctest.hypothesis.strategies import dns_names, dns_rdatatypes_without_meta from hypothesis import assume, example, given, settings -from isctest.hypothesis.strategies import dns_names, dns_rdatatypes_without_meta import isctest.check import isctest.name import isctest.query @@ -102,7 +94,7 @@ # See RFC 4592 section 2.2.1. assume(name == SUFFIX or name.labels[-len(SUFFIX) - 1] != b"*") - query_msg = dns.message.make_query(name, rdtype) + query_msg = isctest.query.create(name, rdtype) response_msg = isctest.query.tcp(query_msg, IP_ADDR, named_port, timeout=TIMEOUT) isctest.check.is_response_to(response_msg, query_msg) @@ -119,7 +111,7 @@ # See RFC 4592 section 2.2.1. assume(name.labels[-len(SUFFIX) - 1] != b"*") - query_msg = dns.message.make_query(name, WILDCARD_RDTYPE) + query_msg = isctest.query.create(name, WILDCARD_RDTYPE) response_msg = isctest.query.tcp(query_msg, IP_ADDR, named_port, timeout=TIMEOUT) isctest.check.is_response_to(response_msg, query_msg) @@ -148,7 +140,7 @@ name: dns.name.Name, named_port: int ) -> None: """RFC 4592 section 2.2.1 ghost.*.example.""" - query_msg = dns.message.make_query(name, WILDCARD_RDTYPE) + query_msg = isctest.query.create(name, WILDCARD_RDTYPE) response_msg = isctest.query.tcp(query_msg, IP_ADDR, named_port, timeout=TIMEOUT) isctest.check.is_response_to(response_msg, query_msg) @@ -178,7 +170,7 @@ or name.labels[-len(NESTED_SUFFIX) - 1] != b"*" ) - query_msg = dns.message.make_query(name, WILDCARD_RDTYPE) + query_msg = isctest.query.create(name, WILDCARD_RDTYPE) response_msg = isctest.query.tcp(query_msg, IP_ADDR, named_port, timeout=TIMEOUT) isctest.check.is_response_to(response_msg, query_msg) @@ -209,7 +201,7 @@ `foo.*.*.*.nestedwild.test. A` must not be synthesized. """ - query_msg = dns.message.make_query(name, WILDCARD_RDTYPE) + query_msg = isctest.query.create(name, WILDCARD_RDTYPE) response_msg = isctest.query.tcp(query_msg, IP_ADDR, named_port, timeout=TIMEOUT) isctest.check.is_response_to(response_msg, query_msg) diff -Nru bind9-9.18.33/bin/tests/system/xfer/dig1.good bind9-9.18.41/bin/tests/system/xfer/dig1.good --- bind9-9.18.33/bin/tests/system/xfer/dig1.good 2025-01-20 13:39:31.165355264 +0000 +++ bind9-9.18.41/bin/tests/system/xfer/dig1.good 2025-10-18 10:21:03.039258394 +0000 @@ -25,6 +25,7 @@ atma03.example. 3600 IN ATMA 1234567890abcdef atma04.example. 3600 IN ATMA fedcba0987654321 avc.example. 3600 IN AVC "foo:bar" +brid.example. 3600 IN BRID abcd caa01.example. 3600 IN CAA 0 issue "ca.example.net; policy=ev" caa02.example. 3600 IN CAA 128 tbs "Unknown" caa03.example. 3600 IN CAA 128 tbs "" @@ -49,12 +50,14 @@ ds01.example. 3600 IN NS ns42.example. ds02.example. 3600 IN DS 12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390 ds02.example. 3600 IN NS ns43.example. +dsync01.example. 3600 IN DSYNC CDS NOTIFY 53 . eid01.example. 3600 IN EID 1289AB eui48.example. 3600 IN EUI48 01-23-45-67-89-ab eui64.example. 3600 IN EUI64 01-23-45-67-89-ab-cd-ef gid01.example. 3600 IN GID \# 1 03 gpos01.example. 3600 IN GPOS "-22.6882" "116.8652" "250.0" gpos02.example. 3600 IN GPOS "" "" "" +hhit.example. 3600 IN HHIT abcd hinfo01.example. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4" hinfo02.example. 3600 IN HINFO "PC" "NetBSD" hip1.example. 3600 IN HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D diff -Nru bind9-9.18.33/bin/tests/system/xfer/dig2.good bind9-9.18.41/bin/tests/system/xfer/dig2.good --- bind9-9.18.33/bin/tests/system/xfer/dig2.good 2025-01-20 13:39:31.165355264 +0000 +++ bind9-9.18.41/bin/tests/system/xfer/dig2.good 2025-10-18 10:21:03.039258394 +0000 @@ -25,6 +25,7 @@ atma03.example. 3600 IN ATMA 1234567890abcdef atma04.example. 3600 IN ATMA fedcba0987654321 avc.example. 3600 IN AVC "foo:bar" +brid.example. 3600 IN BRID abcd caa01.example. 3600 IN CAA 0 issue "ca.example.net; policy=ev" caa02.example. 3600 IN CAA 128 tbs "Unknown" caa03.example. 3600 IN CAA 128 tbs "" @@ -49,12 +50,14 @@ ds01.example. 3600 IN DS 12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13 ds02.example. 3600 IN NS ns43.example. ds02.example. 3600 IN DS 12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390 +dsync01.example. 3600 IN DSYNC CDS NOTIFY 53 . eid01.example. 3600 IN EID 1289AB eui48.example. 3600 IN EUI48 01-23-45-67-89-ab eui64.example. 3600 IN EUI64 01-23-45-67-89-ab-cd-ef gid01.example. 3600 IN GID \# 1 03 gpos01.example. 3600 IN GPOS "-22.6882" "116.8652" "250.0" gpos02.example. 3600 IN GPOS "" "" "" +hhit.example. 3600 IN HHIT abcd hinfo01.example. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4" hinfo02.example. 3600 IN HINFO "PC" "NetBSD" hip1.example. 3600 IN HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D diff -Nru bind9-9.18.33/bin/tests/system/xferquota/tests_xferquota.py bind9-9.18.41/bin/tests/system/xferquota/tests_xferquota.py --- bind9-9.18.33/bin/tests/system/xferquota/tests_xferquota.py 2025-01-20 13:39:31.168355317 +0000 +++ bind9-9.18.41/bin/tests/system/xferquota/tests_xferquota.py 2025-10-18 10:21:03.042258475 +0000 @@ -14,6 +14,7 @@ import re import shutil import signal +import time import dns.message import pytest @@ -33,7 +34,8 @@ def test_xferquota(named_port, servers): - # Changing test zone + # Changing test zone ensuring that the time stamp changes + time.sleep(1) shutil.copyfile("ns1/changing2.db", "ns1/changing.db") with open("ns1/named.pid", "r", encoding="utf-8") as pidfile: pid = int(pidfile.read()) @@ -58,8 +60,8 @@ isctest.run.retry_with_timeout(check_line_count, timeout=360) - axfr_msg = dns.message.make_query("zone000099.example.", "AXFR") - a_msg = dns.message.make_query("a.changing.", "A") + axfr_msg = isctest.query.create("zone000099.example.", "AXFR") + a_msg = isctest.query.create("a.changing.", "A") def query_and_compare(msg): ns1response = isctest.query.tcp(msg, "10.53.0.1") @@ -73,9 +75,6 @@ f"transfer of 'changing/IN' from 10.53.0.1#{named_port}: " f"Transfer completed: .*\\(serial 2\\)" ) - with servers["ns2"].watch_log_from_start() as watcher: - watcher.wait_for_line( - pattern, - timeout=30, - ) + with servers["ns2"].watch_log_from_start(timeout=30) as watcher: + watcher.wait_for_line(pattern) query_and_compare(a_msg) diff -Nru bind9-9.18.33/bin/tests/wire_test.c bind9-9.18.41/bin/tests/wire_test.c --- bind9-9.18.33/bin/tests/wire_test.c 2025-01-20 13:39:31.171355370 +0000 +++ bind9-9.18.41/bin/tests/wire_test.c 2025-10-18 10:21:03.045258555 +0000 @@ -63,7 +63,7 @@ static void usage(void) { fprintf(stderr, "wire_test [-b] [-d] [-p] [-r] [-s]\n"); - fprintf(stderr, " [-m {usage|trace|record|size|mctx}]\n"); + fprintf(stderr, " [-m {usage|trace|record}]\n"); fprintf(stderr, " [filename]\n\n"); fprintf(stderr, "\t-b\tBest-effort parsing (ignore some errors)\n"); fprintf(stderr, "\t-d\tRead input as raw binary data\n"); diff -Nru bind9-9.18.33/bin/tools/Makefile.in bind9-9.18.41/bin/tools/Makefile.in --- bind9-9.18.33/bin/tools/Makefile.in 2025-01-20 13:40:38.462384822 +0000 +++ bind9-9.18.41/bin/tools/Makefile.in 2025-10-18 10:21:43.240306995 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -389,8 +391,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -600,16 +604,11 @@ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(bindir)" && rm -f $$files + cd "$(DESTDIR)$(bindir)" && $(am__rm_f) $$files clean-binPROGRAMS: - @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(bin_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(bin_PROGRAMS:$(EXEEXT)=) arpaname$(EXEEXT): $(arpaname_OBJECTS) $(arpaname_DEPENDENCIES) $(EXTRA_arpaname_DEPENDENCIES) @rm -f arpaname$(EXEEXT) @@ -655,7 +654,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -849,8 +848,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -860,7 +859,7 @@ clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/arpaname.Po + -rm -f ./$(DEPDIR)/arpaname.Po -rm -f ./$(DEPDIR)/dnstap_read-dnstap-read.Po -rm -f ./$(DEPDIR)/mdig-mdig.Po -rm -f ./$(DEPDIR)/named-journalprint.Po @@ -916,7 +915,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/arpaname.Po + -rm -f ./$(DEPDIR)/arpaname.Po -rm -f ./$(DEPDIR)/dnstap_read-dnstap-read.Po -rm -f ./$(DEPDIR)/mdig-mdig.Po -rm -f ./$(DEPDIR)/named-journalprint.Po @@ -972,3 +971,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/bin/tools/named-rrchecker.c bind9-9.18.41/bin/tools/named-rrchecker.c --- bind9-9.18.33/bin/tools/named-rrchecker.c 2025-01-20 13:39:31.172355387 +0000 +++ bind9-9.18.41/bin/tools/named-rrchecker.c 2025-10-18 10:21:03.047258608 +0000 @@ -180,7 +180,7 @@ specials[')'] = 1; specials['"'] = 1; isc_lex_setspecials(lex, specials); - options = ISC_LEXOPT_EOL; + options = ISC_LEXOPT_EOL | ISC_LEXOPT_DNSMULTILINE; isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); RUNTIME_CHECK(isc_lex_openstream(lex, stdin) == ISC_R_SUCCESS); diff -Nru bind9-9.18.33/bin/tools/named-rrchecker.rst bind9-9.18.41/bin/tools/named-rrchecker.rst --- bind9-9.18.33/bin/tools/named-rrchecker.rst 2025-01-20 13:39:31.172355387 +0000 +++ bind9-9.18.41/bin/tools/named-rrchecker.rst 2025-10-18 10:21:03.047258608 +0000 @@ -26,37 +26,210 @@ Description ~~~~~~~~~~~ -:program:`named-rrchecker` reads a individual DNS resource record from standard +:program:`named-rrchecker` reads a single DNS resource record (RR) from standard input and checks whether it is syntactically correct. -Options -~~~~~~~ +The input format is a minimal subset of the DNS zone file format. The entire input must be: + CLASS TYPE RDATA -.. option:: -h +* Input must not start with an owner (domain) name +* The `CLASS` field is mandatory (typically ``IN``). +* The `TTL` field **must not** be present. +* RDATA format is specific to each RRTYPE. +* Leading and trailing whitespace in each field is ignored. + +Format details can be found in :rfc:`1035#section-5.1` under ```` +specification. :rfc:`3597` format is also accepted in any of the input fields. +See :ref:`Examples`. - This option prints out the help menu. + +Options +~~~~~~~ .. option:: -o origin - This option specifies the origin to be used when interpreting - the record. + This option specifies the origin to be used when interpreting names in the record: + it defaults to root (`.`). The specified origin is always taken as an absolute name. .. option:: -p This option prints out the resulting record in canonical form. If there - is no canonical form defined, the record is printed in unknown + is no canonical form defined, the record is printed in :rfc:`3597` unknown record format. .. option:: -u - This option prints out the resulting record in unknown record form. + This option prints out the resulting record in :rfc:`3597` unknown record + format. .. option:: -C, -T, -P - These options print out the known class, standard type, - and private type mnemonics, respectively. + These options do not read input. They print out known classes, standard types, + and private type mnemonics. Each item is printed on a separate line. + The resulting list of private types may be empty + +.. option:: -h + + This option prints out the help menu. + + +.. _examples: + +Examples +~~~~~~~~ +Pay close attention to the :manpage:`echo` command line options `-e` and `-n`, as they affect whitespace in the input to ``named-rrchecker``. + +echo -n 'IN A 192.0.2.1' | named-rrchecker + * Valid input is in :rfc:`1035` format with no newline at the end of the input. + * Return code 0. + +echo -e '\\n \\n IN\\tA 192.0.2.1 \\t \\n\\n ' | named-rrchecker -p + * Valid input with leading and trailing whitespace. + * Output: ``IN A 192.0.2.1`` + * Leading and trailing whitespace is not part of the output. + + +Relative names and origin +^^^^^^^^^^^^^^^^^^^^^^^^^ +echo 'IN CNAME target' | named-rrchecker -p + * Valid input with a relative name as the CNAME target. + * Output: ``IN CNAME target.`` + * Relative name `target` from the input is converted to an absolute name using the default origin ``.`` (root). + +echo 'IN CNAME target' | named-rrchecker -p -o origin.test + * Valid input with a relative name as the CNAME target. + * Output: ``IN CNAME target.origin.test.`` + * Relative name `target` from the input is converted to an absolute name using the specified origin ``origin.test`` +echo 'IN CNAME target.' | named-rrchecker -p -o origin.test + * Valid input with an absolute name as the CNAME target. + * Output: ``IN CNAME target.`` + * The specified origin has no influence if `target` from the input is already absolute. + + +Special characters +^^^^^^^^^^^^^^^^^^ +Special characters allowed in zone files by :rfc:`1035#section-5.1` are accepted. + +echo 'IN CNAME t\\097r\\get\\.' | named-rrchecker -p -o origin.test + * Valid input with backslash escapes. + * Output: ``IN CNAME target\..origin.test.`` + * ``\097`` denotes an ASCII value in decimal, which, in this example, is the character ``a``. + * ``\g`` is converted to a plain ``g`` because the ``g`` character does not have a special meaning and so the ``\`` prefix does nothing in this case. + * ``\.`` denotes a literal ASCII dot (here as a part of the CNAME target name). Special meaning of ``.`` as the DNS label separator was disabled by the preceding ``\`` prefix. + +echo 'IN CNAME @' | named-rrchecker -p -o origin.test + * Valid input with ``@`` used as a reference to the specified origin. + * Output: ``IN CNAME origin.test.`` + +echo 'IN CNAME \\@' | named-rrchecker -p -o origin.test + * Valid input with a literal ``@`` character (escaped). + * Output: ``IN CNAME \@.origin.test.`` + +echo 'IN CNAME prefix.@' | named-rrchecker -p -o origin.test + * Valid input with ``@`` used as a reference to the specifed origin. + * Output: ``IN CNAME prefix.\@.origin.test.`` + * ``@`` has special meaning only if it is free-standing. + +echo 'IN A 192.0.2.1; comment' | named-rrchecker -p + * Valid input with a trailing comment. Note the lack of whitespace before the start of the comment. + * Output: ``IN A 192.0.2.1`` + +For multi-line examples see the next section. + +Multi-token records +^^^^^^^^^^^^^^^^^^^ +echo -e 'IN TXT two words \\n' | named-rrchecker -p + * Valid TXT RR with two unquoted words and trailing whitespace. + * Output: ``IN TXT "two" "words"`` + * Two unquoted words in the input are treated as two ``\ s per :rfc:`1035#section-3.3.14`. + * Trailing whitespace is omitted from the last ``. + +echo -e 'IN TXT "two words" \\n' | named-rrchecker -p + * Valid TXT RR with one `character-string` and trailing whitespace. + * Output: ``IN TXT "two words"`` + +echo -e 'IN TXT "problematic newline\\n"' | named-rrchecker -p + * Invalid input - the closing ``"`` is not detected before the end of the line. + +echo 'IN TXT "with newline\\010"' | named-rrchecker -p + * Valid input with an escaped newline character inside `character-string`. + * Output: ``IN TXT "with newline\010"`` + +echo -e 'IN TXT ( two\\nwords )' | named-rrchecker -p + * Valid multi-line input with line continuation allowed inside optional parentheses in the RDATA field. + * Output: ``IN TXT "two" "words"`` + +echo -e 'IN TXT ( two\\nwords ; misplaced comment )' | named-rrchecker -p + * Invalid input - comments, starting with ";", are ignored by the parser, so the closing parenthesis should be before the semicolon. + +echo -e 'IN TXT ( two\\nwords ; a working comment\\n )' | named-rrchecker -p + * Valid input - the comment is terminated with a newline. + * Output: ``IN TXT "two" "words"`` + +echo 'IN HTTPS 1 . alpn="h2,h3"' | named-rrchecker -p + * Valid HTTPS record + * Output: ``IN HTTPS 1 . alpn="h2,h3"`` + +echo -e 'IN HTTPS ( 1 \\n . \\n alpn="dot")port=853' | named-rrchecker -p + * Valid HTTPS record with individual sub-fields split across multiple lines + using :rfc:`1035#section-5.1` parentheses syntax to group data that crosses + a line boundary. + * Note the missing whitespace between the closing parenthesis and adjacent tokens. + * Output: ``IN HTTPS 1 . alpn="dot" port=853`` + + +Unknown type handling +^^^^^^^^^^^^^^^^^^^^^ + +echo 'IN A 192.0.2.1' | named-rrchecker -u + * Valid input in :rfc:`1035` format. + * Output in :rfc:`3957` format: ``CLASS1 TYPE1 \# 4 C0000201`` + +echo 'CLASS1 TYPE1 \\# 4 C0000201' | named-rrchecker -p + * Valid input in :rfc:`3597` format. + * Output in :rfc:`1035` format: ``IN A 192.0.2.1`` + +echo 'IN A \\# 4 C0000201' | named-rrchecker -p + * Valid input with class and type in :rfc:`1035` format and rdata in :rfc:`3597` format. + * Output in :rfc:`1035` format: ``IN A 192.0.2.1`` + +echo 'IN HTTPS 1 . key3=\\001\\000' | named-rrchecker -p + * Valid input with :rfc:`9460` syntax for an unknown `key3` field. Syntax ``\001\000`` produces two octets with values 1 and 0, respectively. + * Output: ``IN HTTPS 1 . port=256`` + * `key3` matches the standardized key name `port`. + * Octets 1 and 0 were decoded as integer values in big-endian encoding. + +echo 'IN HTTPS 1 . key3=\\001' | named-rrchecker -p + * Invalid input - the length of the value for `key3` (i.e. port) does not match the known standard format for that parameter in the SVCB RRTYPE. + +echo 'IN HTTPS 1 . port=\\001\\000' | named-rrchecker -p + * Invalid input - the key `port`, when specified using its standard mnemonic name, **must** use standard key-specific syntax. + +Meta values +^^^^^^^^^^^ + +echo 'IN AXFR' | named-rrchecker + * Invalid input - AXFR is a meta type, not a genuine RRTYPE. + +echo 'ANY A 192.0.2.1' | named-rrchecker + * Invalid input - ANY is meta class, not a true class. + +echo 'A 192.0.2.1' | named-rrchecker + * Invalid input - the class field is missing, so the parser would try and fail to interpret the RRTYPE A as the class. + + +Return Codes +~~~~~~~~~~~~ + +0 + The whole input was parsed as one syntactically valid resource record. + +1 + The input is not a syntactically valid resource record, or the given type is not + supported, or either/both class and type are meta-values, which should not appear in zone files. + See Also ~~~~~~~~ -:rfc:`1034`, :rfc:`1035`, :iscman:`named(8) `. +:rfc:`1034`, :rfc:`1035`, :rfc:`3957`, :iscman:`named(8) `. diff -Nru bind9-9.18.33/compile bind9-9.18.41/compile --- bind9-9.18.33/compile 2025-01-20 13:40:37.939376582 +0000 +++ bind9-9.18.41/compile 2025-10-18 10:21:42.669292227 +0000 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2018-03-07.03; # UTC +scriptversion=2024-06-19.01; # UTC -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -143,7 +143,7 @@ # configure might choose to run compile as 'compile cc -o foo foo.c'. eat=1 case $2 in - *.o | *.[oO][bB][jJ]) + *.o | *.lo | *.[oO][bB][jJ]) func_file_conv "$2" set x "$@" -Fo"$file" shift @@ -248,14 +248,17 @@ right script to run: please start by reading the file 'INSTALL'. Report bugs to . +GNU Automake home page: . +General help using GNU software: . EOF exit $? ;; -v | --v*) - echo "compile $scriptversion" + echo "compile (GNU Automake) $scriptversion" exit $? ;; cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + clang-cl | *[/\\]clang-cl | clang-cl.exe | *[/\\]clang-cl.exe | \ icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; diff -Nru bind9-9.18.33/config.guess bind9-9.18.41/config.guess --- bind9-9.18.33/config.guess 2025-01-20 13:40:37.989377368 +0000 +++ bind9-9.18.41/config.guess 2025-10-18 10:21:42.714293389 +0000 @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2022 Free Software Foundation, Inc. +# Copyright 1992-2024 Free Software Foundation, Inc. # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2022-01-09' +timestamp='2024-07-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -47,7 +47,7 @@ usage="\ Usage: $0 [OPTION] -Output the configuration name of the system \`$me' is run on. +Output the configuration name of the system '$me' is run on. Options: -h, --help print this help, then exit @@ -60,13 +60,13 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2022 Free Software Foundation, Inc. +Copyright 1992-2024 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" -Try \`$me --help' for more information." +Try '$me --help' for more information." # Parse command line while test $# -gt 0 ; do @@ -102,8 +102,8 @@ # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. +# Historically, 'CC_FOR_BUILD' used to be named 'HOST_CC'. We still +# use 'HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. @@ -123,7 +123,7 @@ dummy=$tmp/dummy case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in ,,) echo "int x;" > "$dummy.c" - for driver in cc gcc c89 c99 ; do + for driver in cc gcc c17 c99 c89 ; do if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then CC_FOR_BUILD=$driver break @@ -155,6 +155,9 @@ set_cc_for_build cat <<-EOF > "$dummy.c" + #if defined(__ANDROID__) + LIBC=android + #else #include #if defined(__UCLIBC__) LIBC=uclibc @@ -162,6 +165,8 @@ LIBC=dietlibc #elif defined(__GLIBC__) LIBC=gnu + #elif defined(__LLVM_LIBC__) + LIBC=llvm #else #include /* First heuristic to detect musl libc. */ @@ -169,6 +174,7 @@ LIBC=musl #endif #endif + #endif EOF cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` eval "$cc_set_libc" @@ -459,7 +465,7 @@ UNAME_RELEASE=`uname -v` ;; esac - # Japanese Language versions have a version number like `4.1.3-JL'. + # Japanese Language versions have a version number like '4.1.3-JL'. SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'` GUESS=sparc-sun-sunos$SUN_REL ;; @@ -628,7 +634,8 @@ sed 's/^ //' << EOF > "$dummy.c" #include - main() + int + main () { if (!__power_pc()) exit(1); @@ -712,7 +719,8 @@ #include #include - int main () + int + main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); @@ -904,7 +912,7 @@ fi ;; *:FreeBSD:*:*) - UNAME_PROCESSOR=`/usr/bin/uname -p` + UNAME_PROCESSOR=`uname -p` case $UNAME_PROCESSOR in amd64) UNAME_PROCESSOR=x86_64 ;; @@ -966,11 +974,37 @@ GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC ;; + x86_64:[Mm]anagarm:*:*|i?86:[Mm]anagarm:*:*) + GUESS="$UNAME_MACHINE-pc-managarm-mlibc" + ;; + *:[Mm]anagarm:*:*) + GUESS="$UNAME_MACHINE-unknown-managarm-mlibc" + ;; *:Minix:*:*) GUESS=$UNAME_MACHINE-unknown-minix ;; aarch64:Linux:*:*) - GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + set_cc_for_build + CPU=$UNAME_MACHINE + LIBCABI=$LIBC + if test "$CC_FOR_BUILD" != no_compiler_found; then + ABI=64 + sed 's/^ //' << EOF > "$dummy.c" + #ifdef __ARM_EABI__ + #ifdef __ARM_PCS_VFP + ABI=eabihf + #else + ABI=eabi + #endif + #endif +EOF + cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'` + eval "$cc_set_abi" + case $ABI in + eabi | eabihf) CPU=armv8l; LIBCABI=$LIBC$ABI ;; + esac + fi + GUESS=$CPU-unknown-linux-$LIBCABI ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be @@ -1036,7 +1070,16 @@ k1om:Linux:*:*) GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ;; - loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) + kvx:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + kvx:cos:*:*) + GUESS=$UNAME_MACHINE-unknown-cos + ;; + kvx:mbr:*:*) + GUESS=$UNAME_MACHINE-unknown-mbr + ;; + loongarch32:Linux:*:* | loongarch64:Linux:*:*) GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ;; m32r*:Linux:*:*) @@ -1151,16 +1194,27 @@ ;; x86_64:Linux:*:*) set_cc_for_build + CPU=$UNAME_MACHINE LIBCABI=$LIBC if test "$CC_FOR_BUILD" != no_compiler_found; then - if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_X32 >/dev/null - then - LIBCABI=${LIBC}x32 - fi + ABI=64 + sed 's/^ //' << EOF > "$dummy.c" + #ifdef __i386__ + ABI=x86 + #else + #ifdef __ILP32__ + ABI=x32 + #endif + #endif +EOF + cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'` + eval "$cc_set_abi" + case $ABI in + x86) CPU=i686 ;; + x32) LIBCABI=${LIBC}x32 ;; + esac fi - GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI + GUESS=$CPU-pc-linux-$LIBCABI ;; xtensa*:Linux:*:*) GUESS=$UNAME_MACHINE-unknown-linux-$LIBC @@ -1180,7 +1234,7 @@ GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION ;; i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility + # If we were able to find 'uname', then EMX Unix compatibility # is probably installed. GUESS=$UNAME_MACHINE-pc-os2-emx ;; @@ -1321,7 +1375,7 @@ GUESS=ns32k-sni-sysv fi ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + PENTIUM:*:4.0*:*) # Unisys 'ClearPath HMP IX 4000' SVR4/MP effort # says GUESS=i586-unisys-sysv4 ;; @@ -1367,8 +1421,11 @@ BePC:Haiku:*:*) # Haiku running on Intel PC compatible. GUESS=i586-pc-haiku ;; - x86_64:Haiku:*:*) - GUESS=x86_64-unknown-haiku + ppc:Haiku:*:*) # Haiku running on Apple PowerPC + GUESS=powerpc-apple-haiku + ;; + *:Haiku:*:*) # Haiku modern gcc (not bound by BeOS compat) + GUESS=$UNAME_MACHINE-unknown-haiku ;; SX-4:SUPER-UX:*:*) GUESS=sx4-nec-superux$UNAME_RELEASE @@ -1540,6 +1597,9 @@ *:Unleashed:*:*) GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE ;; + *:Ironclad:*:*) + GUESS=$UNAME_MACHINE-unknown-ironclad + ;; esac # Do we have a guess based on uname results? @@ -1563,6 +1623,7 @@ #endif #endif #endif +int main () { #if defined (sony) diff -Nru bind9-9.18.33/config.h.in bind9-9.18.41/config.h.in --- bind9-9.18.33/config.h.in 2025-01-20 13:40:37.505369663 +0000 +++ bind9-9.18.41/config.h.in 2025-10-18 10:21:42.458286762 +0000 @@ -21,16 +21,16 @@ /* define if the ARM yield instruction is available */ #undef HAVE_ARM_YIELD -/* Define to 1 if you have the `backtrace_symbols' function. */ +/* Define to 1 if you have the 'backtrace_symbols' function. */ #undef HAVE_BACKTRACE_SYMBOLS -/* Define to 1 if you have the `BIO_read_ex' function. */ +/* Define to 1 if you have the 'BIO_read_ex' function. */ #undef HAVE_BIO_READ_EX -/* Define to 1 if you have the `BIO_write_ex' function. */ +/* Define to 1 if you have the 'BIO_write_ex' function. */ #undef HAVE_BIO_WRITE_EX -/* Define to 1 if you have the `BN_GENCB_new' function. */ +/* Define to 1 if you have the 'BN_GENCB_new' function. */ #undef HAVE_BN_GENCB_NEW /* Define to 1 if the compiler supports __builtin_clz. */ @@ -42,34 +42,34 @@ /* define if the compiler supports __builtin_unreachable(). */ #undef HAVE_BUILTIN_UNREACHABLE -/* Define to 1 if you have the `chroot' function. */ +/* Define to 1 if you have the 'chroot' function. */ #undef HAVE_CHROOT -/* Define to 1 if you have the `clock_gettime' function. */ +/* Define to 1 if you have the 'clock_gettime' function. */ #undef HAVE_CLOCK_GETTIME /* Use CMocka */ #undef HAVE_CMOCKA -/* Define to 1 if you have the `cpuset_getaffinity' function. */ +/* Define to 1 if you have the 'cpuset_getaffinity' function. */ #undef HAVE_CPUSET_GETAFFINITY -/* Define to 1 if you have the `CRYPTO_zalloc' function. */ +/* Define to 1 if you have the 'CRYPTO_zalloc' function. */ #undef HAVE_CRYPTO_ZALLOC -/* Define to 1 if you have the declaration of `UV_UDP_MMSG_CHUNK', and to 0 if +/* Define to 1 if you have the declaration of 'UV_UDP_MMSG_CHUNK', and to 0 if you don't. */ #undef HAVE_DECL_UV_UDP_MMSG_CHUNK -/* Define to 1 if you have the declaration of `UV_UDP_MMSG_FREE', and to 0 if +/* Define to 1 if you have the declaration of 'UV_UDP_MMSG_FREE', and to 0 if you don't. */ #undef HAVE_DECL_UV_UDP_MMSG_FREE -/* Define to 1 if you have the declaration of `UV_UDP_RECVMMSG', and to 0 if +/* Define to 1 if you have the declaration of 'UV_UDP_RECVMMSG', and to 0 if you don't. */ #undef HAVE_DECL_UV_UDP_RECVMMSG -/* Define to 1 if you have the `DH_get0_key' function. */ +/* Define to 1 if you have the 'DH_get0_key' function. */ #undef HAVE_DH_GET0_KEY /* Define to 1 if you have the header file. */ @@ -78,67 +78,67 @@ /* Define to 1 to enable dnstap support */ #undef HAVE_DNSTAP -/* Define to 1 if you have the `ECDSA_SIG_get0' function. */ +/* Define to 1 if you have the 'ECDSA_SIG_get0' function. */ #undef HAVE_ECDSA_SIG_GET0 -/* Define to 1 if you have the `ERR_get_error_all' function. */ +/* Define to 1 if you have the 'ERR_get_error_all' function. */ #undef HAVE_ERR_GET_ERROR_ALL -/* Define to 1 if you have the `EVP_aes_128_ecb' function. */ +/* Define to 1 if you have the 'EVP_aes_128_ecb' function. */ #undef HAVE_EVP_AES_128_ECB -/* Define to 1 if you have the `EVP_aes_192_ecb' function. */ +/* Define to 1 if you have the 'EVP_aes_192_ecb' function. */ #undef HAVE_EVP_AES_192_ECB -/* Define to 1 if you have the `EVP_aes_256_ecb' function. */ +/* Define to 1 if you have the 'EVP_aes_256_ecb' function. */ #undef HAVE_EVP_AES_256_ECB -/* Define to 1 if you have the `EVP_CIPHER_CTX_free' function. */ +/* Define to 1 if you have the 'EVP_CIPHER_CTX_free' function. */ #undef HAVE_EVP_CIPHER_CTX_FREE -/* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */ +/* Define to 1 if you have the 'EVP_CIPHER_CTX_new' function. */ #undef HAVE_EVP_CIPHER_CTX_NEW -/* Define to 1 if you have the `EVP_DigestSignInit' function. */ +/* Define to 1 if you have the 'EVP_DigestSignInit' function. */ #undef HAVE_EVP_DIGESTSIGNINIT -/* Define to 1 if you have the `EVP_DigestVerifyInit' function. */ +/* Define to 1 if you have the 'EVP_DigestVerifyInit' function. */ #undef HAVE_EVP_DIGESTVERIFYINIT -/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ +/* Define to 1 if you have the 'EVP_MD_CTX_free' function. */ #undef HAVE_EVP_MD_CTX_FREE -/* Define to 1 if you have the `EVP_MD_CTX_get0_md' function. */ +/* Define to 1 if you have the 'EVP_MD_CTX_get0_md' function. */ #undef HAVE_EVP_MD_CTX_GET0_MD -/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +/* Define to 1 if you have the 'EVP_MD_CTX_new' function. */ #undef HAVE_EVP_MD_CTX_NEW -/* Define to 1 if you have the `EVP_MD_CTX_reset' function. */ +/* Define to 1 if you have the 'EVP_MD_CTX_reset' function. */ #undef HAVE_EVP_MD_CTX_RESET -/* Define to 1 if you have the `EVP_PKEY_eq' function. */ +/* Define to 1 if you have the 'EVP_PKEY_eq' function. */ #undef HAVE_EVP_PKEY_EQ -/* Define to 1 if you have the `EVP_PKEY_get0_EC_KEY' function. */ +/* Define to 1 if you have the 'EVP_PKEY_get0_EC_KEY' function. */ #undef HAVE_EVP_PKEY_GET0_EC_KEY -/* Define to 1 if you have the `EVP_PKEY_new_raw_private_key' function. */ +/* Define to 1 if you have the 'EVP_PKEY_new_raw_private_key' function. */ #undef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY -/* Define to 1 if you have the `EVP_sha1' function. */ +/* Define to 1 if you have the 'EVP_sha1' function. */ #undef HAVE_EVP_SHA1 -/* Define to 1 if you have the `EVP_sha224' function. */ +/* Define to 1 if you have the 'EVP_sha224' function. */ #undef HAVE_EVP_SHA224 -/* Define to 1 if you have the `EVP_sha256' function. */ +/* Define to 1 if you have the 'EVP_sha256' function. */ #undef HAVE_EVP_SHA256 -/* Define to 1 if you have the `EVP_sha384' function. */ +/* Define to 1 if you have the 'EVP_sha384' function. */ #undef HAVE_EVP_SHA384 -/* Define to 1 if you have the `EVP_sha512' function. */ +/* Define to 1 if you have the 'EVP_sha512' function. */ #undef HAVE_EVP_SHA512 /* Define to 1 if you have the header file. */ @@ -147,13 +147,13 @@ /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H -/* Define to 1 if you have the `FIPS_mode' function. */ +/* Define to 1 if you have the 'FIPS_mode' function. */ #undef HAVE_FIPS_MODE -/* Define to 1 if you have the `flockfile' function. */ +/* Define to 1 if you have the 'flockfile' function. */ #undef HAVE_FLOCKFILE -/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ +/* Define to 1 if fseeko (and ftello) are declared in stdio.h. */ #undef HAVE_FSEEKO /* Define to 1 if the system has the `constructor' function attribute */ @@ -174,7 +174,7 @@ /* Build with GeoIP2 support */ #undef HAVE_GEOIP2 -/* Define to 1 if you have the `getc_unlocked' function. */ +/* Define to 1 if you have the 'getc_unlocked' function. */ #undef HAVE_GETC_UNLOCKED /* Define to 1 if you have the header file. */ @@ -195,13 +195,13 @@ /* Define to 1 if you have the header file. */ #undef HAVE_GSSAPI_KRB5_H -/* Define to 1 if you have the `gss_acquire_cred' function. */ +/* Define to 1 if you have the 'gss_acquire_cred' function. */ #undef HAVE_GSS_ACQUIRE_CRED /* Define to 1 if you have the header file. */ #undef HAVE_IDN2_H -/* Define to 1 if you have the `if_nametoindex' function. */ +/* Define to 1 if you have the 'if_nametoindex' function. */ #undef HAVE_IF_NAMETOINDEX /* Define to 1 if you have the header file. */ @@ -219,7 +219,7 @@ /* Define to 1 if you have the header file. */ #undef HAVE_KRB5_H -/* Define to 1 if you have the `krb5_init_context' function. */ +/* Define to 1 if you have the 'krb5_init_context' function. */ #undef HAVE_KRB5_INIT_CONTEXT /* Define to 1 if you have the header file. */ @@ -258,7 +258,7 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NET_ROUTE_H -/* Define to 1 if you have the `OPENSSL_cleanup' function. */ +/* Define to 1 if you have the 'OPENSSL_cleanup' function. */ #undef HAVE_OPENSSL_CLEANUP /* define if OpenSSL supports Ed25519 */ @@ -267,22 +267,22 @@ /* define if OpenSSL supports Ed448 */ #undef HAVE_OPENSSL_ED448 -/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ +/* Define to 1 if you have the 'OPENSSL_init_crypto' function. */ #undef HAVE_OPENSSL_INIT_CRYPTO -/* Define to 1 if you have the `OPENSSL_init_ssl' function. */ +/* Define to 1 if you have the 'OPENSSL_init_ssl' function. */ #undef HAVE_OPENSSL_INIT_SSL /* Define if you have POSIX threads libraries and header files. */ #undef HAVE_PTHREAD -/* Define to 1 if you have the `pthread_attr_getstacksize' function. */ +/* Define to 1 if you have the 'pthread_attr_getstacksize' function. */ #undef HAVE_PTHREAD_ATTR_GETSTACKSIZE -/* Define to 1 if you have the `pthread_attr_setstacksize' function. */ +/* Define to 1 if you have the 'pthread_attr_setstacksize' function. */ #undef HAVE_PTHREAD_ATTR_SETSTACKSIZE -/* Define to 1 if you have the `pthread_barrier_init' function. */ +/* Define to 1 if you have the 'pthread_barrier_init' function. */ #undef HAVE_PTHREAD_BARRIER_INIT /* Support for PTHREAD_MUTEX_ADAPTIVE_NP */ @@ -294,19 +294,19 @@ /* Have PTHREAD_PRIO_INHERIT. */ #undef HAVE_PTHREAD_PRIO_INHERIT -/* Define to 1 if you have the `pthread_rwlock_rdlock' function. */ +/* Define to 1 if you have the 'pthread_rwlock_rdlock' function. */ #undef HAVE_PTHREAD_RWLOCK_RDLOCK -/* Define to 1 if you have the `pthread_setname_np' function. */ +/* Define to 1 if you have the 'pthread_setname_np' function. */ #undef HAVE_PTHREAD_SETNAME_NP -/* Define to 1 if you have the `pthread_set_name_np' function. */ +/* Define to 1 if you have the 'pthread_set_name_np' function. */ #undef HAVE_PTHREAD_SET_NAME_NP -/* Define to 1 if you have the `pthread_yield' function. */ +/* Define to 1 if you have the 'pthread_yield' function. */ #undef HAVE_PTHREAD_YIELD -/* Define to 1 if you have the `pthread_yield_np' function. */ +/* Define to 1 if you have the 'pthread_yield_np' function. */ #undef HAVE_PTHREAD_YIELD_NP /* Build with editline support */ @@ -321,55 +321,55 @@ /* Define to 1 if you have the header file. */ #undef HAVE_REGEX_H -/* Define to 1 if you have the `RSA_set0_key' function. */ +/* Define to 1 if you have the 'RSA_set0_key' function. */ #undef HAVE_RSA_SET0_KEY -/* Define to 1 if you have the `sched_getaffinity' function. */ +/* Define to 1 if you have the 'sched_getaffinity' function. */ #undef HAVE_SCHED_GETAFFINITY /* Define to 1 if you have the header file. */ #undef HAVE_SCHED_H -/* Define to 1 if you have the `sched_yield' function. */ +/* Define to 1 if you have the 'sched_yield' function. */ #undef HAVE_SCHED_YIELD -/* Define to 1 if you have the `setegid' function. */ +/* Define to 1 if you have the 'setegid' function. */ #undef HAVE_SETEGID -/* Define to 1 if you have the `seteuid' function. */ +/* Define to 1 if you have the 'seteuid' function. */ #undef HAVE_SETEUID -/* Define to 1 if you have the `setresgid' function. */ +/* Define to 1 if you have the 'setresgid' function. */ #undef HAVE_SETRESGID -/* Define to 1 if you have the `setresuid' function. */ +/* Define to 1 if you have the 'setresuid' function. */ #undef HAVE_SETRESUID /* define if the SPARC pause instruction is available */ #undef HAVE_SPARC_PAUSE -/* Define to 1 if you have the `SSL_CTX_set1_cert_store' function. */ +/* Define to 1 if you have the 'SSL_CTX_set1_cert_store' function. */ #undef HAVE_SSL_CTX_SET1_CERT_STORE -/* Define to 1 if you have the `SSL_CTX_set_keylog_callback' function. */ +/* Define to 1 if you have the 'SSL_CTX_set_keylog_callback' function. */ #undef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK -/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function. */ +/* Define to 1 if you have the 'SSL_CTX_set_min_proto_version' function. */ #undef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION -/* Define to 1 if you have the `SSL_CTX_up_ref' function. */ +/* Define to 1 if you have the 'SSL_CTX_up_ref' function. */ #undef HAVE_SSL_CTX_UP_REF -/* Define to 1 if you have the `SSL_peek_ex' function. */ +/* Define to 1 if you have the 'SSL_peek_ex' function. */ #undef HAVE_SSL_PEEK_EX -/* Define to 1 if you have the `SSL_read_ex' function. */ +/* Define to 1 if you have the 'SSL_read_ex' function. */ #undef HAVE_SSL_READ_EX -/* Define to 1 if you have the `SSL_SESSION_is_resumable' function. */ +/* Define to 1 if you have the 'SSL_SESSION_is_resumable' function. */ #undef HAVE_SSL_SESSION_IS_RESUMABLE -/* Define to 1 if you have the `SSL_write_ex' function. */ +/* Define to 1 if you have the 'SSL_write_ex' function. */ #undef HAVE_SSL_WRITE_EX /* define if struct stat has st_mtim.tv_nsec field */ @@ -399,19 +399,19 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H -/* Define to 1 if you have the `strlcat' function. */ +/* Define to 1 if you have the 'strlcat' function. */ #undef HAVE_STRLCAT -/* Define to 1 if you have the `strlcpy' function. */ +/* Define to 1 if you have the 'strlcpy' function. */ #undef HAVE_STRLCPY -/* Define to 1 if you have the `strnstr' function. */ +/* Define to 1 if you have the 'strnstr' function. */ #undef HAVE_STRNSTR -/* Define to 1 if you have the `sysconf' function. */ +/* Define to 1 if you have the 'sysconf' function. */ #undef HAVE_SYSCONF -/* Define to 1 if you have the `sysctlbyname' function. */ +/* Define to 1 if you have the 'sysctlbyname' function. */ #undef HAVE_SYSCTLBYNAME /* Define to 1 if you have the header file. */ @@ -450,19 +450,19 @@ /* Define to 1 if you have the header file. */ #undef HAVE_THREADS_H -/* Define to 1 if you have the `TLS_client_method' function. */ +/* Define to 1 if you have the 'TLS_client_method' function. */ #undef HAVE_TLS_CLIENT_METHOD -/* Define to 1 if you have the `TLS_server_method' function. */ +/* Define to 1 if you have the 'TLS_server_method' function. */ #undef HAVE_TLS_SERVER_METHOD -/* Define to 1 if you have the `tzset' function. */ +/* Define to 1 if you have the 'tzset' function. */ #undef HAVE_TZSET /* Define to 1 if you have the header file. */ #undef HAVE_UCHAR_H -/* Define to 1 if the system has the type `uintptr_t'. */ +/* Define to 1 if the system has the type 'uintptr_t'. */ #undef HAVE_UINTPTR_T /* define if uname is available */ @@ -474,7 +474,7 @@ /* Define to 1 if you have the header file. */ #undef HAVE_WCHAR_H -/* Define to 1 if you have the `X509_STORE_up_ref' function. */ +/* Define to 1 if you have the 'X509_STORE_up_ref' function. */ #undef HAVE_X509_STORE_UP_REF /* Use zlib library */ @@ -545,7 +545,7 @@ your system. */ #undef PTHREAD_CREATE_JOINABLE -/* Define to 1 if all of the C90 standard headers exist (not just the ones +/* Define to 1 if all of the C89 standard headers exist (not just the ones required in a freestanding environment). This macro is provided for backward compatibility; new code need not use it. */ #undef STDC_HEADERS @@ -553,16 +553,13 @@ /* If the compiler supports a TLS storage class, define it to that here */ #undef TLS -/* Define to use default system tuning. */ -#undef TUNE_LARGE - /* Enable DNS Response Policy Service API */ #undef USE_DNSRPS /* Define if you want to use pthread rwlock implementation */ #undef USE_PTHREAD_RWLOCK -/* Enable extensions on AIX 3, Interix. */ +/* Enable extensions on AIX, Interix, z/OS. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif @@ -623,11 +620,15 @@ #ifndef __STDC_WANT_IEC_60559_DFP_EXT__ # undef __STDC_WANT_IEC_60559_DFP_EXT__ #endif +/* Enable extensions specified by C23 Annex F. */ +#ifndef __STDC_WANT_IEC_60559_EXT__ +# undef __STDC_WANT_IEC_60559_EXT__ +#endif /* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ #ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ # undef __STDC_WANT_IEC_60559_FUNCS_EXT__ #endif -/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */ +/* Enable extensions specified by C23 Annex H and ISO/IEC TS 18661-3:2015. */ #ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ # undef __STDC_WANT_IEC_60559_TYPES_EXT__ #endif @@ -677,28 +678,34 @@ /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS -/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ +/* Define to 1 if necessary to make fseeko visible. */ #undef _LARGEFILE_SOURCE -/* Define for large files, on AIX-style hosts. */ +/* Define to 1 on platforms where this makes off_t a 64-bit type. */ #undef _LARGE_FILES +/* Number of bits in time_t, on hosts where this is settable. */ +#undef _TIME_BITS + /* Select RFC3542 IPv6 API on macOS */ #undef __APPLE_USE_RFC_3542 -/* Define to empty if `const' does not conform to ANSI C. */ +/* Define to 1 on platforms where this makes time_t a 64-bit type. */ +#undef __MINGW_USE_VC2005_COMPAT + +/* Define to empty if 'const' does not conform to ANSI C. */ #undef const -/* Define to `__inline__' or `__inline' if that's what the C compiler +/* Define to '__inline__' or '__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus #undef inline #endif -/* Define to `unsigned int' if does not define. */ +/* Define as 'unsigned int' if doesn't define. */ #undef size_t -/* Define to `int' if does not define. */ +/* Define as 'int' if doesn't define. */ #undef ssize_t /* Define if the compiler uses a different keyword than thread_local for TLS @@ -709,6 +716,6 @@ pointer, if such a type exists, and if the system does not define it. */ #undef uintptr_t -/* Define to empty if the keyword `volatile' does not work. Warning: valid - code using `volatile' can become incorrect without. Disable with care. */ +/* Define to empty if the keyword 'volatile' does not work. Warning: valid + code using 'volatile' can become incorrect without. Disable with care. */ #undef volatile diff -Nru bind9-9.18.33/config.sub bind9-9.18.41/config.sub --- bind9-9.18.33/config.sub 2025-01-20 13:40:37.991377400 +0000 +++ bind9-9.18.41/config.sub 2025-10-18 10:21:42.716293441 +0000 @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2022 Free Software Foundation, Inc. +# Copyright 1992-2024 Free Software Foundation, Inc. -# shellcheck disable=SC2006,SC2268 # see below for rationale +# shellcheck disable=SC2006,SC2268,SC2162 # see below for rationale -timestamp='2022-01-03' +timestamp='2024-05-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -76,13 +76,13 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2022 Free Software Foundation, Inc. +Copyright 1992-2024 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" -Try \`$me --help' for more information." +Try '$me --help' for more information." # Parse command line while test $# -gt 0 ; do @@ -120,7 +120,6 @@ esac # Split fields of configuration type -# shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read field1 field2 field3 field4 <&2 + echo "Invalid configuration '$1': more than four components" >&2 exit 1 ;; *-*-*-*) @@ -142,10 +141,21 @@ # parts maybe_os=$field2-$field3 case $maybe_os in - nto-qnx* | linux-* | uclinux-uclibc* \ - | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ - | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ - | storm-chaos* | os2-emx* | rtmk-nova*) + cloudabi*-eabi* \ + | kfreebsd*-gnu* \ + | knetbsd*-gnu* \ + | kopensolaris*-gnu* \ + | linux-* \ + | managarm-* \ + | netbsd*-eabi* \ + | netbsd*-gnu* \ + | nto-qnx* \ + | os2-emx* \ + | rtmk-nova* \ + | storm-chaos* \ + | uclinux-gnu* \ + | uclinux-uclibc* \ + | windows-* ) basic_machine=$field1 basic_os=$maybe_os ;; @@ -160,8 +170,12 @@ esac ;; *-*) - # A lone config we happen to match not fitting any pattern case $field1-$field2 in + # Shorthands that happen to contain a single dash + convex-c[12] | convex-c3[248]) + basic_machine=$field2-convex + basic_os= + ;; decstation-3100) basic_machine=mips-dec basic_os= @@ -169,28 +183,88 @@ *-*) # Second component is usually, but not always the OS case $field2 in - # Prevent following clause from handling this valid os + # Do not treat sunos as a manufacturer sun*os*) basic_machine=$field1 basic_os=$field2 ;; - zephyr*) - basic_machine=$field1-unknown - basic_os=$field2 - ;; # Manufacturers - dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ - | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ - | unicom* | ibm* | next | hp | isi* | apollo | altos* \ - | convergent* | ncr* | news | 32* | 3600* | 3100* \ - | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ - | ultra | tti* | harris | dolphin | highlevel | gould \ - | cbm | ns | masscomp | apple | axis | knuth | cray \ - | microblaze* | sim | cisco \ - | oki | wec | wrs | winbond) + 3100* \ + | 32* \ + | 3300* \ + | 3600* \ + | 7300* \ + | acorn \ + | altos* \ + | apollo \ + | apple \ + | atari \ + | att* \ + | axis \ + | be \ + | bull \ + | cbm \ + | ccur \ + | cisco \ + | commodore \ + | convergent* \ + | convex* \ + | cray \ + | crds \ + | dec* \ + | delta* \ + | dg \ + | digital \ + | dolphin \ + | encore* \ + | gould \ + | harris \ + | highlevel \ + | hitachi* \ + | hp \ + | ibm* \ + | intergraph \ + | isi* \ + | knuth \ + | masscomp \ + | microblaze* \ + | mips* \ + | motorola* \ + | ncr* \ + | news \ + | next \ + | ns \ + | oki \ + | omron* \ + | pc533* \ + | rebel \ + | rom68k \ + | rombug \ + | semi \ + | sequent* \ + | siemens \ + | sgi* \ + | siemens \ + | sim \ + | sni \ + | sony* \ + | stratus \ + | sun \ + | sun[234]* \ + | tektronix \ + | tti* \ + | ultra \ + | unicom* \ + | wec \ + | winbond \ + | wrs) basic_machine=$field1-$field2 basic_os= ;; + zephyr*) + basic_machine=$field1-unknown + basic_os=$field2 + ;; *) basic_machine=$field1 basic_os=$field2 @@ -271,26 +345,6 @@ basic_machine=arm-unknown basic_os=cegcc ;; - convex-c1) - basic_machine=c1-convex - basic_os=bsd - ;; - convex-c2) - basic_machine=c2-convex - basic_os=bsd - ;; - convex-c32) - basic_machine=c32-convex - basic_os=bsd - ;; - convex-c34) - basic_machine=c34-convex - basic_os=bsd - ;; - convex-c38) - basic_machine=c38-convex - basic_os=bsd - ;; cray) basic_machine=j90-cray basic_os=unicos @@ -713,15 +767,26 @@ vendor=dec basic_os=tops20 ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) + delta | 3300 | delta-motorola | 3300-motorola | motorola-delta | motorola-3300) cpu=m68k vendor=motorola ;; - dpx2*) + # This used to be dpx2*, but that gets the RS6000-based + # DPX/20 and the x86-based DPX/2-100 wrong. See + # https://oldskool.silicium.org/stations/bull_dpx20.htm + # https://www.feb-patrimoine.com/english/bull_dpx2.htm + # https://www.feb-patrimoine.com/english/unix_and_bull.htm + dpx2 | dpx2[23]00 | dpx2[23]xx) cpu=m68k vendor=bull - basic_os=sysv3 + ;; + dpx2100 | dpx21xx) + cpu=i386 + vendor=bull + ;; + dpx20) + cpu=rs6000 + vendor=bull ;; encore | umax | mmax) cpu=ns32k @@ -836,18 +901,6 @@ next | m*-next) cpu=m68k vendor=next - case $basic_os in - openstep*) - ;; - nextstep*) - ;; - ns2*) - basic_os=nextstep2 - ;; - *) - basic_os=nextstep3 - ;; - esac ;; np1) cpu=np1 @@ -936,14 +989,13 @@ ;; *-*) - # shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read cpu vendor <&2 + echo "Invalid configuration '$1': machine '$cpu-$vendor' not recognized" 1>&2 exit 1 ;; esac @@ -1306,11 +1491,12 @@ # Decode manufacturer-specific aliases for certain operating systems. -if test x$basic_os != x +if test x"$basic_os" != x then # First recognize some ad-hoc cases, or perhaps split kernel-os, or else just # set os. +obj= case $basic_os in gnu/linux*) kernel=linux @@ -1325,7 +1511,6 @@ os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'` ;; *-*) - # shellcheck disable=SC2162 saved_IFS=$IFS IFS="-" read kernel os <&2 + fi + ;; *) - echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2 + echo "Invalid configuration '$1': OS '$os' not recognized" 1>&2 + exit 1 + ;; +esac + +case $obj in + aout* | coff* | elf* | pe*) + ;; + '') + # empty is fine + ;; + *) + echo "Invalid configuration '$1': Machine code format '$obj' not recognized" 1>&2 + exit 1 + ;; +esac + +# Here we handle the constraint that a (synthetic) cpu and os are +# valid only in combination with each other and nowhere else. +case $cpu-$os in + # The "javascript-unknown-ghcjs" triple is used by GHC; we + # accept it here in order to tolerate that, but reject any + # variations. + javascript-ghcjs) + ;; + javascript-* | *-ghcjs) + echo "Invalid configuration '$1': cpu '$cpu' is not valid with os '$os$obj'" 1>&2 exit 1 ;; esac # As a final step for OS-related things, validate the OS-kernel combination # (given a valid OS), if there is a kernel. -case $kernel-$os in - linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \ - | linux-musl* | linux-relibc* | linux-uclibc* ) +case $kernel-$os-$obj in + linux-gnu*- | linux-android*- | linux-dietlibc*- | linux-llvm*- \ + | linux-mlibc*- | linux-musl*- | linux-newlib*- \ + | linux-relibc*- | linux-uclibc*- | linux-ohos*- ) + ;; + uclinux-uclibc*- | uclinux-gnu*- ) + ;; + managarm-mlibc*- | managarm-kernel*- ) ;; - uclinux-uclibc* ) + windows*-msvc*-) ;; - -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* ) + -dietlibc*- | -llvm*- | -mlibc*- | -musl*- | -newlib*- | -relibc*- \ + | -uclibc*- ) # These are just libc implementations, not actual OSes, and thus # require a kernel. - echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 + echo "Invalid configuration '$1': libc '$os' needs explicit kernel." 1>&2 exit 1 ;; - kfreebsd*-gnu* | kopensolaris*-gnu*) + -kernel*- ) + echo "Invalid configuration '$1': '$os' needs explicit kernel." 1>&2 + exit 1 ;; - vxworks-simlinux | vxworks-simwindows | vxworks-spe) + *-kernel*- ) + echo "Invalid configuration '$1': '$kernel' does not support '$os'." 1>&2 + exit 1 ;; - nto-qnx*) + *-msvc*- ) + echo "Invalid configuration '$1': '$os' needs 'windows'." 1>&2 + exit 1 ;; - os2-emx) + kfreebsd*-gnu*- | knetbsd*-gnu*- | netbsd*-gnu*- | kopensolaris*-gnu*-) + ;; + vxworks-simlinux- | vxworks-simwindows- | vxworks-spe-) + ;; + nto-qnx*-) ;; - *-eabi* | *-gnueabi*) + os2-emx-) ;; - -*) + rtmk-nova-) + ;; + *-eabi*- | *-gnueabi*-) + ;; + none--*) + # None (no kernel, i.e. freestanding / bare metal), + # can be paired with an machine code file format + ;; + -*-) # Blank kernel with real OS is always fine. ;; - *-*) - echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 + --*) + # Blank kernel and OS with real machine code file format is always fine. + ;; + *-*-*) + echo "Invalid configuration '$1': Kernel '$kernel' not known to work with OS '$os'." 1>&2 exit 1 ;; esac @@ -1809,7 +2273,7 @@ *-riscix*) vendor=acorn ;; - *-sunos*) + *-sunos* | *-solaris*) vendor=sun ;; *-cnk* | *-aix*) @@ -1879,7 +2343,7 @@ ;; esac -echo "$cpu-$vendor-${kernel:+$kernel-}$os" +echo "$cpu-$vendor${kernel:+-$kernel}${os:+-$os}${obj:+-$obj}" exit # Local variables: diff -Nru bind9-9.18.33/configure bind9-9.18.41/configure --- bind9-9.18.33/configure 2025-01-20 13:40:37.005361867 +0000 +++ bind9-9.18.41/configure 2025-10-18 10:21:42.026275596 +0000 @@ -1,11 +1,11 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for BIND 9.18.33. +# Generated by GNU Autoconf 2.72 for BIND 9.18.41. # # Report bugs to . # # -# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, +# Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation, # Inc. # # @@ -17,7 +17,6 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh @@ -26,12 +25,13 @@ # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -103,7 +103,7 @@ ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 @@ -133,15 +133,14 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="as_nop=: -if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 + as_bourne_compatible="if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: @@ -149,12 +148,13 @@ # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else \$as_nop - case \`(set -o) 2>/dev/null\` in #( +else case e in #( + e) case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi " @@ -172,8 +172,9 @@ if ( set x; as_fn_ret_success y && test x = \"\$1\" ) then : -else \$as_nop - exitcode=1; echo positional parameters were not saved. +else case e in #( + e) exitcode=1; echo positional parameters were not saved. ;; +esac fi test x\$exitcode = x0 || exit 1 blah=\$(echo \$(echo blah)) @@ -195,14 +196,15 @@ if (eval "$as_required") 2>/dev/null then : as_have_required=yes -else $as_nop - as_have_required=no +else case e in #( + e) as_have_required=no ;; +esac fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null then : -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do @@ -235,12 +237,13 @@ if $as_found then : -else $as_nop - if { test -f "$SHELL" || test -f "$SHELL.exe"; } && +else case e in #( + e) if { test -f "$SHELL" || test -f "$SHELL.exe"; } && as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null then : CONFIG_SHELL=$SHELL as_have_required=yes -fi +fi ;; +esac fi @@ -262,7 +265,7 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi @@ -283,7 +286,8 @@ $0: have one." fi exit 1 -fi +fi ;; +esac fi fi SHELL=${CONFIG_SHELL-/bin/sh} @@ -322,14 +326,6 @@ as_fn_set_status $1 exit $1 } # as_fn_exit -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_mkdir_p # ------------- @@ -398,11 +394,12 @@ { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... @@ -416,21 +413,14 @@ { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- @@ -504,6 +494,8 @@ /[$]LINENO/= ' <$as_myself | sed ' + t clear + :clear s/[$]LINENO.*/&-/ t lineno b @@ -552,7 +544,6 @@ as_echo='printf %s\n' as_echo_n='printf %s' - rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -564,9 +555,9 @@ if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then @@ -591,10 +582,12 @@ as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated SHELL=${CONFIG_SHELL-/bin/sh} @@ -622,8 +615,8 @@ # Identity of this package. PACKAGE_NAME='BIND' PACKAGE_TARNAME='bind' -PACKAGE_VERSION='9.18.33' -PACKAGE_STRING='BIND 9.18.33' +PACKAGE_VERSION='9.18.41' +PACKAGE_STRING='BIND 9.18.41' PACKAGE_BUGREPORT='https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issuable_template=Bug' PACKAGE_URL='https://www.isc.org/downloads/' @@ -660,6 +653,7 @@ #endif" ac_header_c_list= +enable_year2038=no ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS @@ -821,6 +815,8 @@ MAINT MAINTAINER_MODE_FALSE MAINTAINER_MODE_TRUE +am__xargs_n +am__rm_f_notfound AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V @@ -911,9 +907,11 @@ enable_dependency_tracking enable_largefile enable_static +enable_pic with_pic enable_shared enable_fast_install +enable_aix_soname with_aix_soname with_gnu_ld with_sysroot @@ -946,7 +944,6 @@ with_libidn2 with_cmocka with_jemalloc -with_tuning enable_singletrace enable_querytrace enable_auto_validation @@ -954,6 +951,7 @@ with_dnsrps_libname with_dnsrps_dir enable_dnsrps +enable_year2038 enable_full_report ' ac_precious_vars='build_alias @@ -1106,7 +1104,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1132,7 +1130,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1345,7 +1343,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1361,7 +1359,7 @@ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1391,8 +1389,8 @@ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" + -*) as_fn_error $? "unrecognized option: '$ac_option' +Try '$0 --help' for more information" ;; *=*) @@ -1400,7 +1398,7 @@ # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: '$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1450,7 +1448,7 @@ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done -# There might be people who depend on the old broken behavior: `$host' +# There might be people who depend on the old broken behavior: '$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias @@ -1518,7 +1516,7 @@ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_msg="sources are in $srcdir, but 'cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` @@ -1546,7 +1544,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures BIND 9.18.33 to adapt to many kinds of systems. +'configure' configures BIND 9.18.41 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1560,11 +1558,11 @@ --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages + -q, --quiet, --silent do not print 'checking ...' messages --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' + -C, --config-cache alias for '--cache-file=config.cache' -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] + --srcdir=DIR find the sources in DIR [configure dir or '..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX @@ -1572,10 +1570,10 @@ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. +By default, 'make install' will install all the files in +'$ac_default_prefix/bin', '$ac_default_prefix/lib' etc. You can specify +an installation prefix other than '$ac_default_prefix' using '--prefix', +for instance '--prefix=\$HOME'. For better control, use the options below. @@ -1618,7 +1616,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of BIND 9.18.33:";; + short | recursive ) echo "Configuration of BIND 9.18.41:";; esac cat <<\_ACEOF @@ -1637,9 +1635,14 @@ speeds up one-time build --disable-largefile omit support for large files --enable-static[=PKGS] build static libraries [default=no] + --enable-pic[=PKGS] try to use only PIC/non-PIC objects [default=use + both] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] + --enable-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. --disable-libtool-lock avoid locking (might break parallel builds) --enable-developer enable developer build settings --enable-warn-error turn on -Werror when compiling @@ -1666,16 +1669,12 @@ --enable-dnsrps-dl DNS Response Policy Service delayed link [default=$librpz_dl] --enable-dnsrps enable DNS Response Policy Service API + --enable-year2038 support timestamps after 2038 --enable-full-report report values of all configure options Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use - both] - --with-aix-soname=aix|svr4|both - shared library versioning (aka "SONAME") variant to - provide on AIX, [default=aix]. --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified). @@ -1706,7 +1705,6 @@ [yes|no(default)|path] --with-cmocka=detect enable CMocka based tests (default is detect) --with-jemalloc=detect enable jemalloc memory allocator (default is detect) - --with-tuning=ARG Specify server tuning (default or small) --with-dnsrps-libname DNSRPS provider library name (librpz.so) --with-dnsrps-dir path to DNSRPS provider library @@ -1776,7 +1774,7 @@ JEMALLOC_LIBS linker flags for JEMALLOC, overriding pkg-config -Use these variables to override the choices made by `configure' or to help +Use these variables to override the choices made by 'configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . @@ -1844,10 +1842,10 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -BIND configure 9.18.33 -generated by GNU Autoconf 2.71 +BIND configure 9.18.41 +generated by GNU Autoconf 2.72 -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1886,11 +1884,12 @@ } && test -s conftest.$ac_objext then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval @@ -1909,8 +1908,8 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> @@ -1918,10 +1917,12 @@ if ac_fn_c_try_compile "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -1957,59 +1958,17 @@ } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that -# executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; + ac_retval=1 ;; esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; } -then : - ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: program exited with status $ac_status" >&5 - printf "%s\n" "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval -} # ac_fn_c_try_run +} # ac_fn_c_try_cpp # ac_fn_c_try_link LINENO # ----------------------- @@ -2042,11 +2001,12 @@ } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would @@ -2058,6 +2018,50 @@ } # ac_fn_c_try_link +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that +# executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then : + ac_retval=0 +else case e in #( + e) printf "%s\n" "$as_me: program exited with status $ac_status" >&5 + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status ;; +esac +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly @@ -2069,15 +2073,15 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. */ + which can conflict with char $2 (void); below. */ #include #undef $2 @@ -2088,7 +2092,7 @@ #ifdef __cplusplus extern "C" #endif -char $2 (); +char $2 (void); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ @@ -2107,11 +2111,13 @@ if ac_fn_c_try_link "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext + conftest$ac_exeext conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -2132,8 +2138,8 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 @@ -2163,12 +2169,14 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - eval "$3=yes" +else case e in #( + e) eval "$3=yes" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -2190,8 +2198,8 @@ if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` +else case e in #( + e) as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` eval ac_save_FLAGS=\$$6 as_fn_append $6 " $5" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2215,12 +2223,14 @@ if ac_fn_c_try_compile "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext eval $6=\$ac_save_FLAGS - + ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 @@ -2252,8 +2262,8 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by BIND $as_me 9.18.33, which was -generated by GNU Autoconf 2.71. Invocation command line was +It was created by BIND $as_me 9.18.41, which was +generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -2499,10 +2509,10 @@ printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } fi done @@ -2539,9 +2549,7 @@ /* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ struct buf { int x; }; struct buf * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; +static char *e (char **p, int i) { return p[i]; } @@ -2555,6 +2563,21 @@ return s; } +/* C89 style stringification. */ +#define noexpand_stringify(a) #a +const char *stringified = noexpand_stringify(arbitrary+token=sequence); + +/* C89 style token pasting. Exercises some of the corner cases that + e.g. old MSVC gets wrong, but not very hard. */ +#define noexpand_concat(a,b) a##b +#define expand_concat(a,b) noexpand_concat(a,b) +extern int vA; +extern int vbee; +#define aye A +#define bee B +int *pvA = &expand_concat(v,aye); +int *pvbee = &noexpand_concat(v,bee); + /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not \xHH hex character constants. These do not provoke an error unfortunately, instead are silently treated @@ -2582,16 +2605,19 @@ # Test code for whether the C compiler supports C99 (global declarations) ac_c_conftest_c99_globals=' -// Does the compiler advertise C99 conformance? +/* Does the compiler advertise C99 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L # error "Compiler does not advertise C99 conformance" #endif +// See if C++-style comments work. + #include extern int puts (const char *); extern int printf (const char *, ...); extern int dprintf (int, const char *, ...); extern void *malloc (size_t); +extern void free (void *); // Check varargs macros. These examples are taken from C99 6.10.3.5. // dprintf is used instead of fprintf to avoid needing to declare @@ -2641,7 +2667,6 @@ static inline int test_restrict (ccp restrict text) { - // See if C++-style comments work. // Iterate through items via the restricted pointer. // Also check for declarations in for loops. for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) @@ -2707,6 +2732,8 @@ ia->datasize = 10; for (int i = 0; i < ia->datasize; ++i) ia->data[i] = i * 1.234; + // Work around memory leak warnings. + free (ia); // Check named initializers. struct named_init ni = { @@ -2728,7 +2755,7 @@ # Test code for whether the C compiler supports C11 (global declarations) ac_c_conftest_c11_globals=' -// Does the compiler advertise C11 conformance? +/* Does the compiler advertise C11 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L # error "Compiler does not advertise C11 conformance" #endif @@ -2921,8 +2948,9 @@ if $as_found then : -else $as_nop - as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 ;; +esac fi @@ -2950,12 +2978,12 @@ eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) @@ -2964,18 +2992,18 @@ ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: '$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: '$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: '$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: '$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: '$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. @@ -2991,11 +3019,11 @@ fi done if $ac_cache_corrupted; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + as_fn_error $? "run '${MAKE-make} distclean' and/or 'rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## @@ -3018,7 +3046,7 @@ printf "%s\n" "#define PACKAGE_VERSION_MINOR \"18\"" >>confdefs.h -printf "%s\n" "#define PACKAGE_VERSION_PATCH \"33\"" >>confdefs.h +printf "%s\n" "#define PACKAGE_VERSION_PATCH \"41\"" >>confdefs.h printf "%s\n" "#define PACKAGE_VERSION_EXTRA \"\"" >>confdefs.h @@ -3027,7 +3055,7 @@ printf "%s\n" "#define PACKAGE_DESCRIPTION \" (Extended Support Version)\"" >>confdefs.h -printf "%s\n" "#define PACKAGE_SRCID \"6fc161b\"" >>confdefs.h +printf "%s\n" "#define PACKAGE_SRCID \"e8adafa\"" >>confdefs.h bind_CONFIGARGS="${ac_configure_args:-default}" @@ -3054,15 +3082,16 @@ if test ${ac_cv_build+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_build_alias=$build_alias +else case e in #( + e) ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` || as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5 - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 printf "%s\n" "$ac_cv_build" >&6; } @@ -3089,14 +3118,15 @@ if test ${ac_cv_host+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "x$host_alias" = x; then +else case e in #( + e) if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` || as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5 fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 printf "%s\n" "$ac_cv_host" >&6; } @@ -3123,14 +3153,15 @@ if test ${ac_cv_target+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "x$target_alias" = x; then +else case e in #( + e) if test "x$target_alias" = x; then ac_cv_target=$ac_cv_host else ac_cv_target=`$SHELL "${ac_aux_dir}config.sub" $target_alias` || as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $target_alias failed" "$LINENO" 5 fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_target" >&5 printf "%s\n" "$ac_cv_target" >&6; } @@ -3160,7 +3191,7 @@ program_prefix=${target_alias}- -am__api_version='1.16' +am__api_version='1.17' # Find a good install program. We prefer a C program (faster), @@ -3183,8 +3214,8 @@ if test ${ac_cv_path_install+y} then : printf %s "(cached) " >&6 -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS @@ -3238,7 +3269,8 @@ IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir - + ;; +esac fi if test ${ac_cv_path_install+y}; then INSTALL=$ac_cv_path_install @@ -3261,6 +3293,165 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether sleep supports fractional seconds" >&5 +printf %s "checking whether sleep supports fractional seconds... " >&6; } +if test ${am_cv_sleep_fractional_seconds+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if sleep 0.001 2>/dev/null +then : + am_cv_sleep_fractional_seconds=yes +else case e in #( + e) am_cv_sleep_fractional_seconds=no ;; +esac +fi + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_sleep_fractional_seconds" >&5 +printf "%s\n" "$am_cv_sleep_fractional_seconds" >&6; } + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking filesystem timestamp resolution" >&5 +printf %s "checking filesystem timestamp resolution... " >&6; } +if test ${am_cv_filesystem_timestamp_resolution+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) # Default to the worst case. +am_cv_filesystem_timestamp_resolution=2 + +# Only try to go finer than 1 sec if sleep can do it. +# Don't try 1 sec, because if 0.01 sec and 0.1 sec don't work, +# - 1 sec is not much of a win compared to 2 sec, and +# - it takes 2 seconds to perform the test whether 1 sec works. +# +# Instead, just use the default 2s on platforms that have 1s resolution, +# accept the extra 1s delay when using $sleep in the Automake tests, in +# exchange for not incurring the 2s delay for running the test for all +# packages. +# +am_try_resolutions= +if test "$am_cv_sleep_fractional_seconds" = yes; then + # Even a millisecond often causes a bunch of false positives, + # so just try a hundredth of a second. The time saved between .001 and + # .01 is not terribly consequential. + am_try_resolutions="0.01 0.1 $am_try_resolutions" +fi + +# In order to catch current-generation FAT out, we must *modify* files +# that already exist; the *creation* timestamp is finer. Use names +# that make ls -t sort them differently when they have equal +# timestamps than when they have distinct timestamps, keeping +# in mind that ls -t prints the *newest* file first. +rm -f conftest.ts? +: > conftest.ts1 +: > conftest.ts2 +: > conftest.ts3 + +# Make sure ls -t actually works. Do 'set' in a subshell so we don't +# clobber the current shell's arguments. (Outer-level square brackets +# are removed by m4; they're present so that m4 does not expand +# ; be careful, easy to get confused.) +if ( + set X `ls -t conftest.ts[12]` && + { + test "$*" != "X conftest.ts1 conftest.ts2" || + test "$*" != "X conftest.ts2 conftest.ts1"; + } +); then :; else + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + printf "%s\n" ""Bad output from ls -t: \"`ls -t conftest.ts[12]`\""" >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +as_fn_error $? "ls -t produces unexpected output. +Make sure there is not a broken ls alias in your environment. +See 'config.log' for more details" "$LINENO" 5; } +fi + +for am_try_res in $am_try_resolutions; do + # Any one fine-grained sleep might happen to cross the boundary + # between two values of a coarser actual resolution, but if we do + # two fine-grained sleeps in a row, at least one of them will fall + # entirely within a coarse interval. + echo alpha > conftest.ts1 + sleep $am_try_res + echo beta > conftest.ts2 + sleep $am_try_res + echo gamma > conftest.ts3 + + # We assume that 'ls -t' will make use of high-resolution + # timestamps if the operating system supports them at all. + if (set X `ls -t conftest.ts?` && + test "$2" = conftest.ts3 && + test "$3" = conftest.ts2 && + test "$4" = conftest.ts1); then + # + # Ok, ls -t worked. If we're at a resolution of 1 second, we're done, + # because we don't need to test make. + make_ok=true + if test $am_try_res != 1; then + # But if we've succeeded so far with a subsecond resolution, we + # have one more thing to check: make. It can happen that + # everything else supports the subsecond mtimes, but make doesn't; + # notably on macOS, which ships make 3.81 from 2006 (the last one + # released under GPLv2). https://bugs.gnu.org/68808 + # + # We test $MAKE if it is defined in the environment, else "make". + # It might get overridden later, but our hope is that in practice + # it does not matter: it is the system "make" which is (by far) + # the most likely to be broken, whereas if the user overrides it, + # probably they did so with a better, or at least not worse, make. + # https://lists.gnu.org/archive/html/automake/2024-06/msg00051.html + # + # Create a Makefile (real tab character here): + rm -f conftest.mk + echo 'conftest.ts1: conftest.ts2' >conftest.mk + echo ' touch conftest.ts2' >>conftest.mk + # + # Now, running + # touch conftest.ts1; touch conftest.ts2; make + # should touch ts1 because ts2 is newer. This could happen by luck, + # but most often, it will fail if make's support is insufficient. So + # test for several consecutive successes. + # + # (We reuse conftest.ts[12] because we still want to modify existing + # files, not create new ones, per above.) + n=0 + make=${MAKE-make} + until test $n -eq 3; do + echo one > conftest.ts1 + sleep $am_try_res + echo two > conftest.ts2 # ts2 should now be newer than ts1 + if $make -f conftest.mk | grep 'up to date' >/dev/null; then + make_ok=false + break # out of $n loop + fi + n=`expr $n + 1` + done + fi + # + if $make_ok; then + # Everything we know to check worked out, so call this resolution good. + am_cv_filesystem_timestamp_resolution=$am_try_res + break # out of $am_try_res loop + fi + # Otherwise, we'll go on to check the next resolution. + fi +done +rm -f conftest.ts? +# (end _am_filesystem_timestamp_resolution) + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_filesystem_timestamp_resolution" >&5 +printf "%s\n" "$am_cv_filesystem_timestamp_resolution" >&6; } + +# This check should not be cached, as it may vary across builds of +# different projects. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 printf %s "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory @@ -3281,49 +3472,45 @@ # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). -if ( - am_has_slept=no - for am_try in 1 2; do - echo "timestamp, slept: $am_has_slept" > conftest.file - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$*" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - if test "$*" != "X $srcdir/configure conftest.file" \ - && test "$*" != "X conftest.file $srcdir/configure"; then +am_build_env_is_sane=no +am_has_slept=no +rm -f conftest.file +for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + test "$2" = conftest.file + ); then + am_build_env_is_sane=yes + break + fi + # Just in case. + sleep "$am_cv_filesystem_timestamp_resolution" + am_has_slept=yes +done - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - as_fn_error $? "ls -t appears to fail. Make sure there is not a broken - alias in your environment" "$LINENO" 5 - fi - if test "$2" = conftest.file || test $am_try -eq 2; then - break - fi - # Just in case. - sleep 1 - am_has_slept=yes - done - test "$2" = conftest.file - ) -then - # Ok. - : -else - as_fn_error $? "newly created file is older than distributed files! +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_build_env_is_sane" >&5 +printf "%s\n" "$am_build_env_is_sane" >&6; } +if test "$am_build_env_is_sane" = no; then + as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } + # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= -if grep 'slept: no' conftest.file >/dev/null 2>&1; then - ( sleep 1 ) & +if test -e conftest.file || grep 'slept: no' conftest.file >/dev/null 2>&1 +then : + +else case e in #( + e) ( sleep "$am_cv_filesystem_timestamp_resolution" ) & am_sleep_pid=$! + ;; +esac fi rm -f conftest.file @@ -3334,7 +3521,7 @@ test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. -# By default was `s,x,x', remove it if useless. +# By default was 's,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"` @@ -3377,8 +3564,8 @@ if test ${ac_cv_prog_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$STRIP"; then +else case e in #( + e) if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3400,7 +3587,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then @@ -3422,8 +3610,8 @@ if test ${ac_cv_prog_ac_ct_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_STRIP"; then +else case e in #( + e) if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3445,7 +3633,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then @@ -3481,8 +3670,8 @@ if test ${ac_cv_path_mkdir+y} then : printf %s "(cached) " >&6 -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS @@ -3496,7 +3685,7 @@ as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir ('*'coreutils) '* | \ - 'BusyBox '* | \ + *'BusyBox '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext break 3;; @@ -3505,18 +3694,17 @@ done done IFS=$as_save_IFS - + ;; +esac fi test -d ./--version && rmdir ./--version if test ${ac_cv_path_mkdir+y}; then MKDIR_P="$ac_cv_path_mkdir -p" else - # As a last resort, use the slow shell script. Don't cache a - # value for MKDIR_P within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - MKDIR_P="$ac_install_sh -d" + # As a last resort, use plain mkdir -p, + # in the hope it doesn't have the bugs of ancient mkdir. + MKDIR_P='mkdir -p' fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 @@ -3531,8 +3719,8 @@ if test ${ac_cv_prog_AWK+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AWK"; then +else case e in #( + e) if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -3554,7 +3742,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then @@ -3576,8 +3765,8 @@ if eval test \${ac_cv_prog_make_${ac_make}_set+y} then : printf %s "(cached) " >&6 -else $as_nop - cat >conftest.make <<\_ACEOF +else case e in #( + e) cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' @@ -3589,7 +3778,8 @@ *) eval ac_cv_prog_make_${ac_make}_set=no;; esac -rm -f conftest.make +rm -f conftest.make ;; +esac fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -3610,25 +3800,21 @@ fi rmdir .tst 2>/dev/null +AM_DEFAULT_VERBOSITY=1 # Check whether --enable-silent-rules was given. if test ${enable_silent_rules+y} then : enableval=$enable_silent_rules; fi -case $enable_silent_rules in # ((( - yes) AM_DEFAULT_VERBOSITY=0;; - no) AM_DEFAULT_VERBOSITY=1;; - *) AM_DEFAULT_VERBOSITY=1;; -esac am_make=${MAKE-make} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 printf %s "checking whether $am_make supports nested variables... " >&6; } if test ${am_cv_make_support_nested_variables+y} then : printf %s "(cached) " >&6 -else $as_nop - if printf "%s\n" 'TRUE=$(BAR$(V)) +else case e in #( + e) if printf "%s\n" 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 @@ -3638,19 +3824,50 @@ am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no -fi +fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 printf "%s\n" "$am_cv_make_support_nested_variables" >&6; } -if test $am_cv_make_support_nested_variables = yes; then - AM_V='$(V)' - AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' -else - AM_V=$AM_DEFAULT_VERBOSITY - AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY -fi AM_BACKSLASH='\' +am__rm_f_notfound= +if (rm -f && rm -fr && rm -rf) 2>/dev/null +then : + +else case e in #( + e) am__rm_f_notfound='""' ;; +esac +fi + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking xargs -n works" >&5 +printf %s "checking xargs -n works... " >&6; } +if test ${am_cv_xargs_n_works+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test "`echo 1 2 3 | xargs -n2 echo`" = "1 2 +3" +then : + am_cv_xargs_n_works=yes +else case e in #( + e) am_cv_xargs_n_works=no ;; +esac +fi ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_xargs_n_works" >&5 +printf "%s\n" "$am_cv_xargs_n_works" >&6; } +if test "$am_cv_xargs_n_works" = yes +then : + am__xargs_n='xargs -n' +else case e in #( + e) am__xargs_n='am__xargs_n () { shift; sed "s/ /\\n/g" | while read am__xargs_n_arg; do "" "$am__xargs_n_arg"; done; }' + ;; +esac +fi + if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." @@ -3673,7 +3890,7 @@ # Define the identity of the package. PACKAGE='bind' - VERSION='9.18.33' + VERSION='9.18.41' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -3794,8 +4011,9 @@ if test ${am_cv_prog_tar_pax+y} then : printf %s "(cached) " >&6 -else $as_nop - am_cv_prog_tar_pax=$_am_tool +else case e in #( + e) am_cv_prog_tar_pax=$_am_tool ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_pax" >&5 @@ -3820,89 +4038,12 @@ -# POSIX will say in a future version that running "rm -f" with no argument -# is OK; and we want to be able to make that assumption in our Makefile -# recipes. So use an aggressive probe to check that the usage we want is -# actually supported "in the wild" to an acceptable degree. -# See automake bug#10828. -# To make any issue more visible, cause the running configure to be aborted -# by default if the 'rm' program in use doesn't match our expectations; the -# user can still override this though. -if rm -f && rm -fr && rm -rf; then : OK; else - cat >&2 <<'END' -Oops! - -Your 'rm' program seems unable to run without file operands specified -on the command line, even when the '-f' option is present. This is contrary -to the behaviour of most rm programs out there, and not conforming with -the upcoming POSIX standard: - -Please tell bug-automake@gnu.org about your system, including the value -of your $PATH and any error possibly output before this message. This -can help us improve future automake versions. -END - if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then - echo 'Configuration will proceed anyway, since you have set the' >&2 - echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 - echo >&2 - else - cat >&2 <<'END' -Aborting the configuration process, to ensure you take notice of the issue. - -You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: . - -If you want to complete the configuration process using your problematic -'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM -to "yes", and re-run configure. -END - as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 - fi -fi -# Check whether --enable-silent-rules was given. -if test ${enable_silent_rules+y} -then : - enableval=$enable_silent_rules; -fi -case $enable_silent_rules in # ((( - yes) AM_DEFAULT_VERBOSITY=0;; - no) AM_DEFAULT_VERBOSITY=1;; - *) AM_DEFAULT_VERBOSITY=0;; -esac -am_make=${MAKE-make} -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 -printf %s "checking whether $am_make supports nested variables... " >&6; } -if test ${am_cv_make_support_nested_variables+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if printf "%s\n" 'TRUE=$(BAR$(V)) -BAR0=false -BAR1=true -V=1 -am__doit: - @$(TRUE) -.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then - am_cv_make_support_nested_variables=yes -else - am_cv_make_support_nested_variables=no -fi -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 -printf "%s\n" "$am_cv_make_support_nested_variables" >&6; } -if test $am_cv_make_support_nested_variables = yes; then - AM_V='$(V)' - AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' -else - AM_V=$AM_DEFAULT_VERBOSITY - AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY -fi -AM_BACKSLASH='\' +AM_DEFAULT_VERBOSITY=0 ac_config_headers="$ac_config_headers config.h" @@ -3922,8 +4063,9 @@ if test ${enable_maintainer_mode+y} then : enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval -else $as_nop - USE_MAINTAINER_MODE=yes +else case e in #( + e) USE_MAINTAINER_MODE=yes ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 @@ -3939,16 +4081,17 @@ MAINT=$MAINTAINER_MODE_TRUE -else $as_nop - +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 printf %s "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } # Check whether --enable-maintainer-mode was given. if test ${enable_maintainer_mode+y} then : enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval -else $as_nop - USE_MAINTAINER_MODE=no +else case e in #( + e) USE_MAINTAINER_MODE=no ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 @@ -3963,7 +4106,8 @@ MAINT=$MAINTAINER_MODE_TRUE - + ;; +esac fi # @@ -4055,8 +4199,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4078,7 +4222,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4100,8 +4245,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4123,7 +4268,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -4158,8 +4304,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4181,7 +4327,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4203,8 +4350,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no @@ -4243,7 +4390,8 @@ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4267,8 +4415,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4290,7 +4438,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4316,8 +4465,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4339,7 +4488,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -4377,8 +4527,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4400,7 +4550,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -4422,8 +4573,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -4445,7 +4596,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -4474,10 +4626,10 @@ fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -4549,8 +4701,8 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' + # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'. +# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. @@ -4570,7 +4722,7 @@ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' + # safe: cross compilers may not add the suffix if given an '-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. @@ -4581,8 +4733,9 @@ done test "$ac_cv_exeext" = no && ac_cv_exeext= -else $as_nop - ac_file='' +else case e in #( + e) ac_file='' ;; +esac fi if test -z "$ac_file" then : @@ -4591,13 +4744,14 @@ printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } +See 'config.log' for more details" "$LINENO" 5; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 printf %s "checking for C compiler default output file name... " >&6; } @@ -4621,10 +4775,10 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. + # If both 'conftest.exe' and 'conftest' are 'present' (well, observable) +# catch 'conftest.exe'. For instance with Cygwin, 'ls conftest' will +# work properly (i.e., refer to 'conftest.exe'), while it won't with +# 'rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in @@ -4634,11 +4788,12 @@ * ) break;; esac done -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f conftest conftest$ac_cv_exeext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 @@ -4654,6 +4809,8 @@ main (void) { FILE *f = fopen ("conftest.out", "w"); + if (!f) + return 1; return ferror (f) || fclose (f) != 0; ; @@ -4693,26 +4850,27 @@ if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } +If you meant to cross compile, use '--host'. +See 'config.log' for more details" "$LINENO" 5; } fi fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 printf "%s\n" "$cross_compiling" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +rm -f conftest.$ac_ext conftest$ac_cv_exeext \ + conftest.o conftest.obj conftest.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 printf %s "checking for suffix of object files... " >&6; } if test ${ac_cv_objext+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4744,16 +4902,18 @@ break;; esac done -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext +rm -f conftest.$ac_cv_objext conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 printf "%s\n" "$ac_cv_objext" >&6; } @@ -4764,8 +4924,8 @@ if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4782,12 +4942,14 @@ if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } @@ -4805,8 +4967,8 @@ if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" @@ -4824,8 +4986,8 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else $as_nop - CFLAGS="" +else case e in #( + e) CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4840,8 +5002,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4858,12 +5020,15 @@ then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } @@ -4890,8 +5055,8 @@ if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c11=no +else case e in #( + e) ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4908,25 +5073,28 @@ test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" + CC="$CC $ac_cv_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -4936,8 +5104,8 @@ if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c99=no +else case e in #( + e) ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4954,25 +5122,28 @@ test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" + CC="$CC $ac_cv_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -4982,8 +5153,8 @@ if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c89=no +else case e in #( + e) ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5000,25 +5171,28 @@ test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" + CC="$CC $ac_cv_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi @@ -5039,8 +5213,8 @@ if test ${am_cv_prog_cc_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -5070,7 +5244,8 @@ fi done rm -f core conftest* - unset am_i + unset am_i ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 printf "%s\n" "$am_cv_prog_cc_c_o" >&6; } @@ -5096,8 +5271,8 @@ if test ${am_cv_CC_dependencies_compiler_type+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then +else case e in #( + e) if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up @@ -5184,7 +5359,7 @@ # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: + # When given -MP, icc 7.0 and 7.1 complain thus: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported @@ -5201,7 +5376,8 @@ else am_cv_CC_dependencies_compiler_type=none fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; } @@ -5259,8 +5435,8 @@ if test ${ac_cv_safe_to_define___extensions__+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define __EXTENSIONS__ 1 @@ -5276,10 +5452,12 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_safe_to_define___extensions__=yes -else $as_nop - ac_cv_safe_to_define___extensions__=no +else case e in #( + e) ac_cv_safe_to_define___extensions__=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 printf "%s\n" "$ac_cv_safe_to_define___extensions__" >&6; } @@ -5289,8 +5467,8 @@ if test ${ac_cv_should_define__xopen_source+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_should_define__xopen_source=no +else case e in #( + e) ac_cv_should_define__xopen_source=no if test $ac_cv_header_wchar_h = yes then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -5309,8 +5487,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _XOPEN_SOURCE 500 @@ -5328,10 +5506,12 @@ then : ac_cv_should_define__xopen_source=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -fi +fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_should_define__xopen_source" >&5 printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; } @@ -5356,6 +5536,8 @@ printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_EXT__ 1" >>confdefs.h + printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h @@ -5375,8 +5557,9 @@ printf "%s\n" "#define _POSIX_1_SOURCE 2" >>confdefs.h -else $as_nop - MINIX= +else case e in #( + e) MINIX= ;; +esac fi if test $ac_cv_safe_to_define___extensions__ = yes then : @@ -5406,8 +5589,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -5429,7 +5612,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -5451,8 +5635,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -5474,7 +5658,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -5509,8 +5694,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -5532,7 +5717,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -5554,8 +5740,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no @@ -5594,7 +5780,8 @@ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -5618,8 +5805,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -5641,7 +5828,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -5667,8 +5855,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -5690,7 +5878,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -5728,8 +5917,8 @@ if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -5751,7 +5940,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then @@ -5773,8 +5963,8 @@ if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -5796,7 +5986,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then @@ -5825,10 +6016,10 @@ fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -5860,8 +6051,8 @@ if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -5878,12 +6069,14 @@ if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } @@ -5901,8 +6094,8 @@ if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" @@ -5920,8 +6113,8 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else $as_nop - CFLAGS="" +else case e in #( + e) CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5936,8 +6129,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5954,12 +6147,15 @@ then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } @@ -5986,8 +6182,8 @@ if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c11=no +else case e in #( + e) ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6004,25 +6200,28 @@ test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" + CC="$CC $ac_cv_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -6032,8 +6231,8 @@ if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c99=no +else case e in #( + e) ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6050,25 +6249,28 @@ test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" + CC="$CC $ac_cv_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -6078,8 +6280,8 @@ if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c89=no +else case e in #( + e) ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6096,25 +6298,28 @@ test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" + CC="$CC $ac_cv_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi @@ -6135,8 +6340,8 @@ if test ${am_cv_prog_cc_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -6166,7 +6371,8 @@ fi done rm -f core conftest* - unset am_i + unset am_i ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 printf "%s\n" "$am_cv_prog_cc_c_o" >&6; } @@ -6192,8 +6398,8 @@ if test ${am_cv_CC_dependencies_compiler_type+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then +else case e in #( + e) if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up @@ -6280,7 +6486,7 @@ # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: + # When given -MP, icc 7.0 and 7.1 complain thus: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported @@ -6297,7 +6503,8 @@ else am_cv_CC_dependencies_compiler_type=none fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; } @@ -6329,8 +6536,8 @@ if test ${ac_cv_prog_CPP+y} then : printf %s "(cached) " >&6 -else $as_nop - # Double quotes because $CC needs to be expanded +else case e in #( + e) # Double quotes because $CC needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false @@ -6348,9 +6555,10 @@ if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -6364,15 +6572,16 @@ then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : @@ -6381,7 +6590,8 @@ done ac_cv_prog_CPP=$CPP - + ;; +esac fi CPP=$ac_cv_prog_CPP else @@ -6404,9 +6614,10 @@ if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -6420,24 +6631,26 @@ then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi ac_ext=c @@ -6491,8 +6704,8 @@ if test ${ac_cv_prog_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$CC_FOR_BUILD"; then ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6514,7 +6727,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD if test -n "$CC_FOR_BUILD"; then @@ -6536,8 +6750,8 @@ if test ${ac_cv_prog_ac_ct_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$ac_ct_CC_FOR_BUILD"; then ac_cv_prog_ac_ct_CC_FOR_BUILD="$ac_ct_CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6559,7 +6773,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC_FOR_BUILD=$ac_cv_prog_ac_ct_CC_FOR_BUILD if test -n "$ac_ct_CC_FOR_BUILD"; then @@ -6594,8 +6809,8 @@ if test ${ac_cv_prog_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$CC_FOR_BUILD"; then ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6617,7 +6832,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD if test -n "$CC_FOR_BUILD"; then @@ -6639,8 +6855,8 @@ if test ${ac_cv_prog_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$CC_FOR_BUILD"; then ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. else ac_prog_rejected=no @@ -6679,7 +6895,8 @@ ac_cv_prog_CC_FOR_BUILD="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD if test -n "$CC_FOR_BUILD"; then @@ -6703,8 +6920,8 @@ if test ${ac_cv_prog_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$CC_FOR_BUILD"; then ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6726,7 +6943,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD if test -n "$CC_FOR_BUILD"; then @@ -6752,8 +6970,8 @@ if test ${ac_cv_prog_ac_ct_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$ac_ct_CC_FOR_BUILD"; then ac_cv_prog_ac_ct_CC_FOR_BUILD="$ac_ct_CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6775,7 +6993,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC_FOR_BUILD=$ac_cv_prog_ac_ct_CC_FOR_BUILD if test -n "$ac_ct_CC_FOR_BUILD"; then @@ -6813,8 +7032,8 @@ if test ${ac_cv_prog_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$CC_FOR_BUILD"; then ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6836,7 +7055,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD if test -n "$CC_FOR_BUILD"; then @@ -6858,8 +7078,8 @@ if test ${ac_cv_prog_ac_ct_CC_FOR_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC_FOR_BUILD"; then +else case e in #( + e) if test -n "$ac_ct_CC_FOR_BUILD"; then ac_cv_prog_ac_ct_CC_FOR_BUILD="$ac_ct_CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -6881,7 +7101,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC_FOR_BUILD=$ac_cv_prog_ac_ct_CC_FOR_BUILD if test -n "$ac_ct_CC_FOR_BUILD"; then @@ -6910,10 +7131,10 @@ fi -test -z "$CC_FOR_BUILD" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC_FOR_BUILD" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -6945,8 +7166,8 @@ if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -6963,12 +7184,14 @@ if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } @@ -6986,8 +7209,8 @@ if test ${ac_cv_build_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_build_prog_cc_g=no CFLAGS_FOR_BUILD="-g" @@ -7005,8 +7228,8 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_build_prog_cc_g=yes -else $as_nop - CFLAGS_FOR_BUILD="" +else case e in #( + e) CFLAGS_FOR_BUILD="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7021,8 +7244,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS_FOR_BUILD="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7039,12 +7262,15 @@ then : ac_cv_build_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_build_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_g" >&5 printf "%s\n" "$ac_cv_build_prog_cc_g" >&6; } @@ -7071,8 +7297,8 @@ if test ${ac_cv_build_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_build_prog_cc_c11=no +else case e in #( + e) ac_cv_build_prog_cc_c11=no ac_save_CC=$CC_FOR_BUILD cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7089,25 +7315,28 @@ test "x$ac_cv_build_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC_FOR_BUILD=$ac_save_CC +CC_FOR_BUILD=$ac_save_CC ;; +esac fi if test "x$ac_cv_build_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_build_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_build_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_build_prog_cc_c11" >&6; } - CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c11" + CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_build_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -7117,8 +7346,8 @@ if test ${ac_cv_build_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_build_prog_cc_c99=no +else case e in #( + e) ac_cv_build_prog_cc_c99=no ac_save_CC=$CC_FOR_BUILD cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7135,25 +7364,28 @@ test "x$ac_cv_build_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC_FOR_BUILD=$ac_save_CC +CC_FOR_BUILD=$ac_save_CC ;; +esac fi if test "x$ac_cv_build_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_build_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_build_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_build_prog_cc_c99" >&6; } - CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c99" + CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_build_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno @@ -7163,8 +7395,8 @@ if test ${ac_cv_build_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_build_prog_cc_c89=no +else case e in #( + e) ac_cv_build_prog_cc_c89=no ac_save_CC=$CC_FOR_BUILD cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7181,25 +7413,28 @@ test "x$ac_cv_build_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC_FOR_BUILD=$ac_save_CC +CC_FOR_BUILD=$ac_save_CC ;; +esac fi if test "x$ac_cv_build_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_build_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_build_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_build_prog_cc_c89" >&6; } - CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c89" + CC_FOR_BUILD="$CC_FOR_BUILD $ac_cv_build_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_build_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi @@ -7220,8 +7455,8 @@ if test ${am_cv_build_prog_cc_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -7251,7 +7486,8 @@ fi done rm -f core conftest* - unset am_i + unset am_i ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_build_prog_cc_c_o" >&5 printf "%s\n" "$am_cv_build_prog_cc_c_o" >&6; } @@ -7277,8 +7513,8 @@ if test ${am_cv_build_CC_dependencies_compiler_type+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then +else case e in #( + e) if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up @@ -7365,7 +7601,7 @@ # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. - # When given -MP, icc 7.0 and 7.1 complain thusly: + # When given -MP, icc 7.0 and 7.1 complain thus: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported @@ -7382,7 +7618,8 @@ else am_cv_build_CC_dependencies_compiler_type=none fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_build_CC_dependencies_compiler_type" >&5 printf "%s\n" "$am_cv_build_CC_dependencies_compiler_type" >&6; } @@ -7450,8 +7687,8 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' + # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'. +# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. @@ -7471,7 +7708,7 @@ ac_cv_build_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' + # safe: cross compilers may not add the suffix if given an '-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. @@ -7482,8 +7719,9 @@ done test "$ac_cv_build_exeext" = no && ac_cv_build_exeext= -else $as_nop - ac_file='' +else case e in #( + e) ac_file='' ;; +esac fi if test -z "$ac_file" then : @@ -7492,13 +7730,14 @@ printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } +See 'config.log' for more details" "$LINENO" 5; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 printf %s "checking for C compiler default output file name... " >&6; } @@ -7522,10 +7761,10 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. + # If both 'conftest.exe' and 'conftest' are 'present' (well, observable) +# catch 'conftest.exe'. For instance with Cygwin, 'ls conftest' will +# work properly (i.e., refer to 'conftest.exe'), while it won't with +# 'rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in @@ -7535,11 +7774,12 @@ * ) break;; esac done -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f conftest conftest$ac_cv_build_exeext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_exeext" >&5 @@ -7555,6 +7795,8 @@ main (void) { FILE *f = fopen ("conftest.out", "w"); + if (!f) + return 1; return ferror (f) || fclose (f) != 0; ; @@ -7594,18 +7836,19 @@ if test "$cross_compiling_build" = maybe; then cross_compiling_build=yes else - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "cannot run C compiled programs. -If you meant to cross compile, use \`--build'. -See \`config.log' for more details" "$LINENO" 5; } +If you meant to cross compile, use '--build'. +See 'config.log' for more details" "$LINENO" 5; } fi fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling_build" >&5 printf "%s\n" "$cross_compiling_build" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_build_exeext conftest.out +rm -f conftest.$ac_ext conftest$ac_cv_build_exeext \ + conftest.o conftest.obj conftest.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 @@ -7613,8 +7856,8 @@ if test ${ac_cv_build_objext+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -7646,16 +7889,18 @@ break;; esac done -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi -rm -f conftest.$ac_cv_build_objext conftest.$ac_ext +rm -f conftest.$ac_cv_build_objext conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build_objext" >&5 printf "%s\n" "$ac_cv_build_objext" >&6; } @@ -7677,8 +7922,8 @@ if test ${ac_cv_build_prog_CPP+y} then : printf %s "(cached) " >&6 -else $as_nop - # Double quotes because $CC needs to be expanded +else case e in #( + e) # Double quotes because $CC needs to be expanded for CPP_FOR_BUILD in "$CC_FOR_BUILD -E" "$CC_FOR_BUILD -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false @@ -7696,9 +7941,10 @@ if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -7712,15 +7958,16 @@ then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : @@ -7729,7 +7976,8 @@ done ac_cv_build_prog_CPP=$CPP_FOR_BUILD - + ;; +esac fi CPP_FOR_BUILD=$ac_cv_build_prog_CPP else @@ -7752,9 +8000,10 @@ if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -7768,24 +8017,26 @@ then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP_FOR_BUILD\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi ac_ext=c @@ -7813,8 +8064,8 @@ if test ${ac_cv_c_bigendian+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_c_bigendian=unknown +else case e in #( + e) ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7860,8 +8111,8 @@ int main (void) { -#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ - && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \\ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \\ && LITTLE_ENDIAN) bogus endian macros #endif @@ -7892,8 +8143,9 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_bigendian=yes -else $as_nop - ac_cv_c_bigendian=no +else case e in #( + e) ac_cv_c_bigendian=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -7937,8 +8189,9 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_bigendian=yes -else $as_nop - ac_cv_c_bigendian=no +else case e in #( + e) ac_cv_c_bigendian=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -7965,22 +8218,23 @@ int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; } - extern int foo; - -int -main (void) -{ -return use_ascii (foo) == use_ebcdic (foo); - ; - return 0; -} + int + main (int argc, char **argv) + { + /* Intimidate the compiler so that it does not + optimize the arrays away. */ + char *p = argv[0]; + ascii_mm[1] = *p++; ebcdic_mm[1] = *p++; + ascii_ii[1] = *p++; ebcdic_ii[1] = *p++; + return use_ascii (argc) == use_ebcdic (*p); + } _ACEOF -if ac_fn_c_try_compile "$LINENO" +if ac_fn_c_try_link "$LINENO" then : - if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + if grep BIGenDianSyS conftest$ac_exeext >/dev/null; then ac_cv_c_bigendian=yes fi - if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if grep LiTTleEnDian conftest$ac_exeext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else @@ -7989,9 +8243,10 @@ fi fi fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int @@ -8014,14 +8269,17 @@ if ac_fn_c_try_run "$LINENO" then : ac_cv_c_bigendian=no -else $as_nop - ac_cv_c_bigendian=yes +else case e in #( + e) ac_cv_c_bigendian=yes ;; +esac fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 printf "%s\n" "$ac_cv_c_bigendian" >&6; } @@ -8050,31 +8308,34 @@ then : enableval=$enable_largefile; fi - -if test "$enable_largefile" != no; then - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -printf %s "checking for special C compiler options needed for large files... " >&6; } -if test ${ac_cv_sys_largefile_CC+y} +if test "$enable_largefile,$enable_year2038" != no,no +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CPPFLAGS option for large files" >&5 +printf %s "checking for $CPPFLAGS option for large files... " >&6; } +if test ${ac_cv_sys_largefile_opts+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_sys_largefile_CC=no - if test "$GCC" != yes; then - ac_save_CC=$CC - while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) ac_save_CPPFLAGS=$CPPFLAGS + ac_opt_found=no + for ac_opt in "none needed" "-D_FILE_OFFSET_BITS=64" "-D_LARGE_FILES=1"; do + if test x"$ac_opt" != x"none needed" +then : + CPPFLAGS="$ac_save_CPPFLAGS $ac_opt" +fi + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, +#ifndef FTYPE +# define FTYPE off_t +#endif + /* Check that FTYPE can represent 2**63 - 1 correctly. + We can't simply define LARGE_FTYPE to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) +#define LARGE_FTYPE (((FTYPE) 1 << 31 << 31) - 1 + ((FTYPE) 1 << 31 << 31)) + int FTYPE_is_large[(LARGE_FTYPE % 2147483629 == 721 + && LARGE_FTYPE % 2147483647 == 1) ? 1 : -1]; int main (void) @@ -8084,142 +8345,86 @@ return 0; } _ACEOF - if ac_fn_c_try_compile "$LINENO" +if ac_fn_c_try_compile "$LINENO" then : - break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam - CC="$CC -n32" + if test x"$ac_opt" = x"none needed" +then : + # GNU/Linux s390x and alpha need _FILE_OFFSET_BITS=64 for wide ino_t. + CPPFLAGS="$CPPFLAGS -DFTYPE=ino_t" if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_largefile_CC=' -n32'; break + +else case e in #( + e) CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=64" + if ac_fn_c_try_compile "$LINENO" +then : + ac_opt='-D_FILE_OFFSET_BITS=64' +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam - break - done - CC=$ac_save_CC - rm -f conftest.$ac_ext - fi fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; } - if test "$ac_cv_sys_largefile_CC" != no; then - CC=$CC$ac_cv_sys_largefile_CC - fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if test ${ac_cv_sys_file_offset_bits+y} -then : - printf %s "(cached) " >&6 -else $as_nop - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main (void) -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_sys_file_offset_bits=no; break + ac_cv_sys_largefile_opts=$ac_opt + ac_opt_found=yes fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _FILE_OFFSET_BITS 64 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main (void) -{ + test $ac_opt_found = no || break + done + CPPFLAGS=$ac_save_CPPFLAGS - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ac_cv_sys_file_offset_bits=64; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_cv_sys_file_offset_bits=unknown - break -done + test $ac_opt_found = yes || ac_cv_sys_largefile_opts="support not detected" ;; +esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; } -case $ac_cv_sys_file_offset_bits in #( - no | unknown) ;; - *) -printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h -;; +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_opts" >&5 +printf "%s\n" "$ac_cv_sys_largefile_opts" >&6; } + +ac_have_largefile=yes +case $ac_cv_sys_largefile_opts in #( + "none needed") : + ;; #( + "supported through gnulib") : + ;; #( + "support not detected") : + ac_have_largefile=no ;; #( + "-D_FILE_OFFSET_BITS=64") : + +printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h + ;; #( + "-D_LARGE_FILES=1") : + +printf "%s\n" "#define _LARGE_FILES 1" >>confdefs.h + ;; #( + *) : + as_fn_error $? "internal error: bad value for \$ac_cv_sys_largefile_opts" "$LINENO" 5 ;; esac -rm -rf conftest* - if test $ac_cv_sys_file_offset_bits = unknown; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -printf %s "checking for _LARGE_FILES value needed for large files... " >&6; } -if test ${ac_cv_sys_large_files+y} + +if test "$enable_year2038" != no +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CPPFLAGS option for timestamps after 2038" >&5 +printf %s "checking for $CPPFLAGS option for timestamps after 2038... " >&6; } +if test ${ac_cv_sys_year2038_opts+y} then : printf %s "(cached) " >&6 -else $as_nop - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main (void) -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" +else case e in #( + e) ac_save_CPPFLAGS="$CPPFLAGS" + ac_opt_found=no + for ac_opt in "none needed" "-D_TIME_BITS=64" "-D__MINGW_USE_VC2005_COMPAT" "-U_USE_32_BIT_TIME_T -D__MINGW_USE_VC2005_COMPAT"; do + if test x"$ac_opt" != x"none needed" then : - ac_cv_sys_large_files=no; break + CPPFLAGS="$ac_save_CPPFLAGS $ac_opt" fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#define _LARGE_FILES 1 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; + + #include + /* Check that time_t can represent 2**32 - 1 correctly. */ + #define LARGE_TIME_T \\ + ((time_t) (((time_t) 1 << 30) - 1 + 3 * ((time_t) 1 << 30))) + int verify_time_t_range[(LARGE_TIME_T / 65537 == 65535 + && LARGE_TIME_T % 65537 == 0) + ? 1 : -1]; + int main (void) { @@ -8230,93 +8435,140 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_large_files=1; break + ac_cv_sys_year2038_opts="$ac_opt" + ac_opt_found=yes fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_cv_sys_large_files=unknown - break -done + test $ac_opt_found = no || break + done + CPPFLAGS="$ac_save_CPPFLAGS" + test $ac_opt_found = yes || ac_cv_sys_year2038_opts="support not detected" ;; +esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -printf "%s\n" "$ac_cv_sys_large_files" >&6; } -case $ac_cv_sys_large_files in #( - no | unknown) ;; - *) -printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h -;; +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_year2038_opts" >&5 +printf "%s\n" "$ac_cv_sys_year2038_opts" >&6; } + +ac_have_year2038=yes +case $ac_cv_sys_year2038_opts in #( + "none needed") : + ;; #( + "support not detected") : + ac_have_year2038=no ;; #( + "-D_TIME_BITS=64") : + +printf "%s\n" "#define _TIME_BITS 64" >>confdefs.h + ;; #( + "-D__MINGW_USE_VC2005_COMPAT") : + +printf "%s\n" "#define __MINGW_USE_VC2005_COMPAT 1" >>confdefs.h + ;; #( + "-U_USE_32_BIT_TIME_T"*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} +as_fn_error $? "the 'time_t' type is currently forced to be 32-bit. It +will stop working after mid-January 2038. Remove +_USE_32BIT_TIME_T from the compiler flags. +See 'config.log' for more details" "$LINENO" 5; } ;; #( + *) : + as_fn_error $? "internal error: bad value for \$ac_cv_sys_year2038_opts" "$LINENO" 5 ;; esac -rm -rf conftest* - fi + fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 -printf %s "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } -if test ${ac_cv_sys_largefile_source+y} +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for declarations of fseeko and ftello" >&5 +printf %s "checking for declarations of fseeko and ftello... " >&6; } +if test ${ac_cv_func_fseeko_ftello+y} then : printf %s "(cached) " >&6 -else $as_nop - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ + +#if defined __hpux && !defined _LARGEFILE_SOURCE +# include +# if LONG_MAX >> 31 == 0 +# error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++" +# endif +#endif #include /* for off_t */ - #include +#include + int main (void) { -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + + int (*fp1) (FILE *, off_t, int) = fseeko; + off_t (*fp2) (FILE *) = ftello; + return fseeko (stdin, 0, 0) + && fp1 (stdin, 0, 0) + && ftello (stdin) >= 0 + && fp2 (stdin) >= 0; + ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO" +if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_largefile_source=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + ac_cv_func_fseeko_ftello=yes +else case e in #( + e) ac_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE=1" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#define _LARGEFILE_SOURCE 1 + +#if defined __hpux && !defined _LARGEFILE_SOURCE +# include +# if LONG_MAX >> 31 == 0 +# error "32-bit HP-UX 11/ia64 needs _LARGEFILE_SOURCE for fseeko in C++" +# endif +#endif #include /* for off_t */ - #include +#include + int main (void) { -int (*fp) (FILE *, off_t, int) = fseeko; - return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + + int (*fp1) (FILE *, off_t, int) = fseeko; + off_t (*fp2) (FILE *) = ftello; + return fseeko (stdin, 0, 0) + && fp1 (stdin, 0, 0) + && ftello (stdin) >= 0 + && fp2 (stdin) >= 0; + ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO" +if ac_fn_c_try_compile "$LINENO" then : - ac_cv_sys_largefile_source=1; break + ac_cv_func_fseeko_ftello="need _LARGEFILE_SOURCE" +else case e in #( + e) ac_cv_func_fseeko_ftello=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - ac_cv_sys_largefile_source=unknown - break -done +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5 -printf "%s\n" "$ac_cv_sys_largefile_source" >&6; } -case $ac_cv_sys_largefile_source in #( - no | unknown) ;; - *) -printf "%s\n" "#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source" >>confdefs.h -;; +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; esac -rm -rf conftest* - -# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug -# in glibc 2.1.3, but that breaks too many other things. -# If you want fseeko and ftello with glibc, upgrade to a fixed glibc. -if test $ac_cv_sys_largefile_source != unknown; then +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fseeko_ftello" >&5 +printf "%s\n" "$ac_cv_func_fseeko_ftello" >&6; } +if test "$ac_cv_func_fseeko_ftello" != no +then : printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h fi +if test "$ac_cv_func_fseeko_ftello" = "need _LARGEFILE_SOURCE" +then : + +printf "%s\n" "#define _LARGEFILE_SOURCE 1" >>confdefs.h + +fi # Enable RFC 3542 APIs on macOS @@ -8331,8 +8583,8 @@ if eval test \${ac_cv_prog_make_${ac_make}_set+y} then : printf %s "(cached) " >&6 -else $as_nop - cat >conftest.make <<\_ACEOF +else case e in #( + e) cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' @@ -8344,7 +8596,8 @@ *) eval ac_cv_prog_make_${ac_make}_set=no;; esac -rm -f conftest.make +rm -f conftest.make ;; +esac fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -8369,8 +8622,8 @@ if test ${ac_cv_prog_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AR"; then +else case e in #( + e) if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8392,7 +8645,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi AR=$ac_cv_prog_AR if test -n "$AR"; then @@ -8418,8 +8672,8 @@ if test ${ac_cv_prog_ac_ct_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_AR"; then +else case e in #( + e) if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8441,7 +8695,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then @@ -8470,14 +8725,15 @@ fi : ${AR=ar} +: ${ARFLAGS=cr} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5 printf %s "checking the archiver ($AR) interface... " >&6; } if test ${am_cv_ar_interface+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_ext=c +else case e in #( + e) ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' @@ -8490,7 +8746,7 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : - am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5' + am_ar_try='$AR $ARFLAGS libconftest.a conftest.$ac_objext >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 (eval $am_ar_try) 2>&5 ac_status=$? @@ -8520,7 +8776,8 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5 printf "%s\n" "$am_cv_ar_interface" >&6; } @@ -8560,8 +8817,8 @@ if test ${ac_cv_prog_shell+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_test_shell_script=' +else case e in #( + e) ac_test_shell_script=' test "$(expr 1 + 1)" = "2" && test "$(( 1 + 1 ))" = "2" ' @@ -8580,7 +8837,8 @@ ;; esac done - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_shell" >&5 printf "%s\n" "$ac_cv_prog_shell" >&6; } @@ -8590,9 +8848,10 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using $SHELL, even though it does not conform to POSIX" >&5 printf "%s\n" "$as_me: WARNING: using $SHELL, even though it does not conform to POSIX" >&2;} -else $as_nop - SHELL="$ac_cv_prog_shell" - +else case e in #( + e) SHELL="$ac_cv_prog_shell" + ;; +esac fi @@ -8607,8 +8866,8 @@ -macro_version='2.4.7' -macro_revision='2.4.7' +macro_version='2.5.4' +macro_revision='2.5.4' @@ -8699,8 +8958,8 @@ if test ${ac_cv_path_SED+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ +else case e in #( + e) ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done @@ -8725,9 +8984,10 @@ as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED -case `"$ac_path_SED" --version 2>&1` in +case `"$ac_path_SED" --version 2>&1` in #( *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -8762,7 +9022,8 @@ else ac_cv_path_SED=$SED fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 printf "%s\n" "$ac_cv_path_SED" >&6; } @@ -8787,8 +9048,8 @@ if test ${ac_cv_path_GREP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$GREP"; then +else case e in #( + e) if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -8807,9 +9068,10 @@ as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in +case `"$ac_path_GREP" --version 2>&1` in #( *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -8844,7 +9106,8 @@ else ac_cv_path_GREP=$GREP fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 printf "%s\n" "$ac_cv_path_GREP" >&6; } @@ -8856,8 +9119,8 @@ if test ${ac_cv_path_EGREP+y} then : printf %s "(cached) " >&6 -else $as_nop - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 +else case e in #( + e) if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then @@ -8879,9 +9142,10 @@ as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in +case `"$ac_path_EGREP" --version 2>&1` in #( *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -8917,20 +9181,23 @@ ac_cv_path_EGREP=$EGREP fi - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 printf "%s\n" "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" + EGREP_TRADITIONAL=$EGREP + ac_cv_path_EGREP_TRADITIONAL=$EGREP { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 printf %s "checking for fgrep... " >&6; } if test ${ac_cv_path_FGREP+y} then : printf %s "(cached) " >&6 -else $as_nop - if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 +else case e in #( + e) if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else if test -z "$FGREP"; then @@ -8952,9 +9219,10 @@ as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP -case `"$ac_path_FGREP" --version 2>&1` in +case `"$ac_path_FGREP" --version 2>&1` in #( *GNU*) ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" @@ -8990,7 +9258,8 @@ ac_cv_path_FGREP=$FGREP fi - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 printf "%s\n" "$ac_cv_path_FGREP" >&6; } @@ -9021,8 +9290,9 @@ if test ${with_gnu_ld+y} then : withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes -else $as_nop - with_gnu_ld=no +else case e in #( + e) with_gnu_ld=no ;; +esac fi ac_prog=ld @@ -9031,7 +9301,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 printf %s "checking for ld used by $CC... " >&6; } case $host in - *-*-mingw*) + *-*-mingw* | *-*-windows*) # gcc leaves a trailing carriage return, which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) @@ -9067,8 +9337,8 @@ if test ${lt_cv_path_LD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$LD"; then +else case e in #( + e) if test -z "$LD"; then lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS=$lt_save_ifs @@ -9091,7 +9361,8 @@ IFS=$lt_save_ifs else lt_cv_path_LD=$LD # Let the user override the test with a path. -fi +fi ;; +esac fi LD=$lt_cv_path_LD @@ -9108,8 +9379,8 @@ if test ${lt_cv_prog_gnu_ld+y} then : printf %s "(cached) " >&6 -else $as_nop - # I'd rather use --version here, but apparently some GNU lds only accept -v. +else case e in #( + e) # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 @@ -9136,8 +9408,8 @@ if test ${lt_cv_path_NM+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$NM"; then +else case e in #( + e) if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM=$NM else @@ -9158,7 +9430,7 @@ # Tru64's nm complains that /dev/null is an invalid object file # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty case $build_os in - mingw*) lt_bad_file=conftest.nm/nofile ;; + mingw* | windows*) lt_bad_file=conftest.nm/nofile ;; *) lt_bad_file=/dev/null ;; esac case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in @@ -9184,7 +9456,8 @@ IFS=$lt_save_ifs done : ${lt_cv_path_NM=no} -fi +fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 printf "%s\n" "$lt_cv_path_NM" >&6; } @@ -9205,8 +9478,8 @@ if test ${ac_cv_prog_DUMPBIN+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$DUMPBIN"; then +else case e in #( + e) if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9228,7 +9501,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then @@ -9254,8 +9528,8 @@ if test ${ac_cv_prog_ac_ct_DUMPBIN+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_DUMPBIN"; then +else case e in #( + e) if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9277,7 +9551,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then @@ -9331,8 +9606,8 @@ if test ${lt_cv_nm_interface+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_nm_interface="BSD nm" +else case e in #( + e) lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) @@ -9345,7 +9620,8 @@ if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi - rm -f conftest* + rm -f conftest* ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 printf "%s\n" "$lt_cv_nm_interface" >&6; } @@ -9356,8 +9632,8 @@ if test ${lt_cv_sys_max_cmd_len+y} then : printf %s "(cached) " >&6 -else $as_nop - i=0 +else case e in #( + e) i=0 teststring=ABCD case $build_os in @@ -9369,14 +9645,14 @@ lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; - gnu*) - # Under GNU Hurd, this test is not required because there is - # no limit to the length of command line arguments. + gnu* | ironclad*) + # Under GNU Hurd and Ironclad, this test is not required because there + # is no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; - cygwin* | mingw* | cegcc*) + cygwin* | mingw* | windows* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, @@ -9398,7 +9674,7 @@ lt_cv_sys_max_cmd_len=8192; ;; - bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*) + darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` @@ -9479,7 +9755,8 @@ fi ;; esac - + ;; +esac fi if test -n "$lt_cv_sys_max_cmd_len"; then @@ -9536,11 +9813,11 @@ if test ${lt_cv_to_host_file_cmd+y} then : printf %s "(cached) " >&6 -else $as_nop - case $host in +else case e in #( + e) case $host in *-*-mingw* ) case $build in - *-*-mingw* ) # actually msys + *-*-mingw* | *-*-windows* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) @@ -9553,7 +9830,7 @@ ;; *-*-cygwin* ) case $build in - *-*-mingw* ) # actually msys + *-*-mingw* | *-*-windows* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) @@ -9568,7 +9845,8 @@ lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac - + ;; +esac fi to_host_file_cmd=$lt_cv_to_host_file_cmd @@ -9584,19 +9862,20 @@ if test ${lt_cv_to_tool_file_cmd+y} then : printf %s "(cached) " >&6 -else $as_nop - #assume ordinary cross tools, or native build. +else case e in #( + e) #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in - *-*-mingw* ) + *-*-mingw* | *-*-windows* ) case $build in - *-*-mingw* ) # actually msys + *-*-mingw* | *-*-windows* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac - + ;; +esac fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd @@ -9612,8 +9891,9 @@ if test ${lt_cv_ld_reload_flag+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ld_reload_flag='-r' +else case e in #( + e) lt_cv_ld_reload_flag='-r' ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 printf "%s\n" "$lt_cv_ld_reload_flag" >&6; } @@ -9624,7 +9904,7 @@ esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) if test yes != "$GCC"; then reload_cmds=false fi @@ -9646,16 +9926,15 @@ -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}file", so it can be a program name with args. -set dummy ${ac_tool_prefix}file; ac_word=$2 +# Extract the first word of "file", so it can be a program name with args. +set dummy file; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_FILECMD+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$FILECMD"; then +else case e in #( + e) if test -n "$FILECMD"; then ac_cv_prog_FILECMD="$FILECMD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9669,7 +9948,7 @@ esac for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_FILECMD="${ac_tool_prefix}file" + ac_cv_prog_FILECMD="file" printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi @@ -9677,7 +9956,9 @@ done IFS=$as_save_IFS -fi + test -z "$ac_cv_prog_FILECMD" && ac_cv_prog_FILECMD=":" +fi ;; +esac fi FILECMD=$ac_cv_prog_FILECMD if test -n "$FILECMD"; then @@ -9689,65 +9970,6 @@ fi -fi -if test -z "$ac_cv_prog_FILECMD"; then - ac_ct_FILECMD=$FILECMD - # Extract the first word of "file", so it can be a program name with args. -set dummy file; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_prog_ac_ct_FILECMD+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_FILECMD"; then - ac_cv_prog_ac_ct_FILECMD="$ac_ct_FILECMD" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_FILECMD="file" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_FILECMD=$ac_cv_prog_ac_ct_FILECMD -if test -n "$ac_ct_FILECMD"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_FILECMD" >&5 -printf "%s\n" "$ac_ct_FILECMD" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - if test "x$ac_ct_FILECMD" = x; then - FILECMD=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - FILECMD=$ac_ct_FILECMD - fi -else - FILECMD="$ac_cv_prog_FILECMD" -fi - @@ -9762,8 +9984,8 @@ if test ${ac_cv_prog_OBJDUMP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$OBJDUMP"; then +else case e in #( + e) if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9785,7 +10007,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then @@ -9807,8 +10030,8 @@ if test ${ac_cv_prog_ac_ct_OBJDUMP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_OBJDUMP"; then +else case e in #( + e) if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -9830,7 +10053,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then @@ -9871,8 +10095,8 @@ if test ${lt_cv_deplibs_check_method+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_file_magic_cmd='$MAGIC_CMD' +else case e in #( + e) lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support @@ -9880,7 +10104,6 @@ # 'none' -- dependencies not supported. # 'unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. -# 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # that responds to the $file_magic_cmd with a given extended regex. # If you have 'file' or equivalent on your system and you're not sure @@ -9907,7 +10130,7 @@ lt_cv_file_magic_cmd='func_win32_libid' ;; -mingw* | pw32*) +mingw* | windows* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. @@ -9916,7 +10139,7 @@ lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. - lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64|pe-aarch64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; @@ -9989,6 +10212,10 @@ lt_cv_deplibs_check_method=pass_all ;; +*-mlibc) + lt_cv_deplibs_check_method=pass_all + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' @@ -10007,7 +10234,7 @@ lt_cv_deplibs_check_method=pass_all ;; -openbsd* | bitrig*) +openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else @@ -10023,6 +10250,10 @@ lt_cv_deplibs_check_method=pass_all ;; +serenity*) + lt_cv_deplibs_check_method=pass_all + ;; + solaris*) lt_cv_deplibs_check_method=pass_all ;; @@ -10065,7 +10296,8 @@ lt_cv_deplibs_check_method=pass_all ;; esac - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 printf "%s\n" "$lt_cv_deplibs_check_method" >&6; } @@ -10074,7 +10306,7 @@ want_nocaseglob=no if test "$build" = "$host"; then case $host_os in - mingw* | pw32*) + mingw* | windows* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else @@ -10117,8 +10349,8 @@ if test ${ac_cv_prog_DLLTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$DLLTOOL"; then +else case e in #( + e) if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10140,7 +10372,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then @@ -10162,8 +10395,8 @@ if test ${ac_cv_prog_ac_ct_DLLTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_DLLTOOL"; then +else case e in #( + e) if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10185,7 +10418,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then @@ -10227,11 +10461,11 @@ if test ${lt_cv_sharedlib_from_linklib_cmd+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_sharedlib_from_linklib_cmd='unknown' +else case e in #( + e) lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in -cygwin* | mingw* | pw32* | cegcc*) +cygwin* | mingw* | windows* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh; # decide which one to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in @@ -10248,7 +10482,8 @@ lt_cv_sharedlib_from_linklib_cmd=$ECHO ;; esac - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; } @@ -10262,6 +10497,110 @@ if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_RANLIB+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi ;; +esac +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +printf "%s\n" "$RANLIB" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_RANLIB+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi ;; +esac +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +printf "%s\n" "$ac_ct_RANLIB" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +if test -n "$ac_tool_prefix"; then for ac_prog in ar do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. @@ -10271,8 +10610,8 @@ if test ${ac_cv_prog_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AR"; then +else case e in #( + e) if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10294,7 +10633,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi AR=$ac_cv_prog_AR if test -n "$AR"; then @@ -10320,8 +10660,8 @@ if test ${ac_cv_prog_ac_ct_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_AR"; then +else case e in #( + e) if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10343,7 +10683,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then @@ -10380,7 +10721,7 @@ # Use ARFLAGS variable as AR's operation code to sync the variable naming with # Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have -# higher priority because thats what people were doing historically (setting +# higher priority because that's what people were doing historically (setting # ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS # variable obsoleted/removed. @@ -10405,8 +10746,8 @@ if test ${lt_cv_ar_at_file+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ar_at_file=no +else case e in #( + e) lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -10443,7 +10784,8 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 printf "%s\n" "$lt_cv_ar_at_file" >&6; } @@ -10468,8 +10810,8 @@ if test ${ac_cv_prog_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$STRIP"; then +else case e in #( + e) if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10491,7 +10833,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then @@ -10513,8 +10856,8 @@ if test ${ac_cv_prog_ac_ct_STRIP+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_STRIP"; then +else case e in #( + e) if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -10536,7 +10879,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then @@ -10569,107 +10913,6 @@ -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. -set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_prog_RANLIB+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -RANLIB=$ac_cv_prog_RANLIB -if test -n "$RANLIB"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -printf "%s\n" "$RANLIB" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_RANLIB"; then - ac_ct_RANLIB=$RANLIB - # Extract the first word of "ranlib", so it can be a program name with args. -set dummy ranlib; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_prog_ac_ct_RANLIB+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RANLIB"; then - ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_RANLIB="ranlib" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB -if test -n "$ac_ct_RANLIB"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -printf "%s\n" "$ac_ct_RANLIB" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - if test "x$ac_ct_RANLIB" = x; then - RANLIB=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - RANLIB=$ac_ct_RANLIB - fi -else - RANLIB="$ac_cv_prog_RANLIB" -fi test -z "$RANLIB" && RANLIB=: @@ -10684,15 +10927,8 @@ old_postuninstall_cmds= if test -n "$RANLIB"; then - case $host_os in - bitrig* | openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" - ;; - *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" - ;; - esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in @@ -10756,8 +10992,8 @@ if test ${lt_cv_sys_global_symbol_pipe+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] @@ -10772,7 +11008,7 @@ aix*) symcode='[BCDT]' ;; -cygwin* | mingw* | pw32* | cegcc*) +cygwin* | mingw* | windows* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) @@ -10787,7 +11023,7 @@ symcode='[BCDEGQRST]' ;; solaris*) - symcode='[BDRT]' + symcode='[BCDRT]' ;; sco3.2v5*) symcode='[DT]' @@ -10851,7 +11087,7 @@ # Handle CRLF in mingw tool chain opt_cr= case $build_os in -mingw*) +mingw* | windows*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac @@ -10902,7 +11138,7 @@ #ifdef __cplusplus } #endif -int main(){nm_test_var='a';nm_test_func();return(0);} +int main(void){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 @@ -11009,7 +11245,8 @@ lt_cv_sys_global_symbol_pipe= fi done - + ;; +esac fi if test -z "$lt_cv_sys_global_symbol_pipe"; then @@ -11073,8 +11310,9 @@ if test ${with_sysroot+y} then : withval=$with_sysroot; -else $as_nop - with_sysroot=no +else case e in #( + e) with_sysroot=no ;; +esac fi @@ -11082,7 +11320,9 @@ case $with_sysroot in #( yes) if test yes = "$GCC"; then - lt_sysroot=`$CC --print-sysroot 2>/dev/null` + # Trim trailing / since we'll always append absolute paths and we want + # to avoid //, if only for less confusing output for the user. + lt_sysroot=`$CC --print-sysroot 2>/dev/null | $SED 's:/\+$::'` fi ;; #( /*) @@ -11109,8 +11349,8 @@ if test ${ac_cv_path_lt_DD+y} then : printf %s "(cached) " >&6 -else $as_nop - printf 0123456789abcdef0123456789abcdef >conftest.i +else case e in #( + e) printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i : ${lt_DD:=$DD} if test -z "$lt_DD"; then @@ -11146,7 +11386,8 @@ ac_cv_path_lt_DD=$lt_DD fi -rm -f conftest.i conftest2.i conftest.out +rm -f conftest.i conftest2.i conftest.out ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 printf "%s\n" "$ac_cv_path_lt_DD" >&6; } @@ -11157,8 +11398,8 @@ if test ${lt_cv_truncate_bin+y} then : printf %s "(cached) " >&6 -else $as_nop - printf 0123456789abcdef0123456789abcdef >conftest.i +else case e in #( + e) printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i lt_cv_truncate_bin= if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then @@ -11166,7 +11407,8 @@ && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" fi rm -f conftest.i conftest2.i conftest.out -test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 printf "%s\n" "$lt_cv_truncate_bin" >&6; } @@ -11297,7 +11539,7 @@ ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ -s390*-*linux*|s390*-*tpf*|sparc*-*linux*) +s390*-*linux*|s390*-*tpf*|sparc*-*linux*|x86_64-gnu*) # Find out what ABI is being produced by ac_compile, and set linker # options accordingly. Note that the listed cases only cover the # situations where additional linker options are needed (such as when @@ -11316,7 +11558,7 @@ x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; - x86_64-*linux*) + x86_64-*linux*|x86_64-gnu*) case `$FILECMD conftest.o` in *x86-64*) LD="${LD-ld} -m elf32_x86_64" @@ -11345,7 +11587,7 @@ x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; - x86_64-*linux*) + x86_64-*linux*|x86_64-gnu*) LD="${LD-ld} -m elf_x86_64" ;; powerpcle-*linux*) @@ -11376,8 +11618,8 @@ if test ${lt_cv_cc_needs_belf+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_ext=c +else case e in #( + e) ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' @@ -11397,8 +11639,9 @@ if ac_fn_c_try_link "$LINENO" then : lt_cv_cc_needs_belf=yes -else $as_nop - lt_cv_cc_needs_belf=no +else case e in #( + e) lt_cv_cc_needs_belf=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -11407,7 +11650,8 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 printf "%s\n" "$lt_cv_cc_needs_belf" >&6; } @@ -11465,8 +11709,8 @@ if test ${ac_cv_prog_MANIFEST_TOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$MANIFEST_TOOL"; then +else case e in #( + e) if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11488,7 +11732,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then @@ -11510,8 +11755,8 @@ if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_MANIFEST_TOOL"; then +else case e in #( + e) if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11533,7 +11778,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then @@ -11562,22 +11808,23 @@ test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } -if test ${lt_cv_path_mainfest_tool+y} +if test ${lt_cv_path_manifest_tool+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_path_mainfest_tool=no +else case e in #( + e) lt_cv_path_manifest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&5 if $GREP 'Manifest Tool' conftest.out > /dev/null; then - lt_cv_path_mainfest_tool=yes + lt_cv_path_manifest_tool=yes fi - rm -f conftest* + rm -f conftest* ;; +esac fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 -printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; } -if test yes != "$lt_cv_path_mainfest_tool"; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_manifest_tool" >&5 +printf "%s\n" "$lt_cv_path_manifest_tool" >&6; } +if test yes != "$lt_cv_path_manifest_tool"; then MANIFEST_TOOL=: fi @@ -11596,8 +11843,8 @@ if test ${ac_cv_prog_DSYMUTIL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$DSYMUTIL"; then +else case e in #( + e) if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11619,7 +11866,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then @@ -11641,8 +11889,8 @@ if test ${ac_cv_prog_ac_ct_DSYMUTIL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_DSYMUTIL"; then +else case e in #( + e) if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11664,7 +11912,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then @@ -11698,8 +11947,8 @@ if test ${ac_cv_prog_NMEDIT+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$NMEDIT"; then +else case e in #( + e) if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11721,7 +11970,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then @@ -11743,8 +11993,8 @@ if test ${ac_cv_prog_ac_ct_NMEDIT+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_NMEDIT"; then +else case e in #( + e) if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11766,7 +12016,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then @@ -11800,8 +12051,8 @@ if test ${ac_cv_prog_LIPO+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$LIPO"; then +else case e in #( + e) if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11823,7 +12074,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then @@ -11845,8 +12097,8 @@ if test ${ac_cv_prog_ac_ct_LIPO+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_LIPO"; then +else case e in #( + e) if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11868,7 +12120,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then @@ -11902,8 +12155,8 @@ if test ${ac_cv_prog_OTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$OTOOL"; then +else case e in #( + e) if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11925,7 +12178,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then @@ -11947,8 +12201,8 @@ if test ${ac_cv_prog_ac_ct_OTOOL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_OTOOL"; then +else case e in #( + e) if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -11970,7 +12224,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then @@ -12004,8 +12259,8 @@ if test ${ac_cv_prog_OTOOL64+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$OTOOL64"; then +else case e in #( + e) if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -12027,7 +12282,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then @@ -12049,8 +12305,8 @@ if test ${ac_cv_prog_ac_ct_OTOOL64+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_OTOOL64"; then +else case e in #( + e) if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -12072,7 +12328,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then @@ -12129,8 +12386,8 @@ if test ${lt_cv_apple_cc_single_mod+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_apple_cc_single_mod=no +else case e in #( + e) lt_cv_apple_cc_single_mod=no if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE @@ -12156,18 +12413,58 @@ fi rm -rf libconftest.dylib* rm -f conftest.* - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; } + # Feature test to disable chained fixups since it is not + # compatible with '-undefined dynamic_lookup' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -no_fixup_chains linker flag" >&5 +printf %s "checking for -no_fixup_chains linker flag... " >&6; } +if test ${lt_cv_support_no_fixup_chains+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,-no_fixup_chains" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + lt_cv_support_no_fixup_chains=yes +else case e in #( + e) lt_cv_support_no_fixup_chains=no + ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_support_no_fixup_chains" >&5 +printf "%s\n" "$lt_cv_support_no_fixup_chains" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 printf %s "checking for -exported_symbols_list linker flag... " >&6; } if test ${lt_cv_ld_exported_symbols_list+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ld_exported_symbols_list=no +else case e in #( + e) lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" @@ -12185,13 +12482,15 @@ if ac_fn_c_try_link "$LINENO" then : lt_cv_ld_exported_symbols_list=yes -else $as_nop - lt_cv_ld_exported_symbols_list=no +else case e in #( + e) lt_cv_ld_exported_symbols_list=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; } @@ -12201,8 +12500,8 @@ if test ${lt_cv_ld_force_load+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_ld_force_load=no +else case e in #( + e) lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF @@ -12213,7 +12512,7 @@ echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF -int main() { return 0;} +int main(void) { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err @@ -12227,7 +12526,8 @@ fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 printf "%s\n" "$lt_cv_ld_force_load" >&6; } @@ -12241,13 +12541,32 @@ 10.[012],*|,*powerpc*-darwin[5-8]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; *) - _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' + if test yes = "$lt_cv_support_no_fixup_chains"; then + as_fn_append _lt_dar_allow_undefined ' $wl-no_fixup_chains' + fi + ;; esac ;; esac if test yes = "$lt_cv_apple_cc_single_mod"; then _lt_dar_single_mod='$single_module' fi + _lt_dar_needs_single_mod=no + case $host_os in + rhapsody* | darwin1.*) + _lt_dar_needs_single_mod=yes ;; + darwin*) + # When targeting Mac OS X 10.4 (darwin 8) or later, + # -single_module is the default and -multi_module is unsupported. + # The toolchain on macOS 10.14 (darwin 18) and later cannot + # target any OS version that needs -single_module. + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*-darwin[567].*|10.[0-3],*-darwin[5-9].*|10.[0-3],*-darwin1[0-7].*) + _lt_dar_needs_single_mod=yes ;; + esac + ;; + esac if test yes = "$lt_cv_ld_exported_symbols_list"; then _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' else @@ -12329,8 +12648,9 @@ IFS=$lt_save_ifs ;; esac -else $as_nop - enable_static=no +else case e in #( + e) enable_static=no ;; +esac fi @@ -12340,28 +12660,52 @@ enable_dlopen=yes - -# Check whether --with-pic was given. +# Check whether --enable-pic was given. +if test ${enable_pic+y} +then : + enableval=$enable_pic; lt_p=${PACKAGE-default} + case $enableval in + yes|no) pic_mode=$enableval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else case e in #( + e) # Check whether --with-pic was given. if test ${with_pic+y} then : withval=$with_pic; lt_p=${PACKAGE-default} - case $withval in - yes|no) pic_mode=$withval ;; - *) - pic_mode=default - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for lt_pkg in $withval; do - IFS=$lt_save_ifs - if test "X$lt_pkg" = "X$lt_p"; then - pic_mode=yes - fi - done - IFS=$lt_save_ifs - ;; - esac -else $as_nop - pic_mode=yes + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $withval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else case e in #( + e) pic_mode=yes ;; +esac +fi + + ;; +esac fi @@ -12396,8 +12740,9 @@ IFS=$lt_save_ifs ;; esac -else $as_nop - enable_shared=yes +else case e in #( + e) enable_shared=yes ;; +esac fi @@ -12430,8 +12775,9 @@ IFS=$lt_save_ifs ;; esac -else $as_nop - enable_fast_install=yes +else case e in #( + e) enable_fast_install=yes ;; +esac fi @@ -12446,29 +12792,46 @@ power*-*-aix[5-9]*,yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 printf %s "checking which variant of shared library versioning to provide... " >&6; } - -# Check whether --with-aix-soname was given. + # Check whether --enable-aix-soname was given. +if test ${enable_aix_soname+y} +then : + enableval=$enable_aix_soname; case $enableval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --enable-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$enable_aix_soname +else case e in #( + e) # Check whether --with-aix-soname was given. if test ${with_aix_soname+y} then : withval=$with_aix_soname; case $withval in - aix|svr4|both) - ;; - *) - as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 - ;; - esac - lt_cv_with_aix_soname=$with_aix_soname -else $as_nop - if test ${lt_cv_with_aix_soname+y} + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else case e in #( + e) if test ${lt_cv_with_aix_soname+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_with_aix_soname=aix +else case e in #( + e) lt_cv_with_aix_soname=aix ;; +esac +fi + ;; +esac fi - with_aix_soname=$lt_cv_with_aix_soname + enable_aix_soname=$lt_cv_with_aix_soname ;; +esac fi + with_aix_soname=$enable_aix_soname { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 printf "%s\n" "$with_aix_soname" >&6; } if test aix != "$with_aix_soname"; then @@ -12557,8 +12920,8 @@ if test ${lt_cv_objdir+y} then : printf %s "(cached) " >&6 -else $as_nop - rm -f .libs 2>/dev/null +else case e in #( + e) rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs @@ -12566,7 +12929,8 @@ # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi -rmdir .libs 2>/dev/null +rmdir .libs 2>/dev/null ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 printf "%s\n" "$lt_cv_objdir" >&6; } @@ -12627,8 +12991,8 @@ if test ${lt_cv_path_MAGIC_CMD+y} then : printf %s "(cached) " >&6 -else $as_nop - case $MAGIC_CMD in +else case e in #( + e) case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; @@ -12671,6 +13035,7 @@ IFS=$lt_save_ifs MAGIC_CMD=$lt_save_MAGIC_CMD ;; +esac ;; esac fi @@ -12694,8 +13059,8 @@ if test ${lt_cv_path_MAGIC_CMD+y} then : printf %s "(cached) " >&6 -else $as_nop - case $MAGIC_CMD in +else case e in #( + e) case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. ;; @@ -12738,6 +13103,7 @@ IFS=$lt_save_ifs MAGIC_CMD=$lt_save_MAGIC_CMD ;; +esac ;; esac fi @@ -12781,7 +13147,7 @@ lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests -lt_simple_link_test_code='int main(){return(0);}' +lt_simple_link_test_code='int main(void){return(0);}' @@ -12837,8 +13203,8 @@ if test ${lt_cv_prog_compiler_rtti_exceptions+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_rtti_exceptions=no +else case e in #( + e) lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment @@ -12866,7 +13232,8 @@ fi fi $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; } @@ -12922,7 +13289,7 @@ # PIC is the default for these OSes. ;; - mingw* | cygwin* | pw32* | os2* | cegcc*) + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style @@ -13025,7 +13392,7 @@ esac ;; - mingw* | cygwin* | pw32* | os2* | cegcc*) + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' @@ -13066,6 +13433,12 @@ lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; + *flang* | ftn | f18* | f95*) + # Flang compiler. + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; # flang / f18. f95 an alias for gfortran or flang on Debian flang* | f18* | f95*) lt_prog_compiler_wl='-Wl,' @@ -13154,6 +13527,12 @@ lt_prog_compiler_static='-Bstatic' ;; + *-mlibc) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. @@ -13170,6 +13549,9 @@ lt_prog_compiler_static='-non_shared' ;; + serenity*) + ;; + solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' @@ -13237,8 +13619,9 @@ if test ${lt_cv_prog_compiler_pic+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +else case e in #( + e) lt_cv_prog_compiler_pic=$lt_prog_compiler_pic ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; } @@ -13253,8 +13636,8 @@ if test ${lt_cv_prog_compiler_pic_works+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_pic_works=no +else case e in #( + e) lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment @@ -13282,7 +13665,8 @@ fi fi $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; } @@ -13318,8 +13702,8 @@ if test ${lt_cv_prog_compiler_static_works+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_static_works=no +else case e in #( + e) lt_cv_prog_compiler_static_works=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext @@ -13340,7 +13724,8 @@ fi $RM -r conftest* LDFLAGS=$save_LDFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; } @@ -13362,8 +13747,8 @@ if test ${lt_cv_prog_compiler_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_c_o=no +else case e in #( + e) lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest @@ -13403,7 +13788,8 @@ cd .. $RM -r conftest $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } @@ -13418,8 +13804,8 @@ if test ${lt_cv_prog_compiler_c_o+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler_c_o=no +else case e in #( + e) lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest @@ -13459,7 +13845,8 @@ cd .. $RM -r conftest $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } @@ -13538,7 +13925,7 @@ extract_expsyms_cmds= case $host_os in - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++ or Intel C++ Compiler. @@ -13550,9 +13937,6 @@ # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC) with_gnu_ld=yes ;; - openbsd* | bitrig*) - with_gnu_ld=no - ;; linux* | k*bsd*-gnu | gnu*) link_all_deplibs=no ;; @@ -13656,7 +14040,7 @@ fi ;; - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' @@ -13666,6 +14050,7 @@ enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + file_list_spec='@' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' @@ -13685,7 +14070,7 @@ haiku*) archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' - link_all_deplibs=yes + link_all_deplibs=no ;; os2*) @@ -13712,7 +14097,7 @@ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ emximp -o $lib $output_objdir/$libname.def' - old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes file_list_spec='@' ;; @@ -13812,6 +14197,11 @@ fi ;; + *-mlibc) + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' @@ -14058,8 +14448,8 @@ if test ${lt_cv_aix_libpath_+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -14091,7 +14481,8 @@ if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib fi - + ;; +esac fi aix_libpath=$lt_cv_aix_libpath_ @@ -14113,8 +14504,8 @@ if test ${lt_cv_aix_libpath_+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -14146,7 +14537,8 @@ if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib fi - + ;; +esac fi aix_libpath=$lt_cv_aix_libpath_ @@ -14202,7 +14594,7 @@ export_dynamic_flag_spec=-rdynamic ;; - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++ or Intel C++ Compiler. # hardcode_libdir_flag_spec is actually meaningless, as there is @@ -14219,14 +14611,14 @@ # Tell ltmain to make .dll files, not .so files. shrext_cmds=.dll # FIXME: Setting linknames here is a bad hack. - archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_cmds='$CC -Fe$output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then cp "$export_symbols" "$output_objdir/$soname.def"; echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; else $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; fi~ - $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + $CC -Fe$tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' @@ -14397,8 +14789,8 @@ if test ${lt_cv_prog_compiler__b+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_prog_compiler__b=no +else case e in #( + e) lt_cv_prog_compiler__b=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext @@ -14419,7 +14811,8 @@ fi $RM -r conftest* LDFLAGS=$save_LDFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 printf "%s\n" "$lt_cv_prog_compiler__b" >&6; } @@ -14467,8 +14860,8 @@ if test ${lt_cv_irix_exported_symbol+y} then : printf %s "(cached) " >&6 -else $as_nop - save_LDFLAGS=$LDFLAGS +else case e in #( + e) save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14477,12 +14870,14 @@ if ac_fn_c_try_link "$LINENO" then : lt_cv_irix_exported_symbol=yes -else $as_nop - lt_cv_irix_exported_symbol=no +else case e in #( + e) lt_cv_irix_exported_symbol=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$save_LDFLAGS + LDFLAGS=$save_LDFLAGS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; } @@ -14512,6 +14907,9 @@ esac ;; + *-mlibc) + ;; + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out @@ -14534,7 +14932,7 @@ *nto* | *qnx*) ;; - openbsd* | bitrig*) + openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no @@ -14577,7 +14975,7 @@ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ emximp -o $lib $output_objdir/$libname.def' - old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' enable_shared_with_static_runtimes=yes file_list_spec='@' ;; @@ -14613,6 +15011,9 @@ hardcode_libdir_separator=: ;; + serenity*) + ;; + solaris*) no_undefined_flag=' -z defs' if test yes = "$GCC"; then @@ -14810,8 +15211,8 @@ if test ${lt_cv_archive_cmds_need_lc+y} then : printf %s "(cached) " >&6 -else $as_nop - $RM conftest* +else case e in #( + e) $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 @@ -14847,7 +15248,8 @@ cat conftest.err 1>&5 fi $RM conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; } @@ -15018,7 +15420,7 @@ *) lt_awk_arg='/^libraries:/' ;; esac case $host_os in - mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; + mingw* | windows* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; *) lt_sed_strip_eq='s|=/|/|g' ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` @@ -15076,7 +15478,7 @@ # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in - mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + mingw* | windows* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's|/\([A-Za-z]:\)|\1|g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` @@ -15150,7 +15552,7 @@ # Unfortunately, runtime linking may impact performance, so we do # not want this to be the default eventually. Also, we use the # versioned .so libs for executables only if there is the -brtl - # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # linker flag in LDFLAGS as well, or --enable-aix-soname=svr4 only. # To allow for filename-based versioning support, we need to create # libNAME.so.V as an archive file, containing: # *) an Import File, referring to the versioned filename of the @@ -15244,7 +15646,7 @@ # libtool to hard-code these into programs ;; -cygwin* | mingw* | pw32* | cegcc*) +cygwin* | mingw* | windows* | pw32* | cegcc*) version_type=windows shrext_cmds=.dll need_version=no @@ -15255,15 +15657,29 @@ # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \$file`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname~ - if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then - eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; - fi' + # If user builds GCC with multilib enabled, + # it should just install on $(libdir) + # not on $(libdir)/../bin or 32 bits dlls would override 64 bit ones. + if test xyes = x"$multilib"; then + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + $install_prog $dir/$dlname $destdir/$dlname~ + chmod a+x $destdir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib $destdir/$dlname'\'' || exit \$?; + fi' + else + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + fi postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' @@ -15276,7 +15692,7 @@ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; - mingw* | cegcc*) + mingw* | windows* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' ;; @@ -15295,7 +15711,7 @@ library_names_spec='$libname.dll.lib' case $build_os in - mingw*) + mingw* | windows*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' @@ -15402,7 +15818,28 @@ need_version=yes ;; esac + case $host_cpu in + powerpc64) + # On FreeBSD bi-arch platforms, a different variable is used for 32-bit + # binaries. See . + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int test_pointer_size[sizeof (void *) - 5]; + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : shlibpath_var=LD_LIBRARY_PATH +else case e in #( + e) shlibpath_var=LD_32_LIBRARY_PATH ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + ;; + *) + shlibpath_var=LD_LIBRARY_PATH + ;; + esac case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes @@ -15432,8 +15869,9 @@ soname_spec='$libname$release$shared_ext$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=no - sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' - hardcode_into_libs=yes + sys_lib_search_path_spec='/boot/system/non-packaged/develop/lib /boot/system/develop/lib' + sys_lib_dlsearch_path_spec='/boot/home/config/non-packaged/lib /boot/home/config/lib /boot/system/non-packaged/lib /boot/system/lib' + hardcode_into_libs=no ;; hpux9* | hpux10* | hpux11*) @@ -15543,7 +15981,7 @@ version_type=none # Android doesn't support versioned libraries. need_lib_prefix=no need_version=no - library_names_spec='$libname$release$shared_ext' + library_names_spec='$libname$release$shared_ext $libname$shared_ext' soname_spec='$libname$release$shared_ext' finish_cmds= shlibpath_var=LD_LIBRARY_PATH @@ -15555,8 +15993,9 @@ hardcode_into_libs=yes dynamic_linker='Android linker' - # Don't embed -rpath directories since the linker doesn't support them. - hardcode_libdir_flag_spec='-L$libdir' + # -rpath works at least for libraries that are not overridden by + # libraries installed in system locations. + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ;; # This must be glibc/ELF. @@ -15574,8 +16013,8 @@ if test ${lt_cv_shlibpath_overrides_runpath+y} then : printf %s "(cached) " >&6 -else $as_nop - lt_cv_shlibpath_overrides_runpath=no +else case e in #( + e) lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ @@ -15602,7 +16041,8 @@ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir - + ;; +esac fi shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath @@ -15612,7 +16052,7 @@ # before this can be enabled. hardcode_into_libs=yes - # Ideally, we could use ldconfig to report *all* directores which are + # Ideally, we could use ldconfig to report *all* directories which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, @@ -15636,6 +16076,18 @@ version_type=linux need_lib_prefix=no need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH @@ -15662,6 +16114,18 @@ hardcode_into_libs=yes ;; +*-mlibc) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='mlibc ld.so' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' @@ -15681,7 +16145,7 @@ dynamic_linker='ldqnx.so' ;; -openbsd* | bitrig*) +openbsd*) version_type=sunos sys_lib_dlsearch_path_spec=/usr/lib need_lib_prefix=no @@ -15741,6 +16205,17 @@ dynamic_linker=no ;; +serenity*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + dynamic_linker='SerenityOS LibELF' + ;; + solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no @@ -15838,6 +16313,502 @@ shlibpath_var=LD_LIBRARY_PATH ;; +emscripten*) + version_type=none + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + dynamic_linker="Emscripten linker" + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + + + if test yes = "$GCC"; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + lt_prog_compiler_pic='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + + mingw* | windows* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='$wl-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + # old Intel for x86_64, which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + *flang* | ftn | f18* | f95*) + # Flang compiler. + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | $SED 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *-mlibc) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + serenity*) + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +printf %s "checking for $compiler option to produce PIC... " >&6; } +if test ${lt_cv_prog_compiler_pic+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) lt_cv_prog_compiler_pic=$lt_prog_compiler_pic ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if test ${lt_cv_prog_compiler_pic_works+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_pic_works"; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if test ${lt_cv_prog_compiler_static_works+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) lt_cv_prog_compiler_static_works=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_static_works"; then + : +else + lt_prog_compiler_static= +fi + + + +='-fPIC' + archive_cmds='$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib' + archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -sSIDE_MODULE=2 -shared $libobjs $deplibs $compiler_flags -o $lib -s EXPORTED_FUNCTIONS=@$output_objdir/$soname.expsym' + archive_cmds_need_lc=no + no_undefined_flag= + ;; + *) dynamic_linker=no ;; @@ -16022,7 +16993,7 @@ lt_cv_dlopen_self=yes ;; - mingw* | pw32* | cegcc*) + mingw* | windows* | pw32* | cegcc*) lt_cv_dlopen=LoadLibrary lt_cv_dlopen_libs= ;; @@ -16039,16 +17010,22 @@ if test ${ac_cv_lib_dl_dlopen+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dlopen (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (void); int main (void) { @@ -16060,24 +17037,27 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dl_dlopen=yes -else $as_nop - ac_cv_lib_dl_dlopen=no +else case e in #( + e) ac_cv_lib_dl_dlopen=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else $as_nop - +else case e in #( + e) lt_cv_dlopen=dyld lt_cv_dlopen_libs= lt_cv_dlopen_self=yes - + ;; +esac fi ;; @@ -16095,22 +17075,28 @@ if test "x$ac_cv_func_shl_load" = xyes then : lt_cv_dlopen=shl_load -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 printf %s "checking for shl_load in -ldld... " >&6; } if test ${ac_cv_lib_dld_shl_load+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char shl_load (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (void); int main (void) { @@ -16122,39 +17108,47 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_shl_load=yes -else $as_nop - ac_cv_lib_dld_shl_load=no +else case e in #( + e) ac_cv_lib_dld_shl_load=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes then : lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld -else $as_nop - ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +else case e in #( + e) ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes then : lt_cv_dlopen=dlopen -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 printf %s "checking for dlopen in -ldl... " >&6; } if test ${ac_cv_lib_dl_dlopen+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dlopen (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (void); int main (void) { @@ -16166,34 +17160,42 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dl_dlopen=yes -else $as_nop - ac_cv_lib_dl_dlopen=no +else case e in #( + e) ac_cv_lib_dl_dlopen=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 printf %s "checking for dlopen in -lsvld... " >&6; } if test ${ac_cv_lib_svld_dlopen+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dlopen (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (void); int main (void) { @@ -16205,34 +17207,42 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_svld_dlopen=yes -else $as_nop - ac_cv_lib_svld_dlopen=no +else case e in #( + e) ac_cv_lib_svld_dlopen=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 printf %s "checking for dld_link in -ldld... " >&6; } if test ${ac_cv_lib_dld_dld_link+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char dld_link (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (void); int main (void) { @@ -16244,12 +17254,14 @@ if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_dld_link=yes -else $as_nop - ac_cv_lib_dld_dld_link=no +else case e in #( + e) ac_cv_lib_dld_dld_link=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; } @@ -16258,19 +17270,24 @@ lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld fi - + ;; +esac fi - + ;; +esac fi - + ;; +esac fi - + ;; +esac fi - + ;; +esac fi ;; @@ -16298,8 +17315,8 @@ if test ${lt_cv_dlopen_self+y} then : printf %s "(cached) " >&6 -else $as_nop - if test yes = "$cross_compiling"; then : +else case e in #( + e) if test yes = "$cross_compiling"; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -16349,11 +17366,11 @@ /* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) -int fnord () __attribute__((visibility("default"))); +int fnord (void) __attribute__((visibility("default"))); #endif -int fnord () { return 42; } -int main () +int fnord (void) { return 42; } +int main (void) { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; @@ -16393,7 +17410,8 @@ fi rm -fr conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 printf "%s\n" "$lt_cv_dlopen_self" >&6; } @@ -16405,8 +17423,8 @@ if test ${lt_cv_dlopen_self_static+y} then : printf %s "(cached) " >&6 -else $as_nop - if test yes = "$cross_compiling"; then : +else case e in #( + e) if test yes = "$cross_compiling"; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 @@ -16456,11 +17474,11 @@ /* When -fvisibility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) -int fnord () __attribute__((visibility("default"))); +int fnord (void) __attribute__((visibility("default"))); #endif -int fnord () { return 42; } -int main () +int fnord (void) { return 42; } +int main (void) { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; @@ -16500,7 +17518,8 @@ fi rm -fr conftest* - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 printf "%s\n" "$lt_cv_dlopen_self_static" >&6; } @@ -16696,8 +17715,8 @@ if test ${ax_cv_check_cflags___fno_strict_aliasing+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fno-strict-aliasing" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -16714,19 +17733,22 @@ if ac_fn_c_try_compile "$LINENO" then : ax_cv_check_cflags___fno_strict_aliasing=yes -else $as_nop - ax_cv_check_cflags___fno_strict_aliasing=no +else case e in #( + e) ax_cv_check_cflags___fno_strict_aliasing=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - CFLAGS=$ax_check_save_flags + CFLAGS=$ax_check_save_flags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_strict_aliasing" >&5 printf "%s\n" "$ax_cv_check_cflags___fno_strict_aliasing" >&6; } if test "x$ax_cv_check_cflags___fno_strict_aliasing" = xyes then : STD_CFLAGS="$STD_CFLAGS -fno-strict-aliasing" -else $as_nop - : +else case e in #( + e) : ;; +esac fi # Clang only issues a warning so use -Werror to force a error. @@ -16735,8 +17757,8 @@ if test ${ax_cv_check_cflags___Werror__fno_delete_null_pointer_checks+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -Werror -fno-delete-null-pointer-checks" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -16753,19 +17775,22 @@ if ac_fn_c_try_compile "$LINENO" then : ax_cv_check_cflags___Werror__fno_delete_null_pointer_checks=yes -else $as_nop - ax_cv_check_cflags___Werror__fno_delete_null_pointer_checks=no +else case e in #( + e) ax_cv_check_cflags___Werror__fno_delete_null_pointer_checks=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - CFLAGS=$ax_check_save_flags + CFLAGS=$ax_check_save_flags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___Werror__fno_delete_null_pointer_checks" >&5 printf "%s\n" "$ax_cv_check_cflags___Werror__fno_delete_null_pointer_checks" >&6; } if test "x$ax_cv_check_cflags___Werror__fno_delete_null_pointer_checks" = xyes then : STD_CFLAGS="$STD_CFLAGS -fno-delete-null-pointer-checks" -else $as_nop - : +else case e in #( + e) : ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fdiagnostics-show-option" >&5 @@ -16773,8 +17798,8 @@ if test ${ax_cv_check_cflags___fdiagnostics_show_option+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS -fdiagnostics-show-option" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -16791,19 +17816,22 @@ if ac_fn_c_try_compile "$LINENO" then : ax_cv_check_cflags___fdiagnostics_show_option=yes -else $as_nop - ax_cv_check_cflags___fdiagnostics_show_option=no +else case e in #( + e) ax_cv_check_cflags___fdiagnostics_show_option=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - CFLAGS=$ax_check_save_flags + CFLAGS=$ax_check_save_flags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fdiagnostics_show_option" >&5 printf "%s\n" "$ax_cv_check_cflags___fdiagnostics_show_option" >&6; } if test "x$ax_cv_check_cflags___fdiagnostics_show_option" = xyes then : STD_CFLAGS="$STD_CFLAGS -fdiagnostics-show-option" -else $as_nop - : +else case e in #( + e) : ;; +esac fi @@ -16812,8 +17840,8 @@ if test ${ax_cv_check_ldflags___Wl___export_dynamic+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,--export-dynamic" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -16830,20 +17858,23 @@ if ac_fn_c_try_link "$LINENO" then : ax_cv_check_ldflags___Wl___export_dynamic=yes -else $as_nop - ax_cv_check_ldflags___Wl___export_dynamic=no +else case e in #( + e) ax_cv_check_ldflags___Wl___export_dynamic=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$ax_check_save_flags + LDFLAGS=$ax_check_save_flags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl___export_dynamic" >&5 printf "%s\n" "$ax_cv_check_ldflags___Wl___export_dynamic" >&6; } if test "x$ax_cv_check_ldflags___Wl___export_dynamic" = xyes then : STD_LDFLAGS="$STD_LDFLAGS -Wl,--export-dynamic" -else $as_nop - : +else case e in #( + e) : ;; +esac fi @@ -16898,8 +17929,9 @@ if test ${enable_warn_error+y} then : enableval=$enable_warn_error; -else $as_nop - enable_warn_error=no +else case e in #( + e) enable_warn_error=no ;; +esac fi if test "$enable_warn_error" = "yes" @@ -16927,8 +17959,8 @@ if test ${ac_cv_path_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - case $PKG_CONFIG in +else case e in #( + e) case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; @@ -16953,6 +17985,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG @@ -16975,8 +18008,8 @@ if test ${ac_cv_path_ac_pt_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - case $ac_pt_PKG_CONFIG in +else case e in #( + e) case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; @@ -17001,6 +18034,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG @@ -17054,8 +18088,9 @@ if test ${enable_fuzzing+y} then : enableval=$enable_fuzzing; -else $as_nop - enable_fuzzing=no +else case e in #( + e) enable_fuzzing=no ;; +esac fi @@ -17125,8 +18160,9 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - as_fn_error $? "set CC=afl- when --enable-fuzzing=afl is used" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "set CC=afl- when --enable-fuzzing=afl is used" "$LINENO" 5 ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -17144,8 +18180,8 @@ if test ${ac_cv_path_PERL+y} then : printf %s "(cached) " >&6 -else $as_nop - case $PERL in +else case e in #( + e) case $PERL in [\\/]* | ?:[\\/]*) ac_cv_path_PERL="$PERL" # Let the user override the test with a path. ;; @@ -17170,6 +18206,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi PERL=$ac_cv_path_PERL @@ -17225,10 +18262,11 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - as_fn_error $? "Python interpreter is too old" "$LINENO" 5 + as_fn_error $? "Python interpreter is too old" "$LINENO" 5 ;; +esac fi am_display_PYTHON=$PYTHON else @@ -17239,9 +18277,9 @@ if test ${am_cv_pathless_PYTHON+y} then : printf %s "(cached) " >&6 -else $as_nop - - for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do +else case e in #( + e) + for am_cv_pathless_PYTHON in python python3 python3.20 python3.19 python3.18 python3.17 python3.16 python3.15 python3.14 python3.13 python3.12 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do test "$am_cv_pathless_PYTHON" = none && break prog="import sys # split strings by '.' and convert to numeric. Append some zeros @@ -17260,7 +18298,8 @@ then : break fi - done + done ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 printf "%s\n" "$am_cv_pathless_PYTHON" >&6; } @@ -17275,8 +18314,8 @@ if test ${ac_cv_path_PYTHON+y} then : printf %s "(cached) " >&6 -else $as_nop - case $PYTHON in +else case e in #( + e) case $PYTHON in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. ;; @@ -17301,6 +18340,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi PYTHON=$ac_cv_path_PYTHON @@ -17327,8 +18367,9 @@ if test ${am_cv_python_version+y} then : printf %s "(cached) " >&6 -else $as_nop - am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"` +else case e in #( + e) am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"` ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 printf "%s\n" "$am_cv_python_version" >&6; } @@ -17340,8 +18381,9 @@ if test ${am_cv_python_platform+y} then : printf %s "(cached) " >&6 -else $as_nop - am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` +else case e in #( + e) am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 printf "%s\n" "$am_cv_python_platform" >&6; } @@ -17361,8 +18403,9 @@ if test ${with_python_sys_prefix+y} then : withval=$with_python_sys_prefix; am_use_python_sys=: -else $as_nop - am_use_python_sys=false +else case e in #( + e) am_use_python_sys=false ;; +esac fi @@ -17377,8 +18420,8 @@ printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5 printf "%s\n" "$am_cv_python_prefix" >&6; } -else $as_nop - +else case e in #( + e) if $am_use_python_sys; then # using python sys.prefix value, not GNU { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5 @@ -17386,8 +18429,9 @@ if test ${am_cv_python_prefix+y} then : printf %s "(cached) " >&6 -else $as_nop - am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"` +else case e in #( + e) am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"` ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5 printf "%s\n" "$am_cv_python_prefix" >&6; } @@ -17408,7 +18452,8 @@ printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5 printf "%s\n" "$am_python_prefix" >&6; } - fi + fi ;; +esac fi # Substituting python_prefix_subst value. @@ -17427,8 +18472,8 @@ printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5 printf "%s\n" "$am_cv_python_exec_prefix" >&6; } -else $as_nop - +else case e in #( + e) # no explicit --with-python_exec_prefix, but if # --with-python_prefix was given, use its value for python_exec_prefix too. if test -n "$with_python_prefix" @@ -17439,8 +18484,8 @@ printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5 printf "%s\n" "$am_cv_python_exec_prefix" >&6; } -else $as_nop - +else case e in #( + e) # Set am__usable_exec_prefix whether using GNU or Python values, # since we use that variable for pyexecdir. if test "x$exec_prefix" = xNONE; then @@ -17455,8 +18500,9 @@ if test ${am_cv_python_exec_prefix+y} then : printf %s "(cached) " >&6 -else $as_nop - am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"` +else case e in #( + e) am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"` ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5 printf "%s\n" "$am_cv_python_exec_prefix" >&6; } @@ -17476,8 +18522,10 @@ printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5 printf "%s\n" "$am_python_exec_prefix" >&6; } - fi -fi + fi ;; +esac +fi ;; +esac fi # Substituting python_exec_prefix_subst. @@ -17502,7 +18550,21 @@ if python_implementation() == 'CPython' and sys.version[:3] == '2.7': can_use_sysconfig = 0 except ImportError: - pass" + pass" # end of am_python_setup_sysconfig + + # More repeated code, for figuring out the installation scheme to use. + am_python_setup_scheme="if hasattr(sysconfig, 'get_default_scheme'): + scheme = sysconfig.get_default_scheme() + else: + scheme = sysconfig._get_default_scheme() + if scheme == 'posix_local': + if '$am_py_prefix' == '/usr': + scheme = 'deb_system' # should only happen during Debian package builds + else: + # Debian's default scheme installs to /usr/local/ but we want to + # follow the prefix, as we always have. + # See bugs#54412, #64837, et al. + scheme = 'posix_prefix'" # end of am_python_setup_scheme { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5 @@ -17510,8 +18572,8 @@ if test ${am_cv_python_pythondir+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "x$am_cv_python_prefix" = x; then +else case e in #( + e) if test "x$am_cv_python_prefix" = x; then am_py_prefix=$am__usable_prefix else am_py_prefix=$am_cv_python_prefix @@ -17519,14 +18581,11 @@ am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: - if hasattr(sysconfig, 'get_default_scheme'): - scheme = sysconfig.get_default_scheme() - else: - scheme = sysconfig._get_default_scheme() - if scheme == 'posix_local': - # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ - scheme = 'posix_prefix' - sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'}) + try: + $am_python_setup_scheme + sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'}) + except: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') @@ -17545,7 +18604,8 @@ esac ;; esac - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 printf "%s\n" "$am_cv_python_pythondir" >&6; } @@ -17555,13 +18615,13 @@ pkgpythondir=\${pythondir}/$PACKAGE - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5 printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; } if test ${am_cv_python_pyexecdir+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "x$am_cv_python_exec_prefix" = x; then +else case e in #( + e) if test "x$am_cv_python_exec_prefix" = x; then am_py_exec_prefix=$am__usable_exec_prefix else am_py_exec_prefix=$am_cv_python_exec_prefix @@ -17569,14 +18629,11 @@ am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: - if hasattr(sysconfig, 'get_default_scheme'): - scheme = sysconfig.get_default_scheme() - else: - scheme = sysconfig._get_default_scheme() - if scheme == 'posix_local': - # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/ - scheme = 'posix_prefix' - sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'}) + try: + $am_python_setup_scheme + sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'}) + except: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_exec_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix') @@ -17595,7 +18652,8 @@ esac ;; esac - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 printf "%s\n" "$am_cv_python_pyexecdir" >&6; } @@ -17626,8 +18684,8 @@ if test ${ac_cv_path_PYTEST+y} then : printf %s "(cached) " >&6 -else $as_nop - case $PYTEST in +else case e in #( + e) case $PYTEST in [\\/]* | ?:[\\/]*) ac_cv_path_PYTEST="$PYTEST" # Let the user override the test with a path. ;; @@ -17652,6 +18710,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi PYTEST=$ac_cv_path_PYTEST @@ -17692,8 +18751,8 @@ if test ${ac_cv_path_XSLTPROC+y} then : printf %s "(cached) " >&6 -else $as_nop - case $XSLTPROC in +else case e in #( + e) case $XSLTPROC in [\\/]* | ?:[\\/]*) ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path. ;; @@ -17718,6 +18777,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi XSLTPROC=$ac_cv_path_XSLTPROC @@ -17948,8 +19008,8 @@ if test ${ac_cv_tls+y} then : printf %s "(cached) " >&6 -else $as_nop - for ax_tls_keyword in thread_local _Thread_local __thread '__declspec(thread)' none; do +else case e in #( + e) for ax_tls_keyword in thread_local _Thread_local __thread '__declspec(thread)' none; do case $ax_tls_keyword in #( none) : ac_cv_tls=none ; break ;; #( @@ -17969,15 +19029,17 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_tls=$ax_tls_keyword ; break -else $as_nop - ac_cv_tls=none - +else case e in #( + e) ac_cv_tls=none + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; esac done - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_tls" >&5 @@ -17994,8 +19056,9 @@ printf "%s\n" "#define thread_local $ac_cv_tls" >>confdefs.h fi -else $as_nop - as_fn_error $? "Thread Local Storage support required, update your toolchain to build BIND 9" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "Thread Local Storage support required, update your toolchain to build BIND 9" "$LINENO" 5 ;; +esac fi @@ -18004,8 +19067,8 @@ if test ${ac_cv_c_const+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -18069,10 +19132,12 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_const=yes -else $as_nop - ac_cv_c_const=no +else case e in #( + e) ac_cv_c_const=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 printf "%s\n" "$ac_cv_c_const" >&6; } @@ -18087,8 +19152,8 @@ if test ${ac_cv_c_inline+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_c_inline=no +else case e in #( + e) ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18106,7 +19171,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext test "$ac_cv_c_inline" != no && break done - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 printf "%s\n" "$ac_cv_c_inline" >&6; } @@ -18131,8 +19197,8 @@ if test ${ac_cv_c_volatile+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -18149,10 +19215,12 @@ if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_volatile=yes -else $as_nop - ac_cv_c_volatile=no +else case e in #( + e) ac_cv_c_volatile=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5 printf "%s\n" "$ac_cv_c_volatile" >&6; } @@ -18188,9 +19256,10 @@ printf "%s\n" "#define HAVE_ARM_YIELD 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; #( *) : @@ -18222,9 +19291,10 @@ printf "%s\n" "#define HAVE_SPARC_PAUSE 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; #( *) : @@ -18273,20 +19343,22 @@ if test "x$ac_cv_type_size_t" = xyes then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define size_t unsigned int" >>confdefs.h - + ;; +esac fi ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" if test "x$ac_cv_type_ssize_t" = xyes then : -else $as_nop - +else case e in #( + e) printf "%s\n" "#define ssize_t int" >>confdefs.h - + ;; +esac fi @@ -18296,8 +19368,8 @@ printf "%s\n" "#define HAVE_UINTPTR_T 1" >>confdefs.h -else $as_nop - for ac_type in 'unsigned int' 'unsigned long int' \ +else case e in #( + e) for ac_type in 'unsigned int' 'unsigned long int' \ 'unsigned long long int'; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18322,7 +19394,8 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext test -z "$ac_type" && break - done + done ;; +esac fi @@ -18358,12 +19431,13 @@ printf "%s\n" "#define HAVE_UNAME 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: uname is not correctly supported" >&5 printf "%s\n" "$as_me: WARNING: uname is not correctly supported" >&2;} - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -18378,8 +19452,8 @@ if test ${ax_cv_have_func_attribute_noreturn+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18400,15 +19474,18 @@ if grep -- -Wattributes conftest.err then : ax_cv_have_func_attribute_noreturn=no -else $as_nop - ax_cv_have_func_attribute_noreturn=yes +else case e in #( + e) ax_cv_have_func_attribute_noreturn=yes ;; +esac fi -else $as_nop - ax_cv_have_func_attribute_noreturn=no +else case e in #( + e) ax_cv_have_func_attribute_noreturn=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_have_func_attribute_noreturn" >&5 printf "%s\n" "$ax_cv_have_func_attribute_noreturn" >&6; } @@ -18434,8 +19511,8 @@ if test ${ax_cv_have_func_attribute_malloc+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18456,15 +19533,18 @@ if grep -- -Wattributes conftest.err then : ax_cv_have_func_attribute_malloc=no -else $as_nop - ax_cv_have_func_attribute_malloc=yes +else case e in #( + e) ax_cv_have_func_attribute_malloc=yes ;; +esac fi -else $as_nop - ax_cv_have_func_attribute_malloc=no +else case e in #( + e) ax_cv_have_func_attribute_malloc=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_have_func_attribute_malloc" >&5 printf "%s\n" "$ax_cv_have_func_attribute_malloc" >&6; } @@ -18508,9 +19588,10 @@ printf "%s\n" "#define HAVE_MALLOC_EXT_ATTR 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -18525,8 +19606,8 @@ if test ${ax_cv_have_func_attribute_returns_nonnull+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18547,15 +19628,18 @@ if grep -- -Wattributes conftest.err then : ax_cv_have_func_attribute_returns_nonnull=no -else $as_nop - ax_cv_have_func_attribute_returns_nonnull=yes +else case e in #( + e) ax_cv_have_func_attribute_returns_nonnull=yes ;; +esac fi -else $as_nop - ax_cv_have_func_attribute_returns_nonnull=no +else case e in #( + e) ax_cv_have_func_attribute_returns_nonnull=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_have_func_attribute_returns_nonnull" >&5 printf "%s\n" "$ax_cv_have_func_attribute_returns_nonnull" >&6; } @@ -18580,8 +19664,9 @@ if test ${enable_geoip+y} then : enableval=$enable_geoip; -else $as_nop - enable_geoip="yes" +else case e in #( + e) enable_geoip="yes" ;; +esac fi @@ -18591,8 +19676,9 @@ if test ${with_maxminddb+y} then : withval=$with_maxminddb; -else $as_nop - with_maxminddb="auto" +else case e in #( + e) with_maxminddb="auto" ;; +esac fi @@ -18773,8 +19859,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -18784,7 +19870,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else MAXMINDDB_CFLAGS=$pkg_cv_MAXMINDDB_CFLAGS MAXMINDDB_LIBS=$pkg_cv_MAXMINDDB_LIBS @@ -18900,15 +19986,21 @@ if test ${ac_cv_search_MMDB_open+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char MMDB_open (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char MMDB_open (void); int main (void) { @@ -18939,11 +20031,13 @@ if test ${ac_cv_search_MMDB_open+y} then : -else $as_nop - ac_cv_search_MMDB_open=no +else case e in #( + e) ac_cv_search_MMDB_open=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_MMDB_open" >&5 printf "%s\n" "$ac_cv_search_MMDB_open" >&6; } @@ -18959,8 +20053,9 @@ printf "%s\n" "$as_me: GeoIP2 default database path set to $with_maxminddb/share/GeoIP" >&6;} MAXMINDDB_PREFIX=$with_maxminddb -else $as_nop - as_fn_error $? "GeoIP2 requested, but libmaxminddb not found" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "GeoIP2 requested, but libmaxminddb not found" "$LINENO" 5 ;; +esac fi @@ -19035,6 +20130,140 @@ +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep -e" >&5 +printf %s "checking for egrep -e... " >&6; } +if test ${ac_cv_path_EGREP_TRADITIONAL+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) if test -z "$EGREP_TRADITIONAL"; then + ac_path_EGREP_TRADITIONAL_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in grep ggrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue +# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. + # Check for GNU $ac_path_EGREP_TRADITIONAL +case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( +*GNU*) + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; +#( +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" + "$ac_path_EGREP_TRADITIONAL" -E 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" + ac_path_EGREP_TRADITIONAL_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_TRADITIONAL_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then + : + fi +else + ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL +fi + + if test "$ac_cv_path_EGREP_TRADITIONAL" +then : + ac_cv_path_EGREP_TRADITIONAL="$ac_cv_path_EGREP_TRADITIONAL -E" +else case e in #( + e) if test -z "$EGREP_TRADITIONAL"; then + ac_path_EGREP_TRADITIONAL_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in egrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue +# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. + # Check for GNU $ac_path_EGREP_TRADITIONAL +case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( +*GNU*) + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; +#( +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" + "$ac_path_EGREP_TRADITIONAL" 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" + ac_path_EGREP_TRADITIONAL_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_TRADITIONAL_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL +fi + ;; +esac +fi ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP_TRADITIONAL" >&5 +printf "%s\n" "$ac_cv_path_EGREP_TRADITIONAL" >&6; } + EGREP_TRADITIONAL=$ac_cv_path_EGREP_TRADITIONAL + @@ -19075,8 +20304,14 @@ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_join (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_join (void); int main (void) { @@ -19170,7 +20405,7 @@ _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1 + $EGREP_TRADITIONAL "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1 then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5 printf "%s\n" "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;} @@ -19200,8 +20435,8 @@ if test ${ax_cv_PTHREAD_CLANG+y} then : printf %s "(cached) " >&6 -else $as_nop - ax_cv_PTHREAD_CLANG=no +else case e in #( + e) ax_cv_PTHREAD_CLANG=no # Note that Autoconf sets GCC=yes for Clang as well as GCC if test "x$GCC" = "xyes"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -19213,14 +20448,15 @@ _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1 + $EGREP_TRADITIONAL "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1 then : ax_cv_PTHREAD_CLANG=yes fi rm -rf conftest* fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5 printf "%s\n" "$ax_cv_PTHREAD_CLANG" >&6; } @@ -19270,8 +20506,9 @@ if test "x$ax_pthread_check_macro" = "x--" then : ax_pthread_check_cond=0 -else $as_nop - ax_pthread_check_cond="!defined($ax_pthread_check_macro)" +else case e in #( + e) ax_pthread_check_cond="!defined($ax_pthread_check_macro)" ;; +esac fi @@ -19305,8 +20542,8 @@ if test ${ac_cv_prog_ax_pthread_config+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ax_pthread_config"; then +else case e in #( + e) if test -n "$ax_pthread_config"; then ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -19329,7 +20566,8 @@ IFS=$as_save_IFS test -z "$ac_cv_prog_ax_pthread_config" && ac_cv_prog_ax_pthread_config="no" -fi +fi ;; +esac fi ax_pthread_config=$ac_cv_prog_ax_pthread_config if test -n "$ax_pthread_config"; then @@ -19462,8 +20700,8 @@ if test ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+y} then : printf %s "(cached) " >&6 -else $as_nop - ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown +else case e in #( + e) ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown # Create an alternate version of $ac_link that compiles and # links in two steps (.c -> .o, .o -> exe) instead of one # (.c -> exe), because the warning occurs only in the second @@ -19509,7 +20747,8 @@ ax_pthread_try=no fi ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5 printf "%s\n" "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; } @@ -19536,8 +20775,8 @@ if test ${ax_cv_PTHREAD_JOINABLE_ATTR+y} then : printf %s "(cached) " >&6 -else $as_nop - ax_cv_PTHREAD_JOINABLE_ATTR=unknown +else case e in #( + e) ax_cv_PTHREAD_JOINABLE_ATTR=unknown for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -19557,7 +20796,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext done - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5 printf "%s\n" "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; } @@ -19577,14 +20817,15 @@ if test ${ax_cv_PTHREAD_SPECIAL_FLAGS+y} then : printf %s "(cached) " >&6 -else $as_nop - ax_cv_PTHREAD_SPECIAL_FLAGS=no +else case e in #( + e) ax_cv_PTHREAD_SPECIAL_FLAGS=no case $target_os in solaris*) ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS" ;; esac - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5 printf "%s\n" "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; } @@ -19600,8 +20841,8 @@ if test ${ax_cv_PTHREAD_PRIO_INHERIT+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -19616,12 +20857,14 @@ if ac_fn_c_try_link "$LINENO" then : ax_cv_PTHREAD_PRIO_INHERIT=yes -else $as_nop - ax_cv_PTHREAD_PRIO_INHERIT=no +else case e in #( + e) ax_cv_PTHREAD_PRIO_INHERIT=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 printf "%s\n" "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } @@ -19671,8 +20914,8 @@ if test ${ac_cv_prog_PTHREAD_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$PTHREAD_CC"; then +else case e in #( + e) if test -n "$PTHREAD_CC"; then ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -19694,7 +20937,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi PTHREAD_CC=$ac_cv_prog_PTHREAD_CC if test -n "$PTHREAD_CC"; then @@ -19721,8 +20965,8 @@ if test ${ac_cv_prog_PTHREAD_CXX+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$PTHREAD_CXX"; then +else case e in #( + e) if test -n "$PTHREAD_CXX"; then ac_cv_prog_PTHREAD_CXX="$PTHREAD_CXX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -19744,7 +20988,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi PTHREAD_CXX=$ac_cv_prog_PTHREAD_CXX if test -n "$PTHREAD_CXX"; then @@ -19829,8 +21074,9 @@ if test ${with_locktype+y} then : withval=$with_locktype; -else $as_nop - with_locktype="adaptive" +else case e in #( + e) with_locktype="adaptive" ;; +esac fi @@ -19865,10 +21111,11 @@ printf "%s\n" "#define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: using standard lock type" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: using standard lock type" >&5 printf "%s\n" "using standard lock type" >&6; } - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; #( standard) : @@ -19892,15 +21139,21 @@ if test ${ac_cv_search_sched_yield+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char sched_yield (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char sched_yield (void); int main (void) { @@ -19931,11 +21184,13 @@ if test ${ac_cv_search_sched_yield+y} then : -else $as_nop - ac_cv_search_sched_yield=no +else case e in #( + e) ac_cv_search_sched_yield=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sched_yield" >&5 printf "%s\n" "$ac_cv_search_sched_yield" >&6; } @@ -20281,8 +21536,8 @@ if test ${ac_cv_c_undeclared_builtin_options+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_CFLAGS=$CFLAGS +else case e in #( + e) ac_save_CFLAGS=$CFLAGS ac_cv_c_undeclared_builtin_options='cannot detect' for ac_arg in '' -fno-builtin; do CFLAGS="$ac_save_CFLAGS $ac_arg" @@ -20301,8 +21556,8 @@ if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - # This test program should compile successfully. +else case e in #( + e) # This test program should compile successfully. # No library function is consistently available on # freestanding implementations, so test against a dummy # declaration. Include always-available headers on the @@ -20330,26 +21585,29 @@ if test x"$ac_arg" = x then : ac_cv_c_undeclared_builtin_options='none needed' -else $as_nop - ac_cv_c_undeclared_builtin_options=$ac_arg +else case e in #( + e) ac_cv_c_undeclared_builtin_options=$ac_arg ;; +esac fi break fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done CFLAGS=$ac_save_CFLAGS - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5 printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; } case $ac_cv_c_undeclared_builtin_options in #( 'cannot detect') : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot make $CC report undeclared builtins -See \`config.log' for more details" "$LINENO" 5; } ;; #( +See 'config.log' for more details" "$LINENO" 5; } ;; #( 'none needed') : ac_c_undeclared_builtin_options='' ;; #( *) : @@ -20361,8 +21619,9 @@ if test "x$ac_cv_have_decl_UV_UDP_MMSG_FREE" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_UV_UDP_MMSG_FREE $ac_have_decl" >>confdefs.h ac_fn_check_decl "$LINENO" "UV_UDP_MMSG_CHUNK" "ac_cv_have_decl_UV_UDP_MMSG_CHUNK" "#include @@ -20370,8 +21629,9 @@ if test "x$ac_cv_have_decl_UV_UDP_MMSG_CHUNK" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_UV_UDP_MMSG_CHUNK $ac_have_decl" >>confdefs.h @@ -20395,19 +21655,21 @@ printf "%s\n" "#define HAVE_DECL_UV_UDP_RECVMMSG 0" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } ac_fn_check_decl "$LINENO" "UV_UDP_RECVMMSG" "ac_cv_have_decl_UV_UDP_RECVMMSG" "#include " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_UV_UDP_RECVMMSG" = xyes then : ac_have_decl=1 -else $as_nop - ac_have_decl=0 +else case e in #( + e) ac_have_decl=0 ;; +esac fi printf "%s\n" "#define HAVE_DECL_UV_UDP_RECVMMSG $ac_have_decl" >>confdefs.h - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -20470,8 +21732,9 @@ if test ${enable_doh+y} then : enableval=$enable_doh; -else $as_nop - enable_doh=yes +else case e in #( + e) enable_doh=yes ;; +esac fi @@ -20481,8 +21744,9 @@ if test ${with_libnghttp2+y} then : withval=$with_libnghttp2; -else $as_nop - with_libnghttp2="auto" +else case e in #( + e) with_libnghttp2="auto" ;; +esac fi @@ -20647,8 +21911,9 @@ if test ${enable_pthread_rwlock+y} then : enableval=$enable_pthread_rwlock; -else $as_nop - enable_pthread_rwlock=no +else case e in #( + e) enable_pthread_rwlock=no ;; +esac fi @@ -20662,8 +21927,9 @@ then : printf "%s\n" "#define HAVE_PTHREAD_RWLOCK_RDLOCK 1" >>confdefs.h -else $as_nop - as_fn_error $? "pthread_rwlock_rdlock requested but not found" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "pthread_rwlock_rdlock requested but not found" "$LINENO" 5 ;; +esac fi done @@ -20752,8 +22018,8 @@ ;; esac -else $as_nop - +else case e in #( + e) # if pkg-config is installed and openssl has installed a .pc file, # then use that information and don't search ssldirs if test -n "$ac_tool_prefix"; then @@ -20764,8 +22030,8 @@ if test ${ac_cv_prog_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$PKG_CONFIG"; then +else case e in #( + e) if test -n "$PKG_CONFIG"; then ac_cv_prog_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -20787,7 +22053,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi PKG_CONFIG=$ac_cv_prog_PKG_CONFIG if test -n "$PKG_CONFIG"; then @@ -20809,8 +22076,8 @@ if test ${ac_cv_prog_ac_ct_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_PKG_CONFIG"; then +else case e in #( + e) if test -n "$ac_ct_PKG_CONFIG"; then ac_cv_prog_ac_ct_PKG_CONFIG="$ac_ct_PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -20832,7 +22099,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_PKG_CONFIG=$ac_cv_prog_ac_ct_PKG_CONFIG if test -n "$ac_ct_PKG_CONFIG"; then @@ -20872,7 +22140,8 @@ ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" fi - + ;; +esac fi @@ -20935,15 +22204,16 @@ printf "%s\n" "yes" >&6; } : -else $as_nop - +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "OpenSSL/LibreSSL not found -See \`config.log' for more details" "$LINENO" 5; } - +See 'config.log' for more details" "$LINENO" 5; } + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -20973,8 +22243,8 @@ ;; esac -else $as_nop - +else case e in #( + e) # if pkg-config is installed and openssl has installed a .pc file, # then use that information and don't search ssldirs if test -n "$ac_tool_prefix"; then @@ -20985,8 +22255,8 @@ if test ${ac_cv_prog_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$PKG_CONFIG"; then +else case e in #( + e) if test -n "$PKG_CONFIG"; then ac_cv_prog_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -21008,7 +22278,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi PKG_CONFIG=$ac_cv_prog_PKG_CONFIG if test -n "$PKG_CONFIG"; then @@ -21030,8 +22301,8 @@ if test ${ac_cv_prog_ac_ct_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_PKG_CONFIG"; then +else case e in #( + e) if test -n "$ac_ct_PKG_CONFIG"; then ac_cv_prog_ac_ct_PKG_CONFIG="$ac_ct_PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -21053,7 +22324,8 @@ done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_PKG_CONFIG=$ac_cv_prog_ac_ct_PKG_CONFIG if test -n "$ac_ct_PKG_CONFIG"; then @@ -21093,7 +22365,8 @@ ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" fi - + ;; +esac fi @@ -21156,15 +22429,16 @@ printf "%s\n" "yes" >&6; } : -else $as_nop - +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "OpenSSL/LibreSSL not found -See \`config.log' for more details" "$LINENO" 5; } - +See 'config.log' for more details" "$LINENO" 5; } + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -21279,11 +22553,12 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "not found -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -21463,19 +22738,20 @@ for ac_func in EVP_DigestSignInit EVP_DigestVerifyInit do : - as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | sed "$as_sed_sh"` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | sed "$as_sed_cpp"` 1 _ACEOF : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "EVP_DigestSignInit/EVP_DigestVerifyInit support in OpenSSL is mandatory. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi done @@ -21497,11 +22773,12 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "not found. ECDSA P-256 support in OpenSSL is mandatory. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -21522,11 +22799,12 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "not found. ECDSA P-384 support in OpenSSL is mandatory. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -21550,9 +22828,10 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -21576,9 +22855,10 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -21593,11 +22873,12 @@ then : printf "%s\n" "#define HAVE_EVP_SHA1 1" >>confdefs.h : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "SHA-1 support in OpenSSL is mandatory. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi done @@ -21608,19 +22889,20 @@ for ac_func in EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 do : - as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | sed "$as_sed_sh"` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | sed "$as_sed_cpp"` 1 _ACEOF : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "SHA-2 support in OpenSSL is mandatory. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi done @@ -21631,19 +22913,20 @@ for ac_func in EVP_aes_128_ecb EVP_aes_192_ecb EVP_aes_256_ecb do : - as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | sed "$as_sed_sh"` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | sed "$as_sed_cpp"` 1 _ACEOF : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "AES support in OpenSSL is mandatory. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi done @@ -21702,8 +22985,9 @@ if test ${enable_fips_mode+y} then : enableval=$enable_fips_mode; -else $as_nop - enable_fips_mode="no" +else case e in #( + e) enable_fips_mode="no" ;; +esac fi @@ -21721,11 +23005,12 @@ then : printf "%s\n" "#define HAVE_FIPS_MODE 1" >>confdefs.h -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "OpenSSL FIPS mode requested but not available. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi done ;; #( @@ -21807,8 +23092,9 @@ if test ${with_gssapi+y} then : withval=$with_gssapi; -else $as_nop - with_gssapi="auto" +else case e in #( + e) with_gssapi="auto" ;; +esac fi @@ -21827,8 +23113,8 @@ if test ${ac_cv_path_KRB5_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - case $KRB5_CONFIG in +else case e in #( + e) case $KRB5_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path. ;; @@ -21853,6 +23139,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG @@ -21877,8 +23164,8 @@ if test ${ac_cv_path_KRB5_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - case $KRB5_CONFIG in +else case e in #( + e) case $KRB5_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path. ;; @@ -21903,6 +23190,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG @@ -22012,19 +23300,21 @@ then : printf "%s\n" "#define HAVE_GSSAPI_GSSAPI_H 1" >>confdefs.h -else $as_nop - for ac_header in gssapi.h +else case e in #( + e) for ac_header in gssapi.h do : ac_fn_c_check_header_compile "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" if test "x$ac_cv_header_gssapi_h" = xyes then : printf "%s\n" "#define HAVE_GSSAPI_H 1" >>confdefs.h -else $as_nop - as_fn_error $? "neither gssapi/gssapi.h nor gssapi.h found" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "neither gssapi/gssapi.h nor gssapi.h found" "$LINENO" 5 ;; +esac fi -done +done ;; +esac fi done @@ -22056,8 +23346,9 @@ then : printf "%s\n" "#define HAVE_GSS_ACQUIRE_CRED 1" >>confdefs.h -else $as_nop - as_fn_error $? "linking with $GSSAPI_LIBS does not work" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "linking with $GSSAPI_LIBS does not work" "$LINENO" 5 ;; +esac fi done @@ -22200,19 +23491,21 @@ then : printf "%s\n" "#define HAVE_KRB5_KRB5_H 1" >>confdefs.h -else $as_nop - for ac_header in krb5.h +else case e in #( + e) for ac_header in krb5.h do : ac_fn_c_check_header_compile "$LINENO" "krb5.h" "ac_cv_header_krb5_h" "$ac_includes_default" if test "x$ac_cv_header_krb5_h" = xyes then : printf "%s\n" "#define HAVE_KRB5_H 1" >>confdefs.h -else $as_nop - as_fn_error $? "neither krb5/krb5.h nor krb5 found" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "neither krb5/krb5.h nor krb5 found" "$LINENO" 5 ;; +esac fi -done +done ;; +esac fi done @@ -22224,8 +23517,9 @@ then : printf "%s\n" "#define HAVE_KRB5_INIT_CONTEXT 1" >>confdefs.h -else $as_nop - as_fn_error $? "linking with $KRB5_LIBS failed" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "linking with $KRB5_LIBS failed" "$LINENO" 5 ;; +esac fi done @@ -22317,8 +23611,9 @@ if test ${with_lmdb+y} then : withval=$with_lmdb; : -else $as_nop - with_lmdb="auto" +else case e in #( + e) with_lmdb="auto" ;; +esac fi @@ -22476,15 +23771,21 @@ if test ${ac_cv_search_mdb_env_create+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mdb_env_create (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mdb_env_create (void); int main (void) { @@ -22515,11 +23816,13 @@ if test ${ac_cv_search_mdb_env_create+y} then : -else $as_nop - ac_cv_search_mdb_env_create=no +else case e in #( + e) ac_cv_search_mdb_env_create=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mdb_env_create" >&5 printf "%s\n" "$ac_cv_search_mdb_env_create" >&6; } @@ -22584,8 +23887,8 @@ ac_lib_lmdb_found=yes break -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } LMDB_CFLAGS="" LMDB_LIBS="" @@ -22643,13 +23946,15 @@ - + ;; +esac fi -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi done @@ -22746,15 +24051,21 @@ if test ${ac_cv_search_mdb_env_create+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mdb_env_create (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mdb_env_create (void); int main (void) { @@ -22785,11 +24096,13 @@ if test ${ac_cv_search_mdb_env_create+y} then : -else $as_nop - ac_cv_search_mdb_env_create=no +else case e in #( + e) ac_cv_search_mdb_env_create=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mdb_env_create" >&5 printf "%s\n" "$ac_cv_search_mdb_env_create" >&6; } @@ -22854,8 +24167,8 @@ ac_lib_lmdb_found=yes break -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } LMDB_CFLAGS="" LMDB_LIBS="" @@ -22913,13 +24226,15 @@ - + ;; +esac fi -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi done @@ -23020,15 +24335,21 @@ if test ${ac_cv_search_mdb_env_create+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mdb_env_create (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mdb_env_create (void); int main (void) { @@ -23059,11 +24380,13 @@ if test ${ac_cv_search_mdb_env_create+y} then : -else $as_nop - ac_cv_search_mdb_env_create=no +else case e in #( + e) ac_cv_search_mdb_env_create=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mdb_env_create" >&5 printf "%s\n" "$ac_cv_search_mdb_env_create" >&6; } @@ -23127,8 +24450,8 @@ ac_lib_lmdb_found=yes -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } LMDB_CFLAGS="" LMDB_LIBS="" @@ -23186,13 +24509,15 @@ - + ;; +esac fi -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi ;; esac @@ -23235,8 +24560,9 @@ if test ${with_libxml2+y} then : withval=$with_libxml2; -else $as_nop - with_libxml2="auto" +else case e in #( + e) with_libxml2="auto" ;; +esac fi @@ -23390,8 +24716,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -23401,7 +24727,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else LIBXML2_CFLAGS=$pkg_cv_LIBXML2_CFLAGS LIBXML2_LIBS=$pkg_cv_LIBXML2_LIBS @@ -23433,8 +24759,9 @@ if test ${with_json_c+y} then : withval=$with_json_c; -else $as_nop - with_json_c="detect" +else case e in #( + e) with_json_c="detect" ;; +esac fi @@ -23588,8 +24915,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -23599,7 +24926,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else JSON_C_CFLAGS=$pkg_cv_JSON_C_CFLAGS JSON_C_LIBS=$pkg_cv_JSON_C_LIBS @@ -23635,8 +24962,9 @@ if test ${with_zlib+y} then : withval=$with_zlib; -else $as_nop - with_zlib="auto" +else case e in #( + e) with_zlib="auto" ;; +esac fi @@ -23790,8 +25118,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -23801,7 +25129,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else ZLIB_CFLAGS=$pkg_cv_ZLIB_CFLAGS ZLIB_LIBS=$pkg_cv_ZLIB_LIBS @@ -23831,15 +25159,21 @@ if test ${ac_cv_search_backtrace_symbols+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char backtrace_symbols (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char backtrace_symbols (void); int main (void) { @@ -23870,11 +25204,13 @@ if test ${ac_cv_search_backtrace_symbols+y} then : -else $as_nop - ac_cv_search_backtrace_symbols=no +else case e in #( + e) ac_cv_search_backtrace_symbols=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_backtrace_symbols" >&5 printf "%s\n" "$ac_cv_search_backtrace_symbols" >&6; } @@ -23929,11 +25265,12 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "IPv6 support is mandatory -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -23947,8 +25284,9 @@ if test ${enable_tcp_fastopen+y} then : enableval=$enable_tcp_fastopen; -else $as_nop - enable_tcp_fastopen="yes" +else case e in #( + e) enable_tcp_fastopen="yes" ;; +esac fi @@ -23998,8 +25336,9 @@ if test ${with_readline+y} then : withval=$with_readline; -else $as_nop - with_readline="auto" +else case e in #( + e) with_readline="auto" ;; +esac fi @@ -24609,8 +25948,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -24620,7 +25959,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else READLINE_CFLAGS=$pkg_cv_READLINE_CFLAGS READLINE_LIBS=$pkg_cv_READLINE_LIBS @@ -24703,8 +26042,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -24714,7 +26053,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else READLINE_CFLAGS=$pkg_cv_READLINE_CFLAGS READLINE_LIBS=$pkg_cv_READLINE_LIBS @@ -24797,8 +26136,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -24808,7 +26147,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else READLINE_CFLAGS=$pkg_cv_READLINE_CFLAGS READLINE_LIBS=$pkg_cv_READLINE_LIBS @@ -24868,12 +26207,13 @@ if test ${enable_linux_caps+y} then : enableval=$enable_linux_caps; -else $as_nop - case $host in #( +else case e in #( + e) case $host in #( *-linux*) : enable_linux_caps=yes ;; #( *) : enable_linux_caps=no ;; +esac ;; esac fi @@ -24889,8 +26229,9 @@ then : printf "%s\n" "#define HAVE_SYS_CAPABILITY_H 1" >>confdefs.h -else $as_nop - as_fn_error $? "sys/capability.h header is required for Linux capabilities support. Either install libcap or use --disable-linux-caps." "$LINENO" 5 +else case e in #( + e) as_fn_error $? "sys/capability.h header is required for Linux capabilities support. Either install libcap or use --disable-linux-caps." "$LINENO" 5 ;; +esac fi done @@ -24969,15 +26310,21 @@ if test ${ac_cv_search_cap_set_proc+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char cap_set_proc (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char cap_set_proc (void); int main (void) { @@ -25008,11 +26355,13 @@ if test ${ac_cv_search_cap_set_proc+y} then : -else $as_nop - ac_cv_search_cap_set_proc=no +else case e in #( + e) ac_cv_search_cap_set_proc=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_cap_set_proc" >&5 printf "%s\n" "$ac_cv_search_cap_set_proc" >&6; } @@ -25021,8 +26370,9 @@ then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" LIBCAP_LIBS="$ac_cv_search_cap_set_proc" -else $as_nop - as_fn_error $? "libcap is required for Linux capabilities support. Either install libcap or use --disable-linux-caps." "$LINENO" 5 +else case e in #( + e) as_fn_error $? "libcap is required for Linux capabilities support. Either install libcap or use --disable-linux-caps." "$LINENO" 5 ;; +esac fi @@ -25078,9 +26428,10 @@ -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi @@ -25121,14 +26472,15 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } GEN_NEED_OPTARG="-DNEED_OPTARG=1" printf "%s\n" "#define NEED_OPTARG 1" >>confdefs.h - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -25157,9 +26509,10 @@ printf "%s\n" "#define HAVE_STAT_NSEC 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -25217,8 +26570,8 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } -else $as_nop - ISC_ATOMIC_LIBS="-latomic" +else case e in #( + e) ISC_ATOMIC_LIBS="-latomic" CCASFLAGS_atomic_ax_save_flags=$CCASFLAGS @@ -25306,11 +26659,12 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "libatomic needed, but linking with -latomic failed, please fix your toolchain. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -25367,21 +26721,23 @@ - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "stdatomic.h header found, but compilation failed, please fix your toolchain. -See \`config.log' for more details" "$LINENO" 5; } - +See 'config.log' for more details" "$LINENO" 5; } + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for memory model aware atomic operations" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for memory model aware atomic operations" >&5 printf %s "checking for memory model aware atomic operations... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -25420,8 +26776,8 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } -else $as_nop - ISC_ATOMIC_LIBS="-latomic" +else case e in #( + e) ISC_ATOMIC_LIBS="-latomic" CCASFLAGS_atomic_ax_save_flags=$CCASFLAGS @@ -25509,11 +26865,12 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "libatomic needed, but linking with -latomic failed, please fix your toolchain. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -25570,20 +26927,23 @@ - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "not found -See \`config.log' for more details" "$LINENO" 5; } - +See 'config.log' for more details" "$LINENO" 5; } + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi done @@ -25636,10 +26996,11 @@ printf "%s\n" "#define HAVE_BUILTIN_UNREACHABLE 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -25669,10 +27030,11 @@ printf "%s\n" "#define HAVE_BUILTIN_CLZ 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -25702,10 +27064,11 @@ printf "%s\n" "#define HAVE_BUILTIN_OVERFLOW 1" >>confdefs.h -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext @@ -25718,8 +27081,9 @@ if test ${enable_fixed_rrset+y} then : enableval=$enable_fixed_rrset; -else $as_nop - enable_fixed_rrset="no" +else case e in #( + e) enable_fixed_rrset="no" ;; +esac fi if test "$enable_fixed_rrset" = "yes" @@ -25737,8 +27101,9 @@ if test ${enable_dnstap+y} then : enableval=$enable_dnstap; -else $as_nop - enable_dnstap=no +else case e in #( + e) enable_dnstap=no ;; +esac fi @@ -25803,17 +27168,17 @@ # Put the nasty error message in config.log where it belongs echo "$DNSTAP_PKG_ERRORS" >&5 - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "Required libraries (fstrm, protobuf-c) were not found, please install them. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "Required libraries (fstrm, protobuf-c) were not found, please install them. -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else DNSTAP_CFLAGS=$pkg_cv_DNSTAP_CFLAGS DNSTAP_LIBS=$pkg_cv_DNSTAP_LIBS @@ -25828,8 +27193,8 @@ if test ${ac_cv_path_FSTRM_CAPTURE+y} then : printf %s "(cached) " >&6 -else $as_nop - case $FSTRM_CAPTURE in +else case e in #( + e) case $FSTRM_CAPTURE in [\\/]* | ?:[\\/]*) ac_cv_path_FSTRM_CAPTURE="$FSTRM_CAPTURE" # Let the user override the test with a path. ;; @@ -25854,6 +27219,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi FSTRM_CAPTURE=$ac_cv_path_FSTRM_CAPTURE @@ -25873,8 +27239,8 @@ if test ${ac_cv_path_PROTOC_C+y} then : printf %s "(cached) " >&6 -else $as_nop - case $PROTOC_C in +else case e in #( + e) case $PROTOC_C in [\\/]* | ?:[\\/]*) ac_cv_path_PROTOC_C="$PROTOC_C" # Let the user override the test with a path. ;; @@ -25899,6 +27265,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi PROTOC_C=$ac_cv_path_PROTOC_C @@ -25948,8 +27315,8 @@ if test ${ac_cv_path_SPHINX_BUILD+y} then : printf %s "(cached) " >&6 -else $as_nop - case $SPHINX_BUILD in +else case e in #( + e) case $SPHINX_BUILD in [\\/]* | ?:[\\/]*) ac_cv_path_SPHINX_BUILD="$SPHINX_BUILD" # Let the user override the test with a path. ;; @@ -25974,6 +27341,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi SPHINX_BUILD=$ac_cv_path_SPHINX_BUILD @@ -26002,8 +27370,8 @@ if test ${ac_cv_path_XELATEX+y} then : printf %s "(cached) " >&6 -else $as_nop - case $XELATEX in +else case e in #( + e) case $XELATEX in [\\/]* | ?:[\\/]*) ac_cv_path_XELATEX="$XELATEX" # Let the user override the test with a path. ;; @@ -26028,6 +27396,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi XELATEX=$ac_cv_path_XELATEX @@ -26047,8 +27416,8 @@ if test ${ac_cv_path_LATEXMK+y} then : printf %s "(cached) " >&6 -else $as_nop - case $LATEXMK in +else case e in #( + e) case $LATEXMK in [\\/]* | ?:[\\/]*) ac_cv_path_LATEXMK="$LATEXMK" # Let the user override the test with a path. ;; @@ -26073,6 +27442,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi LATEXMK=$ac_cv_path_LATEXMK @@ -26126,8 +27496,8 @@ if test ${ac_cv_path_DOXYGEN+y} then : printf %s "(cached) " >&6 -else $as_nop - case $DOXYGEN in +else case e in #( + e) case $DOXYGEN in [\\/]* | ?:[\\/]*) ac_cv_path_DOXYGEN="$DOXYGEN" # Let the user override the test with a path. ;; @@ -26152,6 +27522,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi DOXYGEN=$ac_cv_path_DOXYGEN @@ -26182,8 +27553,8 @@ if test ${ac_cv_path_CURL+y} then : printf %s "(cached) " >&6 -else $as_nop - case $CURL in +else case e in #( + e) case $CURL in [\\/]* | ?:[\\/]*) ac_cv_path_CURL="$CURL" # Let the user override the test with a path. ;; @@ -26209,6 +27580,7 @@ test -z "$ac_cv_path_CURL" && ac_cv_path_CURL="curl" ;; +esac ;; esac fi CURL=$ac_cv_path_CURL @@ -26236,8 +27608,8 @@ if test ${ac_cv_path_NC+y} then : printf %s "(cached) " >&6 -else $as_nop - case $NC in +else case e in #( + e) case $NC in [\\/]* | ?:[\\/]*) ac_cv_path_NC="$NC" # Let the user override the test with a path. ;; @@ -26262,6 +27634,7 @@ IFS=$as_save_IFS ;; +esac ;; esac fi NC=$ac_cv_path_NC @@ -26293,8 +27666,9 @@ if test ${with_libidn2+y} then : withval=$with_libidn2; with_libidn2="$withval" -else $as_nop - with_libidn2="no" +else case e in #( + e) with_libidn2="no" ;; +esac fi case $with_libidn2 in #( @@ -26371,8 +27745,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -26382,7 +27756,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else LIBIDN2_CFLAGS=$pkg_cv_LIBIDN2_CFLAGS LIBIDN2_LIBS=$pkg_cv_LIBIDN2_LIBS @@ -26476,8 +27850,9 @@ then : printf "%s\n" "#define HAVE_IDN2_H 1" >>confdefs.h -else $as_nop - as_fn_error $? "idn2.h not found" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "idn2.h not found" "$LINENO" 5 ;; +esac fi done @@ -26486,15 +27861,21 @@ if test ${ac_cv_search_idn2_to_ascii_lz+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char idn2_to_ascii_lz (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char idn2_to_ascii_lz (void); int main (void) { @@ -26525,11 +27906,13 @@ if test ${ac_cv_search_idn2_to_ascii_lz+y} then : -else $as_nop - ac_cv_search_idn2_to_ascii_lz=no +else case e in #( + e) ac_cv_search_idn2_to_ascii_lz=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_idn2_to_ascii_lz" >&5 printf "%s\n" "$ac_cv_search_idn2_to_ascii_lz" >&6; } @@ -26541,8 +27924,9 @@ printf "%s\n" "#define HAVE_LIBIDN2 1" >>confdefs.h -else $as_nop - as_fn_error $? "libidn2 requested, but not found" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "libidn2 requested, but not found" "$LINENO" 5 ;; +esac fi @@ -26613,8 +27997,9 @@ if test ${with_cmocka+y} then : withval=$with_cmocka; -else $as_nop - with_cmocka=detect +else case e in #( + e) with_cmocka=detect ;; +esac fi @@ -26769,8 +28154,8 @@ elif test $pkg_failed = untried; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -26780,7 +28165,7 @@ See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } else CMOCKA_CFLAGS=$pkg_cv_CMOCKA_CFLAGS CMOCKA_LIBS=$pkg_cv_CMOCKA_LIBS @@ -26815,8 +28200,9 @@ if test ${with_jemalloc+y} then : withval=$with_jemalloc; -else $as_nop - with_jemalloc=detect +else case e in #( + e) with_jemalloc=detect ;; +esac fi @@ -26888,12 +28274,12 @@ for ac_header in malloc_np.h jemalloc/jemalloc.h do : - as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | sed "$as_sed_sh"` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | sed "$as_sed_cpp"` 1 _ACEOF save_LIBS="$LIBS" @@ -26904,15 +28290,21 @@ if test ${ac_cv_search_mallocx+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mallocx (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mallocx (void); int main (void) { @@ -26943,11 +28335,13 @@ if test ${ac_cv_search_mallocx+y} then : -else $as_nop - ac_cv_search_mallocx=no +else case e in #( + e) ac_cv_search_mallocx=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mallocx" >&5 printf "%s\n" "$ac_cv_search_mallocx" >&6; } @@ -26978,12 +28372,12 @@ for ac_header in malloc_np.h jemalloc/jemalloc.h do : - as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | sed "$as_sed_sh"` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | sed "$as_sed_cpp"` 1 _ACEOF save_LIBS="$LIBS" @@ -26994,15 +28388,21 @@ if test ${ac_cv_search_mallocx+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mallocx (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mallocx (void); int main (void) { @@ -27033,11 +28433,13 @@ if test ${ac_cv_search_mallocx+y} then : -else $as_nop - ac_cv_search_mallocx=no +else case e in #( + e) ac_cv_search_mallocx=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mallocx" >&5 printf "%s\n" "$ac_cv_search_mallocx" >&6; } @@ -27077,8 +28479,9 @@ printf "%s\n" "#define HAVE_JEMALLOC 1" >>confdefs.h -else $as_nop - as_fn_error $? "jemalloc not found" "$LINENO" 5 +else case e in #( + e) as_fn_error $? "jemalloc not found" "$LINENO" 5 ;; +esac fi @@ -27149,12 +28552,12 @@ for ac_header in malloc_np.h jemalloc/jemalloc.h do : - as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | sed "$as_sed_sh"` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | sed "$as_sed_cpp"` 1 _ACEOF save_LIBS="$LIBS" @@ -27165,15 +28568,21 @@ if test ${ac_cv_search_mallocx+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mallocx (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mallocx (void); int main (void) { @@ -27204,11 +28613,13 @@ if test ${ac_cv_search_mallocx+y} then : -else $as_nop - ac_cv_search_mallocx=no +else case e in #( + e) ac_cv_search_mallocx=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mallocx" >&5 printf "%s\n" "$ac_cv_search_mallocx" >&6; } @@ -27239,12 +28650,12 @@ for ac_header in malloc_np.h jemalloc/jemalloc.h do : - as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh` + as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | sed "$as_sed_sh"` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes" then : cat >>confdefs.h <<_ACEOF -#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_header" | sed "$as_sed_cpp"` 1 _ACEOF save_LIBS="$LIBS" @@ -27255,15 +28666,21 @@ if test ${ac_cv_search_mallocx+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char mallocx (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char mallocx (void); int main (void) { @@ -27294,11 +28711,13 @@ if test ${ac_cv_search_mallocx+y} then : -else $as_nop - ac_cv_search_mallocx=no +else case e in #( + e) ac_cv_search_mallocx=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mallocx" >&5 printf "%s\n" "$ac_cv_search_mallocx" >&6; } @@ -27339,10 +28758,11 @@ printf "%s\n" "#define HAVE_JEMALLOC 1" >>confdefs.h with_jemalloc=yes -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: jemalloc not found; performance will be reduced" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: jemalloc not found; performance will be reduced" >&5 printf "%s\n" "$as_me: WARNING: jemalloc not found; performance will be reduced" >&2;} - with_jemalloc=no + with_jemalloc=no ;; +esac fi @@ -27370,32 +28790,6 @@ # -# was --with-tuning specified? -# -# [pairwise: --with-tuning=small, --without-tuning] - -# Check whether --with-tuning was given. -if test ${with_tuning+y} -then : - withval=$with_tuning; -else $as_nop - with_tuning=no -fi - - -case $with_tuning in #( - small) : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: using small system tuning" >&5 -printf "%s\n" "$as_me: using small system tuning" >&6;} ;; #( - *) : - -printf "%s\n" "#define TUNE_LARGE 1" >>confdefs.h - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: using default system tuning" >&5 -printf "%s\n" "$as_me: using default system tuning" >&6;} ;; -esac - -# # was --enable-querytrace or --enable-singletrace specified? # # [pairwise: --enable-singletrace --enable-querytrace, --disable-singletrace --enable-querytrace, --disable-singletrace --disable-querytrace] @@ -27403,8 +28797,9 @@ if test ${enable_singletrace+y} then : enableval=$enable_singletrace; enable_singletrace="$enableval" -else $as_nop - enable_singletrace="no" +else case e in #( + e) enable_singletrace="no" ;; +esac fi @@ -27433,8 +28828,9 @@ if test ${enable_querytrace+y} then : enableval=$enable_querytrace; enable_querytrace="$enableval" -else $as_nop - enable_querytrace="$enable_singletrace" +else case e in #( + e) enable_querytrace="$enable_singletrace" ;; +esac fi @@ -27472,8 +28868,9 @@ if test ${enable_auto_validation+y} then : enableval=$enable_auto_validation; : -else $as_nop - enable_auto_validation=yes +else case e in #( + e) enable_auto_validation=yes ;; +esac fi if test "$enable_auto_validation" = "no" @@ -27519,12 +28916,13 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } -else $as_nop - +else case e in #( + e) librpz_have_attr=no { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -27533,8 +28931,9 @@ if test ${enable_dnsrps_dl+y} then : enableval=$enable_dnsrps_dl; enable_librpz_dl="$enableval" -else $as_nop - enable_librpz_dl="$with_dlopen" +else case e in #( + e) enable_librpz_dl="$with_dlopen" ;; +esac fi @@ -27549,8 +28948,9 @@ if test ${with_dnsrps_libname+y} then : withval=$with_dnsrps_libname; librpz_name="$withval" -else $as_nop - librpz_name="librpz.so" +else case e in #( + e) librpz_name="librpz.so" ;; +esac fi @@ -27560,8 +28960,9 @@ if test ${with_dnsrps_dir+y} then : withval=$with_dnsrps_dir; librpz_path="$withval/$librpz_name" -else $as_nop - librpz_path="$librpz_name" +else case e in #( + e) librpz_path="$librpz_name" ;; +esac fi @@ -27572,8 +28973,8 @@ dnsrps_lib_open=2 -else $as_nop - +else case e in #( + e) dnsrps_lib_open=1 # Add librpz.so to linked libraries if we are not using dlopen() { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing librpz_client_create" >&5 @@ -27581,15 +28982,21 @@ if test ${ac_cv_search_librpz_client_create+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS +else case e in #( + e) ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char librpz_client_create (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char librpz_client_create (void); int main (void) { @@ -27620,11 +29027,13 @@ if test ${ac_cv_search_librpz_client_create+y} then : -else $as_nop - ac_cv_search_librpz_client_create=no +else case e in #( + e) ac_cv_search_librpz_client_create=no ;; +esac fi rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS +LIBS=$ac_func_search_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_librpz_client_create" >&5 printf "%s\n" "$ac_cv_search_librpz_client_create" >&6; } @@ -27633,12 +29042,14 @@ then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" -else $as_nop - dnsrps_lib_open=0 - dnsrps_avail=no +else case e in #( + e) dnsrps_lib_open=0 + dnsrps_avail=no ;; +esac fi - + ;; +esac fi printf "%s\n" "#define DNSRPS_LIB_OPEN $dnsrps_lib_open" >>confdefs.h @@ -27649,8 +29060,9 @@ if test ${enable_dnsrps+y} then : enableval=$enable_dnsrps; enable_dnsrps=$enableval -else $as_nop - enable_dnsrps=no +else case e in #( + e) enable_dnsrps=no ;; +esac fi @@ -27690,8 +29102,8 @@ if test ${ax_cv_have_func_attribute_constructor+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -27712,15 +29124,18 @@ if grep -- -Wattributes conftest.err then : ax_cv_have_func_attribute_constructor=no -else $as_nop - ax_cv_have_func_attribute_constructor=yes +else case e in #( + e) ax_cv_have_func_attribute_constructor=yes ;; +esac fi -else $as_nop - ax_cv_have_func_attribute_constructor=no +else case e in #( + e) ax_cv_have_func_attribute_constructor=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_have_func_attribute_constructor" >&5 printf "%s\n" "$ax_cv_have_func_attribute_constructor" >&6; } @@ -27742,8 +29157,8 @@ if test ${ax_cv_have_func_attribute_destructor+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -27764,15 +29179,18 @@ if grep -- -Wattributes conftest.err then : ax_cv_have_func_attribute_destructor=no -else $as_nop - ax_cv_have_func_attribute_destructor=yes +else case e in #( + e) ax_cv_have_func_attribute_destructor=yes ;; +esac fi -else $as_nop - ax_cv_have_func_attribute_destructor=no +else case e in #( + e) ax_cv_have_func_attribute_destructor=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_have_func_attribute_destructor" >&5 printf "%s\n" "$ax_cv_have_func_attribute_destructor" >&6; } @@ -27841,7 +29259,7 @@ # Misc -ac_config_files="$ac_config_files util/check-make-install" +ac_config_files="$ac_config_files util/check-make-install.sh" # @@ -27858,8 +29276,8 @@ # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the +# 'ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* 'ac_cv_foo' will be assigned the # following values. _ACEOF @@ -27889,14 +29307,14 @@ (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes: double-quote + # 'set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) - # `set' quotes correctly as required by POSIX, so do not add quotes. + # 'set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | @@ -27965,6 +29383,18 @@ fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5 printf "%s\n" "done" >&6; } +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; +esac +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi + if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' @@ -27998,6 +29428,12 @@ Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +# Check whether --enable-year2038 was given. +if test ${enable_year2038+y} +then : + enableval=$enable_year2038; +fi + if test -z "${HOST_MACOS_TRUE}" && test -z "${HOST_MACOS_FALSE}"; then as_fn_error $? "conditional \"HOST_MACOS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -28099,7 +29535,6 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh @@ -28108,12 +29543,13 @@ # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -28185,7 +29621,7 @@ ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 @@ -28214,7 +29650,6 @@ } # as_fn_error - # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -28254,11 +29689,12 @@ { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... @@ -28272,11 +29708,12 @@ { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith @@ -28359,9 +29796,9 @@ if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then @@ -28442,10 +29879,12 @@ as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated exec 6>&1 @@ -28460,8 +29899,8 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by BIND $as_me 9.18.33, which was -generated by GNU Autoconf 2.71. Invocation command line was +This file was extended by BIND $as_me 9.18.41, which was +generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -28493,7 +29932,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions +'$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. @@ -28529,11 +29968,11 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -BIND config.status 9.18.33 -configured by $0, generated by GNU Autoconf 2.71, +BIND config.status 9.18.41 +configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -28595,8 +30034,8 @@ ac_need_defaults=false;; --he | --h) # Conflict between --help and --header - as_fn_error $? "ambiguous option: \`$1' -Try \`$0 --help' for more information.";; + as_fn_error $? "ambiguous option: '$1' +Try '$0 --help' for more information.";; --help | --hel | -h ) printf "%s\n" "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ @@ -28604,8 +30043,8 @@ ac_cs_silent=: ;; # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; + -*) as_fn_error $? "unrecognized option: '$1' +Try '$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; @@ -28990,9 +30429,9 @@ "bin/tests/system/start.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/start.sh" ;; "bin/tests/system/stop.sh") CONFIG_FILES="$CONFIG_FILES bin/tests/system/stop.sh" ;; "fuzz/Makefile") CONFIG_FILES="$CONFIG_FILES fuzz/Makefile" ;; - "util/check-make-install") CONFIG_FILES="$CONFIG_FILES util/check-make-install" ;; + "util/check-make-install.sh") CONFIG_FILES="$CONFIG_FILES util/check-make-install.sh" ;; - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: '$ac_config_target'" "$LINENO" 5;; esac done @@ -29012,7 +30451,7 @@ # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. +# after its creation but before its name has been assigned to '$tmp'. $debug || { tmp= ac_tmp= @@ -29036,7 +30475,7 @@ # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. +# This happens for instance with './config.status config.h'. if test -n "$CONFIG_FILES"; then @@ -29194,13 +30633,13 @@ # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. -# This happens for instance with `./config.status Makefile'. +# This happens for instance with './config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF -# Transform confdefs.h into an awk script `defines.awk', embedded as +# Transform confdefs.h into an awk script 'defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. @@ -29310,7 +30749,7 @@ esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag '$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -29332,19 +30771,19 @@ -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. + # because $ac_f cannot contain ':'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: '$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done - # Let's still pretend it is `configure' which instantiates (i.e., don't + # Let's still pretend it is 'configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` @@ -29477,7 +30916,7 @@ esac _ACEOF -# Neutralize VPATH when `$srcdir' = `.'. +# Neutralize VPATH when '$srcdir' = '.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 @@ -29508,9 +30947,9 @@ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" @@ -29665,15 +31104,15 @@ (exit $ac_status); } || am_rc=$? done if test $am_rc -ne 0; then - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "Something went wrong bootstrapping makefile fragments for automatic dependency tracking. If GNU make was not used, consider re-running the configure script with MAKE=\"gmake\" (or whatever is necessary). You can also try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking). -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } fi { am_dirpart=; unset am_dirpart;} { am_filepart=; unset am_filepart;} @@ -29702,13 +31141,13 @@ # Provide generalized library-building support services. # Written by Gordon Matzigkeit, 1996 -# Copyright (C) 2014 Free Software Foundation, Inc. +# Copyright (C) 2024 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of of the License, or +# the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # As a special exception to the GNU General Public License, if you @@ -30089,7 +31528,7 @@ # Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes # DIR into the resulting binary and the resulting library dependency is -# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# "absolute",i.e. impossible to change by setting \$shlibpath_var if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute @@ -30295,7 +31734,6 @@ if test "yes" = "$enable_full_report" -o "standard" = "$with_locktype"; then echo " Mutex lock type: $with_locktype" fi - test "small" = "$with_tuning" && echo " Small-system tuning (--with-tuning)" test "no" = "$enable_dnstap" || \ echo " Allow 'dnstap' packet logging (--enable-dnstap)" test -z "$MAXMINDDB_LIBS" || echo " GeoIP2 access control (--enable-geoip)" @@ -30340,7 +31778,6 @@ echo " +------------------------------------------+" echo fi - test "small" = "$with_tuning" || echo " Small-system tuning (--with-tuning)" test "no" = "$enable_dnstap" && \ echo " Allow 'dnstap' packet logging (--enable-dnstap)" @@ -30378,12 +31815,13 @@ if test "$GCC" = "yes" then : $CC --version 2>&1 | sed 's/^/ /' -else $as_nop - case $host in #( +else case e in #( + e) case $host in #( *-solaris*) : $CC -V 2>&1 | sed 's/^/ /' ;; #( *) : $CC --version 2>&1 | sed 's/^/ /' ;; +esac ;; esac fi echo "CFLAGS: $STD_CFLAGS $CFLAGS" diff -Nru bind9-9.18.33/configure.ac bind9-9.18.41/configure.ac --- bind9-9.18.33/configure.ac 2025-01-20 13:39:31.174355422 +0000 +++ bind9-9.18.41/configure.ac 2025-10-18 10:21:03.049258662 +0000 @@ -16,7 +16,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 18)dnl -m4_define([bind_VERSION_PATCH], 33)dnl +m4_define([bind_VERSION_PATCH], 41)dnl m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Extended Support Version)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl @@ -1314,20 +1314,6 @@ AM_CONDITIONAL([HAVE_JEMALLOC], [test "$with_jemalloc" = "yes"]) # -# was --with-tuning specified? -# -# [pairwise: --with-tuning=small, --without-tuning] -AC_ARG_WITH([tuning], - AS_HELP_STRING([--with-tuning=ARG], - [Specify server tuning (default or small)]), - [],[with_tuning=no]) - -AS_CASE([$with_tuning], - [small],[AC_MSG_NOTICE(using small system tuning)], - [AC_DEFINE(TUNE_LARGE, 1, [Define to use default system tuning.]) - AC_MSG_NOTICE(using default system tuning)]) - -# # was --enable-querytrace or --enable-singletrace specified? # # [pairwise: --enable-singletrace --enable-querytrace, --disable-singletrace --enable-querytrace, --disable-singletrace --disable-querytrace] @@ -1552,7 +1538,7 @@ # Misc -AC_CONFIG_FILES([util/check-make-install]) +AC_CONFIG_FILES([util/check-make-install.sh]) # # Do it @@ -1576,7 +1562,6 @@ if test "yes" = "$enable_full_report" -o "standard" = "$with_locktype"; then echo " Mutex lock type: $with_locktype" fi - test "small" = "$with_tuning" && echo " Small-system tuning (--with-tuning)" test "no" = "$enable_dnstap" || \ echo " Allow 'dnstap' packet logging (--enable-dnstap)" test -z "$MAXMINDDB_LIBS" || echo " GeoIP2 access control (--enable-geoip)" @@ -1621,7 +1606,6 @@ echo " +------------------------------------------+" echo fi - test "small" = "$with_tuning" || echo " Small-system tuning (--with-tuning)" test "no" = "$enable_dnstap" && \ echo " Allow 'dnstap' packet logging (--enable-dnstap)" diff -Nru bind9-9.18.33/contrib/gitchangelog/gitchangelog.py bind9-9.18.41/contrib/gitchangelog/gitchangelog.py --- bind9-9.18.33/contrib/gitchangelog/gitchangelog.py 2025-01-20 13:39:31.176355458 +0000 +++ bind9-9.18.41/contrib/gitchangelog/gitchangelog.py 2025-10-18 10:21:03.050258688 +0000 @@ -1889,8 +1889,7 @@ try: first_version = next(versions) except StopIteration: - warn("Empty changelog. No commits were elected to be used as entry.") - data["versions"] = [] + die("Empty changelog. No commits were elected to be used as entry.") else: data["versions"] = itertools.chain([first_version], versions) diff -Nru bind9-9.18.33/debian/changelog bind9-9.18.41/debian/changelog --- bind9-9.18.33/debian/changelog 2025-01-25 10:14:58.000000000 +0000 +++ bind9-9.18.41/debian/changelog 2025-10-22 15:38:58.000000000 +0000 @@ -1,3 +1,26 @@ +bind9 (1:9.18.41-1~deb12u1) bookworm-security; urgency=high + + * New upstream version 9.18.41 + - [CVE-2025-8677]: DNSSEC validation fails if matching but invalid + DNSKEY is found + - [CVE-2025-40778]: Address various spoofing attacks. + - [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number + generator + + -- Ondřej Surý Wed, 22 Oct 2025 17:38:58 +0200 + +bind9 (1:9.18.36-1~deb12u1) bookworm; urgency=medium + + * New upstream version 9.18.36 + + -- Ondřej Surý Wed, 16 Apr 2025 15:02:24 +0200 + +bind9 (1:9.18.35-1~deb12u1) bookworm; urgency=medium + + * New upstream version 9.18.35 + + -- Ondřej Surý Thu, 13 Mar 2025 11:41:23 +0100 + bind9 (1:9.18.33-1~deb12u2) bookworm-security; urgency=high * New upstream version 9.18.33 diff -Nru bind9-9.18.33/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch bind9-9.18.41/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch --- bind9-9.18.33/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch 2025-01-25 10:14:58.000000000 +0000 +++ bind9-9.18.41/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch 2025-10-22 15:38:58.000000000 +0000 @@ -39,7 +39,7 @@ + $(LIBXML2_LIBS) +endif HAVE_LIBXML2 diff --git a/bin/named/server.c b/bin/named/server.c -index a0a28c0..0644899 100644 +index da2fb01..e15c5cb 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -26,6 +26,10 @@ @@ -53,7 +53,7 @@ #include #include #include -@@ -10053,6 +10057,15 @@ view_loaded(void *arg) { +@@ -10152,6 +10156,15 @@ view_loaded(void *arg) { "FIPS mode is %s", FIPS_mode() ? "enabled" : "disabled"); #endif /* ifdef HAVE_FIPS_MODE */ @@ -69,7 +69,7 @@ atomic_store(&server->reload_status, NAMED_RELOAD_DONE); isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, -@@ -10232,6 +10245,10 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { +@@ -10331,6 +10344,10 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { UNUSED(task); INSIST(task == server->task); @@ -80,7 +80,7 @@ /* * We need to shutdown the interface before going * exclusive (which would pause the netmgr). -@@ -10648,6 +10665,10 @@ reload(named_server_t *server) { +@@ -10747,6 +10764,10 @@ reload(named_server_t *server) { isc_result_t result; atomic_store(&server->reload_status, NAMED_RELOAD_IN_PROGRESS); @@ -91,7 +91,7 @@ CHECK(loadconfig(server)); -@@ -10664,6 +10685,12 @@ reload(named_server_t *server) { +@@ -10763,6 +10784,12 @@ reload(named_server_t *server) { atomic_store(&server->reload_status, NAMED_RELOAD_FAILED); } cleanup: @@ -104,7 +104,7 @@ return result; } -@@ -11023,6 +11050,10 @@ isc_result_t +@@ -11122,6 +11149,10 @@ isc_result_t named_server_reconfigcommand(named_server_t *server) { isc_result_t result; atomic_store(&server->reload_status, NAMED_RELOAD_IN_PROGRESS); @@ -115,7 +115,7 @@ CHECK(loadconfig(server)); -@@ -11039,6 +11070,12 @@ named_server_reconfigcommand(named_server_t *server) { +@@ -11138,6 +11169,12 @@ named_server_reconfigcommand(named_server_t *server) { atomic_store(&server->reload_status, NAMED_RELOAD_FAILED); } cleanup: @@ -129,7 +129,7 @@ } diff --git a/configure.ac b/configure.ac -index b941a99..a1550fc 100644 +index 7eb5d73..0d286b9 100644 --- a/configure.ac +++ b/configure.ac @@ -857,6 +857,26 @@ AS_CASE([$with_zlib], diff -Nru bind9-9.18.33/debian/patches/0003-Disable-RTLD_DEEPBIND-in-Samba-DLZ-module.patch bind9-9.18.41/debian/patches/0003-Disable-RTLD_DEEPBIND-in-Samba-DLZ-module.patch --- bind9-9.18.33/debian/patches/0003-Disable-RTLD_DEEPBIND-in-Samba-DLZ-module.patch 2025-01-25 10:14:58.000000000 +0000 +++ bind9-9.18.41/debian/patches/0003-Disable-RTLD_DEEPBIND-in-Samba-DLZ-module.patch 2025-10-22 15:38:58.000000000 +0000 @@ -12,7 +12,7 @@ 1 file changed, 19 insertions(+) diff --git a/bin/named/dlz_dlopen_driver.c b/bin/named/dlz_dlopen_driver.c -index f636cd2..7875b18 100644 +index 31ddbce..34e2b0b 100644 --- a/bin/named/dlz_dlopen_driver.c +++ b/bin/named/dlz_dlopen_driver.c @@ -212,6 +212,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], @@ -23,7 +23,7 @@ UNUSED(driverarg); -@@ -235,6 +236,24 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], +@@ -236,6 +237,24 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], /* Initialize the lock */ isc_mutex_init(&cd->lock); diff -Nru bind9-9.18.33/depcomp bind9-9.18.41/depcomp --- bind9-9.18.33/depcomp 2025-01-20 13:40:39.295397947 +0000 +++ bind9-9.18.41/depcomp 2025-10-18 10:21:44.097329160 +0000 @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2018-03-07.03; # UTC +scriptversion=2024-06-19.01; # UTC -# Copyright (C) 1999-2021 Free Software Foundation, Inc. +# Copyright (C) 1999-2024 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -47,11 +47,13 @@ libtool Whether libtool is used (yes/no). Report bugs to . +GNU Automake home page: . +General help using GNU software: . EOF exit $? ;; -v | --v*) - echo "depcomp $scriptversion" + echo "depcomp (GNU Automake) $scriptversion" exit $? ;; esac @@ -113,7 +115,6 @@ # These definitions help. upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ lower=abcdefghijklmnopqrstuvwxyz -digits=0123456789 alpha=${upper}${lower} if test -z "$depmode" || test -z "$source" || test -z "$object"; then @@ -128,7 +129,7 @@ rm -f "$tmpdepfile" -# Avoid interferences from the environment. +# Avoid interference from the environment. gccflag= dashmflag= # Some modes work just like other modes, but use different flags. We @@ -198,8 +199,8 @@ ;; gcc) -## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. -## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## Note that this doesn't just cater to obsolete pre-3.x GCC compilers. +## but also to in-use compilers like IBM xlc/xlC and the HP C compiler. ## (see the conditional assignment to $gccflag above). ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: diff -Nru bind9-9.18.33/doc/Makefile.in bind9-9.18.41/doc/Makefile.in --- bind9-9.18.33/doc/Makefile.in 2025-01-20 13:40:38.477385059 +0000 +++ bind9-9.18.41/doc/Makefile.in 2025-10-18 10:21:43.257307434 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -69,6 +69,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -350,8 +352,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -630,8 +634,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -736,3 +740,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/doc/arm/Makefile.in bind9-9.18.41/doc/arm/Makefile.in --- bind9-9.18.33/doc/arm/Makefile.in 2025-01-20 13:40:38.494385326 +0000 +++ bind9-9.18.41/doc/arm/Makefile.in 2025-10-18 10:21:43.275307900 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -72,6 +72,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -293,8 +295,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -647,8 +651,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -795,3 +799,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/doc/arm/advanced.inc.rst bind9-9.18.41/doc/arm/advanced.inc.rst --- bind9-9.18.33/doc/arm/advanced.inc.rst 2025-01-20 13:39:31.177355475 +0000 +++ bind9-9.18.41/doc/arm/advanced.inc.rst 2025-10-18 10:21:03.052258742 +0000 @@ -31,11 +31,10 @@ :iscman:`named` at startup. See :ref:`dynamic_update_policies` for more details. Dynamic updates using Kerberos-signed requests can be made using the -TKEY/GSS protocol, either by setting the :any:`tkey-gssapi-keytab` option -or by setting both the :any:`tkey-gssapi-credential` and -:any:`tkey-domain` options. Once enabled, Kerberos-signed requests are -matched against the update policies for the zone, using the Kerberos -principal as the signer for the request. +TKEY/GSS protocol, by setting the :any:`tkey-gssapi-keytab` option. +Once enabled, Kerberos-signed requests are matched against the update +policies for the zone, using the Kerberos principal as the signer for +the request. Updating of secure zones (zones using DNSSEC) follows :rfc:`3007`: RRSIG, NSEC, and NSEC3 records affected by updates are automatically regenerated diff -Nru bind9-9.18.33/doc/arm/build.inc.rst bind9-9.18.41/doc/arm/build.inc.rst --- bind9-9.18.33/doc/arm/build.inc.rst 2025-01-20 13:39:31.177355475 +0000 +++ bind9-9.18.41/doc/arm/build.inc.rst 2025-10-18 10:21:03.052258742 +0000 @@ -94,8 +94,9 @@ To support the HTTP statistics channel, the server must be linked with at least one of the following libraries: ``libxml2`` -(http://xmlsoft.org) or ``json-c`` (https://github.com/json-c/json-c). -If these are installed at a nonstandard location, then: +(https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home) or ``json-c`` +(https://github.com/json-c/json-c). If these are installed at a +nonstandard location, then: - for ``libxml2``, specify the prefix using ``--with-libxml2=/prefix``, - for ``json-c``, adjust ``PKG_CONFIG_PATH``. @@ -119,7 +120,7 @@ For DNSTAP packet logging, ``libfstrm`` (https://github.com/farsightsec/fstrm) and ``libprotobuf-c`` -(https://developers.google.com/protocol-buffers) must be installed, and +(https://protobuf.dev) must be installed, and BIND must be configured with ``--enable-dnstap``. To support internationalized domain names in :iscman:`dig`, ``libidn2`` @@ -178,6 +179,6 @@ Building on macOS assumes that the “Command Tools for Xcode” are installed. These can be downloaded from -https://developer.apple.com/download/more/ or, if Xcode is already +https://developer.apple.com/xcode/resources/ or, if Xcode is already installed, simply run ``xcode-select --install``. (Note that an Apple ID may be required to access the download page.) diff -Nru bind9-9.18.33/doc/arm/changelog.rst bind9-9.18.41/doc/arm/changelog.rst --- bind9-9.18.33/doc/arm/changelog.rst 2025-01-20 13:39:31.178355493 +0000 +++ bind9-9.18.41/doc/arm/changelog.rst 2025-10-18 10:21:03.052258742 +0000 @@ -18,14 +18,17 @@ development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. -.. include:: ../changelog/changelog-9.18.33-S1.rst +.. include:: ../changelog/changelog-9.18.41.rst +.. include:: ../changelog/changelog-9.18.40.rst +.. include:: ../changelog/changelog-9.18.39.rst +.. include:: ../changelog/changelog-9.18.38.rst +.. include:: ../changelog/changelog-9.18.37.rst +.. include:: ../changelog/changelog-9.18.36.rst +.. include:: ../changelog/changelog-9.18.35.rst +.. include:: ../changelog/changelog-9.18.34.rst .. include:: ../changelog/changelog-9.18.33.rst -.. include:: ../changelog/changelog-9.18.32-S1.rst .. include:: ../changelog/changelog-9.18.32.rst -.. include:: ../changelog/changelog-9.18.31-S1.rst .. include:: ../changelog/changelog-9.18.31.rst -.. include:: ../changelog/changelog-9.18.30-S1.rst .. include:: ../changelog/changelog-9.18.30.rst -.. include:: ../changelog/changelog-9.18.29-S1.rst .. include:: ../changelog/changelog-9.18.29.rst .. include:: ../changelog/changelog-history.rst diff -Nru bind9-9.18.33/doc/arm/conf.py bind9-9.18.41/doc/arm/conf.py --- bind9-9.18.33/doc/arm/conf.py 2025-01-20 13:39:31.178355493 +0000 +++ bind9-9.18.41/doc/arm/conf.py 2025-10-18 10:21:03.053258769 +0000 @@ -185,6 +185,8 @@ # The master toctree document. master_doc = "index" +smartquotes = False + # -- Options for HTML output ------------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for @@ -214,6 +216,27 @@ latex_logo = "isc-logo.pdf" +# -- Options for linkcheck ---------------------------------------------- +linkcheck_timeout = 10 +linkcheck_ignore = [ + "http://127.0.0.1", + "https://dl.acm.org", + "https://gitlab.isc.org", + "https://kb.isc.org", + "https://simpleicon.com/", + "https://www.dnssec-or-not.com/", + "https://www.flaticon.com/", + "https://www.freepik.com/", + "https://www.gnu.org", + "https://www.godaddy.com", + "https://www.icann.org", +] +# Anchors checking does not work for GitHub, see +# https://github.com/pypa/packaging.python.org/issues/1272. +linkcheck_anchors_ignore_for_url = [ + "https://.*github.*", +] + # # The rst_epilog will be completely overwritten from the Makefile, # the definition here is provided purely for situations when diff -Nru bind9-9.18.33/doc/arm/dnssec.inc.rst bind9-9.18.41/doc/arm/dnssec.inc.rst --- bind9-9.18.33/doc/arm/dnssec.inc.rst 2025-01-20 13:39:31.180355528 +0000 +++ bind9-9.18.41/doc/arm/dnssec.inc.rst 2025-10-18 10:21:03.055258822 +0000 @@ -195,6 +195,11 @@ has an unlimited lifetime, use: :option:`rndc dnssec -rollover -key 12345 dnssec.example. `. +You can pregenerate keys and save them in the key directory. As long as the +key has no timing metadata set, it may be selected as a successor in the +upcoming key rollover. To pregenerate keys without setting key timing metadata, +use the `-G` option: ``dnssec-keygen -G dnssec.example.``. + To revert a signed zone back to an insecure zone, change the zone configuration to use the built-in "insecure" policy. Detailed instructions are described in :ref:`revert_to_unsigned`. diff -Nru bind9-9.18.33/doc/arm/general.rst bind9-9.18.41/doc/arm/general.rst --- bind9-9.18.33/doc/arm/general.rst 2025-01-20 13:39:31.180355528 +0000 +++ bind9-9.18.41/doc/arm/general.rst 2025-10-18 10:21:03.055258822 +0000 @@ -39,7 +39,7 @@ .. _Internet Engineering Steering Group: https://www.ietf.org/about/groups/iesg/ .. _Internet Engineering Task Force: https://www.ietf.org/about/ -.. _Request for Comments: https://www.ietf.org/standards/rfcs/ +.. _Request for Comments: https://www.ietf.org/process/rfcs/ Some of these RFCs, though DNS-related, are not concerned with implementing software. diff -Nru bind9-9.18.33/doc/arm/index.rst bind9-9.18.41/doc/arm/index.rst --- bind9-9.18.33/doc/arm/index.rst 2025-01-20 13:39:31.181355546 +0000 +++ bind9-9.18.41/doc/arm/index.rst 2025-10-18 10:21:03.055258822 +0000 @@ -36,9 +36,9 @@ :name: appendices :maxdepth: 2 + dnssec-guide + manpages + general notes changelog - dnssec-guide history - general - manpages diff -Nru bind9-9.18.33/doc/arm/intro-dns-bind.inc.rst bind9-9.18.41/doc/arm/intro-dns-bind.inc.rst --- bind9-9.18.33/doc/arm/intro-dns-bind.inc.rst 2025-01-20 13:39:31.181355546 +0000 +++ bind9-9.18.41/doc/arm/intro-dns-bind.inc.rst 2025-10-18 10:21:03.055258822 +0000 @@ -102,7 +102,7 @@ cultures treat as unlucky. The 512-byte UDP data limit is no longer a limiting factor and all root servers now support both IPv4 and IPv6. In addition, almost all the root servers use **anycast**, with well over -300 instances of the root servers now providing service worldwide (see further information at https://www.root-servers.org). +300 instances of the root servers now providing service worldwide (see further information at https://root-servers.org). The root servers are the starting point for all **name resolution** within the DNS. Name Resolution diff -Nru bind9-9.18.33/doc/arm/notes.rst bind9-9.18.41/doc/arm/notes.rst --- bind9-9.18.33/doc/arm/notes.rst 2025-01-20 13:39:31.182355563 +0000 +++ bind9-9.18.41/doc/arm/notes.rst 2025-10-18 10:21:03.056258849 +0000 @@ -45,6 +45,14 @@ found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.18 +.. include:: ../notes/notes-9.18.41.rst +.. include:: ../notes/notes-9.18.40.rst +.. include:: ../notes/notes-9.18.39.rst +.. include:: ../notes/notes-9.18.38.rst +.. include:: ../notes/notes-9.18.37.rst +.. include:: ../notes/notes-9.18.36.rst +.. include:: ../notes/notes-9.18.35.rst +.. include:: ../notes/notes-9.18.34.rst .. include:: ../notes/notes-9.18.33.rst .. include:: ../notes/notes-9.18.32.rst .. include:: ../notes/notes-9.18.31.rst diff -Nru bind9-9.18.33/doc/arm/pkcs11.inc.rst bind9-9.18.41/doc/arm/pkcs11.inc.rst --- bind9-9.18.33/doc/arm/pkcs11.inc.rst 2025-01-20 13:39:31.182355563 +0000 +++ bind9-9.18.41/doc/arm/pkcs11.inc.rst 2025-10-18 10:21:03.056258849 +0000 @@ -41,7 +41,7 @@ ^^^^^^^^^^^^^^^^^^ SoftHSMv2, the latest development version of SoftHSM, is available from -https://github.com/opendnssec/SoftHSMv2. It is a software library +https://github.com/softhsm/SoftHSMv2. It is a software library developed by the OpenDNSSEC project (https://www.opendnssec.org) which provides a PKCS#11 interface to a virtual HSM, implemented in the form of an SQLite3 database on the local filesystem. It provides less security diff -Nru bind9-9.18.33/doc/arm/platforms.inc.rst bind9-9.18.41/doc/arm/platforms.inc.rst --- bind9-9.18.33/doc/arm/platforms.inc.rst 2025-01-20 13:39:31.182355563 +0000 +++ bind9-9.18.41/doc/arm/platforms.inc.rst 2025-10-18 10:21:03.056258849 +0000 @@ -45,12 +45,12 @@ Current versions of BIND 9 are fully supported and regularly tested on the following systems: -- Debian 12 -- Ubuntu LTS 20.04, 22.04, 24.04 -- Fedora 41 -- Red Hat Enterprise Linux / CentOS / Oracle Linux 8, 9 +- Debian 12, 13 +- Ubuntu LTS 22.04, 24.04 +- Fedora 42 +- Red Hat Enterprise Linux / CentOS / AlmaLinux 8, 9, 10 - FreeBSD 13.4, 14.2 -- Alpine Linux 3.21 +- Alpine Linux 3.22 The amd64 CPU architecture is fully supported and regularly tested. @@ -89,13 +89,12 @@ - Platforms past or close to their respective EOL dates, such as: - - Ubuntu 14.04, 16.04 (Ubuntu ESM releases are not supported) + - Ubuntu 14.04, 16.04, 18.04, 20.04 (Ubuntu ESM releases are not supported) - CentOS 6 - Debian 8 Jessie, 9 Stretch, 10 Buster, 11 Bullseye - - Ubuntu 14.04, 16.04, 18.04 (Ubuntu ESM releases are not supported) - Red Hat Enterprise Linux / CentOS / Oracle Linux 6, 7 - Debian 8 Jessie, 9 Stretch, 10 Buster - - FreeBSD 10.x, 11.x + - FreeBSD 10.x, 11.x, 12.x - Less common CPU architectures (i386, i686, mips, mipsel, sparc, ppc, and others) diff -Nru bind9-9.18.33/doc/arm/reference.rst bind9-9.18.41/doc/arm/reference.rst --- bind9-9.18.33/doc/arm/reference.rst 2025-01-20 13:39:31.184355598 +0000 +++ bind9-9.18.41/doc/arm/reference.rst 2025-10-18 10:21:03.059258929 +0000 @@ -1177,7 +1177,7 @@ https://github.com/farsightsec/fstrm) to send event payloads which are encoded using Protocol Buffers (``libprotobuf-c``, a mechanism for serializing structured data developed by Google, Inc.; see - https://developers.google.com/protocol-buffers/). + https://protobuf.dev). To enable :any:`dnstap` at compile time, the ``fstrm`` and ``protobuf-c`` libraries must be available, and BIND must be @@ -2903,7 +2903,8 @@ Forwarding ^^^^^^^^^^ -The forwarding facility can be used to create a large site-wide cache on +The forwarding facility sends queries which cannot be answered using local data +to different resolvers. This can be used to create a large site-wide cache on a few servers, reducing traffic over links to external name servers. It can also be used to allow queries by servers that do not have direct access to the Internet, but wish to look up exterior names anyway. @@ -2914,7 +2915,7 @@ :tags: query :short: Allows or disallows fallback to recursion if forwarding has failed; it is always used in conjunction with the :any:`forwarders` statement. - This option is only meaningful if the forwarders list is not empty. A + This option is only meaningful if the :any:`forwarders` list is not empty. A value of ``first`` is the default and causes the server to query the forwarders first; if that does not answer the question, the server then looks for the answer itself. If ``only`` is @@ -2922,9 +2923,10 @@ .. namedconf:statement:: forwarders :tags: query - :short: Defines one or more hosts to which queries are forwarded. + :short: Defines one or more resolvers to which queries are forwarded. - This specifies a list of IP addresses to which queries are forwarded. The + This specifies a list of IP addresses of DNS resolvers, to which queries + which cannot be answered using locally available data are forwarded. The default is the empty list (no forwarding). Each address in the list can be associated with an optional port number. A default port number can be set for the entire list. @@ -4117,9 +4119,10 @@ :tags: server :short: Sets the interval at which the server scans the network interface list. - The server scans the network interface list every :any:`interface-interval` - minutes. The default is 60 minutes; the maximum value is 28 days (40320 - minutes). If set to 0, interface scanning only occurs when the configuration + The server scans the network interface list on every interval as specified by + :any:`interface-interval`. + + If set to 0, interface scanning only occurs when the configuration file is loaded, or when :any:`automatic-interface-scan` is enabled and supported by the operating system. After the scan, the server begins listening for queries on any newly discovered interfaces (provided they are allowed by the @@ -4127,6 +4130,8 @@ gone away. For convenience, TTL-style time-unit suffixes may be used to specify the value. It also accepts ISO 8601 duration formats. + The default is 60 minutes (1 hour); the maximum value is 28 days. + The :any:`sortlist` Statement ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -4264,7 +4269,8 @@ ``--enable-fixed-rrset`` at compile time. ``random`` - Records are returned in a random order. + Records are returned in a non-deterministic order. The random ordering + doesn't guarantee uniform distribution of all permutations. ``cyclic`` Records are returned in a cyclic round-robin order, rotating by one @@ -4417,7 +4423,7 @@ :any:`stale-answer-enable` option or by calling :option:`rndc serve-stale on `. When :any:`stale-cache-enable` is set to ``no``, setting the :any:`max-stale-ttl` - has no effect, the value of :any:`max-cache-ttl` will be ``0`` in such case. + has no effect; the value of :any:`max-stale-ttl` will be ``0`` in such case. .. namedconf:statement:: resolver-nonbackoff-tries :tags: deprecated. @@ -6052,7 +6058,7 @@ Cipher list which defines allowed ciphers, such as ``HIGH:!aNULL:!MD5:!SHA1:!SHA256:!SHA384``. The string must be formed according to the rules specified in the OpenSSL documentation - (see https://www.openssl.org/docs/man1.1.1/man1/ciphers.html + (see https://docs.openssl.org/1.1.1/man1/ciphers/ for details). .. namedconf:statement:: prefer-server-ciphers @@ -6907,33 +6913,68 @@ :tags: zone :short: Contains a duplicate of the data for a zone that has been transferred from a primary server. - A secondary zone is a replica of a primary zone. Type ``slave`` is a - synonym for :any:`secondary `. The :any:`primaries` list specifies one or more IP - addresses of primary servers that the secondary contacts to update - its copy of the zone. Primaries list elements can - also be names of other primaries lists. By default, - transfers are made from port 53 on the servers; - this can be changed for all servers by specifying - a port number before the list of IP addresses, - or on a per-server basis after the IP address. - Authentication to the primary can also be done with - per-server TSIG keys. If a file is specified, then the - replica is written to this file - whenever the zone - is changed, and reloaded from this file on a server - restart. Use of a file is recommended, since it - often speeds server startup and eliminates a - needless waste of bandwidth. Note that for large - numbers (in the tens or hundreds of thousands) of - zones per server, it is best to use a two-level - naming scheme for zone filenames. For example, - a secondary server for the zone - ``example.com`` might place - the zone contents into a file called - ``ex/example.com``, where - ``ex/`` is just the first two - letters of the zone name. (Most operating systems - behave very slowly if there are 100,000 files in a single directory.) + A secondary zone is a replica of a primary zone. Type ``slave`` is a + synonym for :any:`secondary `. The :any:`primaries` list + specifies one or more IP addresses of primary servers that the secondary + contacts to update its copy of the zone. + + Primaries list elements can also be names of other primaries lists. By + default, transfers are made from port 53 on the servers; this can be + changed for all servers by specifying a port number before the list of IP + addresses, or on a per-server basis after the IP address. Authentication + to the primary can also be done with per-server TSIG keys. + + A secondary zone is a replica of a primary zone. Type ``slave`` is a + synonym for :any:`secondary `. The :any:`primaries` list + specifies one or more IP addresses of primary servers that the secondary + contacts to update its copy of the zone. + + A zone may refresh on timer or on receipt of a notify. If a valid notify is + received where the notify carries a serial number larger than the one in the + SOA currently served, then the secondary will schedule a zone refresh. + + A notify is considered valid if the sender is one of the servers in the NS + RRset for the zone, has been explicitly allowed using an :any:`allow-notify` + clause, or is from an address listed in the primary servers clause. + + If no notifies have been received, the server will try to refresh the zone. + The REFRESH field in the SOA record determines how long after the last zone + update it should query the primaries for the SOA record. Again, if the + SOA record contains a serial number larger than the one in the SOA currently + served, a zone refresh is scheduled. If a notify is received while a + refresh is in progress, the serial number of the notify is checked and if + it is larger, another refresh for the zone is queued. There will at most + be one zone refresh queued. + + The primary servers are queried in turn, :any:`named` will move on to the + next server in the list if either it is unable to get a valid response from + the server it is currently querying, or the primary being queried returns + the same or smaller SOA than the secondary is currently serving. On the + first SOA received that has a serial bigger than the one currently served, + :any:`named` will initiate a zone transfer with that server. Once the zone + transfer has been received and the zone has been updated, then this zone + refresh is complete, and no other servers are tried. + + When receiving a notify, :any:`named` does not first query the sender of + the notify. It will continue with the next server in the list that + transferred the zone, skipping over unreachable servers. A primary is + considered unreachable if the secondary cannot get a response from the + server. This state will be cached for 10 minutes, or until a notify is + received from that address. + + Furthermore, a zone is refreshed when the secondary server is restarted, + or when a :option:`rndc refresh ` command is received. + + If a file is specified, then the replica is written to this file whenever the zone + is changed, and reloaded from this file on a server restart. Use of a file + is recommended, since it often speeds server startup and eliminates a + needless waste of bandwidth. Note that for large numbers (in the tens or + hundreds of thousands) of zones per server, it is best to use a two-level + naming scheme for zone filenames. For example, a secondary server for the + zone ``example.com`` might place the zone contents into a file called + ``ex/example.com``, where ``ex/`` is just the first two letters of the zone + name. (Most operating systems behave very slowly if there are 100,000 files + in a single directory.) .. namedconf:statement:: type mirror :tags: zone @@ -7016,20 +7057,24 @@ .. namedconf:statement:: type stub :tags: zone - :short: Contains a duplicate of the NS records of a primary zone. + :short: Contains a duplicate of the NS records of a zone. + + A stub zone specifies a set of name servers to use when contacting the zone + for the first time. A stub zone overrides any NS records (delegations) + that might exist in the parent zone. Once an authoritative server is + reached, the NS records from that server are honored. + + A stub zone can work around missing or broken delegations, but comes at + expense of maintaining a set of name server addresses in + :iscman:`named.conf`. + + .. warning:: Use of stub zones is not recommended. Proper delegation + with NS records in the parent zone should be used. - A stub zone is similar to a secondary zone, except that it replicates only - the NS records of a primary zone instead of the entire zone. Stub zones - are not a standard part of the DNS; they are a feature specific to the - BIND implementation. - - Stub zones can be used to eliminate the need for a glue NS record in a parent - zone, at the expense of maintaining a stub zone entry and a set of name - server addresses in :iscman:`named.conf`. This usage is not recommended for - new configurations, and BIND 9 supports it only in a limited way. If a BIND 9 - primary, serving a parent zone, has child stub - zones configured, all the secondary servers for the parent zone also need to - have the same child stub zones configured. + + :iscman:`named` queries authoritative servers configured as :any:`primaries` + to obtain up-to-date NS records. These new NS records are then used + to obtain answers from a given zone. Stub zones can also be used as a way to force the resolution of a given domain to use a particular set of authoritative servers. For example, the @@ -7037,19 +7082,37 @@ configured with stub zones for ``10.in-addr.arpa`` to use a set of internal name servers as the authoritative servers for that domain. + If a BIND 9 primary, serving a parent zone, has child stub zones configured, + all the secondary servers for the parent zone also need to have the same + child stub zones configured. + + Stub zones are not a standard part of the DNS; they are a feature specific + to the BIND implementation. + + .. namedconf:statement:: type static-stub :tags: zone - :short: Contains a duplicate of the NS records of a primary zone, but statically configured rather than transferred from a primary server. + :short: Contains statically configured NS records for a zone. - A static-stub zone is similar to a stub zone, with the following - exceptions: the zone data is statically configured, rather than - transferred from a primary server; and when recursion is necessary for a query - that matches a static-stub zone, the locally configured data (name server - names and glue addresses) is always used, even if different authoritative - information is cached. + A static-stub zone specifies a set of name servers to use to resolve *all* + queries for the given zone. A stub zone overrides any NS records + (delegations) that might exist in the parent zone, and also any records + received from the otherwise-authoritative server. + + Like a :any:`stub ` zone, this can work around missing or broken + delegations at the parent. Unlike stub, static-stub also overrides any NS + records offered by the specified servers. + + When recursion is necessary for a query that matches a static-stub zone, + the locally configured data (name server names and glue addresses) is + always used, even if different authoritative information is cached. + + The zone data is configured via the :any:`server-addresses` and + :any:`server-names` zone statements. These must point to authoritative + servers. - Zone data is configured via the :any:`server-addresses` and :any:`server-names` - zone options. + .. warning:: Use of static-stub zones is not recommended. Proper delegation + with NS records in the parent zone should be used. The zone data is maintained in the form of NS and (if necessary) glue A or AAAA RRs internally, which can be seen by dumping zone databases with @@ -7060,7 +7123,7 @@ Since the data is statically configured, no zone maintenance action takes place for a static-stub zone. For example, there is no periodic refresh - attempt, and an incoming notify message is rejected with an rcode + attempt, and an incoming :ref:`NOTIFY ` message is rejected with an rcode of NOTAUTH. Each static-stub zone is configured with internally generated NS and (if @@ -7341,7 +7404,7 @@ :tags: query, zone :short: Specifies a list of IP addresses to which queries should be sent in recursive resolution for a static-stub zone. - This option is only meaningful for static-stub zones. This is a list of IP addresses + This option is only meaningful for :any:`static-stub ` zones. This is a list of IP addresses to which queries should be sent in recursive resolution for the zone. A non-empty list for this option internally configures the apex NS RR with associated glue A or AAAA RRs. @@ -7366,7 +7429,7 @@ :tags: zone :short: Specifies a list of domain names of name servers that act as authoritative servers of a static-stub zone. - This option is only meaningful for static-stub zones. This is a list of domain names + This option is only meaningful for :any:`static-stub ` zones. This is a list of domain names of name servers that act as authoritative servers of the static-stub zone. These names are resolved to IP addresses when :iscman:`named` needs to send queries to these servers. For this supplemental diff -Nru bind9-9.18.33/doc/arm/rpz.inc.rst bind9-9.18.41/doc/arm/rpz.inc.rst --- bind9-9.18.33/doc/arm/rpz.inc.rst 2025-01-20 13:39:31.185355616 +0000 +++ bind9-9.18.41/doc/arm/rpz.inc.rst 2025-10-18 10:21:03.059258929 +0000 @@ -257,7 +257,7 @@ The ``*`` at the beginning of these CNAME target names is special, and it causes the original query name to be prepended to the CNAME target. So if a user tries to visit the Conficker command and control domain -http://racaldftn.com.ai/ (which was a valid Conficker command and control +racaldftn.com.ai (which was a valid Conficker command and control domain name on 19-October-2011), the RPZ-configured recursive name server will send back this answer: @@ -727,8 +727,8 @@ want their users' DNS queries to be rerouted unexpectedly. However, Mozilla provides a mechanism to disable the DoH-by-default setting: if the Mozilla-owned domain `use-application-dns.net -`_ returns an NXDOMAIN response code, Firefox -will not use DoH. +`_ +returns an NXDOMAIN response code, Firefox will not use DoH. To accomplish this using RPZ: diff -Nru bind9-9.18.33/doc/arm/troubleshooting.inc.rst bind9-9.18.41/doc/arm/troubleshooting.inc.rst --- bind9-9.18.33/doc/arm/troubleshooting.inc.rst 2025-01-20 13:39:31.185355616 +0000 +++ bind9-9.18.41/doc/arm/troubleshooting.inc.rst 2025-10-18 10:21:03.060258956 +0000 @@ -42,7 +42,7 @@ Such workarounds cause unnecessary resolution delays, increase code complexity, and prevent deployment of new DNS features. In February 2019, all major DNS software vendors removed these -workarounds; see https://dnsflagday.net/2019 for further details. This change +workarounds; see https://www.dnsflagday.net/2019/ for further details. This change was implemented in BIND as of release 9.14.0. As a result, some domains may be non-resolvable without manual diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.29-S1.rst bind9-9.18.41/doc/changelog/changelog-9.18.29-S1.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.29-S1.rst 2025-01-20 13:39:31.185355616 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.29-S1.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.30-S1.rst bind9-9.18.41/doc/changelog/changelog-9.18.30-S1.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.30-S1.rst 2025-01-20 13:39:31.185355616 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.30-S1.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.31-S1.rst bind9-9.18.41/doc/changelog/changelog-9.18.31-S1.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.31-S1.rst 2025-01-20 13:39:31.186355634 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.31-S1.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.32-S1.rst bind9-9.18.41/doc/changelog/changelog-9.18.32-S1.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.32-S1.rst 2025-01-20 13:39:31.186355634 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.32-S1.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.33-S1.rst bind9-9.18.41/doc/changelog/changelog-9.18.33-S1.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.33-S1.rst 2025-01-20 13:39:31.186355634 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.33-S1.rst 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.34.rst bind9-9.18.41/doc/changelog/changelog-9.18.34.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.34.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.34.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,112 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.34 +------------ + +New Features +~~~~~~~~~~~~ + +- Print the expiration time of the stale records. ``f04168545d1`` + + Print the expiration time of the stale RRsets in the cache dump. + :gl:`!10062` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Remove --with-tuning=small/large configuration option. ``327b666c6d0`` + + The configuration option --with-tuning has been removed as it is no + longer required or desired. :gl:`!9959` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Reduce memory sizes of common structures. ``008e5201098`` + + * Reduce `sizeof(isc_sockaddr_t)` from 152 to 48 bytes + * Reduce `sizeof(struct isc__nm_uvreq)` from 1560 to 560 bytes + + Partial backport of !8299 :gl:`!9953` + +- Refactor reference counting in RBTDB. ``fd9a85addc4`` + + Clean up the pattern in the newref() and decref() functions in RBTDB + databases. + + Related to #5134 :gl:`!10036` + +- Shutdown the fetch context after canceling the last fetch. + ``57187b2c4f4`` + + Shutdown the fetch context immediately after the last fetch has been + canceled from that particular fetch context. :gl:`!9960` + +Bug Fixes +~~~~~~~~~ + +- Fix "rndc flushname" for longer name server names. ``b7383e50484`` + + :option:`rndc flushname` did not work for name server names longer + than 16 bytes. This has been fixed. :gl:`#3885` :gl:`!10025` + +- Recently expired records could be returned with timestamp in future. + ``4c49d99d560`` + + Under rare circumstances, the RRSet that expired at the time of the + query could be returned with TTL far in the future. This has been + fixed. + + As a side-effect, the expiration time of expired RRSets are no longer + printed out in the cache dump. :gl:`#5094` :gl:`!10060` + +- Yaml string not terminated in negative response in delv. + ``132947c0bad`` + + :gl:`#5098` :gl:`!9980` + +- Apply the memory limit only to ADB database items. ``7c90bd5bb3d`` + + Resolver under heavy-load could exhaust the memory available for + storing the information in the Address Database (ADB) effectively + evicting already stored information in the ADB. The memory used to + retrieve and provide information from the ADB is now not a subject of + the same memory limits that are applied for storing the information in + the Address Database. :gl:`#5127` :gl:`!9976` + +- Avoid unnecessary locking in the zone/cache database. ``43c77d95f1d`` + + Prevent lock contention among many worker threads referring to the + same database node at the same time. This would improve zone and cache + database performance for the heavily contended database nodes. + :gl:`#5130` :gl:`!9965` + +- Fix the cache findzonecut() implementation. ``368315b3c7e`` + + The search for the deepest known zone cut in the cache could + improperly reject a node if it contained any stale data, regardless of + whether it was the NS RRset that was stale. :gl:`#5155` :gl:`!10051` + +- Improve the resolver performance under attack. ``2c667bc9c61`` + + A remote client can force the DNS resolver component to consume the + memory faster than cleaning up the resources for the canceled resolver + fetches due to `recursive-clients` limit. If the such traffic pattern + is sustained for a long period of time, the DNS server might + eventually run out of the available memory. This has been fixed. + + It should be noted that when under such heavy attack for BIND 9 + version both with and without the fix, no outgoing DNS queries will be + successful as the generated traffic pattern will consume all the + available slots for the recursive clients. :gl:`!9961` + + diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.35.rst bind9-9.18.41/doc/changelog/changelog-9.18.35.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.35.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.35.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,134 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.35 +------------ + +New Features +~~~~~~~~~~~~ + +- Add digest methods for SIG and RRSIG. ``7f4023fe7d`` + + ZONEMD digests RRSIG records and potentially digests SIG record. Add + digests methods for both record types. :gl:`#5219` :gl:`!10219` + +Bug Fixes +~~~~~~~~~ + +- Prevent a reference leak when using plugins. ``8d0d08ec00`` + + The `NS_QUERY_DONE_BEGIN` and `NS_QUERY_DONE_SEND` plugin hooks could + cause a reference leak if they returned `NS_HOOK_RETURN` without + cleaning up the query context properly. :gl:`#2094` :gl:`!10171` + +- Fix memory ordering issues with atomic operations in the quota.c + module. ``86f02349e5`` + + Change all the non-locked operations on `quota->used` and + `quota->waiting` to "acq/rel" for inter-thread synchronization. Some + loads are left as "relaxed", because they are under a locked mutex + which also provides protection. + + Also use relaxed memory ordering for `quota->max` and `quota->soft`, + as done in the main branch; possible ordering issues for these + variables are acceptable. :gl:`#5018` :gl:`!10203` + +- Fix deferred validation of unsigned DS and DNSKEY records. + ``60a26ecd43`` + + When processing a query with the "checking disabled" bit set (CD=1), + `named` stores the unvalidated result in the cache, marked "pending". + When the same query is sent with CD=0, the cached data is validated, + and either accepted as an answer, or ejected from the cache as + invalid. This deferred validation was not attempted for DS and DNSKEY + records if they had no cached signatures, causing spurious validation + failures. We now complete the deferred validation in this scenario. + + Also, if deferred validation fails, we now re-query the data to find + out whether the zone has been corrected since the invalid data was + cached. :gl:`#5066` :gl:`!10106` + +- When recording an rr trace, use libtool. ``42afefe031`` + + When a system test is run with the `USE_RR` environment variable set + to 1, an `rr` trace is now correctly generated for each instance of + `named`. :gl:`#5079` :gl:`!10208` + +- Do not cache signatures for rejected data. ``7e24b9f6ec`` + + The cache has been updated so that if new data is rejected - for + example, because there was already existing data at a higher trust + level - then its covering RRSIG will also be rejected. :gl:`#5132` + :gl:`!10135` + +- Fix a race issue in dns_view_addzone() ``a946528023`` + + Views use two types of reference counting - regular and weak, and when + there are no more regular references, the `view_flushanddetach()` + function destroys or detaches some parts of the view, including + `view->zonetable`, while other parts are freed by `destroy()` when the + last weak reference is detached. Since catalog zones use weak + references to attach a view, it's currently possible that during + shutdown catalog zone processing will try to add a new zone into an + otherwise unused view (because it's shutting down) which doesn't have + an attached zonetable any more. This could cause an assertion failure. + Fix this issue by modifying the `dns_view_addzone()` function to + expect that `view->zonetable` can be `NULL`, and in that case just + return `ISC_R_SHUTTINGDOWN`. :gl:`#5138` :gl:`!10086` + +- Fix RPZ race condition during a reconfiguration. ``54bb8252e2`` + + With RPZ in use, `named` could terminate unexpectedly because of a + race condition when a reconfiguration command was received using + `rndc`. This has been fixed. :gl:`#5146` :gl:`!10145` + +- "CNAME and other data check" not applied to all types. ``aaaf2e989a`` + + An incorrect optimization caused "CNAME and other data" errors not to + be detected if certain types were at the same node as a CNAME. This + has been fixed. :gl:`#5150` :gl:`!10101` + +- Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse. + ``b601cb32ee`` + + Previously, when parsing responses, named incorrectly rejected + responses without matching RRSIG records for NSEC/DS/NSEC3 records in + the authority section. This rejection, if appropriate, should have + been left for the validator to determine and has been fixed. + :gl:`#5185` :gl:`!10143` + +- Fix a logic error in cache_name() ``ab047ff47f`` + + A change in 6aba56ae8 (checking whether a rejected RRset was identical + to the data it would have replaced, so that we could still cache a + signature) inadvertently introduced cases where processing of a + response would continue when previously it would have been skipped. + :gl:`#5197` :gl:`!10159` + +- Finalize removal of memory debug flags size and mctx [9.18] + ``853a966fe7`` + + :gl:`!9607` + +- Post [CVE-2024-12705] Performance Drop Fixes, Part 2. ``e811f444b7`` + + :gl:`!10193` + +- Post [CVE-2024-12705] Performance Drop Fixes. ``8d96ff01d4`` + + :gl:`!10128` + +- Sync the TSAN CC, CFLAGS and LDFLAGS in the respdiff:tsan job. + ``22fd7c4eb4`` + + :gl:`!10213` + + diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.36.rst bind9-9.18.41/doc/changelog/changelog-9.18.36.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.36.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.36.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,85 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.36 +------------ + +New Features +~~~~~~~~~~~~ + +- Implement -T cookiealwaysvalid. ``efbd698a2d`` + + When `-T cookiealwaysvalid` is passed to `named`, DNS cookie checks + for the incoming queries always pass, given they are structurally + correct. :gl:`!10265` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Fix network manager issue when both success and timeout callbacks can + be called for the same read request. ``d4cc98a175`` + + This commit simplifies code flow in the tls_cycle_input() and makes + the incoming data processing similar to that in TCP DNS. In + particular, now we decipher all the the incoming data before making a + single isc__nm_process_sock_buffer() call. Previously we would try to + decipher data bit-by-bit before trying to process the deciphered bit + via isc__nm_process_sock_buffer(). Doing like before made the code + much less predictable, in particular in the areas like when reading is + paused or resumed. + + The newer approach also allowed us to get rid of some old kludges. + :gl:`#5247` :gl:`!10294` + +Bug Fixes +~~~~~~~~~ + +- Add missing locks when returning addresses. ``ae573fd9dc`` + + Add missing locks in dns_zone_getxfrsource4 et al. Addresses CID + 468706, 468708, 468741, 468742, 468785, and 468778. + + Cleanup dns_zone_setxfrsource4 et al to now return void. + + Remove double copies with dns_zone_getprimaryaddr and + dns_zone_getsourceaddr. :gl:`#4933` :gl:`!10260` + +- Stop caching lack of EDNS support. ``84d0464646`` + + `named` could falsely learn that a server doesn't support EDNS when a + spoofed response was received; that subsequently prevented DNSSEC + lookups from being made. This has been fixed. :gl:`#3949` :gl:`#5066` + +- Fix resolver statistics counters for timed out responses. + ``0e7419670e`` + + When query responses timed out, the resolver could incorrectly + increase the regular responses counters, even if no response was + received. This has been fixed. :gl:`#5193` :gl:`!10288` + +- Validating ADB fetches could cause a crash in import_rdataset() + ``f24bacb190`` + + Previously, in some cases, the resolver could return rdatasets of type + CNAME or DNAME without the result code being set to `DNS_R_CNAME` or + `DNS_R_DNAME`. This could trigger an assertion failure in the ADB. The + resolver error has been fixed. :gl:`#5201` :gl:`!10330` + +- Don't enforce NOAUTH/NOCONF flags in DNSKEYs. ``ddbea0b94b`` + + All DNSKEY keys are able to authenticate. The `DNS_KEYTYPE_NOAUTH` + (and `DNS_KEYTYPE_NOCONF`) flags were defined for the KEY rdata type, + and are not applicable to DNSKEY. Previously, however, because the + DNSKEY implementation was built on top of KEY, the `_NOAUTH` flag + prevented authentication in DNSKEYs as well. This has been corrected. + :gl:`#5240` :gl:`!10316` + + diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.37.rst bind9-9.18.41/doc/changelog/changelog-9.18.37.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.37.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.37.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,26 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.37 +------------ + +Bug Fixes +~~~~~~~~~ + +- Unify the int32_t vs int_fast32_t when working with atomic types. + ``8665d3be39c`` + + There's a mismatch between the atomic and non-atomic types that could + potentialy lead to a rwlock deadlock (after two billion 2^32) writes. + Use int_fast32_t when loading the atomic_int_fast32_t types in the + isc_rwlock unit. :gl:`#5280` :gl:`!10390` + + diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.38.rst bind9-9.18.41/doc/changelog/changelog-9.18.38.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.38.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.38.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,58 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.38 +------------ + +Security Fixes +~~~~~~~~~~~~~~ + +- Fix an issue when some specific queries could remain unanswered with + serve-stale enabled. ``8ca561f6dce`` + + When :iscman:`named` was running with stale answers enabled and with + the ``stale-answer-client-timeout 0`` configuration option, in certain + situations it was possible that some queries could remain unanswered. + This has been fixed. :gl:`#5383` + +New Features +~~~~~~~~~~~~ + +- Add support for the CO flag to dig. ``9e897623701`` + + Add support to display the CO (Compact Answers OK flag) + when displaying messages. + + Add support to set the CO flag when making queries in dig (+coflag). + :gl:`#5319` :gl:`!10579` + +Bug Fixes +~~~~~~~~~ + +- Fix the default interface-interval from 60s to 60m. ``0be568f921d`` + + When the interface-interval parser was changed from uint32 parser to + duration parser, the default value stayed at plain number `60` which + now means 60 seconds instead of 60 minutes. The documentation also + incorrectly states that the value is in minutes. That has been fixed. + :gl:`#5246` :gl:`!10680` + +- Fix purge-keys bug when using views. ``df417186ef2`` + + Previously, when a DNSSEC key was purged by one zone view, other zone + views would return an error about missing key files. This has been + fixed. :gl:`#5315` :gl:`!10599` + +- Set name for all the isc_mem contexts. ``6c216c18d01`` + + :gl:`!10499` + + diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.39.rst bind9-9.18.41/doc/changelog/changelog-9.18.39.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.39.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.39.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,84 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.39 +------------ + +New Features +~~~~~~~~~~~~ + +- Support for parsing the DSYNC record has been added. ``4eb5a0ba1c`` + + :gl:`#5440` :gl:`!10821` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest + type 1. ``1ea4164f71`` + + RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated + by the IETF and should no longer be used for DNSSEC. DS digest type 1 + (SHA1) has also been deprecated. Validators are now expected to treat + these algorithms and digest as unknown, resulting in some zones being + treated as insecure when they were previously treated as secure. + Warnings have been added to named and tools when these algorithms and + this digest are being used for signing. + + Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated to a + different DNSKEY algorithm. + + Zones with DS or CDS records with digest type 1 (SHA1) should be + updated to use a different digest type (e.g. SHA256) and the digest + type 1 records should be removed. + + Related to #5358 :gl:`!10739` + +Bug Fixes +~~~~~~~~~ + +- Fix a possible crash when adding a zone while recursing. + ``c8d4829223`` + + A query for a zone that was not yet loaded may yield an unexpected + result such as a CNAME or DNAME, triggering an assertion failure. This + has been fixed. :gl:`#5357` :gl:`!10719` + +- Clean enough memory when adding new ADB names/entries under memory + pressure. ``e2f539035d`` + + The ADB memory cleaning is opportunistic even when we are under memory + pressure (in the overmem condition). Split the opportunistic LRU + cleaning and overmem cleaning and make the overmem cleaning always + cleanup double of the newly allocated adbname/adbentry to ensure we + never allocate more memory than the assigned limit. :gl:`!10708` + +- Prevent spurious validation failures. ``4d24dabc25`` + + Under rare circumstances, validation could fail if multiple clients + simultaneously iterated the same set of signatures. + + References #3014 :gl:`!10816` + +- Rescan the interfaces again when reconfiguring the server. + ``c9f05d750a`` + + On FreeBSD, the server would not listen on the configured 'localhost' + interfaces immediately, but only after the 'interface-interval' period + has passed. After the fix for default interface-interval was merged + in !10281, this means the server would listen on the localhost after + 60 minutes. + + Rescan the interfaces immediately after configuring the + interface-interval value to start listening on the 'localhost' + interface immediately. :gl:`!10758` + + diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.40.rst bind9-9.18.41/doc/changelog/changelog-9.18.40.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.40.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.40.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,18 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.40 +------------ + +.. note:: + + The BIND 9.18.40 release was withdrawn after the discovery of a + regression in a security fix in it during pre-release testing. diff -Nru bind9-9.18.33/doc/changelog/changelog-9.18.41.rst bind9-9.18.41/doc/changelog/changelog-9.18.41.rst --- bind9-9.18.33/doc/changelog/changelog-9.18.41.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/changelog/changelog-9.18.41.rst 2025-10-18 10:21:03.061258982 +0000 @@ -0,0 +1,148 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.41 +------------ + +Security Fixes +~~~~~~~~~~~~~~ + +- [CVE-2025-8677] DNSSEC validation fails if matching but invalid DNSKEY + is found. ``85d08e06831`` + + Previously, if a matching but cryptographically invalid key was + encountered during DNSSEC validation, the key was skipped and not + counted towards validation failures. :iscman:`named` now treats such + DNSSEC keys as hard failures and the DNSSEC validation fails + immediately, instead of continuing with the next DNSKEYs in the RRset. + + ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One + Security and Privacy Laboratory at Nankai University for bringing this + vulnerability to our attention. :gl:`#5343` + +- [CVE-2025-40778] Address various spoofing attacks. ``4c99ba5a462`` + + Previously, several issues could be exploited to poison a DNS cache + with spoofed records for zones which were not DNSSEC-signed or if the + resolver was configured to not do DNSSEC validation. These issues were + assigned CVE-2025-40778 and have now been fixed. + + As an additional layer of protection, :iscman:`named` no longer + accepts DNAME records or extraneous NS records in the AUTHORITY + section unless these are received via spoofing-resistant transport + (TCP, UDP with DNS cookies, TSIG, or SIG(0)). + + ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin + Duan from Tsinghua University for bringing this vulnerability to our + attention. :gl:`#5414` + +- [CVE-2025-40780] Cache-poisoning due to weak pseudo-random number + generator. ``f74fb05265b`` + + It was discovered during research for an upcoming academic paper that + a xoshiro128\*\* internal state can be recovered by an external 3rd + party, allowing the prediction of UDP ports and DNS IDs in outgoing + queries. This could lead to an attacker spoofing the DNS answers with + great efficiency and poisoning the DNS cache. + + The internal random generator has been changed to a cryptographically + secure pseudo-random generator. + + ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from + Hebrew University of Jerusalem for bringing this vulnerability to our + attention. :gl:`#5484` + +New Features +~~~~~~~~~~~~ + +- Support for parsing HHIT and BRID records has been added. + ``d7d4e94d085`` + + :gl:`#5444` :gl:`!10933` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Deprecate the "tkey-domain" statement. ``e28c95c1160`` + + Mark the :any:`tkey-domain` statement as deprecated since it is only + used by code implementing TKEY Mode 2 (Diffie-Hellman), which was + removed from newer BIND 9 branches. :gl:`#4204` :gl:`!10783` + +- Deprecate the "tkey-gssapi-credential" statement. ``2705307f818`` + + The :any:`tkey-gssapi-keytab` statement allows GSS-TSIG to be set up + in a simpler and more reliable way than using the + :any:`tkey-gssapi-credential` statement and setting environment + variables (e.g. ``KRB5_KTNAME``). Therefore, the + :any:`tkey-gssapi-credential` statement has been deprecated; + :any:`tkey-gssapi-keytab` should be used instead. + + For configurations currently using a combination of both + :any:`tkey-gssapi-keytab` *and* :any:`tkey-gssapi-credential`, the + latter should be dropped and the keytab pointed to by + :any:`tkey-gssapi-keytab` should now only contain the credential + previously specified by :any:`tkey-gssapi-credential`. :gl:`#4204` + :gl:`!10925` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Update clang-format style with options added in newer versions. + ``1bc0f245c79`` + + Add and apply InsertBraces statement to add missing curly braces + around one-line statements and use + ControlStatementsExceptControlMacros for SpaceBeforeParens to remove + space between foreach macro and the brace, e.g. `FOREACH (x) {` + becomes `FOREACH(x) {`. :gl:`!10865` + +Bug Fixes +~~~~~~~~~ + +- Prevent spurious SERVFAILs for certain 0-TTL resource records. + ``f5a6a8be45f`` + + Under certain circumstances, BIND 9 can return SERVFAIL when updating + existing entries in the cache with new NS, A, AAAA, or DS records with + 0-TTL. :gl:`#5294` :gl:`!10899` + +- Use DNS_RDATACOMMON_INIT to hide branch differences. ``aef4682e4aa`` + + Initialization of the common members of rdata type structures varies + across branches. Standardize it by using the `DNS_RDATACOMMON_INIT` + macro for all types, so that new types are more likely to use it, and + hence backport more cleanly. :gl:`#5467` :gl:`!10833` + +- RPZ canonical warning displays zone entry incorrectly. ``3e787e98930`` + + When an IPv6 rpz prefix entry is entered incorrectly the log message + was just displaying the prefix rather than the full entry. This has + been corrected. :gl:`#5491` :gl:`!10931` + +- Missing DNSSEC information when CD bit is set in query. + ``990586f0496`` + + The RRSIGs for glue records were not being cached correctly for CD=1 + queries. This has been fixed. :gl:`#5502` :gl:`!10957` + +- Add and use __attribute__((nonnull)) in dnssec-signzone.c. + ``48c30cfcd08`` + + Clang 20 was spuriously warning about the possibility of passing a + NULL file pointer to `fprintf()`, which uses the 'nonnull' attribute. + To silence the warning, the functions calling `fprintf()` have been + marked with the same attribute to assure that NULL can't be passed to + them in the first place. + + Close #5487 :gl:`!10914` + + diff -Nru bind9-9.18.33/doc/dnssec-guide/introduction.rst bind9-9.18.41/doc/dnssec-guide/introduction.rst --- bind9-9.18.33/doc/dnssec-guide/introduction.rst 2025-01-20 13:39:31.203355933 +0000 +++ bind9-9.18.41/doc/dnssec-guide/introduction.rst 2025-10-18 10:21:03.079259464 +0000 @@ -376,7 +376,7 @@ requesting all ``.gov`` subdomains to be DNSSEC-signed by December 2009. This explains why ``.gov`` is the most-deployed DNSSEC domain currently, with `around 90% of subdomains - signed. `__ + signed. `__ .. _how_does_dnssec_change_my_job: diff -Nru bind9-9.18.33/doc/dnssec-guide/preface.rst bind9-9.18.41/doc/dnssec-guide/preface.rst --- bind9-9.18.33/doc/dnssec-guide/preface.rst 2025-01-20 13:39:31.203355933 +0000 +++ bind9-9.18.41/doc/dnssec-guide/preface.rst 2025-10-18 10:21:03.079259464 +0000 @@ -78,6 +78,6 @@ subsequently published as :rfc:`7583`. Icons made by `Freepik `__ and -`SimpleIcon `__ from +`SimpleIcon `__ from `Flaticon `__, licensed under `Creative Commons BY 3.0 `__. diff -Nru bind9-9.18.33/doc/dnssec-guide/validation.rst bind9-9.18.41/doc/dnssec-guide/validation.rst --- bind9-9.18.33/doc/dnssec-guide/validation.rst 2025-01-20 13:39:31.204355950 +0000 +++ bind9-9.18.41/doc/dnssec-guide/validation.rst 2025-10-18 10:21:03.080259490 +0000 @@ -110,7 +110,7 @@ server for DNS resolution; then use one of these web-based tests to confirm that it is in fact validating DNS responses. -- `Internet.nl `__ +- `Internet.nl `__ - `DNSSEC or Not (VeriSign) `__ diff -Nru bind9-9.18.33/doc/man/Makefile.in bind9-9.18.41/doc/man/Makefile.in --- bind9-9.18.33/doc/man/Makefile.in 2025-01-20 13:40:38.515385657 +0000 +++ bind9-9.18.41/doc/man/Makefile.in 2025-10-18 10:21:43.298308495 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -72,6 +72,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -164,10 +166,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ @@ -333,8 +334,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -862,16 +865,16 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + -$(am__rm_f) $(CLEANFILES) distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + -$(am__rm_f) $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am @@ -1015,3 +1018,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/doc/man/dig.1in bind9-9.18.41/doc/man/dig.1in --- bind9-9.18.33/doc/man/dig.1in 2025-01-20 13:41:36.244265324 +0000 +++ bind9-9.18.41/doc/man/dig.1in 2025-10-18 10:22:29.873519479 +0000 @@ -344,6 +344,14 @@ .UNINDENT .INDENT 0.0 .TP +.B +coflag, +co, +nocoflag, +noco +This option sets [or does not set] the CO (Compact denial of +existence Ok) EDNS bit in the query. If set, it tells servers +that Compact Denial of Existence responses are acceptable when +replying to queries. The default is \fB+nocoflag\fP\&. +.UNINDENT +.INDENT 0.0 +.TP .B +comments, +nocomments This option toggles the display of some comment lines in the output, with information about the packet header and OPT pseudosection, and the names of @@ -417,7 +425,7 @@ .B +ednsflags[=#], +noednsflags This option sets the must\-be\-zero EDNS flags bits (Z bits) to the specified value. Decimal, hex, and octal encodings are accepted. Setting a named flag -(e.g., DO) is silently ignored. By default, no Z bits are set. +(e.g. DO, CO) is silently ignored. By default, no Z bits are set. .UNINDENT .INDENT 0.0 .TP diff -Nru bind9-9.18.33/doc/man/dnssec-dsfromkey.1in bind9-9.18.41/doc/man/dnssec-dsfromkey.1in --- bind9-9.18.33/doc/man/dnssec-dsfromkey.1in 2025-01-20 13:41:36.258265544 +0000 +++ bind9-9.18.41/doc/man/dnssec-dsfromkey.1in 2025-10-18 10:22:29.885519792 +0000 @@ -41,28 +41,32 @@ \fBdnssec\-dsfromkey\fP [ \fB\-h\fP | \fB\-V\fP ] .SH DESCRIPTION .sp -The \fBdnssec\-dsfromkey\fP command outputs DS (Delegation Signer) resource records -(RRs), or CDS (Child DS) RRs with the \fI\%\-C\fP option. +The \fBdnssec\-dsfromkey\fP command outputs DS (Delegation +Signer) resource records (RRs), or CDS (Child DS) RRs with the +\fI\%\-C\fP option. .sp By default, only KSKs are converted (keys with flags = 257). The -\fI\%\-A\fP option includes ZSKs (flags = 256). Revoked keys are never -included. +\fI\%\-A\fP option includes ZSKs (flags = 256). Revoked keys are +never included. .sp The input keys can be specified in a number of ways: .sp -By default, \fBdnssec\-dsfromkey\fP reads a key file named in the format -\fBKnnnn.+aaa+iiiii.key\fP, as generated by \fI\%dnssec\-keygen\fP\&. +By default, \fBdnssec\-dsfromkey\fP reads a key file named in +the format \fBKnnnn.+aaa+iiiii.key\fP, as generated by +\fI\%dnssec\-keygen\fP\&. +.sp +With the \fI\%\-f file\fP option, \fBdnssec\-dsfromkey\fP +reads keys from a zone file or partial zone file (which can contain +just the DNSKEY records). .sp -With the \fI\%\-f file\fP option, \fBdnssec\-dsfromkey\fP reads keys from a zone -file or partial zone file (which can contain just the DNSKEY records). -.sp -With the \fI\%\-s\fP option, \fBdnssec\-dsfromkey\fP reads a \fBkeyset\-\fP file, -as generated by \fI\%dnssec\-keygen\fP \fI\%\-C\fP\&. +With the \fI\%\-s\fP option, \fBdnssec\-dsfromkey\fP reads a +\fBkeyset\-\fP file, as generated by \fI\%dnssec\-keygen\fP \fI\%\-C\fP\&. .SH OPTIONS .INDENT 0.0 .TP .B \-1 -This option is an abbreviation for \fI\%\-a SHA1\fP\&. +This option is an abbreviation for \fI\%\-a SHA1\fP\&. This +digest is deprecated. .UNINDENT .INDENT 0.0 .TP @@ -72,26 +76,28 @@ .INDENT 0.0 .TP .B \-a algorithm -This option specifies a digest algorithm to use when converting DNSKEY records to -DS records. This option can be repeated, so that multiple DS records -are created for each DNSKEY record. -.sp -The algorithm must be one of SHA\-1, SHA\-256, or SHA\-384. These values -are case\-insensitive, and the hyphen may be omitted. If no algorithm -is specified, the default is SHA\-256. +This option specifies a digest algorithm to use when converting +DNSKEY records to DS records. This option can be repeated, so +that multiple DS records are created for each DNSKEY record. +.sp +The algorithm must be one of SHA\-1 (deprecated), SHA\-256, or +SHA\-384. These values are case\-insensitive, and the hyphen may +be omitted. If no algorithm is specified, the default is SHA\-256. .UNINDENT .INDENT 0.0 .TP .B \-A -This option indicates that ZSKs are to be included when generating DS records. Without this option, only -keys which have the KSK flag set are converted to DS records and -printed. This option is only useful in \fI\%\-f\fP zone file mode. +This option indicates that ZSKs are to be included when generating +DS records. Without this option, only keys which have the KSK +flag set are converted to DS records and printed. This option +is only useful in \fI\%\-f\fP zone file mode. .UNINDENT .INDENT 0.0 .TP .B \-c class -This option specifies the DNS class; the default is IN. This option is only useful in \fI\%\-s\fP keyset -or \fI\%\-f\fP zone file mode. +This option specifies the DNS class; the default is IN. This +option is only useful in \fI\%\-s\fP keyset or \fI\%\-f\fP +zone file mode. .UNINDENT .INDENT 0.0 .TP @@ -101,10 +107,10 @@ .INDENT 0.0 .TP .B \-f file -This option sets zone file mode, in which the final dnsname argument of \fBdnssec\-dsfromkey\fP is the -DNS domain name of a zone whose master file can be read from -\fBfile\fP\&. If the zone name is the same as \fBfile\fP, then it may be -omitted. +This option sets zone file mode, in which the final dnsname +argument of \fBdnssec\-dsfromkey\fP is the DNS domain name +of a zone whose master file can be read from \fBfile\fP\&. If the +zone name is the same as \fBfile\fP, then it may be omitted. .sp If \fBfile\fP is \fB\-\fP, then the zone data is read from the standard input. This makes it possible to use the output of the \fI\%dig\fP @@ -120,18 +126,21 @@ .INDENT 0.0 .TP .B \-K directory -This option tells BIND 9 to look for key files or \fBkeyset\-\fP files in \fBdirectory\fP\&. +This option tells BIND 9 to look for key files or \fBkeyset\-\fP +files in \fBdirectory\fP\&. .UNINDENT .INDENT 0.0 .TP .B \-s -This option enables keyset mode, in which the final dnsname argument from \fBdnssec\-dsfromkey\fP is the DNS -domain name used to locate a \fBkeyset\-\fP file. +This option enables keyset mode, in which the final dnsname +argument from \fBdnssec\-dsfromkey\fP is the DNS domain name +used to locate a \fBkeyset\-\fP file. .UNINDENT .INDENT 0.0 .TP .B \-T TTL -This option specifies the TTL of the DS records. By default the TTL is omitted. +This option specifies the TTL of the DS records. By default the +TTL is omitted. .UNINDENT .INDENT 0.0 .TP diff -Nru bind9-9.18.33/doc/man/dnssec-keyfromlabel.1in bind9-9.18.41/doc/man/dnssec-keyfromlabel.1in --- bind9-9.18.33/doc/man/dnssec-keyfromlabel.1in 2025-01-20 13:41:36.271265748 +0000 +++ bind9-9.18.41/doc/man/dnssec-keyfromlabel.1in 2025-10-18 10:22:29.899520156 +0000 @@ -48,28 +48,32 @@ .INDENT 0.0 .TP .B \-a algorithm -This option selects the cryptographic algorithm. The value of \fBalgorithm\fP must -be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, -ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. +This option selects the cryptographic algorithm. The value of +\fBalgorithm\fP must be one of RSASHA1 (deprecated), NSEC3RSASHA1 +(deprecated), RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, +ED25519, or ED448. .sp -These values are case\-insensitive. In some cases, abbreviations are -supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for -ECDSAP384SHA384. If RSASHA1 is specified along with the \fI\%\-3\fP -option, then NSEC3RSASHA1 is used instead. +These values are case\-insensitive. In some cases, abbreviations +are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 +for ECDSAP384SHA384. If RSASHA1 (deprecated) is specified along +with the \fI\%\-3\fP option, then NSEC3RSASHA1 (deprecated) is +used instead. .sp -This option is mandatory except when using the -\fI\%\-S\fP option, which copies the algorithm from the predecessory key. +This option is mandatory except when using the \fI\%\-S\fP +option, which copies the algorithm from the predecessory key. .sp -Changed in version 9.12.0: The default value RSASHA1 for newly generated keys was removed. +Changed in version 9.12.0: The default value RSASHA1 (deprecated) for newly generated +keys was removed. .UNINDENT .INDENT 0.0 .TP .B \-3 -This option uses an NSEC3\-capable algorithm to generate a DNSSEC key. If this -option is used with an algorithm that has both NSEC and NSEC3 -versions, then the NSEC3 version is used; for example, -\fBdnssec\-keygen \-3a RSASHA1\fP specifies the NSEC3RSASHA1 algorithm. +This option uses an NSEC3\-capable algorithm to generate a DNSSEC +key. If this option is used with an algorithm that has both NSEC +and NSEC3 versions, then the NSEC3 version is used; for example, +\fBdnssec\-keygen \-3a RSASHA1\fP specifies the NSEC3RSASHA1 +(deprecated) algorithm. .UNINDENT .INDENT 0.0 .TP diff -Nru bind9-9.18.33/doc/man/dnssec-keygen.1in bind9-9.18.41/doc/man/dnssec-keygen.1in --- bind9-9.18.33/doc/man/dnssec-keygen.1in 2025-01-20 13:41:36.282265921 +0000 +++ bind9-9.18.41/doc/man/dnssec-keygen.1in 2025-10-18 10:22:29.909520417 +0000 @@ -45,24 +45,27 @@ .INDENT 0.0 .TP .B \-3 -This option uses an NSEC3\-capable algorithm to generate a DNSSEC key. If this -option is used with an algorithm that has both NSEC and NSEC3 -versions, then the NSEC3 version is selected; for example, -\fBdnssec\-keygen \-3 \-a RSASHA1\fP specifies the NSEC3RSASHA1 algorithm. +This option uses an NSEC3\-capable algorithm to generate a DNSSEC +key. If this option is used with an algorithm that has both NSEC +and NSEC3 versions, then the NSEC3 version is selected; for +example, \fBdnssec\-keygen \-3 \-a RSASHA1\fP specifies the NSEC3RSASHA1 +(deprecated) algorithm. .UNINDENT .INDENT 0.0 .TP .B \-a algorithm -This option selects the cryptographic algorithm. For DNSSEC keys, the value of -\fBalgorithm\fP must be one of RSASHA1, NSEC3RSASHA1, RSASHA256, -RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448. For -TKEY, the value must be DH (Diffie\-Hellman); specifying this value -automatically sets the \fI\%\-T KEY\fP option as well. +This option selects the cryptographic algorithm. For DNSSEC keys, +the value of \fBalgorithm\fP must be one of RSASHA1 (deprecated), +NSEC3RSASHA1 deprecated), RSASHA256, RSASHA512, ECDSAP256SHA256, +ECDSAP384SHA384, ED25519, or ED448. For TKEY, the value must be +DH (Diffie\-Hellman); specifying this value automatically sets +the \fI\%\-T KEY\fP option as well. .sp -These values are case\-insensitive. In some cases, abbreviations are -supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for -ECDSAP384SHA384. If RSASHA1 is specified along with the \fI\%\-3\fP -option, NSEC3RSASHA1 is used instead. +These values are case\-insensitive. In some cases, abbreviations +are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 +for ECDSAP384SHA384. If RSASHA1 (deprecated) is specified along +with the \fI\%\-3\fP option, NSEC3RSASHA1 (deprecated) is used +instead. .sp This parameter \fImust\fP be specified except when using the \fI\%\-S\fP option, which copies the algorithm from the predecessor key. diff -Nru bind9-9.18.33/doc/man/dnssec-signzone.1in bind9-9.18.41/doc/man/dnssec-signzone.1in --- bind9-9.18.33/doc/man/dnssec-signzone.1in 2025-01-20 13:41:36.356267081 +0000 +++ bind9-9.18.41/doc/man/dnssec-signzone.1in 2025-10-18 10:22:29.932521016 +0000 @@ -187,6 +187,11 @@ signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they are replaced. +.sp +Note that the calculation of cycle interval is based upon the validity +period of the replacement signatures that would be generated by +\fBdnssec\-signzone\fP, not on the valid lifetimes of the input RRSIGs being +considered for pre\-expiry replacement. .UNINDENT .INDENT 0.0 .TP @@ -294,7 +299,7 @@ with cached copies of the old DNSKEY RRset. The \fI\%\-Q\fP option forces \fBdnssec\-signzone\fP to remove signatures from keys that are no longer active. This enables ZSK rollover using the procedure described in -\X'tty: link https://datatracker.ietf.org/doc/html/rfc6781.html#4.1.1.1'\fI\%RFC 6781#4.1.1.1\fP\X'tty: link' (\(dqPre\-Publish Key Rollover\(dq). +\X'tty: link https://datatracker.ietf.org/doc/html/rfc6781.html#section-4.1.1.1'\fI\%RFC 6781 Section 4.1.1.1\fP\X'tty: link' (\(dqPre\-Publish Zone Signing Key Rollover\(dq). .UNINDENT .INDENT 0.0 .TP @@ -313,7 +318,7 @@ This option is similar to \fI\%\-Q\fP, except it forces \fBdnssec\-signzone\fP to remove signatures from keys that are no longer published. This enables ZSK rollover using the procedure described in -\X'tty: link https://datatracker.ietf.org/doc/html/rfc6781.html#4.1.1.2'\fI\%RFC 6781#4.1.1.2\fP\X'tty: link' (\(dqDouble Signature Zone Signing Key +\X'tty: link https://datatracker.ietf.org/doc/html/rfc6781.html#section-4.1.1.2'\fI\%RFC 6781 Section 4.1.1.2\fP\X'tty: link' (\(dqDouble Signature Zone Signing Key Rollover\(dq). .UNINDENT .INDENT 0.0 diff -Nru bind9-9.18.33/doc/man/named-rrchecker.1in bind9-9.18.41/doc/man/named-rrchecker.1in --- bind9-9.18.33/doc/man/named-rrchecker.1in 2025-01-20 13:41:36.417268037 +0000 +++ bind9-9.18.41/doc/man/named-rrchecker.1in 2025-10-18 10:22:30.073524688 +0000 @@ -35,41 +35,336 @@ \fBnamed\-rrchecker\fP [\fB\-h\fP] [\fB\-o\fP origin] [\fB\-p\fP] [\fB\-u\fP] [\fB\-C\fP] [\fB\-T\fP] [\fB\-P\fP] .SH DESCRIPTION .sp -\fBnamed\-rrchecker\fP reads a individual DNS resource record from standard +\fBnamed\-rrchecker\fP reads a single DNS resource record (RR) from standard input and checks whether it is syntactically correct. -.SH OPTIONS .INDENT 0.0 .TP -.B \-h -This option prints out the help menu. +.B The input format is a minimal subset of the DNS zone file format. The entire input must be: +CLASS TYPE RDATA .UNINDENT .INDENT 0.0 +.IP \(bu 2 +Input must not start with an owner (domain) name +.IP \(bu 2 +The \fICLASS\fP field is mandatory (typically \fBIN\fP). +.IP \(bu 2 +The \fITTL\fP field \fBmust not\fP be present. +.IP \(bu 2 +RDATA format is specific to each RRTYPE. +.IP \(bu 2 +Leading and trailing whitespace in each field is ignored. +.UNINDENT +.sp +Format details can be found in \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html#section-5.1'\fI\%RFC 1035 Section 5.1\fP\X'tty: link' under \fB\fP +specification. \X'tty: link https://datatracker.ietf.org/doc/html/rfc3597.html'\fI\%RFC 3597\fP\X'tty: link' format is also accepted in any of the input fields. +See \fI\%Examples\fP\&. +.SH OPTIONS +.INDENT 0.0 .TP .B \-o origin -This option specifies the origin to be used when interpreting -the record. +This option specifies the origin to be used when interpreting names in the record: +it defaults to root (\fI\&.\fP). The specified origin is always taken as an absolute name. .UNINDENT .INDENT 0.0 .TP .B \-p This option prints out the resulting record in canonical form. If there -is no canonical form defined, the record is printed in unknown +is no canonical form defined, the record is printed in \X'tty: link https://datatracker.ietf.org/doc/html/rfc3597.html'\fI\%RFC 3597\fP\X'tty: link' unknown record format. .UNINDENT .INDENT 0.0 .TP .B \-u -This option prints out the resulting record in unknown record form. +This option prints out the resulting record in \X'tty: link https://datatracker.ietf.org/doc/html/rfc3597.html'\fI\%RFC 3597\fP\X'tty: link' unknown record +format. .UNINDENT .INDENT 0.0 .TP .B \-C, \-T, \-P -These options print out the known class, standard type, -and private type mnemonics, respectively. +These options do not read input. They print out known classes, standard types, +and private type mnemonics. Each item is printed on a separate line. +The resulting list of private types may be empty +.UNINDENT +.INDENT 0.0 +.TP +.B \-h +This option prints out the help menu. +.UNINDENT +.SH EXAMPLES +.sp +Pay close attention to the \fBecho\fP command line options \fI\-e\fP and \fI\-n\fP, as they affect whitespace in the input to \fBnamed\-rrchecker\fP\&. +.INDENT 0.0 +.TP +.B echo \-n \(aqIN A 192.0.2.1\(aq | named\-rrchecker +.INDENT 7.0 +.IP \(bu 2 +Valid input is in \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link' format with no newline at the end of the input. +.IP \(bu 2 +Return code 0. +.UNINDENT +.TP +.B echo \-e \(aq\en \en IN\etA 192.0.2.1 \et \en\en \(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input with leading and trailing whitespace. +.IP \(bu 2 +Output: \fBIN A 192.0.2.1\fP +.IP \(bu 2 +Leading and trailing whitespace is not part of the output. +.UNINDENT +.UNINDENT +.SS Relative names and origin +.INDENT 0.0 +.TP +.B echo \(aqIN CNAME target\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input with a relative name as the CNAME target. +.IP \(bu 2 +Output: \fBIN CNAME target.\fP +.IP \(bu 2 +Relative name \fItarget\fP from the input is converted to an absolute name using the default origin \fB\&.\fP (root). +.UNINDENT +.TP +.B echo \(aqIN CNAME target\(aq | named\-rrchecker \-p \-o origin.test +.INDENT 7.0 +.IP \(bu 2 +Valid input with a relative name as the CNAME target. +.IP \(bu 2 +Output: \fBIN CNAME target.origin.test.\fP +.IP \(bu 2 +Relative name \fItarget\fP from the input is converted to an absolute name using the specified origin \fBorigin.test\fP +.UNINDENT +.TP +.B echo \(aqIN CNAME target.\(aq | named\-rrchecker \-p \-o origin.test +.INDENT 7.0 +.IP \(bu 2 +Valid input with an absolute name as the CNAME target. +.IP \(bu 2 +Output: \fBIN CNAME target.\fP +.IP \(bu 2 +The specified origin has no influence if \fItarget\fP from the input is already absolute. +.UNINDENT +.UNINDENT +.SS Special characters +.sp +Special characters allowed in zone files by \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html#section-5.1'\fI\%RFC 1035 Section 5.1\fP\X'tty: link' are accepted. +.INDENT 0.0 +.TP +.B echo \(aqIN CNAME t\e097r\eget\e.\(aq | named\-rrchecker \-p \-o origin.test +.INDENT 7.0 +.IP \(bu 2 +Valid input with backslash escapes. +.IP \(bu 2 +Output: \fBIN CNAME target\e..origin.test.\fP +.IP \(bu 2 +\fB\e097\fP denotes an ASCII value in decimal, which, in this example, is the character \fBa\fP\&. +.IP \(bu 2 +\fB\eg\fP is converted to a plain \fBg\fP because the \fBg\fP character does not have a special meaning and so the \fB\e\fP prefix does nothing in this case. +.IP \(bu 2 +\fB\e.\fP denotes a literal ASCII dot (here as a part of the CNAME target name). Special meaning of \fB\&.\fP as the DNS label separator was disabled by the preceding \fB\e\fP prefix. +.UNINDENT +.TP +.B echo \(aqIN CNAME @\(aq | named\-rrchecker \-p \-o origin.test +.INDENT 7.0 +.IP \(bu 2 +Valid input with \fB@\fP used as a reference to the specified origin. +.IP \(bu 2 +Output: \fBIN CNAME origin.test.\fP +.UNINDENT +.TP +.B echo \(aqIN CNAME \e@\(aq | named\-rrchecker \-p \-o origin.test +.INDENT 7.0 +.IP \(bu 2 +Valid input with a literal \fB@\fP character (escaped). +.IP \(bu 2 +Output: \fBIN CNAME \e@.origin.test.\fP +.UNINDENT +.TP +.B echo \(aqIN CNAME prefix.@\(aq | named\-rrchecker \-p \-o origin.test +.INDENT 7.0 +.IP \(bu 2 +Valid input with \fB@\fP used as a reference to the specifed origin. +.IP \(bu 2 +Output: \fBIN CNAME prefix.\e@.origin.test.\fP +.IP \(bu 2 +\fB@\fP has special meaning only if it is free\-standing. +.UNINDENT +.TP +.B echo \(aqIN A 192.0.2.1; comment\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input with a trailing comment. Note the lack of whitespace before the start of the comment. +.IP \(bu 2 +Output: \fBIN A 192.0.2.1\fP +.UNINDENT +.UNINDENT +.sp +For multi\-line examples see the next section. +.SS Multi\-token records +.INDENT 0.0 +.TP +.B echo \-e \(aqIN TXT two words \en\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid TXT RR with two unquoted words and trailing whitespace. +.IP \(bu 2 +Output: \fBIN TXT \(dqtwo\(dq \(dqwords\(dq\fP +.IP \(bu 2 +Two unquoted words in the input are treated as two \fI\fPs per \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html#section-3.3.14'\fI\%RFC 1035 Section 3.3.14\fP\X'tty: link'\&. +.IP \(bu 2 +Trailing whitespace is omitted from the last \fI\fP\&. +.UNINDENT +.TP +.B echo \-e \(aqIN TXT \(dqtwo words\(dq \en\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid TXT RR with one \fIcharacter\-string\fP and trailing whitespace. +.IP \(bu 2 +Output: \fBIN TXT \(dqtwo words\(dq\fP +.UNINDENT +.TP +.B echo \-e \(aqIN TXT \(dqproblematic newline\en\(dq\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Invalid input \- the closing \fB\(dq\fP is not detected before the end of the line. +.UNINDENT +.TP +.B echo \(aqIN TXT \(dqwith newline\e010\(dq\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input with an escaped newline character inside \fIcharacter\-string\fP\&. +.IP \(bu 2 +Output: \fBIN TXT \(dqwith newline\e010\(dq\fP +.UNINDENT +.TP +.B echo \-e \(aqIN TXT ( two\enwords )\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid multi\-line input with line continuation allowed inside optional parentheses in the RDATA field. +.IP \(bu 2 +Output: \fBIN TXT \(dqtwo\(dq \(dqwords\(dq\fP +.UNINDENT +.TP +.B echo \-e \(aqIN TXT ( two\enwords ; misplaced comment )\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Invalid input \- comments, starting with \(dq;\(dq, are ignored by the parser, so the closing parenthesis should be before the semicolon. +.UNINDENT +.TP +.B echo \-e \(aqIN TXT ( two\enwords ; a working comment\en )\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input \- the comment is terminated with a newline. +.IP \(bu 2 +Output: \fBIN TXT \(dqtwo\(dq \(dqwords\(dq\fP +.UNINDENT +.TP +.B echo \(aqIN HTTPS 1 . alpn=\(dqh2,h3\(dq\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid HTTPS record +.IP \(bu 2 +Output: \fBIN HTTPS 1 . alpn=\(dqh2,h3\(dq\fP +.UNINDENT +.TP +.B echo \-e \(aqIN HTTPS ( 1 \en . \en alpn=\(dqdot\(dq)port=853\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid HTTPS record with individual sub\-fields split across multiple lines +using \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html#section-5.1'\fI\%RFC 1035 Section 5.1\fP\X'tty: link' parentheses syntax to group data that crosses +a line boundary. +.IP \(bu 2 +Note the missing whitespace between the closing parenthesis and adjacent tokens. +.IP \(bu 2 +Output: \fBIN HTTPS 1 . alpn=\(dqdot\(dq port=853\fP +.UNINDENT +.UNINDENT +.SS Unknown type handling +.INDENT 0.0 +.TP +.B echo \(aqIN A 192.0.2.1\(aq | named\-rrchecker \-u +.INDENT 7.0 +.IP \(bu 2 +Valid input in \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link' format. +.IP \(bu 2 +Output in \X'tty: link https://datatracker.ietf.org/doc/html/rfc3957.html'\fI\%RFC 3957\fP\X'tty: link' format: \fBCLASS1 TYPE1 \e# 4 C0000201\fP +.UNINDENT +.TP +.B echo \(aqCLASS1 TYPE1 \e# 4 C0000201\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input in \X'tty: link https://datatracker.ietf.org/doc/html/rfc3597.html'\fI\%RFC 3597\fP\X'tty: link' format. +.IP \(bu 2 +Output in \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link' format: \fBIN A 192.0.2.1\fP +.UNINDENT +.TP +.B echo \(aqIN A \e# 4 C0000201\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input with class and type in \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link' format and rdata in \X'tty: link https://datatracker.ietf.org/doc/html/rfc3597.html'\fI\%RFC 3597\fP\X'tty: link' format. +.IP \(bu 2 +Output in \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link' format: \fBIN A 192.0.2.1\fP +.UNINDENT +.TP +.B echo \(aqIN HTTPS 1 . key3=\e001\e000\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Valid input with \X'tty: link https://datatracker.ietf.org/doc/html/rfc9460.html'\fI\%RFC 9460\fP\X'tty: link' syntax for an unknown \fIkey3\fP field. Syntax \fB\e001\e000\fP produces two octets with values 1 and 0, respectively. +.IP \(bu 2 +Output: \fBIN HTTPS 1 . port=256\fP +.IP \(bu 2 +\fIkey3\fP matches the standardized key name \fIport\fP\&. +.IP \(bu 2 +Octets 1 and 0 were decoded as integer values in big\-endian encoding. +.UNINDENT +.TP +.B echo \(aqIN HTTPS 1 . key3=\e001\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Invalid input \- the length of the value for \fIkey3\fP (i.e. port) does not match the known standard format for that parameter in the SVCB RRTYPE. +.UNINDENT +.TP +.B echo \(aqIN HTTPS 1 . port=\e001\e000\(aq | named\-rrchecker \-p +.INDENT 7.0 +.IP \(bu 2 +Invalid input \- the key \fIport\fP, when specified using its standard mnemonic name, \fBmust\fP use standard key\-specific syntax. +.UNINDENT +.UNINDENT +.SS Meta values +.INDENT 0.0 +.TP +.B echo \(aqIN AXFR\(aq | named\-rrchecker +.INDENT 7.0 +.IP \(bu 2 +Invalid input \- AXFR is a meta type, not a genuine RRTYPE. +.UNINDENT +.TP +.B echo \(aqANY A 192.0.2.1\(aq | named\-rrchecker +.INDENT 7.0 +.IP \(bu 2 +Invalid input \- ANY is meta class, not a true class. +.UNINDENT +.TP +.B echo \(aqA 192.0.2.1\(aq | named\-rrchecker +.INDENT 7.0 +.IP \(bu 2 +Invalid input \- the class field is missing, so the parser would try and fail to interpret the RRTYPE A as the class. +.UNINDENT +.UNINDENT +.SH RETURN CODES +.INDENT 0.0 +.TP +.B 0 +The whole input was parsed as one syntactically valid resource record. +.TP +.B 1 +The input is not a syntactically valid resource record, or the given type is not +supported, or either/both class and type are meta\-values, which should not appear in zone files. .UNINDENT .SH SEE ALSO .sp -\X'tty: link https://datatracker.ietf.org/doc/html/rfc1034.html'\fI\%RFC 1034\fP\X'tty: link', \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link', \fI\%named(8)\fP\&. +\X'tty: link https://datatracker.ietf.org/doc/html/rfc1034.html'\fI\%RFC 1034\fP\X'tty: link', \X'tty: link https://datatracker.ietf.org/doc/html/rfc1035.html'\fI\%RFC 1035\fP\X'tty: link', \X'tty: link https://datatracker.ietf.org/doc/html/rfc3957.html'\fI\%RFC 3957\fP\X'tty: link', \fI\%named(8)\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff -Nru bind9-9.18.33/doc/man/named.8in bind9-9.18.41/doc/man/named.8in --- bind9-9.18.33/doc/man/named.8in 2025-01-20 13:41:36.429268225 +0000 +++ bind9-9.18.41/doc/man/named.8in 2025-10-18 10:22:30.084524975 +0000 @@ -131,7 +131,7 @@ .TP .B \-m flag This option turns on memory usage debugging flags. Possible flags are \fBusage\fP, -\fBtrace\fP, \fBrecord\fP, \fBsize\fP, and \fBmctx\fP\&. These correspond to the +\fBtrace\fP and \fBrecord\fP\&. These correspond to the \fBISC_MEM_DEBUGXXXX\fP flags described in \fB\fP\&. .UNINDENT .INDENT 0.0 diff -Nru bind9-9.18.33/doc/man/named.conf.5in bind9-9.18.41/doc/man/named.conf.5in --- bind9-9.18.33/doc/man/named.conf.5in 2025-01-20 13:41:36.419268068 +0000 +++ bind9-9.18.41/doc/man/named.conf.5in 2025-10-18 10:22:30.076524767 +0000 @@ -355,8 +355,8 @@ tcp\-receive\-buffer ; tcp\-send\-buffer ; tkey\-dhkey ; // deprecated - tkey\-domain ; - tkey\-gssapi\-credential ; + tkey\-domain ; // deprecated + tkey\-gssapi\-credential ; // deprecated tkey\-gssapi\-keytab ; tls\-port ; transfer\-format ( many\-answers | one\-answer ); diff -Nru bind9-9.18.33/doc/misc/Makefile.in bind9-9.18.41/doc/misc/Makefile.in --- bind9-9.18.33/doc/misc/Makefile.in 2025-01-20 13:40:38.541386067 +0000 +++ bind9-9.18.41/doc/misc/Makefile.in 2025-10-18 10:21:43.327309245 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -73,6 +73,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -348,8 +350,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -584,13 +588,8 @@ $(am__aclocal_m4_deps): clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(noinst_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(noinst_PROGRAMS:$(EXEEXT)=) cfg_test$(EXEEXT): $(cfg_test_OBJECTS) $(cfg_test_DEPENDENCIES) $(EXTRA_cfg_test_DEPENDENCIES) @rm -f cfg_test$(EXEEXT) @@ -606,7 +605,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -772,21 +771,21 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) + -$(am__rm_f) $(BUILT_SOURCES) + -$(am__rm_f) $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/cfg_test-cfg_test.Po + -rm -f ./$(DEPDIR)/cfg_test-cfg_test.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -836,7 +835,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/cfg_test-cfg_test.Po + -rm -f ./$(DEPDIR)/cfg_test-cfg_test.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -926,3 +925,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/doc/misc/options bind9-9.18.41/doc/misc/options --- bind9-9.18.33/doc/misc/options 2025-01-20 13:41:26.244108555 +0000 +++ bind9-9.18.41/doc/misc/options 2025-10-18 10:22:28.765490619 +0000 @@ -299,8 +299,8 @@ tcp-receive-buffer ; tcp-send-buffer ; tkey-dhkey ; // deprecated - tkey-domain ; - tkey-gssapi-credential ; + tkey-domain ; // deprecated + tkey-gssapi-credential ; // deprecated tkey-gssapi-keytab ; tls-port ; transfer-format ( many-answers | one-answer ); diff -Nru bind9-9.18.33/doc/notes/notes-9.18.34.rst bind9-9.18.41/doc/notes/notes-9.18.34.rst --- bind9-9.18.33/doc/notes/notes-9.18.34.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.34.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,80 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.34 +---------------------- + +New Features +~~~~~~~~~~~~ + +- Print the expiration time of the stale records. + + Print the expiration time of the stale RRsets in the cache dump. + +Removed Features +~~~~~~~~~~~~~~~~ + +- Remove `--with-tuning=small/large` configuration option. + + The configuration option `--with-tuning` has been removed as it is no + longer required or desired. + +Bug Fixes +~~~~~~~~~ + +- Fix :option:`rndc flushname` for longer name server names. + + :option:`rndc flushname` did not work for name server names longer + than 16 bytes. This has been fixed. :gl:`#3885` + +- Recently expired records could be returned with a timestamp in future. + + Under rare circumstances, an RRSet that expired at the time of the + query could be returned with a TTL in the future. This has been fixed. + + As a side effect, the expiration time of expired RRSets is no longer + returned in a cache dump. :gl:`#5094` + +- YAML string not terminated in negative response in delv. + + :gl:`#5098` + +- Apply the memory limit only to ADB database items. + + Under heavy load, a resolver could exhaust the memory available for + storing the information in the Address Database (ADB), effectively + discarding previously stored information in the ADB. The memory used to + retrieve and provide information from the ADB is no longer subject to + the same memory limits that are applied to + + + the Address Database. :gl:`#5127` + +- Avoid unnecessary locking in the zone/cache database. + + Lock contention among many worker threads referring to the + same database node at the same time is now prevented. This improves zone and + cache database performance for any heavily contended database nodes. + :gl:`#5130` + +- Improve the resolver performance under attack. + + Previously, a remote client could force the DNS resolver component to consume + memory faster than resources were cleaned up for the canceled resolver + fetches, due to the `recursive-clients` limit. If such a traffic pattern + was sustained for a long period of time, the DNS server might + eventually run out of the available memory. This has been fixed. + + It should be noted that, under such a heavy attack, no outgoing DNS queries will be successful in BIND 9 + versions both with and without the fix, as the generated traffic pattern will consume all the + available slots for the recursive clients. + + diff -Nru bind9-9.18.33/doc/notes/notes-9.18.35.rst bind9-9.18.41/doc/notes/notes-9.18.35.rst --- bind9-9.18.33/doc/notes/notes-9.18.35.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.35.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,52 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.35 +---------------------- + +Bug Fixes +~~~~~~~~~ + +- Fix deferred validation of unsigned DS and DNSKEY records. + + When processing a query with the "checking disabled" bit set (CD=1), + :iscman:`named` stores the invalidated result in the cache, marked "pending". + When the same query is sent with CD=0, the cached data is validated + and either accepted as an answer, or ejected from the cache as + invalid. This deferred validation was not attempted for DS and DNSKEY + records if they had no cached signatures, causing spurious validation + failures. The deferred validation is now completed in this scenario. + + Also, if deferred validation fails, the data is now re-queried to find + out whether the zone has been corrected since the invalid data was + cached. :gl:`#5066` + +- Fix RPZ race condition during a reconfiguration. + + With RPZ in use, :iscman:`named` could terminate unexpectedly because of a + race condition when a reconfiguration command was received using + :iscman:`rndc`. This has been fixed. :gl:`#5146` + +- "CNAME and other data check" not applied to all types. + + An incorrect optimization caused "CNAME and other data" errors not to + be detected if certain types were at the same node as a CNAME. This + has been fixed. :gl:`#5150` + +- Remove NSEC/DS/NSEC3 RRSIG check from ``dns_message_parse()``. + + Previously, when parsing responses, :iscman:`named` incorrectly rejected + responses without matching RRSIG records for NSEC/DS/NSEC3 records in + the authority section. This rejection, if appropriate, should have + been left for the validator to determine and has been fixed. + :gl:`#5185` + + diff -Nru bind9-9.18.33/doc/notes/notes-9.18.36.rst bind9-9.18.41/doc/notes/notes-9.18.36.rst --- bind9-9.18.33/doc/notes/notes-9.18.36.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.36.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,57 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.36 +---------------------- + +Feature Changes +~~~~~~~~~~~~~~~ + +- Make TLS data processing more reliable in various network conditions. + + BIND now deciphers incoming TLS data before processing it, making it + more similar to the handling of TCP. This results in a more + predictable behavior, particularly when reading from the stream is + paused or resumed. Previously, this could result in an assertion + failure when using XFR over TLS (XoT). This has been fixed. + :gl:`#5247` + +Bug Fixes +~~~~~~~~~ + +- Stop caching lack of EDNS support. + + :iscman:`named` could falsely learn that a server did not support EDNS + when a spoofed response was received; that subsequently prevented + DNSSEC lookups from being made. This has been fixed. :gl:`#3949` + :gl:`#5066` + +- Fix resolver statistics counters for timed-out responses. + + When query responses timed out, the resolver could incorrectly + increase the regular response counters, even if no response was + received. This has been fixed. :gl:`#5193` + +- Don't enforce NOAUTH/NOCONF flags in DNSKEYs. + + All DNSKEY keys are able to authenticate. The ``DNS_KEYTYPE_NOAUTH`` + (and ``DNS_KEYTYPE_NOCONF``) flags were defined for the KEY rdata + type, and are not applicable to DNSKEY. Previously, however, because + the DNSKEY implementation was built on top of KEY, the ``_NOAUTH`` + flag prevented authentication in DNSKEYs as well. This has been + corrected. :gl:`#5240` + +- Fix inconsistency in CNAME/DNAME handling during resolution. + + Previously, in some cases, the resolver could return rdatasets of type + CNAME or DNAME without the result code being set to ``DNS_R_CNAME`` or + ``DNS_R_DNAME``. This could trigger an assertion failure. This has + been fixed. :gl:`#5201` diff -Nru bind9-9.18.33/doc/notes/notes-9.18.37.rst bind9-9.18.41/doc/notes/notes-9.18.37.rst --- bind9-9.18.33/doc/notes/notes-9.18.37.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.37.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,13 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.37 +---------------------- diff -Nru bind9-9.18.33/doc/notes/notes-9.18.38.rst bind9-9.18.41/doc/notes/notes-9.18.38.rst --- bind9-9.18.33/doc/notes/notes-9.18.38.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.38.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,51 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.38 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- Fix an issue when some specific queries could remain unanswered with + serve-stale enabled. + + When :iscman:`named` was running with stale answers enabled and with + the :any:`stale-answer-client-timeout` configuration option set to + ``0``, in certain situations it was possible that some queries could + remain unanswered. This has been fixed. :gl:`#5383` + +New Features +~~~~~~~~~~~~ + +- Add support for the CO flag to :iscman:`dig`. + + Add support for Compact Denial of Existence to :iscman:`dig`. This + includes showing the CO (Compact Answers OK) flag when displaying + messages and adding an option to set the CO flag when making queries + (:option:`dig +coflag`). :gl:`#5319` + +Bug Fixes +~~~~~~~~~ + +- Correct the default :any:`interface-interval` from 60s to 60m. + + When the :any:`interface-interval` parser was changed from a + ``uint32`` parser to a duration parser, the default value stayed at + plain number ``60`` which now means 60 seconds instead of 60 minutes. + The documentation also incorrectly states that the value is in + minutes. That has been fixed. :gl:`#5246` + +- Fix a :any:`purge-keys` bug when using multiple views of a zone. + + Previously, when a DNSSEC key was purged by one zone view, other zone + views would return an error about missing key files. This has been + fixed. :gl:`#5315` diff -Nru bind9-9.18.33/doc/notes/notes-9.18.39.rst bind9-9.18.41/doc/notes/notes-9.18.39.rst --- bind9-9.18.33/doc/notes/notes-9.18.39.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.39.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,66 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.39 +---------------------- + +New Features +~~~~~~~~~~~~ + +- Support for parsing the DSYNC record has been added. + + :gl:`#5440` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS digest + type 1. + + RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated + by the IETF and should no longer be used for DNSSEC. DS digest type 1 + (SHA1) has also been deprecated in BIND 9. Validators are now expected to treat + these algorithms and digest as unknown, resulting in some zones being + treated as insecure when they were previously treated as secure. + Warnings have been added to :iscman:`named` and tools when these algorithms and + this digest are being used for signing. + + Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated to a + different DNSKEY algorithm. + + Zones with DS or CDS records with digest type 1 (SHA1) should be + updated to use a different digest type (e.g. SHA256) and the digest + type 1 records should be removed. :gl:`#5358` + +Bug Fixes +~~~~~~~~~ + +- Clean enough memory when adding new ADB names/entries under memory + pressure. + + The ADB memory cleaning is opportunistic even when BIND is under memory + pressure (in the overmem condition). The opportunistic LRU + cleaning and overmem cleaning have been split, and the overmem cleaning always + cleans up double of the newly allocated adbname/adbentry to ensure we + never allocate more memory than the assigned limit. :gl:`!10637` + +- Rescan the interfaces again when reconfiguring the server. + + Previously on FreeBSD, the server did not listen on the configured ``localhost`` + interfaces immediately, but only after the ``interface-interval`` period + had passed. After an earlier fix, the server would listen on the ``localhost`` after + 60 minutes. + + Now, the interfaces are rescanned immediately after configuring the + ``interface-interval`` value and begin listening on the ``localhost`` + interface immediately. :gl:`!10758` + + diff -Nru bind9-9.18.33/doc/notes/notes-9.18.40.rst bind9-9.18.41/doc/notes/notes-9.18.40.rst --- bind9-9.18.33/doc/notes/notes-9.18.40.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.40.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,18 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.40 +---------------------- + +.. note:: + + The BIND 9.18.40 release was withdrawn after the discovery of a + regression in a security fix in it during pre-release testing. diff -Nru bind9-9.18.33/doc/notes/notes-9.18.41.rst bind9-9.18.41/doc/notes/notes-9.18.41.rst --- bind9-9.18.33/doc/notes/notes-9.18.41.rst 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/doc/notes/notes-9.18.41.rst 2025-10-18 10:21:03.087259677 +0000 @@ -0,0 +1,106 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.41 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- DNSSEC validation fails if matching but invalid DNSKEY is found. + :cve:`2025-8677` + + Previously, if a matching but cryptographically invalid key was + encountered during DNSSEC validation, the key was skipped and not + counted towards validation failures. :iscman:`named` now treats such + DNSSEC keys as hard failures and the DNSSEC validation fails + immediately, instead of continuing with the next DNSKEYs in the RRset. + + ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One + Security and Privacy Laboratory at Nankai University for bringing this + vulnerability to our attention. :gl:`#5343` + +- Address various spoofing attacks. :cve:`2025-40778` + + Previously, several issues could be exploited to poison a DNS cache + with spoofed records for zones which were not DNSSEC-signed or if the + resolver was configured to not do DNSSEC validation. These issues were + assigned CVE-2025-40778 and have now been fixed. + + As an additional layer of protection, :iscman:`named` no longer + accepts DNAME records or extraneous NS records in the AUTHORITY + section unless these are received via spoofing-resistant transport + (TCP, UDP with DNS cookies, TSIG, or SIG(0)). + + ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin + Duan from Tsinghua University for bringing this vulnerability to our + attention. :gl:`#5414` + +- Cache-poisoning due to weak pseudo-random number generator. + :cve:`2025-40780` + + It was discovered during research for an upcoming academic paper that + a xoshiro128\*\* internal state can be recovered by an external 3rd + party, allowing the prediction of UDP ports and DNS IDs in outgoing + queries. This could lead to an attacker spoofing the DNS answers with + great efficiency and poisoning the DNS cache. + + The internal random generator has been changed to a cryptographically + secure pseudo-random generator. + + ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from + Hebrew University of Jerusalem for bringing this vulnerability to our + attention. :gl:`#5484` + +New Features +~~~~~~~~~~~~ + +- Support for parsing HHIT and BRID records has been added. + + :gl:`#5444` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Deprecate the "tkey-domain" statement. + + Mark the :any:`tkey-domain` statement as deprecated since it is only + used by code implementing TKEY Mode 2 (Diffie-Hellman), which was + removed from newer BIND 9 branches. :gl:`#4204` + +- Deprecate the "tkey-gssapi-credential" statement. + + The :any:`tkey-gssapi-keytab` statement allows GSS-TSIG to be set up + in a simpler and more reliable way than using the + :any:`tkey-gssapi-credential` statement and setting environment + variables (e.g. ``KRB5_KTNAME``). Therefore, the + :any:`tkey-gssapi-credential` statement has been deprecated; + :any:`tkey-gssapi-keytab` should be used instead. + + For configurations currently using a combination of both + :any:`tkey-gssapi-keytab` *and* :any:`tkey-gssapi-credential`, the + latter should be dropped and the keytab pointed to by + :any:`tkey-gssapi-keytab` should now only contain the credential + previously specified by :any:`tkey-gssapi-credential`. :gl:`#4204` + +Bug Fixes +~~~~~~~~~ + +- Prevent spurious SERVFAILs for certain 0-TTL resource records. + + Under certain circumstances, BIND 9 can return SERVFAIL when updating + existing entries in the cache with new NS, A, AAAA, or DS records that have a + TTL of zero. :gl:`#5294` + +- Missing DNSSEC information when CD bit is set in query. + + The RRSIGs for glue records were not being cached correctly for CD=1 + queries. This has been fixed. :gl:`#5502` diff -Nru bind9-9.18.33/fuzz/Makefile.in bind9-9.18.41/fuzz/Makefile.in --- bind9-9.18.33/fuzz/Makefile.in 2025-01-20 13:40:38.580386681 +0000 +++ bind9-9.18.41/fuzz/Makefile.in 2025-10-18 10:21:43.371310383 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -72,6 +72,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -294,10 +296,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__recheck_rx = ^[ ]*:recheck:[ ]* am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* @@ -385,6 +386,7 @@ # Default flags passed to test drivers. am__common_driver_flags = \ --color-tests "$$am__color_tests" \ + $$am__collect_skipped_logs \ --enable-hard-errors "$$am__enable_hard_errors" \ --expect-failure "$$am__expect_failure" # To be inserted before the command running the test. Creates the @@ -409,6 +411,11 @@ elif test -f "$$f"; then dir=; \ else dir="$(srcdir)/"; fi; \ tst=$$dir$$f; log='$@'; \ +if test -n '$(IGNORE_SKIPPED_LOGS)'; then \ + am__collect_skipped_logs='--collect-skipped-logs no'; \ +else \ + am__collect_skipped_logs=''; \ +fi; \ if test -n '$(DISABLE_HARD_ERRORS)'; then \ am__enable_hard_errors=no; \ else \ @@ -609,8 +616,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -769,24 +778,17 @@ $(am__aclocal_m4_deps): clean-checkPROGRAMS: - @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list + $(am__rm_f) $(check_PROGRAMS) + test -z "$(EXEEXT)" || $(am__rm_f) $(check_PROGRAMS:$(EXEEXT)=) clean-checkLTLIBRARIES: - -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES) + -$(am__rm_f) $(check_LTLIBRARIES) @list='$(check_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libfuzzmain.la: $(libfuzzmain_la_OBJECTS) $(libfuzzmain_la_DEPENDENCIES) $(EXTRA_libfuzzmain_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libfuzzmain_la_OBJECTS) $(libfuzzmain_la_LIBADD) $(LIBS) @@ -841,7 +843,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -943,7 +945,6 @@ am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) am--force-recheck: @: - $(TEST_SUITE_LOG): $(TEST_LOGS) @$(am__set_TESTS_bases); \ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ @@ -1019,10 +1020,37 @@ result_count $$1 "XPASS:" $$xpass "$$red"; \ result_count $$1 "ERROR:" $$error "$$mgn"; \ }; \ + output_system_information () \ + { \ + echo; \ + { uname -a | $(AWK) '{ \ + printf "System information (uname -a):"; \ + for (i = 1; i < NF; ++i) \ + { \ + if (i != 2) \ + printf " %s", $$i; \ + } \ + printf "\n"; \ +}'; } 2>&1; \ + if test -r /etc/os-release; then \ + echo "Distribution information (/etc/os-release):"; \ + sed 8q /etc/os-release; \ + elif test -r /etc/issue; then \ + echo "Distribution information (/etc/issue):"; \ + cat /etc/issue; \ + fi; \ + }; \ + please_report () \ + { \ +echo "Some test(s) failed. Please report this to $(PACKAGE_BUGREPORT),"; \ +echo "together with the test-suite.log file (gzipped) and your system"; \ +echo "information. Thanks."; \ + }; \ { \ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ $(am__rst_title); \ create_testsuite_report --no-color; \ + output_system_information; \ echo; \ echo ".. contents:: :depth: 2"; \ echo; \ @@ -1042,26 +1070,25 @@ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ if $$success; then :; else \ - echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG) for debugging.$${std}";\ if test -n "$(PACKAGE_BUGREPORT)"; then \ - echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + please_report | sed -e "s/^/$${col}/" -e s/'$$'/"$${std}"/; \ fi; \ echo "$$col$$br$$std"; \ fi; \ $$success || exit 1 check-TESTS: $(check_PROGRAMS) $(check_LTLIBRARIES) - @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list - @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @$(am__rm_f) $(RECHECK_LOGS) + @$(am__rm_f) $(RECHECK_LOGS:.log=.trs) + @$(am__rm_f) $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ log_list=`for i in $$bases; do echo $$i.log; done`; \ - trs_list=`for i in $$bases; do echo $$i.trs; done`; \ - log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + log_list=`echo $$log_list`; \ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ exit $$?; recheck: all $(check_PROGRAMS) $(check_LTLIBRARIES) - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @$(am__rm_f) $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ bases=`for i in $$bases; do echo $$i; done \ | $(am__list_recheck_tests)` || exit 1; \ @@ -1200,15 +1227,15 @@ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: - -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) - -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) - -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + -$(am__rm_f) $(TEST_LOGS) + -$(am__rm_f) $(TEST_LOGS:.log=.trs) + -$(am__rm_f) $(TEST_SUITE_LOG) clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -1219,7 +1246,7 @@ clean-libtool mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/dns_master_load.Po + -rm -f ./$(DEPDIR)/dns_master_load.Po -rm -f ./$(DEPDIR)/dns_message_checksig.Po -rm -f ./$(DEPDIR)/dns_message_parse.Po -rm -f ./$(DEPDIR)/dns_name_fromtext_target.Po @@ -1277,7 +1304,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/dns_master_load.Po + -rm -f ./$(DEPDIR)/dns_master_load.Po -rm -f ./$(DEPDIR)/dns_message_checksig.Po -rm -f ./$(DEPDIR)/dns_message_parse.Po -rm -f ./$(DEPDIR)/dns_name_fromtext_target.Po @@ -1338,3 +1365,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/install-sh bind9-9.18.41/install-sh --- bind9-9.18.33/install-sh 2025-01-20 13:40:37.994377448 +0000 +++ bind9-9.18.41/install-sh 2025-10-18 10:21:42.719293519 +0000 @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2020-11-14.01; # UTC +scriptversion=2024-06-19.01; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -124,9 +124,9 @@ If -S is not specified, no backups are attempted. -Email bug reports to bug-automake@gnu.org. -Automake home page: https://www.gnu.org/software/automake/ -" +Report bugs to . +GNU Automake home page: . +General help using GNU software: ." while test $# -ne 0; do case $1 in @@ -170,7 +170,7 @@ -T) is_target_a_directory=never;; - --version) echo "$0 $scriptversion"; exit $?;; + --version) echo "$0 (GNU Automake) $scriptversion"; exit $?;; --) shift break;; @@ -345,7 +345,7 @@ ' 0 # Because "mkdir -p" follows existing symlinks and we likely work - # directly in world-writeable /tmp, make sure that the '$tmpdir' + # directly in world-writable /tmp, make sure that the '$tmpdir' # directory is successfully created first before we actually test # 'mkdir -p'. if (umask $mkdir_umask && @@ -353,7 +353,7 @@ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 then if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. + # Check for POSIX incompatibility with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. diff -Nru bind9-9.18.33/lib/Makefile.in bind9-9.18.41/lib/Makefile.in --- bind9-9.18.33/lib/Makefile.in 2025-01-20 13:40:38.597386949 +0000 +++ bind9-9.18.41/lib/Makefile.in 2025-10-18 10:21:43.389310848 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -72,6 +72,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -350,8 +352,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -689,8 +693,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -795,3 +799,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/bind9/Makefile.in bind9-9.18.41/lib/bind9/Makefile.in --- bind9-9.18.33/lib/bind9/Makefile.in 2025-01-20 13:40:38.624387374 +0000 +++ bind9-9.18.41/lib/bind9/Makefile.in 2025-10-18 10:21:43.421311676 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -143,10 +145,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libbind9_ladir)" LTLIBRARIES = $(lib_LTLIBRARIES) @@ -385,8 +386,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -579,15 +582,13 @@ done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libbind9.la: $(libbind9_la_OBJECTS) $(libbind9_la_DEPENDENCIES) $(EXTRA_libbind9_la_DEPENDENCIES) $(AM_V_CCLD)$(libbind9_la_LINK) -rpath $(libdir) $(libbind9_la_OBJECTS) $(libbind9_la_LIBADD) $(LIBS) @@ -603,7 +604,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -790,8 +791,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -802,7 +803,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libbind9_la-check.Plo + -rm -f ./$(DEPDIR)/libbind9_la-check.Plo -rm -f ./$(DEPDIR)/libbind9_la-getaddresses.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ @@ -853,7 +854,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libbind9_la-check.Plo + -rm -f ./$(DEPDIR)/libbind9_la-check.Plo -rm -f ./$(DEPDIR)/libbind9_la-getaddresses.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -906,3 +907,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/dns/Makefile.am bind9-9.18.41/lib/dns/Makefile.am --- bind9-9.18.33/lib/dns/Makefile.am 2025-01-20 13:39:31.244356654 +0000 +++ bind9-9.18.41/lib/dns/Makefile.am 2025-10-18 10:21:03.121260586 +0000 @@ -67,9 +67,10 @@ include/dns/dns64.h \ include/dns/dnsrps.h \ include/dns/dnssec.h \ + include/dns/dnstap.h \ include/dns/ds.h \ include/dns/dsdigest.h \ - include/dns/dnstap.h \ + include/dns/dsync.h \ include/dns/dyndb.h \ include/dns/ecs.h \ include/dns/edns.h \ @@ -87,8 +88,8 @@ include/dns/keytable.h \ include/dns/keyvalues.h \ include/dns/librpz.h \ - include/dns/lookup.h \ include/dns/log.h \ + include/dns/lookup.h \ include/dns/master.h \ include/dns/masterdump.h \ include/dns/message.h \ @@ -125,8 +126,8 @@ include/dns/ssu.h \ include/dns/stats.h \ include/dns/time.h \ - include/dns/transport.h \ include/dns/tkey.h \ + include/dns/transport.h \ include/dns/tsec.h \ include/dns/tsig.h \ include/dns/ttl.h \ diff -Nru bind9-9.18.33/lib/dns/Makefile.in bind9-9.18.41/lib/dns/Makefile.in --- bind9-9.18.33/lib/dns/Makefile.in 2025-01-20 13:40:38.743389249 +0000 +++ bind9-9.18.41/lib/dns/Makefile.in 2025-10-18 10:21:43.545314883 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -185,10 +187,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(dstdir)" \ "$(DESTDIR)$(libdns_ladir)" "$(DESTDIR)$(libdns_ladir)" @@ -218,8 +219,8 @@ include/dns/db.h include/dns/dbiterator.h include/dns/diff.h \ include/dns/dispatch.h include/dns/dlz.h \ include/dns/dlz_dlopen.h include/dns/dns64.h \ - include/dns/dnsrps.h include/dns/dnssec.h include/dns/ds.h \ - include/dns/dsdigest.h include/dns/dnstap.h \ + include/dns/dnsrps.h include/dns/dnssec.h include/dns/dnstap.h \ + include/dns/ds.h include/dns/dsdigest.h include/dns/dsync.h \ include/dns/dyndb.h include/dns/ecs.h include/dns/edns.h \ include/dns/events.h include/dns/fixedname.h \ include/dns/forward.h include/dns/geoip.h \ @@ -227,7 +228,7 @@ include/dns/journal.h include/dns/kasp.h include/dns/keydata.h \ include/dns/keyflags.h include/dns/keymgr.h \ include/dns/keytable.h include/dns/keyvalues.h \ - include/dns/librpz.h include/dns/lookup.h include/dns/log.h \ + include/dns/librpz.h include/dns/log.h include/dns/lookup.h \ include/dns/master.h include/dns/masterdump.h \ include/dns/message.h include/dns/name.h include/dns/ncache.h \ include/dns/nsec.h include/dns/nsec3.h include/dns/nta.h \ @@ -242,7 +243,7 @@ include/dns/rriterator.h include/dns/rrl.h include/dns/sdb.h \ include/dns/sdlz.h include/dns/secalg.h include/dns/secproto.h \ include/dns/soa.h include/dns/ssu.h include/dns/stats.h \ - include/dns/time.h include/dns/transport.h include/dns/tkey.h \ + include/dns/time.h include/dns/tkey.h include/dns/transport.h \ include/dns/tsec.h include/dns/tsig.h include/dns/ttl.h \ include/dns/types.h include/dns/update.h \ include/dns/validator.h include/dns/view.h include/dns/xfrin.h \ @@ -609,8 +610,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -763,9 +766,10 @@ include/dns/dns64.h \ include/dns/dnsrps.h \ include/dns/dnssec.h \ + include/dns/dnstap.h \ include/dns/ds.h \ include/dns/dsdigest.h \ - include/dns/dnstap.h \ + include/dns/dsync.h \ include/dns/dyndb.h \ include/dns/ecs.h \ include/dns/edns.h \ @@ -783,8 +787,8 @@ include/dns/keytable.h \ include/dns/keyvalues.h \ include/dns/librpz.h \ - include/dns/lookup.h \ include/dns/log.h \ + include/dns/lookup.h \ include/dns/master.h \ include/dns/masterdump.h \ include/dns/message.h \ @@ -821,8 +825,8 @@ include/dns/ssu.h \ include/dns/stats.h \ include/dns/time.h \ - include/dns/transport.h \ include/dns/tkey.h \ + include/dns/transport.h \ include/dns/tsec.h \ include/dns/tsig.h \ include/dns/ttl.h \ @@ -931,15 +935,13 @@ done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libdns.la: $(libdns_la_OBJECTS) $(libdns_la_DEPENDENCIES) $(EXTRA_libdns_la_DEPENDENCIES) $(AM_V_CCLD)$(libdns_la_LINK) -rpath $(libdir) $(libdns_la_OBJECTS) $(libdns_la_LIBADD) $(LIBS) @@ -1046,7 +1048,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -1913,23 +1915,23 @@ mostlyclean-generic: clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + -$(am__rm_f) $(CLEANFILES) distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." - -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) + -$(am__rm_f) $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libdns_la-acl.Plo + -rm -f ./$(DEPDIR)/libdns_la-acl.Plo -rm -f ./$(DEPDIR)/libdns_la-adb.Plo -rm -f ./$(DEPDIR)/libdns_la-badcache.Plo -rm -f ./$(DEPDIR)/libdns_la-byaddr.Plo @@ -2072,7 +2074,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libdns_la-acl.Plo + -rm -f ./$(DEPDIR)/libdns_la-acl.Plo -rm -f ./$(DEPDIR)/libdns_la-adb.Plo -rm -f ./$(DEPDIR)/libdns_la-badcache.Plo -rm -f ./$(DEPDIR)/libdns_la-byaddr.Plo @@ -2242,3 +2244,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/dns/adb.c bind9-9.18.41/lib/dns/adb.c --- bind9-9.18.33/lib/dns/adb.c 2025-01-20 13:39:31.245356672 +0000 +++ bind9-9.18.41/lib/dns/adb.c 2025-10-18 10:21:03.121260586 +0000 @@ -338,6 +338,8 @@ static bool check_expire_entry(dns_adb_t *, dns_adbentry_t **, isc_stdtime_t); static void +check_overmem_entries(dns_adb_t *adb, int bucket); +static void cancel_fetches_at_name(dns_adbname_t *); static isc_result_t dbfind_name(dns_adbname_t *, isc_stdtime_t, dns_rdatatype_t); @@ -718,21 +720,21 @@ cleanup: if (newentries != NULL) { - isc_mem_put(adb->mctx, newentries, sizeof(*newentries) * n); + isc_mem_put(adb->hmctx, newentries, sizeof(*newentries) * n); } if (newdeadentries != NULL) { - isc_mem_put(adb->mctx, newdeadentries, + isc_mem_put(adb->hmctx, newdeadentries, sizeof(*newdeadentries) * n); } if (newentrylocks != NULL) { - isc_mem_put(adb->mctx, newentrylocks, + isc_mem_put(adb->hmctx, newentrylocks, sizeof(*newentrylocks) * n); } if (newentry_sd != NULL) { - isc_mem_put(adb->mctx, newentry_sd, sizeof(*newentry_sd) * n); + isc_mem_put(adb->hmctx, newentry_sd, sizeof(*newentry_sd) * n); } if (newentry_refcnt != NULL) { - isc_mem_put(adb->mctx, newentry_refcnt, + isc_mem_put(adb->hmctx, newentry_refcnt, sizeof(*newentry_refcnt) * n); } done: @@ -1195,25 +1197,8 @@ */ static void link_entry(dns_adb_t *adb, int bucket, dns_adbentry_t *entry) { - int i; - dns_adbentry_t *e; - if (isc_mem_isovermem(adb->mctx)) { - for (i = 0; i < 2; i++) { - e = ISC_LIST_TAIL(adb->entries[bucket]); - if (e == NULL) { - break; - } - if (e->refcnt == 0) { - unlink_entry(adb, e); - free_adbentry(adb, &e); - continue; - } - INSIST((e->flags & ENTRY_IS_DEAD) == 0); - e->flags |= ENTRY_IS_DEAD; - ISC_LIST_UNLINK(adb->entries[bucket], e, plink); - ISC_LIST_PREPEND(adb->deadentries[bucket], e, plink); - } + check_overmem_entries(adb, bucket); } ISC_LIST_PREPEND(adb->entries[bucket], entry, plink); @@ -1929,7 +1914,7 @@ new_adbfind(dns_adb_t *adb) { dns_adbfind_t *h; - h = isc_mem_get(adb->mctx, sizeof(*h)); + h = isc_mem_get(adb->hmctx, sizeof(*h)); isc_refcount_increment0(&adb->ahrefcnt); /* @@ -1965,7 +1950,7 @@ new_adbfetch(dns_adb_t *adb) { dns_adbfetch_t *f; - f = isc_mem_get(adb->mctx, sizeof(*f)); + f = isc_mem_get(adb->hmctx, sizeof(*f)); f->magic = 0; f->fetch = NULL; @@ -1991,7 +1976,7 @@ dns_rdataset_disassociate(&f->rdataset); } - isc_mem_put(adb->mctx, f, sizeof(*f)); + isc_mem_put(adb->hmctx, f, sizeof(*f)); } static bool @@ -2013,7 +1998,7 @@ isc_mutex_destroy(&find->lock); isc_refcount_decrement(&adb->ahrefcnt); - isc_mem_put(adb->mctx, find, sizeof(*find)); + isc_mem_put(adb->hmctx, find, sizeof(*find)); return dec_adb_irefcnt(adb); } @@ -2026,7 +2011,7 @@ new_adbaddrinfo(dns_adb_t *adb, dns_adbentry_t *entry, in_port_t port) { dns_adbaddrinfo_t *ai; - ai = isc_mem_get(adb->mctx, sizeof(*ai)); + ai = isc_mem_get(adb->hmctx, sizeof(*ai)); ai->magic = DNS_ADBADDRINFO_MAGIC; ai->sockaddr = entry->sockaddr; @@ -2052,7 +2037,7 @@ ai->magic = 0; - isc_mem_put(adb->mctx, ai, sizeof(*ai)); + isc_mem_put(adb->hmctx, ai, sizeof(*ai)); } /* @@ -2365,15 +2350,10 @@ */ static void check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) { - int victims, max_victims; - dns_adbname_t *victim, *next_victim; - bool overmem = isc_mem_isovermem(adb->mctx); - int scans = 0; + dns_adbname_t *victim; INSIST(bucket != DNS_ADB_INVALIDBUCKET); - max_victims = overmem ? 2 : 1; - /* * We limit the number of scanned entries to 10 (arbitrary choice) * in order to avoid examining too many entries when there are many @@ -2381,16 +2361,46 @@ * happen). */ victim = ISC_LIST_TAIL(adb->names[bucket]); - for (victims = 0; victim != NULL && victims < max_victims && scans < 10; + if (victim == NULL) { + return; + } + + (void)check_expire_name(&victim, now); + if (victim == NULL) { + return; + } + + /* + * Make sure that we are not purging ADB names that has been + * just created. + */ + if (victim->last_used + ADB_CACHE_MINIMUM >= now) { + return; + } + + if (!NAME_FETCH(victim) && victim->last_used + ADB_STALE_MARGIN <= now) + { + RUNTIME_CHECK(!kill_name(&victim, DNS_EVENT_ADBCANCELED)); + } +} + +static void +check_overmem_names(dns_adb_t *adb, int bucket, isc_stdtime_t now) { + int victims, max_victims = 2; + dns_adbname_t *victim, *next_victim; + + INSIST(bucket != DNS_ADB_INVALIDBUCKET); + + victim = ISC_LIST_TAIL(adb->names[bucket]); + for (victims = 0; victim != NULL && victims < max_victims; victim = next_victim) { INSIST(!NAME_DEAD(victim)); - scans++; next_victim = ISC_LIST_PREV(victim, plink); (void)check_expire_name(&victim, now); if (victim == NULL) { victims++; - goto next; + continue; } /* @@ -2402,16 +2412,36 @@ } if (!NAME_FETCH(victim) && - (overmem || victim->last_used + ADB_STALE_MARGIN <= now)) + victim->last_used + ADB_STALE_MARGIN <= now) { RUNTIME_CHECK( !kill_name(&victim, DNS_EVENT_ADBCANCELED)); victims++; } + } +} - next: - if (!overmem) { - break; +static void +check_overmem_entries(dns_adb_t *adb, int bucket) { + int victims, max_victims = 2; + dns_adbentry_t *victim, *next_victim; + + victim = ISC_LIST_TAIL(adb->entries[bucket]); + for (victims = 0; victim != NULL && victims < max_victims; + victim = next_victim) + { + next_victim = ISC_LIST_PREV(victim, plink); + + if (victim->refcnt == 0) { + unlink_entry(adb, victim); + free_adbentry(adb, &victim); + victims++; + } else { + INSIST((victim->flags & ENTRY_IS_DEAD) == 0); + victim->flags |= ENTRY_IS_DEAD; + ISC_LIST_UNLINK(adb->entries[bucket], victim, plink); + ISC_LIST_PREPEND(adb->deadentries[bucket], victim, + plink); } } } @@ -2635,7 +2665,7 @@ isc_mutex_init(&adb->namescntlock); isc_mem_create(&adb->hmctx); - isc_mem_setname(adb->hmctx, "ADB_hashmaps"); + isc_mem_setname(adb->hmctx, "ADB_dynamic"); #define ALLOCENTRY(adb, el) \ do { \ @@ -3011,7 +3041,11 @@ * See if there is any stale name at the end of list, and purge * it if so. */ - check_stale_name(adb, bucket, now); + if (isc_mem_isovermem(adb->mctx)) { + check_overmem_names(adb, bucket, now); + } else { + check_stale_name(adb, bucket, now); + } adbname = new_adbname(adb, name); link_name(adb, bucket, adbname); @@ -3743,12 +3777,11 @@ * any matching static-stub zone without looking into the cache to honor * the configuration on which server we should send queries to. */ - result = - dns_view_find(adb->view, &adbname->name, rdtype, now, - NAME_GLUEOK(adbname) ? DNS_DBFIND_GLUEOK : 0, - NAME_HINTOK(adbname), - ((adbname->flags & DNS_ADBFIND_STARTATZONE) != 0), - NULL, NULL, fname, &rdataset, NULL); + result = dns_view_find(adb->view, &adbname->name, rdtype, now, + NAME_GLUEOK(adbname) ? DNS_DBFIND_GLUEOK : 0, + NAME_HINTOK(adbname), + (adbname->flags & DNS_ADBFIND_STARTATZONE) != 0, + NULL, NULL, fname, &rdataset, NULL); /* XXXVIX this switch statement is too sparse to gen a jump table. */ switch (result) { @@ -4631,7 +4664,7 @@ REQUIRE(name != NULL); LOCK(&adb->lock); - bucket = dns_name_hash(name, false) % adb->nnames; + bucket = dns_name_fullhash(name, false) % adb->nnames; LOCK(&adb->namelocks[bucket]); adbname = ISC_LIST_HEAD(adb->names[bucket]); while (adbname != NULL) { diff -Nru bind9-9.18.33/lib/dns/byaddr.c bind9-9.18.41/lib/dns/byaddr.c --- bind9-9.18.33/lib/dns/byaddr.c 2025-01-20 13:39:31.245356672 +0000 +++ bind9-9.18.41/lib/dns/byaddr.c 2025-10-18 10:21:03.122260613 +0000 @@ -63,10 +63,10 @@ if (address->family == AF_INET) { (void)snprintf(textname, sizeof(textname), "%u.%u.%u.%u.in-addr.arpa.", - ((unsigned int)bytes[3] & 0xffU), - ((unsigned int)bytes[2] & 0xffU), - ((unsigned int)bytes[1] & 0xffU), - ((unsigned int)bytes[0] & 0xffU)); + (unsigned int)bytes[3] & 0xffU, + (unsigned int)bytes[2] & 0xffU, + (unsigned int)bytes[1] & 0xffU, + (unsigned int)bytes[0] & 0xffU); } else if (address->family == AF_INET6) { size_t remaining; diff -Nru bind9-9.18.33/lib/dns/client.c bind9-9.18.41/lib/dns/client.c --- bind9-9.18.33/lib/dns/client.c 2025-01-20 13:39:31.246356689 +0000 +++ bind9-9.18.41/lib/dns/client.c 2025-10-18 10:21:03.123260640 +0000 @@ -60,12 +60,6 @@ #define UCTX_MAGIC ISC_MAGIC('U', 'c', 't', 'x') #define UCTX_VALID(c) ISC_MAGIC_VALID(c, UCTX_MAGIC) -#ifdef TUNE_LARGE -#define RESOLVER_NTASKS 523 -#else /* ifdef TUNE_LARGE */ -#define RESOLVER_NTASKS 31 -#endif /* TUNE_LARGE */ - #define CHECK(r) \ do { \ result = (r); \ @@ -332,9 +326,8 @@ isc_refcount_init(&client->references, 1); /* Create the default view for class IN */ - result = createview(mctx, dns_rdataclass_in, taskmgr, RESOLVER_NTASKS, - nm, timermgr, client->dispatchmgr, dispatchv4, - dispatchv6, &view); + result = createview(mctx, dns_rdataclass_in, taskmgr, 1, nm, timermgr, + client->dispatchmgr, dispatchv4, dispatchv6, &view); if (result != ISC_R_SUCCESS) { goto cleanup_references; } diff -Nru bind9-9.18.33/lib/dns/dispatch.c bind9-9.18.41/lib/dns/dispatch.c --- bind9-9.18.33/lib/dns/dispatch.c 2025-01-20 13:39:31.247356707 +0000 +++ bind9-9.18.41/lib/dns/dispatch.c 2025-10-18 10:21:03.124260666 +0000 @@ -582,7 +582,7 @@ dispentry_log(resp, LVL(92), "got valid DNS message header, /QR %c, id %u", - (((flags & DNS_MESSAGEFLAG_QR) != 0) ? '1' : '0'), id); + ((flags & DNS_MESSAGEFLAG_QR) != 0) ? '1' : '0', id); /* * Look at the message flags. If it's a query, ignore it. @@ -681,7 +681,7 @@ dispatch_log(disp, LVL(92), "got valid DNS message header, /QR %c, id %u", - (((flags & DNS_MESSAGEFLAG_QR) != 0) ? '1' : '0'), id); + ((flags & DNS_MESSAGEFLAG_QR) != 0) ? '1' : '0', id); /* * Look at the message flags. If it's a query, ignore it and keep diff -Nru bind9-9.18.33/lib/dns/dnsrps.c bind9-9.18.41/lib/dns/dnsrps.c --- bind9-9.18.33/lib/dns/dnsrps.c 2025-01-20 13:39:31.247356707 +0000 +++ bind9-9.18.41/lib/dns/dnsrps.c 2025-10-18 10:21:03.124260666 +0000 @@ -995,7 +995,7 @@ NULL, NULL, NULL, - NULL + NULL, }; static dns_rdatasetitermethods_t rpsdb_rdatasetiter_methods = { diff -Nru bind9-9.18.33/lib/dns/dnssec.c bind9-9.18.41/lib/dns/dnssec.c --- bind9-9.18.33/lib/dns/dnssec.c 2025-01-20 13:39:31.248356725 +0000 +++ bind9-9.18.41/lib/dns/dnssec.c 2025-10-18 10:21:03.124260666 +0000 @@ -194,7 +194,6 @@ isc_result_t ret; isc_buffer_t *databuf = NULL; char data[256 + 8]; - uint32_t flags; unsigned int sigsize; dns_fixedname_t fnewname; dns_fixedname_t fsigner; @@ -212,17 +211,6 @@ return DNS_R_INVALIDTIME; } - /* - * Is the key allowed to sign data? - */ - flags = dst_key_flags(key); - if ((flags & DNS_KEYTYPE_NOAUTH) != 0) { - return DNS_R_KEYUNAUTHORIZED; - } - if ((flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) { - return DNS_R_KEYUNAUTHORIZED; - } - sig.mctx = mctx; sig.common.rdclass = set->rdclass; sig.common.rdtype = dns_rdatatype_rrsig; @@ -385,7 +373,6 @@ unsigned char data[300]; dst_context_t *ctx = NULL; int labels = 0; - uint32_t flags; bool downcase = false; REQUIRE(name != NULL); @@ -424,7 +411,7 @@ } /* - * NS, SOA and DNSSKEY records are signed by their owner. + * NS, SOA and DNSKEY records are signed by their owner. * DS records are signed by the parent. */ switch (set->type) { @@ -450,19 +437,6 @@ break; } - /* - * Is the key allowed to sign data? - */ - flags = dst_key_flags(key); - if ((flags & DNS_KEYTYPE_NOAUTH) != 0) { - inc_stat(dns_dnssecstats_fail); - return DNS_R_KEYUNAUTHORIZED; - } - if ((flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) { - inc_stat(dns_dnssecstats_fail); - return DNS_R_KEYUNAUTHORIZED; - } - again: ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, false, maxbits, &ctx); @@ -841,8 +815,8 @@ result2 = dst_key_getfilename( dst_key_name(pubkey), dst_key_id(pubkey), dst_key_alg(pubkey), - (DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | - DST_TYPE_STATE), + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | + DST_TYPE_STATE, directory, mctx, &buf); if (result2 != ISC_R_SUCCESS) { char namebuf[DNS_NAME_FORMATSIZE]; @@ -1687,9 +1661,7 @@ RETERR(dns_dnssec_keyfromrdata(origin, &rdata, mctx, &dnskey)); dst_key_setttl(dnskey, keys.ttl); - if (!is_zone_key(dnskey) || - (dst_key_flags(dnskey) & DNS_KEYTYPE_NOAUTH) != 0) - { + if (!is_zone_key(dnskey)) { goto skip; } @@ -1706,7 +1678,7 @@ /* Try to read the public key. */ result = dst_key_fromfile( dst_key_name(dnskey), dst_key_id(dnskey), - dst_key_alg(dnskey), (DST_TYPE_PUBLIC | DST_TYPE_STATE), + dst_key_alg(dnskey), DST_TYPE_PUBLIC | DST_TYPE_STATE, directory, mctx, &pubkey); if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) { result = ISC_R_SUCCESS; @@ -1717,7 +1689,7 @@ result = dst_key_fromfile( dst_key_name(dnskey), dst_key_id(dnskey), dst_key_alg(dnskey), - (DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_STATE), + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_STATE, directory, mctx, &privkey); /* @@ -1734,8 +1706,8 @@ result = dst_key_fromfile( dst_key_name(dnskey), dst_key_id(dnskey), dst_key_alg(dnskey), - (DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | - DST_TYPE_STATE), + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | + DST_TYPE_STATE, directory, mctx, &privkey); if (result == ISC_R_SUCCESS && dst_key_pubcompare(dnskey, privkey, false)) @@ -1757,8 +1729,8 @@ result2 = dst_key_getfilename( dst_key_name(dnskey), dst_key_id(dnskey), dst_key_alg(dnskey), - (DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | - DST_TYPE_STATE), + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | + DST_TYPE_STATE, directory, mctx, &buf); if (result2 != ISC_R_SUCCESS) { char namebuf[DNS_NAME_FORMATSIZE]; @@ -1792,11 +1764,6 @@ } RETERR(result); - /* This should never happen. */ - if ((dst_key_flags(privkey) & DNS_KEYTYPE_NOAUTH) != 0) { - goto skip; - } - /* * Whatever the key's default TTL may have * been, the rdataset TTL takes priority. diff -Nru bind9-9.18.33/lib/dns/dst_api.c bind9-9.18.41/lib/dns/dst_api.c --- bind9-9.18.33/lib/dns/dst_api.c 2025-01-20 13:39:31.249356742 +0000 +++ bind9-9.18.41/lib/dns/dst_api.c 2025-10-18 10:21:03.125260693 +0000 @@ -2449,7 +2449,7 @@ * */ bool -dst_key_is_unused(dst_key_t *key) { +dst_key_is_unused(const dst_key_t *key) { isc_stdtime_t val; dst_key_state_t st; int state_type; @@ -2751,7 +2751,7 @@ } dst_key_state_t -dst_key_goal(dst_key_t *key) { +dst_key_goal(const dst_key_t *key) { dst_key_state_t state; isc_result_t result; diff -Nru bind9-9.18.33/lib/dns/include/dns/db.h bind9-9.18.41/lib/dns/include/dns/db.h --- bind9-9.18.33/lib/dns/include/dns/db.h 2025-01-20 13:39:31.251356777 +0000 +++ bind9-9.18.41/lib/dns/include/dns/db.h 2025-10-18 10:21:03.128260774 +0000 @@ -287,6 +287,7 @@ #define DNS_DBADD_EXACT 0x04 #define DNS_DBADD_EXACTTTL 0x08 #define DNS_DBADD_PREFETCH 0x10 +#define DNS_DBADD_EQUALOK 0x20 /*@}*/ /*% @@ -1228,6 +1229,10 @@ * the old and new rdata sets. If #DNS_DBADD_EXACTTTL is set then both * the old and new rdata sets must have the same ttl. * + * \li If the #DNS_DBADD_EQUALOK option is set, and the database is not + * changed, compare the old and new rdatasets; if they are equal, + * return #ISC_R_SUCCESS instead of #DNS_R_UNCHANGED. + * * \li The 'now' field is ignored if 'db' is a zone database. If 'db' is * a cache database, then the added rdataset will expire no later than * now + rdataset->ttl. @@ -1257,8 +1262,12 @@ * Returns: * * \li #ISC_R_SUCCESS - * \li #DNS_R_UNCHANGED The operation did not change - * anything. \li #ISC_R_NOMEMORY \li #DNS_R_NOTEXACT + * \li #DNS_R_UNCHANGED The operation did not change anything. + * \li #ISC_R_NOMEMORY + * \li #DNS_R_NOTEXACT The TTL didn't match and #DNS_DBADD_EXACTTTL + * was set, or there was a partial overlap + * between the old and new rdatasets and + * DNS_DBADD_EXACT was set. * * \li Other results are possible, depending upon the database * implementation used. diff -Nru bind9-9.18.33/lib/dns/include/dns/ds.h bind9-9.18.41/lib/dns/include/dns/ds.h --- bind9-9.18.33/lib/dns/include/dns/ds.h 2025-01-20 13:39:31.253356812 +0000 +++ bind9-9.18.41/lib/dns/include/dns/ds.h 2025-10-18 10:21:03.129260800 +0000 @@ -23,6 +23,8 @@ #define DNS_DSDIGEST_GOST (3) #define DNS_DSDIGEST_SHA384 (4) +#define DNS_DSDIGEST_MAX (255) + /* * Assuming SHA-384 digest type. */ diff -Nru bind9-9.18.33/lib/dns/include/dns/dsync.h bind9-9.18.41/lib/dns/include/dns/dsync.h --- bind9-9.18.33/lib/dns/include/dns/dsync.h 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/lib/dns/include/dns/dsync.h 2025-10-18 10:21:03.129260800 +0000 @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#pragma once + +#define DNS_DSYNCSCHEME_NOTIFY (1) + +#define DNS_DSYNCSCHEMEFORMAT_SIZE (7) + +isc_result_t +dns_dsyncscheme_fromtext(dns_dsyncscheme_t *schemep, isc_textregion_t *source); + +isc_result_t +dns_dsyncscheme_totext(dns_dsyncscheme_t scheme, isc_buffer_t *target); + +void +dns_dsyncscheme_format(dns_dsyncscheme_t scheme, char *cp, unsigned int size); diff -Nru bind9-9.18.33/lib/dns/include/dns/keymgr.h bind9-9.18.41/lib/dns/include/dns/keymgr.h --- bind9-9.18.33/lib/dns/include/dns/keymgr.h 2025-01-20 13:39:31.254356830 +0000 +++ bind9-9.18.41/lib/dns/include/dns/keymgr.h 2025-10-18 10:21:03.131260854 +0000 @@ -128,4 +128,17 @@ * */ +bool +dns_keymgr_key_may_be_purged(const dst_key_t *key, uint32_t after, + isc_stdtime_t now); +/*%< + * Checks if the key files for 'key' may be removed from disk. + * + * Requires: + *\li 'key' is a valid key. + * + * Returns: + *\li true if the key files may be purged, false otherwise. + */ + ISC_LANG_ENDDECLS diff -Nru bind9-9.18.33/lib/dns/include/dns/keyvalues.h bind9-9.18.41/lib/dns/include/dns/keyvalues.h --- bind9-9.18.33/lib/dns/include/dns/keyvalues.h 2025-01-20 13:39:31.254356830 +0000 +++ bind9-9.18.41/lib/dns/include/dns/keyvalues.h 2025-10-18 10:21:03.131260854 +0000 @@ -16,89 +16,84 @@ /*! \file dns/keyvalues.h */ /* - * Flags field of the KEY RR rdata + * Flags field of the KEY rdata. Also used by DNSKEY, CDNSKEY, RKEY, + * KEYDATA. Some values are only defined for KEY and not the others, + * and vice versa. */ -#define DNS_KEYFLAG_TYPEMASK 0xC000 /*%< Mask for "type" bits */ -#define DNS_KEYTYPE_AUTHCONF 0x0000 /*%< Key usable for both */ -#define DNS_KEYTYPE_CONFONLY 0x8000 /*%< Key usable for confidentiality */ -#define DNS_KEYTYPE_AUTHONLY 0x4000 /*%< Key usable for authentication */ -#define DNS_KEYTYPE_NOKEY 0xC000 /*%< No key usable for either; no key */ -#define DNS_KEYTYPE_NOAUTH DNS_KEYTYPE_CONFONLY -#define DNS_KEYTYPE_NOCONF DNS_KEYTYPE_AUTHONLY - -#define DNS_KEYFLAG_RESERVED2 0x2000 /*%< reserved - must be zero */ -#define DNS_KEYFLAG_EXTENDED 0x1000 /*%< key has extended flags */ -#define DNS_KEYFLAG_RESERVED4 0x0800 /*%< reserved - must be zero */ -#define DNS_KEYFLAG_RESERVED5 0x0400 /*%< reserved - must be zero */ -#define DNS_KEYFLAG_OWNERMASK 0x0300 /*%< these bits determine the type */ -#define DNS_KEYOWNER_USER 0x0000 /*%< key is assoc. with user */ -#define DNS_KEYOWNER_ENTITY 0x0200 /*%< key is assoc. with entity eg host */ -#define DNS_KEYOWNER_ZONE 0x0100 /*%< key is zone key */ -#define DNS_KEYOWNER_RESERVED 0x0300 /*%< reserved meaning */ -#define DNS_KEYFLAG_REVOKE 0x0080 /*%< key revoked (per rfc5011) */ -#define DNS_KEYFLAG_RESERVED9 0x0040 /*%< reserved - must be zero */ -#define DNS_KEYFLAG_RESERVED10 0x0020 /*%< reserved - must be zero */ -#define DNS_KEYFLAG_RESERVED11 0x0010 /*%< reserved - must be zero */ -#define DNS_KEYFLAG_SIGNATORYMASK \ - 0x000F /*%< key can sign RR's of same name \ - */ - -#define DNS_KEYFLAG_RESERVEDMASK \ - (DNS_KEYFLAG_RESERVED2 | DNS_KEYFLAG_RESERVED4 | \ - DNS_KEYFLAG_RESERVED5 | DNS_KEYFLAG_RESERVED9 | \ - DNS_KEYFLAG_RESERVED10 | DNS_KEYFLAG_RESERVED11) -#define DNS_KEYFLAG_KSK 0x0001 /*%< key signing key */ - -#define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF /*%< no bits defined here */ +enum { + /* valid for KEY only. if both are set, there is no key data. */ + DNS_KEYTYPE_NOAUTH = 1 << 15, /* cannot be used for authentication. */ + DNS_KEYTYPE_NOCONF = 1 << 14, /* cannot be used for confidentiality. */ + + DNS_KEYFLAG_RESERVED2 = 1 << 13, /* reserved: must be zero. */ + + DNS_KEYFLAG_EXTENDED = 1 << 12, /* key has extended flags: if this is + * set, the first two octets of the + * key data are an additional flags + * field, at least one bit of which + * must be nonzero. (valid for KEY + * only.) */ + + DNS_KEYFLAG_RESERVED4 = 1 << 11, /* reserved: must be zero. */ + DNS_KEYFLAG_RESERVED5 = 1 << 10, /* reserved: must be zero. */ + + /* if nether of these is set, this is a user key (valid for KEY only) */ + DNS_KEYOWNER_ENTITY = 1 << 9, /* host key (valid for KEY only). */ + DNS_KEYOWNER_ZONE = 1 << 8, /* zone key (mandatory for DNSKEY). */ + + DNS_KEYFLAG_REVOKE = 1 << 7, /* key revoked (per rfc5011) */ + DNS_KEYFLAG_RESERVED9 = 1 << 6, /* reserved: must be zero. */ + DNS_KEYFLAG_RESERVED10 = 1 << 5, /* reserved: must be zero. */ + DNS_KEYFLAG_RESERVED11 = 1 << 4, /* reserved: must be zero. */ + + DNS_KEYFLAG_RESERVED12 = 1 << 3, /* reserved: must be zero. */ + DNS_KEYFLAG_RESERVED13 = 1 << 4, /* reserved: must be zero. */ + DNS_KEYFLAG_RESERVED14 = 1 << 2, /* reserved: must be zero. */ + + DNS_KEYFLAG_KSK = 1 << 0, /* key signing key */ +}; + +#define DNS_KEYFLAG_OWNERMASK (DNS_KEYOWNER_ENTITY | DNS_KEYOWNER_ZONE) +#define DNS_KEYFLAG_TYPEMASK (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF) +#define DNS_KEYTYPE_NOKEY DNS_KEYFLAG_TYPEMASK /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ -#define DNS_KEYALG_RSAMD5 1 /*%< RSA with MD5 */ -#define DNS_KEYALG_RSA 1 /*%< Used just for tagging */ -#define DNS_KEYALG_DH 2 /*%< Diffie Hellman KEY */ -#define DNS_KEYALG_DSA 3 /*%< DSA KEY */ -#define DNS_KEYALG_NSEC3DSA 6 -#define DNS_KEYALG_DSS DNS_ALG_DSA -#define DNS_KEYALG_ECC 4 -#define DNS_KEYALG_RSASHA1 5 -#define DNS_KEYALG_NSEC3RSASHA1 7 -#define DNS_KEYALG_RSASHA256 8 -#define DNS_KEYALG_RSASHA512 10 -#define DNS_KEYALG_ECCGOST 12 -#define DNS_KEYALG_ECDSA256 13 -#define DNS_KEYALG_ECDSA384 14 -#define DNS_KEYALG_ED25519 15 -#define DNS_KEYALG_ED448 16 -#define DNS_KEYALG_INDIRECT 252 -#define DNS_KEYALG_PRIVATEDNS 253 -#define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */ -#define DNS_KEYALG_MAX 255 +enum { + DNS_KEYALG_RSAMD5 = 1, /*%< RSA with MD5 */ + DNS_KEYALG_DH = 2, /*%< Diffie Hellman KEY */ + DNS_KEYALG_DSA = 3, /*%< DSA KEY */ + DNS_KEYALG_RSASHA1 = 5, + DNS_KEYALG_NSEC3DSA = 6, + DNS_KEYALG_NSEC3RSASHA1 = 7, + DNS_KEYALG_RSASHA256 = 8, + DNS_KEYALG_RSASHA512 = 10, + DNS_KEYALG_ECCGOST = 12, + DNS_KEYALG_ECDSA256 = 13, + DNS_KEYALG_ECDSA384 = 14, + DNS_KEYALG_ED25519 = 15, + DNS_KEYALG_ED448 = 16, + DNS_KEYALG_INDIRECT = 252, + DNS_KEYALG_PRIVATEDNS = 253, + DNS_KEYALG_PRIVATEOID = 254, /*%< Key begins with OID giving alg */ + DNS_KEYALG_MAX = 255, +}; /* Protocol values */ -#define DNS_KEYPROTO_RESERVED 0 -#define DNS_KEYPROTO_TLS 1 -#define DNS_KEYPROTO_EMAIL 2 -#define DNS_KEYPROTO_DNSSEC 3 -#define DNS_KEYPROTO_IPSEC 4 -#define DNS_KEYPROTO_ANY 255 - -/* Signatures */ -#define DNS_SIG_RSAMINBITS 512 /*%< Size of a mod or exp in bits */ -#define DNS_SIG_RSAMAXBITS 2552 -/* Total of binary mod and exp */ -#define DNS_SIG_RSAMAXBYTES ((DNS_SIG_RSAMAXBITS + 7 / 8) * 2 + 3) -/*%< Max length of text sig block */ -#define DNS_SIG_RSAMAXBASE64 (((DNS_SIG_RSAMAXBYTES + 2) / 3) * 4) -#define DNS_SIG_RSAMINSIZE ((DNS_SIG_RSAMINBITS + 7) / 8) -#define DNS_SIG_RSAMAXSIZE ((DNS_SIG_RSAMAXBITS + 7) / 8) +enum { + DNS_KEYPROTO_RESERVED = 0, + DNS_KEYPROTO_DNSSEC = 3, + DNS_KEYPROTO_ANY = 255, +}; +/* Key and signature sizes */ +#define DNS_KEY_ECDSA256SIZE 64 #define DNS_SIG_ECDSA256SIZE 64 -#define DNS_SIG_ECDSA384SIZE 96 -#define DNS_KEY_ECDSA256SIZE 64 #define DNS_KEY_ECDSA384SIZE 96 +#define DNS_SIG_ECDSA384SIZE 96 +#define DNS_KEY_ED25519SIZE 32 #define DNS_SIG_ED25519SIZE 64 -#define DNS_SIG_ED448SIZE 114 -#define DNS_KEY_ED25519SIZE 32 -#define DNS_KEY_ED448SIZE 57 +#define DNS_KEY_ED448SIZE 57 +#define DNS_SIG_ED448SIZE 114 diff -Nru bind9-9.18.33/lib/dns/include/dns/librpz.h bind9-9.18.41/lib/dns/include/dns/librpz.h --- bind9-9.18.33/lib/dns/include/dns/librpz.h 2025-01-20 13:39:31.254356830 +0000 +++ bind9-9.18.41/lib/dns/include/dns/librpz.h 2025-10-18 10:21:03.131260854 +0000 @@ -366,7 +366,7 @@ * @param mutex: pointer to the lock for the client handle * @param log_ctx: NULL or resolver's context log messages */ -typedef librpz_clist_t *(librpz_clist_create_t)(librpz_emsg_t *emsg, +typedef librpz_clist_t *(librpz_clist_create_t)(librpz_emsg_t * emsg, librpz_mutex_t *lock, librpz_mutex_t *unlock, librpz_mutex_t *mutex_destroy, @@ -387,7 +387,7 @@ * @param use_expired: true to not ignore expired zones * @return client handle or NULL if the handle could not be created */ -typedef librpz_client_t *(librpz_client_create_t)(librpz_emsg_t *emsg, +typedef librpz_client_t *(librpz_client_create_t)(librpz_emsg_t * emsg, librpz_clist_t *clist, const char *cstr, bool use_expired); @@ -648,8 +648,8 @@ * @param client context * @return malloc'ed string or NULL after error */ -typedef char *(librpz_db_info_t)(librpz_emsg_t *emsg, bool license, bool cfiles, - bool listens, librpz_rsp_t *rsp); +typedef char *(librpz_db_info_t)(librpz_emsg_t * emsg, bool license, + bool cfiles, bool listens, librpz_rsp_t *rsp); LIBDEF_F(db_info) /** @@ -669,7 +669,7 @@ * @param rsp state from librpz_itr_start() * @return malloc'ed string or NULL after error */ -typedef char *(librpz_mf_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +typedef char *(librpz_mf_stats_t)(librpz_emsg_t * emsg, librpz_rsp_t *rsp); LIBDEF_F(mf_stats) /** @@ -678,7 +678,7 @@ * @param[in,out] rsp: state from librpz_itr_start() * @return malloc'ed string or NULL after error */ -typedef char *(librpz_vers_stats_t)(librpz_emsg_t *emsg, librpz_rsp_t *rsp); +typedef char *(librpz_vers_stats_t)(librpz_emsg_t * emsg, librpz_rsp_t *rsp); LIBDEF_F(vers_stats) /** @@ -688,7 +688,7 @@ * @param[in,out] rsp state from librpz_rsp_start() * @return malloc'ed string or NULL after error */ -typedef char *(librpz_itr_zone_t)(librpz_emsg_t *emsg, bool all_zones, +typedef char *(librpz_itr_zone_t)(librpz_emsg_t * emsg, bool all_zones, librpz_rsp_t *rsp); LIBDEF_F(itr_zone) @@ -755,11 +755,12 @@ LIBDEF_F(domain_pton2) typedef union socku socku_t; -typedef socku_t *(librpz_mk_inet_su_t)(socku_t *su, const struct in_addr *addrp, - in_port_t port); +typedef socku_t *(librpz_mk_inet_su_t)(socku_t * su, + const struct in_addr *addrp, + in_port_t port); LIBDEF_F(mk_inet_su) -typedef socku_t *(librpz_mk_inet6_su_t)(socku_t *su, +typedef socku_t *(librpz_mk_inet6_su_t)(socku_t * su, const struct in6_addr *addrp, uint32_t scope_id, in_port_t port); LIBDEF_F(mk_inet6_su) diff -Nru bind9-9.18.33/lib/dns/include/dns/message.h bind9-9.18.41/lib/dns/include/dns/message.h --- bind9-9.18.33/lib/dns/include/dns/message.h 2025-01-20 13:39:31.255356848 +0000 +++ bind9-9.18.41/lib/dns/include/dns/message.h 2025-10-18 10:21:03.131260854 +0000 @@ -97,7 +97,8 @@ #define DNS_MESSAGEFLAG_CD 0x0010U /*%< EDNS0 extended message flags */ -#define DNS_MESSAGEEXTFLAG_DO 0x8000U +#define DNS_MESSAGEEXTFLAG_DO 0x8000U /* DNSSEC OK */ +#define DNS_MESSAGEEXTFLAG_CO 0x4000U /* Compact denial of existence OK */ /*%< EDNS0 extended OPT codes */ #define DNS_OPT_LLQ 1 /*%< LLQ opt code */ @@ -283,6 +284,7 @@ unsigned int tkey : 1; unsigned int rdclass_set : 1; unsigned int fuzzing : 1; + unsigned int has_dname : 1; unsigned int opt_reserved; unsigned int sig_reserved; @@ -1526,4 +1528,11 @@ * \li 'pttl != NULL'. */ +bool +dns_message_hasdname(dns_message_t *msg); +/*%< + * Return whether a DNAME was detected in the ANSWER section of a QUERY + * message when it was parsed. + */ + ISC_LANG_ENDDECLS diff -Nru bind9-9.18.33/lib/dns/include/dns/rdataset.h bind9-9.18.41/lib/dns/include/dns/rdataset.h --- bind9-9.18.33/lib/dns/include/dns/rdataset.h 2025-01-20 13:39:31.257356883 +0000 +++ bind9-9.18.41/lib/dns/include/dns/rdataset.h 2025-10-18 10:21:03.133260907 +0000 @@ -131,7 +131,10 @@ * This RRSIG RRset should be re-generated around this time. * Only valid if DNS_RDATASETATTR_RESIGN is set in attributes. */ - isc_stdtime_t resign; + union { + isc_stdtime_t resign; + isc_stdtime_t expire; + }; /*@{*/ /*% diff -Nru bind9-9.18.33/lib/dns/include/dns/types.h bind9-9.18.41/lib/dns/include/dns/types.h --- bind9-9.18.33/lib/dns/include/dns/types.h 2025-01-20 13:39:31.259356918 +0000 +++ bind9-9.18.41/lib/dns/include/dns/types.h 2025-10-18 10:21:03.135260960 +0000 @@ -76,6 +76,7 @@ typedef struct dns_dnsseckey dns_dnsseckey_t; typedef ISC_LIST(dns_dnsseckey_t) dns_dnsseckeylist_t; typedef uint8_t dns_dsdigest_t; +typedef uint8_t dns_dsyncscheme_t; typedef struct dns_dtdata dns_dtdata_t; typedef struct dns_dtenv dns_dtenv_t; typedef struct dns_dtmsg dns_dtmsg_t; diff -Nru bind9-9.18.33/lib/dns/include/dns/view.h bind9-9.18.41/lib/dns/include/dns/view.h --- bind9-9.18.33/lib/dns/include/dns/view.h 2025-01-20 13:39:31.259356918 +0000 +++ bind9-9.18.41/lib/dns/include/dns/view.h 2025-10-18 10:21:03.136260987 +0000 @@ -524,6 +524,12 @@ *\li 'view' is a valid, unfrozen view. * *\li 'zone' is a valid zone. + * + * Returns: + * + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_SHUTTINGDOWN Shutting down + *\li Other values returned by dns_zt_mount() */ void diff -Nru bind9-9.18.33/lib/dns/include/dns/zone.h bind9-9.18.41/lib/dns/include/dns/zone.h --- bind9-9.18.33/lib/dns/include/dns/zone.h 2025-01-20 13:39:31.260356936 +0000 +++ bind9-9.18.41/lib/dns/include/dns/zone.h 2025-10-18 10:21:03.136260987 +0000 @@ -888,9 +888,9 @@ * val > 0. */ -isc_result_t +void dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); -isc_result_t +void dns_zone_setaltxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); /*%< * Set the source address to be used in IPv4 zone transfers. @@ -898,26 +898,24 @@ * Require: *\li 'zone' to be a valid zone. *\li 'xfrsource' to contain the address. - * - * Returns: - *\li #ISC_R_SUCCESS */ -isc_sockaddr_t * -dns_zone_getxfrsource4(dns_zone_t *zone); -isc_sockaddr_t * -dns_zone_getaltxfrsource4(dns_zone_t *zone); +void +dns_zone_getxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource); +void +dns_zone_getaltxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource); /*%< * Returns the source address set by a previous dns_zone_setxfrsource4 * call, or the default of inaddr_any, port 0. * * Require: *\li 'zone' to be a valid zone. + *\li 'xfrsource' to not be NULL */ -isc_result_t +void dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); -isc_result_t +void dns_zone_setaltxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); /*%< * Set the source address to be used in IPv6 zone transfers. @@ -925,24 +923,22 @@ * Require: *\li 'zone' to be a valid zone. *\li 'xfrsource' to contain the address. - * - * Returns: - *\li #ISC_R_SUCCESS */ -isc_sockaddr_t * -dns_zone_getxfrsource6(dns_zone_t *zone); -isc_sockaddr_t * -dns_zone_getaltxfrsource6(dns_zone_t *zone); +void +dns_zone_getxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource); +void +dns_zone_getaltxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource); /*%< * Returns the source address set by a previous dns_zone_setxfrsource6 * call, or the default of in6addr_any, port 0. * * Require: *\li 'zone' to be a valid zone. + *\li 'xfrsource' to not be NULL */ -isc_result_t +void dns_zone_setparentalsrc4(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc); /*%< * Set the source address to be used with IPv4 parental DS queries. @@ -950,22 +946,20 @@ * Require: *\li 'zone' to be a valid zone. *\li 'parentalsrc' to contain the address. - * - * Returns: - *\li #ISC_R_SUCCESS */ -isc_sockaddr_t * -dns_zone_getparentalsrc4(dns_zone_t *zone); +void +dns_zone_getparentalsrc4(dns_zone_t *zone, isc_sockaddr_t *parentalsrc); /*%< * Returns the source address set by a previous dns_zone_setparentalsrc4 * call, or the default of inaddr_any, port 0. * * Require: *\li 'zone' to be a valid zone. + *\li 'parentalsrc' to be non NULL. */ -isc_result_t +void dns_zone_setparentalsrc6(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc); /*%< * Set the source address to be used with IPv6 parental DS queries. @@ -973,22 +967,20 @@ * Require: *\li 'zone' to be a valid zone. *\li 'parentalsrc' to contain the address. - * - * Returns: - *\li #ISC_R_SUCCESS */ -isc_sockaddr_t * -dns_zone_getparentalsrc6(dns_zone_t *zone); +void +dns_zone_getparentalsrc6(dns_zone_t *zone, isc_sockaddr_t *parentalsrc); /*%< * Returns the source address set by a previous dns_zone_setparentalsrc6 * call, or the default of in6addr_any, port 0. * * Require: *\li 'zone' to be a valid zone. + *\li 'parentalsrc' to be non NULL. */ -isc_result_t +void dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); /*%< * Set the source address to be used with IPv4 NOTIFY messages. @@ -996,22 +988,20 @@ * Require: *\li 'zone' to be a valid zone. *\li 'notifysrc' to contain the address. - * - * Returns: - *\li #ISC_R_SUCCESS */ -isc_sockaddr_t * -dns_zone_getnotifysrc4(dns_zone_t *zone); +void +dns_zone_getnotifysrc4(dns_zone_t *zone, isc_sockaddr_t *notifysrc); /*%< * Returns the source address set by a previous dns_zone_setnotifysrc4 * call, or the default of inaddr_any, port 0. * * Require: *\li 'zone' to be a valid zone. + *\li 'notifysrc' to be non NULL. */ -isc_result_t +void dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); /*%< * Set the source address to be used with IPv6 NOTIFY messages. @@ -1019,19 +1009,17 @@ * Require: *\li 'zone' to be a valid zone. *\li 'notifysrc' to contain the address. - * - * Returns: - *\li #ISC_R_SUCCESS */ -isc_sockaddr_t * -dns_zone_getnotifysrc6(dns_zone_t *zone); +void +dns_zone_getnotifysrc6(dns_zone_t *zone, isc_sockaddr_t *notifysrc); /*%< * Returns the source address set by a previous dns_zone_setnotifysrc6 * call, or the default of in6addr_any, port 0. * * Require: *\li 'zone' to be a valid zone. + *\li 'notifysrc' to be non NULL. */ void diff -Nru bind9-9.18.33/lib/dns/include/dst/dst.h bind9-9.18.41/lib/dns/include/dst/dst.h --- bind9-9.18.33/lib/dns/include/dst/dst.h 2025-01-20 13:39:31.260356936 +0000 +++ bind9-9.18.41/lib/dns/include/dst/dst.h 2025-10-18 10:21:03.137261014 +0000 @@ -1154,7 +1154,7 @@ */ bool -dst_key_is_unused(dst_key_t *key); +dst_key_is_unused(const dst_key_t *key); /*%< * Check if this key is unused. * @@ -1211,7 +1211,7 @@ */ dst_key_state_t -dst_key_goal(dst_key_t *key); +dst_key_goal(const dst_key_t *key); /*%< * Get the key goal. Should be OMNIPRESENT or HIDDEN. * This can be used to determine if the key is being introduced or diff -Nru bind9-9.18.33/lib/dns/key.c bind9-9.18.41/lib/dns/key.c --- bind9-9.18.33/lib/dns/key.c 2025-01-20 13:39:31.261356953 +0000 +++ bind9-9.18.41/lib/dns/key.c 2025-10-18 10:21:03.138261041 +0000 @@ -127,9 +127,6 @@ dst_key_iszonekey(const dst_key_t *key) { REQUIRE(VALID_KEY(key)); - if ((key->key_flags & DNS_KEYTYPE_NOAUTH) != 0) { - return false; - } if ((key->key_flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) { return false; } diff -Nru bind9-9.18.33/lib/dns/keymgr.c bind9-9.18.41/lib/dns/keymgr.c --- bind9-9.18.33/lib/dns/keymgr.c 2025-01-20 13:39:31.261356953 +0000 +++ bind9-9.18.41/lib/dns/keymgr.c 2025-10-18 10:21:03.138261041 +0000 @@ -439,7 +439,7 @@ uint32_t a = now; (void)dst_key_gettime(key->key, DST_TIME_ACTIVATE, &a); dst_key_settime(key->key, DST_TIME_INACTIVE, - (a + lifetime)); + a + lifetime); keymgr_settime_remove(key, kasp); } else { dst_key_unsettime(key->key, DST_TIME_INACTIVE); @@ -594,7 +594,7 @@ * */ static bool -keymgr_key_match_state(dst_key_t *key, dst_key_t *subject, int type, +keymgr_key_match_state(const dst_key_t *key, const dst_key_t *subject, int type, dst_key_state_t next_state, dst_key_state_t states[NUM_KEYSTATES]) { REQUIRE(key != NULL); @@ -1626,12 +1626,12 @@ ret = dst_key_getbool(key->key, DST_BOOL_KSK, &ksk); if (ret != ISC_R_SUCCESS) { ksk = ((dst_key_flags(key->key) & DNS_KEYFLAG_KSK) != 0); - dst_key_setbool(key->key, DST_BOOL_KSK, (ksk || csk)); + dst_key_setbool(key->key, DST_BOOL_KSK, ksk || csk); } ret = dst_key_getbool(key->key, DST_BOOL_ZSK, &zsk); if (ret != ISC_R_SUCCESS) { zsk = ((dst_key_flags(key->key) & DNS_KEYFLAG_KSK) == 0); - dst_key_setbool(key->key, DST_BOOL_ZSK, (zsk || csk)); + dst_key_setbool(key->key, DST_BOOL_ZSK, zsk || csk); } /* Get time metadata. */ @@ -1758,7 +1758,7 @@ "DNSKEY %s (%s) (policy %s) in %u " "seconds", keystr, keymgr_keyrole(active_key->key), - dns_kasp_getname(kasp), (prepub - now)); + dns_kasp_getname(kasp), prepub - now); } } if (prepub == 0 || prepub > now) { @@ -1911,7 +1911,7 @@ /* Do we need to set retire time? */ if (lifetime > 0) { dst_key_settime(new_key->key, DST_TIME_INACTIVE, - (active + lifetime)); + active + lifetime); keymgr_settime_remove(new_key, kasp); } @@ -1933,8 +1933,9 @@ return ISC_R_SUCCESS; } -static bool -keymgr_key_may_be_purged(dst_key_t *key, uint32_t after, isc_stdtime_t now) { +bool +dns_keymgr_key_may_be_purged(const dst_key_t *key, uint32_t after, + isc_stdtime_t now) { bool ksk = false; bool zsk = false; dst_key_state_t hidden[NUM_KEYSTATES] = { HIDDEN, NA, NA, NA }; @@ -2100,7 +2101,7 @@ { bool found_match = false; - keymgr_key_init(dkey, kasp, now, (numkeys == 1)); + keymgr_key_init(dkey, kasp, now, numkeys == 1); for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL; kkey = ISC_LIST_NEXT(kkey, link)) @@ -2117,8 +2118,8 @@ } /* Check purge-keys interval. */ - if (keymgr_key_may_be_purged(dkey->key, - dns_kasp_purgekeys(kasp), now)) + if (dns_keymgr_key_may_be_purged(dkey->key, + dns_kasp_purgekeys(kasp), now)) { dst_key_format(dkey->key, keystr, sizeof(keystr)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, @@ -2492,8 +2493,7 @@ "scheduled on "); retire_time = keymgr_prepublication_time( dkey, kasp, - (retire_time - active_time), - now); + retire_time - active_time, now); } else { isc_buffer_printf( buf, " Key will retire on "); diff -Nru bind9-9.18.33/lib/dns/keytable.c bind9-9.18.41/lib/dns/keytable.c --- bind9-9.18.33/lib/dns/keytable.c 2025-01-20 13:39:31.262356971 +0000 +++ bind9-9.18.41/lib/dns/keytable.c 2025-10-18 10:21:03.138261041 +0000 @@ -90,7 +90,7 @@ NULL, /* clearprefetch */ NULL, NULL, - NULL /* addglue */ + NULL, /* addglue */ }; static void diff -Nru bind9-9.18.33/lib/dns/masterdump.c bind9-9.18.41/lib/dns/masterdump.c --- bind9-9.18.33/lib/dns/masterdump.c 2025-01-20 13:39:31.262356971 +0000 +++ bind9-9.18.41/lib/dns/masterdump.c 2025-10-18 10:21:03.139261067 +0000 @@ -766,10 +766,17 @@ INDENT_TO(rdata_column); if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { if (NXDOMAIN(rdataset)) { - RETERR(str_totext(";-$NXDOMAIN\n", target)); + RETERR(str_totext(";-$NXDOMAIN", target)); } else { - RETERR(str_totext(";-$NXRRSET\n", target)); + RETERR(str_totext(";-$NXRRSET", target)); } + if (start != NULL) { + RETERR(yaml_stringify(target, start)); + RETERR(str_totext("'\n", target)); + } else { + RETERR(str_totext("\n", target)); + } + /* * Print a summary of the cached records which make * up the negative response. @@ -1148,17 +1155,14 @@ } else { isc_result_t result; if (STALE(rds)) { - fprintf(f, "; stale\n"); - } else if (ANCIENT(rds)) { isc_buffer_t b; char buf[sizeof("YYYYMMDDHHMMSS")]; memset(buf, 0, sizeof(buf)); isc_buffer_init(&b, buf, sizeof(buf) - 1); - dns_time64_totext((uint64_t)rds->ttl, &b); - fprintf(f, - "; expired since %s " - "(awaiting cleanup)\n", - buf); + dns_time64_totext((uint64_t)rds->expire, &b); + fprintf(f, "; stale since %s\n", buf); + } else if (ANCIENT(rds)) { + fprintf(f, "; expired (awaiting cleanup)\n"); } result = dump_rdataset(mctx, name, rds, ctx, buffer, f); if (result != ISC_R_SUCCESS) { diff -Nru bind9-9.18.33/lib/dns/message.c bind9-9.18.41/lib/dns/message.c --- bind9-9.18.33/lib/dns/message.c 2025-01-20 13:39:31.263356988 +0000 +++ bind9-9.18.41/lib/dns/message.c 2025-10-18 10:21:03.139261067 +0000 @@ -64,7 +64,7 @@ } else if (cnt % 8 == 0) { printf(" |"); } - printf(" %02x %c", *p, (isprint(*p) ? *p : ' ')); + printf(" %02x %c", *p, isprint(*p) ? *p : ' '); p++; cnt++; @@ -428,6 +428,7 @@ m->cc_bad = 0; m->tkey = 0; m->rdclass_set = 0; + m->has_dname = 0; m->querytsig = NULL; m->indent.string = "\t"; m->indent.count = 0; @@ -1197,62 +1198,6 @@ return false; } -/* - * Check to confirm that all DNSSEC records (DS, NSEC, NSEC3) have - * covering RRSIGs. - */ -static bool -auth_signed(dns_namelist_t *section) { - dns_name_t *name; - - for (name = ISC_LIST_HEAD(*section); name != NULL; - name = ISC_LIST_NEXT(name, link)) - { - int auth_dnssec = 0, auth_rrsig = 0; - dns_rdataset_t *rds; - - for (rds = ISC_LIST_HEAD(name->list); rds != NULL; - rds = ISC_LIST_NEXT(rds, link)) - { - switch (rds->type) { - case dns_rdatatype_ds: - auth_dnssec |= 0x1; - break; - case dns_rdatatype_nsec: - auth_dnssec |= 0x2; - break; - case dns_rdatatype_nsec3: - auth_dnssec |= 0x4; - break; - case dns_rdatatype_rrsig: - break; - default: - continue; - } - - switch (rds->covers) { - case dns_rdatatype_ds: - auth_rrsig |= 0x1; - break; - case dns_rdatatype_nsec: - auth_rrsig |= 0x2; - break; - case dns_rdatatype_nsec3: - auth_rrsig |= 0x4; - break; - default: - break; - } - } - - if (auth_dnssec != auth_rrsig) { - return false; - } - } - - return true; -} - static isc_result_t getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, dns_section_t sectionid, unsigned int options) { @@ -1710,6 +1655,11 @@ */ msg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS; free_name = false; + } else if (rdtype == dns_rdatatype_dname && + sectionid == DNS_SECTION_ANSWER && + msg->opcode == dns_opcode_query) + { + msg->has_dname = 1; } rdataset = NULL; @@ -1723,21 +1673,6 @@ INSIST(!free_name); } - /* - * If any of DS, NSEC or NSEC3 appeared in the - * authority section of a query response without - * a covering RRSIG, FORMERR - */ - if (sectionid == DNS_SECTION_AUTHORITY && - msg->opcode == dns_opcode_query && - ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) && - ((msg->flags & DNS_MESSAGEFLAG_TC) == 0) && !preserve_order && - !auth_signed(section)) - { - /* XXX test coverage */ - DO_ERROR(DNS_R_FORMERR); - } - if (seen_problem) { result = DNS_R_RECOVERABLE; } @@ -3584,9 +3519,13 @@ if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) { ADD_STRING(target, " do"); } + if ((ps->ttl & DNS_MESSAGEEXTFLAG_CO) != 0) { + ADD_STRING(target, " co"); + } ADD_STRING(target, "\n"); mbz = ps->ttl & 0xffff; - mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ + /* Exclude Known Flags. */ + mbz &= ~(DNS_MESSAGEEXTFLAG_DO | DNS_MESSAGEEXTFLAG_CO); if (mbz != 0) { INDENT(style); ADD_STRING(target, "MBZ: "); @@ -3942,8 +3881,12 @@ if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) { ADD_STRING(target, " do"); } + if ((ps->ttl & DNS_MESSAGEEXTFLAG_CO) != 0) { + ADD_STRING(target, " co"); + } mbz = ps->ttl & 0xffff; - mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */ + /* Exclude Known Flags. */ + mbz &= ~(DNS_MESSAGEEXTFLAG_DO | DNS_MESSAGEEXTFLAG_CO); if (mbz != 0) { ADD_STRING(target, "; MBZ: "); snprintf(buf, sizeof(buf), "0x%.4x", mbz); @@ -4861,3 +4804,9 @@ return ISC_R_SUCCESS; } + +bool +dns_message_hasdname(dns_message_t *msg) { + REQUIRE(DNS_MESSAGE_VALID(msg)); + return msg->has_dname; +} diff -Nru bind9-9.18.33/lib/dns/ncache.c bind9-9.18.41/lib/dns/ncache.c --- bind9-9.18.33/lib/dns/ncache.c 2025-01-20 13:39:31.263356988 +0000 +++ bind9-9.18.41/lib/dns/ncache.c 2025-10-18 10:21:03.140261094 +0000 @@ -524,7 +524,7 @@ NULL, /* clearprefetch */ NULL, /* setownercase */ NULL, /* getownercase */ - NULL /* addglue */ + NULL, /* addglue */ }; isc_result_t diff -Nru bind9-9.18.33/lib/dns/nsec3.c bind9-9.18.41/lib/dns/nsec3.c --- bind9-9.18.33/lib/dns/nsec3.c 2025-01-20 13:39:31.264357006 +0000 +++ bind9-9.18.41/lib/dns/nsec3.c 2025-10-18 10:21:03.140261094 +0000 @@ -2172,9 +2172,9 @@ *optout = ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); (*logit)(arg, ISC_LOG_DEBUG(3), - (*optout ? "NSEC3 indicates optout" - : "NSEC3 indicates secure " - "range")); + *optout ? "NSEC3 indicates optout" + : "NSEC3 indicates secure " + "range"); } answer = ISC_R_SUCCESS; } diff -Nru bind9-9.18.33/lib/dns/rbtdb.c bind9-9.18.41/lib/dns/rbtdb.c --- bind9-9.18.33/lib/dns/rbtdb.c 2025-01-20 13:39:31.267357059 +0000 +++ bind9-9.18.41/lib/dns/rbtdb.c 2025-10-18 10:21:03.143261174 +0000 @@ -299,8 +299,10 @@ RDATASET_ATTR_STATCOUNT) != 0) #define STALE_TTL(header, rbtdb) (NXDOMAIN(header) ? 0 : rbtdb->serve_stale_ttl) +/* clang-format off : RemoveParentheses */ #define RDATASET_ATTR_GET(header, attribute) \ - (atomic_load_acquire(&(header)->attributes) & attribute) + (atomic_load_acquire(&(header)->attributes) & (attribute)) +/* clang-format on */ #define RDATASET_ATTR_SET(header, attribute) \ atomic_fetch_or_release(&(header)->attributes, attribute) #define RDATASET_ATTR_CLR(header, attribute) \ @@ -646,7 +648,7 @@ NULL, /* clearprefetch */ NULL, /* setownercase */ NULL, /* getownercase */ - NULL /* addglue */ + NULL, /* addglue */ }; static void @@ -1453,7 +1455,7 @@ atomic_init(&h->attributes, 0); atomic_init(&h->last_refresh_fail_ts, 0); - STATIC_ASSERT((sizeof(h->attributes) == 2), + STATIC_ASSERT(sizeof(h->attributes) == 2, "The .attributes field of rdatasetheader_t needs to be " "16-bit int type exactly."); @@ -1471,7 +1473,7 @@ if (CASESET(old)) { uint_least16_t attr = RDATASET_ATTR_GET( old, - (RDATASET_ATTR_CASESET | RDATASET_ATTR_CASEFULLYLOWER)); + RDATASET_ATTR_CASESET | RDATASET_ATTR_CASEFULLYLOWER); RDATASET_ATTR_SET(newh, attr); memmove(newh->upper, old->upper, sizeof(old->upper)); } @@ -1878,23 +1880,29 @@ } } +static void +rbtnode_erefs_increment(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { + if (isc_refcount_increment0(&node->references) == 0) { + /* this is the first reference to the node */ + isc_refcount_increment0( + &rbtdb->node_locks[node->locknum].references); + } +} + /* * Caller must be holding the node lock. */ static void -new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, - isc_rwlocktype_t nlocktype) { +dns__rbtnode_acquire(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + isc_rwlocktype_t nlocktype) { if (nlocktype == isc_rwlocktype_write && ISC_LINK_LINKED(node, deadlink)) { ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum], node, deadlink); } - if (isc_refcount_increment0(&node->references) == 0) { - /* this is the first reference to the node */ - isc_refcount_increment0( - &rbtdb->node_locks[node->locknum].references); - } + + rbtnode_erefs_increment(rbtdb, node); } /*% @@ -1914,7 +1922,7 @@ ev = isc_event_allocate(rbtdb->common.mctx, NULL, DNS_EVENT_RBTPRUNE, prune_tree, node, sizeof(isc_event_t)); - new_reference(rbtdb, node, nlocktype); + dns__rbtnode_acquire(rbtdb, node, nlocktype); db = NULL; attach((dns_db_t *)rbtdb, &db); ev->ev_sender = db; @@ -2020,11 +2028,27 @@ } } - new_reference(rbtdb, node, locktype); + dns__rbtnode_acquire(rbtdb, node, locktype); NODE_UNLOCK(nodelock, locktype); } +static bool +rbtnode_erefs_decrement(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { + uint32_t refs; + rbtdb_nodelock_t *nodelock = &rbtdb->node_locks[node->locknum]; + + /* Handle easy and/or typical case first. */ + if (isc_refcount_decrement(&node->references) > 1) { + return false; + } + + refs = isc_refcount_decrement(&nodelock->references); + INSIST(refs > 0); + + return true; +} + /* * Caller must be holding the node lock; either the "strong", read or write * lock. Note that the lock must be held even when node references are @@ -2040,46 +2064,43 @@ * will be immediately freed. */ static bool -decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, - rbtdb_serial_t least_serial, isc_rwlocktype_t nlock, - isc_rwlocktype_t tlock, bool pruning) { +dns__rbtnode_release(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + rbtdb_serial_t least_serial, isc_rwlocktype_t nlock, + isc_rwlocktype_t tlock, bool pruning) { isc_result_t result; bool write_locked; bool locked = tlock != isc_rwlocktype_none; - rbtdb_nodelock_t *nodelock; int bucket = node->locknum; + rbtdb_nodelock_t *nodelock = &rbtdb->node_locks[bucket]; bool no_reference = true; - uint_fast32_t refs; - - nodelock = &rbtdb->node_locks[bucket]; #define KEEP_NODE(n, r, l) \ ((n)->data != NULL || ((l) && (n)->down != NULL) || \ (n) == (r)->origin_node || (n) == (r)->nsec3_origin_node) - /* Handle easy and typical case first. */ + if (!rbtnode_erefs_decrement(rbtdb, node)) { + return false; + } + if (!node->dirty && KEEP_NODE(node, rbtdb, locked)) { - if (isc_refcount_decrement(&node->references) == 1) { - refs = isc_refcount_decrement(&nodelock->references); - INSIST(refs > 0); - return true; - } else { - return false; - } + return true; } /* Upgrade the lock? */ if (nlock == isc_rwlocktype_read) { + /* + * Node lock ref has decremented to 0 and we may need to clean + * up the node. To clean it up, the node ref needs to decrement + * to 0 under the node write lock, so we regain the ref and try + * again. + */ + rbtnode_erefs_increment(rbtdb, node); NODE_UNLOCK(&nodelock->lock, isc_rwlocktype_read); NODE_LOCK(&nodelock->lock, isc_rwlocktype_write); - } - - if (isc_refcount_decrement(&node->references) > 1) { - /* Restore the lock? */ - if (nlock == isc_rwlocktype_read) { + if (!rbtnode_erefs_decrement(rbtdb, node)) { NODE_DOWNGRADE(&nodelock->lock); + return false; } - return false; } if (node->dirty) { @@ -2124,9 +2145,6 @@ write_locked = true; } - refs = isc_refcount_decrement(&nodelock->references); - INSIST(refs > 0); - if (KEEP_NODE(node, rbtdb, locked || write_locked)) { goto restore_locks; } @@ -2144,9 +2162,9 @@ * different node buckets and we don't want to do juggle locks * right now. * - * Since prune_tree() also calls decrement_reference(), check + * Since prune_tree() also calls dns__rbtnode_release(), check * the value of the 'pruning' parameter (which is only set to - * 'true' in the decrement_reference() call present in + * 'true' in the dns__rbtnode_release() call present in * prune_tree()) to prevent an infinite loop and to allow a * node sent to prune_tree() to be deleted by the delete_node() * call in the code branch below. @@ -2165,7 +2183,7 @@ } else { INSIST(node->data == NULL); if (!ISC_LINK_LINKED(node, deadlink)) { - ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, + ISC_LIST_APPEND(rbtdb->deadnodes[node->locknum], node, deadlink); } } @@ -2197,7 +2215,7 @@ /* * Prune the RBTDB tree of trees. Start by attempting to delete a node that is * the only one left on its RBTDB level (see the send_to_prune_tree() call in - * decrement_reference()). Then, if the node has a parent (which can either + * dns__rbtnode_release()). Then, if the node has a parent (which can either * exist on the same RBTDB level or on an upper RBTDB level), check whether the * latter is an interior node (i.e. a node with a non-NULL 'down' pointer). If * the parent node is not an interior node, attempt deleting the parent node as @@ -2232,12 +2250,12 @@ NODE_LOCK(&rbtdb->node_locks[locknum].lock, isc_rwlocktype_write); do { parent = node->parent; - decrement_reference(rbtdb, node, 0, isc_rwlocktype_write, - isc_rwlocktype_write, true); + dns__rbtnode_release(rbtdb, node, 0, isc_rwlocktype_write, + isc_rwlocktype_write, true); /* * Check whether the parent is an interior node. Note that it - * might have been one before the decrement_reference() call on + * might have been one before the dns__rbtnode_release() call on * the previous line, but decrementing the reference count for * 'node' could have caused 'node->parent->down' to become * NULL. @@ -2259,7 +2277,8 @@ * We need to gain a reference to the parent node * before decrementing it in the next iteration. */ - new_reference(rbtdb, parent, isc_rwlocktype_write); + dns__rbtnode_acquire(rbtdb, parent, + isc_rwlocktype_write); } else { parent = NULL; } @@ -2686,9 +2705,9 @@ if (rollback && !IGNORE(header)) { resign_insert(rbtdb, header->node->locknum, header); } - decrement_reference(rbtdb, header->node, least_serial, - isc_rwlocktype_write, isc_rwlocktype_none, - false); + dns__rbtnode_release(rbtdb, header->node, least_serial, + isc_rwlocktype_write, isc_rwlocktype_none, + false); NODE_UNLOCK(lock, isc_rwlocktype_write); } @@ -2706,7 +2725,7 @@ /* * We acquire a tree write lock here in order to make * sure that stale nodes will be removed in - * decrement_reference(). If we didn't have the lock, + * dns__rbtnode_release(). If we didn't have the lock, * those nodes could miss the chance to be removed * until the server stops. The write lock is * expensive, but this event should be rare enough @@ -2737,8 +2756,9 @@ if (rollback) { rollback_node(rbtnode, serial); } - decrement_reference(rbtdb, rbtnode, least_serial, - isc_rwlocktype_write, tlock, false); + dns__rbtnode_release(rbtdb, rbtnode, least_serial, + isc_rwlocktype_write, tlock, + false); NODE_UNLOCK(lock, isc_rwlocktype_write); @@ -3031,7 +3051,7 @@ * We increment the reference count on node to ensure that * search->zonecut_rdataset will still be valid later. */ - new_reference(search->rbtdb, node, isc_rwlocktype_read); + dns__rbtnode_acquire(search->rbtdb, node, isc_rwlocktype_read); search->zonecut = node; search->zonecut_rdataset = found; search->need_cleanup = true; @@ -3101,7 +3121,7 @@ return; } - new_reference(rbtdb, node, locktype); + dns__rbtnode_acquire(rbtdb, node, locktype); INSIST(rdataset->methods == NULL); /* We must be disassociated. */ @@ -3118,7 +3138,7 @@ * (these records should not be cached anyway). */ - if (KEEPSTALE(rbtdb) && stale_ttl > now) { + if (!ZEROTTL(header) && KEEPSTALE(rbtdb) && stale_ttl > now) { stale = true; } else { /* @@ -3134,6 +3154,7 @@ rdataset->type = RBTDB_RDATATYPE_BASE(header->type); rdataset->covers = RBTDB_RDATATYPE_EXT(header->type); rdataset->ttl = header->rdh_ttl - now; + rdataset->ttl = !ZEROTTL(header) ? header->rdh_ttl - now : 0; rdataset->trust = header->trust; if (NEGATIVE(header)) { @@ -3161,9 +3182,10 @@ rdataset->attributes |= DNS_RDATASETATTR_STALE_WINDOW; } rdataset->attributes |= DNS_RDATASETATTR_STALE; + rdataset->expire = header->rdh_ttl; } else if (IS_CACHE(rbtdb) && !ACTIVE(header, now)) { rdataset->attributes |= DNS_RDATASETATTR_ANCIENT; - rdataset->ttl = header->rdh_ttl; + rdataset->ttl = 0; } rdataset->private1 = rbtdb; @@ -3932,7 +3954,7 @@ foundname, NULL); if (result == ISC_R_SUCCESS) { if (nodep != NULL) { - new_reference( + dns__rbtnode_acquire( search->rbtdb, node, isc_rwlocktype_read); *nodep = node; @@ -4231,8 +4253,8 @@ * ensure that search->zonecut_rdataset will * still be valid later. */ - new_reference(search.rbtdb, node, - isc_rwlocktype_read); + dns__rbtnode_acquire(search.rbtdb, node, + isc_rwlocktype_read); search.zonecut = node; search.zonecut_rdataset = header; search.zonecut_sigrdataset = NULL; @@ -4415,7 +4437,8 @@ goto node_exit; } if (nodep != NULL) { - new_reference(search.rbtdb, node, isc_rwlocktype_read); + dns__rbtnode_acquire(search.rbtdb, node, + isc_rwlocktype_read); *nodep = node; } if ((search.rbtversion->secure == dns_db_secure && @@ -4499,7 +4522,8 @@ if (nodep != NULL) { if (!at_zonecut) { - new_reference(search.rbtdb, node, isc_rwlocktype_read); + dns__rbtnode_acquire(search.rbtdb, node, + isc_rwlocktype_read); } else { search.need_cleanup = false; } @@ -4535,8 +4559,8 @@ lock = &(search.rbtdb->node_locks[node->locknum].lock); NODE_LOCK(lock, isc_rwlocktype_read); - decrement_reference(search.rbtdb, node, 0, isc_rwlocktype_read, - isc_rwlocktype_none, false); + dns__rbtnode_release(search.rbtdb, node, 0, isc_rwlocktype_read, + isc_rwlocktype_none, false); NODE_UNLOCK(lock, isc_rwlocktype_read); } @@ -4654,7 +4678,7 @@ /* * header->down can be non-NULL if the * refcount has just decremented to 0 - * but decrement_reference() has not + * but dns__rbtnode_release() has not * performed clean_cache_node(), in * which case we need to purge the stale * headers first. @@ -4669,6 +4693,7 @@ } free_rdataset(search->rbtdb, mctx, header); } else { + set_ttl(search->rbtdb, header, 0); mark_header_ancient(search->rbtdb, header); *header_prev = header; } @@ -4737,7 +4762,7 @@ * We increment the reference count on node to ensure that * search->zonecut_rdataset will still be valid later. */ - new_reference(search->rbtdb, node, locktype); + dns__rbtnode_acquire(search->rbtdb, node, locktype); search->zonecut = node; search->zonecut_rdataset = dname_header; search->zonecut_sigrdataset = sigdname_header; @@ -4847,7 +4872,8 @@ } result = DNS_R_DELEGATION; if (nodep != NULL) { - new_reference(search->rbtdb, node, locktype); + dns__rbtnode_acquire(search->rbtdb, node, + locktype); *nodep = node; } bind_rdataset(search->rbtdb, node, found, search->now, @@ -5000,7 +5026,7 @@ bind_rdataset(search->rbtdb, node, foundsig, now, locktype, sigrdataset); } - new_reference(search->rbtdb, node, locktype); + dns__rbtnode_acquire(search->rbtdb, node, locktype); dns_name_copy(fname, foundname); @@ -5261,7 +5287,8 @@ nsecheader != NULL) { if (nodep != NULL) { - new_reference(search.rbtdb, node, locktype); + dns__rbtnode_acquire(search.rbtdb, node, + locktype); *nodep = node; } bind_rdataset(search.rbtdb, node, nsecheader, @@ -5303,7 +5330,8 @@ */ if (nsheader != NULL) { if (nodep != NULL) { - new_reference(search.rbtdb, node, locktype); + dns__rbtnode_acquire(search.rbtdb, node, + locktype); *nodep = node; } bind_rdataset(search.rbtdb, node, nsheader, search.now, @@ -5335,7 +5363,7 @@ */ if (nodep != NULL) { - new_reference(search.rbtdb, node, locktype); + dns__rbtnode_acquire(search.rbtdb, node, locktype); *nodep = node; } @@ -5412,8 +5440,8 @@ lock = &(search.rbtdb->node_locks[node->locknum].lock); NODE_LOCK(lock, isc_rwlocktype_read); - decrement_reference(search.rbtdb, node, 0, isc_rwlocktype_read, - isc_rwlocktype_none, false); + dns__rbtnode_release(search.rbtdb, node, 0, isc_rwlocktype_read, + isc_rwlocktype_none, false); NODE_UNLOCK(lock, isc_rwlocktype_read); } @@ -5496,43 +5524,33 @@ header_prev = NULL; for (header = node->data; header != NULL; header = header_next) { header_next = header->next; + bool ns = (header->type == dns_rdatatype_ns || + header->type == RBTDB_RDATATYPE_SIGNS); if (check_stale_header(node, header, &locktype, lock, &search, &header_prev)) { - /* - * The function dns_rbt_findnode found us the a matching - * node for 'name' and stored the result in 'dcname'. - * This is the deepest known zonecut in our database. - * However, this node may be stale and if serve-stale - * is not enabled (in other words 'stale-answer-enable' - * is set to no), this node may not be used as a - * zonecut we know about. If so, find the deepest - * zonecut from this node up and return that instead. - */ - NODE_UNLOCK(lock, locktype); - result = find_deepest_zonecut(&search, node, nodep, - foundname, rdataset, - sigrdataset); - dns_name_copy(foundname, dcname); - goto tree_exit; - } else if (EXISTS(header) && !ANCIENT(header)) { - /* - * If we found a type we were looking for, remember - * it. - */ - if (header->type == dns_rdatatype_ns) { + if (ns) { /* - * Remember a NS rdataset even if we're - * not specifically looking for it, because - * we might need it later. + * We found a cached NS, but it was either + * ancient or it was stale and serve-stale + * is disabled, so this node can't be used + * as a zone cut we know about. Instead we + * bail out and call find_deepest_zonecut() + * below. */ + break; + } + } else if (EXISTS(header) && !ANCIENT(header)) { + if (header->type == dns_rdatatype_ns) { found = header; + if (foundsig != NULL) { + break; + } } else if (header->type == RBTDB_RDATATYPE_SIGNS) { - /* - * If we need the NS rdataset, we'll also - * need its signature. - */ foundsig = header; + if (found != NULL) { + break; + } } header_prev = header; } else { @@ -5542,16 +5560,18 @@ if (found == NULL) { /* - * No NS records here. + * No active NS records found. Call find_deepest_zonecut() + * to look for them in nodes above this one. */ NODE_UNLOCK(lock, locktype); result = find_deepest_zonecut(&search, node, nodep, foundname, rdataset, sigrdataset); + dns_name_copy(foundname, dcname); goto tree_exit; } if (nodep != NULL) { - new_reference(search.rbtdb, node, locktype); + dns__rbtnode_acquire(search.rbtdb, node, locktype); *nodep = node; } @@ -5625,8 +5645,8 @@ NODE_LOCK(&nodelock->lock, isc_rwlocktype_read); - if (decrement_reference(rbtdb, node, 0, isc_rwlocktype_read, - isc_rwlocktype_none, false)) + if (dns__rbtnode_release(rbtdb, node, 0, isc_rwlocktype_read, + isc_rwlocktype_none, false)) { if (isc_refcount_current(&nodelock->references) == 0 && nodelock->exiting) @@ -5728,6 +5748,7 @@ * refcurrent(rbtnode) must be non-zero. This is so * because 'node' is an argument to the function. */ + set_ttl(rbtdb, header, 0); mark_header_ancient(rbtdb, header); if (log) { isc_log_write(dns_lctx, category, module, level, @@ -6019,6 +6040,7 @@ * non-zero. This is so because 'node' is an * argument to the function. */ + set_ttl(rbtdb, header, 0); mark_header_ancient(rbtdb, header); } } else if (EXISTS(header) && !ANCIENT(header)) { @@ -6125,14 +6147,6 @@ */ for (header = node->data; header != NULL; header = header_next) { header_next = header->next; - if (!prio_type(header->type)) { - /* - * CNAME is in the priority list, so if we are done - * with the priority list, we know there will not be - * CNAME, so we are safe to skip the rest of the types. - */ - return false; - } if (header->type == dns_rdatatype_cname) { /* * Look for an active extant CNAME. @@ -6188,6 +6202,16 @@ } } while (header != NULL); if (header != NULL) { + if (!prio_type(header->type)) { + /* + * CNAME is in the priority + * list, so if we are done with + * priority types, we know there + * will not be a CNAME, and are + * safe to skip the rest. + */ + return cname; + } other_data = true; } } @@ -6223,8 +6247,8 @@ header->heap_index); header->heap_index = 0; if (version != NULL) { - new_reference(rbtdb, header->node, - isc_rwlocktype_write); + dns__rbtnode_acquire(rbtdb, header->node, + isc_rwlocktype_write); ISC_LIST_APPEND(version->resigned_list, header, link); } } @@ -6481,13 +6505,22 @@ if (rbtversion == NULL && trust < header->trust && (ACTIVE(header, now) || header_nx)) { - free_rdataset(rbtdb, rbtdb->common.mctx, newheader); - if (addedrdataset != NULL) { - bind_rdataset(rbtdb, rbtnode, header, now, - isc_rwlocktype_write, - addedrdataset); + result = DNS_R_UNCHANGED; + bind_rdataset(rbtdb, rbtnode, header, now, + isc_rwlocktype_write, addedrdataset); + if (ACTIVE(header, now) && + (options & DNS_DBADD_EQUALOK) != 0 && + dns_rdataslab_equalx( + (unsigned char *)header, + (unsigned char *)newheader, + (unsigned int)(sizeof(*newheader)), + rbtdb->common.rdclass, + (dns_rdatatype_t)header->type)) + { + result = ISC_R_SUCCESS; } - return DNS_R_UNCHANGED; + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); + return result; } /* @@ -6566,29 +6599,23 @@ } } /* - * Don't replace existing NS, A and AAAA RRsets in the - * cache if they are already exist. This prevents named - * being locked to old servers. Don't lower trust of - * existing record if the update is forced. Nothing - * special to be done w.r.t stale data; it gets replaced - * normally further down. + * Don't replace existing NS in the cache if they already exist + * and replacing the existing one would increase the TTL. This + * prevents named being locked to old servers. Don't lower trust + * of existing record if the update is forced. Nothing special + * to be done w.r.t stale data; it gets replaced normally + * further down. */ if (IS_CACHE(rbtdb) && ACTIVE(header, now) && header->type == dns_rdatatype_ns && !header_nx && !newheader_nx && header->trust >= newheader->trust && + header->rdh_ttl < newheader->rdh_ttl && dns_rdataslab_equalx((unsigned char *)header, (unsigned char *)newheader, (unsigned int)(sizeof(*newheader)), rbtdb->common.rdclass, (dns_rdatatype_t)header->type)) { - /* - * Honour the new ttl if it is less than the - * older one. - */ - if (header->rdh_ttl > newheader->rdh_ttl) { - set_ttl(rbtdb, header, newheader->rdh_ttl); - } if (header->last_used != now) { update_header(rbtdb, header, now); } @@ -6613,7 +6640,7 @@ return ISC_R_SUCCESS; } /* - * If we have will be replacing a NS RRset force its TTL + * If we will be replacing a NS RRset force its TTL * to be no more than the current NS RRset's TTL. This * ensures the delegations that are withdrawn are honoured. */ @@ -6622,6 +6649,11 @@ !newheader_nx && header->trust <= newheader->trust) { if (newheader->rdh_ttl > header->rdh_ttl) { + if (ZEROTTL(header)) { + RDATASET_ATTR_SET( + newheader, + RDATASET_ATTR_ZEROTTL); + } newheader->rdh_ttl = header->rdh_ttl; } } @@ -6633,17 +6665,11 @@ header->type == RBTDB_RDATATYPE_SIGDS) && !header_nx && !newheader_nx && header->trust >= newheader->trust && + header->rdh_ttl < newheader->rdh_ttl && dns_rdataslab_equal((unsigned char *)header, (unsigned char *)newheader, (unsigned int)(sizeof(*newheader)))) { - /* - * Honour the new ttl if it is less than the - * older one. - */ - if (header->rdh_ttl > newheader->rdh_ttl) { - set_ttl(rbtdb, header, newheader->rdh_ttl); - } if (header->last_used != now) { update_header(rbtdb, header, now); } @@ -7938,7 +7964,7 @@ /* Note that the access to origin_node doesn't require a DB lock */ onode = (dns_rbtnode_t *)rbtdb->origin_node; if (onode != NULL) { - new_reference(rbtdb, onode, isc_rwlocktype_none); + dns__rbtnode_acquire(rbtdb, onode, isc_rwlocktype_none); *nodep = rbtdb->origin_node; } else { INSIST(IS_CACHE(rbtdb)); @@ -9182,8 +9208,8 @@ lock = &rbtdb->node_locks[node->locknum].lock; NODE_LOCK(lock, isc_rwlocktype_read); - decrement_reference(rbtdb, node, 0, isc_rwlocktype_read, - rbtdbiter->tree_locked, false); + dns__rbtnode_release(rbtdb, node, 0, isc_rwlocktype_read, + rbtdbiter->tree_locked, false); NODE_UNLOCK(lock, isc_rwlocktype_read); rbtdbiter->node = NULL; @@ -9222,8 +9248,9 @@ lock = &rbtdb->node_locks[node->locknum].lock; NODE_LOCK(lock, isc_rwlocktype_read); - decrement_reference(rbtdb, node, 0, isc_rwlocktype_read, - rbtdbiter->tree_locked, false); + dns__rbtnode_release(rbtdb, node, 0, + isc_rwlocktype_read, + rbtdbiter->tree_locked, false); NODE_UNLOCK(lock, isc_rwlocktype_read); } @@ -9706,7 +9733,7 @@ result = ISC_R_SUCCESS; } - new_reference(rbtdb, node, isc_rwlocktype_none); + dns__rbtnode_acquire(rbtdb, node, isc_rwlocktype_none); *nodep = rbtdbiter->node; @@ -10397,9 +10424,9 @@ */ static bool need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) { - if (RDATASET_ATTR_GET(header, (RDATASET_ATTR_NONEXISTENT | - RDATASET_ATTR_ANCIENT | - RDATASET_ATTR_ZEROTTL)) != 0) + if (RDATASET_ATTR_GET(header, RDATASET_ATTR_NONEXISTENT | + RDATASET_ATTR_ANCIENT | + RDATASET_ATTR_ZEROTTL) != 0) { return false; } @@ -10551,14 +10578,14 @@ /* * If no one else is using the node, we can clean it up now. * We first need to gain a new reference to the node to meet a - * requirement of decrement_reference(). + * requirement of dns__rbtnode_release(). */ - new_reference(rbtdb, header->node, isc_rwlocktype_write); - decrement_reference(rbtdb, header->node, 0, - isc_rwlocktype_write, - tree_locked ? isc_rwlocktype_write - : isc_rwlocktype_none, - false); + dns__rbtnode_acquire(rbtdb, header->node, isc_rwlocktype_write); + dns__rbtnode_release(rbtdb, header->node, 0, + isc_rwlocktype_write, + tree_locked ? isc_rwlocktype_write + : isc_rwlocktype_none, + false); if (rbtdb->cachestats == NULL) { return; diff -Nru bind9-9.18.33/lib/dns/rcode.c bind9-9.18.41/lib/dns/rcode.c --- bind9-9.18.33/lib/dns/rcode.c 2025-01-20 13:39:31.267357059 +0000 +++ bind9-9.18.41/lib/dns/rcode.c 2025-10-18 10:21:03.144261201 +0000 @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -47,6 +48,10 @@ #define TOTEXTONLY 0x01 +/* clang-format off */ +#define SENTINEL { 0, NULL, 0 } +/* clang-format on */ + #define RCODENAMES \ /* standard rcodes */ \ { dns_rcode_noerror, "NOERROR", 0 }, \ @@ -129,6 +134,8 @@ { DNS_DSDIGEST_SHA384, "SHA-384", 0 }, \ { DNS_DSDIGEST_SHA384, "SHA384", 0 }, { 0, NULL, 0 } +#define DSYNCSCHEMES { DNS_DSYNCSCHEME_NOTIFY, "NOTIFY", 0 }, SENTINEL + struct tbl { unsigned int value; const char *name; @@ -142,6 +149,7 @@ static struct tbl secprotos[] = { SECPROTONAMES }; static struct tbl hashalgs[] = { HASHALGNAMES }; static struct tbl dsdigests[] = { DSDIGESTNAMES }; +static struct tbl dsyncschemes[] = { DSYNCSCHEMES }; static struct keyflag { const char *name; @@ -445,6 +453,41 @@ isc_buffer_usedregion(&b, &r); r.base[r.length] = 0; if (result != ISC_R_SUCCESS) { + r.base[0] = 0; + } +} + +/* + * DSYNC Scheme + */ + +isc_result_t +dns_dsyncscheme_fromtext(dns_dsyncscheme_t *schemep, isc_textregion_t *source) { + unsigned int value; + + REQUIRE(schemep != NULL); + RETERR(dns_mnemonic_fromtext(&value, source, dsyncschemes, 0xff)); + *schemep = value; + return ISC_R_SUCCESS; +} + +isc_result_t +dns_dsyncscheme_totext(dns_dsyncscheme_t scheme, isc_buffer_t *target) { + return dns_mnemonic_totext(scheme, target, dsyncschemes); +} + +void +dns_dsyncscheme_format(dns_dsyncscheme_t scheme, char *cp, unsigned int size) { + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + + REQUIRE(cp != NULL && size > 0); + isc_buffer_init(&b, cp, size - 1); + result = dns_dsyncscheme_totext(scheme, &b); + isc_buffer_usedregion(&b, &r); + r.base[r.length] = 0; + if (result != ISC_R_SUCCESS) { r.base[0] = 0; } } diff -Nru bind9-9.18.33/lib/dns/rdata/any_255/tsig_250.c bind9-9.18.41/lib/dns/rdata/any_255/tsig_250.c --- bind9-9.18.33/lib/dns/rdata/any_255/tsig_250.c 2025-01-20 13:39:31.267357059 +0000 +++ bind9-9.18.41/lib/dns/rdata/any_255/tsig_250.c 2025-10-18 10:21:03.144261201 +0000 @@ -453,9 +453,7 @@ REQUIRE(rdata->length != 0); tsig = (dns_rdata_any_tsig_t *)target; - tsig->common.rdclass = rdata->rdclass; - tsig->common.rdtype = rdata->type; - ISC_LINK_INIT(&tsig->common, link); + DNS_RDATACOMMON_INIT(tsig, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); diff -Nru bind9-9.18.33/lib/dns/rdata/ch_3/a_1.c bind9-9.18.41/lib/dns/rdata/ch_3/a_1.c --- bind9-9.18.33/lib/dns/rdata/ch_3/a_1.c 2025-01-20 13:39:31.268357076 +0000 +++ bind9-9.18.41/lib/dns/rdata/ch_3/a_1.c 2025-10-18 10:21:03.144261201 +0000 @@ -225,9 +225,7 @@ REQUIRE(rdata->rdclass == dns_rdataclass_ch); REQUIRE(rdata->length != 0); - a->common.rdclass = rdata->rdclass; - a->common.rdtype = rdata->type; - ISC_LINK_INIT(&a->common, link); + DNS_RDATACOMMON_INIT(a, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/afsdb_18.c bind9-9.18.41/lib/dns/rdata/generic/afsdb_18.c --- bind9-9.18.33/lib/dns/rdata/generic/afsdb_18.c 2025-01-20 13:39:31.268357076 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/afsdb_18.c 2025-10-18 10:21:03.145261228 +0000 @@ -207,9 +207,7 @@ REQUIRE(afsdb != NULL); REQUIRE(rdata->length != 0); - afsdb->common.rdclass = rdata->rdclass; - afsdb->common.rdtype = rdata->type; - ISC_LINK_INIT(&afsdb->common, link); + DNS_RDATACOMMON_INIT(afsdb, rdata->type, rdata->rdclass); dns_name_init(&afsdb->server, NULL); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/amtrelay_260.c bind9-9.18.41/lib/dns/rdata/generic/amtrelay_260.c --- bind9-9.18.33/lib/dns/rdata/generic/amtrelay_260.c 2025-01-20 13:39:31.268357076 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/amtrelay_260.c 2025-10-18 10:21:03.145261228 +0000 @@ -314,9 +314,7 @@ REQUIRE(amtrelay != NULL); REQUIRE(rdata->length >= 2); - amtrelay->common.rdclass = rdata->rdclass; - amtrelay->common.rdtype = rdata->type; - ISC_LINK_INIT(&amtrelay->common, link); + DNS_RDATACOMMON_INIT(amtrelay, rdata->type, rdata->rdclass); dns_name_init(&amtrelay->gateway, NULL); amtrelay->data = NULL; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/avc_258.c bind9-9.18.41/lib/dns/rdata/generic/avc_258.c --- bind9-9.18.33/lib/dns/rdata/generic/avc_258.c 2025-01-20 13:39:31.269357094 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/avc_258.c 2025-10-18 10:21:03.145261228 +0000 @@ -75,9 +75,7 @@ REQUIRE(rdata->type == dns_rdatatype_avc); REQUIRE(avc != NULL); - avc->common.rdclass = rdata->rdclass; - avc->common.rdtype = rdata->type; - ISC_LINK_INIT(&avc->common, link); + DNS_RDATACOMMON_INIT(avc, rdata->type, rdata->rdclass); return generic_tostruct_txt(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/brid_68.c bind9-9.18.41/lib/dns/rdata/generic/brid_68.c --- bind9-9.18.33/lib/dns/rdata/generic/brid_68.c 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/brid_68.c 2025-10-18 10:21:03.145261228 +0000 @@ -0,0 +1,214 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#ifndef RDATA_GENERIC_BRID_68_C +#define RDATA_GENERIC_BRID_68_C + +#include + +#define RRTYPE_BRID_ATTRIBUTES (0) + +static isc_result_t +fromtext_brid(ARGS_FROMTEXT) { + REQUIRE(type == dns_rdatatype_brid); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(origin); + UNUSED(options); + UNUSED(callbacks); + + return isc_base64_tobuffer(lexer, target, -1); +} + +static isc_result_t +totext_brid(ARGS_TOTEXT) { + isc_region_t sr; + + REQUIRE(rdata->type == dns_rdatatype_brid); + REQUIRE(rdata->length > 0); + + dns_rdata_toregion(rdata, &sr); + + /* data */ + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) { + RETERR(str_totext(" (", target)); + } + + RETERR(str_totext(tctx->linebreak, target)); + + if (tctx->width == 0) { /* No splitting */ + RETERR(isc_base64_totext(&sr, 60, "", target)); + } else { + RETERR(isc_base64_totext(&sr, tctx->width - 2, tctx->linebreak, + target)); + } + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) { + RETERR(str_totext(" )", target)); + } + + return ISC_R_SUCCESS; +} + +static isc_result_t +fromwire_brid(ARGS_FROMWIRE) { + isc_region_t sr; + + REQUIRE(type == dns_rdatatype_brid); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(options); + UNUSED(dctx); + + isc_buffer_activeregion(source, &sr); + if (sr.length == 0) { + return ISC_R_UNEXPECTEDEND; + } + + RETERR(mem_tobuffer(target, sr.base, sr.length)); + isc_buffer_forward(source, sr.length); + return ISC_R_SUCCESS; +} + +static isc_result_t +towire_brid(ARGS_TOWIRE) { + REQUIRE(rdata->type == dns_rdatatype_brid); + REQUIRE(rdata->length >= 3); + + UNUSED(cctx); + + return mem_tobuffer(target, rdata->data, rdata->length); +} + +static int +compare_brid(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == dns_rdatatype_brid); + REQUIRE(rdata1->length > 0); + REQUIRE(rdata2->length > 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return isc_region_compare(&r1, &r2); +} + +static isc_result_t +fromstruct_brid(ARGS_FROMSTRUCT) { + dns_rdata_brid_t *brid = source; + + REQUIRE(type == dns_rdatatype_brid); + REQUIRE(brid != NULL); + REQUIRE(brid->common.rdtype == type); + REQUIRE(brid->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + /* Data */ + return mem_tobuffer(target, brid->data, brid->datalen); +} + +static isc_result_t +tostruct_brid(ARGS_TOSTRUCT) { + dns_rdata_brid_t *brid = target; + isc_region_t sr; + + REQUIRE(rdata->type == dns_rdatatype_brid); + REQUIRE(brid != NULL); + REQUIRE(rdata->length > 0); + + DNS_RDATACOMMON_INIT(brid, rdata->type, rdata->rdclass); + + dns_rdata_toregion(rdata, &sr); + + /* Data */ + brid->datalen = sr.length; + brid->data = mem_maybedup(mctx, sr.base, brid->datalen); + brid->mctx = mctx; + return ISC_R_SUCCESS; +} + +static void +freestruct_brid(ARGS_FREESTRUCT) { + dns_rdata_brid_t *brid = (dns_rdata_brid_t *)source; + + REQUIRE(brid != NULL); + REQUIRE(brid->common.rdtype == dns_rdatatype_brid); + + if (brid->mctx == NULL) { + return; + } + + if (brid->data != NULL) { + isc_mem_free(brid->mctx, brid->data); + } + brid->mctx = NULL; +} + +static isc_result_t +additionaldata_brid(ARGS_ADDLDATA) { + REQUIRE(rdata->type == dns_rdatatype_brid); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(add); + UNUSED(arg); + + return ISC_R_SUCCESS; +} + +static isc_result_t +digest_brid(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == dns_rdatatype_brid); + + dns_rdata_toregion(rdata, &r); + + return (digest)(arg, &r); +} + +static bool +checkowner_brid(ARGS_CHECKOWNER) { + REQUIRE(type == dns_rdatatype_brid); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return true; +} + +static bool +checknames_brid(ARGS_CHECKNAMES) { + REQUIRE(rdata->type == dns_rdatatype_brid); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return true; +} + +static int +casecompare_brid(ARGS_COMPARE) { + return compare_brid(rdata1, rdata2); +} +#endif /* RDATA_GENERIC_BRID_68_C */ diff -Nru bind9-9.18.33/lib/dns/rdata/generic/brid_68.h bind9-9.18.41/lib/dns/rdata/generic/brid_68.h --- bind9-9.18.33/lib/dns/rdata/generic/brid_68.h 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/brid_68.h 2025-10-18 10:21:03.145261228 +0000 @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#pragma once + +typedef struct dns_rdata_brid_t { + dns_rdatacommon_t common; + isc_mem_t *mctx; + uint16_t datalen; + unsigned char *data; +} dns_rdata_brid_t; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/caa_257.c bind9-9.18.41/lib/dns/rdata/generic/caa_257.c --- bind9-9.18.33/lib/dns/rdata/generic/caa_257.c 2025-01-20 13:39:31.269357094 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/caa_257.c 2025-10-18 10:21:03.145261228 +0000 @@ -499,9 +499,7 @@ REQUIRE(rdata->length >= 3U); REQUIRE(rdata->data != NULL); - caa->common.rdclass = rdata->rdclass; - caa->common.rdtype = rdata->type; - ISC_LINK_INIT(&caa->common, link); + DNS_RDATACOMMON_INIT(caa, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/cdnskey_60.c bind9-9.18.41/lib/dns/rdata/generic/cdnskey_60.c --- bind9-9.18.33/lib/dns/rdata/generic/cdnskey_60.c 2025-01-20 13:39:31.269357094 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/cdnskey_60.c 2025-10-18 10:21:03.146261255 +0000 @@ -88,9 +88,7 @@ REQUIRE(rdata != NULL); REQUIRE(rdata->type == dns_rdatatype_cdnskey); - dnskey->common.rdclass = rdata->rdclass; - dnskey->common.rdtype = rdata->type; - ISC_LINK_INIT(&dnskey->common, link); + DNS_RDATACOMMON_INIT(dnskey, rdata->type, rdata->rdclass); return generic_tostruct_key(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/cds_59.c bind9-9.18.41/lib/dns/rdata/generic/cds_59.c --- bind9-9.18.33/lib/dns/rdata/generic/cds_59.c 2025-01-20 13:39:31.269357094 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/cds_59.c 2025-10-18 10:21:03.146261255 +0000 @@ -89,9 +89,7 @@ /* * Checked by generic_tostruct_ds(). */ - cds->common.rdclass = rdata->rdclass; - cds->common.rdtype = rdata->type; - ISC_LINK_INIT(&cds->common, link); + DNS_RDATACOMMON_INIT(cds, rdata->type, rdata->rdclass); return generic_tostruct_ds(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/cert_37.c bind9-9.18.41/lib/dns/rdata/generic/cert_37.c --- bind9-9.18.33/lib/dns/rdata/generic/cert_37.c 2025-01-20 13:39:31.269357094 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/cert_37.c 2025-10-18 10:21:03.146261255 +0000 @@ -192,9 +192,7 @@ REQUIRE(cert != NULL); REQUIRE(rdata->length != 0); - cert->common.rdclass = rdata->rdclass; - cert->common.rdtype = rdata->type; - ISC_LINK_INIT(&cert->common, link); + DNS_RDATACOMMON_INIT(cert, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/cname_5.c bind9-9.18.41/lib/dns/rdata/generic/cname_5.c --- bind9-9.18.33/lib/dns/rdata/generic/cname_5.c 2025-01-20 13:39:31.270357111 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/cname_5.c 2025-10-18 10:21:03.146261255 +0000 @@ -147,9 +147,7 @@ REQUIRE(cname != NULL); REQUIRE(rdata->length != 0); - cname->common.rdclass = rdata->rdclass; - cname->common.rdtype = rdata->type; - ISC_LINK_INIT(&cname->common, link); + DNS_RDATACOMMON_INIT(cname, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/csync_62.c bind9-9.18.41/lib/dns/rdata/generic/csync_62.c --- bind9-9.18.33/lib/dns/rdata/generic/csync_62.c 2025-01-20 13:39:31.270357111 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/csync_62.c 2025-10-18 10:21:03.147261281 +0000 @@ -169,9 +169,7 @@ REQUIRE(csync != NULL); REQUIRE(rdata->length != 0); - csync->common.rdclass = rdata->rdclass; - csync->common.rdtype = rdata->type; - ISC_LINK_INIT(&csync->common, link); + DNS_RDATACOMMON_INIT(csync, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/dlv_32769.c bind9-9.18.41/lib/dns/rdata/generic/dlv_32769.c --- bind9-9.18.33/lib/dns/rdata/generic/dlv_32769.c 2025-01-20 13:39:31.270357111 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/dlv_32769.c 2025-10-18 10:21:03.147261281 +0000 @@ -85,9 +85,7 @@ REQUIRE(rdata->type == dns_rdatatype_dlv); REQUIRE(dlv != NULL); - dlv->common.rdclass = rdata->rdclass; - dlv->common.rdtype = rdata->type; - ISC_LINK_INIT(&dlv->common, link); + DNS_RDATACOMMON_INIT(dlv, rdata->type, rdata->rdclass); return generic_tostruct_ds(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/dname_39.c bind9-9.18.41/lib/dns/rdata/generic/dname_39.c --- bind9-9.18.33/lib/dns/rdata/generic/dname_39.c 2025-01-20 13:39:31.270357111 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/dname_39.c 2025-10-18 10:21:03.147261281 +0000 @@ -147,9 +147,7 @@ REQUIRE(dname != NULL); REQUIRE(rdata->length != 0); - dname->common.rdclass = rdata->rdclass; - dname->common.rdtype = rdata->type; - ISC_LINK_INIT(&dname->common, link); + DNS_RDATACOMMON_INIT(dname, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/dnskey_48.c bind9-9.18.41/lib/dns/rdata/generic/dnskey_48.c --- bind9-9.18.33/lib/dns/rdata/generic/dnskey_48.c 2025-01-20 13:39:31.270357111 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/dnskey_48.c 2025-10-18 10:21:03.147261281 +0000 @@ -89,9 +89,7 @@ REQUIRE(rdata != NULL); REQUIRE(rdata->type == dns_rdatatype_dnskey); - dnskey->common.rdclass = rdata->rdclass; - dnskey->common.rdtype = rdata->type; - ISC_LINK_INIT(&dnskey->common, link); + DNS_RDATACOMMON_INIT(dnskey, rdata->type, rdata->rdclass); return generic_tostruct_key(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/doa_259.c bind9-9.18.41/lib/dns/rdata/generic/doa_259.c --- bind9-9.18.33/lib/dns/rdata/generic/doa_259.c 2025-01-20 13:39:31.271357129 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/doa_259.c 2025-10-18 10:21:03.148261308 +0000 @@ -215,9 +215,7 @@ REQUIRE(doa != NULL); REQUIRE(rdata->length != 0); - doa->common.rdclass = rdata->rdclass; - doa->common.rdtype = rdata->type; - ISC_LINK_INIT(&doa->common, link); + DNS_RDATACOMMON_INIT(doa, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/ds_43.c bind9-9.18.41/lib/dns/rdata/generic/ds_43.c --- bind9-9.18.33/lib/dns/rdata/generic/ds_43.c 2025-01-20 13:39:31.271357129 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/ds_43.c 2025-10-18 10:21:03.148261308 +0000 @@ -308,9 +308,7 @@ REQUIRE(rdata->type == dns_rdatatype_ds); REQUIRE(ds != NULL); - ds->common.rdclass = rdata->rdclass; - ds->common.rdtype = rdata->type; - ISC_LINK_INIT(&ds->common, link); + DNS_RDATACOMMON_INIT(ds, rdata->type, rdata->rdclass); return generic_tostruct_ds(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/dsync_66.c bind9-9.18.41/lib/dns/rdata/generic/dsync_66.c --- bind9-9.18.33/lib/dns/rdata/generic/dsync_66.c 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/dsync_66.c 2025-10-18 10:21:03.148261308 +0000 @@ -0,0 +1,359 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#ifndef RDATA_GENERIC_DSYNC_66_C +#define RDATA_GENERIC_DSYNC_66_C + +#include + +#include + +#include +#include + +#define RRTYPE_DSYNC_ATTRIBUTES (0) + +static isc_result_t +fromtext_dsync(ARGS_FROMTEXT) { + isc_token_t token; + isc_result_t result; + dns_fixedname_t fn; + dns_name_t *name = dns_fixedname_initname(&fn); + isc_buffer_t buffer; + dns_rdatatype_t rrtype; + dns_dsyncscheme_t scheme; + bool ok = true; + + REQUIRE(type == dns_rdatatype_dsync); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(callbacks); + + /* + * RRtype + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + false)); + result = dns_rdatatype_fromtext(&rrtype, &token.value.as_textregion); + if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) { + char *e = NULL; + long i = strtol(DNS_AS_STR(token), &e, 10); + if (i < 0 || i > 65535) { + RETTOK(ISC_R_RANGE); + } + if (*e != 0) { + RETTOK(result); + } + rrtype = (dns_rdatatype_t)i; + } + RETERR(uint16_tobuffer(rrtype, target)); + + /* + * Scheme + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + false)); + RETERR(dns_dsyncscheme_fromtext(&scheme, &token.value.as_textregion)); + RETERR(uint8_tobuffer(scheme, target)); + + /* + * Port + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + false)); + if (token.value.as_ulong > 0xffffU) { + RETTOK(ISC_R_RANGE); + } + RETERR(uint16_tobuffer(token.value.as_ulong, target)); + + /* + * Target + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + false)); + + buffer_fromregion(&buffer, &token.value.as_region); + if (origin == NULL) { + origin = dns_rootname; + } + RETTOK(dns_name_fromtext(name, &buffer, origin, options, target)); + if ((options & DNS_RDATA_CHECKNAMES) != 0) { + ok = dns_name_ishostname(name, false); + } + if (!ok && (options & DNS_RDATA_CHECKNAMESFAIL) != 0) { + RETTOK(DNS_R_BADNAME); + } + if (!ok && callbacks != NULL) { + warn_badname(name, lexer, callbacks); + } + return ISC_R_SUCCESS; +} + +static isc_result_t +totext_dsync(ARGS_TOTEXT) { + isc_region_t region; + dns_name_t name; + dns_name_t prefix; + unsigned int opts; + char buf[sizeof("TYPE64000")]; + unsigned short num; + dns_rdatatype_t type; + dns_dsyncscheme_t scheme; + + REQUIRE(rdata->type == dns_rdatatype_dsync); + REQUIRE(rdata->length != 0); + + dns_name_init(&name, NULL); + dns_name_init(&prefix, NULL); + + dns_rdata_toregion(rdata, ®ion); + + /* + * Type. + */ + type = uint16_fromregion(®ion); + isc_region_consume(®ion, 2); + /* + * XXXAG We should have something like dns_rdatatype_isknown() + * that does the right thing with type 0. + */ + if (dns_rdatatype_isknown(type) && type != 0) { + RETERR(dns_rdatatype_totext(type, target)); + } else { + snprintf(buf, sizeof(buf), "TYPE%u", type); + RETERR(str_totext(buf, target)); + } + RETERR(str_totext(" ", target)); + + /* + * Scheme. + */ + scheme = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + RETERR(dns_dsyncscheme_totext(scheme, target)); + + RETERR(str_totext(" ", target)); + + /* + * Port + */ + num = uint16_fromregion(®ion); + isc_region_consume(®ion, 2); + snprintf(buf, sizeof(buf), "%u", num); + RETERR(str_totext(buf, target)); + + RETERR(str_totext(" ", target)); + + /* + * Target + */ + dns_name_fromregion(&name, ®ion); + opts = name_prefix(&name, tctx->origin, &prefix) ? DNS_NAME_OMITFINALDOT + : 0; + return dns_name_totext(&prefix, opts, target); +} + +static isc_result_t +fromwire_dsync(ARGS_FROMWIRE) { + dns_name_t name; + isc_region_t sregion; + + REQUIRE(type == dns_rdatatype_dsync); + + UNUSED(type); + UNUSED(rdclass); + + dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE); + + dns_name_init(&name, NULL); + + isc_buffer_activeregion(source, &sregion); + if (sregion.length < 5) { + return ISC_R_UNEXPECTEDEND; + } + RETERR(mem_tobuffer(target, sregion.base, 5)); + isc_buffer_forward(source, 5); + return dns_name_fromwire(&name, source, dctx, options, target); +} + +static isc_result_t +towire_dsync(ARGS_TOWIRE) { + dns_name_t name; + isc_region_t region; + + REQUIRE(rdata->type == dns_rdatatype_dsync); + REQUIRE(rdata->length != 0); + + dns_compress_setmethods(cctx, DNS_COMPRESS_NONE); + + dns_rdata_toregion(rdata, ®ion); + RETERR(mem_tobuffer(target, region.base, 5)); + isc_region_consume(®ion, 5); + + dns_name_init(&name, NULL); + dns_name_fromregion(&name, ®ion); + + return dns_name_towire(&name, cctx, target); +} + +static int +compare_dsync(ARGS_COMPARE) { + isc_region_t region1; + isc_region_t region2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == dns_rdatatype_dsync); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, ®ion1); + dns_rdata_toregion(rdata2, ®ion2); + return isc_region_compare(®ion1, ®ion2); +} + +static isc_result_t +fromstruct_dsync(ARGS_FROMSTRUCT) { + dns_rdata_dsync_t *dsync = source; + isc_region_t region; + + REQUIRE(type == dns_rdatatype_dsync); + REQUIRE(dsync != NULL); + REQUIRE(dsync->common.rdtype == type); + REQUIRE(dsync->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + RETERR(uint16_tobuffer(dsync->type, target)); + RETERR(uint16_tobuffer(dsync->scheme, target)); + RETERR(uint16_tobuffer(dsync->port, target)); + dns_name_toregion(&dsync->target, ®ion); + return isc_buffer_copyregion(target, ®ion); +} + +static isc_result_t +tostruct_dsync(ARGS_TOSTRUCT) { + isc_region_t region; + dns_rdata_dsync_t *dsync = target; + dns_name_t name; + + REQUIRE(rdata->type == dns_rdatatype_dsync); + REQUIRE(dsync != NULL); + REQUIRE(rdata->length != 0); + + DNS_RDATACOMMON_INIT(dsync, rdata->type, rdata->rdclass); + + dns_name_init(&name, NULL); + dns_rdata_toregion(rdata, ®ion); + dsync->type = uint16_fromregion(®ion); + isc_region_consume(®ion, 2); + dsync->scheme = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + dsync->port = uint16_fromregion(®ion); + isc_region_consume(®ion, 2); + dns_name_fromregion(&name, ®ion); + dns_name_init(&dsync->target, NULL); + name_duporclone(&name, mctx, &dsync->target); + dsync->mctx = mctx; + return ISC_R_SUCCESS; +} + +static void +freestruct_dsync(ARGS_FREESTRUCT) { + dns_rdata_dsync_t *dsync = source; + + REQUIRE(dsync != NULL); + REQUIRE(dsync->common.rdtype == dns_rdatatype_dsync); + + if (dsync->mctx == NULL) { + return; + } + + dns_name_free(&dsync->target, dsync->mctx); + dsync->mctx = NULL; +} + +static isc_result_t +additionaldata_dsync(ARGS_ADDLDATA) { + dns_name_t name; + isc_region_t region; + + REQUIRE(rdata->type == dns_rdatatype_dsync); + + UNUSED(owner); + + dns_name_init(&name, NULL); + dns_rdata_toregion(rdata, ®ion); + isc_region_consume(®ion, 5); + dns_name_fromregion(&name, ®ion); + + if (dns_name_equal(&name, dns_rootname)) { + return ISC_R_SUCCESS; + } + + return (add)(arg, &name, dns_rdatatype_a, NULL); +} + +static isc_result_t +digest_dsync(ARGS_DIGEST) { + isc_region_t r1; + + REQUIRE(rdata->type == dns_rdatatype_dsync); + + dns_rdata_toregion(rdata, &r1); + return (digest)(arg, &r1); +} + +static bool +checkowner_dsync(ARGS_CHECKOWNER) { + REQUIRE(type == dns_rdatatype_dsync); + + UNUSED(name); + UNUSED(rdclass); + UNUSED(type); + UNUSED(wildcard); + + return true; +} + +static bool +checknames_dsync(ARGS_CHECKNAMES) { + isc_region_t region; + dns_name_t name; + + REQUIRE(rdata->type == dns_rdatatype_dsync); + REQUIRE(rdata->length > 5); + + UNUSED(owner); + + dns_rdata_toregion(rdata, ®ion); + isc_region_consume(®ion, 5); + dns_name_init(&name, NULL); + dns_name_fromregion(&name, ®ion); + if (!dns_name_ishostname(&name, false)) { + if (bad != NULL) { + dns_name_clone(&name, bad); + } + return false; + } + return true; +} + +static int +casecompare_dsync(ARGS_COMPARE) { + return compare_dsync(rdata1, rdata2); +} + +#endif /* RDATA_GENERIC_DSYNC_66_C */ diff -Nru bind9-9.18.33/lib/dns/rdata/generic/dsync_66.h bind9-9.18.41/lib/dns/rdata/generic/dsync_66.h --- bind9-9.18.33/lib/dns/rdata/generic/dsync_66.h 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/dsync_66.h 2025-10-18 10:21:03.148261308 +0000 @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* */ +#pragma once + +typedef struct dns_rdata_dsync { + dns_rdatacommon_t common; + isc_mem_t *mctx; + uint16_t type; + uint8_t scheme; + uint16_t port; + dns_name_t target; +} dns_rdata_dsync_t; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/eui48_108.c bind9-9.18.41/lib/dns/rdata/generic/eui48_108.c --- bind9-9.18.33/lib/dns/rdata/generic/eui48_108.c 2025-01-20 13:39:31.271357129 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/eui48_108.c 2025-10-18 10:21:03.148261308 +0000 @@ -137,9 +137,7 @@ UNUSED(mctx); - eui48->common.rdclass = rdata->rdclass; - eui48->common.rdtype = rdata->type; - ISC_LINK_INIT(&eui48->common, link); + DNS_RDATACOMMON_INIT(eui48, rdata->type, rdata->rdclass); memmove(eui48->eui48, rdata->data, rdata->length); return ISC_R_SUCCESS; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/eui64_109.c bind9-9.18.41/lib/dns/rdata/generic/eui64_109.c --- bind9-9.18.33/lib/dns/rdata/generic/eui64_109.c 2025-01-20 13:39:31.271357129 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/eui64_109.c 2025-10-18 10:21:03.148261308 +0000 @@ -140,9 +140,7 @@ UNUSED(mctx); - eui64->common.rdclass = rdata->rdclass; - eui64->common.rdtype = rdata->type; - ISC_LINK_INIT(&eui64->common, link); + DNS_RDATACOMMON_INIT(eui64, rdata->type, rdata->rdclass); memmove(eui64->eui64, rdata->data, rdata->length); return ISC_R_SUCCESS; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/gpos_27.c bind9-9.18.41/lib/dns/rdata/generic/gpos_27.c --- bind9-9.18.33/lib/dns/rdata/generic/gpos_27.c 2025-01-20 13:39:31.271357129 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/gpos_27.c 2025-10-18 10:21:03.149261335 +0000 @@ -133,9 +133,7 @@ REQUIRE(gpos != NULL); REQUIRE(rdata->length != 0); - gpos->common.rdclass = rdata->rdclass; - gpos->common.rdtype = rdata->type; - ISC_LINK_INIT(&gpos->common, link); + DNS_RDATACOMMON_INIT(gpos, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); gpos->long_len = uint8_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/hhit_67.c bind9-9.18.41/lib/dns/rdata/generic/hhit_67.c --- bind9-9.18.33/lib/dns/rdata/generic/hhit_67.c 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/hhit_67.c 2025-10-18 10:21:03.149261335 +0000 @@ -0,0 +1,214 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#ifndef RDATA_GENERIC_HHIT_67_C +#define RDATA_GENERIC_HHIT_67_C + +#include + +#define RRTYPE_HHIT_ATTRIBUTES (0) + +static isc_result_t +fromtext_hhit(ARGS_FROMTEXT) { + REQUIRE(type == dns_rdatatype_hhit); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(origin); + UNUSED(options); + UNUSED(callbacks); + + return isc_base64_tobuffer(lexer, target, -1); +} + +static isc_result_t +totext_hhit(ARGS_TOTEXT) { + isc_region_t sr; + + REQUIRE(rdata->type == dns_rdatatype_hhit); + REQUIRE(rdata->length > 0); + + dns_rdata_toregion(rdata, &sr); + + /* data */ + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) { + RETERR(str_totext(" (", target)); + } + + RETERR(str_totext(tctx->linebreak, target)); + + if (tctx->width == 0) { /* No splitting */ + RETERR(isc_base64_totext(&sr, 60, "", target)); + } else { + RETERR(isc_base64_totext(&sr, tctx->width - 2, tctx->linebreak, + target)); + } + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) { + RETERR(str_totext(" )", target)); + } + + return ISC_R_SUCCESS; +} + +static isc_result_t +fromwire_hhit(ARGS_FROMWIRE) { + isc_region_t sr; + + REQUIRE(type == dns_rdatatype_hhit); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(options); + UNUSED(dctx); + + isc_buffer_activeregion(source, &sr); + if (sr.length == 0) { + return ISC_R_UNEXPECTEDEND; + } + + RETERR(mem_tobuffer(target, sr.base, sr.length)); + isc_buffer_forward(source, sr.length); + return ISC_R_SUCCESS; +} + +static isc_result_t +towire_hhit(ARGS_TOWIRE) { + REQUIRE(rdata->type == dns_rdatatype_hhit); + REQUIRE(rdata->length >= 3); + + UNUSED(cctx); + + return mem_tobuffer(target, rdata->data, rdata->length); +} + +static int +compare_hhit(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == dns_rdatatype_hhit); + REQUIRE(rdata1->length > 0); + REQUIRE(rdata2->length > 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return isc_region_compare(&r1, &r2); +} + +static isc_result_t +fromstruct_hhit(ARGS_FROMSTRUCT) { + dns_rdata_hhit_t *hhit = source; + + REQUIRE(type == dns_rdatatype_hhit); + REQUIRE(hhit != NULL); + REQUIRE(hhit->common.rdtype == type); + REQUIRE(hhit->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + /* Data */ + return mem_tobuffer(target, hhit->data, hhit->datalen); +} + +static isc_result_t +tostruct_hhit(ARGS_TOSTRUCT) { + dns_rdata_hhit_t *hhit = target; + isc_region_t sr; + + REQUIRE(rdata->type == dns_rdatatype_hhit); + REQUIRE(hhit != NULL); + REQUIRE(rdata->length > 0); + + DNS_RDATACOMMON_INIT(hhit, rdata->type, rdata->rdclass); + + dns_rdata_toregion(rdata, &sr); + + /* Data */ + hhit->datalen = sr.length; + hhit->data = mem_maybedup(mctx, sr.base, hhit->datalen); + hhit->mctx = mctx; + return ISC_R_SUCCESS; +} + +static void +freestruct_hhit(ARGS_FREESTRUCT) { + dns_rdata_hhit_t *hhit = (dns_rdata_hhit_t *)source; + + REQUIRE(hhit != NULL); + REQUIRE(hhit->common.rdtype == dns_rdatatype_hhit); + + if (hhit->mctx == NULL) { + return; + } + + if (hhit->data != NULL) { + isc_mem_free(hhit->mctx, hhit->data); + } + hhit->mctx = NULL; +} + +static isc_result_t +additionaldata_hhit(ARGS_ADDLDATA) { + REQUIRE(rdata->type == dns_rdatatype_hhit); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(add); + UNUSED(arg); + + return ISC_R_SUCCESS; +} + +static isc_result_t +digest_hhit(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == dns_rdatatype_hhit); + + dns_rdata_toregion(rdata, &r); + + return (digest)(arg, &r); +} + +static bool +checkowner_hhit(ARGS_CHECKOWNER) { + REQUIRE(type == dns_rdatatype_hhit); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return true; +} + +static bool +checknames_hhit(ARGS_CHECKNAMES) { + REQUIRE(rdata->type == dns_rdatatype_hhit); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return true; +} + +static int +casecompare_hhit(ARGS_COMPARE) { + return compare_hhit(rdata1, rdata2); +} +#endif /* RDATA_GENERIC_HHIT_67_C */ diff -Nru bind9-9.18.33/lib/dns/rdata/generic/hhit_67.h bind9-9.18.41/lib/dns/rdata/generic/hhit_67.h --- bind9-9.18.33/lib/dns/rdata/generic/hhit_67.h 1970-01-01 00:00:00.000000000 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/hhit_67.h 2025-10-18 10:21:03.149261335 +0000 @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#pragma once + +typedef struct dns_rdata_hhit_t { + dns_rdatacommon_t common; + isc_mem_t *mctx; + uint16_t datalen; + unsigned char *data; +} dns_rdata_hhit_t; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/hinfo_13.c bind9-9.18.41/lib/dns/rdata/generic/hinfo_13.c --- bind9-9.18.33/lib/dns/rdata/generic/hinfo_13.c 2025-01-20 13:39:31.272357147 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/hinfo_13.c 2025-10-18 10:21:03.149261335 +0000 @@ -117,9 +117,7 @@ REQUIRE(hinfo != NULL); REQUIRE(rdata->length != 0); - hinfo->common.rdclass = rdata->rdclass; - hinfo->common.rdtype = rdata->type; - ISC_LINK_INIT(&hinfo->common, link); + DNS_RDATACOMMON_INIT(hinfo, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); hinfo->cpu_len = uint8_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/hip_55.c bind9-9.18.41/lib/dns/rdata/generic/hip_55.c --- bind9-9.18.33/lib/dns/rdata/generic/hip_55.c 2025-01-20 13:39:31.272357147 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/hip_55.c 2025-10-18 10:21:03.149261335 +0000 @@ -306,9 +306,7 @@ REQUIRE(hip != NULL); REQUIRE(rdata->length != 0); - hip->common.rdclass = rdata->rdclass; - hip->common.rdtype = rdata->type; - ISC_LINK_INIT(&hip->common, link); + DNS_RDATACOMMON_INIT(hip, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/ipseckey_45.c bind9-9.18.41/lib/dns/rdata/generic/ipseckey_45.c --- bind9-9.18.33/lib/dns/rdata/generic/ipseckey_45.c 2025-01-20 13:39:31.272357147 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/ipseckey_45.c 2025-10-18 10:21:03.149261335 +0000 @@ -357,9 +357,7 @@ return ISC_R_NOTIMPLEMENTED; } - ipseckey->common.rdclass = rdata->rdclass; - ipseckey->common.rdtype = rdata->type; - ISC_LINK_INIT(&ipseckey->common, link); + DNS_RDATACOMMON_INIT(ipseckey, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/isdn_20.c bind9-9.18.41/lib/dns/rdata/generic/isdn_20.c --- bind9-9.18.33/lib/dns/rdata/generic/isdn_20.c 2025-01-20 13:39:31.272357147 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/isdn_20.c 2025-10-18 10:21:03.150261361 +0000 @@ -138,9 +138,7 @@ REQUIRE(isdn != NULL); REQUIRE(rdata->length != 0); - isdn->common.rdclass = rdata->rdclass; - isdn->common.rdtype = rdata->type; - ISC_LINK_INIT(&isdn->common, link); + DNS_RDATACOMMON_INIT(isdn, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/key_25.c bind9-9.18.41/lib/dns/rdata/generic/key_25.c --- bind9-9.18.33/lib/dns/rdata/generic/key_25.c 2025-01-20 13:39:31.272357147 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/key_25.c 2025-10-18 10:21:03.150261361 +0000 @@ -395,9 +395,7 @@ REQUIRE(rdata != NULL); REQUIRE(rdata->type == dns_rdatatype_key); - key->common.rdclass = rdata->rdclass; - key->common.rdtype = rdata->type; - ISC_LINK_INIT(&key->common, link); + DNS_RDATACOMMON_INIT(key, rdata->type, rdata->rdclass); return generic_tostruct_key(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/keydata_65533.c bind9-9.18.41/lib/dns/rdata/generic/keydata_65533.c --- bind9-9.18.33/lib/dns/rdata/generic/keydata_65533.c 2025-01-20 13:39:31.273357164 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/keydata_65533.c 2025-10-18 10:21:03.150261361 +0000 @@ -333,9 +333,7 @@ REQUIRE(rdata->type == dns_rdatatype_keydata); REQUIRE(keydata != NULL); - keydata->common.rdclass = rdata->rdclass; - keydata->common.rdtype = rdata->type; - ISC_LINK_INIT(&keydata->common, link); + DNS_RDATACOMMON_INIT(keydata, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/l32_105.c bind9-9.18.41/lib/dns/rdata/generic/l32_105.c --- bind9-9.18.33/lib/dns/rdata/generic/l32_105.c 2025-01-20 13:39:31.273357164 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/l32_105.c 2025-10-18 10:21:03.150261361 +0000 @@ -153,9 +153,7 @@ UNUSED(mctx); - l32->common.rdclass = rdata->rdclass; - l32->common.rdtype = rdata->type; - ISC_LINK_INIT(&l32->common, link); + DNS_RDATACOMMON_INIT(l32, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); l32->pref = uint16_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/l64_106.c bind9-9.18.41/lib/dns/rdata/generic/l64_106.c --- bind9-9.18.33/lib/dns/rdata/generic/l64_106.c 2025-01-20 13:39:31.273357164 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/l64_106.c 2025-10-18 10:21:03.150261361 +0000 @@ -148,9 +148,7 @@ UNUSED(mctx); - l64->common.rdclass = rdata->rdclass; - l64->common.rdtype = rdata->type; - ISC_LINK_INIT(&l64->common, link); + DNS_RDATACOMMON_INIT(l64, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); l64->pref = uint16_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/loc_29.c bind9-9.18.41/lib/dns/rdata/generic/loc_29.c --- bind9-9.18.33/lib/dns/rdata/generic/loc_29.c 2025-01-20 13:39:31.273357164 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/loc_29.c 2025-10-18 10:21:03.151261388 +0000 @@ -753,9 +753,7 @@ return ISC_R_NOTIMPLEMENTED; } - loc->common.rdclass = rdata->rdclass; - loc->common.rdtype = rdata->type; - ISC_LINK_INIT(&loc->common, link); + DNS_RDATACOMMON_INIT(loc, rdata->type, rdata->rdclass); loc->v.v0.version = version; isc_region_consume(&r, 1); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/lp_107.c bind9-9.18.41/lib/dns/rdata/generic/lp_107.c --- bind9-9.18.33/lib/dns/rdata/generic/lp_107.c 2025-01-20 13:39:31.273357164 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/lp_107.c 2025-10-18 10:21:03.151261388 +0000 @@ -156,9 +156,7 @@ REQUIRE(lp != NULL); REQUIRE(rdata->length != 0); - lp->common.rdclass = rdata->rdclass; - lp->common.rdtype = rdata->type; - ISC_LINK_INIT(&lp->common, link); + DNS_RDATACOMMON_INIT(lp, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/mb_7.c bind9-9.18.41/lib/dns/rdata/generic/mb_7.c --- bind9-9.18.33/lib/dns/rdata/generic/mb_7.c 2025-01-20 13:39:31.274357182 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/mb_7.c 2025-10-18 10:21:03.151261388 +0000 @@ -146,9 +146,7 @@ REQUIRE(mb != NULL); REQUIRE(rdata->length != 0); - mb->common.rdclass = rdata->rdclass; - mb->common.rdtype = rdata->type; - ISC_LINK_INIT(&mb->common, link); + DNS_RDATACOMMON_INIT(mb, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/md_3.c bind9-9.18.41/lib/dns/rdata/generic/md_3.c --- bind9-9.18.33/lib/dns/rdata/generic/md_3.c 2025-01-20 13:39:31.274357182 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/md_3.c 2025-10-18 10:21:03.151261388 +0000 @@ -146,9 +146,7 @@ REQUIRE(md != NULL); REQUIRE(rdata->length != 0); - md->common.rdclass = rdata->rdclass; - md->common.rdtype = rdata->type; - ISC_LINK_INIT(&md->common, link); + DNS_RDATACOMMON_INIT(md, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, &r); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/mf_4.c bind9-9.18.41/lib/dns/rdata/generic/mf_4.c --- bind9-9.18.33/lib/dns/rdata/generic/mf_4.c 2025-01-20 13:39:31.274357182 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/mf_4.c 2025-10-18 10:21:03.152261415 +0000 @@ -146,9 +146,7 @@ REQUIRE(mf != NULL); REQUIRE(rdata->length != 0); - mf->common.rdclass = rdata->rdclass; - mf->common.rdtype = rdata->type; - ISC_LINK_INIT(&mf->common, link); + DNS_RDATACOMMON_INIT(mf, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, &r); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/mg_8.c bind9-9.18.41/lib/dns/rdata/generic/mg_8.c --- bind9-9.18.33/lib/dns/rdata/generic/mg_8.c 2025-01-20 13:39:31.274357182 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/mg_8.c 2025-10-18 10:21:03.152261415 +0000 @@ -146,9 +146,7 @@ REQUIRE(mg != NULL); REQUIRE(rdata->length != 0); - mg->common.rdclass = rdata->rdclass; - mg->common.rdtype = rdata->type; - ISC_LINK_INIT(&mg->common, link); + DNS_RDATACOMMON_INIT(mg, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/minfo_14.c bind9-9.18.41/lib/dns/rdata/generic/minfo_14.c --- bind9-9.18.33/lib/dns/rdata/generic/minfo_14.c 2025-01-20 13:39:31.274357182 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/minfo_14.c 2025-10-18 10:21:03.152261415 +0000 @@ -206,9 +206,7 @@ REQUIRE(minfo != NULL); REQUIRE(rdata->length != 0); - minfo->common.rdclass = rdata->rdclass; - minfo->common.rdtype = rdata->type; - ISC_LINK_INIT(&minfo->common, link); + DNS_RDATACOMMON_INIT(minfo, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/mr_9.c bind9-9.18.41/lib/dns/rdata/generic/mr_9.c --- bind9-9.18.33/lib/dns/rdata/generic/mr_9.c 2025-01-20 13:39:31.274357182 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/mr_9.c 2025-10-18 10:21:03.152261415 +0000 @@ -146,9 +146,7 @@ REQUIRE(mr != NULL); REQUIRE(rdata->length != 0); - mr->common.rdclass = rdata->rdclass; - mr->common.rdtype = rdata->type; - ISC_LINK_INIT(&mr->common, link); + DNS_RDATACOMMON_INIT(mr, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/mx_15.c bind9-9.18.41/lib/dns/rdata/generic/mx_15.c --- bind9-9.18.33/lib/dns/rdata/generic/mx_15.c 2025-01-20 13:39:31.275357200 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/mx_15.c 2025-10-18 10:21:03.152261415 +0000 @@ -230,9 +230,7 @@ REQUIRE(mx != NULL); REQUIRE(rdata->length != 0); - mx->common.rdclass = rdata->rdclass; - mx->common.rdtype = rdata->type; - ISC_LINK_INIT(&mx->common, link); + DNS_RDATACOMMON_INIT(mx, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/naptr_35.c bind9-9.18.41/lib/dns/rdata/generic/naptr_35.c --- bind9-9.18.33/lib/dns/rdata/generic/naptr_35.c 2025-01-20 13:39:31.275357200 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/naptr_35.c 2025-10-18 10:21:03.152261415 +0000 @@ -501,9 +501,7 @@ REQUIRE(naptr != NULL); REQUIRE(rdata->length != 0); - naptr->common.rdclass = rdata->rdclass; - naptr->common.rdtype = rdata->type; - ISC_LINK_INIT(&naptr->common, link); + DNS_RDATACOMMON_INIT(naptr, rdata->type, rdata->rdclass); naptr->flags = NULL; naptr->service = NULL; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/nid_104.c bind9-9.18.41/lib/dns/rdata/generic/nid_104.c --- bind9-9.18.33/lib/dns/rdata/generic/nid_104.c 2025-01-20 13:39:31.275357200 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/nid_104.c 2025-10-18 10:21:03.153261442 +0000 @@ -148,9 +148,7 @@ UNUSED(mctx); - nid->common.rdclass = rdata->rdclass; - nid->common.rdtype = rdata->type; - ISC_LINK_INIT(&nid->common, link); + DNS_RDATACOMMON_INIT(nid, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); nid->pref = uint16_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/ninfo_56.c bind9-9.18.41/lib/dns/rdata/generic/ninfo_56.c --- bind9-9.18.33/lib/dns/rdata/generic/ninfo_56.c 2025-01-20 13:39:31.275357200 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/ninfo_56.c 2025-10-18 10:21:03.153261442 +0000 @@ -75,9 +75,7 @@ REQUIRE(rdata->type == dns_rdatatype_ninfo); REQUIRE(ninfo != NULL); - ninfo->common.rdclass = rdata->rdclass; - ninfo->common.rdtype = rdata->type; - ISC_LINK_INIT(&ninfo->common, link); + DNS_RDATACOMMON_INIT(ninfo, rdata->type, rdata->rdclass); return generic_tostruct_txt(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/ns_2.c bind9-9.18.41/lib/dns/rdata/generic/ns_2.c --- bind9-9.18.33/lib/dns/rdata/generic/ns_2.c 2025-01-20 13:39:31.275357200 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/ns_2.c 2025-10-18 10:21:03.153261442 +0000 @@ -157,9 +157,7 @@ REQUIRE(ns != NULL); REQUIRE(rdata->length != 0); - ns->common.rdclass = rdata->rdclass; - ns->common.rdtype = rdata->type; - ISC_LINK_INIT(&ns->common, link); + DNS_RDATACOMMON_INIT(ns, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/nsec3_50.c bind9-9.18.41/lib/dns/rdata/generic/nsec3_50.c --- bind9-9.18.33/lib/dns/rdata/generic/nsec3_50.c 2025-01-20 13:39:31.275357200 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/nsec3_50.c 2025-10-18 10:21:03.153261442 +0000 @@ -293,9 +293,7 @@ REQUIRE(nsec3 != NULL); REQUIRE(rdata->length != 0); - nsec3->common.rdclass = rdata->rdclass; - nsec3->common.rdtype = rdata->type; - ISC_LINK_INIT(&nsec3->common, link); + DNS_RDATACOMMON_INIT(nsec3, rdata->type, rdata->rdclass); region.base = rdata->data; region.length = rdata->length; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/nsec3param_51.c bind9-9.18.41/lib/dns/rdata/generic/nsec3param_51.c --- bind9-9.18.33/lib/dns/rdata/generic/nsec3param_51.c 2025-01-20 13:39:31.276357217 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/nsec3param_51.c 2025-10-18 10:21:03.154261468 +0000 @@ -229,9 +229,7 @@ REQUIRE(nsec3param != NULL); REQUIRE(rdata->length != 0); - nsec3param->common.rdclass = rdata->rdclass; - nsec3param->common.rdtype = rdata->type; - ISC_LINK_INIT(&nsec3param->common, link); + DNS_RDATACOMMON_INIT(nsec3param, rdata->type, rdata->rdclass); region.base = rdata->data; region.length = rdata->length; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/nsec_47.c bind9-9.18.41/lib/dns/rdata/generic/nsec_47.c --- bind9-9.18.33/lib/dns/rdata/generic/nsec_47.c 2025-01-20 13:39:31.276357217 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/nsec_47.c 2025-10-18 10:21:03.154261468 +0000 @@ -165,9 +165,7 @@ REQUIRE(nsec != NULL); REQUIRE(rdata->length != 0); - nsec->common.rdclass = rdata->rdclass; - nsec->common.rdtype = rdata->type; - ISC_LINK_INIT(&nsec->common, link); + DNS_RDATACOMMON_INIT(nsec, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/null_10.c bind9-9.18.41/lib/dns/rdata/generic/null_10.c --- bind9-9.18.33/lib/dns/rdata/generic/null_10.c 2025-01-20 13:39:31.276357217 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/null_10.c 2025-10-18 10:21:03.154261468 +0000 @@ -101,9 +101,7 @@ REQUIRE(rdata->type == dns_rdatatype_null); REQUIRE(null != NULL); - null->common.rdclass = rdata->rdclass; - null->common.rdtype = rdata->type; - ISC_LINK_INIT(&null->common, link); + DNS_RDATACOMMON_INIT(null, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); null->length = r.length; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/nxt_30.c bind9-9.18.41/lib/dns/rdata/generic/nxt_30.c --- bind9-9.18.33/lib/dns/rdata/generic/nxt_30.c 2025-01-20 13:39:31.276357217 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/nxt_30.c 2025-10-18 10:21:03.154261468 +0000 @@ -244,9 +244,7 @@ REQUIRE(nxt != NULL); REQUIRE(rdata->length != 0); - nxt->common.rdclass = rdata->rdclass; - nxt->common.rdtype = rdata->type; - ISC_LINK_INIT(&nxt->common, link); + DNS_RDATACOMMON_INIT(nxt, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/openpgpkey_61.c bind9-9.18.41/lib/dns/rdata/generic/openpgpkey_61.c --- bind9-9.18.33/lib/dns/rdata/generic/openpgpkey_61.c 2025-01-20 13:39:31.276357217 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/openpgpkey_61.c 2025-10-18 10:21:03.154261468 +0000 @@ -145,9 +145,7 @@ REQUIRE(sig != NULL); REQUIRE(rdata->length != 0); - sig->common.rdclass = rdata->rdclass; - sig->common.rdtype = rdata->type; - ISC_LINK_INIT(&sig->common, link); + DNS_RDATACOMMON_INIT(sig, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/opt_41.c bind9-9.18.41/lib/dns/rdata/generic/opt_41.c --- bind9-9.18.33/lib/dns/rdata/generic/opt_41.c 2025-01-20 13:39:31.277357235 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/opt_41.c 2025-10-18 10:21:03.155261495 +0000 @@ -44,7 +44,7 @@ static isc_result_t totext_opt(ARGS_TOTEXT) { isc_region_t r; - isc_region_t or ; + isc_region_t or; uint16_t option; uint16_t length; char buf[sizeof("64000 64000")]; @@ -323,9 +323,7 @@ REQUIRE(rdata->type == dns_rdatatype_opt); REQUIRE(opt != NULL); - opt->common.rdclass = rdata->rdclass; - opt->common.rdtype = rdata->type; - ISC_LINK_INIT(&opt->common, link); + DNS_RDATACOMMON_INIT(opt, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); opt->length = r.length; diff -Nru bind9-9.18.33/lib/dns/rdata/generic/ptr_12.c bind9-9.18.41/lib/dns/rdata/generic/ptr_12.c --- bind9-9.18.33/lib/dns/rdata/generic/ptr_12.c 2025-01-20 13:39:31.277357235 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/ptr_12.c 2025-10-18 10:21:03.155261495 +0000 @@ -159,9 +159,7 @@ REQUIRE(ptr != NULL); REQUIRE(rdata->length != 0); - ptr->common.rdclass = rdata->rdclass; - ptr->common.rdtype = rdata->type; - ISC_LINK_INIT(&ptr->common, link); + DNS_RDATACOMMON_INIT(ptr, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/resinfo_261.c bind9-9.18.41/lib/dns/rdata/generic/resinfo_261.c --- bind9-9.18.33/lib/dns/rdata/generic/resinfo_261.c 2025-01-20 13:39:31.277357235 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/resinfo_261.c 2025-10-18 10:21:03.155261495 +0000 @@ -76,9 +76,7 @@ REQUIRE(rdata != NULL); REQUIRE(rdata->type == dns_rdatatype_resinfo); - resinfo->common.rdclass = rdata->rdclass; - resinfo->common.rdtype = rdata->type; - ISC_LINK_INIT(&resinfo->common, link); + DNS_RDATACOMMON_INIT(resinfo, rdata->type, rdata->rdclass); return generic_tostruct_txt(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/rkey_57.c bind9-9.18.41/lib/dns/rdata/generic/rkey_57.c --- bind9-9.18.33/lib/dns/rdata/generic/rkey_57.c 2025-01-20 13:39:31.277357235 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/rkey_57.c 2025-10-18 10:21:03.155261495 +0000 @@ -85,9 +85,7 @@ REQUIRE(rdata != NULL); REQUIRE(rdata->type == dns_rdatatype_rkey); - rkey->common.rdclass = rdata->rdclass; - rkey->common.rdtype = rdata->type; - ISC_LINK_INIT(&rkey->common, link); + DNS_RDATACOMMON_INIT(rkey, rdata->type, rdata->rdclass); return generic_tostruct_key(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/rp_17.c bind9-9.18.41/lib/dns/rdata/generic/rp_17.c --- bind9-9.18.33/lib/dns/rdata/generic/rp_17.c 2025-01-20 13:39:31.278357252 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/rp_17.c 2025-10-18 10:21:03.156261522 +0000 @@ -205,9 +205,7 @@ REQUIRE(rp != NULL); REQUIRE(rdata->length != 0); - rp->common.rdclass = rdata->rdclass; - rp->common.rdtype = rdata->type; - ISC_LINK_INIT(&rp->common, link); + DNS_RDATACOMMON_INIT(rp, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/rrsig_46.c bind9-9.18.41/lib/dns/rdata/generic/rrsig_46.c --- bind9-9.18.33/lib/dns/rdata/generic/rrsig_46.c 2025-01-20 13:39:31.278357252 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/rrsig_46.c 2025-10-18 10:21:03.156261522 +0000 @@ -361,6 +361,9 @@ compare_rrsig(ARGS_COMPARE) { isc_region_t r1; isc_region_t r2; + dns_name_t name1; + dns_name_t name2; + int order; REQUIRE(rdata1->type == rdata2->type); REQUIRE(rdata1->rdclass == rdata2->rdclass); @@ -370,6 +373,32 @@ dns_rdata_toregion(rdata1, &r1); dns_rdata_toregion(rdata2, &r2); + + INSIST(r1.length > 18); + INSIST(r2.length > 18); + r1.length = 18; + r2.length = 18; + order = isc_region_compare(&r1, &r2); + if (order != 0) { + return order; + } + + dns_name_init(&name1, NULL); + dns_name_init(&name2, NULL); + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + isc_region_consume(&r1, 18); + isc_region_consume(&r2, 18); + dns_name_fromregion(&name1, &r1); + dns_name_fromregion(&name2, &r2); + order = dns_name_rdatacompare(&name1, &name2); + if (order != 0) { + return order; + } + + isc_region_consume(&r1, name_length(&name1)); + isc_region_consume(&r2, name_length(&name2)); + return isc_region_compare(&r1, &r2); } @@ -442,9 +471,7 @@ REQUIRE(sig != NULL); REQUIRE(rdata->length != 0); - sig->common.rdclass = rdata->rdclass; - sig->common.rdtype = rdata->type; - ISC_LINK_INIT(&sig->common, link); + DNS_RDATACOMMON_INIT(sig, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); @@ -547,13 +574,32 @@ static isc_result_t digest_rrsig(ARGS_DIGEST) { + isc_region_t r1, r2; + dns_name_t name; + REQUIRE(rdata->type == dns_rdatatype_rrsig); - UNUSED(rdata); - UNUSED(digest); - UNUSED(arg); + dns_rdata_toregion(rdata, &r1); + r2 = r1; + + /* + * Type covered (2) + Algorithm (1) + + * Labels (1) + Original TTL (4) + + * Expire time (4) + Time signed (4) + + * Key ID (2). + */ + isc_region_consume(&r2, 18); + r1.length = 18; + RETERR((digest)(arg, &r1)); + + /* Signer */ + dns_name_init(&name, NULL); + dns_name_fromregion(&name, &r2); + RETERR(dns_name_digest(&name, digest, arg)); + isc_region_consume(&r2, name_length(&name)); - return ISC_R_NOTIMPLEMENTED; + /* Signature */ + return (digest)(arg, &r2); } static dns_rdatatype_t @@ -594,47 +640,7 @@ static int casecompare_rrsig(ARGS_COMPARE) { - isc_region_t r1; - isc_region_t r2; - dns_name_t name1; - dns_name_t name2; - int order; - - REQUIRE(rdata1->type == rdata2->type); - REQUIRE(rdata1->rdclass == rdata2->rdclass); - REQUIRE(rdata1->type == dns_rdatatype_rrsig); - REQUIRE(rdata1->length != 0); - REQUIRE(rdata2->length != 0); - - dns_rdata_toregion(rdata1, &r1); - dns_rdata_toregion(rdata2, &r2); - - INSIST(r1.length > 18); - INSIST(r2.length > 18); - r1.length = 18; - r2.length = 18; - order = isc_region_compare(&r1, &r2); - if (order != 0) { - return order; - } - - dns_name_init(&name1, NULL); - dns_name_init(&name2, NULL); - dns_rdata_toregion(rdata1, &r1); - dns_rdata_toregion(rdata2, &r2); - isc_region_consume(&r1, 18); - isc_region_consume(&r2, 18); - dns_name_fromregion(&name1, &r1); - dns_name_fromregion(&name2, &r2); - order = dns_name_rdatacompare(&name1, &name2); - if (order != 0) { - return order; - } - - isc_region_consume(&r1, name_length(&name1)); - isc_region_consume(&r2, name_length(&name2)); - - return isc_region_compare(&r1, &r2); + return compare_rrsig(rdata1, rdata2); } #endif /* RDATA_GENERIC_RRSIG_46_C */ diff -Nru bind9-9.18.33/lib/dns/rdata/generic/rt_21.c bind9-9.18.41/lib/dns/rdata/generic/rt_21.c --- bind9-9.18.33/lib/dns/rdata/generic/rt_21.c 2025-01-20 13:39:31.278357252 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/rt_21.c 2025-10-18 10:21:03.156261522 +0000 @@ -203,9 +203,7 @@ REQUIRE(rt != NULL); REQUIRE(rdata->length != 0); - rt->common.rdclass = rdata->rdclass; - rt->common.rdtype = rdata->type; - ISC_LINK_INIT(&rt->common, link); + DNS_RDATACOMMON_INIT(rt, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/sig_24.c bind9-9.18.41/lib/dns/rdata/generic/sig_24.c --- bind9-9.18.33/lib/dns/rdata/generic/sig_24.c 2025-01-20 13:39:31.278357252 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/sig_24.c 2025-10-18 10:21:03.156261522 +0000 @@ -434,9 +434,7 @@ REQUIRE(sig != NULL); REQUIRE(rdata->length != 0); - sig->common.rdclass = rdata->rdclass; - sig->common.rdtype = rdata->type; - ISC_LINK_INIT(&sig->common, link); + DNS_RDATACOMMON_INIT(sig, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); @@ -539,13 +537,32 @@ static isc_result_t digest_sig(ARGS_DIGEST) { + isc_region_t r1, r2; + dns_name_t name; + REQUIRE(rdata->type == dns_rdatatype_sig); - UNUSED(rdata); - UNUSED(digest); - UNUSED(arg); + dns_rdata_toregion(rdata, &r1); + r2 = r1; + + /* + * Type covered (2) + Algorithm (1) + + * Labels (1) + Original TTL (4) + + * Expire time (4) + Time signed (4) + + * Key ID (2). + */ + isc_region_consume(&r2, 18); + r1.length = 18; + RETERR((digest)(arg, &r1)); + + /* Signer */ + dns_name_init(&name, NULL); + dns_name_fromregion(&name, &r2); + RETERR(dns_name_digest(&name, digest, arg)); + isc_region_consume(&r2, name_length(&name)); - return ISC_R_NOTIMPLEMENTED; + /* Signature */ + return (digest)(arg, &r2); } static dns_rdatatype_t diff -Nru bind9-9.18.33/lib/dns/rdata/generic/sink_40.c bind9-9.18.41/lib/dns/rdata/generic/sink_40.c --- bind9-9.18.33/lib/dns/rdata/generic/sink_40.c 2025-01-20 13:39:31.278357252 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/sink_40.c 2025-10-18 10:21:03.156261522 +0000 @@ -184,9 +184,7 @@ REQUIRE(sink != NULL); REQUIRE(rdata->length >= 3); - sink->common.rdclass = rdata->rdclass; - sink->common.rdtype = rdata->type; - ISC_LINK_INIT(&sink->common, link); + DNS_RDATACOMMON_INIT(sink, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/smimea_53.c bind9-9.18.41/lib/dns/rdata/generic/smimea_53.c --- bind9-9.18.33/lib/dns/rdata/generic/smimea_53.c 2025-01-20 13:39:31.279357270 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/smimea_53.c 2025-10-18 10:21:03.157261549 +0000 @@ -82,9 +82,7 @@ REQUIRE(rdata->type == dns_rdatatype_smimea); REQUIRE(smimea != NULL); - smimea->common.rdclass = rdata->rdclass; - smimea->common.rdtype = rdata->type; - ISC_LINK_INIT(&smimea->common, link); + DNS_RDATACOMMON_INIT(smimea, rdata->type, rdata->rdclass); return generic_tostruct_tlsa(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/soa_6.c bind9-9.18.41/lib/dns/rdata/generic/soa_6.c --- bind9-9.18.33/lib/dns/rdata/generic/soa_6.c 2025-01-20 13:39:31.279357270 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/soa_6.c 2025-10-18 10:21:03.157261549 +0000 @@ -309,9 +309,7 @@ REQUIRE(soa != NULL); REQUIRE(rdata->length != 0); - soa->common.rdclass = rdata->rdclass; - soa->common.rdtype = rdata->type; - ISC_LINK_INIT(&soa->common, link); + DNS_RDATACOMMON_INIT(soa, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/spf_99.c bind9-9.18.41/lib/dns/rdata/generic/spf_99.c --- bind9-9.18.33/lib/dns/rdata/generic/spf_99.c 2025-01-20 13:39:31.279357270 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/spf_99.c 2025-10-18 10:21:03.157261549 +0000 @@ -76,9 +76,7 @@ REQUIRE(rdata != NULL); REQUIRE(rdata->type == dns_rdatatype_spf); - spf->common.rdclass = rdata->rdclass; - spf->common.rdtype = rdata->type; - ISC_LINK_INIT(&spf->common, link); + DNS_RDATACOMMON_INIT(spf, rdata->type, rdata->rdclass); return generic_tostruct_txt(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/sshfp_44.c bind9-9.18.41/lib/dns/rdata/generic/sshfp_44.c --- bind9-9.18.33/lib/dns/rdata/generic/sshfp_44.c 2025-01-20 13:39:31.279357270 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/sshfp_44.c 2025-10-18 10:21:03.157261549 +0000 @@ -205,9 +205,7 @@ REQUIRE(sshfp != NULL); REQUIRE(rdata->length != 0); - sshfp->common.rdclass = rdata->rdclass; - sshfp->common.rdtype = rdata->type; - ISC_LINK_INIT(&sshfp->common, link); + DNS_RDATACOMMON_INIT(sshfp, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/ta_32768.c bind9-9.18.41/lib/dns/rdata/generic/ta_32768.c --- bind9-9.18.33/lib/dns/rdata/generic/ta_32768.c 2025-01-20 13:39:31.279357270 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/ta_32768.c 2025-10-18 10:21:03.157261549 +0000 @@ -85,9 +85,7 @@ /* * Checked by generic_tostruct_ds(). */ - ds->common.rdclass = rdata->rdclass; - ds->common.rdtype = rdata->type; - ISC_LINK_INIT(&ds->common, link); + DNS_RDATACOMMON_INIT(ds, rdata->type, rdata->rdclass); return generic_tostruct_ds(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/talink_58.c bind9-9.18.41/lib/dns/rdata/generic/talink_58.c --- bind9-9.18.33/lib/dns/rdata/generic/talink_58.c 2025-01-20 13:39:31.280357287 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/talink_58.c 2025-10-18 10:21:03.157261549 +0000 @@ -169,9 +169,7 @@ REQUIRE(talink != NULL); REQUIRE(rdata->length != 0); - talink->common.rdclass = rdata->rdclass; - talink->common.rdtype = rdata->type; - ISC_LINK_INIT(&talink->common, link); + DNS_RDATACOMMON_INIT(talink, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/tkey_249.c bind9-9.18.41/lib/dns/rdata/generic/tkey_249.c --- bind9-9.18.33/lib/dns/rdata/generic/tkey_249.c 2025-01-20 13:39:31.280357287 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/tkey_249.c 2025-10-18 10:21:03.158261575 +0000 @@ -425,9 +425,7 @@ REQUIRE(tkey != NULL); REQUIRE(rdata->length != 0); - tkey->common.rdclass = rdata->rdclass; - tkey->common.rdtype = rdata->type; - ISC_LINK_INIT(&tkey->common, link); + DNS_RDATACOMMON_INIT(tkey, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/tlsa_52.c bind9-9.18.41/lib/dns/rdata/generic/tlsa_52.c --- bind9-9.18.33/lib/dns/rdata/generic/tlsa_52.c 2025-01-20 13:39:31.280357287 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/tlsa_52.c 2025-10-18 10:21:03.158261575 +0000 @@ -269,9 +269,7 @@ REQUIRE(rdata->type == dns_rdatatype_tlsa); REQUIRE(tlsa != NULL); - tlsa->common.rdclass = rdata->rdclass; - tlsa->common.rdtype = rdata->type; - ISC_LINK_INIT(&tlsa->common, link); + DNS_RDATACOMMON_INIT(tlsa, rdata->type, rdata->rdclass); return generic_tostruct_tlsa(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/txt_16.c bind9-9.18.41/lib/dns/rdata/generic/txt_16.c --- bind9-9.18.33/lib/dns/rdata/generic/txt_16.c 2025-01-20 13:39:31.280357287 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/txt_16.c 2025-10-18 10:21:03.158261575 +0000 @@ -212,9 +212,7 @@ REQUIRE(rdata->type == dns_rdatatype_txt); REQUIRE(txt != NULL); - txt->common.rdclass = rdata->rdclass; - txt->common.rdtype = rdata->type; - ISC_LINK_INIT(&txt->common, link); + DNS_RDATACOMMON_INIT(txt, rdata->type, rdata->rdclass); return generic_tostruct_txt(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/uri_256.c bind9-9.18.41/lib/dns/rdata/generic/uri_256.c --- bind9-9.18.33/lib/dns/rdata/generic/uri_256.c 2025-01-20 13:39:31.280357287 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/uri_256.c 2025-10-18 10:21:03.158261575 +0000 @@ -211,9 +211,7 @@ REQUIRE(uri != NULL); REQUIRE(rdata->length != 0); - uri->common.rdclass = rdata->rdclass; - uri->common.rdtype = rdata->type; - ISC_LINK_INIT(&uri->common, link); + DNS_RDATACOMMON_INIT(uri, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &sr); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/wallet_262.c bind9-9.18.41/lib/dns/rdata/generic/wallet_262.c --- bind9-9.18.33/lib/dns/rdata/generic/wallet_262.c 2025-01-20 13:39:31.281357305 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/wallet_262.c 2025-10-18 10:21:03.158261575 +0000 @@ -75,9 +75,7 @@ REQUIRE(rdata->type == dns_rdatatype_wallet); REQUIRE(wallet != NULL); - wallet->common.rdclass = rdata->rdclass; - wallet->common.rdtype = rdata->type; - ISC_LINK_INIT(&wallet->common, link); + DNS_RDATACOMMON_INIT(wallet, rdata->type, rdata->rdclass); return generic_tostruct_txt(CALL_TOSTRUCT); } diff -Nru bind9-9.18.33/lib/dns/rdata/generic/x25_19.c bind9-9.18.41/lib/dns/rdata/generic/x25_19.c --- bind9-9.18.33/lib/dns/rdata/generic/x25_19.c 2025-01-20 13:39:31.281357305 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/x25_19.c 2025-10-18 10:21:03.159261602 +0000 @@ -146,9 +146,7 @@ REQUIRE(x25 != NULL); REQUIRE(rdata->length != 0); - x25->common.rdclass = rdata->rdclass; - x25->common.rdtype = rdata->type; - ISC_LINK_INIT(&x25->common, link); + DNS_RDATACOMMON_INIT(x25, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); x25->x25_len = uint8_fromregion(&r); diff -Nru bind9-9.18.33/lib/dns/rdata/generic/zonemd_63.c bind9-9.18.41/lib/dns/rdata/generic/zonemd_63.c --- bind9-9.18.33/lib/dns/rdata/generic/zonemd_63.c 2025-01-20 13:39:31.281357305 +0000 +++ bind9-9.18.41/lib/dns/rdata/generic/zonemd_63.c 2025-10-18 10:21:03.159261602 +0000 @@ -257,9 +257,7 @@ REQUIRE(zonemd != NULL); REQUIRE(rdata->length != 0); - zonemd->common.rdclass = rdata->rdclass; - zonemd->common.rdtype = rdata->type; - ISC_LINK_INIT(&zonemd->common, link); + DNS_RDATACOMMON_INIT(zonemd, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/hs_4/a_1.c bind9-9.18.41/lib/dns/rdata/hs_4/a_1.c --- bind9-9.18.33/lib/dns/rdata/hs_4/a_1.c 2025-01-20 13:39:31.281357305 +0000 +++ bind9-9.18.41/lib/dns/rdata/hs_4/a_1.c 2025-10-18 10:21:03.159261602 +0000 @@ -159,9 +159,7 @@ UNUSED(mctx); - a->common.rdclass = rdata->rdclass; - a->common.rdtype = rdata->type; - ISC_LINK_INIT(&a->common, link); + DNS_RDATACOMMON_INIT(a, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); n = uint32_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/a6_38.c bind9-9.18.41/lib/dns/rdata/in_1/a6_38.c --- bind9-9.18.33/lib/dns/rdata/in_1/a6_38.c 2025-01-20 13:39:31.281357305 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/a6_38.c 2025-10-18 10:21:03.159261602 +0000 @@ -346,9 +346,7 @@ REQUIRE(a6 != NULL); REQUIRE(rdata->length != 0); - a6->common.rdclass = rdata->rdclass; - a6->common.rdtype = rdata->type; - ISC_LINK_INIT(&a6->common, link); + DNS_RDATACOMMON_INIT(a6, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/a_1.c bind9-9.18.41/lib/dns/rdata/in_1/a_1.c --- bind9-9.18.33/lib/dns/rdata/in_1/a_1.c 2025-01-20 13:39:31.282357323 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/a_1.c 2025-10-18 10:21:03.159261602 +0000 @@ -160,9 +160,7 @@ UNUSED(mctx); - a->common.rdclass = rdata->rdclass; - a->common.rdtype = rdata->type; - ISC_LINK_INIT(&a->common, link); + DNS_RDATACOMMON_INIT(a, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); n = uint32_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/aaaa_28.c bind9-9.18.41/lib/dns/rdata/in_1/aaaa_28.c --- bind9-9.18.33/lib/dns/rdata/in_1/aaaa_28.c 2025-01-20 13:39:31.282357323 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/aaaa_28.c 2025-10-18 10:21:03.159261602 +0000 @@ -172,9 +172,7 @@ UNUSED(mctx); - aaaa->common.rdclass = rdata->rdclass; - aaaa->common.rdtype = rdata->type; - ISC_LINK_INIT(&aaaa->common, link); + DNS_RDATACOMMON_INIT(aaaa, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); INSIST(r.length == 16); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/apl_42.c bind9-9.18.41/lib/dns/rdata/in_1/apl_42.c --- bind9-9.18.33/lib/dns/rdata/in_1/apl_42.c 2025-01-20 13:39:31.282357323 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/apl_42.c 2025-10-18 10:21:03.160261629 +0000 @@ -288,9 +288,7 @@ REQUIRE(rdata->type == dns_rdatatype_apl); REQUIRE(rdata->rdclass == dns_rdataclass_in); - apl->common.rdclass = rdata->rdclass; - apl->common.rdtype = rdata->type; - ISC_LINK_INIT(&apl->common, link); + DNS_RDATACOMMON_INIT(apl, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); apl->apl_len = r.length; diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/atma_34.c bind9-9.18.41/lib/dns/rdata/in_1/atma_34.c --- bind9-9.18.33/lib/dns/rdata/in_1/atma_34.c 2025-01-20 13:39:31.282357323 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/atma_34.c 2025-10-18 10:21:03.160261629 +0000 @@ -225,9 +225,7 @@ REQUIRE(atma != NULL); REQUIRE(rdata->length != 0); - atma->common.rdclass = rdata->rdclass; - atma->common.rdtype = rdata->type; - ISC_LINK_INIT(&atma->common, link); + DNS_RDATACOMMON_INIT(atma, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); atma->format = r.base[0]; diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/dhcid_49.c bind9-9.18.41/lib/dns/rdata/in_1/dhcid_49.c --- bind9-9.18.33/lib/dns/rdata/in_1/dhcid_49.c 2025-01-20 13:39:31.282357323 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/dhcid_49.c 2025-10-18 10:21:03.160261629 +0000 @@ -145,9 +145,7 @@ REQUIRE(dhcid != NULL); REQUIRE(rdata->length != 0); - dhcid->common.rdclass = rdata->rdclass; - dhcid->common.rdtype = rdata->type; - ISC_LINK_INIT(&dhcid->common, link); + DNS_RDATACOMMON_INIT(dhcid, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/eid_31.c bind9-9.18.41/lib/dns/rdata/in_1/eid_31.c --- bind9-9.18.33/lib/dns/rdata/in_1/eid_31.c 2025-01-20 13:39:31.283357340 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/eid_31.c 2025-10-18 10:21:03.160261629 +0000 @@ -134,9 +134,7 @@ REQUIRE(eid != NULL); REQUIRE(rdata->length != 0); - eid->common.rdclass = rdata->rdclass; - eid->common.rdtype = rdata->type; - ISC_LINK_INIT(&eid->common, link); + DNS_RDATACOMMON_INIT(eid, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); eid->eid_len = r.length; diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/kx_36.c bind9-9.18.41/lib/dns/rdata/in_1/kx_36.c --- bind9-9.18.33/lib/dns/rdata/in_1/kx_36.c 2025-01-20 13:39:31.283357340 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/kx_36.c 2025-10-18 10:21:03.161261656 +0000 @@ -188,9 +188,7 @@ REQUIRE(kx != NULL); REQUIRE(rdata->length != 0); - kx->common.rdclass = rdata->rdclass; - kx->common.rdtype = rdata->type; - ISC_LINK_INIT(&kx->common, link); + DNS_RDATACOMMON_INIT(kx, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/nimloc_32.c bind9-9.18.41/lib/dns/rdata/in_1/nimloc_32.c --- bind9-9.18.33/lib/dns/rdata/in_1/nimloc_32.c 2025-01-20 13:39:31.283357340 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/nimloc_32.c 2025-10-18 10:21:03.161261656 +0000 @@ -134,9 +134,7 @@ REQUIRE(nimloc != NULL); REQUIRE(rdata->length != 0); - nimloc->common.rdclass = rdata->rdclass; - nimloc->common.rdtype = rdata->type; - ISC_LINK_INIT(&nimloc->common, link); + DNS_RDATACOMMON_INIT(nimloc, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); nimloc->nimloc_len = r.length; diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/nsap-ptr_23.c bind9-9.18.41/lib/dns/rdata/in_1/nsap-ptr_23.c --- bind9-9.18.33/lib/dns/rdata/in_1/nsap-ptr_23.c 2025-01-20 13:39:31.283357340 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/nsap-ptr_23.c 2025-10-18 10:21:03.161261656 +0000 @@ -154,9 +154,7 @@ REQUIRE(nsap_ptr != NULL); REQUIRE(rdata->length != 0); - nsap_ptr->common.rdclass = rdata->rdclass; - nsap_ptr->common.rdtype = rdata->type; - ISC_LINK_INIT(&nsap_ptr->common, link); + DNS_RDATACOMMON_INIT(nsap_ptr, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/nsap_22.c bind9-9.18.41/lib/dns/rdata/in_1/nsap_22.c --- bind9-9.18.33/lib/dns/rdata/in_1/nsap_22.c 2025-01-20 13:39:31.283357340 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/nsap_22.c 2025-10-18 10:21:03.161261656 +0000 @@ -169,9 +169,7 @@ REQUIRE(nsap != NULL); REQUIRE(rdata->length != 0); - nsap->common.rdclass = rdata->rdclass; - nsap->common.rdtype = rdata->type; - ISC_LINK_INIT(&nsap->common, link); + DNS_RDATACOMMON_INIT(nsap, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, &r); nsap->nsap_len = r.length; diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/px_26.c bind9-9.18.41/lib/dns/rdata/in_1/px_26.c --- bind9-9.18.33/lib/dns/rdata/in_1/px_26.c 2025-01-20 13:39:31.284357358 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/px_26.c 2025-10-18 10:21:03.161261656 +0000 @@ -256,9 +256,7 @@ REQUIRE(px != NULL); REQUIRE(rdata->length != 0); - px->common.rdclass = rdata->rdclass; - px->common.rdtype = rdata->type; - ISC_LINK_INIT(&px->common, link); + DNS_RDATACOMMON_INIT(px, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/srv_33.c bind9-9.18.41/lib/dns/rdata/in_1/srv_33.c --- bind9-9.18.33/lib/dns/rdata/in_1/srv_33.c 2025-01-20 13:39:31.284357358 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/srv_33.c 2025-10-18 10:21:03.162261682 +0000 @@ -267,9 +267,7 @@ REQUIRE(srv != NULL); REQUIRE(rdata->length != 0); - srv->common.rdclass = rdata->rdclass; - srv->common.rdtype = rdata->type; - ISC_LINK_INIT(&srv->common, link); + DNS_RDATACOMMON_INIT(srv, rdata->type, rdata->rdclass); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/svcb_64.c bind9-9.18.41/lib/dns/rdata/in_1/svcb_64.c --- bind9-9.18.33/lib/dns/rdata/in_1/svcb_64.c 2025-01-20 13:39:31.284357358 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/svcb_64.c 2025-10-18 10:21:03.162261682 +0000 @@ -1013,9 +1013,7 @@ REQUIRE(svcb != NULL); REQUIRE(rdata->length != 0); - svcb->common.rdclass = rdata->rdclass; - svcb->common.rdtype = rdata->type; - ISC_LINK_INIT(&svcb->common, link); + DNS_RDATACOMMON_INIT(svcb, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); diff -Nru bind9-9.18.33/lib/dns/rdata/in_1/wks_11.c bind9-9.18.41/lib/dns/rdata/in_1/wks_11.c --- bind9-9.18.33/lib/dns/rdata/in_1/wks_11.c 2025-01-20 13:39:31.284357358 +0000 +++ bind9-9.18.41/lib/dns/rdata/in_1/wks_11.c 2025-10-18 10:21:03.162261682 +0000 @@ -311,9 +311,7 @@ REQUIRE(rdata->rdclass == dns_rdataclass_in); REQUIRE(rdata->length != 0); - wks->common.rdclass = rdata->rdclass; - wks->common.rdtype = rdata->type; - ISC_LINK_INIT(&wks->common, link); + DNS_RDATACOMMON_INIT(wks, rdata->type, rdata->rdclass); dns_rdata_toregion(rdata, ®ion); n = uint32_fromregion(®ion); diff -Nru bind9-9.18.33/lib/dns/rdata.c bind9-9.18.41/lib/dns/rdata.c --- bind9-9.18.33/lib/dns/rdata.c 2025-01-20 13:39:31.267357059 +0000 +++ bind9-9.18.41/lib/dns/rdata.c 2025-10-18 10:21:03.144261201 +0000 @@ -369,9 +369,9 @@ while ((ch = *src++) != '\0') { const char *pch; - pch = strchr((xdigits = xdigits_l), ch); + pch = strchr(xdigits = xdigits_l, ch); if (pch == NULL) { - pch = strchr((xdigits = xdigits_u), ch); + pch = strchr(xdigits = xdigits_u, ch); } if (pch != NULL) { val <<= 4; diff -Nru bind9-9.18.33/lib/dns/rdatalist.c bind9-9.18.41/lib/dns/rdatalist.c --- bind9-9.18.33/lib/dns/rdatalist.c 2025-01-20 13:39:31.285357376 +0000 +++ bind9-9.18.41/lib/dns/rdatalist.c 2025-10-18 10:21:03.162261682 +0000 @@ -42,7 +42,7 @@ NULL, /* clearprefetch */ isc__rdatalist_setownercase, isc__rdatalist_getownercase, - NULL /* addglue */ + NULL, /* addglue */ }; void diff -Nru bind9-9.18.33/lib/dns/rdataset.c bind9-9.18.41/lib/dns/rdataset.c --- bind9-9.18.33/lib/dns/rdataset.c 2025-01-20 13:39:31.285357376 +0000 +++ bind9-9.18.41/lib/dns/rdataset.c 2025-10-18 10:21:03.163261709 +0000 @@ -196,7 +196,7 @@ NULL, /* clearprefetch */ NULL, /* setownercase */ NULL, /* getownercase */ - NULL /* addglue */ + NULL, /* addglue */ }; void @@ -725,7 +725,7 @@ * If we accept expired RRsets keep them for no more than 120 seconds. */ if (acceptexpired && - (isc_serial_le(rrsig->timeexpire, ((now + 120) & 0xffffffff)) || + (isc_serial_le(rrsig->timeexpire, (now + 120) & 0xffffffff) || isc_serial_le(rrsig->timeexpire, now))) { ttl = 120; diff -Nru bind9-9.18.33/lib/dns/resolver.c bind9-9.18.41/lib/dns/resolver.c --- bind9-9.18.33/lib/dns/resolver.c 2025-01-20 13:39:31.286357393 +0000 +++ bind9-9.18.41/lib/dns/resolver.c 2025-10-18 10:21:03.164261736 +0000 @@ -19,6 +19,8 @@ #include #include +#include +#include #include #include #include @@ -103,6 +105,14 @@ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), \ "fctx %p(%s): %s %s%u", fctx, fctx->info, (m1), (m2), \ (v)) +#define FCTXTRACEN(m1, name, res) \ + do { \ + if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(3))) { \ + char dbuf[DNS_NAME_FORMATSIZE]; \ + dns_name_format((name), dbuf, sizeof(dbuf)); \ + FCTXTRACE4((m1), dbuf, (res)); \ + } \ + } while (0) #define FTRACE(m) \ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, \ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), \ @@ -154,6 +164,7 @@ UNUSED(m2); \ UNUSED(v); \ } while (0) +#define FCTXTRACEN(m1, name, res) FCTXTRACE4(m1, name, res) #define FTRACE(m) \ do { \ UNUSED(m); \ @@ -217,9 +228,9 @@ #define NS_PROCESSING_LIMIT 20 STATIC_ASSERT(NS_PROCESSING_LIMIT > NS_RR_LIMIT, - "The maximum number of NS RRs processed for each delegation " - "(NS_PROCESSING_LIMIT) must be larger than the large delegation " - "threshold (NS_RR_LIMIT)."); + "The maximum number of NS RRs processed for each " + "delegation (NS_PROCESSING_LIMIT) must be larger than the large " + "delegation threshold (NS_RR_LIMIT)."); /* Hash table for zone counters */ #ifndef RES_DOMAIN_HASH_BITS @@ -327,6 +338,7 @@ unsigned int options; unsigned int bucketnum; unsigned int dbucketnum; + bool hashed; char *info; isc_mem_t *mctx; isc_stdtime_t now; @@ -341,7 +353,6 @@ bool cloned; bool spilled; isc_event_t control_event; - ISC_LINK(struct fetchctx) link; ISC_LIST(dns_fetchevent_t) events; /*% Locked by task event serialization. */ @@ -372,7 +383,6 @@ dns_fwdpolicy_t fwdpolicy; isc_sockaddrlist_t bad; ISC_LIST(struct tried) edns; - isc_sockaddrlist_t bad_edns; dns_validator_t *validator; ISC_LIST(dns_validator_t) validators; dns_db_t *cache; @@ -514,10 +524,14 @@ #define DNS_FETCH_MAGIC ISC_MAGIC('F', 't', 'c', 'h') #define DNS_FETCH_VALID(fetch) ISC_MAGIC_VALID(fetch, DNS_FETCH_MAGIC) +#define DNS_FCTX_KEYSIZE \ + (DNS_NAME_MAXWIRE + sizeof(dns_rdatatype_t) + sizeof(unsigned int)) + typedef struct fctxbucket { isc_task_t *task; isc_mutex_t lock; - ISC_LIST(fetchctx_t) fctxs; + isc_refcount_t nfctxs; + isc_ht_t *fctxs; atomic_bool exiting; } fctxbucket_t; @@ -529,12 +543,11 @@ uint32_t allowed; uint32_t dropped; isc_stdtime_t logged; - ISC_LINK(fctxcount_t) link; }; typedef struct zonebucket { isc_mutex_t lock; - ISC_LIST(fctxcount_t) list; + isc_ht_t *counters; } zonebucket_t; typedef struct alternate { @@ -603,9 +616,6 @@ /* Locked by primelock. */ dns_fetch_t *primefetch; - - /* Atomic. */ - atomic_uint_fast32_t nfctx; }; #define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!') @@ -798,6 +808,7 @@ bool get_nameservers; /* get a new NS rrset at * zone cut? */ bool resend; /* resend this query? */ + bool secured; /* message was signed or had a valid cookie */ bool nextitem; /* invalid response; keep * listening for the correct one */ bool truncated; /* response was truncated */ @@ -1623,6 +1634,25 @@ counter->logged = now; } +static void +fcount_makekey(const dns_name_t *name, uint8_t *key, size_t *keysizep) { + REQUIRE(*keysizep >= name->length); + + size_t keysize = 0; + isc_buffer_t buffer; + dns_name_t downname; + isc_result_t result; + + DNS_NAME_INIT(&downname, NULL); + isc_buffer_init(&buffer, key, *keysizep); + + result = dns_name_downcase(name, &downname, &buffer); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + keysize += isc_buffer_usedlength(&buffer); + + *keysizep = keysize; +} + static isc_result_t fcount_incr(fetchctx_t *fctx, bool force) { isc_result_t result = ISC_R_SUCCESS; @@ -1630,6 +1660,9 @@ fctxcount_t *counter = NULL; uint32_t hashval; uint32_t dbucketnum; + uint8_t key[DNS_NAME_MAXWIRE]; + size_t keysize = sizeof(key); + uint_fast32_t spill; REQUIRE(fctx != NULL); REQUIRE(fctx->res != NULL); @@ -1641,15 +1674,14 @@ dbucket = &fctx->res->dbuckets[dbucketnum]; LOCK(&dbucket->lock); - for (counter = ISC_LIST_HEAD(dbucket->list); counter != NULL; - counter = ISC_LIST_NEXT(counter, link)) - { - if (dns_name_equal(counter->domain, fctx->domain)) { - break; - } - } - if (counter == NULL) { + fcount_makekey(fctx->domain, key, &keysize); + + result = isc_ht_find(dbucket->counters, key, keysize, + (void **)&counter); + + switch (result) { + case ISC_R_NOTFOUND: counter = isc_mem_get(fctx->res->mctx, sizeof(*counter)); *counter = (fctxcount_t){ .count = 1, @@ -1657,11 +1689,11 @@ }; counter->domain = dns_fixedname_initname(&counter->dfname); - ISC_LINK_INIT(counter, link); dns_name_copy(fctx->domain, counter->domain); - ISC_LIST_APPEND(dbucket->list, counter, link); - } else { - uint_fast32_t spill = atomic_load_acquire(&fctx->res->zspill); + result = isc_ht_add(dbucket->counters, key, keysize, counter); + break; + case ISC_R_SUCCESS: + spill = atomic_load_acquire(&fctx->res->zspill); if (!force && spill != 0 && counter->count >= spill) { counter->dropped++; fcount_logspill(fctx, counter, false); @@ -1670,6 +1702,9 @@ counter->count++; counter->allowed++; } + break; + default: + UNREACHABLE(); } UNLOCK(&dbucket->lock); @@ -1684,6 +1719,9 @@ fcount_decr(fetchctx_t *fctx) { zonebucket_t *dbucket = NULL; fctxcount_t *counter = NULL; + uint8_t key[DNS_NAME_MAXWIRE]; + size_t keysize = sizeof(key); + isc_result_t result; REQUIRE(fctx != NULL); @@ -1694,24 +1732,22 @@ dbucket = &fctx->res->dbuckets[fctx->dbucketnum]; LOCK(&dbucket->lock); - for (counter = ISC_LIST_HEAD(dbucket->list); counter != NULL; - counter = ISC_LIST_NEXT(counter, link)) - { - if (dns_name_equal(counter->domain, fctx->domain)) { - break; - } - } - if (counter != NULL) { - INSIST(counter->count != 0); - counter->count--; - fctx->dbucketnum = RES_NOBUCKET; - - if (counter->count == 0) { - fcount_logspill(fctx, counter, true); - ISC_LIST_UNLINK(dbucket->list, counter, link); - isc_mem_put(fctx->res->mctx, counter, sizeof(*counter)); - } + fcount_makekey(fctx->domain, key, &keysize); + + result = isc_ht_find(dbucket->counters, key, keysize, + (void **)&counter); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + INSIST(counter->count != 0); + counter->count--; + fctx->dbucketnum = RES_NOBUCKET; + + if (counter->count == 0) { + fcount_logspill(fctx, counter, true); + result = isc_ht_delete(dbucket->counters, key, keysize); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + isc_mem_put(fctx->res->mctx, counter, sizeof(*counter)); } UNLOCK(&dbucket->lock); @@ -1831,6 +1867,73 @@ } static void +fctx_makekey(const dns_name_t *name, dns_rdatatype_t type, unsigned int options, + uint8_t *key, size_t *keysizep) { + REQUIRE(*keysizep >= name->length + sizeof(type) + sizeof(options)); + + size_t keysize = 0; + isc_buffer_t buffer; + dns_name_t downname; + isc_result_t result; + + DNS_NAME_INIT(&downname, NULL); + isc_buffer_init(&buffer, key, *keysizep); + + result = dns_name_downcase(name, &downname, &buffer); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + keysize += isc_buffer_usedlength(&buffer); + + memmove(&key[keysize], &type, sizeof(type)); + keysize += sizeof(type); + + memmove(&key[keysize], &options, sizeof(options)); + keysize += sizeof(options); + + *keysizep = keysize; +} + +static void +fctx_unhash(fetchctx_t *fctx) { + dns_resolver_t *res = fctx->res; + unsigned int bucketnum = fctx->bucketnum; + uint8_t key[DNS_FCTX_KEYSIZE] = { 0 }; + size_t keysize = sizeof(key); + isc_result_t result; + + if (!fctx->hashed) { + return; + } + + fctx_makekey(fctx->name, fctx->type, fctx->options, key, &keysize); + + result = isc_ht_delete(res->buckets[bucketnum].fctxs, key, keysize); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + fctx->hashed = false; +} + +static void +fctx_hash(fetchctx_t *fctx) { + dns_resolver_t *res = fctx->res; + unsigned int bucketnum = fctx->bucketnum; + uint8_t key[DNS_FCTX_KEYSIZE] = { 0 }; + size_t keysize = sizeof(key); + isc_result_t result; + bool unshared = ((fctx->options & DNS_FETCHOPT_UNSHARED) != 0); + + if (unshared) { + return; + } + + fctx_makekey(fctx->name, fctx->type, fctx->options, key, &keysize); + + result = isc_ht_add(res->buckets[bucketnum].fctxs, key, keysize, fctx); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + fctx->hashed = true; +} + +static void fctx__done_detach(fetchctx_t **fctxp, isc_result_t result, const char *file, unsigned int line, const char *func) { fetchctx_t *fctx = NULL; @@ -1857,6 +1960,7 @@ LOCK(&res->buckets[fctx->bucketnum].lock); INSIST(fctx->state != fetchstate_done); fctx->state = fetchstate_done; + fctx_unhash(fctx); UNLOCK(&res->buckets[fctx->bucketnum].lock); if (result == ISC_R_SUCCESS) { @@ -1886,7 +1990,6 @@ fctx->qmin_warning = ISC_R_SUCCESS; fctx_cancelqueries(fctx, no_response, age_untried); - fctx_stoptimer(fctx); LOCK(&res->buckets[fctx->bucketnum].lock); FCTX_ATTR_CLR(fctx, FCTX_ATTR_ADDRWAIT); @@ -2089,6 +2192,10 @@ event->result = ISC_R_TIMEDOUT; isc_task_sendanddetach(&sender, ISC_EVENT_PTR(&event)); } + + if (ISC_LIST_EMPTY(fctx->events)) { + fctx_unhash(fctx); + } UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); /* @@ -2097,7 +2204,7 @@ */ timeleft = isc_time_microdiff(&fctx->next_timeout, &now); if (timeleft >= US_PER_MS) { - dns_dispatch_resume(query->dispentry, (timeleft / US_PER_MS)); + dns_dispatch_resume(query->dispentry, timeleft / US_PER_MS); return ISC_R_COMPLETE; } @@ -2322,40 +2429,6 @@ return result; } -static bool -bad_edns(fetchctx_t *fctx, isc_sockaddr_t *address) { - isc_sockaddr_t *sa; - - for (sa = ISC_LIST_HEAD(fctx->bad_edns); sa != NULL; - sa = ISC_LIST_NEXT(sa, link)) - { - if (isc_sockaddr_equal(sa, address)) { - return true; - } - } - - return false; -} - -static void -add_bad_edns(fetchctx_t *fctx, isc_sockaddr_t *address) { - isc_sockaddr_t *sa; - -#ifdef ENABLE_AFL - if (dns_fuzzing_resolver) { - return; - } -#endif /* ifdef ENABLE_AFL */ - if (bad_edns(fctx, address)) { - return; - } - - sa = isc_mem_get(fctx->mctx, sizeof(*sa)); - - *sa = *address; - ISC_LIST_INITANDAPPEND(fctx->bad_edns, sa, link); -} - static struct tried * triededns(fetchctx_t *fctx, isc_sockaddr_t *address) { struct tried *tried; @@ -4425,13 +4498,20 @@ result = dns_view_findzonecut(res->view, fctx->name, fname, dcname, fctx->now, findoptions, true, true, &fctx->nameservers, NULL); + FCTXTRACEN("resume_qmin findzonecut", fname, result); /* * DNS_R_NXDOMAIN here means we have not loaded the root zone * mirror yet - but DNS_R_NXDOMAIN is not a valid return value * when doing recursion, we need to patch it. + * + * CNAME or DNAME means zone were added with that record + * after the start of a recursion. It means we do not have + * initialized correct hevent->foundname and have to fail. */ - if (result == DNS_R_NXDOMAIN) { + if (result == DNS_R_NXDOMAIN || result == DNS_R_CNAME || + result == DNS_R_DNAME) + { result = DNS_R_SERVFAIL; } @@ -4481,7 +4561,6 @@ struct tried *tried = NULL; unsigned int bucketnum; bool bucket_empty = false; - uint_fast32_t nfctx; REQUIRE(VALID_FCTX(fctx)); REQUIRE(ISC_LIST_EMPTY(fctx->events)); @@ -4501,18 +4580,19 @@ LOCK(&res->buckets[bucketnum].lock); REQUIRE(fctx->state != fetchstate_active); - ISC_LIST_UNLINK(res->buckets[bucketnum].fctxs, fctx, link); - - nfctx = atomic_fetch_sub_release(&res->nfctx, 1); - INSIST(nfctx > 0); + fctx_unhash(fctx); - dec_stats(res, dns_resstatscounter_nfetch); + INSIST(res->buckets[bucketnum].nfctxs > 0); + res->buckets[bucketnum].nfctxs--; if (atomic_load_acquire(&res->buckets[bucketnum].exiting) && - ISC_LIST_EMPTY(res->buckets[bucketnum].fctxs)) + res->buckets[bucketnum].nfctxs == 0) { bucket_empty = true; } + + dec_stats(res, dns_resstatscounter_nfetch); + UNLOCK(&res->buckets[bucketnum].lock); if (bucket_empty && exiting && @@ -4539,12 +4619,6 @@ isc_mem_put(fctx->mctx, tried, sizeof(*tried)); } - for (sa = ISC_LIST_HEAD(fctx->bad_edns); sa != NULL; sa = next_sa) { - next_sa = ISC_LIST_NEXT(sa, link); - ISC_LIST_UNLINK(fctx->bad_edns, sa, link); - isc_mem_put(fctx->mctx, sa, sizeof(*sa)); - } - isc_counter_detach(&fctx->qc); if (fctx->gqc != NULL) { isc_counter_detach(&fctx->gqc); @@ -4589,6 +4663,8 @@ * exit. */ if (fctx->state != fetchstate_init) { + fctx_stoptimer(fctx); + FCTXTRACE("posting control event"); cevent = &fctx->control_event; isc_task_sendto(fctx->res->buckets[fctx->bucketnum].task, @@ -4654,6 +4730,7 @@ if (fctx->state == fetchstate_active) { fctx->state = fetchstate_done; + fctx_unhash(fctx); fctx_sendevents(fctx, ISC_R_CANCELED, __LINE__); @@ -4828,7 +4905,6 @@ isc_interval_t interval; unsigned int findoptions = 0; char buf[DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE + 1]; - uint_fast32_t nfctx; size_t p; /* @@ -4904,7 +4980,6 @@ ISC_LIST_INIT(fctx->forwarders); ISC_LIST_INIT(fctx->bad); ISC_LIST_INIT(fctx->edns); - ISC_LIST_INIT(fctx->bad_edns); ISC_LIST_INIT(fctx->validators); atomic_init(&fctx->attributes, 0); @@ -5110,7 +5185,6 @@ isc_mem_attach(res->mctx, &fctx->mctx); ISC_LIST_INIT(fctx->events); - ISC_LINK_INIT(fctx, link); fctx->magic = FCTX_MAGIC; /* @@ -5124,10 +5198,9 @@ fctx_minimize_qname(fctx); } - ISC_LIST_APPEND(res->buckets[bucketnum].fctxs, fctx, link); + fctx_hash(fctx); - nfctx = atomic_fetch_add_relaxed(&res->nfctx, 1); - INSIST(nfctx < UINT32_MAX); + res->buckets[bucketnum].nfctxs++; inc_stats(res, dns_resstatscounter_nfetch); @@ -5334,15 +5407,19 @@ * Caller must be holding the appropriate lock. */ + fctx_unhash(fctx); fctx->cloned = true; for (event = ISC_LIST_HEAD(fctx->events); event != NULL; event = ISC_LIST_NEXT(event, ev_link)) { - /* This is the the head event; keep a pointer and move - * on */ + /* + * This is the the head event; keep a pointer and move on. + */ if (hevent == NULL) { hevent = ISC_LIST_HEAD(fctx->events); + FCTXTRACEN("clone_results", hevent->foundname, + hevent->result); continue; } @@ -6047,11 +6124,24 @@ * Negative results must be indicated in event->result. */ INSIST(hevent->rdataset != NULL); - if (dns_rdataset_isassociated(hevent->rdataset) && - NEGATIVE(hevent->rdataset)) - { - INSIST(eresult == DNS_R_NCACHENXDOMAIN || - eresult == DNS_R_NCACHENXRRSET); + if (dns_rdataset_isassociated(hevent->rdataset)) { + if (NEGATIVE(hevent->rdataset)) { + INSIST(eresult == DNS_R_NCACHENXDOMAIN || + eresult == DNS_R_NCACHENXRRSET); + } else if (eresult == ISC_R_SUCCESS && + hevent->rdataset->type != fctx->type) + { + switch (hevent->rdataset->type) { + case dns_rdatatype_cname: + eresult = DNS_R_CNAME; + break; + case dns_rdatatype_dname: + eresult = DNS_R_DNAME; + break; + default: + break; + } + } } hevent->result = eresult; @@ -6242,7 +6332,7 @@ bool have_answer = false; isc_result_t result, eresult = ISC_R_SUCCESS; dns_fetchevent_t *event = NULL; - unsigned int options; + unsigned int options = 0, equalok = 0; isc_task_t *task; bool fail; unsigned int valoptions = 0; @@ -6459,6 +6549,7 @@ } if (!need_validation || !ANSWER(rdataset)) { options = 0; + equalok = 0; if (ANSWER(rdataset) && rdataset->type != dns_rdatatype_rrsig) { @@ -6484,10 +6575,23 @@ { options |= DNS_DBADD_FORCE; } + /* + * If we're validating and passing the added + * rdataset back to the caller, then we ask + * dns_db_addrdataset() to compare the old and + * new rdatasets whenever the result would + * normally have been DNS_R_UNCHANGED, and to + * return ISC_R_SUCCESS if they compare equal. + * This allows us to continue and cache RRSIGs + * in that case. + */ + if (!need_validation && ardataset != NULL) { + equalok = DNS_DBADD_EQUALOK; + } addedrdataset = ardataset; result = dns_db_addrdataset( fctx->cache, node, NULL, now, rdataset, - options, addedrdataset); + options | equalok, addedrdataset); if (result == DNS_R_UNCHANGED) { result = ISC_R_SUCCESS; if (!need_validation && @@ -6497,9 +6601,9 @@ /* * The answer in the * cache is better than - * the answer we found, - * and is a negative - * cache entry, so we + * the answer we found. + * If it's a negative + * cache entry, we * must set eresult * appropriately. */ @@ -6510,15 +6614,12 @@ eresult = DNS_R_NCACHENXRRSET; } - /* - * We have a negative - * response from the - * cache so don't - * attempt to add the - * RRSIG rrset. - */ continue; } + if (equalok) { + continue; + } + result = ISC_R_SUCCESS; } if (result != ISC_R_SUCCESS) { break; @@ -6689,11 +6790,25 @@ * Negative results must be indicated in * event->result. */ - if (dns_rdataset_isassociated(event->rdataset) && - NEGATIVE(event->rdataset)) - { - INSIST(eresult == DNS_R_NCACHENXDOMAIN || - eresult == DNS_R_NCACHENXRRSET); + if (dns_rdataset_isassociated(event->rdataset)) { + if (NEGATIVE(event->rdataset)) { + INSIST(eresult == + DNS_R_NCACHENXDOMAIN || + eresult == DNS_R_NCACHENXRRSET); + } else if (eresult == ISC_R_SUCCESS && + event->rdataset->type != fctx->type) + { + switch (event->rdataset->type) { + case dns_rdatatype_cname: + eresult = DNS_R_CNAME; + break; + case dns_rdatatype_dname: + eresult = DNS_R_DNAME; + break; + default: + break; + } + } } event->result = eresult; if (adbp != NULL && *adbp != NULL) { @@ -6798,15 +6913,21 @@ } } else { /* - * Either we don't care about the nature of the - * cache rdataset (because no fetch is - * interested in the outcome), or the cache - * rdataset is not a negative cache entry. - * Whichever case it is, we can return success. - * - * XXXRTH There's a CNAME/DNAME problem here. - */ - *eresultp = ISC_R_SUCCESS; + * The attempt to add a negative cache entry + * was rejected. Set *eresultp to reflect + * the type of the dataset being returned. + */ + switch (ardataset->type) { + case dns_rdatatype_cname: + *eresultp = DNS_R_CNAME; + break; + case dns_rdatatype_dname: + *eresultp = DNS_R_DNAME; + break; + default: + *eresultp = ISC_R_SUCCESS; + break; + } } result = ISC_R_SUCCESS; } @@ -7021,7 +7142,8 @@ * locally served zone. */ static inline bool -name_external(const dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) { +name_external(const dns_name_t *name, dns_rdatatype_t type, respctx_t *rctx) { + fetchctx_t *fctx = rctx->fctx; isc_result_t result; dns_forwarders_t *forwarders = NULL; dns_fixedname_t fixed, zfixed; @@ -7034,7 +7156,7 @@ dns_namereln_t rel; apex = (ISDUALSTACK(fctx->addrinfo) || !ISFORWARDER(fctx->addrinfo)) - ? fctx->domain + ? rctx->ns_name != NULL ? rctx->ns_name : fctx->domain : fctx->fwdname; /* @@ -7143,7 +7265,7 @@ result = dns_message_findname(rctx->query->rmessage, section, addname, dns_rdatatype_any, 0, &name, NULL); if (result == ISC_R_SUCCESS) { - external = name_external(name, type, fctx); + external = name_external(name, type, rctx); if (type == dns_rdatatype_a) { for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; @@ -7773,6 +7895,47 @@ return false; } +static bool +rctx_need_tcpretry(respctx_t *rctx) { + resquery_t *query = rctx->query; + if ((rctx->retryopts & DNS_FETCHOPT_TCP) != 0) { + /* TCP is already in the retry flags */ + return false; + } + + /* + * If the message was secured, no need to continue. + */ + if (rctx->secured) { + return false; + } + + /* + * Currently the only extra reason why we might need to + * retry a UDP response over TCP is a DNAME in the message. + */ + if (dns_message_hasdname(query->rmessage)) { + return true; + } + + return false; +} + +static isc_result_t +rctx_tcpretry(respctx_t *rctx) { + /* + * Do we need to retry a UDP response over TCP? + */ + if (rctx_need_tcpretry(rctx)) { + rctx->retryopts |= DNS_FETCHOPT_TCP; + rctx->resend = true; + rctx_done(rctx, ISC_R_SUCCESS); + return ISC_R_COMPLETE; + } + + return ISC_R_SUCCESS; +} + /* * resquery_response(): * Handles responses received in response to iterative queries sent by @@ -7800,12 +7963,12 @@ if (result == ISC_R_COMPLETE) { return; } - } - - if (isc_sockaddr_pf(&query->addrinfo->sockaddr) == PF_INET) { - inc_stats(fctx->res, dns_resstatscounter_responsev4); - } else { - inc_stats(fctx->res, dns_resstatscounter_responsev6); + } else if (eresult == ISC_R_SUCCESS) { + if (isc_sockaddr_pf(&query->addrinfo->sockaddr) == PF_INET) { + inc_stats(fctx->res, dns_resstatscounter_responsev4); + } else { + inc_stats(fctx->res, dns_resstatscounter_responsev6); + } } rctx_respinit(query, fctx, eresult, region, &rctx); @@ -7963,6 +8126,17 @@ } /* + * Remember whether this message was signed or had a + * valid client cookie; if not, we may need to retry over + * TCP later. + */ + if (query->rmessage->cc_ok || query->rmessage->tsig != NULL || + query->rmessage->sig0 != NULL) + { + rctx.secured = true; + } + + /* * The dispatcher should ensure we only get responses with QR * set. */ @@ -7973,10 +8147,7 @@ * TCP. This may be a misconfigured anycast server or an attempt * to send a spoofed response. Skip if we have a valid tsig. */ - if (dns_message_gettsig(query->rmessage, NULL) == NULL && - !query->rmessage->cc_ok && !query->rmessage->cc_bad && - (rctx.retryopts & DNS_FETCHOPT_TCP) == 0) - { + if (!rctx.secured && (rctx.retryopts & DNS_FETCHOPT_TCP) == 0) { unsigned char cookie[COOKIE_BUFFER_SIZE]; if (dns_adb_getcookie(fctx->adb, query->addrinfo, cookie, sizeof(cookie)) > CLIENT_COOKIE_SIZE) @@ -7988,8 +8159,7 @@ isc_log_write( dns_lctx, DNS_LOGCATEGORY_RESOLVER, DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO, - "missing expected cookie " - "from %s", + "missing expected cookie from %s", addrbuf); } rctx.retryopts |= DNS_FETCHOPT_TCP; @@ -7999,6 +8169,17 @@ } } + /* + * Check whether we need to retry over TCP for some other reason. + */ + result = rctx_tcpretry(&rctx); + if (result == ISC_R_COMPLETE) { + return; + } + + /* + * Check for EDNS issues. + */ rctx_edns(&rctx); /* @@ -8096,7 +8277,7 @@ /* * Clear cache bits. */ - FCTX_ATTR_CLR(fctx, (FCTX_ATTR_WANTNCACHE | FCTX_ATTR_WANTCACHE)); + FCTX_ATTR_CLR(fctx, FCTX_ATTR_WANTNCACHE | FCTX_ATTR_WANTCACHE); /* * Did we get any answers? @@ -8329,6 +8510,9 @@ fctx->timeout = true; fctx->timeouts++; + rctx->no_response = true; + rctx->finish = NULL; + isc_time_now(&now); /* netmgr timeouts are accurate to the millisecond */ if (isc_time_microdiff(&fctx->expires, &now) < US_PER_MS) { @@ -8337,8 +8521,6 @@ } else { FCTXTRACE("query timed out; trying next server"); /* try next server */ - rctx->no_response = true; - rctx->finish = NULL; rctx->next_server = true; } @@ -8397,7 +8579,6 @@ */ rctx->retryopts |= DNS_FETCHOPT_NOEDNS0; rctx->resend = true; - add_bad_edns(fctx, &query->addrinfo->sockaddr); inc_stats(fctx->res, dns_resstatscounter_edns0fail); } else { rctx->broken_server = result; @@ -8415,7 +8596,6 @@ */ rctx->retryopts |= DNS_FETCHOPT_NOEDNS0; rctx->resend = true; - add_bad_edns(fctx, &query->addrinfo->sockaddr); inc_stats(fctx->res, dns_resstatscounter_edns0fail); } else { rctx->broken_server = DNS_R_UNEXPECTEDRCODE; @@ -8531,56 +8711,6 @@ fetchctx_t *fctx = rctx->fctx; /* - * We have an affirmative response to the query and we have - * previously got a response from this server which indicated - * EDNS may not be supported so we can now cache the lack of - * EDNS support. - */ - if (rctx->opt == NULL && !EDNSOK(query->addrinfo) && - (query->rmessage->rcode == dns_rcode_noerror || - query->rmessage->rcode == dns_rcode_nxdomain || - query->rmessage->rcode == dns_rcode_refused || - query->rmessage->rcode == dns_rcode_yxdomain) && - bad_edns(fctx, &query->addrinfo->sockaddr)) - { - dns_message_logpacket( - query->rmessage, "received packet (bad edns) from", - &query->addrinfo->sockaddr, DNS_LOGCATEGORY_RESOLVER, - DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), - fctx->res->mctx); - dns_adb_changeflags(fctx->adb, query->addrinfo, - FCTX_ADDRINFO_NOEDNS0, - FCTX_ADDRINFO_NOEDNS0); - } else if (rctx->opt == NULL && - (query->rmessage->flags & DNS_MESSAGEFLAG_TC) == 0 && - !EDNSOK(query->addrinfo) && - (query->rmessage->rcode == dns_rcode_noerror || - query->rmessage->rcode == dns_rcode_nxdomain) && - (rctx->retryopts & DNS_FETCHOPT_NOEDNS0) == 0) - { - /* - * We didn't get a OPT record in response to a EDNS - * query. - * - * Old versions of named incorrectly drop the OPT record - * when there is a signed, truncated response so we - * check that TC is not set. - * - * Record that the server is not talking EDNS. While - * this should be safe to do for any rcode we limit it - * to NOERROR and NXDOMAIN. - */ - dns_message_logpacket( - query->rmessage, "received packet (no opt) from", - &query->addrinfo->sockaddr, DNS_LOGCATEGORY_RESOLVER, - DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), - fctx->res->mctx); - dns_adb_changeflags(fctx->adb, query->addrinfo, - FCTX_ADDRINFO_NOEDNS0, - FCTX_ADDRINFO_NOEDNS0); - } - - /* * If we get a non error EDNS response record the fact so we * won't fallback to plain DNS in the future for this server. */ @@ -8781,8 +8911,8 @@ } /* - * Cache records in the authority section, if - * there are any suitable for caching. + * Cache records in the authority section, if there are + * any suitable for caching. */ rctx_authority_positive(rctx); @@ -8854,7 +8984,7 @@ /* * Don't accept DNAME from parent namespace. */ - if (name_external(name, dns_rdatatype_dname, fctx)) { + if (name_external(name, dns_rdatatype_dname, rctx)) { continue; } @@ -9155,14 +9285,14 @@ /* * rctx_authority_positive(): - * Examine the records in the authority section (if there are any) for a - * positive answer. We expect the names for all rdatasets in this - * section to be subdomains of the domain being queried; any that are - * not are skipped. We expect to find only *one* owner name; any names - * after the first one processed are ignored. We expect to find only - * rdatasets of type NS, RRSIG, or SIG; all others are ignored. Whatever - * remains can be cached at trust level authauthority or additional - * (depending on whether the AA bit was set on the answer). + * If a positive answer was received over TCP or secured with a cookie + * or TSIG, examine the authority section. We expect names for all + * rdatasets in this section to be subdomains of the domain being queried; + * any that are not are skipped. We expect to find only *one* owner name; + * any names after the first one processed are ignored. We expect to find + * only rdatasets of type NS; all others are ignored. Whatever remains can + * be cached at trust level authauthority or additional (depending on + * whether the AA bit was set on the answer). */ static void rctx_authority_positive(respctx_t *rctx) { @@ -9170,6 +9300,11 @@ bool done = false; isc_result_t result; + /* If it's spoofable, don't cache it. */ + if (!rctx->secured && (rctx->query->options & DNS_FETCHOPT_TCP) == 0) { + return; + } + result = dns_message_firstname(rctx->query->rmessage, DNS_SECTION_AUTHORITY); while (!done && result == ISC_R_SUCCESS) { @@ -9178,7 +9313,9 @@ dns_message_currentname(rctx->query->rmessage, DNS_SECTION_AUTHORITY, &name); - if (!name_external(name, dns_rdatatype_ns, fctx)) { + if (!name_external(name, dns_rdatatype_ns, rctx) && + dns_name_issubdomain(fctx->name, name)) + { dns_rdataset_t *rdataset = NULL; /* @@ -9443,11 +9580,10 @@ if (rctx->ns_name != NULL && name != rctx->ns_name) { - log_formerr(fctx, "multiple NS " - "RRsets " - "in " - "authority " - "section"); + log_formerr( + fctx, + "multiple NS RRsets in " + "authority section"); rctx->result = DNS_R_FORMERR; return ISC_R_COMPLETE; } @@ -9468,11 +9604,10 @@ if (rctx->soa_name != NULL && name != rctx->soa_name) { - log_formerr(fctx, "multiple " - "SOA RRs " - "in " - "authority " - "section"); + log_formerr( + fctx, + "multiple SOA RRs in " + "authority section"); rctx->result = DNS_R_FORMERR; return ISC_R_COMPLETE; } @@ -9622,8 +9757,8 @@ * one DS RRset. */ if (rctx->ns_name == NULL) { - log_formerr(fctx, "DS with no " - "referral"); + log_formerr(fctx, + "DS with no referral"); rctx->result = DNS_R_FORMERR; return ISC_R_COMPLETE; } @@ -9632,10 +9767,9 @@ if (rctx->ds_name != NULL && name != rctx->ds_name) { - log_formerr(fctx, "DS doesn't " - "match " - "referral " - "(NS)"); + log_formerr(fctx, + "DS doesn't match " + "referral (NS)"); rctx->result = DNS_R_FORMERR; return ISC_R_COMPLETE; } @@ -10153,7 +10287,7 @@ dns_dt_send(fctx->res->view, dtmsgtype, la, &rctx->query->addrinfo->sockaddr, - ((rctx->query->options & DNS_FETCHOPT_TCP) != 0), &zr, + (rctx->query->options & DNS_FETCHOPT_TCP) != 0, &zr, &rctx->query->start, NULL, &rctx->buffer); #endif /* HAVE_DNSTAP */ } @@ -10187,7 +10321,6 @@ /* * Remember that they may not like EDNS0. */ - add_bad_edns(fctx, &query->addrinfo->sockaddr); inc_stats(fctx->res, dns_resstatscounter_edns0fail); } else if (rcode == dns_rcode_formerr) { if (query->rmessage->cc_echoed) { @@ -10361,12 +10494,12 @@ RTRACE("destroy"); - REQUIRE(atomic_load_acquire(&res->nfctx) == 0); - isc_mutex_destroy(&res->primelock); isc_mutex_destroy(&res->lock); for (i = 0; i < res->nbuckets; i++) { - INSIST(ISC_LIST_EMPTY(res->buckets[i].fctxs)); + INSIST(res->buckets[i].nfctxs == 0); + INSIST(isc_ht_count(res->buckets[i].fctxs) == 0); + isc_ht_destroy(&res->buckets[i].fctxs); isc_task_shutdown(res->buckets[i].task); isc_task_detach(&res->buckets[i].task); isc_mutex_destroy(&res->buckets[i].lock); @@ -10374,7 +10507,8 @@ isc_mem_put(res->mctx, res->buckets, res->nbuckets * sizeof(fctxbucket_t)); for (i = 0; i < HASHSIZE(res->dhashbits); i++) { - INSIST(ISC_LIST_EMPTY(res->dbuckets[i].list)); + INSIST(isc_ht_count(res->dbuckets[i].counters) == 0); + isc_ht_destroy(&res->dbuckets[i].counters); isc_mutex_destroy(&res->dbuckets[i].lock); } isc_mem_put(res->mctx, res->dbuckets, @@ -10505,7 +10639,6 @@ atomic_init(&res->exiting, false); atomic_init(&res->priming, false); atomic_init(&res->zspill, 0); - atomic_init(&res->nfctx, 0); ISC_LIST_INIT(res->whenshutdown); ISC_LIST_INIT(res->alternates); @@ -10542,7 +10675,8 @@ snprintf(name, sizeof(name), "res%" PRIu32, i); isc_task_setname(res->buckets[i].task, name, res); - ISC_LIST_INIT(res->buckets[i].fctxs); + isc_ht_init(&res->buckets[i].fctxs, res->mctx, 8, + ISC_HT_CASE_SENSITIVE); atomic_init(&res->buckets[i].exiting, false); } @@ -10550,8 +10684,10 @@ HASHSIZE(res->dhashbits) * sizeof(res->dbuckets[0])); for (size_t i = 0; i < HASHSIZE(res->dhashbits); i++) { - res->dbuckets[i] = (zonebucket_t){ .list = { 0 } }; - ISC_LIST_INIT(res->dbuckets[i].list); + res->dbuckets[i] = (zonebucket_t){ 0 }; + isc_ht_init(&res->dbuckets[i].counters, res->mctx, 8, + ISC_HT_CASE_SENSITIVE); + isc_mutex_init(&res->dbuckets[i].lock); } @@ -10779,33 +10915,45 @@ void dns_resolver_shutdown(dns_resolver_t *res) { unsigned int i; - fetchctx_t *fctx; isc_result_t result; - bool is_false = false; bool is_done = false; REQUIRE(VALID_RESOLVER(res)); RTRACE("shutdown"); - if (atomic_compare_exchange_strong(&res->exiting, &is_false, true)) { + if (atomic_compare_exchange_strong(&res->exiting, &(bool){ false }, + true)) + { RTRACE("exiting"); for (i = 0; i < res->nbuckets; i++) { LOCK(&res->buckets[i].lock); - for (fctx = ISC_LIST_HEAD(res->buckets[i].fctxs); - fctx != NULL; fctx = ISC_LIST_NEXT(fctx, link)) + isc_ht_iter_t *it = NULL; + + isc_ht_iter_create(res->buckets[i].fctxs, &it); + + for (result = isc_ht_iter_first(it); + result == ISC_R_SUCCESS; + result = isc_ht_iter_next(it)) { + fetchctx_t *fctx = NULL; + isc_ht_iter_current(it, (void **)&fctx); fctx_shutdown(fctx); } + + isc_ht_iter_destroy(&it); + atomic_store(&res->buckets[i].exiting, true); - if (ISC_LIST_EMPTY(res->buckets[i].fctxs)) { + + if (res->buckets[i].nfctxs == 0) { if (isc_refcount_decrement( &res->activebuckets) == 1) { is_done = true; } } + UNLOCK(&res->buckets[i].lock); } if (is_done) { @@ -10836,24 +10984,6 @@ } } -static bool -fctx_match(fetchctx_t *fctx, const dns_name_t *name, dns_rdatatype_t type, - unsigned int options) { - /* - * Don't match fetch contexts that are shutting down. - */ - if (fctx->cloned || fctx->state == fetchstate_done || - ISC_LIST_EMPTY(fctx->events)) - { - return false; - } - - if (fctx->type != type || fctx->options != options) { - return false; - } - return dns_name_equal(fctx->name, name); -} - static void log_fetch(const dns_name_t *name, dns_rdatatype_t type) { char namebuf[DNS_NAME_FORMATSIZE]; @@ -11044,13 +11174,13 @@ } if ((options & DNS_FETCHOPT_UNSHARED) == 0) { - for (fctx = ISC_LIST_HEAD(res->buckets[bucketnum].fctxs); - fctx != NULL; fctx = ISC_LIST_NEXT(fctx, link)) - { - if (fctx_match(fctx, name, type, options)) { - break; - } - } + uint8_t key[DNS_FCTX_KEYSIZE]; + size_t keysize = sizeof(key); + + fctx_makekey(name, type, options, key, &keysize); + + (void)isc_ht_find(res->buckets[bucketnum].fctxs, key, keysize, + (void **)&fctx); } /* @@ -11197,6 +11327,7 @@ } } } + /* * The "trystale" event must be sent before the "fetchdone" event, * because the latter clears the "recursing" query attribute, which is @@ -11215,10 +11346,9 @@ isc_task_sendanddetach(&etask, ISC_EVENT_PTR(&event_fetchdone)); } - /* - * The fctx continues running even if no fetches remain; - * the answer is still cached. - */ + if (ISC_LIST_EMPTY(fctx->events)) { + fctx_shutdown(fctx); + } UNLOCK(&res->buckets[fctx->bucketnum].lock); } @@ -11816,17 +11946,24 @@ REQUIRE(format == isc_statsformat_file); for (size_t i = 0; i < HASHSIZE(resolver->dhashbits); i++) { - fctxcount_t *fc; LOCK(&resolver->dbuckets[i].lock); - for (fc = ISC_LIST_HEAD(resolver->dbuckets[i].list); fc != NULL; - fc = ISC_LIST_NEXT(fc, link)) - { - dns_name_print(fc->domain, fp); + isc_ht_iter_t *it = NULL; + isc_result_t result; + + isc_ht_iter_create(resolver->dbuckets[i].counters, &it); + for (result = isc_ht_iter_first(it); result == ISC_R_SUCCESS; + result = isc_ht_iter_next(it)) + { + fctxcount_t *counter = NULL; + isc_ht_iter_current(it, (void **)&counter); + dns_name_print(counter->domain, fp); fprintf(fp, ": %u active (%u spilled, %u " "allowed)\n", - fc->count, fc->dropped, fc->allowed); + counter->count, counter->dropped, + counter->allowed); } + isc_ht_iter_destroy(&it); UNLOCK(&resolver->dbuckets[i].lock); } } diff -Nru bind9-9.18.33/lib/dns/rpz.c bind9-9.18.41/lib/dns/rpz.c --- bind9-9.18.33/lib/dns/rpz.c 2025-01-20 13:39:31.287357411 +0000 +++ bind9-9.18.41/lib/dns/rpz.c 2025-10-18 10:21:03.165261762 +0000 @@ -802,7 +802,7 @@ dns_fixedname_t ip_name2f; dns_name_t ip_name; const char *prefix_str = NULL, *cp = NULL, *end = NULL; - char *cp2; + char *prefix_end, *cp2; int ip_labels; dns_rpz_prefix_t prefix; unsigned long prefix_num, l; @@ -840,12 +840,9 @@ ""); return ISC_R_FAILURE; } - /* - * Patch in trailing nul character to print just the length - * label (for various cases below). - */ - *cp2 = '\0'; + prefix_end = cp2; if (prefix_num < 1U || prefix_num > 128U) { + *prefix_end = '\0'; badname(log_level, src_name, "; invalid prefix length of ", prefix_str); return ISC_R_FAILURE; @@ -858,6 +855,7 @@ * from the form "prefix.z.y.x.w" */ if (prefix_num > 32U) { + *prefix_end = '\0'; badname(log_level, src_name, "; invalid IPv4 prefix length of ", prefix_str); return ISC_R_FAILURE; @@ -936,6 +934,7 @@ i = prefix % DNS_RPZ_CIDR_WORD_BITS; aword = tgt_ip->w[prefix / DNS_RPZ_CIDR_WORD_BITS]; if ((aword & ~DNS_RPZ_WORD_MASK(i)) != 0) { + *prefix_end = '\0'; badname(log_level, src_name, "; too small prefix length of ", prefix_str); return ISC_R_FAILURE; diff -Nru bind9-9.18.33/lib/dns/sdb.c bind9-9.18.41/lib/dns/sdb.c --- bind9-9.18.33/lib/dns/sdb.c 2025-01-20 13:39:31.288357428 +0000 +++ bind9-9.18.41/lib/dns/sdb.c 2025-10-18 10:21:03.165261762 +0000 @@ -1439,7 +1439,7 @@ NULL, /* clearprefetch */ NULL, /* setownercase */ NULL, /* getownercase */ - NULL /* addglue */ + NULL, /* addglue */ }; static void diff -Nru bind9-9.18.33/lib/dns/sdlz.c bind9-9.18.41/lib/dns/sdlz.c --- bind9-9.18.33/lib/dns/sdlz.c 2025-01-20 13:39:31.288357428 +0000 +++ bind9-9.18.41/lib/dns/sdlz.c 2025-10-18 10:21:03.166261789 +0000 @@ -1451,7 +1451,7 @@ NULL, /* clearprefetch */ NULL, /* setownercase */ NULL, /* getownercase */ - NULL /* addglue */ + NULL, /* addglue */ }; static void diff -Nru bind9-9.18.33/lib/dns/stats.c bind9-9.18.41/lib/dns/stats.c --- bind9-9.18.33/lib/dns/stats.c 2025-01-20 13:39:31.288357428 +0000 +++ bind9-9.18.41/lib/dns/stats.c 2025-10-18 10:21:03.166261789 +0000 @@ -212,7 +212,7 @@ * plus one additional for other RRtypes. */ return create_stats(mctx, dns_statstype_rdtype, - (RDTYPECOUNTER_MAXTYPE + 1), statsp); + RDTYPECOUNTER_MAXTYPE + 1, statsp); } isc_result_t @@ -220,7 +220,7 @@ REQUIRE(statsp != NULL && *statsp == NULL); return create_stats(mctx, dns_statstype_rdataset, - (RDTYPECOUNTER_MAXVAL + 1), statsp); + RDTYPECOUNTER_MAXVAL + 1, statsp); } isc_result_t @@ -382,7 +382,7 @@ uint32_t counter = isc_stats_get_counter(stats->counters, idx); if (counter == kval) { /* Match */ - isc_stats_increment(stats->counters, (idx + operation)); + isc_stats_increment(stats->counters, idx + operation); return; } } @@ -393,23 +393,23 @@ uint32_t counter = isc_stats_get_counter(stats->counters, idx); if (counter == 0) { isc_stats_set(stats->counters, kval, idx); - isc_stats_increment(stats->counters, (idx + operation)); + isc_stats_increment(stats->counters, idx + operation); return; } } /* No room, grow stats storage. */ isc_stats_resize(&stats->counters, - (num_keys * dnssecsign_block_size * 2)); + num_keys * dnssecsign_block_size * 2); /* Reset counters for new key (new index, nidx). */ int nidx = num_keys * dnssecsign_block_size; isc_stats_set(stats->counters, kval, nidx); - isc_stats_set(stats->counters, 0, (nidx + dns_dnssecsignstats_sign)); - isc_stats_set(stats->counters, 0, (nidx + dns_dnssecsignstats_refresh)); + isc_stats_set(stats->counters, 0, nidx + dns_dnssecsignstats_sign); + isc_stats_set(stats->counters, 0, nidx + dns_dnssecsignstats_refresh); /* And increment the counter for the given operation. */ - isc_stats_increment(stats->counters, (nidx + operation)); + isc_stats_increment(stats->counters, nidx + operation); } void @@ -432,9 +432,9 @@ /* Match */ isc_stats_set(stats->counters, 0, idx); isc_stats_set(stats->counters, 0, - (idx + dns_dnssecsignstats_sign)); + idx + dns_dnssecsignstats_sign); isc_stats_set(stats->counters, 0, - (idx + dns_dnssecsignstats_refresh)); + idx + dns_dnssecsignstats_refresh); return; } } @@ -562,7 +562,7 @@ continue; } - val = isc_stats_get_counter(stats, (idx + operation)); + val = isc_stats_get_counter(stats, idx + operation); if ((options & ISC_STATSDUMP_VERBOSE) == 0 && val == 0) { continue; } diff -Nru bind9-9.18.33/lib/dns/tkey.c bind9-9.18.41/lib/dns/tkey.c --- bind9-9.18.33/lib/dns/tkey.c 2025-01-20 13:39:31.289357446 +0000 +++ bind9-9.18.41/lib/dns/tkey.c 2025-10-18 10:21:03.167261816 +0000 @@ -1583,10 +1583,9 @@ */ RETERR(dns_tsigkey_createfromkey( - tkeyname, - (win2k ? DNS_TSIG_GSSAPIMS_NAME : DNS_TSIG_GSSAPI_NAME), dstkey, - true, NULL, rtkey.inception, rtkey.expire, ring->mctx, ring, - outkey)); + tkeyname, win2k ? DNS_TSIG_GSSAPIMS_NAME : DNS_TSIG_GSSAPI_NAME, + dstkey, true, NULL, rtkey.inception, rtkey.expire, ring->mctx, + ring, outkey)); dst_key_free(&dstkey); dns_rdata_freestruct(&rtkey); return result; diff -Nru bind9-9.18.33/lib/dns/ttl.c bind9-9.18.41/lib/dns/ttl.c --- bind9-9.18.33/lib/dns/ttl.c 2025-01-20 13:39:31.289357446 +0000 +++ bind9-9.18.41/lib/dns/ttl.c 2025-10-18 10:21:03.167261816 +0000 @@ -89,23 +89,23 @@ x = 0; if (weeks != 0) { - RETERR(ttlfmt(weeks, "week", verbose, (x > 0), target)); + RETERR(ttlfmt(weeks, "week", verbose, x > 0, target)); x++; } if (days != 0) { - RETERR(ttlfmt(days, "day", verbose, (x > 0), target)); + RETERR(ttlfmt(days, "day", verbose, x > 0, target)); x++; } if (hours != 0) { - RETERR(ttlfmt(hours, "hour", verbose, (x > 0), target)); + RETERR(ttlfmt(hours, "hour", verbose, x > 0, target)); x++; } if (mins != 0) { - RETERR(ttlfmt(mins, "minute", verbose, (x > 0), target)); + RETERR(ttlfmt(mins, "minute", verbose, x > 0, target)); x++; } if (secs != 0 || (weeks == 0 && days == 0 && hours == 0 && mins == 0)) { - RETERR(ttlfmt(secs, "second", verbose, (x > 0), target)); + RETERR(ttlfmt(secs, "second", verbose, x > 0, target)); x++; } INSIST(x > 0); diff -Nru bind9-9.18.33/lib/dns/validator.c bind9-9.18.41/lib/dns/validator.c --- bind9-9.18.33/lib/dns/validator.c 2025-01-20 13:39:31.290357463 +0000 +++ bind9-9.18.41/lib/dns/validator.c 2025-10-18 10:21:03.168261843 +0000 @@ -137,6 +137,10 @@ dns_rdatatype_t type, const char *caller, const char *operation); +static isc_result_t +create_fetch(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type, + isc_taskaction_t callback, const char *caller); + /*% * Ensure the validator's rdatasets are marked as expired. */ @@ -431,6 +435,8 @@ result = select_signing_key(val, rdataset); if (result == ISC_R_SUCCESS) { val->keyset = &val->frdataset; + } else { + val->failed = true; } } result = validate_answer(val, true); @@ -555,7 +561,7 @@ * so keep looking for the break in the chain * of trust. */ - result = proveunsecure(val, (eresult == ISC_R_SUCCESS), + result = proveunsecure(val, eresult == ISC_R_SUCCESS, true); if (result != DNS_R_WAIT) { validator_done(val, result); @@ -641,7 +647,6 @@ dns_validator_t *val; bool want_destroy; isc_result_t result; - isc_result_t eresult; isc_result_t saved_result; UNUSED(task); @@ -649,7 +654,7 @@ devent = (dns_validatorevent_t *)event; val = devent->ev_arg; - eresult = devent->result; + result = devent->result; isc_event_free(&event); dns_validator_destroy(&val->subvalidator); @@ -659,8 +664,8 @@ validator_log(val, ISC_LOG_DEBUG(3), "in validator_callback_dnskey"); LOCK(&val->lock); if (CANCELED(val)) { - validator_done(val, ISC_R_CANCELED); - } else if (eresult == ISC_R_SUCCESS) { + result = ISC_R_CANCELED; + } else if (result == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), "keyset with trust %s", dns_trust_totext(val->frdataset.trust)); /* @@ -681,17 +686,23 @@ result = saved_result; } } - if (result != DNS_R_WAIT) { - validator_done(val, result); - } } else { - if (eresult != DNS_R_BROKENCHAIN) { - expire_rdatasets(val); - } validator_log(val, ISC_LOG_DEBUG(3), "validator_callback_dnskey: got %s", - isc_result_totext(eresult)); - validator_done(val, DNS_R_BROKENCHAIN); + isc_result_totext(result)); + if (result != DNS_R_BROKENCHAIN) { + expire_rdatasets(val); + result = create_fetch(val, &val->siginfo->signer, + dns_rdatatype_dnskey, + fetch_callback_dnskey, + "validator_callback_dnskey"); + if (result == ISC_R_SUCCESS) { + result = DNS_R_WAIT; + } + } + } + if (result != DNS_R_WAIT) { + validator_done(val, result); } want_destroy = exit_check(val); @@ -712,14 +723,13 @@ dns_validator_t *val; bool want_destroy; isc_result_t result; - isc_result_t eresult; UNUSED(task); INSIST(event->ev_type == DNS_EVENT_VALIDATORDONE); devent = (dns_validatorevent_t *)event; val = devent->ev_arg; - eresult = devent->result; + result = devent->result; isc_event_free(&event); dns_validator_destroy(&val->subvalidator); @@ -729,8 +739,8 @@ validator_log(val, ISC_LOG_DEBUG(3), "in validator_callback_ds"); LOCK(&val->lock); if (CANCELED(val)) { - validator_done(val, ISC_R_CANCELED); - } else if (eresult == ISC_R_SUCCESS) { + result = ISC_R_CANCELED; + } else if (result == ISC_R_SUCCESS) { bool have_dsset; dns_name_t *name; validator_log(val, ISC_LOG_DEBUG(3), "%s with trust %s", @@ -754,17 +764,22 @@ } else { result = validate_dnskey(val); } - if (result != DNS_R_WAIT) { - validator_done(val, result); - } } else { - if (eresult != DNS_R_BROKENCHAIN) { - expire_rdatasets(val); - } validator_log(val, ISC_LOG_DEBUG(3), "validator_callback_ds: got %s", - isc_result_totext(eresult)); - validator_done(val, DNS_R_BROKENCHAIN); + isc_result_totext(result)); + if (result != DNS_R_BROKENCHAIN) { + expire_rdatasets(val); + result = create_fetch( + val, val->event->name, dns_rdatatype_ds, + fetch_callback_ds, "validator_callback_ds"); + if (result == ISC_R_SUCCESS) { + result = DNS_R_WAIT; + } + } + } + if (result != DNS_R_WAIT) { + validator_done(val, result); } want_destroy = exit_check(val); @@ -1161,6 +1176,8 @@ goto done; } dst_key_free(&val->key); + } else { + break; } dns_rdata_reset(&rdata); result = dns_rdataset_next(rdataset); @@ -1247,14 +1264,13 @@ * We have an rrset for the given keyname. */ val->keyset = &val->frdataset; - if ((DNS_TRUST_PENDING(val->frdataset.trust) || - DNS_TRUST_ANSWER(val->frdataset.trust)) && - dns_rdataset_isassociated(&val->fsigrdataset)) + if (DNS_TRUST_PENDING(val->frdataset.trust) || + DNS_TRUST_ANSWER(val->frdataset.trust)) { /* - * We know the key but haven't validated it yet or - * we have a key of trust answer but a DS - * record for the zone may have been added. + * We know the key but haven't validated it yet, or + * we had a key with trust level "answer" and + * a DS record for the zone has now been added. */ result = create_validator( val, &siginfo->signer, dns_rdatatype_dnskey, @@ -1264,12 +1280,6 @@ return result; } return DNS_R_WAIT; - } else if (DNS_TRUST_PENDING(val->frdataset.trust)) { - /* - * Having a pending key with no signature means that - * something is broken. - */ - result = DNS_R_CONTINUE; } else if (val->frdataset.trust < dns_trust_secure) { /* * The key is legitimately insecure. There's no @@ -1285,13 +1295,15 @@ "keyset with trust %s", dns_trust_totext(val->frdataset.trust)); result = select_signing_key(val, val->keyset); - if (result != ISC_R_SUCCESS) { + if (result == ISC_R_NOTFOUND) { /* - * Either the key we're looking for is not - * in the rrset, or something bad happened. - * Give up. + * The key we're looking for is not + * in the rrset */ result = DNS_R_CONTINUE; + } else if (result != ISC_R_SUCCESS) { + /* Something bad happened. Give up. */ + break; } } break; @@ -1352,17 +1364,17 @@ /*% * Is the DNSKEY rrset in val->event->rdataset self-signed? */ -static bool +static isc_result_t selfsigned_dnskey(dns_validator_t *val) { dns_rdataset_t *rdataset = val->event->rdataset; dns_rdataset_t *sigrdataset = val->event->sigrdataset; dns_name_t *name = val->event->name; isc_result_t result; isc_mem_t *mctx = val->view->mctx; - bool answer = false; + bool match = false; if (rdataset->type != dns_rdatatype_dnskey) { - return false; + return DNS_R_NOKEYMATCH; } for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; @@ -1384,8 +1396,6 @@ result == ISC_R_SUCCESS; result = dns_rdataset_next(sigrdataset)) { - dst_key_t *dstkey = NULL; - dns_rdata_reset(&sigrdata); dns_rdataset_current(sigrdataset, &sigrdata); result = dns_rdata_tostruct(&sigrdata, &sig, NULL); @@ -1400,18 +1410,16 @@ /* * If the REVOKE bit is not set we have a - * theoretically self signed DNSKEY RRset. - * This will be verified later. + * theoretically self-signed DNSKEY RRset; + * this will be verified later. + * + * We don't return the answer yet, though, + * because we need to check the remaining keys + * and possbly remove them if they're revoked. */ if ((key.flags & DNS_KEYFLAG_REVOKE) == 0) { - answer = true; - continue; - } - - result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, - &dstkey); - if (result != ISC_R_SUCCESS) { - continue; + match = true; + break; } /* @@ -1421,6 +1429,14 @@ if (DNS_TRUST_PENDING(rdataset->trust) && dns_view_istrusted(val->view, name, &key)) { + dst_key_t *dstkey = NULL; + + result = dns_dnssec_keyfromrdata( + name, &keyrdata, mctx, &dstkey); + if (result != ISC_R_SUCCESS) { + break; + } + result = dns_dnssec_verify( name, rdataset, dstkey, true, val->view->maxbits, mctx, &sigrdata, @@ -1433,6 +1449,8 @@ */ dns_view_untrust(val->view, name, &key); } + + dst_key_free(&dstkey); } else if (rdataset->trust >= dns_trust_secure) { /* * We trust this RRset so if the key is @@ -1440,12 +1458,14 @@ */ dns_view_untrust(val->view, name, &key); } - - dst_key_free(&dstkey); } } - return answer; + if (!match) { + return DNS_R_NOKEYMATCH; + } + + return ISC_R_SUCCESS; } /*% @@ -1662,14 +1682,16 @@ dns_rdata_rrsig_t sig; dst_key_t *dstkey = NULL; isc_result_t result; + dns_rdataset_t rdataset = DNS_RDATASET_INIT; - for (result = dns_rdataset_first(val->event->sigrdataset); - result == ISC_R_SUCCESS; - result = dns_rdataset_next(val->event->sigrdataset)) + dns_rdataset_clone(val->event->sigrdataset, &rdataset); + + for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; + result = dns_rdataset_next(&rdataset)) { dns_rdata_t rdata = DNS_RDATA_INIT; - dns_rdataset_current(val->event->sigrdataset, &rdata); + dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &sig, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); if (keyid != sig.keyid || algorithm != sig.algorithm) { @@ -1680,10 +1702,7 @@ val->event->name, keyrdata, val->view->mctx, &dstkey); if (result != ISC_R_SUCCESS) { - /* - * This really shouldn't happen, but... - */ - continue; + return result; } } result = verify(val, dstkey, &rdata, sig.keyid); @@ -1695,6 +1714,7 @@ if (dstkey != NULL) { dst_key_free(&dstkey); } + dns_rdataset_disassociate(&rdataset); return result; } @@ -1723,9 +1743,8 @@ * We have a DS RRset. */ val->dsset = &val->frdataset; - if ((DNS_TRUST_PENDING(val->frdataset.trust) || - DNS_TRUST_ANSWER(val->frdataset.trust)) && - dns_rdataset_isassociated(&val->fsigrdataset)) + if (DNS_TRUST_PENDING(val->frdataset.trust) || + DNS_TRUST_ANSWER(val->frdataset.trust)) { /* * ... which is signed but not yet validated. @@ -1733,21 +1752,12 @@ result = create_validator( val, tname, dns_rdatatype_ds, &val->frdataset, &val->fsigrdataset, validator_callback_ds, - "validate_dnskey"); + "get_dsset"); *resp = DNS_R_WAIT; if (result != ISC_R_SUCCESS) { *resp = result; } return ISC_R_COMPLETE; - } else if (DNS_TRUST_PENDING(val->frdataset.trust)) { - /* - * There should never be an unsigned DS. - */ - disassociate_rdatasets(val); - validator_log(val, ISC_LOG_DEBUG(2), - "unsigned DS record"); - *resp = DNS_R_NOVALIDSIG; - return ISC_R_COMPLETE; } break; @@ -2726,7 +2736,7 @@ "no supported algorithm/" "digest (%s/DS)", namebuf); - *resp = markanswer(val, "proveunsecure (5)", + *resp = markanswer(val, "seek_ds (1)", "no supported " "algorithm/digest (DS)"); return ISC_R_COMPLETE; @@ -2738,22 +2748,12 @@ /* * Otherwise, try to validate it now. */ - if (dns_rdataset_isassociated(&val->fsigrdataset)) { - result = create_validator( - val, tname, dns_rdatatype_ds, &val->frdataset, - &val->fsigrdataset, validator_callback_ds, - "proveunsecure"); - *resp = DNS_R_WAIT; - if (result != ISC_R_SUCCESS) { - *resp = result; - } - } else { - /* - * There should never be an unsigned DS. - */ - validator_log(val, ISC_LOG_DEBUG(3), - "unsigned DS record"); - *resp = DNS_R_NOVALIDSIG; + result = create_validator(val, tname, dns_rdatatype_ds, + &val->frdataset, &val->fsigrdataset, + validator_callback_ds, "seek_ds"); + *resp = DNS_R_WAIT; + if (result != ISC_R_SUCCESS) { + *resp = result; } return ISC_R_COMPLETE; @@ -2764,7 +2764,7 @@ */ *resp = DNS_R_WAIT; result = create_fetch(val, tname, dns_rdatatype_ds, - fetch_callback_ds, "proveunsecure"); + fetch_callback_ds, "seek_ds"); if (result != ISC_R_SUCCESS) { *resp = result; } @@ -2785,7 +2785,7 @@ result = create_validator( val, tname, dns_rdatatype_ds, &val->frdataset, &val->fsigrdataset, validator_callback_ds, - "proveunsecure"); + "seek_ds"); *resp = DNS_R_WAIT; if (result != ISC_R_SUCCESS) { *resp = result; @@ -2805,7 +2805,7 @@ NULL) == ISC_R_SUCCESS && dns_name_equal(tname, found)) { - *resp = markanswer(val, "proveunsecure (3)", + *resp = markanswer(val, "seek_ds (2)", "no DS at zone cut"); return ISC_R_COMPLETE; } @@ -2825,7 +2825,7 @@ } if (isdelegation(tname, &val->frdataset, result)) { - *resp = markanswer(val, "proveunsecure (4)", + *resp = markanswer(val, "seek_ds (3)", "this is a delegation"); return ISC_R_COMPLETE; } @@ -2857,7 +2857,7 @@ result = create_validator( val, tname, dns_rdatatype_ds, &val->frdataset, &val->fsigrdataset, validator_callback_ds, - "proveunsecure"); + "seek_ds"); if (result != ISC_R_SUCCESS) { *resp = result; } @@ -2886,9 +2886,7 @@ result = create_validator( val, tname, dns_rdatatype_cname, &val->frdataset, &val->fsigrdataset, - validator_callback_cname, - "proveunsecure " - "(cname)"); + validator_callback_cname, "seek_ds (cname)"); *resp = DNS_R_WAIT; if (result != ISC_R_SUCCESS) { *resp = result; @@ -3064,11 +3062,22 @@ INSIST(dns_rdataset_isassociated(val->event->rdataset)); INSIST(dns_rdataset_isassociated(val->event->sigrdataset)); - if (selfsigned_dnskey(val)) { + + result = selfsigned_dnskey(val); + switch (result) { + case ISC_R_SUCCESS: result = validate_dnskey(val); - } else { + break; + case DNS_R_NOKEYMATCH: result = validate_answer(val, false); + break; + default: + validator_log(val, ISC_LOG_INFO, + "invalid selfsigned DNSKEY: %s", + isc_result_totext(result)); + goto cleanup; } + if (result == DNS_R_NOVALIDSIG && (val->attributes & VALATTR_TRIEDVERIFY) == 0) { @@ -3137,6 +3146,7 @@ UNREACHABLE(); } +cleanup: if (result != DNS_R_WAIT) { want_destroy = exit_check(val); validator_done(val, result); diff -Nru bind9-9.18.33/lib/dns/view.c bind9-9.18.41/lib/dns/view.c --- bind9-9.18.33/lib/dns/view.c 2025-01-20 13:39:31.290357463 +0000 +++ bind9-9.18.41/lib/dns/view.c 2025-10-18 10:21:03.168261843 +0000 @@ -159,9 +159,9 @@ view->task = NULL; isc_refcount_init(&view->references, 1); isc_refcount_init(&view->weakrefs, 1); - atomic_init(&view->attributes, - (DNS_VIEWATTR_RESSHUTDOWN | DNS_VIEWATTR_ADBSHUTDOWN | - DNS_VIEWATTR_REQSHUTDOWN)); + atomic_init(&view->attributes, DNS_VIEWATTR_RESSHUTDOWN | + DNS_VIEWATTR_ADBSHUTDOWN | + DNS_VIEWATTR_REQSHUTDOWN); view->transports = NULL; view->statickeys = NULL; view->dynamickeys = NULL; @@ -1010,13 +1010,22 @@ isc_result_t dns_view_addzone(dns_view_t *view, dns_zone_t *zone) { - isc_result_t result; + isc_result_t result = ISC_R_SHUTTINGDOWN; + dns_zt_t *zt = NULL; REQUIRE(DNS_VIEW_VALID(view)); REQUIRE(!view->frozen); - REQUIRE(view->zonetable != NULL); - result = dns_zt_mount(view->zonetable, zone); + LOCK(&view->lock); + if (view->zonetable != NULL) { + dns_zt_attach(view->zonetable, &zt); + } + UNLOCK(&view->lock); + + if (zt != NULL) { + result = dns_zt_mount(zt, zone); + dns_zt_detach(&zt); + } return result; } diff -Nru bind9-9.18.33/lib/dns/zone.c bind9-9.18.41/lib/dns/zone.c --- bind9-9.18.33/lib/dns/zone.c 2025-01-20 13:39:31.293357516 +0000 +++ bind9-9.18.41/lib/dns/zone.c 2025-10-18 10:21:03.171261923 +0000 @@ -3327,16 +3327,17 @@ dns_rdata_mx_t mx; dns_rdata_ns_t ns; dns_rdata_in_srv_t srv; - dns_rdata_t rdata; dns_name_t *name; dns_name_t *bottom; isc_result_t result; bool ok = true, have_spf, have_txt; + char namebuf[DNS_NAME_FORMATSIZE]; + bool logged_algorithm[DST_MAX_ALGS]; + bool logged_digest_type[DNS_DSDIGEST_MAX + 1]; name = dns_fixedname_initname(&fixed); bottom = dns_fixedname_initname(&fixedbottom); dns_rdataset_init(&rdataset); - dns_rdata_init(&rdata); result = dns_db_createiterator(db, 0, &dbiterator); if (result != ISC_R_SUCCESS) { @@ -3363,6 +3364,55 @@ dns_dbiterator_pause(dbiterator); /* + * Check for deprecated KEY algorithms + */ + result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_key, + 0, 0, &rdataset, NULL); + if (result != ISC_R_SUCCESS) { + goto checkforns; + } + + memset(logged_algorithm, 0, sizeof(logged_algorithm)); + for (result = dns_rdataset_first(&rdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(&rdataset)) + { + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_key_t key; + dns_rdataset_current(&rdataset, &rdata); + + result = dns_rdata_tostruct(&rdata, &key, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + /* + * If we ever deprecate a private algorithm use + * dst_algorithm_fromdata() here. + */ + switch (key.algorithm) { + case DNS_KEYALG_RSASHA1: + case DNS_KEYALG_NSEC3RSASHA1: + if (!logged_algorithm[key.algorithm]) { + char algbuf[DNS_SECALG_FORMATSIZE]; + dns_name_format(name, namebuf, + sizeof(namebuf)); + dns_secalg_format(key.algorithm, algbuf, + sizeof(algbuf)); + dnssec_log(zone, ISC_LOG_WARNING, + "%s/KEY deprecated " + "algorithm %u (%s)", + namebuf, key.algorithm, + algbuf); + logged_algorithm[key.algorithm] = true; + } + break; + default: + break; + } + } + dns_rdataset_disassociate(&rdataset); + + checkforns: + /* * Don't check the NS records at the origin. */ if (dns_name_equal(name, &zone->origin)) { @@ -3374,6 +3424,7 @@ if (result != ISC_R_SUCCESS) { goto checkfordname; } + /* * Remember bottom of zone due to NS. */ @@ -3381,6 +3432,7 @@ result = dns_rdataset_first(&rdataset); while (result == ISC_R_SUCCESS) { + dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &ns, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -3391,6 +3443,74 @@ result = dns_rdataset_next(&rdataset); } dns_rdataset_disassociate(&rdataset); + + /* + * Check for deprecated DS digest types. + */ + result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ds, + 0, 0, &rdataset, NULL); + if (result != ISC_R_SUCCESS) { + goto next; + } + + memset(logged_algorithm, 0, sizeof(logged_algorithm)); + memset(logged_digest_type, 0, sizeof(logged_digest_type)); + for (result = dns_rdataset_first(&rdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(&rdataset)) + { + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdataset_current(&rdataset, &rdata); + dns_rdata_ds_t ds; + + result = dns_rdata_tostruct(&rdata, &ds, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + switch (ds.digest_type) { + case DNS_DSDIGEST_SHA1: + case DNS_DSDIGEST_GOST: + if (!logged_digest_type[ds.digest_type]) { + char algbuf[DNS_DSDIGEST_FORMATSIZE]; + dns_name_format(name, namebuf, + sizeof(namebuf)); + dns_dsdigest_format(ds.digest_type, + algbuf, + sizeof(algbuf)); + dnssec_log(zone, ISC_LOG_WARNING, + "%s/DS deprecated digest " + "type %u (%s)", + namebuf, ds.digest_type, + algbuf); + logged_digest_type[ds.digest_type] = + true; + } + break; + } + + /* + * If we ever deprecate a private algorithm use + * dst_algorithm_fromdata() here. + */ + switch (ds.algorithm) { + case DNS_KEYALG_RSASHA1: + case DNS_KEYALG_NSEC3RSASHA1: + if (!logged_algorithm[ds.algorithm]) { + char algbuf[DNS_SECALG_FORMATSIZE]; + dns_name_format(name, namebuf, + sizeof(namebuf)); + dns_secalg_format(ds.algorithm, algbuf, + sizeof(algbuf)); + dnssec_log(zone, ISC_LOG_WARNING, + "%s/DS deprecated algorithm " + "%u (%s)", + namebuf, ds.algorithm, + algbuf); + logged_algorithm[ds.algorithm] = true; + } + break; + } + } + dns_rdataset_disassociate(&rdataset); + goto next; checkfordname: @@ -3412,6 +3532,7 @@ } result = dns_rdataset_first(&rdataset); while (result == ISC_R_SUCCESS) { + dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &mx, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -3434,6 +3555,7 @@ } result = dns_rdataset_first(&rdataset); while (result == ISC_R_SUCCESS) { + dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &srv, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -3470,6 +3592,7 @@ } result = dns_rdataset_first(&rdataset); while (result == ISC_R_SUCCESS) { + dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); have_txt = isspf(&rdata); dns_rdata_reset(&rdata); @@ -3482,8 +3605,6 @@ notxt: if (have_spf && !have_txt) { - char namebuf[DNS_NAME_FORMATSIZE]; - dns_name_format(name, namebuf, sizeof(namebuf)); dns_zone_log(zone, ISC_LOG_WARNING, "'%s' found type " @@ -3516,9 +3637,10 @@ dns_dbnode_t *node = NULL; dns_dbversion_t *version = NULL; dns_rdata_dnskey_t dnskey; - dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_t rdataset; isc_result_t result; + bool logged_algorithm[DST_MAX_ALGS] = { 0 }; + bool alldeprecated = true; result = dns_db_findnode(db, &zone->origin, false, &node); if (result != ISC_R_SUCCESS) { @@ -3536,6 +3658,8 @@ for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) { + char algbuf[DNS_SECALG_FORMATSIZE]; + dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &dnskey, NULL); INSIST(result == ISC_R_SUCCESS); @@ -3577,10 +3701,36 @@ algorithm, dnskey.algorithm, dst_region_computeid(&r)); } - dns_rdata_reset(&rdata); + + switch (dnskey.algorithm) { + case DNS_KEYALG_RSAMD5: + case DNS_KEYALG_DSA: + case DNS_KEYALG_RSASHA1: + case DNS_KEYALG_NSEC3DSA: + case DNS_KEYALG_NSEC3RSASHA1: + case DNS_KEYALG_ECCGOST: + if (!logged_algorithm[dnskey.algorithm]) { + dns_secalg_format(dnskey.algorithm, algbuf, + sizeof(algbuf)); + dnssec_log(zone, ISC_LOG_WARNING, + "deprecated DNSKEY algorithm found: " + "%u (%s)\n", + dnskey.algorithm, algbuf); + logged_algorithm[dnskey.algorithm] = true; + } + break; + default: + alldeprecated = false; + break; + } } dns_rdataset_disassociate(&rdataset); + if (alldeprecated) { + dnssec_log(zone, ISC_LOG_WARNING, + "all DNSKEY algorithms found are deprecated"); + } + cleanup: if (node != NULL) { dns_db_detachnode(db, &node); @@ -4383,7 +4533,7 @@ /* Add to keytables. */ trusted++; - trust_key(zone, name, &dnskey, (keydata.addhd == 0)); + trust_key(zone, name, &dnskey, keydata.addhd == 0); } if (trusted == 0 && pending != 0) { @@ -4562,7 +4712,7 @@ failure: dns_diff_clear(&diff); if (ver != NULL) { - dns_db_closeversion(db, &ver, (result == ISC_R_SUCCESS)); + dns_db_closeversion(db, &ver, result == ISC_R_SUCCESS); } INSIST(ver == NULL); @@ -5930,142 +6080,163 @@ return atomic_load_relaxed(&zone->keyopts); } -isc_result_t +void dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(xfrsource != NULL); LOCK_ZONE(zone); zone->xfrsource4 = *xfrsource; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getxfrsource4(dns_zone_t *zone) { +void +dns_zone_getxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->xfrsource4; + REQUIRE(xfrsource != NULL); + + LOCK_ZONE(zone); + *xfrsource = zone->xfrsource4; + UNLOCK_ZONE(zone); } -isc_result_t +void dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(xfrsource != NULL); LOCK_ZONE(zone); zone->xfrsource6 = *xfrsource; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getxfrsource6(dns_zone_t *zone) { +void +dns_zone_getxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->xfrsource6; + REQUIRE(xfrsource != NULL); + + LOCK_ZONE(zone); + *xfrsource = zone->xfrsource6; + UNLOCK_ZONE(zone); } -isc_result_t -dns_zone_setaltxfrsource4(dns_zone_t *zone, - const isc_sockaddr_t *altxfrsource) { +void +dns_zone_setaltxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(xfrsource != NULL); LOCK_ZONE(zone); - zone->altxfrsource4 = *altxfrsource; + zone->altxfrsource4 = *xfrsource; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getaltxfrsource4(dns_zone_t *zone) { +void +dns_zone_getaltxfrsource4(dns_zone_t *zone, isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->altxfrsource4; + REQUIRE(xfrsource != NULL); + + LOCK_ZONE(zone); + *xfrsource = zone->altxfrsource4; + UNLOCK_ZONE(zone); } -isc_result_t -dns_zone_setaltxfrsource6(dns_zone_t *zone, - const isc_sockaddr_t *altxfrsource) { +void +dns_zone_setaltxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(xfrsource != NULL); LOCK_ZONE(zone); - zone->altxfrsource6 = *altxfrsource; + zone->altxfrsource6 = *xfrsource; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getaltxfrsource6(dns_zone_t *zone) { +void +dns_zone_getaltxfrsource6(dns_zone_t *zone, isc_sockaddr_t *xfrsource) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->altxfrsource6; + REQUIRE(xfrsource != NULL); + + LOCK_ZONE(zone); + *xfrsource = zone->altxfrsource6; + UNLOCK_ZONE(zone); } -isc_result_t +void dns_zone_setparentalsrc4(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc) { REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(parentalsrc != NULL); LOCK_ZONE(zone); zone->parentalsrc4 = *parentalsrc; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getparentalsrc4(dns_zone_t *zone) { +void +dns_zone_getparentalsrc4(dns_zone_t *zone, isc_sockaddr_t *parentalsrc) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->parentalsrc4; + REQUIRE(parentalsrc != NULL); + + LOCK_ZONE(zone); + *parentalsrc = zone->parentalsrc4; + UNLOCK_ZONE(zone); } -isc_result_t +void dns_zone_setparentalsrc6(dns_zone_t *zone, const isc_sockaddr_t *parentalsrc) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); zone->parentalsrc6 = *parentalsrc; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getparentalsrc6(dns_zone_t *zone) { +void +dns_zone_getparentalsrc6(dns_zone_t *zone, isc_sockaddr_t *parentalsrc) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->parentalsrc6; + REQUIRE(parentalsrc != NULL); + + LOCK_ZONE(zone); + *parentalsrc = zone->parentalsrc6; + UNLOCK_ZONE(zone); } -isc_result_t +void dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) { REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(notifysrc != NULL); LOCK_ZONE(zone); zone->notifysrc4 = *notifysrc; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getnotifysrc4(dns_zone_t *zone) { +void +dns_zone_getnotifysrc4(dns_zone_t *zone, isc_sockaddr_t *notifysrc) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->notifysrc4; + REQUIRE(notifysrc != NULL); + + LOCK_ZONE(zone); + *notifysrc = zone->notifysrc4; + UNLOCK_ZONE(zone); } -isc_result_t +void dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc) { REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(notifysrc != NULL); LOCK_ZONE(zone); zone->notifysrc6 = *notifysrc; UNLOCK_ZONE(zone); - - return ISC_R_SUCCESS; } -isc_sockaddr_t * -dns_zone_getnotifysrc6(dns_zone_t *zone) { +void +dns_zone_getnotifysrc6(dns_zone_t *zone, isc_sockaddr_t *notifysrc) { REQUIRE(DNS_ZONE_VALID(zone)); - return &zone->notifysrc6; + REQUIRE(notifysrc != NULL); + + LOCK_ZONE(zone); + *notifysrc = zone->notifysrc6; + UNLOCK_ZONE(zone); } static bool @@ -9819,7 +9990,7 @@ db, zone, name, node, version, build_nsec3, build_nsec, zone_keys[i], now, inception, expire, zone_nsecttl(zone), is_ksk, is_zsk, - (both && keyset_kskonly), is_bottom_of_zone, + both && keyset_kskonly, is_bottom_of_zone, zonediff.diff, &signatures, zone->mctx)); /* * If we are adding we are done. Look for other keys @@ -16095,8 +16266,8 @@ } isc_log_write(dns_lctx, category, DNS_LOGMODULE_ZONE, level, - "%s%s%s%s: %s", (prefix != NULL ? prefix : ""), - (prefix != NULL ? ": " : ""), zstr, zone->strnamerd, + "%s%s%s%s: %s", prefix != NULL ? prefix : "", + prefix != NULL ? ": " : "", zstr, zone->strnamerd, message); } @@ -20325,9 +20496,9 @@ case dns_dialuptype_no: break; case dns_dialuptype_yes: - DNS_ZONE_SETFLAG(zone, (DNS_ZONEFLG_DIALNOTIFY | - DNS_ZONEFLG_DIALREFRESH | - DNS_ZONEFLG_NOREFRESH)); + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY | + DNS_ZONEFLG_DIALREFRESH | + DNS_ZONEFLG_NOREFRESH); break; case dns_dialuptype_notify: DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY); @@ -20830,8 +21001,7 @@ result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); - if ((dnskey.flags & (DNS_KEYFLAG_OWNERMASK | - DNS_KEYTYPE_NOAUTH)) != DNS_KEYOWNER_ZONE) + if ((dnskey.flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) { ISC_LIST_UNLINK(diff->tuples, tuple, link); ISC_LIST_APPEND(tuples, tuple, link); @@ -21996,7 +22166,8 @@ } static isc_result_t -zone_verifykeys(dns_zone_t *zone, dns_dnsseckeylist_t *newkeys) { +zone_verifykeys(dns_zone_t *zone, dns_dnsseckeylist_t *newkeys, + uint32_t purgeval, isc_stdtime_t now) { dns_dnsseckey_t *key1, *key2, *next; /* @@ -22009,6 +22180,9 @@ if (dst_key_is_unused(key1->key)) { continue; } + if (dns_keymgr_key_may_be_purged(key1->key, purgeval, now)) { + continue; + } if (key1->purge) { continue; } @@ -22204,7 +22378,8 @@ if (kasp != NULL) { /* Verify new keys. */ - isc_result_t ret = zone_verifykeys(zone, &keys); + isc_result_t ret = zone_verifykeys( + zone, &keys, dns_kasp_purgekeys(kasp), now); if (ret != ISC_R_SUCCESS) { dnssec_log(zone, ISC_LOG_ERROR, "zone_rekey:zone_verifykeys failed: " @@ -22447,7 +22622,7 @@ CHECK(dns_diff_apply(&diff, db, ver)); CHECK(clean_nsec3param(zone, db, ver, &diff)); CHECK(add_signing_records(db, zone->privatetype, ver, - &diff, (newalg || fullsign))); + &diff, newalg || fullsign)); CHECK(update_soa_serial(zone, db, ver, &diff, mctx, zone->updatemethod)); CHECK(add_chains(zone, db, ver, &diff)); @@ -22848,6 +23023,7 @@ * record which must be by itself. */ if (dns_rdataset_isassociated(&cds)) { + bool logged_digest_type[DNS_DSDIGEST_MAX + 1] = { 0 }; bool delete = false; memset(algorithms, notexpected, sizeof(algorithms)); for (result = dns_rdataset_first(&cds); result == ISC_R_SUCCESS; @@ -22875,6 +23051,30 @@ } CHECK(dns_rdata_tostruct(&crdata, &structcds, NULL)); + + /* + * Log deprecated CDS digest types. + */ + switch (structcds.digest_type) { + case DNS_DSDIGEST_SHA1: + case DNS_DSDIGEST_GOST: + if (!logged_digest_type[structcds.digest_type]) + { + char algbuf[DNS_DSDIGEST_FORMATSIZE]; + dns_dsdigest_format( + structcds.digest_type, algbuf, + sizeof(algbuf)); + dnssec_log(zone, ISC_LOG_WARNING, + "deprecated CDS digest type " + "%u (%s)", + structcds.digest_type, + algbuf); + logged_digest_type[structcds.digest_type] = + true; + } + break; + } + if (algorithms[structcds.algorithm] == 0) { algorithms[structcds.algorithm] = expected; } @@ -23402,7 +23602,7 @@ isc_buffer_init(&b, kd->data, sizeof(kd->data)); isc_buffer_putuint8(&b, alg); isc_buffer_putuint8(&b, (keyid & 0xff00) >> 8); - isc_buffer_putuint8(&b, (keyid & 0xff)); + isc_buffer_putuint8(&b, keyid & 0xff); isc_buffer_putuint8(&b, 0); isc_buffer_putuint8(&b, 1); } @@ -24181,7 +24381,7 @@ "setserial: desired serial (%u) " "out of range (%u-%u)", desired, oldserial + 1, - (oldserial + 0x7fffffff)); + oldserial + 0x7fffffff); } goto failure; } diff -Nru bind9-9.18.33/lib/irs/Makefile.in bind9-9.18.41/lib/irs/Makefile.in --- bind9-9.18.33/lib/irs/Makefile.in 2025-01-20 13:40:38.771389691 +0000 +++ bind9-9.18.41/lib/irs/Makefile.in 2025-10-18 10:21:43.577315711 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -142,10 +144,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libirs_ladir)" LTLIBRARIES = $(lib_LTLIBRARIES) @@ -382,8 +383,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -577,15 +580,13 @@ done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libirs.la: $(libirs_la_OBJECTS) $(libirs_la_DEPENDENCIES) $(EXTRA_libirs_la_DEPENDENCIES) $(AM_V_CCLD)$(libirs_la_LINK) -rpath $(libdir) $(libirs_la_OBJECTS) $(libirs_la_LIBADD) $(LIBS) @@ -600,7 +601,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -780,8 +781,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -792,7 +793,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libirs_la-resconf.Plo + -rm -f ./$(DEPDIR)/libirs_la-resconf.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -842,7 +843,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libirs_la-resconf.Plo + -rm -f ./$(DEPDIR)/libirs_la-resconf.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -894,3 +895,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/irs/resconf.c bind9-9.18.41/lib/irs/resconf.c --- bind9-9.18.33/lib/irs/resconf.c 2025-01-20 13:39:31.294357534 +0000 +++ bind9-9.18.41/lib/irs/resconf.c 2025-10-18 10:21:03.172261950 +0000 @@ -247,7 +247,7 @@ goto cleanup; } address->length = (unsigned int)res->ai_addrlen; - memmove(&address->type.ss, res->ai_addr, res->ai_addrlen); + memmove(&address->type.sa, res->ai_addr, res->ai_addrlen); ISC_LINK_INIT(address, link); ISC_LIST_APPEND(*nameservers, address, link); diff -Nru bind9-9.18.33/lib/isc/Makefile.in bind9-9.18.41/lib/isc/Makefile.in --- bind9-9.18.33/lib/isc/Makefile.in 2025-01-20 13:40:38.881391424 +0000 +++ bind9-9.18.41/lib/isc/Makefile.in 2025-10-18 10:21:43.691318659 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -170,10 +172,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libisc_ladir)" LTLIBRARIES = $(lib_LTLIBRARIES) @@ -579,8 +580,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -875,21 +878,19 @@ done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} netmgr/$(am__dirstamp): @$(MKDIR_P) netmgr - @: > netmgr/$(am__dirstamp) + @: >>netmgr/$(am__dirstamp) netmgr/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) netmgr/$(DEPDIR) - @: > netmgr/$(DEPDIR)/$(am__dirstamp) + @: >>netmgr/$(DEPDIR)/$(am__dirstamp) netmgr/libisc_la-netmgr.lo: netmgr/$(am__dirstamp) \ netmgr/$(DEPDIR)/$(am__dirstamp) netmgr/libisc_la-tcp.lo: netmgr/$(am__dirstamp) \ @@ -1011,7 +1012,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -1787,10 +1788,10 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -rm -f netmgr/$(DEPDIR)/$(am__dirstamp) - -rm -f netmgr/$(am__dirstamp) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) netmgr/$(DEPDIR)/$(am__dirstamp) + -$(am__rm_f) netmgr/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -1801,7 +1802,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libisc_la-aes.Plo + -rm -f ./$(DEPDIR)/libisc_la-aes.Plo -rm -f ./$(DEPDIR)/libisc_la-app.Plo -rm -f ./$(DEPDIR)/libisc_la-assertions.Plo -rm -f ./$(DEPDIR)/libisc_la-astack.Plo @@ -1936,7 +1937,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libisc_la-aes.Plo + -rm -f ./$(DEPDIR)/libisc_la-aes.Plo -rm -f ./$(DEPDIR)/libisc_la-app.Plo -rm -f ./$(DEPDIR)/libisc_la-assertions.Plo -rm -f ./$(DEPDIR)/libisc_la-astack.Plo @@ -2073,3 +2074,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/isc/include/isc/attributes.h bind9-9.18.41/lib/isc/include/isc/attributes.h --- bind9-9.18.33/lib/isc/include/isc/attributes.h 2025-01-20 13:39:31.297357587 +0000 +++ bind9-9.18.41/lib/isc/include/isc/attributes.h 2025-10-18 10:21:03.175262030 +0000 @@ -82,3 +82,9 @@ #endif /* HAVE_FUNC_ATTRIBUTE_MALLOC */ #define ISC_ATTR_UNUSED __attribute__((__unused__)) + +#if __has_attribute(__nonnull__) +#define ISC_ATTR_NONNULL(...) __attribute__((__nonnull__(__VA_ARGS__))) +#else +#define ISC_ATTR_NONNULL(...) +#endif diff -Nru bind9-9.18.33/lib/isc/include/isc/random.h bind9-9.18.41/lib/isc/include/isc/random.h --- bind9-9.18.33/lib/isc/include/isc/random.h 2025-01-20 13:39:31.302357675 +0000 +++ bind9-9.18.41/lib/isc/include/isc/random.h 2025-10-18 10:21:03.180262163 +0000 @@ -20,7 +20,7 @@ #include /*! \file isc/random.h - * \brief Implements wrapper around a non-cryptographically secure + * \brief Implements wrapper around a cryptographically secure * pseudo-random number generator. * */ diff -Nru bind9-9.18.33/lib/isc/include/isc/sockaddr.h bind9-9.18.41/lib/isc/include/isc/sockaddr.h --- bind9-9.18.33/lib/isc/include/isc/sockaddr.h 2025-01-20 13:39:31.303357692 +0000 +++ bind9-9.18.41/lib/isc/include/isc/sockaddr.h 2025-10-18 10:21:03.181262190 +0000 @@ -29,11 +29,9 @@ */ struct isc_sockaddr { union { - struct sockaddr sa; - struct sockaddr_in sin; - struct sockaddr_in6 sin6; - struct sockaddr_storage ss; - struct sockaddr_un sunix; + struct sockaddr sa; + struct sockaddr_in sin; + struct sockaddr_in6 sin6; } type; unsigned int length; /* XXXRTH beginning? */ ISC_LINK(struct isc_sockaddr) link; diff -Nru bind9-9.18.33/lib/isc/mem.c bind9-9.18.41/lib/isc/mem.c --- bind9-9.18.33/lib/isc/mem.c 2025-01-20 13:39:31.306357745 +0000 +++ bind9-9.18.41/lib/isc/mem.c 2025-10-18 10:21:03.184262270 +0000 @@ -547,7 +547,7 @@ unsigned int i; ctx->debuglist = - mallocx((DEBUG_TABLE_COUNT * sizeof(debuglist_t)), + mallocx(DEBUG_TABLE_COUNT * sizeof(debuglist_t), ctx->jemalloc_flags); INSIST(ctx->debuglist != NULL); @@ -606,7 +606,7 @@ } sdallocx(ctx->debuglist, - (DEBUG_TABLE_COUNT * sizeof(debuglist_t)), + DEBUG_TABLE_COUNT * sizeof(debuglist_t), ctx->jemalloc_flags); decrement_malloced(ctx, DEBUG_TABLE_COUNT * sizeof(debuglist_t)); diff -Nru bind9-9.18.33/lib/isc/netaddr.c bind9-9.18.41/lib/isc/netaddr.c --- bind9-9.18.33/lib/isc/netaddr.c 2025-01-20 13:39:31.307357763 +0000 +++ bind9-9.18.41/lib/isc/netaddr.c 2025-10-18 10:21:03.185262297 +0000 @@ -348,10 +348,6 @@ memmove(&t->type.in6, &s->type.sin6.sin6_addr, 16); t->zone = s->type.sin6.sin6_scope_id; break; - case AF_UNIX: - memmove(t->type.un, s->type.sunix.sun_path, sizeof(t->type.un)); - t->zone = 0; - break; default: UNREACHABLE(); } diff -Nru bind9-9.18.33/lib/isc/netmgr/http.c bind9-9.18.41/lib/isc/netmgr/http.c --- bind9-9.18.33/lib/isc/netmgr/http.c 2025-01-20 13:39:31.307357763 +0000 +++ bind9-9.18.41/lib/isc/netmgr/http.c 2025-10-18 10:21:03.185262297 +0000 @@ -188,6 +188,10 @@ isc__nm_http_pending_callbacks_t pending_write_callbacks; isc_buffer_t *pending_write_data; + size_t data_in_flight; + + bool async_queued; + /* * The statistical values below are for usage on server-side * only. They are meant to detect clients that are taking too many @@ -230,7 +234,7 @@ #define HTTP_HANDLER_MAGIC ISC_MAGIC('H', 'T', 'H', 'L') #define VALID_HTTP_HANDLER(t) ISC_MAGIC_VALID(t, HTTP_HANDLER_MAGIC) -static bool +static void http_send_outgoing(isc_nm_http_session_t *session, isc_nmhandle_t *httphandle, isc_nm_cb_t cb, void *cbarg); @@ -1045,6 +1049,19 @@ return ISC_R_SUCCESS; } +static inline size_t +http_in_flight_data_size(isc_nm_http_session_t *session) { + size_t in_flight = 0; + + if (session->pending_write_data != NULL) { + in_flight += isc_buffer_usedlength(session->pending_write_data); + } + + in_flight += session->data_in_flight; + + return in_flight; +} + static ssize_t http_process_input_data(isc_nm_http_session_t *session, isc_buffer_t *input_data) { @@ -1096,13 +1113,14 @@ (session->received - session->processed); /* - * If there are non completed send requests in flight -let's - * not process any incoming data, as it could lead to piling - * up too much send data in send buffers. With many clients + * If there is too much outgoing data in flight - let's not + * process any incoming data, as it could lead to piling up + * too much send data in send buffers. With many clients * connected it can lead to excessive memory consumption on * the server instance. */ - if (session->sending > 0) { + const size_t in_flight = http_in_flight_data_size(session); + if (in_flight >= ISC_NETMGR_TCP_SENDBUF_SIZE) { break; } @@ -1271,7 +1289,10 @@ } isc_buffer_putmem(session->buf, region->base + readlen, unread_size); - isc_nm_pauseread(session->handle); + if (session->handle != NULL) { + INSIST(VALID_NMHANDLE(session->handle)); + isc_nm_pauseread(session->handle); + } http_do_bio_async(session); } else { /* We might have something to receive or send, do IO */ @@ -1314,6 +1335,8 @@ isc_nmhandle_detach(&req->httphandle); } + session->data_in_flight -= + isc_buffer_usedlength(req->pending_write_data); isc_buffer_free(&req->pending_write_data); session->processed += req->submitted; isc_mem_put(session->mctx, req, sizeof(*req)); @@ -1343,7 +1366,24 @@ ISC_LIST_INIT(session->pending_write_callbacks); } -static bool +static inline void +http_append_pending_send_request(isc_nm_http_session_t *session, + isc_nmhandle_t *httphandle, isc_nm_cb_t cb, + void *cbarg) { + REQUIRE(VALID_HTTP2_SESSION(session)); + REQUIRE(VALID_NMHANDLE(httphandle)); + REQUIRE(cb != NULL); + + isc__nm_uvreq_t *newcb = isc__nm_uvreq_get(httphandle->sock->mgr, + httphandle->sock); + + newcb->cb.send = cb; + newcb->cbarg = cbarg; + isc_nmhandle_attach(httphandle, &newcb->handle); + ISC_LIST_APPEND(session->pending_write_callbacks, newcb, link); +} + +static void http_send_outgoing(isc_nm_http_session_t *session, isc_nmhandle_t *httphandle, isc_nm_cb_t cb, void *cbarg) { isc_http_send_req_t *send = NULL; @@ -1354,11 +1394,26 @@ size_t max_total_write_size = 0; #endif /* ENABLE_HTTP_WRITE_BUFFERING */ - if (!http_session_active(session) || - (!nghttp2_session_want_write(session->ngsession) && - session->pending_write_data == NULL)) + if (!http_session_active(session)) { + if (cb != NULL) { + isc__nm_uvreq_t *req = isc__nm_uvreq_get( + httphandle->sock->mgr, httphandle->sock); + + req->cb.send = cb; + req->cbarg = cbarg; + isc_nmhandle_attach(httphandle, &req->handle); + isc__nm_sendcb(httphandle->sock, req, ISC_R_CANCELED, + true); + } + return; + } else if (!nghttp2_session_want_write(session->ngsession) && + session->pending_write_data == NULL) { - return false; + if (cb != NULL) { + http_append_pending_send_request(session, httphandle, + cb, cbarg); + } + return; } /* We need to attach to the session->handle earlier because as an @@ -1403,30 +1458,25 @@ /* Here we are trying to flush the pending writes buffer earlier * to avoid hitting unnecessary limitations on a TLS record size * within some tools (e.g. flamethrower). */ - if (max_total_write_size >= FLUSH_HTTP_WRITE_BUFFER_AFTER) { + if (cb != NULL) { + /* + * Case 0: The callback is specified, that means that a DNS + * message is ready. Let's flush the the buffer. + */ + total = max_total_write_size; + } else if (max_total_write_size >= FLUSH_HTTP_WRITE_BUFFER_AFTER) { /* Case 1: We have equal or more than * FLUSH_HTTP_WRITE_BUFFER_AFTER bytes to send. Let's flush it. */ total = max_total_write_size; } else if (session->sending > 0 && total > 0) { /* Case 2: There is one or more write requests in flight and - * we have some new data form nghttp2 to send. Let's put the - * write callback (if any) into the pending write callbacks - * list. Then let's return from the function: as soon as the + * we have some new data form nghttp2 to send. + * Then let's return from the function: as soon as the * "in-flight" write callback get's called or we have reached * FLUSH_HTTP_WRITE_BUFFER_AFTER bytes in the write buffer, we * will flush the buffer. */ - if (cb != NULL) { - isc__nm_uvreq_t *newcb = isc__nm_uvreq_get( - httphandle->sock->mgr, httphandle->sock); - - INSIST(VALID_NMHANDLE(httphandle)); - newcb->cb.send = cb; - newcb->cbarg = cbarg; - isc_nmhandle_attach(httphandle, &newcb->handle); - ISC_LIST_APPEND(session->pending_write_callbacks, newcb, - link); - } + INSIST(cb == NULL); goto nothing_to_send; } else if (session->sending == 0 && total == 0 && session->pending_write_data != NULL) @@ -1456,12 +1506,14 @@ (total == 0 && session->sending == 0) || (total > 0 && session->sending == 0)); } -#else - INSIST(ISC_LIST_EMPTY(session->pending_write_callbacks)); #endif /* ENABLE_HTTP_WRITE_BUFFERING */ if (total == 0) { /* No data returned */ + if (cb != NULL) { + http_append_pending_send_request(session, httphandle, + cb, cbarg); + } goto nothing_to_send; } @@ -1488,18 +1540,31 @@ session->sending++; isc_buffer_usedregion(send->pending_write_data, &send_data); + session->data_in_flight += send_data.length; isc_nm_send(transphandle, &send_data, http_writecb, send); - return true; + return; nothing_to_send: isc_nmhandle_detach(&transphandle); - return false; } static inline bool http_too_many_active_streams(isc_nm_http_session_t *session) { const uint64_t active_streams = session->received - session->processed; - const uint64_t max_active_streams = ISC_MIN( - STREAM_CLIENTS_PER_CONN, session->max_concurrent_streams); + /* + * The motivation behind capping the maximum active streams number + * to a third of maximum streams is to allow the value to scale + * with the max number of streams. + * + * We do not want to have too many active streams at once as every + * stream is processed as a separate virtual connection by the + * higher level code. If a client sends a bulk of requests without + * waiting for the previous ones to complete we might want to + * throttle it as it might be not a friend knocking at the + * door. We already have some job to do for it. + */ + const uint64_t max_active_streams = + ISC_MAX(STREAM_CLIENTS_PER_CONN, + (session->max_concurrent_streams * 6) / 10); /* 60% */ if (session->client) { return false; @@ -1519,10 +1584,12 @@ static void http_do_bio(isc_nm_http_session_t *session, isc_nmhandle_t *send_httphandle, isc_nm_cb_t send_cb, void *send_cbarg) { + isc__nm_uvreq_t *req = NULL; + size_t remaining = 0; REQUIRE(VALID_HTTP2_SESSION(session)); if (session->closed) { - return; + goto cancel; } else if (session->closing) { /* * There might be leftover callbacks waiting to be received @@ -1530,23 +1597,24 @@ if (session->sending == 0) { finish_http_session(session); } - return; - } - - if (send_cb != NULL) { - INSIST(VALID_NMHANDLE(send_httphandle)); - (void)http_send_outgoing(session, send_httphandle, send_cb, - send_cbarg); - return; + goto cancel; + } else if (nghttp2_session_want_read(session->ngsession) == 0 && + nghttp2_session_want_write(session->ngsession) == 0 && + session->pending_write_data == NULL) + { + session->closing = true; + if (session->handle != NULL) { + isc_nm_pauseread(session->handle); + } + if (session->sending == 0) { + finish_http_session(session); + } + goto cancel; } - INSIST(send_httphandle == NULL); - INSIST(send_cb == NULL); - INSIST(send_cbarg == NULL); - - if (session->pending_write_data != NULL && session->sending == 0) { - (void)http_send_outgoing(session, NULL, NULL, NULL); - return; + else if (session->buf != NULL) + { + remaining = isc_buffer_remaininglength(session->buf); } if (nghttp2_session_want_read(session->ngsession) != 0) { @@ -1555,9 +1623,7 @@ isc__nmsocket_timer_start(session->handle->sock); isc_nm_read(session->handle, http_readcb, session); session->reading = true; - } else if (session->buf != NULL) { - size_t remaining = - isc_buffer_remaininglength(session->buf); + } else if (session->buf != NULL && remaining > 0) { /* Leftover data in the buffer, use it */ size_t remaining_after = 0; ssize_t readlen = 0; @@ -1581,8 +1647,12 @@ http_log_flooding_peer(session); failed_read_cb(ISC_R_RANGE, session); } else if ((size_t)readlen == remaining) { - isc_buffer_free(&session->buf); - http_do_bio(session, NULL, NULL, NULL); + isc_buffer_clear(session->buf); + isc_buffer_compact(session->buf); + http_do_bio(session, send_httphandle, send_cb, + send_cbarg); + isc__nm_httpsession_detach(&tmpsess); + return; } else if (remaining_after > 0 && remaining_after < remaining) { @@ -1599,38 +1669,36 @@ * it and that could overwhelm the server. */ http_do_bio_async(session); - } else { - (void)http_send_outgoing(session, NULL, NULL, - NULL); } - isc__nm_httpsession_detach(&tmpsess); - return; - } else { + } else if (session->handle != NULL) { + INSIST(VALID_NMHANDLE(session->handle)); /* Resume reading, it's idempotent, wait for more */ isc_nm_resumeread(session->handle); isc__nmsocket_timer_start(session->handle->sock); } - } else { + } else if (session->handle != NULL) { + INSIST(VALID_NMHANDLE(session->handle)); /* We don't want more data, stop reading for now */ isc_nm_pauseread(session->handle); } /* we might have some data to send after processing */ - (void)http_send_outgoing(session, NULL, NULL, NULL); + http_send_outgoing(session, send_httphandle, send_cb, send_cbarg); - if (nghttp2_session_want_read(session->ngsession) == 0 && - nghttp2_session_want_write(session->ngsession) == 0 && - session->pending_write_data == NULL) - { - session->closing = true; - isc_nm_pauseread(session->handle); - if (session->sending == 0) { - finish_http_session(session); - } + return; + +cancel: + if (send_cb == NULL) { + return; } + req = isc__nm_uvreq_get(send_httphandle->sock->mgr, + send_httphandle->sock); - return; + req->cb.send = send_cb; + req->cbarg = send_cbarg; + isc_nmhandle_attach(send_httphandle, &req->handle); + isc__nm_sendcb(send_httphandle->sock, req, ISC_R_CANCELED, true); } static void @@ -1639,6 +1707,8 @@ REQUIRE(VALID_HTTP2_SESSION(session)); + session->async_queued = false; + if (session->handle != NULL && !isc__nmsocket_closing(session->handle->sock)) { @@ -1655,10 +1725,12 @@ REQUIRE(VALID_HTTP2_SESSION(session)); if (session->handle == NULL || - isc__nmsocket_closing(session->handle->sock)) + isc__nmsocket_closing(session->handle->sock) || + session->async_queued) { return; } + session->async_queued = true; isc__nm_httpsession_attach(session, &tmpsess); isc__nm_async_run( &session->handle->sock->mgr->workers[session->handle->sock->tid], diff -Nru bind9-9.18.33/lib/isc/netmgr/netmgr-int.h bind9-9.18.41/lib/isc/netmgr/netmgr-int.h --- bind9-9.18.33/lib/isc/netmgr/netmgr-int.h 2025-01-20 13:39:31.308357780 +0000 +++ bind9-9.18.41/lib/isc/netmgr/netmgr-int.h 2025-10-18 10:21:03.186262324 +0000 @@ -392,16 +392,11 @@ int connect_tries; /* connect retries */ union { - uv_handle_t handle; uv_req_t req; - uv_getaddrinfo_t getaddrinfo; - uv_getnameinfo_t getnameinfo; - uv_shutdown_t shutdown; + uv_handle_t handle; uv_write_t write; uv_connect_t connect; uv_udp_send_t udp_send; - uv_fs_t fs; - uv_work_t work; } uv_req; ISC_LINK(isc__nm_uvreq_t) link; }; diff -Nru bind9-9.18.33/lib/isc/netmgr/tlsdns.c bind9-9.18.41/lib/isc/netmgr/tlsdns.c --- bind9-9.18.33/lib/isc/netmgr/tlsdns.c 2025-01-20 13:39:31.309357798 +0000 +++ bind9-9.18.41/lib/isc/netmgr/tlsdns.c 2025-10-18 10:21:03.187262351 +0000 @@ -1086,20 +1086,8 @@ if (sock->tls.state == TLS_STATE_IO) { size_t len; + /* 1. Decrypt the incoming data */ for (;;) { - /* - * There is a similar branch in - * isc__nm_process_sock_buffer() which is sufficient to - * stop excessive processing in TCP. However, as we wrap - * this call in a loop, we need to have it here in order - * to limit the number of loop iterations (and, - * consequently, the number of messages processed). - */ - if (atomic_load(&sock->ah) >= STREAM_CLIENTS_PER_CONN) { - isc__nm_stop_reading(sock); - break; - } - (void)SSL_peek(sock->tls.tls, &(char){ '\0' }, 0); int pending = SSL_pending(sock->tls.tls); @@ -1120,34 +1108,22 @@ sock->buf_size - sock->buf_len, &len); if (rv != 1) { - /* - * Process what's in the buffer so far - */ - result = isc__nm_process_sock_buffer( - sock); - if (result != ISC_R_SUCCESS) { - goto failure; - } - /* - * FIXME: Should we call - * isc__nm_failed_read_cb()? - */ break; } INSIST((size_t)pending == len); sock->buf_len += len; - } - result = isc__nm_process_sock_buffer(sock); - if (result != ISC_R_SUCCESS) { - goto failure; - } - - if (pending == 0) { + } else { break; } } + + /* 2. Process the incoming data */ + result = isc__nm_process_sock_buffer(sock); + if (result != ISC_R_SUCCESS) { + goto failure; + } } else if (!SSL_is_init_finished(sock->tls.tls)) { if (SSL_is_server(sock->tls.tls)) { rv = SSL_accept(sock->tls.tls); diff -Nru bind9-9.18.33/lib/isc/os.c bind9-9.18.41/lib/isc/os.c --- bind9-9.18.33/lib/isc/os.c 2025-01-20 13:39:31.310357815 +0000 +++ bind9-9.18.41/lib/isc/os.c 2025-10-18 10:21:03.188262377 +0000 @@ -87,8 +87,9 @@ int i, n = 0; for (i = 0; i < CPU_SETSIZE; ++i) { - if (CPU_ISSET(i, &cpus)) + if (CPU_ISSET(i, &cpus)) { ++n; + } } return n; #endif @@ -115,8 +116,9 @@ if (result != -1) { int i, n = 0; for (i = 0; i < CPU_SETSIZE; ++i) { - if (CPU_ISSET(i, &cpus)) + if (CPU_ISSET(i, &cpus)) { ++n; + } } return n; } diff -Nru bind9-9.18.33/lib/isc/picohttpparser.c bind9-9.18.41/lib/isc/picohttpparser.c --- bind9-9.18.33/lib/isc/picohttpparser.c 2025-01-20 13:39:31.310357815 +0000 +++ bind9-9.18.41/lib/isc/picohttpparser.c 2025-10-18 10:21:03.188262377 +0000 @@ -612,8 +612,9 @@ case CHUNKED_IN_CHUNK_SIZE: for (;; ++src) { int v; - if (src == bufsz) + if (src == bufsz) { goto Exit; + } if ((v = decode_hex(buf[src])) == -1) { if (decoder->_hex_count == 0) { ret = -1; @@ -650,10 +651,12 @@ /* RFC 7230 A.2 "Line folding in chunk extensions is * disallowed" */ for (;; ++src) { - if (src == bufsz) + if (src == bufsz) { goto Exit; - if (buf[src] == '\012') + } + if (buf[src] == '\012') { break; + } } ++src; if (decoder->bytes_left_in_chunk == 0) { @@ -670,16 +673,18 @@ case CHUNKED_IN_CHUNK_DATA: { size_t avail = bufsz - src; if (avail < decoder->bytes_left_in_chunk) { - if (dst != src) + if (dst != src) { memmove(buf + dst, buf + src, avail); + } src += avail; dst += avail; decoder->bytes_left_in_chunk -= avail; goto Exit; } - if (dst != src) + if (dst != src) { memmove(buf + dst, buf + src, decoder->bytes_left_in_chunk); + } src += decoder->bytes_left_in_chunk; dst += decoder->bytes_left_in_chunk; decoder->bytes_left_in_chunk = 0; @@ -688,10 +693,12 @@ /* fallthru */ case CHUNKED_IN_CHUNK_CRLF: for (;; ++src) { - if (src == bufsz) + if (src == bufsz) { goto Exit; - if (buf[src] != '\015') + } + if (buf[src] != '\015') { break; + } } if (buf[src] != '\012') { ret = -1; @@ -702,21 +709,26 @@ break; case CHUNKED_IN_TRAILERS_LINE_HEAD: for (;; ++src) { - if (src == bufsz) + if (src == bufsz) { goto Exit; - if (buf[src] != '\015') + } + if (buf[src] != '\015') { break; + } } - if (buf[src++] == '\012') + if (buf[src++] == '\012') { goto Complete; + } decoder->_state = CHUNKED_IN_TRAILERS_LINE_MIDDLE; /* fallthru */ case CHUNKED_IN_TRAILERS_LINE_MIDDLE: for (;; ++src) { - if (src == bufsz) + if (src == bufsz) { goto Exit; - if (buf[src] == '\012') + } + if (buf[src] == '\012') { break; + } } ++src; decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD; @@ -729,8 +741,9 @@ Complete: ret = bufsz - src; Exit: - if (dst != src) + if (dst != src) { memmove(buf + dst, buf + src, bufsz - src); + } *_bufsz = dst; /* if incomplete but the overhead of the chunked encoding is >=100KB and * >80%, signal an error */ @@ -739,7 +752,9 @@ if (decoder->_total_overhead >= 100 * 1024 && decoder->_total_read - decoder->_total_overhead < decoder->_total_read / 4) + { ret = -1; + } } return ret; } diff -Nru bind9-9.18.33/lib/isc/quota.c bind9-9.18.41/lib/isc/quota.c --- bind9-9.18.33/lib/isc/quota.c 2025-01-20 13:39:31.311357833 +0000 +++ bind9-9.18.41/lib/isc/quota.c 2025-10-18 10:21:03.189262404 +0000 @@ -42,25 +42,24 @@ REQUIRE(VALID_QUOTA(quota)); quota->magic = 0; - INSIST(atomic_load("a->used) == 0); - INSIST(atomic_load("a->waiting) == 0); + INSIST(atomic_load_acquire("a->used) == 0); + INSIST(atomic_load_acquire("a->waiting) == 0); INSIST(ISC_LIST_EMPTY(quota->cbs)); - atomic_store_release("a->max, 0); - atomic_store_release("a->used, 0); - atomic_store_release("a->soft, 0); + atomic_store_relaxed("a->max, 0); + atomic_store_relaxed("a->soft, 0); isc_mutex_destroy("a->cblock); } void isc_quota_soft(isc_quota_t *quota, unsigned int soft) { REQUIRE(VALID_QUOTA(quota)); - atomic_store_release("a->soft, soft); + atomic_store_relaxed("a->soft, soft); } void isc_quota_max(isc_quota_t *quota, unsigned int max) { REQUIRE(VALID_QUOTA(quota)); - atomic_store_release("a->max, max); + atomic_store_relaxed("a->max, max); } unsigned int @@ -78,14 +77,14 @@ unsigned int isc_quota_getused(isc_quota_t *quota) { REQUIRE(VALID_QUOTA(quota)); - return atomic_load_relaxed("a->used); + return atomic_load_acquire("a->used); } static isc_result_t quota_reserve(isc_quota_t *quota) { isc_result_t result; - uint_fast32_t max = atomic_load_acquire("a->max); - uint_fast32_t soft = atomic_load_acquire("a->soft); + uint_fast32_t max = atomic_load_relaxed("a->max); + uint_fast32_t soft = atomic_load_relaxed("a->soft); uint_fast32_t used = atomic_load_acquire("a->used); do { if (max != 0 && used >= max) { @@ -106,6 +105,7 @@ enqueue(isc_quota_t *quota, isc_quota_cb_t *cb) { REQUIRE(cb != NULL); ISC_LIST_ENQUEUE(quota->cbs, cb, link); + /* No need for acquire; the lock protects from other writers. */ atomic_fetch_add_release("a->waiting, 1); } @@ -115,7 +115,8 @@ isc_quota_cb_t *cb = ISC_LIST_HEAD(quota->cbs); INSIST(cb != NULL); ISC_LIST_DEQUEUE(quota->cbs, cb, link); - atomic_fetch_sub_relaxed("a->waiting, 1); + /* No need for acquire; the lock protects from other writers. */ + atomic_fetch_sub_release("a->waiting, 1); return cb; } @@ -133,6 +134,7 @@ if (atomic_load_acquire("a->waiting) > 0) { isc_quota_cb_t *cb = NULL; LOCK("a->cblock); + /* No need for acquire; the lock protects from other writers. */ if (atomic_load_relaxed("a->waiting) > 0) { cb = dequeue(quota); } @@ -143,7 +145,7 @@ } } - used = atomic_fetch_sub_release("a->used, 1); + used = atomic_fetch_sub_acq_rel("a->used, 1); INSIST(used > 0); } diff -Nru bind9-9.18.33/lib/isc/radix.c bind9-9.18.41/lib/isc/radix.c --- bind9-9.18.33/lib/isc/radix.c 2025-01-20 13:39:31.311357833 +0000 +++ bind9-9.18.41/lib/isc/radix.c 2025-10-18 10:21:03.189262404 +0000 @@ -398,7 +398,7 @@ } /* I know the better way, but for now. */ for (j = 0; j < 8; j++) { - if (BIT_TEST(r, (0x80 >> j))) { + if (BIT_TEST(r, 0x80 >> j)) { break; } } diff -Nru bind9-9.18.33/lib/isc/random.c bind9-9.18.41/lib/isc/random.c --- bind9-9.18.33/lib/isc/random.c 2025-01-20 13:39:31.311357833 +0000 +++ bind9-9.18.41/lib/isc/random.c 2025-10-18 10:21:03.189262404 +0000 @@ -31,176 +31,135 @@ */ #include -#include -#include -#include +#include -#include +#include #include -#include #include -#include #include #include "entropy_private.h" -/* - * The specific implementation for PRNG is included as a C file - * that has to provide a static variable named seed, and a function - * uint32_t next(void) that provides next random number. - * - * The implementation must be thread-safe. - */ - -/* - * Two contestants have been considered: the xoroshiro family of the - * functions by Villa&Blackman, and PCG by O'Neill. After - * consideration, the xoshiro128starstar function has been chosen as - * the uint32_t random number provider because it is very fast and has - * good enough properties for our usage pattern. - */ - -/* - * Written in 2018 by David Blackman and Sebastiano Vigna (vigna@acm.org) - * - * To the extent possible under law, the author has dedicated all - * copyright and related and neighboring rights to this software to the - * public domain worldwide. This software is distributed without any - * warranty. - * - * See . - */ +#define ISC_RANDOM_BUFSIZE (ISC_OS_CACHELINE_SIZE / sizeof(uint32_t)) -/* - * This is xoshiro128** 1.0, our 32-bit all-purpose, rock-solid generator. - * It has excellent (sub-ns) speed, a state size (128 bits) that is large - * enough for mild parallelism, and it passes all tests we are aware of. - * - * For generating just single-precision (i.e., 32-bit) floating-point - * numbers, xoshiro128+ is even faster. - * - * The state must be seeded so that it is not everywhere zero. - */ -static thread_local uint32_t seed[4] = { 0 }; - -static uint32_t -rotl(const uint32_t x, int k) { - return (x << k) | (x >> (32 - k)); -} +thread_local static uint32_t isc__random_pool[ISC_RANDOM_BUFSIZE]; +thread_local static size_t isc__random_pos = ISC_RANDOM_BUFSIZE; static uint32_t -next(void) { - uint32_t result_starstar, t; - - result_starstar = rotl(seed[0] * 5, 7) * 9; - t = seed[1] << 9; - - seed[2] ^= seed[0]; - seed[3] ^= seed[1]; - seed[1] ^= seed[2]; - seed[0] ^= seed[3]; - - seed[2] ^= t; - - seed[3] = rotl(seed[3], 11); - - return result_starstar; -} - -static thread_local isc_once_t isc_random_once = ISC_ONCE_INIT; - -static void -isc_random_initialize(void) { - int useed[4] = { 0, 0, 0, 1 }; +random_u32(void) { #if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* - * Set a constant seed to help in problem reproduction should fuzzing - * find a crash or a hang. The seed array must be non-zero else - * xoshiro128starstar will generate an infinite series of zeroes. + * A fixed stream of numbers helps with problem reproduction when + * fuzzing. The first result needs to be non-zero as expected by + * random_test.c (it starts with ISC_RANDOM_BUFSIZE, see above). */ -#else /* if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ - isc_entropy_get(useed, sizeof(useed)); + return (uint32_t)(isc__random_pos++); #endif /* if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ - memmove(seed, useed, sizeof(seed)); + + if (isc__random_pos == ISC_RANDOM_BUFSIZE) { + isc_entropy_get(isc__random_pool, sizeof(isc__random_pool)); + isc__random_pos = 0; + } + + return isc__random_pool[isc__random_pos++]; } uint8_t isc_random8(void) { - RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) == - ISC_R_SUCCESS); - return next() & 0xff; + return (uint8_t)random_u32(); } uint16_t isc_random16(void) { - RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) == - ISC_R_SUCCESS); - return next() & 0xffff; + return (uint16_t)random_u32(); } uint32_t isc_random32(void) { - RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) == - ISC_R_SUCCESS); - return next(); + return random_u32(); } void isc_random_buf(void *buf, size_t buflen) { - int i; - uint32_t r; - - REQUIRE(buf != NULL); - REQUIRE(buflen > 0); - - RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) == - ISC_R_SUCCESS); + REQUIRE(buflen == 0 || buf != NULL); - for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) { - r = next(); - memmove((uint8_t *)buf + i, &r, sizeof(r)); + if (buf == NULL || buflen == 0) { + return; } - r = next(); - memmove((uint8_t *)buf + i, &r, buflen % sizeof(r)); - return; + + isc_entropy_get(buf, buflen); } uint32_t -isc_random_uniform(uint32_t upper_bound) { - /* Copy of arc4random_uniform from OpenBSD */ - uint32_t r, min; - - RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) == - ISC_R_SUCCESS); - - if (upper_bound < 2) { - return 0; - } - -#if (ULONG_MAX > 0xffffffffUL) - min = 0x100000000UL % upper_bound; -#else /* if (ULONG_MAX > 0xffffffffUL) */ - /* Calculate (2**32 % upper_bound) avoiding 64-bit math */ - if (upper_bound > 0x80000000) { - min = 1 + ~upper_bound; /* 2**32 - upper_bound */ - } else { - /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */ - min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound; - } -#endif /* if (ULONG_MAX > 0xffffffffUL) */ - +isc_random_uniform(uint32_t limit) { + /* + * Daniel Lemire's nearly-divisionless unbiased bounded random numbers. + * + * https://lemire.me/blog/?p=17551 + * + * The raw random number generator `next()` returns a 32-bit value. + * We do a 64-bit multiply `next() * limit` and treat the product as a + * 32.32 fixed-point value less than the limit. Our result will be the + * integer part (upper 32 bits), and we will use the fraction part + * (lower 32 bits) to determine whether or not we need to resample. + */ + uint64_t num = (uint64_t)random_u32() * (uint64_t)limit; /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. + * In the fast path, we avoid doing a division in most cases by + * comparing the fraction part of `num` with the limit, which is + * a slight over-estimate for the exact resample threshold. */ - for (;;) { - r = next(); - if (r >= min) { - break; + if ((uint32_t)(num) < limit) { + /* + * We are in the slow path where we re-do the approximate test + * more accurately. The exact threshold for the resample loop + * is the remainder after dividing the raw RNG limit `1 << 32` + * by the caller's limit. We use a trick to calculate it + * within 32 bits: + * + * (1 << 32) % limit + * == ((1 << 32) - limit) % limit + * == (uint32_t)(-limit) % limit + * + * This division is safe: we know that `limit` is strictly + * greater than zero because of the slow-path test above. + */ + uint32_t residue = (uint32_t)(-limit) % limit; + /* + * Unless we get one of `N = (1 << 32) - residue` valid + * values, we reject the sample. This `N` is a multiple of + * `limit`, so our results will be unbiased; and `N` is the + * largest multiple that fits in 32 bits, so rejections are as + * rare as possible. + * + * There are `limit` possible values for the integer part of + * our fixed-point number. Each one corresponds to `N/limit` + * or `N/limit + 1` possible fraction parts. For our result to + * be unbiased, every possible integer part must have the same + * number of possible valid fraction parts. So, when we get + * the superfluous value in the `N/limit + 1` cases, we need + * to reject and resample. + * + * Because of the multiplication, the possible values in the + * fraction part are equally spaced by `limit`, with varying + * gaps at each end of the fraction's 32-bit range. We will + * choose a range of size `N` (a multiple of `limit`) into + * which valid fraction values must fall, with the rest of the + * 32-bit range covered by the `residue`. Lemire's paper says + * that exactly `N/limit` possible values spaced apart by + * `limit` will fit into our size `N` valid range, regardless + * of the size of the end gaps, the phase alignment of the + * values, or the position of the range. + * + * So, when a fraction value falls in the `residue` outside + * our valid range, it is superfluous, and we resample. + */ + while ((uint32_t)(num) < residue) { + num = (uint64_t)random_u32() * (uint64_t)limit; } } - - return r % upper_bound; + /* + * Return the integer part (upper 32 bits). + */ + return (uint32_t)(num >> 32); } diff -Nru bind9-9.18.33/lib/isc/result.c bind9-9.18.41/lib/isc/result.c --- bind9-9.18.33/lib/isc/result.c 2025-01-20 13:39:31.312357851 +0000 +++ bind9-9.18.41/lib/isc/result.c 2025-10-18 10:21:03.189262404 +0000 @@ -521,13 +521,13 @@ [ISCCC_R_MAXDEPTH] = "ISCCC_R_MAXDEPTH", }; -STATIC_ASSERT((DNS_R_SERVFAIL - DNS_R_NOERROR == 2), +STATIC_ASSERT(DNS_R_SERVFAIL - DNS_R_NOERROR == 2, "DNS_R_NOERROR has wrong value"); -STATIC_ASSERT((DNS_R_BADVERS - DNS_R_NOERROR == 16), +STATIC_ASSERT(DNS_R_BADVERS - DNS_R_NOERROR == 16, "DNS_R_BADVERS has wrong value"); -STATIC_ASSERT((ISC_R_NRESULTS < INT32_MAX), "result.h enum too big"); +STATIC_ASSERT(ISC_R_NRESULTS < INT32_MAX, "result.h enum too big"); const char * isc_result_totext(isc_result_t result) { diff -Nru bind9-9.18.33/lib/isc/rwlock.c bind9-9.18.41/lib/isc/rwlock.c --- bind9-9.18.33/lib/isc/rwlock.c 2025-01-20 13:39:31.312357851 +0000 +++ bind9-9.18.41/lib/isc/rwlock.c 2025-10-18 10:21:03.190262431 +0000 @@ -182,7 +182,7 @@ "cnt_and_flag=0x%x, readers_waiting=%u, " "write_granted=%u, write_quota=%u\n", rwl, isc_thread_self(), operation, - (type == isc_rwlocktype_read ? "read" : "write"), + type == isc_rwlocktype_read ? "read" : "write", atomic_load_acquire(&rwl->write_requests), atomic_load_acquire(&rwl->write_completions), atomic_load_acquire(&rwl->cnt_and_flag), rwl->readers_waiting, @@ -305,7 +305,7 @@ static isc_result_t isc__rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - int32_t cntflag; + int_fast32_t cntflag; REQUIRE(VALID_RWLOCK(rwl)); @@ -383,7 +383,7 @@ */ atomic_store_release(&rwl->write_granted, 0); } else { - int32_t prev_writer; + int_fast32_t prev_writer; /* enter the waiting queue, and wait for our turn */ prev_writer = atomic_fetch_add_release(&rwl->write_requests, 1); @@ -427,9 +427,9 @@ isc_result_t isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - int32_t cnt = 0; - int32_t spins = atomic_load_acquire(&rwl->spins) * 2 + 10; - int32_t max_cnt = ISC_MAX(spins, RWLOCK_MAX_ADAPTIVE_COUNT); + int_fast32_t cnt = 0; + int_fast32_t spins = atomic_load_acquire(&rwl->spins) * 2 + 10; + int_fast32_t max_cnt = ISC_MAX(spins, RWLOCK_MAX_ADAPTIVE_COUNT); isc_result_t result = ISC_R_SUCCESS; do { @@ -447,7 +447,7 @@ isc_result_t isc_rwlock_trylock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - int32_t cntflag; + int_fast32_t cntflag; REQUIRE(VALID_RWLOCK(rwl)); @@ -544,7 +544,7 @@ void isc_rwlock_downgrade(isc_rwlock_t *rwl) { - int32_t prev_readers; + int_fast32_t prev_readers; REQUIRE(VALID_RWLOCK(rwl)); @@ -568,7 +568,7 @@ isc_result_t isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - int32_t prev_cnt; + int_fast32_t prev_cnt; REQUIRE(VALID_RWLOCK(rwl)); diff -Nru bind9-9.18.33/lib/isc/sockaddr.c bind9-9.18.41/lib/isc/sockaddr.c --- bind9-9.18.33/lib/isc/sockaddr.c 2025-01-20 13:39:31.312357851 +0000 +++ bind9-9.18.41/lib/isc/sockaddr.c 2025-10-18 10:21:03.190262431 +0000 @@ -137,24 +137,7 @@ ntohs(sockaddr->type.sin6.sin6_port)); break; case AF_UNIX: - plen = strlen(sockaddr->type.sunix.sun_path); - if (plen >= isc_buffer_availablelength(target)) { - return ISC_R_NOSPACE; - } - - isc_buffer_putmem( - target, - (const unsigned char *)sockaddr->type.sunix.sun_path, - plen); - - /* - * Null terminate after used region. - */ - isc_buffer_availableregion(target, &avail); - INSIST(avail.length >= 1); - avail.base[0] = '\0'; - - return ISC_R_SUCCESS; + return ISC_R_NOTIMPLEMENTED; default: return ISC_R_FAILURE; } @@ -461,16 +444,9 @@ } isc_result_t -isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path) { - if (strlen(path) >= sizeof(sockaddr->type.sunix.sun_path)) { - return ISC_R_NOSPACE; - } - memset(sockaddr, 0, sizeof(*sockaddr)); - sockaddr->length = sizeof(sockaddr->type.sunix); - sockaddr->type.sunix.sun_family = AF_UNIX; - strlcpy(sockaddr->type.sunix.sun_path, path, - sizeof(sockaddr->type.sunix.sun_path)); - return ISC_R_SUCCESS; +isc_sockaddr_frompath(isc_sockaddr_t *sockaddr ISC_ATTR_UNUSED, + const char *path ISC_ATTR_UNUSED) { + return ISC_R_NOTIMPLEMENTED; } isc_result_t @@ -485,8 +461,7 @@ length = sizeof(isa->type.sin6); break; case AF_UNIX: - length = sizeof(isa->type.sunix); - break; + return ISC_R_NOTIMPLEMENTED; default: return ISC_R_NOTIMPLEMENTED; } diff -Nru bind9-9.18.33/lib/isc/string.c bind9-9.18.41/lib/isc/string.c --- bind9-9.18.33/lib/isc/string.c 2025-01-20 13:39:31.312357851 +0000 +++ bind9-9.18.41/lib/isc/string.c 2025-10-18 10:21:03.190262431 +0000 @@ -125,11 +125,13 @@ len = strlen(find); do { do { - if (slen-- < 1 || (sc = *s++) == '\0') + if (slen-- < 1 || (sc = *s++) == '\0') { return NULL; + } } while (sc != c); - if (len > slen) + if (len > slen) { return NULL; + } } while (strncmp(s, find, len) != 0); s--; } diff -Nru bind9-9.18.33/lib/isccc/Makefile.in bind9-9.18.41/lib/isccc/Makefile.in --- bind9-9.18.33/lib/isccc/Makefile.in 2025-01-20 13:40:38.914391943 +0000 +++ bind9-9.18.41/lib/isccc/Makefile.in 2025-10-18 10:21:43.726319564 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -142,10 +144,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libisccc_ladir)" LTLIBRARIES = $(lib_LTLIBRARIES) @@ -388,8 +389,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -594,15 +597,13 @@ done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libisccc.la: $(libisccc_la_OBJECTS) $(libisccc_la_DEPENDENCIES) $(EXTRA_libisccc_la_DEPENDENCIES) $(AM_V_CCLD)$(libisccc_la_LINK) -rpath $(libdir) $(libisccc_la_OBJECTS) $(libisccc_la_LIBADD) $(LIBS) @@ -622,7 +623,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -837,8 +838,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -849,7 +850,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libisccc_la-alist.Plo + -rm -f ./$(DEPDIR)/libisccc_la-alist.Plo -rm -f ./$(DEPDIR)/libisccc_la-base64.Plo -rm -f ./$(DEPDIR)/libisccc_la-cc.Plo -rm -f ./$(DEPDIR)/libisccc_la-ccmsg.Plo @@ -904,7 +905,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libisccc_la-alist.Plo + -rm -f ./$(DEPDIR)/libisccc_la-alist.Plo -rm -f ./$(DEPDIR)/libisccc_la-base64.Plo -rm -f ./$(DEPDIR)/libisccc_la-cc.Plo -rm -f ./$(DEPDIR)/libisccc_la-ccmsg.Plo @@ -961,3 +962,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/isccfg/Makefile.in bind9-9.18.41/lib/isccfg/Makefile.in --- bind9-9.18.33/lib/isccfg/Makefile.in 2025-01-20 13:40:38.946392448 +0000 +++ bind9-9.18.41/lib/isccfg/Makefile.in 2025-10-18 10:21:43.761320469 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -142,10 +144,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libisccfg_ladir)" LTLIBRARIES = $(lib_LTLIBRARIES) @@ -390,8 +391,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -595,15 +598,13 @@ done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libisccfg.la: $(libisccfg_la_OBJECTS) $(libisccfg_la_DEPENDENCIES) $(EXTRA_libisccfg_la_DEPENDENCIES) $(AM_V_CCLD)$(libisccfg_la_LINK) -rpath $(libdir) $(libisccfg_la_OBJECTS) $(libisccfg_la_LIBADD) $(LIBS) @@ -624,7 +625,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -846,8 +847,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -858,7 +859,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libisccfg_la-aclconf.Plo + -rm -f ./$(DEPDIR)/libisccfg_la-aclconf.Plo -rm -f ./$(DEPDIR)/libisccfg_la-dnsconf.Plo -rm -f ./$(DEPDIR)/libisccfg_la-duration.Plo -rm -f ./$(DEPDIR)/libisccfg_la-kaspconf.Plo @@ -914,7 +915,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libisccfg_la-aclconf.Plo + -rm -f ./$(DEPDIR)/libisccfg_la-aclconf.Plo -rm -f ./$(DEPDIR)/libisccfg_la-dnsconf.Plo -rm -f ./$(DEPDIR)/libisccfg_la-duration.Plo -rm -f ./$(DEPDIR)/libisccfg_la-kaspconf.Plo @@ -972,3 +973,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/isccfg/kaspconf.c bind9-9.18.41/lib/isccfg/kaspconf.c --- bind9-9.18.33/lib/isccfg/kaspconf.c 2025-01-20 13:39:31.317357939 +0000 +++ bind9-9.18.41/lib/isccfg/kaspconf.c 2025-10-18 10:21:03.195262564 +0000 @@ -171,6 +171,18 @@ goto cleanup; } + switch (key->algorithm) { + case DST_ALG_RSASHA1: + case DST_ALG_NSEC3RSASHA1: + cfg_obj_log(obj, logctx, ISC_LOG_WARNING, + "dnssec-policy: DNSSEC algorithm %s is " + "deprecated", + alg.base); + break; + default: + break; + } + obj = cfg_tuple_get(config, "length"); if (cfg_obj_isuint32(obj)) { uint32_t min, size; @@ -567,7 +579,7 @@ if (default_kasp != NULL && dns_kasp_nsec3(default_kasp)) { dns_kasp_setnsec3param( kasp, dns_kasp_nsec3iter(default_kasp), - (dns_kasp_nsec3flags(default_kasp) == 0x01), + dns_kasp_nsec3flags(default_kasp) == 0x01, dns_kasp_nsec3saltlen(default_kasp)); } else { dns_kasp_setnsec3(kasp, false); diff -Nru bind9-9.18.33/lib/isccfg/namedconf.c bind9-9.18.41/lib/isccfg/namedconf.c --- bind9-9.18.33/lib/isccfg/namedconf.c 2025-01-20 13:39:31.318357956 +0000 +++ bind9-9.18.41/lib/isccfg/namedconf.c 2025-10-18 10:21:03.195262564 +0000 @@ -1339,8 +1339,9 @@ { "tcp-receive-buffer", &cfg_type_uint32, 0 }, { "tcp-send-buffer", &cfg_type_uint32, 0 }, { "tkey-dhkey", &cfg_type_tkey_dhkey, CFG_CLAUSEFLAG_DEPRECATED }, - { "tkey-domain", &cfg_type_qstring, 0 }, - { "tkey-gssapi-credential", &cfg_type_qstring, 0 }, + { "tkey-domain", &cfg_type_qstring, CFG_CLAUSEFLAG_DEPRECATED }, + { "tkey-gssapi-credential", &cfg_type_qstring, + CFG_CLAUSEFLAG_DEPRECATED }, { "tkey-gssapi-keytab", &cfg_type_qstring, 0 }, { "transfer-message-size", &cfg_type_uint32, 0 }, { "transfers-in", &cfg_type_uint32, 0 }, diff -Nru bind9-9.18.33/lib/isccfg/parser.c bind9-9.18.41/lib/isccfg/parser.c --- bind9-9.18.33/lib/isccfg/parser.c 2025-01-20 13:39:31.318357956 +0000 +++ bind9-9.18.41/lib/isccfg/parser.c 2025-10-18 10:21:03.196262591 +0000 @@ -533,9 +533,9 @@ CHECK(isc_lex_create(pctx->mctx, 1024, &pctx->lexer)); isc_lex_setspecials(pctx->lexer, specials); - isc_lex_setcomments(pctx->lexer, - (ISC_LEXCOMMENT_C | ISC_LEXCOMMENT_CPLUSPLUS | - ISC_LEXCOMMENT_SHELL)); + isc_lex_setcomments(pctx->lexer, ISC_LEXCOMMENT_C | + ISC_LEXCOMMENT_CPLUSPLUS | + ISC_LEXCOMMENT_SHELL); CHECK(cfg_create_list(pctx, &cfg_type_filelist, &pctx->open_files)); CHECK(cfg_create_list(pctx, &cfg_type_filelist, &pctx->closed_files)); diff -Nru bind9-9.18.33/lib/ns/Makefile.in bind9-9.18.41/lib/ns/Makefile.in --- bind9-9.18.33/lib/ns/Makefile.in 2025-01-20 13:40:38.984393047 +0000 +++ bind9-9.18.41/lib/ns/Makefile.in 2025-10-18 10:21:43.803321556 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.5 from Makefile.am. +# Makefile.in generated by automake 1.17 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2021 Free Software Foundation, Inc. +# Copyright (C) 1994-2024 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -74,6 +74,8 @@ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +am__rm_f = rm -f $(am__rm_f_notfound) +am__rm_rf = rm -rf $(am__rm_f_notfound) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -142,10 +144,9 @@ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ + { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \ } am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libns_ladir)" LTLIBRARIES = $(lib_LTLIBRARIES) @@ -394,8 +395,10 @@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ +am__rm_f_notfound = @am__rm_f_notfound@ am__tar = @am__tar@ am__untar = @am__untar@ +am__xargs_n = @am__xargs_n@ ax_pthread_config = @ax_pthread_config@ bindir = @bindir@ build = @build@ @@ -612,15 +615,13 @@ done clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + -$(am__rm_f) $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} libns.la: $(libns_la_OBJECTS) $(libns_la_DEPENDENCIES) $(EXTRA_libns_la_DEPENDENCIES) $(AM_V_CCLD)$(libns_la_LINK) -rpath $(libdir) $(libns_la_OBJECTS) $(libns_la_LIBADD) $(LIBS) @@ -646,7 +647,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + @: >>$@ am--depfiles: $(am__depfiles_remade) @@ -903,8 +904,8 @@ clean-generic: distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -$(am__rm_f) $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -915,7 +916,7 @@ mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libns_la-client.Plo + -rm -f ./$(DEPDIR)/libns_la-client.Plo -rm -f ./$(DEPDIR)/libns_la-hooks.Plo -rm -f ./$(DEPDIR)/libns_la-interfacemgr.Plo -rm -f ./$(DEPDIR)/libns_la-listenlist.Plo @@ -976,7 +977,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libns_la-client.Plo + -rm -f ./$(DEPDIR)/libns_la-client.Plo -rm -f ./$(DEPDIR)/libns_la-hooks.Plo -rm -f ./$(DEPDIR)/libns_la-interfacemgr.Plo -rm -f ./$(DEPDIR)/libns_la-listenlist.Plo @@ -1039,3 +1040,10 @@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: + +# Tell GNU make to disable its built-in pattern rules. +%:: %,v +%:: RCS/%,v +%:: RCS/% +%:: s.% +%:: SCCS/s.% diff -Nru bind9-9.18.33/lib/ns/client.c bind9-9.18.41/lib/ns/client.c --- bind9-9.18.33/lib/ns/client.c 2025-01-20 13:39:31.319357974 +0000 +++ bind9-9.18.41/lib/ns/client.c 2025-10-18 10:21:03.196262591 +0000 @@ -1321,6 +1321,7 @@ uint32_t when; uint32_t nonce; isc_buffer_t db; + bool alwaysvalid; /* * If we have already seen a cookie option skip this cookie option. @@ -1365,13 +1366,24 @@ isc_buffer_forward(buf, 8); /* + * For '-T cookiealwaysvalid' still process everything to not skew any + * performance tests involving cookies, but make sure that the cookie + * check passes in the end, given the cookie was structurally correct. + */ + alwaysvalid = ns_server_getoption(client->manager->sctx, + NS_SERVER_COOKIEALWAYSVALID); + + /* * Allow for a 5 minute clock skew between servers sharing a secret. * Only accept COOKIE if we have talked to the client in the last hour. */ isc_stdtime_get(&now); - if (isc_serial_gt(when, (now + 300)) || /* In the future. */ - isc_serial_lt(when, (now - 3600))) - { /* In the past. */ + if (alwaysvalid) { + now = when; + } + if (isc_serial_gt(when, now + 300) /* In the future. */ || + isc_serial_lt(when, now - 3600) /* In the past. */) + { ns_stats_increment(client->sctx->nsstats, ns_statscounter_cookiebadtime); return; @@ -1380,7 +1392,7 @@ isc_buffer_init(&db, dbuf, sizeof(dbuf)); compute_cookie(client, when, nonce, client->sctx->secret, &db); - if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) { + if (isc_safe_memequal(old, dbuf, COOKIE_SIZE) || alwaysvalid) { ns_stats_increment(client->sctx->nsstats, ns_statscounter_cookiematch); client->attributes |= NS_CLIENTATTR_HAVECOOKIE; @@ -1599,6 +1611,9 @@ while (isc_buffer_remaininglength(&optbuf) >= 4) { optcode = isc_buffer_getuint16(&optbuf); optlen = isc_buffer_getuint16(&optbuf); + + INSIST(isc_buffer_remaininglength(&optbuf) >= optlen); + switch (optcode) { case DNS_OPT_NSID: if (!WANTNSID(client)) { diff -Nru bind9-9.18.33/lib/ns/include/ns/query.h bind9-9.18.41/lib/ns/include/ns/query.h --- bind9-9.18.33/lib/ns/include/ns/query.h 2025-01-20 13:39:31.320357991 +0000 +++ bind9-9.18.41/lib/ns/include/ns/query.h 2025-10-18 10:21:03.197262618 +0000 @@ -159,6 +159,7 @@ ns_client_t *client; /* client object */ bool detach_client; /* client needs detaching */ + bool async; /* asynchronous hook running */ dns_fetchevent_t *event; /* recursion event */ diff -Nru bind9-9.18.33/lib/ns/include/ns/server.h bind9-9.18.41/lib/ns/include/ns/server.h --- bind9-9.18.33/lib/ns/include/ns/server.h 2025-01-20 13:39:31.320357991 +0000 +++ bind9-9.18.41/lib/ns/include/ns/server.h 2025-10-18 10:21:03.197262618 +0000 @@ -32,23 +32,24 @@ #include #include -#define NS_SERVER_LOGQUERIES 0x00000001U /*%< log queries */ -#define NS_SERVER_NOAA 0x00000002U /*%< -T noaa */ -#define NS_SERVER_NOSOA 0x00000004U /*%< -T nosoa */ -#define NS_SERVER_NONEAREST 0x00000008U /*%< -T nonearest */ -#define NS_SERVER_NOEDNS 0x00000020U /*%< -T noedns */ -#define NS_SERVER_DROPEDNS 0x00000040U /*%< -T dropedns */ -#define NS_SERVER_NOTCP 0x00000080U /*%< -T notcp */ -#define NS_SERVER_DISABLE4 0x00000100U /*%< -6 */ -#define NS_SERVER_DISABLE6 0x00000200U /*%< -4 */ -#define NS_SERVER_FIXEDLOCAL 0x00000400U /*%< -T fixedlocal */ -#define NS_SERVER_SIGVALINSECS 0x00000800U /*%< -T sigvalinsecs */ -#define NS_SERVER_EDNSFORMERR 0x00001000U /*%< -T ednsformerr (STD13) */ -#define NS_SERVER_EDNSNOTIMP 0x00002000U /*%< -T ednsnotimp */ -#define NS_SERVER_EDNSREFUSED 0x00004000U /*%< -T ednsrefused */ -#define NS_SERVER_TRANSFERINSECS 0x00008000U /*%< -T transferinsecs */ -#define NS_SERVER_TRANSFERSLOWLY 0x00010000U /*%< -T transferslowly */ -#define NS_SERVER_TRANSFERSTUCK 0x00020000U /*%< -T transferstuck */ +#define NS_SERVER_LOGQUERIES 0x00000001U /*%< log queries */ +#define NS_SERVER_NOAA 0x00000002U /*%< -T noaa */ +#define NS_SERVER_NOSOA 0x00000004U /*%< -T nosoa */ +#define NS_SERVER_NONEAREST 0x00000008U /*%< -T nonearest */ +#define NS_SERVER_NOEDNS 0x00000020U /*%< -T noedns */ +#define NS_SERVER_DROPEDNS 0x00000040U /*%< -T dropedns */ +#define NS_SERVER_NOTCP 0x00000080U /*%< -T notcp */ +#define NS_SERVER_DISABLE4 0x00000100U /*%< -6 */ +#define NS_SERVER_DISABLE6 0x00000200U /*%< -4 */ +#define NS_SERVER_FIXEDLOCAL 0x00000400U /*%< -T fixedlocal */ +#define NS_SERVER_SIGVALINSECS 0x00000800U /*%< -T sigvalinsecs */ +#define NS_SERVER_EDNSFORMERR 0x00001000U /*%< -T ednsformerr (STD13) */ +#define NS_SERVER_EDNSNOTIMP 0x00002000U /*%< -T ednsnotimp */ +#define NS_SERVER_EDNSREFUSED 0x00004000U /*%< -T ednsrefused */ +#define NS_SERVER_TRANSFERINSECS 0x00008000U /*%< -T transferinsecs */ +#define NS_SERVER_TRANSFERSLOWLY 0x00010000U /*%< -T transferslowly */ +#define NS_SERVER_TRANSFERSTUCK 0x00020000U /*%< -T transferstuck */ +#define NS_SERVER_COOKIEALWAYSVALID 0x00080000U /*%< -T cookiealwaysvalid */ /*% * Type for callback function to get hostname. diff -Nru bind9-9.18.33/lib/ns/interfacemgr.c bind9-9.18.41/lib/ns/interfacemgr.c --- bind9-9.18.33/lib/ns/interfacemgr.c 2025-01-20 13:39:31.320357991 +0000 +++ bind9-9.18.41/lib/ns/interfacemgr.c 2025-10-18 10:21:03.198262645 +0000 @@ -54,12 +54,6 @@ #define LISTENING(ifp) (((ifp)->flags & NS_INTERFACEFLAG_LISTENING) != 0) -#ifdef TUNE_LARGE -#define UDPBUFFERS 32768 -#else /* ifdef TUNE_LARGE */ -#define UDPBUFFERS 1000 -#endif /* TUNE_LARGE */ - #define IFMGR_MAGIC ISC_MAGIC('I', 'F', 'M', 'G') #define NS_INTERFACEMGR_VALID(t) ISC_MAGIC_VALID(t, IFMGR_MAGIC) diff -Nru bind9-9.18.33/lib/ns/query.c bind9-9.18.41/lib/ns/query.c --- bind9-9.18.33/lib/ns/query.c 2025-01-20 13:39:31.322358026 +0000 +++ bind9-9.18.41/lib/ns/query.c 2025-10-18 10:21:03.200262698 +0000 @@ -4462,7 +4462,7 @@ #ifdef USE_DNSRPS if (st->popt.dnsrps_enabled && st->m.policy != DNS_RPZ_POLICY_ERROR && !dnsrps_set_p(&emsg, client, st, qtype, &rdataset, - (qresult_type != qresult_type_recurse))) + qresult_type != qresult_type_recurse)) { rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, NULL, DNS_RPZ_TYPE_BAD, emsg.c, DNS_R_SERVFAIL); @@ -5308,6 +5308,9 @@ if (qctx->db != NULL && qctx->node != NULL) { dns_db_detachnode(qctx->db, &qctx->node); } + if (qctx->client != NULL && qctx->client->query.gluedb != NULL) { + dns_db_detach(&qctx->client->query.gluedb); + } } /*% @@ -5740,6 +5743,13 @@ } } + /* + * If this is a chained query (e.g. CNAME), these bits should be reset + * to not use the settings from the previous query. + */ + qctx->options &= ~DNS_GETDB_STALEFIRST; + qctx->client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT; + if (!qctx->is_zone && (qctx->view->staleanswerclienttimeout == 0) && dns_view_staleanswerenabled(qctx->view)) { @@ -5759,6 +5769,7 @@ * when it completes, this option is not expected to be set. */ qctx->options &= ~DNS_GETDB_STALEFIRST; + qctx->client->query.dboptions &= ~DNS_DBFIND_STALETIMEOUT; cleanup: return result; @@ -6798,14 +6809,13 @@ /* * Has response policy changed out from under us? */ - if (qctx->rpz_st->rpz_ver != qctx->view->rpzs->rpz_ver) { + if (qctx->view->rpzs == NULL || + qctx->rpz_st->rpz_ver != qctx->view->rpzs->rpz_ver) + { ns_client_log(qctx->client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_QUERY, DNS_RPZ_INFO_LEVEL, - "query_resume: RPZ settings " - "out of date " - "(rpz_ver %d, expected %d)", - qctx->view->rpzs->rpz_ver, - qctx->rpz_st->rpz_ver); + "query_resume: RPZ settings out of date " + "after of a reconfiguration"); QUERY_ERROR(qctx, DNS_R_SERVFAIL); return ns_query_done(qctx); } @@ -7038,6 +7048,9 @@ goto cleanup_and_detach_from_quota; } + /* Record that an asynchronous copy of the qctx has been started */ + qctx->async = true; + /* * Typically the runasync() function will trigger recursion, but * there is no need to set NS_QUERYATTR_RECURSING. The calling hook @@ -11973,10 +11986,6 @@ qctx_clean(qctx); qctx_freedata(qctx); - if (qctx->client->query.gluedb != NULL) { - dns_db_detach(&qctx->client->query.gluedb); - } - /* * Clear the AA bit if we're not authoritative. */ @@ -12113,6 +12122,17 @@ return qctx->result; cleanup: + /* + * We'd only get here if one of the hooks above + * (NS_QUERY_DONE_BEGIN or NS_QUERY_DONE_SEND) returned + * NS_HOOK_RETURN. Some housekeeping may be needed. + */ + qctx_clean(qctx); + qctx_freedata(qctx); + if (!qctx->async) { + qctx->detach_client = true; + query_error(qctx->client, DNS_R_SERVFAIL, __LINE__); + } return result; } diff -Nru bind9-9.18.33/lib/ns/update.c bind9-9.18.41/lib/ns/update.c --- bind9-9.18.33/lib/ns/update.c 2025-01-20 13:39:31.323358044 +0000 +++ bind9-9.18.41/lib/ns/update.c 2025-10-18 10:21:03.201262725 +0000 @@ -3621,9 +3621,9 @@ algorithm = dnskey.algorithm; keyid = dst_region_computeid(&r); - result = dns_zone_signwithkey( - zone, algorithm, keyid, - (tuple->op == DNS_DIFFOP_DEL)); + result = dns_zone_signwithkey(zone, algorithm, keyid, + tuple->op == + DNS_DIFFOP_DEL); if (result != ISC_R_SUCCESS) { update_log(client, zone, ISC_LOG_ERROR, "dns_zone_signwithkey failed: %s", diff -Nru bind9-9.18.33/ltmain.sh bind9-9.18.41/ltmain.sh --- bind9-9.18.33/ltmain.sh 2025-01-20 13:40:35.379336249 +0000 +++ bind9-9.18.41/ltmain.sh 2025-10-18 10:21:38.602187040 +0000 @@ -2,11 +2,11 @@ ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in ## by inline-source v2019-02-19.15 -# libtool (GNU libtool) 2.4.7 +# libtool (GNU libtool) 2.5.4 # Provide generalized library-building support services. # Written by Gordon Matzigkeit , 1996 -# Copyright (C) 1996-2019, 2021-2022 Free Software Foundation, Inc. +# Copyright (C) 1996-2019, 2021-2024 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -31,8 +31,8 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.7 Debian-2.4.7-7~deb12u1" -package_revision=2.4.7 +VERSION="2.5.4 Debian-2.5.4-4" +package_revision=2.5.4 ## ------ ## @@ -64,7 +64,7 @@ # libraries, which are installed to $pkgauxdir. # Set a version string for this script. -scriptversion=2019-02-19.15; # UTC +scriptversion=2024-12-01.17; # UTC # General shell script boiler plate, and helper functions. # Written by Gary V. Vaughan, 2004 @@ -72,11 +72,11 @@ # This is free software. There is NO warranty; not even for # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # -# Copyright (C) 2004-2019, 2021 Bootstrap Authors +# Copyright (C) 2004-2019, 2021, 2023-2024 Bootstrap Authors # # This file is dual licensed under the terms of the MIT license -# , and GPL version 2 or later -# . You must apply one of +# , and GPL version 2 or later +# . You must apply one of # these licenses when using or redistributing this software or any of # the files within it. See the URLs above, or the file `LICENSE` # included in the Bootstrap distribution for the full license texts. @@ -143,7 +143,7 @@ ' IFS="$sp $nl" -# There are apparently some retarded systems that use ';' as a PATH separator! +# There are apparently some systems that use ';' as a PATH separator! if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { @@ -572,15 +572,16 @@ # --------------------- # Append VALUE onto the existing contents of VAR. + # _G_HAVE_PLUSEQ_OP # Can be empty, in which case the shell is probed, "yes" if += is - # useable or anything else if it does not work. - if test -z "$_G_HAVE_PLUSEQ_OP" && \ - __PLUSEQ_TEST="a" && \ - __PLUSEQ_TEST+=" b" 2>/dev/null && \ - test "a b" = "$__PLUSEQ_TEST"; then - _G_HAVE_PLUSEQ_OP=yes - fi + # usable or anything else if it does not work. +if test -z "$_G_HAVE_PLUSEQ_OP" && \ + __PLUSEQ_TEST="a" && \ + __PLUSEQ_TEST+=" b" 2>/dev/null && \ + test "a b" = "$__PLUSEQ_TEST"; then + _G_HAVE_PLUSEQ_OP=yes +fi if test yes = "$_G_HAVE_PLUSEQ_OP" then @@ -727,7 +728,7 @@ # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. -# value retuned in "$func_basename_result" +# value returned in "$func_basename_result" # For efficiency, we do not delegate to the functions above but instead # duplicate the functionality here. eval 'func_dirname_and_basename () @@ -885,7 +886,7 @@ # While some portion of DIR does not yet exist... while test ! -d "$_G_directory_path"; do # ...make a list in topmost first order. Use a colon delimited - # list incase some portion of path contains whitespace. + # list in case some portion of path contains whitespace. _G_dir_list=$_G_directory_path:$_G_dir_list # If the last portion added has no slash in it, the list is done @@ -1524,11 +1525,11 @@ # This is free software. There is NO warranty; not even for # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # -# Copyright (C) 2010-2019, 2021 Bootstrap Authors +# Copyright (C) 2010-2019, 2021, 2023-2024 Bootstrap Authors # # This file is dual licensed under the terms of the MIT license -# , and GPL version 2 or later -# . You must apply one of +# , and GPL version 2 or later +# . You must apply one of # these licenses when using or redistributing this software or any of # the files within it. See the URLs above, or the file `LICENSE` # included in the Bootstrap distribution for the full license texts. @@ -2205,7 +2206,30 @@ # End: # Set a version string. -scriptversion='(GNU libtool) 2.4.7' +scriptversion='(GNU libtool) 2.5.4' + +# func_version +# ------------ +# Echo version message to standard output and exit. +func_version () +{ + $debug_cmd + + year=`date +%Y` + + cat < +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +Originally written by Gordon Matzigkeit, 1996 +(See AUTHORS for complete contributor listing) +EOF + + exit $? +} # func_echo ARG... @@ -2228,18 +2252,6 @@ } -# func_warning ARG... -# ------------------- -# Libtool warnings are not categorized, so override funclib.sh -# func_warning with this simpler definition. -func_warning () -{ - $debug_cmd - - $warning_func ${1+"$@"} -} - - ## ---------------- ## ## Options parsing. ## ## ---------------- ## @@ -2251,19 +2263,23 @@ # Short help message in response to '-h'. usage_message="Options: - --config show all configuration variables - --debug enable verbose shell tracing - -n, --dry-run display commands without modifying any files - --features display basic configuration information and exit - --mode=MODE use operation mode MODE - --no-warnings equivalent to '-Wnone' - --preserve-dup-deps don't remove duplicate dependency libraries - --quiet, --silent don't print informational messages - --tag=TAG use configuration variables from tag TAG - -v, --verbose print more informational messages than default - --version print version information - -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] - -h, --help, --help-all print short, long, or detailed help message + --config show all configuration variables + --debug enable verbose shell tracing + -n, --dry-run display commands without modifying any files + --features display basic configuration information + --finish use operation '--mode=finish' + --mode=MODE use operation mode MODE + --no-finish don't update shared library cache + --no-quiet, --no-silent print default informational messages + --no-warnings equivalent to '-Wnone' + --preserve-dup-deps don't remove duplicate dependency libraries + --quiet, --silent don't print informational messages + --reorder-cache=DIRS reorder shared library cache for preferred DIRS + --tag=TAG use configuration variables from tag TAG + -v, --verbose print more informational messages than default + --version print version information + -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] + -h, --help, --help-all print short, long, or detailed help message " # Additional text appended to 'usage_message' in response to '--help'. @@ -2296,13 +2312,13 @@ compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname $scriptversion Debian-2.4.7-7~deb12u1 + version: $progname $scriptversion Debian-2.5.4-4 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to . -GNU libtool home page: . -General help using GNU software: ." +GNU libtool home page: . +General help using GNU software: ." exit 0 } @@ -2492,8 +2508,11 @@ opt_dry_run=false opt_help=false opt_mode= + opt_reorder_cache=false opt_preserve_dup_deps=false opt_quiet=false + opt_finishing=true + opt_warning= nonopt= preserve_args= @@ -2585,14 +2604,18 @@ clean|compile|execute|finish|install|link|relink|uninstall) ;; # Catch anything else as an error - *) func_error "invalid argument for $_G_opt" + *) func_error "invalid argument '$1' for $_G_opt" exit_cmd=exit - break ;; esac shift ;; + --no-finish) + opt_finishing=false + func_append preserve_args " $_G_opt" + ;; + --no-silent|--no-quiet) opt_quiet=false func_append preserve_args " $_G_opt" @@ -2608,6 +2631,24 @@ func_append preserve_args " $_G_opt" ;; + --reorder-cache) + opt_reorder_cache=true + shared_lib_dirs=$1 + if test -n "$shared_lib_dirs"; then + case $1 in + # Must begin with /: + /*) ;; + + # Catch anything else as an error (relative paths) + *) func_error "invalid argument '$1' for $_G_opt" + func_error "absolute paths are required for $_G_opt" + exit_cmd=exit + ;; + esac + fi + shift + ;; + --silent|--quiet) opt_quiet=: opt_verbose=false @@ -2644,6 +2685,18 @@ func_add_hook func_parse_options libtool_parse_options +# func_warning ARG... +# ------------------- +# Libtool warnings are not categorized, so override funclib.sh +# func_warning with this simpler definition. +func_warning () +{ + if $opt_warning; then + $debug_cmd + $warning_func ${1+"$@"} + fi +} + # libtool_validate_options [ARG]... # --------------------------------- @@ -2660,10 +2713,10 @@ # preserve --debug test : = "$debug_cmd" || func_append preserve_args " --debug" - case $host in + case $host_os in # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 - *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) + cygwin* | mingw* | windows* | pw32* | cegcc* | solaris2* | os2*) # don't eliminate duplications in $postdeps and $predeps opt_duplicate_compiler_generated_deps=: ;; @@ -2995,7 +3048,7 @@ # func_convert_core_file_wine_to_w32 ARG # Helper function used by file name conversion functions when $build is *nix, -# and $host is mingw, cygwin, or some other w32 environment. Relies on a +# and $host is mingw, windows, cygwin, or some other w32 environment. Relies on a # correctly configured wine environment available, with the winepath program # in $build's $PATH. # @@ -3027,9 +3080,10 @@ # func_convert_core_path_wine_to_w32 ARG # Helper function used by path conversion functions when $build is *nix, and -# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly -# configured wine environment available, with the winepath program in $build's -# $PATH. Assumes ARG has no leading or trailing path separator characters. +# $host is mingw, windows, cygwin, or some other w32 environment. Relies on a +# correctly configured wine environment available, with the winepath program +# in $build's $PATH. Assumes ARG has no leading or trailing path separator +# characters. # # ARG is path to be converted from $build format to win32. # Result is available in $func_convert_core_path_wine_to_w32_result. @@ -3172,6 +3226,15 @@ # end func_convert_path_front_back_pathsep +# func_convert_delimited_path PATH ORIG_DELIMITER NEW_DELIMITER +# Replaces a delimiter for a given path. +func_convert_delimited_path () +{ + converted_path=`$ECHO "$1" | $SED "s#$2#$3#g"` +} +# end func_convert_delimited_path + + ################################################## # $build to $host FILE NAME CONVERSION FUNCTIONS # ################################################## @@ -3506,6 +3569,65 @@ } +# func_reorder_shared_lib_cache DIRS +# Reorder the shared library cache by unconfiguring previous shared library cache +# and configuring preferred search directories before previous search directories. +# Previous shared library cache: /usr/lib /usr/local/lib +# Preferred search directories: /tmp/testing +# Reordered shared library cache: /tmp/testing /usr/lib /usr/local/lib +func_reorder_shared_lib_cache () +{ + $debug_cmd + + case $host_os in + openbsd*) + get_search_directories=`PATH="$PATH:/sbin" ldconfig -r | $GREP "search directories" | $SED "s#.*search directories:\ ##g"` + func_convert_delimited_path "$get_search_directories" ':' '\ ' + save_search_directories=$converted_path + func_convert_delimited_path "$1" ':' '\ ' + + # Ensure directories exist + for dir in $converted_path; do + # Ensure each directory is an absolute path + case $dir in + /*) ;; + *) func_error "Directory '$dir' is not an absolute path" + exit $EXIT_FAILURE ;; + esac + # Ensure no trailing slashes + func_stripname '' '/' "$dir" + dir=$func_stripname_result + if test -d "$dir"; then + if test -n "$preferred_search_directories"; then + preferred_search_directories="$preferred_search_directories $dir" + else + preferred_search_directories=$dir + fi + else + func_error "Directory '$dir' does not exist" + exit $EXIT_FAILURE + fi + done + + PATH="$PATH:/sbin" ldconfig -U $save_search_directories + PATH="$PATH:/sbin" ldconfig -m $preferred_search_directories $save_search_directories + get_search_directories=`PATH="$PATH:/sbin" ldconfig -r | $GREP "search directories" | $SED "s#.*search directories:\ ##g"` + func_convert_delimited_path "$get_search_directories" ':' '\ ' + reordered_search_directories=$converted_path + + $ECHO "Original: $save_search_directories" + $ECHO "Reordered: $reordered_search_directories" + exit $EXIT_SUCCESS + ;; + *) + func_error "--reorder-cache is not supported for host_os=$host_os." + exit $EXIT_FAILURE + ;; + esac +} +# end func_reorder_shared_lib_cache + + # func_mode_compile arg... func_mode_compile () { @@ -3684,7 +3806,7 @@ # On Cygwin there's no "real" PIC flag so we must build both object types case $host_os in - cygwin* | mingw* | pw32* | os2* | cegcc*) + cygwin* | mingw* | windows* | pw32* | os2* | cegcc*) pic_mode=default ;; esac @@ -4078,6 +4200,12 @@ fi +# If option '--reorder-cache', reorder the shared library cache and exit. +if $opt_reorder_cache; then + func_reorder_shared_lib_cache $shared_lib_dirs +fi + + # func_mode_execute arg... func_mode_execute () { @@ -4262,7 +4390,7 @@ fi fi - if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs" && $opt_finishing; then for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. @@ -4287,6 +4415,12 @@ for libdir in $libdirs; do $ECHO " $libdir" done + if test "false" = "$opt_finishing"; then + echo + echo "NOTE: finish_cmds were not executed during testing, so you must" + echo "manually run ldconfig to add a given test directory, LIBDIR, to" + echo "the search path for generated executables." + fi echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" @@ -4523,8 +4657,15 @@ func_append dir "$objdir" if test -n "$relink_command"; then + # Strip any trailing slash from the destination. + func_stripname '' '/' "$libdir" + destlibdir=$func_stripname_result + + func_stripname '' '/' "$destdir" + s_destdir=$func_stripname_result + # Determine the prefix the user has applied to our future dir. - inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` + inst_prefix_dir=`$ECHO "X$s_destdir" | $Xsed -e "s%$destlibdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that @@ -4561,7 +4702,7 @@ 'exit $?' tstripme=$stripme case $host_os in - cygwin* | mingw* | pw32* | cegcc*) + cygwin* | mingw* | windows* | pw32* | cegcc*) case $realname in *.dll.a) tstripme= @@ -4674,7 +4815,7 @@ # Do a test to see if this is really a libtool program. case $host in - *cygwin* | *mingw*) + *cygwin* | *mingw* | *windows*) if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" wrapper=$func_ltwrapper_scriptname_result @@ -4902,7 +5043,7 @@ $RM $export_symbols eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in - *cygwin* | *mingw* | *cegcc* ) + *cygwin* | *mingw* | *windows* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' ;; @@ -4914,7 +5055,7 @@ eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in - *cygwin* | *mingw* | *cegcc* ) + *cygwin* | *mingw* | *windows* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; @@ -4928,7 +5069,7 @@ func_basename "$dlprefile" name=$func_basename_result case $host in - *cygwin* | *mingw* | *cegcc* ) + *cygwin* | *mingw* | *windows* | *cegcc* ) # if an import library, we need to obtain dlname if func_win32_import_lib_p "$dlprefile"; then func_tr_sh "$dlprefile" @@ -4954,8 +5095,16 @@ eval '$ECHO ": $name " >> "$nlist"' fi func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 - eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | - $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + case $host in + i[3456]86-*-mingw32*) + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + ;; + *) + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/__nm_//' >> '$nlist'" + ;; + esac } else # not an import lib $opt_dry_run || { @@ -5103,7 +5252,7 @@ # Transform the symbol file into the correct name. symfileobj=$output_objdir/${my_outputname}S.$objext case $host in - *cygwin* | *mingw* | *cegcc* ) + *cygwin* | *mingw* | *windows* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` @@ -5179,7 +5328,7 @@ *ar\ archive*) # could be an import, or static # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | - $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64|pe-aarch64)' >/dev/null; then case $nm_interface in "MS dumpbin") if func_cygming_ms_implib_p "$1" || @@ -5446,7 +5595,7 @@ # # Emit a libtool wrapper script on stdout. # Don't directly open a file because we may want to -# incorporate the script contents within a cygwin/mingw +# incorporate the script contents within a cygwin/mingw/windows # wrapper executable. Must ONLY be called from within # func_mode_link because it depends on a number of variables # set therein. @@ -5454,7 +5603,7 @@ # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script # will assume that the directory where it is stored is -# the $objdir directory. This is a cygwin/mingw-specific +# the $objdir directory. This is a cygwin/mingw/windows-specific # behavior. func_emit_wrapper () { @@ -5579,7 +5728,7 @@ " case $host in # Backslashes separate directories on plain windows - *-*-mingw | *-*-os2* | *-cegcc*) + *-*-mingw* | *-*-windows* | *-*-os2* | *-cegcc*) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 @@ -5647,7 +5796,7 @@ file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` done - # Usually 'no', except on cygwin/mingw when embedded into + # Usually 'no', except on cygwin/mingw/windows when embedded into # the cwrapper. WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then @@ -5779,7 +5928,7 @@ #endif #include #include -#ifdef _MSC_VER +#if defined _WIN32 && !defined __GNUC__ # include # include # include @@ -5804,7 +5953,7 @@ /* declarations of non-ANSI functions */ #if defined __MINGW32__ # ifdef __STRICT_ANSI__ -int _putenv (const char *); +_CRTIMP int __cdecl _putenv (const char *); # endif #elif defined __CYGWIN__ # ifdef __STRICT_ANSI__ @@ -6002,7 +6151,7 @@ { EOF case $host in - *mingw* | *cygwin* ) + *mingw* | *windows* | *cygwin* ) # make stdout use "unix" line endings echo " setmode(1,_O_BINARY);" ;; @@ -6021,7 +6170,7 @@ { /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX namespace, but it is not one of the ones we know about and - have already dealt with, above (inluding dump-script), then + have already dealt with, above (including dump-script), then report an error. Otherwise, targets might begin to believe they are allowed to use options in the LTWRAPPER_OPTION_PREFIX namespace. The first time any user complains about this, we'll @@ -6105,7 +6254,7 @@ EOF case $host_os in - mingw*) + mingw* | windows*) cat <<"EOF" { char* p; @@ -6147,7 +6296,7 @@ EOF case $host_os in - mingw*) + mingw* | windows*) cat <<"EOF" /* execv doesn't actually work on mingw as expected on unix */ newargz = prepare_spawn (newargz); @@ -6566,7 +6715,7 @@ EOF case $host_os in - mingw*) + mingw* | windows*) cat <<"EOF" /* Prepares an argument vector before calling spawn(). @@ -6741,7 +6890,7 @@ $debug_cmd case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + *-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out # what system we are compiling for in order to pass an extra @@ -6765,6 +6914,7 @@ finalize_command=$nonopt compile_rpath= + compile_rpath_tail= finalize_rpath= compile_shlibpath= finalize_shlibpath= @@ -6805,10 +6955,12 @@ xrpath= perm_rpath= temp_rpath= + temp_rpath_tail= thread_safe=no vinfo= vinfo_number=no weak_libs= + rpath_arg= single_module=$wl-single_module func_infer_tag $base_compile @@ -7071,7 +7223,7 @@ case $arg in [\\/]* | [A-Za-z]:[\\/]*) ;; *) - func_fatal_error "only absolute run-paths are allowed" + func_fatal_error "argument to -rpath is not absolute: $arg" ;; esac if test rpath = "$prev"; then @@ -7247,7 +7399,7 @@ ;; esac case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + *-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; @@ -7267,7 +7419,7 @@ -l*) if test X-lc = "X$arg" || test X-lm = "X$arg"; then case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + *-*-cygwin* | *-*-mingw* | *-*-windows* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) continue ;; @@ -7275,7 +7427,7 @@ # These systems don't actually have a C library (as such) test X-lc = "X$arg" && continue ;; - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*) # Do not include libc due to us having libc/libc_r. test X-lc = "X$arg" && continue ;; @@ -7295,7 +7447,7 @@ esac elif test X-lc_r = "X$arg"; then case $host in - *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*) + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*) # Do not include libc_r directly, use -pthread flag. continue ;; @@ -7318,7 +7470,8 @@ # Tru64 UNIX uses -model [arg] to determine the layout of C++ # classes, name mangling, and exception handling. # Darwin uses the -arch flag to determine output architecture. - -model|-arch|-isysroot|--sysroot) + # -q