Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/mpl/bind merge conflicts, bump versions, sync includes
details: https://anonhg.NetBSD.org/src/rev/b7710506defd
branches: trunk
changeset: 450879:b7710506defd
user: christos <christos%NetBSD.org@localhost>
date: Sun Apr 28 00:01:13 2019 +0000
description:
merge conflicts, bump versions, sync includes
diffstat:
external/mpl/bind/dist/bin/check/named-checkconf.c | 4 +-
external/mpl/bind/dist/bin/dnssec/dnssec-cds.c | 22 +-
external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c | 6 +-
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.8 | 85 +-
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.c | 9 +-
external/mpl/bind/dist/bin/named/named.conf.5 | 6 +-
external/mpl/bind/dist/bin/named/server.c | 61 +-
external/mpl/bind/dist/bin/nsupdate/nsupdate.c | 33 +-
external/mpl/bind/dist/bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf | 14 -
external/mpl/bind/dist/bin/tests/system/checkconf/bad-allow-update-forwarding.conf | 14 -
external/mpl/bind/dist/bin/tests/system/checkconf/bad-allow-update-view.conf | 14 -
external/mpl/bind/dist/bin/tests/system/checkconf/bad-allow-update.conf | 14 -
external/mpl/bind/dist/bin/tests/system/dlz/prereq.sh.in | 19 -
external/mpl/bind/dist/bin/tests/system/dlzexternal/driver.c | 108 +-
external/mpl/bind/dist/bin/tests/system/feature-test.c | 11 +-
external/mpl/bind/dist/bin/tools/dnstap-read.c | 5 +-
external/mpl/bind/dist/bind.keys.h | 74 +-
external/mpl/bind/dist/config.h.in | 6 +
external/mpl/bind/dist/configure | 97 +-
external/mpl/bind/dist/contrib/dlz/drivers/dlz_filesystem_driver.c | 6 +-
external/mpl/bind/dist/contrib/dlz/modules/filesystem/dlz_filesystem_dynamic.c | 6 +-
external/mpl/bind/dist/lib/bind9/check.c | 59 +-
external/mpl/bind/dist/lib/dns/byaddr.c | 10 +-
external/mpl/bind/dist/lib/dns/client.c | 46 +-
external/mpl/bind/dist/lib/dns/dnstap.c | 11 +-
external/mpl/bind/dist/lib/dns/ds.c | 31 +-
external/mpl/bind/dist/lib/dns/gen.c | 25 +-
external/mpl/bind/dist/lib/dns/include/dns/dnstap.h | 5 +-
external/mpl/bind/dist/lib/dns/include/dns/ds.h | 4 +-
external/mpl/bind/dist/lib/dns/include/dns/ecs.h | 4 +-
external/mpl/bind/dist/lib/dns/include/dns/rpz.h | 22 +-
external/mpl/bind/dist/lib/dns/message.c | 60 +-
external/mpl/bind/dist/lib/dns/rdata/generic/ds_43.h | 6 +-
external/mpl/bind/dist/lib/dns/rdata/generic/key_25.h | 6 +-
external/mpl/bind/dist/lib/dns/rdata/generic/keydata_65533.h | 6 +-
external/mpl/bind/dist/lib/dns/rdata/in_1/eid_31.c | 15 +-
external/mpl/bind/dist/lib/dns/rdata/in_1/nimloc_32.c | 15 +-
external/mpl/bind/dist/lib/dns/resolver.c | 15 +-
external/mpl/bind/dist/lib/dns/rpz.c | 21 +-
external/mpl/bind/dist/lib/dns/sdlz.c | 14 +-
external/mpl/bind/dist/lib/dns/tests/dnstap_test.c | 10 +-
external/mpl/bind/dist/lib/dns/tests/rdata_test.c | 52 +-
external/mpl/bind/dist/lib/dns/tests/result_test.c | 3 +-
external/mpl/bind/dist/lib/dns/validator.c | 4 +-
external/mpl/bind/dist/lib/dns/zone.c | 58 +-
external/mpl/bind/dist/lib/isc/include/isc/quota.h | 9 +-
external/mpl/bind/dist/lib/isc/include/isc/result.h | 6 +-
external/mpl/bind/dist/lib/isc/include/isc/util.h | 23 +-
external/mpl/bind/dist/lib/isc/lex.c | 4 +-
external/mpl/bind/dist/lib/isc/quota.c | 32 +-
external/mpl/bind/dist/lib/isc/result.c | 6 +-
external/mpl/bind/dist/lib/isc/tests/netaddr_test.c | 3 +-
external/mpl/bind/dist/lib/isc/tests/result_test.c | 3 +-
external/mpl/bind/dist/lib/isc/unix/errno2result.c | 8 +-
external/mpl/bind/dist/lib/isc/unix/socket.c | 17 +-
external/mpl/bind/dist/lib/isc/win32/errno2result.c | 4 +-
external/mpl/bind/dist/lib/isccc/tests/result_test.c | 3 +-
external/mpl/bind/dist/lib/isccfg/namedconf.c | 4 +-
external/mpl/bind/dist/lib/ns/client.c | 429 +++++++--
external/mpl/bind/dist/lib/ns/hooks.c | 47 +-
external/mpl/bind/dist/lib/ns/include/ns/client.h | 23 +-
external/mpl/bind/dist/lib/ns/include/ns/hooks.h | 26 +-
external/mpl/bind/dist/lib/ns/include/ns/interfacemgr.h | 13 +-
external/mpl/bind/dist/lib/ns/interfacemgr.c | 11 +-
external/mpl/bind/dist/lib/ns/query.c | 170 ++-
external/mpl/bind/include/config.h | 12 +-
external/mpl/bind/include/dns/rdatastruct.h | 12 +-
external/mpl/bind/lib/libbind9/shlib_version | 4 +-
external/mpl/bind/lib/libdns/shlib_version | 4 +-
external/mpl/bind/lib/libirs/shlib_version | 4 +-
external/mpl/bind/lib/libisc/Makefile | 6 +-
external/mpl/bind/lib/libisc/shlib_version | 4 +-
external/mpl/bind/lib/libisccc/shlib_version | 4 +-
external/mpl/bind/lib/libisccfg/shlib_version | 4 +-
external/mpl/bind/lib/libns/Makefile | 3 +-
external/mpl/bind/lib/libns/shlib_version | 4 +-
76 files changed, 1281 insertions(+), 737 deletions(-)
diffs (truncated from 4455 to 300 lines):
diff -r 675094af1d5e -r b7710506defd external/mpl/bind/dist/bin/check/named-checkconf.c
--- a/external/mpl/bind/dist/bin/check/named-checkconf.c Sat Apr 27 23:47:13 2019 +0000
+++ b/external/mpl/bind/dist/bin/check/named-checkconf.c Sun Apr 28 00:01:13 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: named-checkconf.c,v 1.3 2019/01/09 16:54:58 christos Exp $ */
+/* $NetBSD: named-checkconf.c,v 1.4 2019/04/28 00:01:13 christos Exp $ */
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -65,7 +65,7 @@
static void
usage(void) {
- fprintf(stderr, "usage: %s [-hjlvz] [-p [-x]] [-t directory] "
+ fprintf(stderr, "usage: %s [-chjlvz] [-p [-x]] [-t directory] "
"[named.conf]\n", program);
exit(1);
}
diff -r 675094af1d5e -r b7710506defd external/mpl/bind/dist/bin/dnssec/dnssec-cds.c
--- a/external/mpl/bind/dist/bin/dnssec/dnssec-cds.c Sat Apr 27 23:47:13 2019 +0000
+++ b/external/mpl/bind/dist/bin/dnssec/dnssec-cds.c Sun Apr 28 00:01:13 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dnssec-cds.c,v 1.4 2019/02/24 20:01:27 christos Exp $ */
+/* $NetBSD: dnssec-cds.c,v 1.5 2019/04/28 00:01:13 christos Exp $ */
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -88,7 +88,7 @@
* List of digest types used by ds_from_cdnskey(), filled in by add_dtype()
* from -a arguments. The size of the array is an arbitrary limit.
*/
-static uint8_t dtype[8];
+static dns_dsdigest_t dtype[8];
static const char *startstr = NULL; /* from which we derive notbefore */
static isc_stdtime_t notbefore = 0; /* restrict sig inception times */
@@ -131,7 +131,7 @@
typedef struct keyinfo {
dns_rdata_t rdata;
dst_key_t *dst;
- uint8_t algo;
+ dns_secalg_t algo;
dns_keytag_t tag;
} keyinfo_t;
@@ -616,12 +616,12 @@
* otherwise the key algorithm. This is used by the signature coverage
* check functions below.
*/
-static uint8_t *
+static dns_secalg_t *
matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
dns_rdataset_t *sigset)
{
isc_result_t result;
- uint8_t *algo;
+ dns_secalg_t *algo;
int i;
algo = isc_mem_get(mctx, nkey);
@@ -704,7 +704,7 @@
* fetched from the child zone, any working signature is enough.
*/
static bool
-signed_loose(uint8_t *algo) {
+signed_loose(dns_secalg_t *algo) {
bool ok = false;
int i;
for (i = 0; i < nkey; i++) {
@@ -723,7 +723,7 @@
* RRset.
*/
static bool
-signed_strict(dns_rdataset_t *dsset, uint8_t *algo) {
+signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
isc_result_t result;
bool all_ok = true;
@@ -846,14 +846,14 @@
*/
static int
cmp_dtype(const void *ap, const void *bp) {
- int a = *(const uint8_t *)ap;
- int b = *(const uint8_t *)bp;
+ int a = *(const dns_dsdigest_t *)ap;
+ int b = *(const dns_dsdigest_t *)bp;
return (a - b);
}
static void
add_dtype(const char *dn) {
- uint8_t dt;
+ dns_dsdigest_t dt;
unsigned i, n;
dt = strtodsdigest(dn);
@@ -938,7 +938,7 @@
dns_rdata_t *arrdata;
dns_rdata_ds_t *ds;
dns_keytag_t key_tag;
- uint8_t algorithm;
+ dns_secalg_t algorithm;
bool match;
int i, j, n, d;
diff -r 675094af1d5e -r b7710506defd external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c
--- a/external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c Sat Apr 27 23:47:13 2019 +0000
+++ b/external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c Sun Apr 28 00:01:13 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dnssec-dsfromkey.c,v 1.4 2019/02/24 20:01:27 christos Exp $ */
+/* $NetBSD: dnssec-dsfromkey.c,v 1.5 2019/04/28 00:01:13 christos Exp $ */
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -237,7 +237,7 @@
}
static void
-emit(unsigned int dtype, bool showall, char *lookaside,
+emit(dns_dsdigest_t dtype, bool showall, char *lookaside,
bool cds, dns_rdata_t *rdata)
{
isc_result_t result;
@@ -352,7 +352,7 @@
char *lookaside = NULL;
char *endp;
int ch;
- unsigned int dtype = DNS_DSDIGEST_SHA1;
+ dns_dsdigest_t dtype = DNS_DSDIGEST_SHA1;
bool cds = false;
bool both = true;
bool usekeyset = false;
diff -r 675094af1d5e -r b7710506defd external/mpl/bind/dist/bin/dnssec/dnssec-keygen.8
--- a/external/mpl/bind/dist/bin/dnssec/dnssec-keygen.8 Sat Apr 27 23:47:13 2019 +0000
+++ b/external/mpl/bind/dist/bin/dnssec/dnssec-keygen.8 Sun Apr 28 00:01:13 2019 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: dnssec-keygen.8,v 1.4 2019/02/24 20:01:27 christos Exp $
+.\" $NetBSD: dnssec-keygen.8,v 1.5 2019/04/28 00:01:13 christos Exp $
.\"
.\" Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
@@ -41,7 +41,7 @@
dnssec-keygen \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-keygen\fR\ 'u
-\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\
\fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\
\fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\
\fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\
\fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
+\fBdnssec\-keygen\fR [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\
\fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR]
[\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\
\fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\
\fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
@@ -60,6 +60,13 @@
\fBdnssec\-keygen\fR\&.
.SH "OPTIONS"
.PP
+\-3
+.RS 4
+Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used with an algorithm that has both NSEC and NSEC3 versions, then the NSEC3 version will be used; for example,
+\fBdnssec\-keygen \-3a RSASHA1\fR
+specifies the NSEC3RSASHA1 algorithm\&.
+.RE
+.PP
\-a \fIalgorithm\fR
.RS 4
Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
@@ -85,29 +92,15 @@
.PP
\-b \fIkeysize\fR
.RS 4
-Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSA keys must be between 1024 and 2048 bits\&. Diffie Hellman keys must be between 128 and 4096
bits\&. DSA keys must be between 512 and 1024 bits and an exact multiple of 64\&. HMAC keys must be between 1 and 512 bits\&. Elliptic curve algorithms don\*(Aqt need this parameter\&.
+Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSA keys must be between 1024 and 4096 bits\&. Diffie Hellman keys must be between 128 and 4096
bits\&. Elliptic curve algorithms don\*(Aqt need this parameter\&.
.sp
If the key size is not specified, some algorithms have pre\-defined defaults\&. For example, RSA keys for use as DNSSEC zone signing keys have a default size of 1024 bits; RSA keys for use as key
signing keys (KSKs, generated with
\fB\-f KSK\fR) default to 2048 bits\&.
.RE
.PP
-\-n \fInametype\fR
-.RS 4
-Specifies the owner type of the key\&. The value of
-\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are
case insensitive\&. Defaults to ZONE for DNSKEY generation\&.
-.RE
-.PP
-\-3
-.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used with an algorithm that has both NSEC and NSEC3 versions, then the NSEC3 version will be used; for example,
-\fBdnssec\-keygen \-3a RSASHA1\fR
-specifies the NSEC3RSASHA1 algorithm\&.
-.RE
-.PP
\-C
.RS 4
-Compatibility mode: generates an old\-style key, without any metadata\&. By default,
+Compatibility mode: generates an old\-style key, without any timing metadata\&. By default,
\fBdnssec\-keygen\fR
will include the key\*(Aqs creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc)\&. Keys that include this data
may be incompatible with older versions of BIND; the
\fB\-C\fR
@@ -152,11 +145,6 @@
Sets the directory in which the key files are to be written\&.
.RE
.PP
-\-k
-.RS 4
-Deprecated in favor of \-T KEY\&.
-.RE
-.PP
\-L \fIttl\fR
.RS 4
Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY
RRset in place, in which case the existing TTL would take precedence\&. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL\&. Setting the default TTL
to
@@ -166,9 +154,17 @@
is the same as leaving it unset\&.
.RE
.PP
+\-n \fInametype\fR
+.RS 4
+Specifies the owner type of the key\&. The value of
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are
case insensitive\&. Defaults to ZONE for DNSKEY generation\&.
+.RE
+.PP
\-p \fIprotocol\fR
.RS 4
-Sets the protocol value for the generated key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its
successors\&.
+Sets the protocol value for the generated key, for use with
+\fB\-T KEY\fR\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&.
.RE
.PP
\-q
@@ -195,27 +191,25 @@
Specifies the resource record type to use for the key\&.
\fBrrtype\fR
must be either DNSKEY or KEY\&. The default is DNSKEY when using a DNSSEC algorithm, but it can be overridden to KEY for use with SIG(0)\&.
-Specifying any TSIG algorithm (HMAC\-* or DH) with
-\fB\-a\fR
-forces this option to KEY\&.
.RE
.PP
\-t \fItype\fR
.RS 4
-Indicates the use of the key\&.
+Indicates the use of the key, for use with
+\fB\-T KEY\fR\&.
\fBtype\fR
must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&.
.RE
.PP
+\-V
+.RS 4
+Prints version information\&.
+.RE
+.PP
\-v \fIlevel\fR
.RS 4
Sets the debugging level\&.
.RE
-.PP
-\-V
-.RS 4
-Prints version information\&.
-.RE
.SH "TIMING OPTIONS"
.PP
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience,
if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour
days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date
from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
@@ -316,23 +310,24 @@
.PP
The
\&.key
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement)\&.
+file contains a DNSKEY or KEY record\&. When a zone is being signed by
+\fBnamed\fR
+or
+\fBdnssec\-signzone\fR\fB\-S\fR, DNSKEY records are included automatically\&. In other cases, the
+\&.key
+file can be inserted into a zone file manually or with a
+\fB$INCLUDE\fR
+statement\&.
.PP
The
\&.private
file contains algorithm\-specific fields\&. For obvious security reasons, this file does not have general read permission\&.
-.PP
-Both
-\&.key
-and
-\&.private
-files are generated for symmetric cryptography algorithms such as HMAC\-MD5, even though the public and private key are equivalent\&.
.SH "EXAMPLE"
.PP
-To generate an ECDSAP256SHA256 key for the domain
-\fBexample\&.com\fR, the following command would be issued:
+To generate an ECDSAP256SHA256 zone\-signing key for the zone
+\fBexample\&.com\fR, issue the command:
.PP
-\fBdnssec\-keygen \-a ECDSAP256SHA256 \-n ZONE example\&.com\fR
+\fBdnssec\-keygen \-a ECDSAP256SHA256 example\&.com\fR
.PP
The command would print a string of the form:
.PP
@@ -344,6 +339,10 @@
Kexample\&.com\&.+013+26160\&.key
and
Home |
Main Index |
Thread Index |
Old Index