PR#13: Upgrade to BIND 9.18 - rpms/bind

rpms / bind

#13 Upgrade to BIND 9.18

Closed 2 years ago by pemensik. Opened 2 years ago by pemensik.

rpms/ pemensik/bind v9_18-upgrade into rawhide

Remove all pkcs11 variants

Petr Menšík • 2 years ago

639154e

Deprecate python3-bind for smooth upgrade

Petr Menšík • 2 years ago

ae6ea09

Stop enabling selinux booleans on every upgrade

Petr Menšík • 2 years ago

6998381

Import version from branch v9_18

Petr Menšík • 2 years ago

503928b

.gitignore

file modified

+10

		`@@ -176,3 +176,13 @@`
		`/bind-9.16.29.tar.xz.asc`
		`/bind-9.16.30.tar.xz`
		`/bind-9.16.30.tar.xz.asc`
		`+ /bind-9.18.0.tar.xz`
		`+ /bind-9.18.0.tar.xz.asc`
		`+ /bind-9.18.1.tar.xz`
		`+ /bind-9.18.1.tar.xz.asc`
		`+ /bind-9.18.2.tar.xz`
		`+ /bind-9.18.2.tar.xz.asc`
		`+ /bind-9.18.3.tar.xz`
		`+ /bind-9.18.3.tar.xz.asc`
		`+ /bind-9.18.4.tar.xz`
		`+ /bind-9.18.4.tar.xz.asc`

README.md

file modified

+2 -4

		`@@ -22,10 +22,8 @@`
		`* bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)`
		`* bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.`
		`* bind-license -- Shared license for all packages but bind-export-libs.`
		- * bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by `--without PKCS11`.
		`- * bind-libs and bind-libs-lite -- Shared libraries used by some others programs`
		`- * bind-devel -- Development headers for libs.`
		`- * bind-dlz-\* -- Dynamic loadable [DLZ plugins](http://bind-dlz.sourceforge.net/) with support for external databases`
		`+ * bind-libs -- Shared libraries used by some others programs`
		+ * bind-devel -- Development headers for libs. Can be disabled by `--without DEVEL`


		`## Optional features`

bind-9.10-dist-native-pkcs11.patch

file removed

-541

		`@@ -1,541 +0,0 @@`
		`- From 1cbffe7e8b5bced9134abbae23a2a20c83d39a6a Mon Sep 17 00:00:00 2001`
		`- From: Petr Mensik <pemensik@redhat.com>`
		`- Date: Thu, 21 Jan 2021 10:46:20 +0100`
		`- Subject: [PATCH] Enable custom pkcs11 native build`
		`-`
		`- Share common parts like libisc, libcc and others. But provide native`
		`- pkcs11 libraries as a new copy of libdns and libns.`
		`- ---`
		`- bin/Makefile.in \| 2 +-`
		`- bin/confgen/Makefile.in \| 2 +-`
		`- bin/dnssec-pkcs11/Makefile.in \| 39 +++++++++++++++++---------------`
		`- bin/named-pkcs11/Makefile.in \| 31 +++++++++++++------------`
		`- configure.ac \| 19 ++++++++++++++++`
		`- lib/Makefile.in \| 2 +-`
		`- lib/dns-pkcs11/Makefile.in \| 22 +++++++++---------`
		`- lib/dns-pkcs11/tests/Makefile.in \| 8 +++----`
		`- lib/ns-pkcs11/Makefile.in \| 26 ++++++++++-----------`
		`- lib/ns-pkcs11/tests/Makefile.in \| 12 +++++-----`
		`- make/includes.in \| 7 ++++++`
		`- 11 files changed, 100 insertions(+), 70 deletions(-)`
		`-`
		`- diff --git a/bin/Makefile.in b/bin/Makefile.in`
		`- index 9ad7f62..094775a 100644`
		`- --- a/bin/Makefile.in`
		`- +++ b/bin/Makefile.in`
		`- @@ -11,7 +11,7 @@ srcdir = @srcdir@`
		`- VPATH = @srcdir@`
		`- top_srcdir = @top_srcdir@`
		`-`
		`- -SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \`
		`- +SUBDIRS = named named-pkcs11 rndc dig delv dnssec dnssec-pkcs11 tools nsupdate check confgen \`
		`- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests`
		`- TARGETS =`
		`-`
		`- diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in`
		`- index c126bf3..1b7512d 100644`
		`- --- a/bin/confgen/Makefile.in`
		`- +++ b/bin/confgen/Makefile.in`
		`- @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@`
		`- CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \`
		`- ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}`
		`-`
		`- -CDEFINES = @USE_PKCS11@`
		`- +CDEFINES =`
		`- CWARNINGS =`
		`-`
		`- ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@`
		`- diff --git a/bin/dnssec-pkcs11/Makefile.in b/bin/dnssec-pkcs11/Makefile.in`
		`- index ace0e5a..e0f6a00 100644`
		`- --- a/bin/dnssec-pkcs11/Makefile.in`
		`- +++ b/bin/dnssec-pkcs11/Makefile.in`
		`- @@ -15,18 +15,18 @@ VERSION=@BIND9_VERSION@`
		`-`
		`- @BIND9_MAKE_INCLUDES@`
		`-`
		`- -CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \`
		`- +CINCLUDES = ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \`
		`- ${OPENSSL_CFLAGS}`
		`-`
		`- -CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"`
		`- +CDEFINES = -DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\" -DUSE_PKCS11=1`
		`- CWARNINGS =`
		`-`
		`- -DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- +DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@`
		`- ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@`
		`- ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@`
		`-`
		`- -DNSDEPLIBS = ../../lib/dns/libdns.@A@`
		`- +DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@`
		`- ISCDEPLIBS = ../../lib/isc/libisc.@A@`
		`- ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@`
		`-`
		`- @@ -36,12 +36,15 @@ LIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@`
		`-`
		`- NOSYMLIBS = ${DNSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@`
		`-`
		`- +# Add suffix to all targets`
		`- +EXEEXT = -pkcs11@EXEEXT@`
		`- +`
		`- # Alphabetically`
		`- -TARGETS = dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \`
		`- - dnssec-importkey@EXEEXT@ dnssec-keyfromlabel@EXEEXT@ \`
		`- - dnssec-keygen@EXEEXT@ dnssec-revoke@EXEEXT@ \`
		`- - dnssec-settime@EXEEXT@ dnssec-signzone@EXEEXT@ \`
		`- - dnssec-verify@EXEEXT@`
		`- +TARGETS = dnssec-cds${EXEEXT} dnssec-dsfromkey${EXEEXT} \`
		`- + dnssec-importkey${EXEEXT} dnssec-keyfromlabel${EXEEXT} \`
		`- + dnssec-keygen${EXEEXT} dnssec-revoke${EXEEXT} \`
		`- + dnssec-settime${EXEEXT} dnssec-signzone${EXEEXT} \`
		`- + dnssec-verify${EXEEXT}`
		`-`
		`- OBJS = dnssectool.@O@`
		`-`
		`- @@ -52,19 +55,19 @@ SRCS = dnssec-cds.c dnssec-dsfromkey.c dnssec-importkey.c \`
		`-`
		`- @BIND9_MAKE_RULES@`
		`-`
		`- -dnssec-cds@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-cds-pkcs11@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS}`
		`- export BASEOBJS="dnssec-cds.@O@ ${OBJS}"; \`
		`- ${FINALBUILDCMD}`
		`-`
		`- -dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-dsfromkey-pkcs11@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}`
		`- export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \`
		`- ${FINALBUILDCMD}`
		`-`
		`- -dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-keyfromlabel-pkcs11@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}`
		`- export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \`
		`- ${FINALBUILDCMD}`
		`-`
		`- -dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-keygen-pkcs11@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}`
		`- export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \`
		`- ${FINALBUILDCMD}`
		`-`
		`- @@ -72,7 +75,7 @@ dnssec-signzone.@O@: dnssec-signzone.c`
		`- ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \`
		`- -c ${srcdir}/dnssec-signzone.c`
		`-`
		`- -dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-signzone-pkcs11@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}`
		`- export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \`
		`- ${FINALBUILDCMD}`
		`-`
		`- @@ -80,19 +83,19 @@ dnssec-verify.@O@: dnssec-verify.c`
		`- ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \`
		`- -c ${srcdir}/dnssec-verify.c`
		`-`
		`- -dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-verify-pkcs11@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}`
		`- export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \`
		`- ${FINALBUILDCMD}`
		`-`
		`- -dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-revoke-pkcs11@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}`
		`- ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \`
		`- dnssec-revoke.@O@ ${OBJS} ${LIBS}`
		`-`
		`- -dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-settime-pkcs11@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}`
		`- ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \`
		`- dnssec-settime.@O@ ${OBJS} ${LIBS}`
		`-`
		`- -dnssec-importkey@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}`
		`- +dnssec-importkey-pkcs11@EXEEXT@: dnssec-importkey.@O@ ${OBJS} ${DEPLIBS}`
		`- ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \`
		`- dnssec-importkey.@O@ ${OBJS} ${LIBS}`
		`-`
		`- diff --git a/bin/named-pkcs11/Makefile.in b/bin/named-pkcs11/Makefile.in`
		`- index debb906..ecfdb6c 100644`
		`- --- a/bin/named-pkcs11/Makefile.in`
		`- +++ b/bin/named-pkcs11/Makefile.in`
		`- @@ -37,13 +37,14 @@ DBDRIVER_LIBS =`
		`-`
		`- DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers`
		`-`
		`- -DLZDRIVER_OBJS = @DLZ_DRIVER_OBJS@`
		`- -DLZDRIVER_SRCS = @DLZ_DRIVER_SRCS@`
		`- -DLZDRIVER_INCLUDES = @DLZ_DRIVER_INCLUDES@`
		`- -DLZDRIVER_LIBS = @DLZ_DRIVER_LIBS@`
		`- +# Skip building on PKCS11 variant`
		`- +DLZDRIVER_OBJS =`
		`- +DLZDRIVER_SRCS =`
		`- +DLZDRIVER_INCLUDES =`
		`- +DLZDRIVER_LIBS =`
		`-`
		`- CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \`
		`- - ${NS_INCLUDES} ${DNS_INCLUDES} \`
		`- + ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} \`
		`- ${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \`
		`- ${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \`
		`- ${DBDRIVER_INCLUDES} \`
		`- @@ -56,24 +57,24 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \`
		`- ${LIBXML2_CFLAGS} \`
		`- ${MAXMINDDB_CFLAGS}`
		`-`
		`- -CDEFINES = @CONTRIB_DLZ@`
		`- +CDEFINES =`
		`-`
		`- CWARNINGS =`
		`-`
		`- -DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- +DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@`
		`- ISCCCLIBS = ../../lib/isccc/libisccc.@A@`
		`- ISCLIBS = ../../lib/isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@`
		`- ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @NO_LIBTOOL_ISCLIBS@`
		`- BIND9LIBS = ../../lib/bind9/libbind9.@A@`
		`- -NSLIBS = ../../lib/ns/libns.@A@`
		`- +NSLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@`
		`-`
		`- -DNSDEPLIBS = ../../lib/dns/libdns.@A@`
		`- +DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@`
		`- ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@`
		`- ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@`
		`- ISCDEPLIBS = ../../lib/isc/libisc.@A@`
		`- BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@`
		`- -NSDEPLIBS = ../../lib/ns/libns.@A@`
		`- +NSDEPLIBS = ../../lib/ns-pkcs11/libns-pkcs11.@A@`
		`-`
		`- DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \`
		`- ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}`
		`- @@ -93,7 +94,7 @@ NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \`
		`-`
		`- SUBDIRS = unix`
		`-`
		`- -TARGETS = named@EXEEXT@`
		`- +TARGETS = named-pkcs11@EXEEXT@`
		`-`
		`- GEOIP2LINKOBJS = geoip.@O@`
		`-`
		`- @@ -151,7 +152,7 @@ server.@O@: server.c`
		`- -DPRODUCT=\"${PRODUCT}\" \`
		`- -DVERSION=\"${VERSION}\" -c ${srcdir}/server.c`
		`-`
		`- -named@EXEEXT@: ${OBJS} ${DEPLIBS}`
		`- +named-pkcs11@EXEEXT@: ${OBJS} ${DEPLIBS}`
		`- export MAKE_SYMTABLE="yes"; \`
		`- export BASEOBJS="${OBJS} ${UOBJS}"; \`
		`- ${FINALBUILDCMD}`
		`- @@ -170,11 +171,11 @@ statschannel.@O@: bind9.xsl.h`
		`- installdirs:`
		`- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}`
		`-`
		`- -install:: named@EXEEXT@ installdirs`
		`- - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}`
		`- +install:: named-pkcs11@EXEEXT@ installdirs`
		`- + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-pkcs11@EXEEXT@ ${DESTDIR}${sbindir}`
		`-`
		`- uninstall::`
		`- - ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named@EXEEXT@`
		`- + ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-pkcs11@EXEEXT@`
		`-`
		`- @DLZ_DRIVER_RULES@`
		`-`
		`- diff --git a/configure.ac b/configure.ac`
		`- index e405eaf..efaa5a7 100644`
		`- --- a/configure.ac`
		`- +++ b/configure.ac`
		`- @@ -1269,12 +1269,14 @@ AC_SUBST(USE_GSSAPI)`
		`- AC_SUBST(DST_GSSAPI_INC)`
		`- AC_SUBST(DNS_GSSAPI_LIBS)`
		`- DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS"`
		`- +DNS_CRYPTO_PK11_LIBS="$DNS_GSSAPI_LIBS $DNS_CRYPTO_PK11_LIBS"`
		`-`
		`- #`
		`- # Applications linking with libdns also need to link with these libraries.`
		`- #`
		`-`
		`- AC_SUBST(DNS_CRYPTO_LIBS)`
		`- +AC_SUBST(DNS_CRYPTO_PK11_LIBS)`
		`-`
		`- #`
		`- # was --with-lmdb specified?`
		`- @@ -2345,6 +2347,8 @@ AC_SUBST(BIND9_DNS_BUILDINCLUDE)`
		`- AC_SUBST(BIND9_NS_BUILDINCLUDE)`
		`- AC_SUBST(BIND9_BIND9_BUILDINCLUDE)`
		`- AC_SUBST(BIND9_IRS_BUILDINCLUDE)`
		`- +AC_SUBST(BIND9_DNS_PKCS11_BUILDINCLUDE)`
		`- +AC_SUBST(BIND9_NS_PKCS11_BUILDINCLUDE)`
		`- if test "X$srcdir" != "X"; then`
		`- BIND9_ISC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isc/include"`
		`- BIND9_ISCCC_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/isccc/include"`
		`- @@ -2353,6 +2357,8 @@ if test "X$srcdir" != "X"; then`
		`- BIND9_NS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns/include"`
		`- BIND9_BIND9_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/bind9/include"`
		`- BIND9_IRS_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/irs/include"`
		`- + BIND9_DNS_PKCS11_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/dns-pkcs11/include"`
		`- + BIND9_NS_PKCS11_BUILDINCLUDE="-I${BIND9_TOP_BUILDDIR}/lib/ns-pkcs11/include"`
		`- else`
		`- BIND9_ISC_BUILDINCLUDE=""`
		`- BIND9_ISCCC_BUILDINCLUDE=""`
		`- @@ -2361,6 +2367,8 @@ else`
		`- BIND9_NS_BUILDINCLUDE=""`
		`- BIND9_BIND9_BUILDINCLUDE=""`
		`- BIND9_IRS_BUILDINCLUDE=""`
		`- + BIND9_DNS_PKCS11_BUILDINCLUDE=""`
		`- + BIND9_NS_PKCS11_BUILDINCLUDE=""`
		`- fi`
		`-`
		`- AC_SUBST_FILE(BIND9_MAKE_INCLUDES)`
		`- @@ -2816,8 +2824,11 @@ AC_CONFIG_FILES([`
		`- bin/delv/Makefile`
		`- bin/dig/Makefile`
		`- bin/dnssec/Makefile`
		`- + bin/dnssec-pkcs11/Makefile`
		`- bin/named/Makefile`
		`- bin/named/unix/Makefile`
		`- + bin/named-pkcs11/Makefile`
		`- + bin/named-pkcs11/unix/Makefile`
		`- bin/nsupdate/Makefile`
		`- bin/pkcs11/Makefile`
		`- bin/plugins/Makefile`
		`- @@ -2879,6 +2890,10 @@ AC_CONFIG_FILES([`
		`- lib/dns/include/dns/Makefile`
		`- lib/dns/include/dst/Makefile`
		`- lib/dns/tests/Makefile`
		`- + lib/dns-pkcs11/Makefile`
		`- + lib/dns-pkcs11/include/Makefile`
		`- + lib/dns-pkcs11/include/dns/Makefile`
		`- + lib/dns-pkcs11/include/dst/Makefile`
		`- lib/irs/Makefile`
		`- lib/irs/include/Makefile`
		`- lib/irs/include/irs/Makefile`
		`- @@ -2911,6 +2926,10 @@ AC_CONFIG_FILES([`
		`- lib/ns/include/Makefile`
		`- lib/ns/include/ns/Makefile`
		`- lib/ns/tests/Makefile`
		`- + lib/ns-pkcs11/Makefile`
		`- + lib/ns-pkcs11/include/Makefile`
		`- + lib/ns-pkcs11/include/ns/Makefile`
		`- + lib/ns-pkcs11/tests/Makefile`
		`- make/Makefile`
		`- make/mkdep`
		`- unit/unittest.sh`
		`- diff --git a/lib/Makefile.in b/lib/Makefile.in`
		`- index 833964e..058ba2f 100644`
		`- --- a/lib/Makefile.in`
		`- +++ b/lib/Makefile.in`
		`- @@ -15,7 +15,7 @@ top_srcdir = @top_srcdir@`
		`- # Attempt to disable parallel processing.`
		`- .NOTPARALLEL:`
		`- .NO_PARALLEL:`
		`- -SUBDIRS = isc isccc dns ns isccfg bind9 irs`
		`- +SUBDIRS = isc isccc dns dns-pkcs11 ns ns-pkcs11 isccfg bind9 irs`
		`- TARGETS =`
		`-`
		`- @BIND9_MAKE_RULES@`
		`- diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in`
		`- index 58bda3c..d6a45df 100644`
		`- --- a/lib/dns-pkcs11/Makefile.in`
		`- +++ b/lib/dns-pkcs11/Makefile.in`
		`- @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@`
		`-`
		`- @BIND9_MAKE_INCLUDES@`
		`-`
		`- -CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \`
		`- +CINCLUDES = -I. -I${top_srcdir}/lib/dns-pkcs11 -Iinclude ${DNS_PKCS11_INCLUDES} \`
		`- ${ISC_INCLUDES} \`
		`- ${FSTRM_CFLAGS} \`
		`- ${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \`
		`- @@ -32,7 +32,7 @@ CINCLUDES = -I. -I${top_srcdir}/lib/dns -Iinclude ${DNS_INCLUDES} \`
		`- ${LMDB_CFLAGS} \`
		`- ${MAXMINDDB_CFLAGS}`
		`-`
		`- -CDEFINES = @USE_GSSAPI@`
		`- +CDEFINES = @USE_GSSAPI@ @USE_PKCS11@`
		`-`
		`- CWARNINGS =`
		`-`
		`- @@ -135,15 +135,15 @@ version.@O@: version.c`
		`- -DMAPAPI=\"${MAPAPI}\" \`
		`- -c ${srcdir}/version.c`
		`-`
		`- -libdns.@SA@: ${OBJS}`
		`- +libdns-pkcs11.@SA@: ${OBJS}`
		`- ${AR} ${ARFLAGS} $@ ${OBJS}`
		`- ${RANLIB} $@`
		`-`
		`- -libdns.la: ${OBJS}`
		`- +libdns-pkcs11.la: ${OBJS}`
		`- ${LIBTOOL_MODE_LINK} \`
		`- - ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la -rpath ${libdir} \`
		`- + ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-pkcs11.la -rpath ${libdir} \`
		`- -release "${VERSION}" \`
		`- - ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}`
		`- + ${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}`
		`-`
		`- include: gen`
		`- ${MAKE} include/dns/enumtype.h`
		`- @@ -174,22 +174,22 @@ gen: gen.c`
		`- ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c \`
		`- ${BUILD_LIBS} ${LFS_LIBS}`
		`-`
		`- -timestamp: include libdns.@A@`
		`- +timestamp: include libdns-pkcs11.@A@`
		`- touch timestamp`
		`-`
		`- -testdirs: libdns.@A@`
		`- +testdirs: libdns-pkcs11.@A@`
		`-`
		`- installdirs:`
		`- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}`
		`-`
		`- install:: timestamp installdirs`
		`- - ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns.@A@ ${DESTDIR}${libdir}`
		`- + ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libdns-pkcs11.@A@ ${DESTDIR}${libdir}`
		`-`
		`- uninstall::`
		`- - ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns.@A@`
		`- + ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libdns-pkcs11.@A@`
		`-`
		`- clean distclean::`
		`- - rm -f libdns.@A@ timestamp`
		`- + rm -f libdns-pkcs11.@A@ timestamp`
		`- rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h`
		`- rm -f include/dns/rdatastruct.h`
		`- rm -f dnstap.pb-c.c dnstap.pb-c.h`
		`- diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in`
		`- index da91394..aadb73f 100644`
		`- --- a/lib/dns-pkcs11/tests/Makefile.in`
		`- +++ b/lib/dns-pkcs11/tests/Makefile.in`
		`- @@ -15,15 +15,15 @@ VERSION=@BIND9_VERSION@`
		`-`
		`- @BIND9_MAKE_INCLUDES@`
		`-`
		`- -CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \`
		`- +CINCLUDES = -I. -Iinclude ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \`
		`- ${FSTRM_CFLAGS} ${OPENSSL_CFLAGS} \`
		`- ${PROTOBUF_C_CFLAGS} ${MAXMINDDB_CFLAGS} @CMOCKA_CFLAGS@`
		`- -CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\""`
		`- +CDEFINES = @USE_PKCS11@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""`
		`-`
		`- ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@`
		`- ISCDEPLIBS = ../../isc/libisc.@A@`
		`- -DNSLIBS = ../libdns.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- -DNSDEPLIBS = ../libdns.@A@`
		`- +DNSLIBS = ../libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- +DNSDEPLIBS = ../libdns-pkcs11.@A@`
		`-`
		`- LIBS = @LIBS@ @CMOCKA_LIBS@`
		`-`
		`- diff --git a/lib/ns-pkcs11/Makefile.in b/lib/ns-pkcs11/Makefile.in`
		`- index bc683ce..7a9d2f2 100644`
		`- --- a/lib/ns-pkcs11/Makefile.in`
		`- +++ b/lib/ns-pkcs11/Makefile.in`
		`- @@ -16,12 +16,12 @@ VERSION=@BIND9_VERSION@`
		`-`
		`- @BIND9_MAKE_INCLUDES@`
		`-`
		`- -CINCLUDES = -I. -I${top_srcdir}/lib/ns -Iinclude \`
		`- - ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \`
		`- +CINCLUDES = -I. -I${top_srcdir}/lib/ns-pkcs11 -Iinclude \`
		`- + ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \`
		`- ${OPENSSL_CFLAGS} @DST_GSSAPI_INC@ \`
		`- ${FSTRM_CFLAGS}`
		`-`
		`- -CDEFINES = -DNAMED_PLUGINDIR=\"${plugindir}\"`
		`- +CDEFINES = @USE_PKCS11@ -DNAMED_PLUGINDIR=\"${plugindir}\"`
		`-`
		`- CWARNINGS =`
		`-`
		`- @@ -29,9 +29,9 @@ ISCLIBS = ../../lib/isc/libisc.@A@`
		`-`
		`- ISCDEPLIBS = ../../lib/isc/libisc.@A@`
		`-`
		`- -DNSLIBS = ../../lib/dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- +DNSLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@`
		`-`
		`- -DNSDEPLIBS = ../../lib/dns/libdns.@A@`
		`- +DNSDEPLIBS = ../../lib/dns-pkcs11/libdns-pkcs11.@A@`
		`-`
		`- LIBS = @LIBS@`
		`-`
		`- @@ -60,28 +60,28 @@ version.@O@: version.c`
		`- -DMAJOR=\"${MAJOR}\" \`
		`- -c ${srcdir}/version.c`
		`-`
		`- -libns.@SA@: ${OBJS}`
		`- +libns-pkcs11.@SA@: ${OBJS}`
		`- ${AR} ${ARFLAGS} $@ ${OBJS}`
		`- ${RANLIB} $@`
		`-`
		`- -libns.la: ${OBJS}`
		`- +libns-pkcs11.la: ${OBJS}`
		`- ${LIBTOOL_MODE_LINK} \`
		`- - ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns.la -rpath ${libdir} \`
		`- + ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libns-pkcs11.la -rpath ${libdir} \`
		`- -release "${VERSION}" \`
		`- - ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}`
		`- + ${OBJS} ${ISCLIBS} ${DNSLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}`
		`-`
		`- -timestamp: libns.@A@`
		`- +timestamp: libns-pkcs11.@A@`
		`- touch timestamp`
		`-`
		`- installdirs:`
		`- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}`
		`-`
		`- install:: timestamp installdirs`
		`- - ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libns.@A@ \`
		`- + ${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} libns-pkcs11.@A@ \`
		`- ${DESTDIR}${libdir}`
		`-`
		`- uninstall::`
		`- - ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libns.@A@`
		`- + ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/libns-pkcs11.@A@`
		`-`
		`- clean distclean::`
		`- - rm -f libns.@A@ timestamp`
		`- + rm -f libns-pkcs11.@A@ timestamp`
		`- diff --git a/lib/ns-pkcs11/tests/Makefile.in b/lib/ns-pkcs11/tests/Makefile.in`
		`- index 4c3e694..c1b6d99 100644`
		`- --- a/lib/ns-pkcs11/tests/Makefile.in`
		`- +++ b/lib/ns-pkcs11/tests/Makefile.in`
		`- @@ -17,17 +17,17 @@ VERSION=@BIND9_VERSION@`
		`-`
		`- WRAP_OPTIONS = -Wl,--wrap=isc__nmhandle_detach -Wl,--wrap=isc__nmhandle_attach`
		`-`
		`- -CINCLUDES = -I. -Iinclude ${NS_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \`
		`- +CINCLUDES = -I. -Iinclude ${NS_PKCS11_INCLUDES} ${DNS_PKCS11_INCLUDES} ${ISC_INCLUDES} \`
		`- ${OPENSSL_CFLAGS} \`
		`- @CMOCKA_CFLAGS@`
		`- -CDEFINES = -DTESTS="\"${top_builddir}/lib/ns/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\"`
		`- +CDEFINES = -DTESTS="\"${top_builddir}/lib/ns-pkcs11/tests/\"" -DNAMED_PLUGINDIR=\"${plugindir}\" @USE_PKCS11@`
		`-`
		`- ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@`
		`- ISCDEPLIBS = ../../isc/libisc.@A@`
		`- -DNSLIBS = ../../dns/libdns.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- -DNSDEPLIBS = ../../dns/libdns.@A@`
		`- -NSLIBS = ../libns.@A@`
		`- -NSDEPLIBS = ../libns.@A@`
		`- +DNSLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@ @NO_LIBTOOL_DNSLIBS@`
		`- +DNSDEPLIBS = ../../dns-pkcs11/libdns-pkcs11.@A@`
		`- +NSLIBS = ../libns-pkcs11.@A@`
		`- +NSDEPLIBS = ../libns-pkcs11.@A@`
		`-`
		`- LIBS = @LIBS@ @CMOCKA_LIBS@`
		`-`
		`- diff --git a/make/includes.in b/make/includes.in`
		`- index b8317d3..b73b0c4 100644`
		`- --- a/make/includes.in`
		`- +++ b/make/includes.in`
		`- @@ -39,3 +39,10 @@ BIND9_INCLUDES = @BIND9_BIND9_BUILDINCLUDE@ \`
		`-`
		`- TEST_INCLUDES = \`
		`- -I${top_srcdir}/lib/tests/include`
		`- +`
		`- +DNS_PKCS11_INCLUDES = @BIND9_DNS_PKCS11_BUILDINCLUDE@ \`
		`- + -I${top_srcdir}/lib/dns-pkcs11/include`
		`- +`
		`- +NS_PKCS11_INCLUDES = @BIND9_NS_PKCS11_BUILDINCLUDE@ \`
		`- + -I${top_srcdir}/lib/ns-pkcs11/include`
		`- +`
		`- --`
		`- 2.31.1`
		`-`

bind-9.11-fips-tests.patch

file modified

+125 -184

		`@@ -1,4 +1,4 @@`
		`- From 9575852be2344244ac182d7d019869406d3bd963 Mon Sep 17 00:00:00 2001`
		`+ From 8bbfacc1a90301a71a487e776db071fa2ef6c8dd Mon Sep 17 00:00:00 2001`
		`From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>`
		`Date: Thu, 2 Aug 2018 23:46:45 +0200`
		`Subject: [PATCH] FIPS tests changes`
		`@@ -73,8 +73,6 @@`
		`.../system/allow-query/ns2/named40.conf.in \| 4 +-`
		`bin/tests/system/allow-query/tests.sh \| 18 ++---`
		`bin/tests/system/catz/ns1/named.conf.in \| 2 +-`
		`- bin/tests/system/catz/ns2/named1.conf.in \| 2 +-`
		`- bin/tests/system/catz/ns2/named2.conf.in \| 2 +-`
		`bin/tests/system/checkconf/bad-tsig.conf \| 2 +-`
		`bin/tests/system/checkconf/good.conf \| 2 +-`
		`bin/tests/system/feature-test.c \| 14 ++++`
		`@@ -83,23 +81,21 @@`
		`bin/tests/system/nsupdate/ns1/named.conf.in \| 2 +-`
		`bin/tests/system/nsupdate/ns2/named.conf.in \| 2 +-`
		`bin/tests/system/nsupdate/setup.sh \| 6 +-`
		`- bin/tests/system/nsupdate/tests.sh \| 15 +++--`
		`+ bin/tests/system/nsupdate/tests.sh \| 11 ++-`
		`bin/tests/system/rndc/setup.sh \| 2 +-`
		`- bin/tests/system/rndc/tests.sh \| 23 ++++---`
		`+ bin/tests/system/rndc/tests.sh \| 22 +++---`
		`bin/tests/system/tsig/ns1/named.conf.in \| 10 +--`
		`- bin/tests/system/tsig/ns1/rndc5.conf.in \| 10 +++`
		`bin/tests/system/tsig/setup.sh \| 5 ++`
		`- bin/tests/system/tsig/tests.sh \| 65 ++++++++++++-------`
		`+ bin/tests/system/tsig/tests.sh \| 67 ++++++++++++-------`
		`bin/tests/system/upforwd/ns1/named.conf.in \| 2 +-`
		`bin/tests/system/upforwd/tests.sh \| 2 +-`
		`- 34 files changed, 163 insertions(+), 109 deletions(-)`
		`- create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in`
		`+ 31 files changed, 149 insertions(+), 106 deletions(-)`

		`diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in`
		`- index 60f22e1..249f672 100644`
		`+ index 745048a..93cb411 100644`
		`--- a/bin/tests/system/acl/ns2/named1.conf.in`
		`+++ b/bin/tests/system/acl/ns2/named1.conf.in`
		`- @@ -33,12 +33,12 @@ options {`
		`+ @@ -35,12 +35,12 @@ options {`
		`};`

		`key one {`
		`@@ -115,10 +111,10 @@`
		`};`

		`diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in`
		`- index ada97bc..f82d858 100644`
		`+ index 21aa991..78e71cc 100644`
		`--- a/bin/tests/system/acl/ns2/named2.conf.in`
		`+++ b/bin/tests/system/acl/ns2/named2.conf.in`
		`- @@ -33,12 +33,12 @@ options {`
		`+ @@ -35,12 +35,12 @@ options {`
		`};`

		`key one {`
		`@@ -134,10 +130,10 @@`
		`};`

		`diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in`
		`- index 97684e4..de6a2e9 100644`
		`+ index 3208c92..bed6325 100644`
		`--- a/bin/tests/system/acl/ns2/named3.conf.in`
		`+++ b/bin/tests/system/acl/ns2/named3.conf.in`
		`- @@ -33,17 +33,17 @@ options {`
		`+ @@ -35,17 +35,17 @@ options {`
		`};`

		`key one {`
		`@@ -159,10 +155,10 @@`
		`};`

		`diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in`
		`- index 462b3fa..994b35c 100644`
		`+ index 14e82ed..a22cafe 100644`
		`--- a/bin/tests/system/acl/ns2/named4.conf.in`
		`+++ b/bin/tests/system/acl/ns2/named4.conf.in`
		`- @@ -33,12 +33,12 @@ options {`
		`+ @@ -35,12 +35,12 @@ options {`
		`};`

		`key one {`
		`@@ -178,10 +174,10 @@`
		`};`

		`diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in`
		`- index 728da58..8f00d09 100644`
		`+ index f43f33c..f4a865a 100644`
		`--- a/bin/tests/system/acl/ns2/named5.conf.in`
		`+++ b/bin/tests/system/acl/ns2/named5.conf.in`
		`- @@ -35,12 +35,12 @@ options {`
		`+ @@ -37,12 +37,12 @@ options {`
		`};`

		`key one {`
		`@@ -197,10 +193,10 @@`
		`};`

		`diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh`
		`- index be59d64..13d5bdc 100644`
		`+ index 9ee3984..f7d4388 100644`
		`--- a/bin/tests/system/acl/tests.sh`
		`+++ b/bin/tests/system/acl/tests.sh`
		`- @@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"`
		`+ @@ -23,14 +23,14 @@ echo_i "testing basic ACL processing"`
		`# key "one" should fail`
		t=`expr $t + 1`
		`$DIG $DIGOPTS tsigzone. \`
		`@@ -217,7 +213,7 @@`
		`grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }`

		`copy_setports ns2/named2.conf.in ns2/named.conf`
		`- @@ -39,18 +39,18 @@ sleep 5`
		`+ @@ -40,18 +40,18 @@ sleep 5`
		`# prefix 10/8 should fail`
		t=`expr $t + 1`
		`$DIG $DIGOPTS tsigzone. \`
		`@@ -239,7 +235,7 @@`
		`grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }`

		`echo_i "testing nested ACL processing"`
		`- @@ -62,31 +62,31 @@ sleep 5`
		`+ @@ -63,31 +63,31 @@ sleep 5`
		`# should succeed`
		t=`expr $t + 1`
		`$DIG $DIGOPTS tsigzone. \`
		`@@ -276,7 +272,7 @@`
		`grep "^;" dig.out.${t} > /dev/null 2>&1 \|\| { echo_i "test $t failed" ; status=1; }`

		t=`expr $t + 1`
		`- @@ -97,7 +97,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 \|\| { echo_i "test $tt failed" ; status=1`
		`+ @@ -98,7 +98,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 \|\| { echo_i "test $tt failed" ; status=1`
		`# and other values? right out`
		t=`expr $t + 1`
		`$DIG $DIGOPTS tsigzone. \`
		`@@ -285,7 +281,7 @@`
		`grep "^;" dig.out.${t} > /dev/null 2>&1 \|\| { echo_i "test $t failed" ; status=1; }`

		`# now we only allow 10.53.0.1 and key one, or 10.53.0.2 and key two`
		`- @@ -108,31 +108,31 @@ sleep 5`
		`+ @@ -109,31 +109,31 @@ sleep 5`
		`# should succeed`
		t=`expr $t + 1`
		`$DIG $DIGOPTS tsigzone. \`
		`@@ -323,10 +319,10 @@`

		`echo_i "testing allow-query-on ACL processing"`
		`diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in`
		`- index 7d43e36..f7b25f9 100644`
		`+ index b91d19a..7d777c2 100644`
		`--- a/bin/tests/system/allow-query/ns2/named10.conf.in`
		`+++ b/bin/tests/system/allow-query/ns2/named10.conf.in`
		`- @@ -10,7 +10,7 @@`
		`+ @@ -12,7 +12,7 @@`
		`*/`

		`key one {`
		`@@ -336,10 +332,10 @@`
		`};`

		`diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in`
		`- index 2952518..121557e 100644`
		`+ index 308c4ca..00f6f40 100644`
		`--- a/bin/tests/system/allow-query/ns2/named11.conf.in`
		`+++ b/bin/tests/system/allow-query/ns2/named11.conf.in`
		`- @@ -10,12 +10,12 @@`
		`+ @@ -12,12 +12,12 @@`
		`*/`

		`key one {`
		`@@ -355,10 +351,10 @@`
		`};`

		`diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in`
		`- index 0c01071..ceabbb5 100644`
		`+ index 6b0fe55..491e514 100644`
		`--- a/bin/tests/system/allow-query/ns2/named12.conf.in`
		`+++ b/bin/tests/system/allow-query/ns2/named12.conf.in`
		`- @@ -10,7 +10,7 @@`
		`+ @@ -12,7 +12,7 @@`
		`*/`

		`key one {`
		`@@ -368,10 +364,10 @@`
		`};`

		`diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in`
		`- index 4c17292..9cd9d1f 100644`
		`+ index aefc474..7c06596 100644`
		`--- a/bin/tests/system/allow-query/ns2/named30.conf.in`
		`+++ b/bin/tests/system/allow-query/ns2/named30.conf.in`
		`- @@ -10,7 +10,7 @@`
		`+ @@ -12,7 +12,7 @@`
		`*/`

		`key one {`
		`@@ -381,10 +377,10 @@`
		`};`

		`diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in`
		`- index a2690a4..f488730 100644`
		`+ index 27eccc2..eecb990 100644`
		`--- a/bin/tests/system/allow-query/ns2/named31.conf.in`
		`+++ b/bin/tests/system/allow-query/ns2/named31.conf.in`
		`- @@ -10,12 +10,12 @@`
		`+ @@ -12,12 +12,12 @@`
		`*/`

		`key one {`
		`@@ -400,10 +396,10 @@`
		`};`

		`diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in`
		`- index a0708c8..51fa457 100644`
		`+ index adbb203..744d122 100644`
		`--- a/bin/tests/system/allow-query/ns2/named32.conf.in`
		`+++ b/bin/tests/system/allow-query/ns2/named32.conf.in`
		`- @@ -10,7 +10,7 @@`
		`+ @@ -12,7 +12,7 @@`
		`*/`

		`key one {`
		`@@ -413,10 +409,10 @@`
		`};`

		`diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in`
		`- index 687768e..d24d6d2 100644`
		`+ index 364f94b..9518f82 100644`
		`--- a/bin/tests/system/allow-query/ns2/named40.conf.in`
		`+++ b/bin/tests/system/allow-query/ns2/named40.conf.in`
		`- @@ -14,12 +14,12 @@ acl accept { 10.53.0.2; };`
		`+ @@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };`
		`acl badaccept { 10.53.0.1; };`

		`key one {`
		`@@ -432,10 +428,10 @@`
		`};`

		`diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh`
		`- index fe40635..543c663 100644`
		`+ index bbffe07..80da0fe 100644`
		`--- a/bin/tests/system/allow-query/tests.sh`
		`+++ b/bin/tests/system/allow-query/tests.sh`
		`- @@ -182,7 +182,7 @@ rndc_reload ns2 10.53.0.2`
		`+ @@ -200,7 +200,7 @@ rndc_reload ns2 10.53.0.2`

		`echo_i "test $n: key allowed - query allowed"`
		`ret=0`
		`@@ -444,25 +440,25 @@`
		`grep 'status: NOERROR' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.normal.example' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`if [ $ret != 0 ]; then echo_i "failed"; fi`
		`- @@ -195,7 +195,7 @@ rndc_reload ns2 10.53.0.2`
		`+ @@ -213,7 +213,7 @@ rndc_reload ns2 10.53.0.2`

		`echo_i "test $n: key not allowed - query refused"`
		`ret=0`
		`-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`grep 'status: REFUSED' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1`
		`- if [ $ret != 0 ]; then echo_i "failed"; fi`
		`- @@ -208,7 +208,7 @@ rndc_reload ns2 10.53.0.2`
		`+ @@ -227,7 +227,7 @@ rndc_reload ns2 10.53.0.2`

		`echo_i "test $n: key disallowed - query refused"`
		`ret=0`
		`-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`grep 'status: REFUSED' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1`
		`- if [ $ret != 0 ]; then echo_i "failed"; fi`
		`- @@ -341,7 +341,7 @@ rndc_reload ns2 10.53.0.2`
		`+ @@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2`

		`echo_i "test $n: views key allowed - query allowed"`
		`ret=0`
		`@@ -471,25 +467,25 @@`
		`grep 'status: NOERROR' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.normal.example' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`if [ $ret != 0 ]; then echo_i "failed"; fi`
		`- @@ -354,7 +354,7 @@ rndc_reload ns2 10.53.0.2`
		`+ @@ -379,7 +379,7 @@ rndc_reload ns2 10.53.0.2`

		`echo_i "test $n: views key not allowed - query refused"`
		`ret=0`
		`-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`grep 'status: REFUSED' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1`
		`- if [ $ret != 0 ]; then echo_i "failed"; fi`
		`- @@ -367,7 +367,7 @@ rndc_reload ns2 10.53.0.2`
		`+ @@ -393,7 +393,7 @@ rndc_reload ns2 10.53.0.2`

		`echo_i "test $n: views key disallowed - query refused"`
		`ret=0`
		`-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n \|\| ret=1`
		`grep 'status: REFUSED' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1`
		`- if [ $ret != 0 ]; then echo_i "failed"; fi`
		- @@ -500,7 +500,7 @@ status=`expr $status + $ret`
		+ @@ -533,7 +533,7 @@ status=`expr $status + $ret`
		n=`expr $n + 1`
		`echo_i "test $n: zone key allowed - query allowed"`
		`ret=0`
		`@@ -498,51 +494,29 @@`
		`grep 'status: NOERROR' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`if [ $ret != 0 ]; then echo_i "failed"; fi`
		- @@ -510,7 +510,7 @@ status=`expr $status + $ret`
		+ @@ -543,7 +543,7 @@ status=`expr $status + $ret`
		n=`expr $n + 1`
		`echo_i "test $n: zone key not allowed - query refused"`
		`ret=0`
		`-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n \|\| ret=1`
		`+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n \|\| ret=1`
		`grep 'status: REFUSED' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1`
		`- if [ $ret != 0 ]; then echo_i "failed"; fi`
		- @@ -520,7 +520,7 @@ status=`expr $status + $ret`
		+ @@ -554,7 +554,7 @@ status=`expr $status + $ret`
		n=`expr $n + 1`
		`echo_i "test $n: zone key disallowed - query refused"`
		`ret=0`
		`-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n \|\| ret=1`
		`+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n \|\| ret=1`
		`grep 'status: REFUSED' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null \|\| ret=1`
		`grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1`
		`- if [ $ret != 0 ]; then echo_i "failed"; fi`
		`diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in`
		`- index 1218669..e62715e 100644`
		`+ index 5a46d39..fc1bd07 100644`
		`--- a/bin/tests/system/catz/ns1/named.conf.in`
		`+++ b/bin/tests/system/catz/ns1/named.conf.in`
		`- @@ -61,5 +61,5 @@ zone "catalog4.example" {`
		`-`
		`- key tsig_key. {`
		`- secret "LSAnCU+Z";`
		`- - algorithm hmac-md5;`
		`- + algorithm hmac-sha256;`
		`- };`
		`- diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in`
		`- index 30333e6..4005152 100644`
		`- --- a/bin/tests/system/catz/ns2/named1.conf.in`
		`- +++ b/bin/tests/system/catz/ns2/named1.conf.in`
		`- @@ -70,5 +70,5 @@ zone "catalog4.example" {`
		`-`
		`- key tsig_key. {`
		`- secret "LSAnCU+Z";`
		`- - algorithm hmac-md5;`
		`- + algorithm hmac-sha256;`
		`- };`
		`- diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in`
		`- index fcd99ca..84c97ca 100644`
		`- --- a/bin/tests/system/catz/ns2/named2.conf.in`
		`- +++ b/bin/tests/system/catz/ns2/named2.conf.in`
		`- @@ -56,5 +56,5 @@ zone "catalog4.example" {`
		`+ @@ -63,5 +63,5 @@ zone "catalog4.example" {`

		`key tsig_key. {`
		`secret "LSAnCU+Z";`
		`@@ -550,10 +524,10 @@`
		`+ algorithm hmac-sha256;`
		`};`
		`diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf`
		`- index 21be03e..e57c308 100644`
		`+ index 4af25b0..9f202d5 100644`
		`--- a/bin/tests/system/checkconf/bad-tsig.conf`
		`+++ b/bin/tests/system/checkconf/bad-tsig.conf`
		`- @@ -11,7 +11,7 @@`
		`+ @@ -13,7 +13,7 @@`

		`/* Bad secret */`
		`key "badtsig" {`
		`@@ -563,10 +537,10 @@`
		`};`

		`diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf`
		`- index 616a544..e3a59a5 100644`
		`+ index 897dc86..e4b6dc1 100644`
		`--- a/bin/tests/system/checkconf/good.conf`
		`+++ b/bin/tests/system/checkconf/good.conf`
		`- @@ -268,6 +268,6 @@ dyndb "name" "library.so" {`
		`+ @@ -270,6 +270,6 @@ dyndb "name" "library.so" {`
		`system;`
		`};`
		`key "mykey" {`
		`@@ -575,10 +549,10 @@`
		`secret "qwertyuiopasdfgh";`
		`};`
		`diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c`
		`- index 877504f..577660a 100644`
		`+ index 30e6e14..ba7f98e 100644`
		`--- a/bin/tests/system/feature-test.c`
		`+++ b/bin/tests/system/feature-test.c`
		`- @@ -14,6 +14,7 @@`
		`+ @@ -16,6 +16,7 @@`
		`#include <string.h>`
		`#include <unistd.h>`

		`@@ -586,8 +560,8 @@`
		`#include <isc/net.h>`
		`#include <isc/print.h>`
		`#include <isc/util.h>`
		`- @@ -186,6 +187,19 @@ main(int argc, char **argv) {`
		`- #endif /* ifdef DLZ_FILESYSTEM */`
		`+ @@ -140,6 +141,19 @@ main(int argc, char **argv) {`
		`+ #endif`
		`}`

		`+ if (strcmp(argv[1], "--md5") == 0) {`
		`@@ -603,14 +577,14 @@`
		`+ }`
		`+ }`
		`+`
		`- if (strcmp(argv[1], "--with-idn") == 0) {`
		`- #ifdef HAVE_LIBIDN2`
		`- return (0);`
		`+ if (strcmp(argv[1], "--ipv6only=no") == 0) {`
		`+ #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)`
		`+ int s;`
		`diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in`
		`- index 1ee8df4..2b75d9a 100644`
		`+ index 5cab276..d4a7bf3 100644`
		`--- a/bin/tests/system/notify/ns5/named.conf.in`
		`+++ b/bin/tests/system/notify/ns5/named.conf.in`
		`- @@ -10,17 +10,17 @@`
		`+ @@ -12,17 +12,17 @@`
		`*/`

		`key "a" {`
		`@@ -632,10 +606,10 @@`
		`};`

		`diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh`
		`- index 3d7e0b7..ec4d9a7 100644`
		`+ index 52d2f81..1fd02d4 100644`
		`--- a/bin/tests/system/notify/tests.sh`
		`+++ b/bin/tests/system/notify/tests.sh`
		`- @@ -212,16 +212,16 @@ ret=0`
		`+ @@ -187,7 +187,7 @@ test_start "checking notify to multiple views using tsig"`
		`$NSUPDATE << EOF`
		`server 10.53.0.5 ${PORT}`
		`zone x21`
		`@@ -644,22 +618,23 @@`
		`update add added.x21 0 in txt "test string"`
		`send`
		`EOF`
		`-`
		`+ @@ -195,9 +195,9 @@ fnb="dig.out.b.ns5.test$n"`
		`+ fnc="dig.out.c.ns5.test$n"`
		`for i in 1 2 3 4 5 6 7 8 9`
		`do`
		`- - $DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \`
		`- + $DIG $DIGOPTS added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \`
		`- txt > dig.out.b.ns5.test$n \|\| ret=1`
		`- - $DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \`
		`- + $DIG $DIGOPTS added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \`
		`- txt > dig.out.c.ns5.test$n \|\| ret=1`
		`- grep "test string" dig.out.b.ns5.test$n > /dev/null &&`
		`- grep "test string" dig.out.c.ns5.test$n > /dev/null &&`
		`+ - dig_plus_opts added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \`
		`+ + dig_plus_opts added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \`
		`+ txt > "$fnb" \|\| ret=1`
		`+ - dig_plus_opts added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \`
		`+ + dig_plus_opts added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \`
		`+ txt > "$fnc" \|\| ret=1`
		`+ grep "test string" "$fnb" > /dev/null &&`
		`+ grep "test string" "$fnc" > /dev/null &&`
		`diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in`
		`- index b51e700..436c97d 100644`
		`+ index 81d0c99..effbe2e 100644`
		`--- a/bin/tests/system/nsupdate/ns1/named.conf.in`
		`+++ b/bin/tests/system/nsupdate/ns1/named.conf.in`
		`- @@ -37,7 +37,7 @@ controls {`
		`+ @@ -39,7 +39,7 @@ controls {`
		`};`

		`key altkey {`
		`@@ -669,10 +644,10 @@`
		`};`

		`diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in`
		`- index da6b3b4..c547e47 100644`
		`+ index f1a1735..da2b3d1 100644`
		`--- a/bin/tests/system/nsupdate/ns2/named.conf.in`
		`+++ b/bin/tests/system/nsupdate/ns2/named.conf.in`
		`- @@ -32,7 +32,7 @@ controls {`
		`+ @@ -34,7 +34,7 @@ controls {`
		`};`

		`key altkey {`
		`@@ -682,27 +657,27 @@`
		`};`

		`diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh`
		`- index 5593a2e..7cd1a74 100644`
		`+ index 50056dc..a4a1a3f 100644`
		`--- a/bin/tests/system/nsupdate/setup.sh`
		`+++ b/bin/tests/system/nsupdate/setup.sh`
		`- @@ -71,7 +71,11 @@ EOF`
		`+ @@ -72,7 +72,11 @@ EOF`

		`- $DDNSCONFGEN -q -z example.nil > ns1/ddns.key`
		`+ $TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key`

		`- -$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key`
		`+ -$TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key`
		`+if $FEATURETEST --md5; then`
		`- + $DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key`
		`+ + $TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key`
		`+else`
		`+ echo -n > ns1/md5.key`
		`+fi`
		`- $DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key`
		`- $DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key`
		`- $DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key`
		`+ $TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key`
		`+ $TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key`
		`+ $TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key`
		`diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh`
		`- index 8839131..fde6135 100755`
		`+ index 0863d0a..559def7 100755`
		`--- a/bin/tests/system/nsupdate/tests.sh`
		`+++ b/bin/tests/system/nsupdate/tests.sh`
		`- @@ -824,7 +824,14 @@ fi`
		`+ @@ -841,7 +841,14 @@ fi`
		n=`expr $n + 1`
		`ret=0`
		`echo_i "check TSIG key algorithms (nsupdate -k) ($n)"`
		`@@ -718,7 +693,7 @@`
		`$NSUPDATE -k ns1/${alg}.key <<END > /dev/null \|\| ret=1`
		`server 10.53.0.1 ${PORT}`
		`update add ${alg}.keytests.nil. 600 A 10.10.10.3`
		`- @@ -832,7 +839,7 @@ send`
		`+ @@ -849,7 +856,7 @@ send`
		`END`
		`done`
		`sleep 2`
		`@@ -727,29 +702,11 @@`
		`$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil \| grep 10.10.10.3 > /dev/null 2>&1 \|\| ret=1`
		`done`
		`if [ $ret -ne 0 ]; then`
		`- @@ -843,7 +850,7 @@ fi`
		- n=`expr $n + 1`
		`- ret=0`
		`- echo_i "check TSIG key algorithms (nsupdate -y) ($n)"`
		`- -for alg in md5 sha1 sha224 sha256 sha384 sha512; do`
		`- +for alg in $ALGS; do`
		`- secret=$(sed -n 's/.secret "$.$";.*/\1/p' ns1/${alg}.key)`
		`- $NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null \|\| ret=1`
		`- server 10.53.0.1 ${PORT}`
		`- @@ -852,7 +859,7 @@ send`
		`- END`
		`- done`
		`- sleep 2`
		`- -for alg in md5 sha1 sha224 sha256 sha384 sha512; do`
		`- +for alg in $ALGS; do`
		`- $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil \| grep 10.10.10.50 > /dev/null 2>&1 \|\| ret=1`
		`- done`
		`- if [ $ret -ne 0 ]; then`
		`diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh`
		`- index 225722f..63ac938 100644`
		`+ index 4dd6fa7..1b79263 100644`
		`--- a/bin/tests/system/rndc/setup.sh`
		`+++ b/bin/tests/system/rndc/setup.sh`
		`- @@ -38,7 +38,7 @@ make_key () {`
		`+ @@ -47,7 +47,7 @@ make_key () {`
		`sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf`
		`}`

		`@@ -759,13 +716,13 @@`
		`make_key 3 ${EXTRAPORT3} hmac-sha224`
		`make_key 4 ${EXTRAPORT4} hmac-sha256`
		`diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh`
		`- index 9bf86c6..b8a7a1f 100644`
		`+ index 85c271b..ac69f32 100644`
		`--- a/bin/tests/system/rndc/tests.sh`
		`+++ b/bin/tests/system/rndc/tests.sh`
		`- @@ -349,15 +349,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi`
		- status=`expr $status + $ret`
		`+ @@ -350,15 +350,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi`
		`+ status=$((status+ret))`

		- n=`expr $n + 1`
		`+ n=$((n+1))`
		`-echo_i "testing rndc with hmac-md5 ($n)"`
		`-ret=0`
		`-$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 \|\| ret=1`
		`@@ -774,29 +731,28 @@`
		`- $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1`
		`-done`
		`-if [ $ret != 0 ]; then echo_i "failed"; fi`
		- -status=`expr $status + $ret`
		`+ -status=$((status+ret))`
		`+if $FEATURETEST --md5`
		`- +then`
		`+ echo_i "testing rndc with hmac-md5 ($n)"`
		`+ ret=0`
		`+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 \|\| ret=1`
		`+ for i in 2 3 4 5 6`
		`+ do`
		`- + $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1`
		`+ + $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1`
		`+ done`
		`+ if [ $ret != 0 ]; then echo_i "failed"; fi`
		- + status=`expr $status + $ret`
		`+ + status=$((status+ret))`
		`+else`
		`+ echo_i "skipping rndc with hmac-md5 ($n)"`
		`+fi`

		- n=`expr $n + 1`
		`+ n=$((n+1))`
		`echo_i "testing rndc with hmac-sha1 ($n)"`
		`diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in`
		`- index 3470c4f..cf539cd 100644`
		`+ index 76cf970..22637af 100644`
		`--- a/bin/tests/system/tsig/ns1/named.conf.in`
		`+++ b/bin/tests/system/tsig/ns1/named.conf.in`
		`- @@ -21,10 +21,7 @@ options {`
		`+ @@ -23,10 +23,7 @@ options {`
		`notify no;`
		`};`

		`@@ -808,7 +764,7 @@`

		`key "sha1" {`
		`secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";`
		`- @@ -51,10 +48,7 @@ key "sha512" {`
		`+ @@ -53,10 +50,7 @@ key "sha512" {`
		`algorithm hmac-sha512;`
		`};`

		`@@ -820,27 +776,11 @@`

		`key "sha1-trunc" {`
		`secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";`
		`- diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in`
		`- new file mode 100644`
		`- index 0000000..0682194`
		`- --- /dev/null`
		`- +++ b/bin/tests/system/tsig/ns1/rndc5.conf.in`
		`- @@ -0,0 +1,10 @@`
		`- +# Conditionally included when support for MD5 is available`
		`- +key "md5" {`
		`- + secret "97rnFx24Tfna4mHPfgnerA==";`
		`- + algorithm hmac-md5;`
		`- +};`
		`- +`
		`- +key "md5-trunc" {`
		`- + secret "97rnFx24Tfna4mHPfgnerA==";`
		`- + algorithm hmac-md5-80;`
		`- +};`
		`diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh`
		`- index e3b4a45..ae21d04 100644`
		`+ index 34cc73b..d51ff21 100644`
		`--- a/bin/tests/system/tsig/setup.sh`
		`+++ b/bin/tests/system/tsig/setup.sh`
		`- @@ -15,3 +15,8 @@ SYSTEMTESTTOP=..`
		`+ @@ -16,3 +16,8 @@`
		`$SHELL clean.sh`

		`copy_setports ns1/named.conf.in ns1/named.conf`
		`@@ -850,10 +790,10 @@`
		`+ cat ns1/rndc5.conf.in >> ns1/named.conf`
		`+fi`
		`diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh`
		`- index 38d842a..668aa6f 100644`
		`+ index 1067227..ee05e83 100644`
		`--- a/bin/tests/system/tsig/tests.sh`
		`+++ b/bin/tests/system/tsig/tests.sh`
		`- @@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f`
		`+ @@ -27,20 +27,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f`

		`status=0`

		`@@ -864,6 +804,13 @@`
		`-if [ $ret -eq 1 ] ; then`
		`- echo_i "failed"; status=1`
		`-fi`
		`+ -`
		`+ -echo_i "fetching using hmac-md5 (new form)"`
		`+ -ret=0`
		`+ -$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new \|\| ret=1`
		`+ -grep -i "md5.TSIG.NOERROR" dig.out.md5.new > /dev/null \|\| ret=1`
		`+ -if [ $ret -eq 1 ] ; then`
		`+ - echo_i "failed"; status=1`
		`+if $FEATURETEST --md5`
		`+then`
		`+ echo_i "fetching using hmac-md5 (old form)"`
		`@@ -873,13 +820,7 @@`
		`+ if [ $ret -eq 1 ] ; then`
		`+ echo_i "failed"; status=1`
		`+ fi`
		`-`
		`- -echo_i "fetching using hmac-md5 (new form)"`
		`- -ret=0`
		`- -$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new \|\| ret=1`
		`- -grep -i "md5.TSIG.NOERROR" dig.out.md5.new > /dev/null \|\| ret=1`
		`- -if [ $ret -eq 1 ] ; then`
		`- - echo_i "failed"; status=1`
		`+ +`
		`+ echo_i "fetching using hmac-md5 (new form)"`
		`+ ret=0`
		`+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new \|\| ret=1`
		`@@ -892,7 +833,7 @@`
		`fi`

		`echo_i "fetching using hmac-sha1"`
		`- @@ -87,12 +92,17 @@ fi`
		`+ @@ -88,12 +93,17 @@ fi`
		`# Truncated TSIG`
		`#`
		`#`
		`@@ -916,7 +857,7 @@`
		`fi`

		`echo_i "fetching using hmac-sha1 (trunc)"`
		`- @@ -141,12 +151,17 @@ fi`
		`+ @@ -142,12 +152,17 @@ fi`
		`# Check for bad truncation.`
		`#`
		`#`
		`@@ -941,10 +882,10 @@`

		`echo_i "fetching using hmac-sha1-80 (BADTRUNC)"`
		`diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in`
		`- index 3873c7c..b359a5a 100644`
		`+ index c2b57dd..cb13aa1 100644`
		`--- a/bin/tests/system/upforwd/ns1/named.conf.in`
		`+++ b/bin/tests/system/upforwd/ns1/named.conf.in`
		`- @@ -10,7 +10,7 @@`
		`+ @@ -12,7 +12,7 @@`
		`*/`

		`key "update.example." {`
		`@@ -954,10 +895,10 @@`
		`};`

		`diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh`
		`- index a50c896..8062d68 100644`
		`+ index a6de312..ebcadb1 100644`
		`--- a/bin/tests/system/upforwd/tests.sh`
		`+++ b/bin/tests/system/upforwd/tests.sh`
		- @@ -79,7 +79,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
		+ @@ -80,7 +80,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi

		`echo_i "updating zone (signed) ($n)"`
		`ret=0`
		`@@ -967,5 +908,5 @@`
		`update add updated.example. 600 A 10.10.10.1`
		`update add updated.example. 600 TXT Foo`
		`--`
		`- 2.31.1`
		`+ 2.34.1`

bind-9.11-kyua-pkcs11.patch

file removed

-58

		`@@ -1,58 +0,0 @@`
		`- From 1241f2005d08673c28a595c5a6cd61350b95a929 Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>`
		`- Date: Tue, 2 Jan 2018 18:13:07 +0100`
		`- Subject: [PATCH] Fix pkcs11 variants atf tests`
		`-`
		`- Add dns-pkcs11 tests Makefile to configure`
		`-`
		`- Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode`
		`- ---`
		`- configure.ac \| 1 +`
		`- lib/Kyuafile \| 2 ++`
		`- lib/dns-pkcs11/tests/dh_test.c \| 3 ++-`
		`- 3 files changed, 5 insertions(+), 1 deletion(-)`
		`-`
		`- diff --git a/configure.ac b/configure.ac`
		`- index d80ae31..0fb9328 100644`
		`- --- a/configure.ac`
		`- +++ b/configure.ac`
		`- @@ -3090,6 +3090,7 @@ AC_CONFIG_FILES([`
		`- lib/dns-pkcs11/include/Makefile`
		`- lib/dns-pkcs11/include/dns/Makefile`
		`- lib/dns-pkcs11/include/dst/Makefile`
		`- + lib/dns-pkcs11/tests/Makefile`
		`- lib/irs/Makefile`
		`- lib/irs/include/Makefile`
		`- lib/irs/include/irs/Makefile`
		`- diff --git a/lib/Kyuafile b/lib/Kyuafile`
		`- index 39ce986..037e5ef 100644`
		`- --- a/lib/Kyuafile`
		`- +++ b/lib/Kyuafile`
		`- @@ -2,8 +2,10 @@ syntax(2)`
		`- test_suite('bind9')`
		`-`
		`- include('dns/Kyuafile')`
		`- +include('dns-pkcs11/Kyuafile')`
		`- include('irs/Kyuafile')`
		`- include('isc/Kyuafile')`
		`- include('isccc/Kyuafile')`
		`- include('isccfg/Kyuafile')`
		`- include('ns/Kyuafile')`
		`- +include('ns-pkcs11/Kyuafile')`
		`- diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c`
		`- index 934e8fd..658d1af 100644`
		`- --- a/lib/dns-pkcs11/tests/dh_test.c`
		`- +++ b/lib/dns-pkcs11/tests/dh_test.c`
		`- @@ -87,7 +87,8 @@ dh_computesecret(void **state) {`
		`- result = dst_key_computesecret(key, key, &buf);`
		`- assert_int_equal(result, DST_R_NOTPRIVATEKEY);`
		`- result = key->func->computesecret(key, key, &buf);`
		`- - assert_int_equal(result, DST_R_COMPUTESECRETFAILURE);`
		`- + /* PKCS11 variant gives different result, accept both */`
		`- + assert_true(result == DST_R_COMPUTESECRETFAILURE \|\| result == DST_R_INVALIDPRIVATEKEY);`
		`-`
		`- dst_key_free(&key);`
		`- }`
		`- --`
		`- 2.20.1`
		`-`

bind-9.11-rh1666814.patch

file removed

-29

		`@@ -1,29 +0,0 @@`
		`- From d05d116da39c0a5c580ceaac6ba069899b82c5a0 Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>`
		`- Date: Wed, 16 Jan 2019 16:27:33 +0100`
		`- Subject: [PATCH] Fix possible crash when loading corrupted file`
		`-`
		`- Some values passes internal triggers by coincidence. Fix the check and`
		`- check also first_node_offset before even passing it further.`
		`- ---`
		`- lib/dns/rbt.c \| 4 +++-`
		`- 1 file changed, 3 insertions(+), 1 deletion(-)`
		`-`
		`- diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c`
		`- index 5aee5f6..7f2c2d2 100644`
		`- --- a/lib/dns/rbt.c`
		`- +++ b/lib/dns/rbt.c`
		`- @@ -945,7 +945,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,`
		`- rbt->root = (dns_rbtnode_t )((char )base_address + header_offset +`
		`- header->first_node_offset);`
		`-`
		`- - if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize) {`
		`- + if ((header->nodecount * sizeof(dns_rbtnode_t)) > filesize`
		`- + \|\| header->first_node_offset > filesize) {`
		`- +`
		`- result = ISC_R_INVALIDFILE;`
		`- goto cleanup;`
		`- }`
		`- --`
		`- 2.31.1`
		`-`

bind-9.14-config-pkcs11.patch

file removed

-83

		`@@ -1,83 +0,0 @@`
		`- From e6ab9c67f0a14adc23c1067e03a106da1b1651b7 Mon Sep 17 00:00:00 2001`
		`- From: Petr Mensik <pemensik@redhat.com>`
		`- Date: Fri, 18 Oct 2019 21:30:52 +0200`
		`- Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h`
		`-`
		`- Building two variants with the same common code requires to unset`
		`- USE_PKCS11 on part of build. That is not possible with config.h value.`
		`- Move it as normal define to CDEFINES.`
		`- ---`
		`- bin/confgen/Makefile.in \| 2 +-`
		`- configure.ac \| 8 ++++++--`
		`- lib/dns/dst_internal.h \| 12 +++++++++---`
		`- 3 files changed, 16 insertions(+), 6 deletions(-)`
		`-`
		`- diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in`
		`- index 1b7512d..c126bf3 100644`
		`- --- a/bin/confgen/Makefile.in`
		`- +++ b/bin/confgen/Makefile.in`
		`- @@ -22,7 +22,7 @@ VERSION=@BIND9_VERSION@`
		`- CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \`
		`- ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}`
		`-`
		`- -CDEFINES =`
		`- +CDEFINES = @USE_PKCS11@`
		`- CWARNINGS =`
		`-`
		`- ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@`
		`- diff --git a/configure.ac b/configure.ac`
		`- index f5483fe..08a7d8a 100644`
		`- --- a/configure.ac`
		`- +++ b/configure.ac`
		`- @@ -935,10 +935,14 @@ AC_SUBST([PKCS11_TEST])`
		`- AC_SUBST([PKCS11_TOOLS])`
		`- AC_SUBST([PKCS11_MANS])`
		`-`
		`- +USE_PKCS11='-DUSE_PKCS11=0'`
		`- +USE_OPENSSL='-DUSE_OPENSSL=0'`
		`- AC_SUBST([CRYPTO])`
		`- AS_CASE([$CRYPTO],`
		`- - [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],`
		`- - [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])`
		`- + [pkcs11],[USE_PKCS11='-DUSE_PKCS11=1'],`
		`- + [USE_OPENSSL='-DUSE_OPENSSL=1'])`
		`- +AC_SUBST(USE_PKCS11)`
		`- +AC_SUBST(USE_OPENSSL)`
		`-`
		`- # preparation for automake`
		`- # AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])`
		`- diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h`
		`- index 2c3b4a3..55e9dc4 100644`
		`- --- a/lib/dns/dst_internal.h`
		`- +++ b/lib/dns/dst_internal.h`
		`- @@ -38,6 +38,13 @@`
		`- #include <isc/stdtime.h>`
		`- #include <isc/types.h>`
		`-`
		`- +#ifndef USE_PKCS11`
		`- +#define USE_PKCS11 0`
		`- +#endif`
		`- +#ifndef USE_OPENSSL`
		`- +#define USE_OPENSSL (! USE_PKCS11)`
		`- +#endif`
		`- +`
		`- #if USE_PKCS11`
		`- #include <pk11/pk11.h>`
		`- #include <pk11/site.h>`
		`- @@ -116,11 +123,10 @@ struct dst_key {`
		`- void *generic;`
		`- dns_gss_ctx_id_t gssctx;`
		`- DH *dh;`
		`- -#if USE_OPENSSL`
		`- - EVP_PKEY *pkey;`
		`- -#endif /* if USE_OPENSSL */`
		`- #if USE_PKCS11`
		`- pk11_object_t *pkey;`
		`- +#else`
		`- + EVP_PKEY *pkey;`
		`- #endif /* if USE_PKCS11 */`
		`- dst_hmac_key_t *hmac_key;`
		`- } keydata; /%< pointer to key in crypto pkg fmt /`
		`- --`
		`- 2.26.2`
		`-`

bind-9.16-redhat_doc.patch

file modified

+23 -17

		`@@ -1,4 +1,4 @@`
		`- From 3a161af91bffcd457586ab466e32ac8484028763 Mon Sep 17 00:00:00 2001`
		`+ From 402403b4bbb4f603693378e86b6c97997ccb0401 Mon Sep 17 00:00:00 2001`
		`From: Petr Mensik <pemensik@redhat.com>`
		`Date: Wed, 17 Jun 2020 23:17:13 +0200`
		`Subject: [PATCH] Update man named with Red Hat specifics`
		`@@ -6,15 +6,15 @@`
		`This is almost unmodified text and requires revalidation. Some of those`
		`statements are no longer correct.`
		`---`
		`- bin/named/named.rst \| 35 +++++++++++++++++++++++++++++++++++`
		`- 1 file changed, 35 insertions(+)`
		`+ bin/named/named.rst \| 41 +++++++++++++++++++++++++++++++++++++++++`
		`+ 1 file changed, 41 insertions(+)`

		`diff --git a/bin/named/named.rst b/bin/named/named.rst`
		`- index 6fd8f87..3cd6350 100644`
		`+ index ea440b2..fa51984 100644`
		`--- a/bin/named/named.rst`
		`+++ b/bin/named/named.rst`
		`- @@ -228,6 +228,41 @@ Files`
		- ``/var/run/named/named.pid``
		`+ @@ -212,6 +212,47 @@ Files`
		`+ \|named_pid\|`
		`The default process-id file.`

		`+Notes`
		`@@ -24,7 +24,7 @@`
		`+`
		`+By default, Red Hat ships BIND with the most secure SELinux policy`
		`+that will not prevent normal BIND operation and will prevent exploitation`
		`- +of all known BIND security vulnerabilities. See the selinux(8) man page`
		`+ +of all known BIND security vulnerabilities . See the selinux(8) man page`
		`+for information about SElinux.`
		`+`
		`+It is not necessary to run named in a chroot environment if the Red Hat`
		`@@ -34,27 +34,33 @@`
		`+`
		`+With this extra security comes some restrictions:`
		`+`
		`- +By default, the SELinux policy does not allow named to write outside directory`
		`- +/var/named. That directory used to be read-only for named, but write access is`
		`- +enabled by default now.`
		`+ +By default, the SELinux policy does not allow named to write any master`
		`+ +zone database files. Only the root user may create files in the $ROOTDIR/var/named`
		`+ +zone database file directory (the options { "directory" } option), where`
		`+ +$ROOTDIR is set in /etc/sysconfig/named.`
		`+`
		`+The "named" group must be granted read privelege to`
		`+these files in order for named to be enabled to read them.`
		`- +Any file updated by named must be writeable by named user or named group.`
		`+`
		`+Any file created in the zone database file directory is automatically assigned`
		`+the SELinux file context named_zone_t .`
		`+`
		`+ +By default, SELinux prevents any role from modifying named_zone_t files; this`
		`+ +means that files in the zone database directory cannot be modified by dynamic`
		`+ +DNS (DDNS) updates or zone transfers.`
		`+ +`
		`+The Red Hat BIND distribution and SELinux policy creates three directories where`
		`- +named were allowed to create and modify files: /var/named/slaves, /var/named/dynamic`
		`- +/var/named/data. The service is able to write and file under /var/named with appropriate`
		`- +permissions. They are used for better organisation of zones and backward compatibility.`
		`- +Files in these directories are automatically assigned the 'named_cache_t'`
		`- +file context, which SELinux always allows named to write.`
		`+ +named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic`
		`+ +/var/named/data. By placing files you want named to modify, such as`
		`+ +slave or DDNS updateable zone files and database / statistics dump files in`
		`+ +these directories, named will work normally and no further operator action is`
		`+ +required. Files in these directories are automatically assigned the 'named_cache_t'`
		`+ +file context, which SELinux allows named to write.`
		`+ +`
		`+`
		`See Also`
		`~~~~~~~~`

		`--`
		`- 2.26.2`
		`+ 2.34.1`

bind-9.16-resolv.conf-options-timeout-test.patch

file removed

-113

		`@@ -1,113 +0,0 @@`
		`- From 7270604440268bb17b39ae734ff33003a67c8343 Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>`
		`- Date: Tue, 20 Jul 2021 19:34:42 +0200`
		`- Subject: [PATCH] Check parsed resconf values`
		`-`
		`- Add 'attempts' check, fix 'ndots' data. Create a bunch of verification`
		`- functions and check parsed values, not just return codes.`
		`- ---`
		`- lib/irs/tests/resconf_test.c \| 46 ++++++++++++++++++--`
		`- lib/irs/tests/testdata/options-attempts.conf \| 10 +++++`
		`- lib/irs/tests/testdata/options-ndots.conf \| 2 +-`
		`- 3 files changed, 54 insertions(+), 4 deletions(-)`
		`- create mode 100644 lib/irs/tests/testdata/options-attempts.conf`
		`-`
		`- diff --git a/lib/irs/tests/resconf_test.c b/lib/irs/tests/resconf_test.c`
		`- index 6951758..ce94345 100644`
		`- --- a/lib/irs/tests/resconf_test.c`
		`- +++ b/lib/irs/tests/resconf_test.c`
		`- @@ -45,6 +45,43 @@ setup_test() {`
		`- assert_return_code(chdir(TESTS), 0);`
		`- }`
		`-`
		`- +static isc_result_t`
		`- +check_number(unsigned int n, unsigned int expected) {`
		`- + return ((n == expected) ? ISC_R_SUCCESS : ISC_R_BADNUMBER);`
		`- +}`
		`- +`
		`- +static isc_result_t`
		`- +check_attempts(irs_resconf_t *resconf) {`
		`- + return (check_number(irs_resconf_getattempts(resconf), 4));`
		`- +}`
		`- +`
		`- +static isc_result_t`
		`- +check_timeout(irs_resconf_t *resconf) {`
		`- + return (check_number(irs_resconf_gettimeout(resconf), 1));`
		`- +}`
		`- +`
		`- +static isc_result_t`
		`- +check_ndots(irs_resconf_t *resconf) {`
		`- + return (check_number(irs_resconf_getndots(resconf), 2));`
		`- +}`
		`- +`
		`- +static isc_result_t`
		`- +check_options(irs_resconf_t *resconf) {`
		`- + if (irs_resconf_getattempts(resconf) != 3) {`
		`- + return ISC_R_BADNUMBER; /* default value only */`
		`- + }`
		`- +`
		`- + if (irs_resconf_getndots(resconf) != 2) {`
		`- + return ISC_R_BADNUMBER;`
		`- + }`
		`- +`
		`- + if (irs_resconf_gettimeout(resconf) != 1) {`
		`- + return ISC_R_BADNUMBER;`
		`- + }`
		`- +`
		`- + return (ISC_R_SUCCESS);`
		`- +}`
		`- +`
		`- /* test irs_resconf_load() */`
		`- static void`
		`- irs_resconf_load_test(void **state) {`
		`- @@ -64,15 +101,18 @@ irs_resconf_load_test(void **state) {`
		`- ISC_R_SUCCESS },`
		`- { "testdata/nameserver-v6-scoped.conf", ISC_R_SUCCESS, NULL,`
		`- ISC_R_SUCCESS },`
		`- + { "testdata/options-attempts.conf", ISC_R_SUCCESS,`
		`- + check_attempts, ISC_R_SUCCESS },`
		`- { "testdata/options-debug.conf", ISC_R_SUCCESS, NULL,`
		`- ISC_R_SUCCESS },`
		`- - { "testdata/options-ndots.conf", ISC_R_SUCCESS, NULL,`
		`- + { "testdata/options-ndots.conf", ISC_R_SUCCESS, check_ndots,`
		`- ISC_R_SUCCESS },`
		`- - { "testdata/options-timeout.conf", ISC_R_SUCCESS, NULL,`
		`- + { "testdata/options-timeout.conf", ISC_R_SUCCESS, check_timeout,`
		`- ISC_R_SUCCESS },`
		`- { "testdata/options-unknown.conf", ISC_R_SUCCESS, NULL,`
		`- ISC_R_SUCCESS },`
		`- - { "testdata/options.conf", ISC_R_SUCCESS, NULL, ISC_R_SUCCESS },`
		`- + { "testdata/options.conf", ISC_R_SUCCESS, check_options,`
		`- + ISC_R_SUCCESS },`
		`- { "testdata/options-bad-ndots.conf", ISC_R_RANGE, NULL,`
		`- ISC_R_SUCCESS },`
		`- { "testdata/options-empty.conf", ISC_R_UNEXPECTEDEND, NULL,`
		`- diff --git a/lib/irs/tests/testdata/options-attempts.conf b/lib/irs/tests/testdata/options-attempts.conf`
		`- new file mode 100644`
		`- index 0000000..4538643`
		`- --- /dev/null`
		`- +++ b/lib/irs/tests/testdata/options-attempts.conf`
		`- @@ -0,0 +1,10 @@`
		`- +# Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
		`- +#`
		`- +# This Source Code Form is subject to the terms of the Mozilla Public`
		`- +# License, v. 2.0. If a copy of the MPL was not distributed with this`
		`- +# file, you can obtain one at https://mozilla.org/MPL/2.0/.`
		`- +#`
		`- +# See the COPYRIGHT file distributed with this work for additional`
		`- +# information regarding copyright ownership.`
		`- +`
		`- +options attempts:4`
		`- diff --git a/lib/irs/tests/testdata/options-ndots.conf b/lib/irs/tests/testdata/options-ndots.conf`
		`- index 5d18d26..f37c712 100644`
		`- --- a/lib/irs/tests/testdata/options-ndots.conf`
		`- +++ b/lib/irs/tests/testdata/options-ndots.conf`
		`- @@ -9,4 +9,4 @@`
		`- # See the COPYRIGHT file distributed with this work for additional`
		`- # information regarding copyright ownership.`
		`-`
		`- -option ndots:2`
		`- +options ndots:2`
		`- --`
		`- 2.35.3`
		`-`

bind-9.16-resolv.conf-options-timeout.patch

file removed

-203

		`@@ -1,203 +0,0 @@`
		`- From b0e79979672935ff07bf23703c675ee788940c59 Mon Sep 17 00:00:00 2001`
		`- From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>`
		`- Date: Tue, 22 Jun 2021 16:35:46 +0200`
		`- Subject: [PATCH] Parse 'timeout' and 'attempts' from resolv.conf`
		`-`
		`- It was supported by lwres in BIND 9.11, and is still mentioned in`
		`- the manual page. Restore support for it by adding it to libirs.`
		`- ---`
		`- bin/dig/dighost.c \| 13 ++++++-`
		`- lib/irs/include/irs/resconf.h \| 20 +++++++++++`
		`- lib/irs/resconf.c \| 64 ++++++++++++++++++++++++++++-------`
		`- 3 files changed, 84 insertions(+), 13 deletions(-)`
		`-`
		`- diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c`
		`- index 0222454..274e894 100644`
		`- --- a/bin/dig/dighost.c`
		`- +++ b/bin/dig/dighost.c`
		`- @@ -133,7 +133,7 @@ int sendcount = 0;`
		`- int recvcount = 0;`
		`- int sockcount = 0;`
		`- int ndots = -1;`
		`- -int tries = 3;`
		`- +int tries = -1;`
		`- int lookup_counter = 0;`
		`-`
		`- static char servercookie[256];`
		`- @@ -1330,6 +1330,17 @@ setup_system(bool ipv4only, bool ipv6only) {`
		`- ndots = irs_resconf_getndots(resconf);`
		`- debug("ndots is %d.", ndots);`
		`- }`
		`- + if (timeout == 0) {`
		`- + timeout = irs_resconf_gettimeout(resconf);`
		`- + debug("timeout is %d.", timeout);`
		`- + }`
		`- + if (tries == -1) {`
		`- + tries = irs_resconf_getattempts(resconf);`
		`- + if (tries == 0) {`
		`- + tries = 3;`
		`- + }`
		`- + debug("retries is %d.", tries);`
		`- + }`
		`-`
		`- /* If user doesn't specify server use nameservers from resolv.conf. */`
		`- if (ISC_LIST_EMPTY(server_list)) {`
		`- diff --git a/lib/irs/include/irs/resconf.h b/lib/irs/include/irs/resconf.h`
		`- index 424b795..74fc84a 100644`
		`- --- a/lib/irs/include/irs/resconf.h`
		`- +++ b/lib/irs/include/irs/resconf.h`
		`- @@ -113,6 +113,26 @@ irs_resconf_getndots(irs_resconf_t *conf);`
		`- *\li 'conf' is a valid resconf object.`
		`- */`
		`-`
		`- +unsigned int`
		`- +irs_resconf_getattempts(irs_resconf_t *conf);`
		`- +/*%<`
		`- + * Return the 'attempts' value stored in 'conf'.`
		`- + *`
		`- + * Requires:`
		`- + *`
		`- + *\li 'conf' is a valid resconf object.`
		`- + */`
		`- +`
		`- +unsigned int`
		`- +irs_resconf_gettimeout(irs_resconf_t *conf);`
		`- +/*%<`
		`- + * Return the 'timeout' value stored in 'conf'.`
		`- + *`
		`- + * Requires:`
		`- + *`
		`- + *\li 'conf' is a valid resconf object.`
		`- + */`
		`- +`
		`- ISC_LANG_ENDDECLS`
		`-`
		`- #endif /* IRS_RESCONF_H */`
		`- diff --git a/lib/irs/resconf.c b/lib/irs/resconf.c`
		`- index 096064b..dd51d71 100644`
		`- --- a/lib/irs/resconf.c`
		`- +++ b/lib/irs/resconf.c`
		`- @@ -80,6 +80,13 @@`
		`- #define RESCONFMAXLINELEN 256U /%< max size of a line /`
		`- #define RESCONFMAXSORTLIST 10U /%< max 10 /`
		`-`
		`- +#define CHECK(op) \`
		`- + do { \`
		`- + result = (op); \`
		`- + if (result != ISC_R_SUCCESS) \`
		`- + goto cleanup; \`
		`- + } while (0)`
		`- +`
		`- /*!`
		`- * configuration data structure`
		`- */`
		`- @@ -114,6 +121,10 @@ struct irs_resconf {`
		`- uint8_t resdebug;`
		`- /%< set to n in 'options ndots:n' /`
		`- uint8_t ndots;`
		`- + /%< set to n in 'options attempts:n' /`
		`- + uint8_t attempts;`
		`- + /%< set to n in 'options timeout:n' /`
		`- + uint8_t timeout;`
		`- };`
		`-`
		`- static isc_result_t`
		`- @@ -176,8 +187,8 @@ eatwhite(FILE *fp) {`
		`- */`
		`- static int`
		`- getword(FILE fp, char buffer, size_t size) {`
		`- + char *p = NULL;`
		`- int ch;`
		`- - char *p;`
		`-`
		`- REQUIRE(buffer != NULL);`
		`- REQUIRE(size > 0U);`
		`- @@ -457,11 +468,26 @@ resconf_parsesortlist(irs_resconf_t conf, FILE fp) {`
		`- return (ISC_R_SUCCESS);`
		`- }`
		`-`
		`- +static isc_result_t`
		`- +resconf_optionnumber(const char word, uint8_t number) {`
		`- + char *p;`
		`- + long n;`
		`- +`
		`- + n = strtol(word, &p, 10);`
		`- + if (p != '\0') { / Bad string. */`
		`- + return (ISC_R_UNEXPECTEDTOKEN);`
		`- + }`
		`- + if (n < 0 \|\| n > 0xff) { /* Out of range. */`
		`- + return (ISC_R_RANGE);`
		`- + }`
		`- + *number = n;`
		`- + return (ISC_R_SUCCESS);`
		`- +}`
		`- +`
		`- static isc_result_t`
		`- resconf_parseoption(irs_resconf_t conf, FILE fp) {`
		`- int delim;`
		`- - long ndots;`
		`- - char *p;`
		`- + isc_result_t result = ISC_R_SUCCESS;`
		`- char word[RESCONFMAXLINELEN];`
		`-`
		`- delim = getword(fp, word, sizeof(word));`
		`- @@ -473,14 +499,11 @@ resconf_parseoption(irs_resconf_t conf, FILE fp) {`
		`- if (strcmp("debug", word) == 0) {`
		`- conf->resdebug = 1;`
		`- } else if (strncmp("ndots:", word, 6) == 0) {`
		`- - ndots = strtol(word + 6, &p, 10);`
		`- - if (p != '\0') { / Bad string. */`
		`- - return (ISC_R_UNEXPECTEDTOKEN);`
		`- - }`
		`- - if (ndots < 0 \|\| ndots > 0xff) { /* Out of range. */`
		`- - return (ISC_R_RANGE);`
		`- - }`
		`- - conf->ndots = (uint8_t)ndots;`
		`- + CHECK(resconf_optionnumber(word + 6, &conf->ndots));`
		`- + } else if (strncmp("attempts:", word, 9) == 0) {`
		`- + CHECK(resconf_optionnumber(word + 9, &conf->attempts));`
		`- + } else if (strncmp("timeout:", word, 8) == 0) {`
		`- + CHECK(resconf_optionnumber(word + 8, &conf->timeout));`
		`- }`
		`-`
		`- if (delim == EOF \|\| delim == '\n') {`
		`- @@ -490,7 +513,8 @@ resconf_parseoption(irs_resconf_t conf, FILE fp) {`
		`- }`
		`- }`
		`-`
		`- - return (ISC_R_SUCCESS);`
		`- +cleanup:`
		`- + return (result);`
		`- }`
		`-`
		`- static isc_result_t`
		`- @@ -532,6 +556,8 @@ irs_resconf_load(isc_mem_t mctx, const char filename, irs_resconf_t **confp) {`
		`- conf->sortlistnxt = 0;`
		`- conf->resdebug = 0;`
		`- conf->ndots = 1;`
		`- + conf->attempts = 3;`
		`- + conf->timeout = 0;`
		`- for (i = 0; i < RESCONFMAXSEARCH; i++) {`
		`- conf->search[i] = NULL;`
		`- }`
		`- @@ -687,3 +713,17 @@ irs_resconf_getndots(irs_resconf_t *conf) {`
		`-`
		`- return ((unsigned int)conf->ndots);`
		`- }`
		`- +`
		`- +unsigned int`
		`- +irs_resconf_getattempts(irs_resconf_t *conf) {`
		`- + REQUIRE(IRS_RESCONF_VALID(conf));`
		`- +`
		`- + return ((unsigned int)conf->attempts);`
		`- +}`
		`- +`
		`- +unsigned int`
		`- +irs_resconf_gettimeout(irs_resconf_t *conf) {`
		`- + REQUIRE(IRS_RESCONF_VALID(conf));`
		`- +`
		`- + return ((unsigned int)conf->timeout);`
		`- +}`
		`- --`
		`- 2.35.3`
		`-`

bind-9.5-PIE.patch

file modified

+16 -26

		`@@ -1,30 +1,20 @@`
		`- diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in`
		`- index eb622d1..37053a7 100644`
		`- --- a/bin/named/Makefile.in`
		`- +++ b/bin/named/Makefile.in`
		`- @@ -117,8 +117,12 @@ SRCS = builtin.c config.c control.c \`
		`- tkeyconf.c tsigconf.c zoneconf.c \`
		`- ${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}`
		`+ diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am`
		`+ index 7065a90..e2e485b 100644`
		`+ --- a/bin/named/Makefile.am`
		`+ +++ b/bin/named/Makefile.am`
		`+ @@ -32,6 +32,7 @@ AM_CPPFLAGS += \`
		`+ endif HAVE_LIBXML2`

		`- +EXT_CFLAGS = -fpie`
		`- +`
		`- @BIND9_MAKE_RULES@`
		`+ AM_CPPFLAGS += \`
		`+ + -fpie \`
		`+ -DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \`
		`+ -DNAMED_SYSCONFDIR=\"${sysconfdir}\"`

		`- +LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack`
		`- +`
		`- main.@O@: main.c`
		`- ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \`
		`- -DVERSION=\"${VERSION}\" \`
		`- diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in`
		`- index fd9ca8d..f1c102c 100644`
		`- --- a/bin/named/unix/Makefile.in`
		`- +++ b/bin/named/unix/Makefile.in`
		`- @@ -11,6 +11,8 @@ srcdir = @srcdir@`
		`- VPATH = @srcdir@`
		`- top_srcdir = @top_srcdir@`
		`+ @@ -122,5 +123,7 @@ named_LDADD += \`
		`+ $(LIBNGHTTP2_LIBS)`
		`+ endif HAVE_LIBNGHTTP2`

		`- +EXT_CFLAGS = -fpie`
		`+ +AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack`
		`+`
		`- @BIND9_MAKE_INCLUDES@`
		`-`
		`- CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \`
		`+ MAINTAINERCLEANFILES = \`
		`+ named.conf.rst`

bind-9.5-dlz-64bit.patch

file removed

-53

		`@@ -1,53 +0,0 @@`
		`- diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in`
		`- index 47525af..eefe3c3 100644`
		`- --- a/contrib/dlz/config.dlz.in`
		`- +++ b/contrib/dlz/config.dlz.in`
		`- @@ -17,6 +17,13 @@`
		`- #`
		`- dlzdir='${DLZ_DRIVER_DIR}'`
		`-`
		`- +AC_MSG_CHECKING([for target libdir])`
		`- +AC_RUN_IFELSE([int main(void) {exit((sizeof(void *) == 8) ? 0 : 1);}],`
		`- + [target_lib=lib64],`
		`- + [target_lib=lib],`
		`- +)`
		`- +AC_MSG_RESULT(["$target_lib"])`
		`- +`
		`- #`
		`- # Private autoconf macro to simplify configuring drivers:`
		`- #`
		`- @@ -292,9 +299,9 @@ case "$use_dlz_bdb" in`
		`- then`
		`- break`
		`- fi`
		`- - elif test -f "$dd/lib/lib${d}.so"`
		`- + elif test -f "$dd/${target_lib}/lib${d}.so"`
		`- then`
		`- - dlz_bdb_libs="-L${dd}/lib -l${d}"`
		`- + dlz_bdb_libs="-L${dd}/${target_lib} -l${d}"`
		`- break`
		`- fi`
		`- done`
		`- @@ -396,7 +403,7 @@ case "$use_dlz_ldap" in`
		`- *)`
		`- DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,`
		`- [-I$use_dlz_ldap/include],`
		`- - [-L$use_dlz_ldap/lib -lldap -llber])`
		`- + [-L$use_dlz_ldap/${target_lib} -lldap -llber])`
		`-`
		`- AC_MSG_RESULT(`
		`- [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])`
		`- @@ -432,11 +439,11 @@ then`
		`- odbcdirs="/usr /usr/local /usr/pkg"`
		`- for d in $odbcdirs`
		`- do`
		`- - if test -f $d/include/sql.h -a -f $d/lib/libodbc.a`
		`- + if test -f $d/include/sql.h -a -f $d/${target_lib}/libodbc.a`
		`- then`
		`- use_dlz_odbc=$d`
		`- dlz_odbc_include="-I$use_dlz_odbc/include"`
		`- - dlz_odbc_libs="-L$use_dlz_odbc/lib -lodbc"`
		`- + dlz_odbc_libs="-L$use_dlz_odbc/${target_lib} -lodbc"`
		`- break`
		`- fi`
		`- done`

bind-9.9.1-P2-dlz-libdb.patch

file removed

-31

		`@@ -1,31 +0,0 @@`
		`- diff -up bind-9.10.1b1/contrib/dlz/config.dlz.in.libdb bind-9.10.1b1/contrib/dlz/config.dlz.in`
		`- --- bind-9.10.1b1/contrib/dlz/config.dlz.in.libdb 2014-08-04 12:33:09.320735111 +0200`
		`- +++ bind-9.10.1b1/contrib/dlz/config.dlz.in 2014-08-04 12:41:46.888241910 +0200`
		`- @@ -263,7 +263,7 @@ case "$use_dlz_bdb" in`
		`- # Check other locations for includes.`
		`- # Order is important (sigh).`
		`-`
		`- - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db"`
		`- + bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /libdb /db"`
		`- # include a blank element first`
		`- for d in "" $bdb_incdirs`
		`- do`
		`- @@ -288,16 +288,9 @@ case "$use_dlz_bdb" in`
		`- bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"`
		`- for d in $bdb_libnames`
		`- do`
		`- - if test "$dd" = "/usr"`
		`- + if test -f "$dd/${target_lib}/lib${d}.so"`
		`- then`
		`- - AC_CHECK_LIB($d, db_create, dlz_bdb_libs="-l${d}")`
		`- - if test $dlz_bdb_libs != "yes"`
		`- - then`
		`- - break`
		`- - fi`
		`- - elif test -f "$dd/${target_lib}/lib${d}.so"`
		`- - then`
		`- - dlz_bdb_libs="-L${dd}/${target_lib} -l${d}"`
		`- + dlz_bdb_libs="-L${dd}/${target_lib}/libdb -l${d}"`
		`- break`
		`- fi`
		`- done`

bind.spec

file modified

+117 -290

		`@@ -7,17 +7,18 @@`
		`# bcond_with is built only when --with X is passed to build`
		`%bcond_with SYSTEMTEST`
		`%bcond_without GSSTSIG`
		`- # it is not possible to build the package without PKCS11 sub-package`
		`- # due to extensive changes to Makefiles`
		`- %bcond_without PKCS11`
		`%bcond_without JSON`
		`+ # FIXME: Not ready. Should it be worked on?`
		`%bcond_without DLZ`
		`# New MaxMind GeoLite support`
		`%bcond_without GEOIP2`
		`+ # Disabled temporarily until kyua is fixed on rawhide, bug #1926779`
		`%bcond_without UNITTEST`
		`%bcond_without DNSTAP`
		`%bcond_without LMDB`
		`%bcond_without DOC`
		`+ # Because of issues with PDF rebuild, include only HTML pages`
		`+ # Current error: unable top find isc-logo.pdf`
		`%if 0%{?fedora}`
		`# RHEL and ELN do not have all required packages`
		`%bcond_without DOCPDF`
		`@@ -47,18 +48,26 @@`
		`# lib*.so.X versions of selected libraries no longer provided,`
		`# lib*-%%{version}-RH.so is provided as an internal implementation detail`

		`+ # Upstream package name`
		`+ %global upname bind`
		`+ %define upname_compat() \`
		`+ %if "%{name}" != "%{upname}" \`
		`+ Provides: %1 = %{epoch}:%{version}-%{release} \`
		`+ Obsoletes: %1 < 32:9.17.0 \`
		`+ Conflicts: %1 \`
		`+ %endif`

		`Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server`
		`Name: bind`
		`License: MPLv2.0`
		`- Version: 9.16.30`
		`- Release: 1%{?dist}`
		`+ Version: 9.18.4`
		`+ Release: 2%{?dist}`
		`Epoch: 32`
		`Url: https://www.isc.org/downloads/bind/`
		`#`
		`- Source0: https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz`
		`+ Source0: https://downloads.isc.org/isc/bind9/%{version}/%{upname}-%{version}.tar.xz`
		`Source1: named.sysconfig`
		`- Source2: https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz.asc`
		`+ Source2: https://downloads.isc.org/isc/bind9/%{version}/%{upname}-%{version}.tar.xz.asc`
		`Source3: named.logrotate`
		`Source4: https://downloads.isc.org/isc/pgpkeys/codesign2021.txt`
		`Source16: named.conf`
		`@@ -80,31 +89,14 @@`
		`Source43: named.rwtab`
		`Source44: named-chroot-setup.service`
		`Source46: named-setup-rndc.service`
		`- Source47: named-pkcs11.service`
		`Source48: setup-named-softhsm.sh`
		`Source49: named-chroot.files`

		`- # Make PKCS11 used only for pkcs11 parts`
		`- Patch1: bind-9.14-config-pkcs11.patch`
		`- # Fedora specific patch to distribute native-pkcs#11 functionality`
		`- Patch2: bind-9.10-dist-native-pkcs11.patch`
		`- # Do not use isc-pkcs11.`
		`- Patch3: bind-9.11-kyua-pkcs11.patch`
		`-`
		`# Common patches`
		`- Patch18: bind-9.5-PIE.patch`
		`- Patch19: bind-9.16-redhat_doc.patch`
		`- Patch20: bind-9.5-dlz-64bit.patch`
		`- # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5601`
		`- Patch21: bind93-rh490837.patch`
		`+ # FIXME: Is this still required?`
		`+ Patch10: bind-9.5-PIE.patch`
		`+ Patch16: bind-9.16-redhat_doc.patch`
		`Patch22: bind-9.11-fips-tests.patch`
		`- Patch24: bind-9.9.1-P2-dlz-libdb.patch`
		`-`
		`- # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2689`
		`- Patch25:bind-9.11-rh1666814.patch`
		`- # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5273`
		`- Patch27: bind-9.16-resolv.conf-options-timeout.patch`
		`- Patch28: bind-9.16-resolv.conf-options-timeout-test.patch`

		`%{?systemd_ordering}`
		`Requires: coreutils`
		`@@ -112,22 +104,20 @@`
		`Requires(post): shadow-utils`
		`Requires(post): glibc-common`
		`Requires(post): grep`
		`- Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`- # This wild require should satisfy %%selinux_set_boolean macro only`
		`- # in case it needs to be used`
		`- Requires(post): ((policycoreutils-python-utils and libselinux-utils) if (selinux-policy-targeted or selinux-policy-mls))`
		`- Requires(post): ((selinux-policy and selinux-policy-base) if (selinux-policy-targeted or selinux-policy-mls))`
		`- Recommends: bind-utils bind-dnssec-utils`
		`+ Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Recommends: %{name}-utils %{name}-dnssec-utils`
		`+ %upname_compat %{upname}`
		`+ Obsoletes: %{name}-pkcs11 < 32:9.18.4-2`
		`+`
		`BuildRequires: gcc, make`
		`BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel`
		`BuildRequires: libidn2-devel, libxml2-devel`
		`BuildRequires: systemd-rpm-macros`
		`BuildRequires: selinux-policy`
		`- # needed for %%{__python3} macro`
		`- BuildRequires: python3-devel`
		`- BuildRequires: python3-ply`
		`BuildRequires: findutils sed`
		`+ BuildRequires: libnghttp2-devel`
		`%if 0%{?fedora}`
		`+ BuildRequires: jemalloc-devel`
		`BuildRequires: gnupg2`
		`%endif`
		`BuildRequires: libuv-devel`
		`@@ -136,9 +126,9 @@`
		`%endif`
		`%if %{with UNITTEST}`
		`# make unit dependencies`
		`- BuildRequires: libcmocka-devel kyua`
		`+ BuildRequires: libcmocka-devel`
		`%endif`
		`- %if %{with PKCS11} && (%{with UNITTEST} \|\| %{with SYSTEMTEST})`
		`+ %if %{with UNITTEST} \|\| %{with SYSTEMTEST}`
		`BuildRequires: softhsm`
		`%endif`
		`%if %{with SYSTEMTEST}`
		`@@ -182,58 +172,16 @@`
		`(routines for applications to use when interfacing with DNS); and`
		`tools for verifying that the DNS server is operating properly.`

		`- %if %{with PKCS11}`
		`- %package pkcs11`
		`- Summary: Bind with native PKCS#11 functionality for crypto`
		`- Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}`
		`- Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`- Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`- Recommends: softhsm`
		`-`
		`- %description pkcs11`
		`- This is a version of BIND server built with native PKCS#11 functionality.`
		`- It is important to have SoftHSM v2+ installed and some token initialized.`
		`- For other supported HSM modules please check the BIND documentation.`
		`-`
		`- %package pkcs11-utils`
		`- Summary: Bind tools with native PKCS#11 for using DNSSEC`
		`- Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`- Obsoletes: bind-pkcs11 < 32:9.9.4-16.P2`
		`- Requires: bind-dnssec-doc = %{epoch}:%{version}-%{release}`
		`-`
		`- %description pkcs11-utils`
		`- This is a set of PKCS#11 utilities that when used together create rsa`
		`- keys in a PKCS11 keystore. Also utilities for working with DNSSEC`
		`- compiled with native PKCS#11 functionality are included.`
		`-`
		`- %package pkcs11-libs`
		`- Summary: Bind libraries compiled with native PKCS#11`
		`- Requires: bind-license = %{epoch}:%{version}-%{release}`
		`- Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`-`
		`- %description pkcs11-libs`
		`- This is a set of BIND libraries (dns, isc) compiled with native PKCS#11`
		`- functionality.`
		`-`
		`- %package pkcs11-devel`
		`- Summary: Development files for Bind libraries compiled with native PKCS#11`
		`- Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`- Requires: bind-devel%{?_isa} = %{epoch}:%{version}-%{release}`
		`-`
		`- %description pkcs11-devel`
		`- This a set of development files for BIND libraries (dns, isc) compiled`
		`- with native PKCS#11 functionality.`
		`- %endif`
		`-`
		`%package libs`
		`Summary: Libraries used by the BIND DNS packages`
		`- Requires: bind-license = %{epoch}:%{version}-%{release}`
		`- Provides: bind-libs-lite = %{epoch}:%{version}-%{release}`
		`- Obsoletes: bind-libs-lite < 32:9.16.13`
		`+ Requires: %{name}-license = %{epoch}:%{version}-%{release}`
		`+ Provides: %{name}-libs-lite = %{epoch}:%{version}-%{release}`
		`+ Obsoletes: %{name}-libs-lite < 32:9.16.13`
		`+ Obsoletes: %{name}-pkcs11-libs < 32:9.18.4-2`

		`%description libs`
		`Contains heavyweight version of BIND suite libraries used by both named DNS`
		`- server and utilities in bind-utils package.`
		`+ server and utilities in %{name}-utils package.`

		`%package license`
		`Summary: License of the BIND DNS suite`
		`@@ -244,9 +192,11 @@`

		`%package utils`
		`Summary: Utilities for querying DNS name servers`
		`- Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`# For compatibility with Debian package`
		`Provides: dnsutils = %{epoch}:%{version}-%{release}`
		`+ Obsoletes: %{name}-pkcs11-utils < 32:9.18.4-2`
		`+ %upname_compat %{upname}-utils`

		`%description utils`
		`Bind-utils contains a collection of utilities for querying DNS (Domain`
		`@@ -255,37 +205,30 @@`
		`host names, as well as other information about registered domains and`
		`network addresses.`

		`- You should install bind-utils if you need to get information from DNS name`
		`+ You should install %{name}-utils if you need to get information from DNS name`
		`servers.`

		`%package dnssec-utils`
		`Summary: DNSSEC keys and zones management utilities`
		`- Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`- Recommends: bind-utils`
		`- Requires: python3-bind = %{epoch}:%{version}-%{release}`
		`- Requires: bind-dnssec-doc = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Recommends: %{name}-utils`
		`+ Obsoletes: python3-%{name} < 32:9.18.0`
		`+ Obsoletes: %{name}-dnssec-doc < 32:9.18.4`
		`+ %upname_compat %{upname}-dnssec-utils`

		`%description dnssec-utils`
		`- Bind-dnssec-utils contains a collection of utilities for editing`
		`+ %{name}-dnssec-utils contains a collection of utilities for editing`
		`DNSSEC keys and BIND zone files. These tools provide generation,`
		`revocation and verification of keys and DNSSEC signatures in zone files.`

		`- You should install bind-dnssec-utils if you need to sign a DNS zone`
		`+ You should install %{name}-dnssec-utils if you need to sign a DNS zone`
		`or maintain keys for it.`

		`- %package dnssec-doc`
		`- Summary: Manual pages of DNSSEC utilities`
		`- Requires: bind-license = %{epoch}:%{version}-%{release}`
		`- BuildArch:noarch`
		`-`
		`- %description dnssec-doc`
		`- Bind-dnssec-doc contains manual pages for bind-dnssec-utils.`
		`-`
		`%package devel`
		`Summary: Header files and libraries needed for bind-dyndb-ldap`
		`- Provides: bind-lite-devel = %{epoch}:%{version}-%{release}`
		`- Obsoletes: bind-lite-devel < 32:9.16.6-3`
		`- Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Provides: %{name}-lite-devel = %{epoch}:%{version}-%{release}`
		`+ Obsoletes: %{name}-lite-devel < 32:9.16.6-3`
		`+ Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}`
		`Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa}`
		`Requires: libcap-devel%{?_isa}`
		`%if %{with GSSTSIG}`
		`@@ -305,7 +248,7 @@`
		`%endif`

		`%description devel`
		`- The bind-devel package contains full version of the header files and libraries`
		`+ The %{name}-devel package contains full version of the header files and libraries`
		`required for building bind-dyndb-ldap. Upstream no longer supports nor recommends`
		`bind libraries for third party applications.`

		`@@ -314,7 +257,7 @@`
		`Prefix: %{chroot_prefix}`
		`# grep is required due to setup-named-chroot.sh script`
		`Requires: grep`
		`- Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}`

		`%description chroot`
		`This package contains a tree of files which can be used as a`
		`@@ -325,21 +268,21 @@`
		`%if %{with DLZ}`
		`%package dlz-filesystem`
		`Summary: BIND server filesystem DLZ module`
		`- Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}`

		`%description dlz-filesystem`
		`Dynamic Loadable Zones filesystem module for BIND server.`

		`%package dlz-ldap`
		`Summary: BIND server ldap DLZ module`
		`- Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}`

		`%description dlz-ldap`
		`Dynamic Loadable Zones LDAP module for BIND server.`

		`%package dlz-mysql`
		`Summary: BIND server mysql and mysqldyn DLZ modules`
		`- Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}`
		`Provides: %{name}-dlz-mysqldyn = %{epoch}:%{version}-%{release}`
		`Obsoletes: %{name}-dlz-mysqldyn < 32:9.16.6-3`

		`@@ -349,28 +292,16 @@`

		`%package dlz-sqlite3`
		`Summary: BIND server sqlite3 DLZ module`
		`- Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}`

		`%description dlz-sqlite3`
		`Dynamic Loadable Zones sqlite3 module for BIND server.`
		`%endif`

		`-`
		`- %package -n python3-bind`
		`- Summary: A module allowing rndc commands to be sent from Python programs`
		`- Requires: bind-license = %{epoch}:%{version}-%{release}`
		`- Requires: python3 python3-ply %{?py3_dist:%py3_dist ply}`
		`- BuildArch: noarch`
		`- %{?python_provide:%python_provide python3-bind}`
		`- %{?python_provide:%python_provide python3-isc}`
		`-`
		`- %description -n python3-bind`
		`- This package provides a module which allows commands to be sent to rndc directly from Python programs.`
		`-`
		`%if %{with DOC}`
		`%package doc`
		`Summary: BIND 9 Administrator Reference Manual`
		`- Requires: bind-license = %{epoch}:%{version}-%{release}`
		`+ Requires: %{name}-license = %{epoch}:%{version}-%{release}`
		`Requires: python3-sphinx_rtd_theme`
		`BuildArch: noarch`

		`@@ -392,25 +323,15 @@`
		`# RHEL does not yet support this verification`
		`%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE2}' --data='%{SOURCE0}'`
		`%endif`
		`- %autosetup -n %{name}-%{version} -N`
		`- %autopatch -p1 -m 18`
		`- %if %{with PKCS11}`
		`- %autopatch -p1 -m 1 -M 1`
		`- cp -r bin/named{,-pkcs11}`
		`- cp -r bin/dnssec{,-pkcs11}`
		`- cp -r lib/dns{,-pkcs11}`
		`- cp -r lib/ns{,-pkcs11}`
		`- %autopatch -p1 -m 2 -M 17`
		`- %endif`
		`+ %autosetup -n %{upname}-%{version} -p1`

		`# Sparc and s390 arches need to use -fPIE`
		`%ifarch sparcv9 sparc64 s390 s390x`
		`- for i in bin/named/{,unix}/Makefile.in; do`
		`+ for i in bin/named/Makefile.am; do`
		`sed -i 's\|fpie\|fPIE\|g' $i`
		`done`
		`%endif`

		`- sed -e 's\|"$TOP/config.guess"\|"$TOP_SRCDIR/config.guess"\|' -i bin/tests/system/ifconfig.sh`
		`:;`


		`@@ -420,15 +341,12 @@`

		`# normal and pkcs11 unit tests`
		`%define unit_prepare_build() \`
		`- cp -uv Kyuafile "%{1}/" \`
		`find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \`
		`- find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \`
		`find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \`
		`find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \`

		`%define systemtest_prepare_build() \`
		`cp -Tuav bin/tests "%{1}/bin/tests/" \`
		`- cp -uv version "%{1}" \`

		`CFLAGS="$CFLAGS $RPM_OPT_FLAGS"`
		`%if %{with TSAN}`
		`@@ -439,10 +357,10 @@`


		`sed -i -e \`
		`- 's/RELEASEVER=$.*$/RELEASEVER=\1-RH/' \`
		`- version`
		`+ 's/([bind_VERSION_EXTRA],\s$[^)]$)/([bind_VERSION_EXTRA], \1-RH)/' \`
		`+ configure.ac`

		`- libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f`
		`+ autoreconf --force --install`

		`mkdir build`

		`@@ -456,8 +374,6 @@`
		`LIBDIR_SUFFIX=`
		`export LIBDIR_SUFFIX`
		`%configure \`
		`- --with-python=%{__python3} \`
		`- --with-libtool \`
		`--localstatedir=%{_var} \`
		`--with-pic \`
		`--disable-static \`
		`@@ -467,11 +383,6 @@`
		`%if %{with GEOIP2}`
		`--with-maxminddb \`
		`%endif`
		`- %if %{with PKCS11}`
		`- --enable-native-pkcs11 \`
		`- --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \`
		`- %endif`
		`- --with-dlopen=yes \`
		`%if %{with GSSTSIG}`
		`--with-gssapi=yes \`
		`%endif`
		`@@ -481,7 +392,7 @@`
		`--with-lmdb=no \`
		`%endif`
		`%if %{with JSON}`
		`- --without-libjson --with-json-c \`
		`+ --with-json-c \`
		`%endif`
		`%if %{with DNSTAP}`
		`--enable-dnstap \`
		`@@ -496,9 +407,6 @@`
		`pushd lib`
		`SRCLIB="../../../lib"`
		`(cd dns && ln -s ${SRCLIB}/dns/dnstap.proto)`
		`- %if %{with PKCS11}`
		`- (cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto)`
		`- %endif`
		`popd`
		`%endif`

		`@@ -512,27 +420,14 @@`

		`%make_build`

		`- # Regenerate dig.1 manpage`
		`- pushd bin/dig`
		`- make man`
		`- popd`
		`- pushd bin/python`
		`- make man`
		`- popd`
		`-`
		`%if %{with DOC}`
		`make doc`
		`%endif`

		`%if %{with DLZ}`
		`pushd contrib/dlz/modules`
		`- for DIR in mysql mysqldyn; do`
		`- sed -e 's/@DLZ_DRIVER_MYSQL_INCLUDES@/$(shell mysql_config --cflags)/' \`
		`- -e 's/@DLZ_DRIVER_MYSQL_LIBS@/$(shell mysql_config --libs)/' \`
		`- $DIR/Makefile.in > $DIR/Makefile`
		`- done`
		`for DIR in filesystem ldap mysql mysqldyn sqlite3; do`
		`- make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"`
		`+ make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS -DPTHREADS=1" LDFLAGS="$LDFLAGS"`
		`done`
		`popd`
		`%endif`
		`@@ -542,7 +437,7 @@`
		`%systemtest_prepare_build build`

		`%check`
		`- %if %{with PKCS11} && (%{with UNITTEST} \|\| %{with SYSTEMTEST})`
		`+ %if %{with UNITTEST} \|\| %{with SYSTEMTEST}`
		`# Tests require initialization of pkcs11 token`
		eval "$(bash %{SOURCE48} -A "`pwd`/softhsm-tokens")"
		`%endif`
		`@@ -637,36 +532,33 @@`
		`install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}`
		`install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}`

		`- %if %{with PKCS11}`
		`- install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}`
		`- %else`
		`- # Not packaged without PKCS11`
		`- find ${RPM_BUILD_ROOT}%{_includedir}/bind9/pk11 ${RPM_BUILD_ROOT}%{_includedir}/bind9/pkcs11 \`
		`- -name '*.h' \! -name site.h -delete`
		`-`
		`- %endif`
		`-`
		`mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}`
		`install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh`
		`install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh`

		`- %if %{with PKCS11}`
		`install -m 755 %{SOURCE48} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh`
		`- %endif`

		`install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named`
		`mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig`
		`install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named`
		`install -m 644 %{SOURCE49} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files`

		`+ pushd ${RPM_BUILD_ROOT}%{_sbindir}`
		`+ # Compatibility with previous major versions, only for selected binaries`
		`+ for BIN in named-checkconf named-checkzone named-compilezone`
		`+ do`
		`+ ln -s ../bin/$BIN $BIN`
		`+ done`
		`+ popd`
		`+`
		`%if %{with DLZ}`
		`pushd build`
		`pushd contrib/dlz/modules`
		`for DIR in filesystem ldap mysql mysqldyn sqlite3; do`
		`- %make_install -C $DIR libdir=%{_libdir}/named`
		`+ %make_install -C $DIR libdir=%{_libdir}/bind`
		`done`
		`- pushd ${RPM_BUILD_ROOT}/%{_libdir}/bind`
		`- cp -s ../named/dlz_*.so .`
		`+ pushd ${RPM_BUILD_ROOT}/%{_libdir}/named`
		`+ cp -s ../bind/dlz_*.so .`
		`popd`
		`mkdir -p doc/{mysql,mysqldyn}`
		`cp -p mysqldyn/testing/README doc/mysqldyn/README.testing`
		`@@ -676,28 +568,9 @@`
		`popd`
		`%endif`

		`- # Install isc/errno2result.h header`
		`- install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc`
		`-`
		`# Remove libtool .la files:`
		`find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';`

		`- # PKCS11 versions manpages`
		`- %if %{with PKCS11}`
		`- pushd ${RPM_BUILD_ROOT}%{_mandir}/man8`
		`- ln -s named.8.gz named-pkcs11.8.gz`
		`- ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz`
		`- ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz`
		`- ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz`
		`- ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz`
		`- ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz`
		`- ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz`
		`- ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz`
		`- ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz`
		`- ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz`
		`- popd`
		`- %endif`
		`-`
		`# 9.16.4 installs even manual pages for tools not generated`
		`%if %{without DNSTAP}`
		`rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/dnstap-read.1* \|\| true`
		`@@ -708,15 +581,15 @@`

		`pushd ${RPM_BUILD_ROOT}%{_mandir}/man8`
		`ln -s ddns-confgen.8.gz tsig-keygen.8.gz`
		`- ln -s named-checkzone.8.gz named-compilezone.8.gz`
		`+ popd`
		`+ pushd ${RPM_BUILD_ROOT}%{_mandir}/man1`
		`+ ln -s named-checkzone.1.gz named-compilezone.1.gz`
		`popd`

		`%if %{with DOC}`
		`mkdir -p ${RPM_BUILD_ROOT}%{_pkgdocdir}`
		`cp -a build/doc/arm/_build/html ${RPM_BUILD_ROOT}%{_pkgdocdir}`
		`rm -rf ${RPM_BUILD_ROOT}%{_pkgdocdir}/html/.{buildinfo,doctrees}`
		`- # Backward compatible link to 9.11 documentation`
		`- (cd ${RPM_BUILD_ROOT}%{_pkgdocdir} && ln -s html/index.html Bv9ARM.html)`
		`# Share static data from original sphinx package`
		`for DIR in %{python3_sitelib}/sphinx_rtd_theme/static/*`
		`do`
		`@@ -729,7 +602,7 @@`
		`done`
		`%endif`
		`%if %{with DOCPDF}`
		`- cp -a build/doc/arm/Bv9ARM.pdf ${RPM_BUILD_ROOT}%{_pkgdocdir}`
		`+ cp -p build/doc/arm/_build/latex/Bv9ARM.pdf ${RPM_BUILD_ROOT}%{_pkgdocdir}`
		`%endif`

		`# Ghost config files:`
		`@@ -779,10 +652,6 @@`

		`%post`
		`%?ldconfig`
		`- if [ -e "%{_sysconfdir}/selinux/config" ]; then`
		`- %selinux_set_booleans -s targeted %{selinuxbooleans}`
		`- %selinux_set_booleans -s mls %{selinuxbooleans}`
		`- fi`
		`if [ "$1" -eq 1 ]; then`
		`# Initial installation`
		`[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;`
		`@@ -795,7 +664,7 @@`
		`/sbin/usermod -s /sbin/nologin named`
		`fi`
		`# Checkconf will parse out comments`
		`- if /usr/sbin/named-checkconf -p /etc/named.conf 2>/dev/null \| grep -q named.iscdlv.key`
		`+ if /usr/bin/named-checkconf -p /etc/named.conf 2>/dev/null \| grep -q named.iscdlv.key`
		`then`
		`echo "Replacing obsolete named.iscdlv.key with named.root.key..."`
		`if cp -Rf --preserve=all --remove-destination /etc/named.conf /etc/named.conf.rpmbackup; then`
		`@@ -816,24 +685,6 @@`
		`%?ldconfig`
		`# Package upgrade, not uninstall`
		`%systemd_postun_with_restart named.service`
		`- if [ -e "%{_sysconfdir}/selinux/config" ]; then`
		`- %selinux_unset_booleans -s targeted %{selinuxbooleans}`
		`- %selinux_unset_booleans -s mls %{selinuxbooleans}`
		`- fi`
		`-`
		`- %if %{with PKCS11}`
		`- %post pkcs11`
		`- # Initial installation`
		`- %systemd_post named-pkcs11.service`
		`-`
		`- %preun pkcs11`
		`- # Package removal, not upgrade`
		`- %systemd_preun named-pkcs11.service`
		`-`
		`- %postun pkcs11`
		`- # Package upgrade, not uninstall`
		`- %systemd_postun_with_restart named-pkcs11.service`
		`- %endif`

		`# Fix permissions on existing device files on upgrade`
		`%define chroot_fix_devices() \`
		`@@ -851,11 +702,18 @@`
		`/sbin/chkconfig --del named >/dev/null 2>&1 \|\| :`
		`/bin/systemctl try-restart named.service >/dev/null 2>&1 \|\| :`

		`- %ldconfig_scriptlets libs`
		`+ %triggerpostun -- bind < 32:9.18.4-2, selinux-policy, policycoreutils`
		`+ if [ -x %{_sbindir}/selinuxenabled ] && [ -x %{_sbindir}/getsebool ] && [ -x %{_sbindir}/setsebool ] \`
		`+ && %{_sbindir}/selinuxenabled && [ -x %{_sbindir}/named ]; then`
		`+ # Return master zones after upgrade from selinux_booleans version`
		`+ WRITEBOOL="$(LC_ALL=C %{_sbindir}/getsebool named_write_master_zones)"`
		`+ if [ "echo ${WRITEBOOL#named_write_master_zones --> }" = "off" ]; then`
		`+ echo "Restoring new sebool default of named_write_master_zones..."`
		`+ %{_sbindir}/setsebool -P named_write_master_zones=1 \|\| :`
		`+ fi`
		`+ fi`

		`- %if %{with PKCS11}`
		`- %ldconfig_scriptlets pkcs11-libs`
		`- %endif`
		`+ %ldconfig_scriptlets libs`

		`%post chroot`
		`%systemd_post named-chroot.service`
		`@@ -880,10 +738,10 @@`

		`%files`
		`# TODO: Move from lib/bind to lib/named, as used by upstream`
		`+ # FIXME: current build targets filters into %%_libdir/bind again?`
		`%dir %{_libdir}/bind`
		`+ %{_libdir}/bind/filter*.so`
		`%dir %{_libdir}/named`
		`- %{_libdir}/named/*.so`
		`- %exclude %{_libdir}/named/dlz_*.so`
		`%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named`
		`%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key`
		`%config(noreplace) %{_sysconfdir}/logrotate.d/named`
		`@@ -891,24 +749,26 @@`
		`%{_sysconfdir}/rwtab.d/named`
		`%{_unitdir}/named.service`
		`%{_unitdir}/named-setup-rndc.service`
		`- %{_sbindir}/named-journalprint`
		`- %{_sbindir}/named-checkconf`
		`+ %{_bindir}/named-journalprint`
		`+ %{_bindir}/named-checkconf`
		`%{_bindir}/named-rrchecker`
		`%{_bindir}/mdig`
		`%{_sbindir}/named`
		`%{_sbindir}/rndc*`
		`+ %{_sbindir}/named-checkconf`
		`%{_libexecdir}/generate-rndc-key.sh`
		`+ %{_libexecdir}/setup-named-softhsm.sh`
		`%{_mandir}/man1/mdig.1*`
		`%{_mandir}/man1/named-rrchecker.1*`
		`%{_mandir}/man5/named.conf.5*`
		`%{_mandir}/man5/rndc.conf.5*`
		`%{_mandir}/man8/rndc.8*`
		`%{_mandir}/man8/named.8*`
		`- %{_mandir}/man8/named-checkconf.8*`
		`+ %{_mandir}/man1/named-checkconf.1*`
		`%{_mandir}/man8/rndc-confgen.8*`
		`- %{_mandir}/man8/named-journalprint.8*`
		`- %{_mandir}/man8/filter-aaaa.8.gz`
		`- %doc CHANGES README named.conf.default`
		`+ %{_mandir}/man1/named-journalprint.1*`
		`+ %{_mandir}/man8/filter-*.8.gz`
		`+ %doc CHANGES README.md named.conf.default`
		`%doc sample/`

		`# Hide configuration`
		`@@ -958,7 +818,9 @@`
		`%{_bindir}/arpaname`
		`%{_sbindir}/ddns-confgen`
		`%{_sbindir}/tsig-keygen`
		`- %{_sbindir}/nsec3hash`
		`+ %{_bindir}/nsec3hash`
		`+ %{_bindir}/named-checkzone`
		`+ %{_bindir}/named-compilezone`
		`%{_sbindir}/named-checkzone`
		`%{_sbindir}/named-compilezone`
		`%if %{with DNSTAP}`
		`@@ -966,8 +828,8 @@`
		`%{_mandir}/man1/dnstap-read.1*`
		`%endif`
		`%if %{with LMDB}`
		`- %{_sbindir}/named-nzd2nzf`
		`- %{_mandir}/man8/named-nzd2nzf.8*`
		`+ %{_bindir}/named-nzd2nzf`
		`+ %{_mandir}/man1/named-nzd2nzf.1*`
		`%endif`
		`%{_mandir}/man1/host.1*`
		`%{_mandir}/man1/nsupdate.1*`
		`@@ -977,22 +839,14 @@`
		`%{_mandir}/man1/arpaname.1*`
		`%{_mandir}/man8/ddns-confgen.8*`
		`%{_mandir}/man8/tsig-keygen.8*`
		`- %{_mandir}/man8/nsec3hash.8*`
		`- %{_mandir}/man8/named-checkzone.8*`
		`- %{_mandir}/man8/named-compilezone.8*`
		`+ %{_mandir}/man1/nsec3hash.1*`
		`+ %{_mandir}/man1/named-checkzone.1*`
		`+ %{_mandir}/man1/named-compilezone.1*`
		`%{_sysconfdir}/trusted-key.key`

		`%files dnssec-utils`
		`- %{_sbindir}/dnssec*`
		`- %if %{with PKCS11}`
		`- %exclude %{_sbindir}/dnssec*pkcs11`
		`- %endif`
		`-`
		`- %files dnssec-doc`
		`- %{_mandir}/man8/dnssec.8`
		`- %if %{with PKCS11}`
		`- %exclude %{_mandir}/man8/dnssec-pkcs11.8`
		`- %endif`
		`+ %{_bindir}/dnssec*`
		`+ %{_mandir}/man1/dnssec.1`

		`%files devel`
		`%{_libdir}/libbind9.so`
		`@@ -1010,8 +864,6 @@`
		`%{_includedir}/bind9/dst`
		`%{_includedir}/bind9/irs`
		`%{_includedir}/bind9/isc`
		`- %dir %{_includedir}/bind9/pk11`
		`- %{_includedir}/bind9/pk11/site.h`
		`%{_includedir}/bind9/isccfg`

		`%files chroot`
		`@@ -1051,34 +903,6 @@`
		`%dir %{chroot_prefix}/run/named`
		`%{chroot_prefix}%{_localstatedir}/run`

		`- %if %{with PKCS11}`
		`- %files pkcs11`
		`- %{_sbindir}/named-pkcs11`
		`- %{_unitdir}/named-pkcs11.service`
		`- %{_mandir}/man8/named-pkcs11.8*`
		`- %{_libexecdir}/setup-named-softhsm.sh`
		`-`
		`- %files pkcs11-utils`
		`- %{_sbindir}/dnssec*pkcs11`
		`- %{_sbindir}/pkcs11-destroy`
		`- %{_sbindir}/pkcs11-keygen`
		`- %{_sbindir}/pkcs11-list`
		`- %{_sbindir}/pkcs11-tokens`
		`- %{_mandir}/man8/pkcs11.8`
		`- %{_mandir}/man8/dnssec-pkcs11.8`
		`-`
		`- %files pkcs11-libs`
		`- %{_libdir}/libdns-pkcs11-%{version}*.so`
		`- %{_libdir}/libns-pkcs11-%{version}*.so`
		`-`
		`- %files pkcs11-devel`
		`- %{_includedir}/bind9/pk11/*.h`
		`- %exclude %{_includedir}/bind9/pk11/site.h`
		`- %{_includedir}/bind9/pkcs11`
		`- %{_libdir}/libdns-pkcs11.so`
		`- %{_libdir}/libns-pkcs11.so`
		`- %endif`
		`-`
		`%if %{with DLZ}`
		`%files dlz-filesystem`
		`%{_libdir}/{named,bind}/dlz_filesystem_dynamic.so`
		`@@ -1099,14 +923,9 @@`

		`%endif`

		`- %files -n python3-bind`
		`- %{python3_sitelib}/*.egg-info`
		`- %{python3_sitelib}/isc/`
		`-`
		`%if %{with DOC}`
		`%files doc`
		`%dir %{_pkgdocdir}`
		`- %doc %{_pkgdocdir}/Bv9ARM.html`
		`%doc %{_pkgdocdir}/html`
		`%endif`
		`%if %{with DOCPDF}`
		`@@ -1114,6 +933,14 @@`
		`%endif`

		`%changelog`
		`+ * Thu Jun 23 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.4-2`
		`+ - Stop enabling selinux booleans on every upgrade`
		`+ - Deprecate python3-bind for smooth upgrade`
		`+ - Remove PKCS1111 native utilities, libs and daemon`
		`+`
		`+ * Tue Jun 21 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.4-1`
		`+ - Update to 9.18.4 (#2057493)`
		`+`
		`* Mon Jun 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.30-1`
		`- Update to 9.16.30 (#2097312)`

bind93-rh490837.patch

file removed

-34

		`@@ -1,34 +0,0 @@`
		`- diff --git a/lib/isc/lex.c b/lib/isc/lex.c`
		`- index cd44fe3..5b7c539 100644`
		`- --- a/lib/isc/lex.c`
		`- +++ b/lib/isc/lex.c`
		`- @@ -27,6 +27,8 @@`
		`- #include <isc/string.h>`
		`- #include <isc/util.h>`
		`-`
		`- +#include "../errno2result.h"`
		`- +`
		`- typedef struct inputsource {`
		`- isc_result_t result;`
		`- bool is_file;`
		`- @@ -422,7 +424,7 @@ isc_lex_gettoken(isc_lex_t lex, unsigned int options, isc_token_t tokenp) {`
		`- #endif /* if defined(HAVE_FLOCKFILE) && defined(HAVE_GETC_UNLOCKED) */`
		`- if (c == EOF) {`
		`- if (ferror(stream)) {`
		`- - source->result = ISC_R_IOERROR;`
		`- + source->result = isc__errno2result(errno);`
		`- result = source->result;`
		`- goto done;`
		`- }`
		`- diff --git a/lib/isc/unix/errno2result.c b/lib/isc/unix/errno2result.c`
		`- index e3e2644..5e58600 100644`
		`- --- a/lib/isc/unix/errno2result.c`
		`- +++ b/lib/isc/unix/errno2result.c`
		`- @@ -37,6 +37,7 @@ isc___errno2result(int posixerrno, bool dolog, const char *file,`
		`- case EINVAL: /* XXX sometimes this is not for files */`
		`- case ENAMETOOLONG:`
		`- case EBADF:`
		`- + case EISDIR:`
		`- return (ISC_R_INVALIDFILE);`
		`- case ENOENT:`
		`- return (ISC_R_FILENOTFOUND);`

codesign2019.txt

file added

+252

		`@@ -0,0 +1,252 @@`
		`+ -----BEGIN PGP PUBLIC KEY BLOCK-----`
		`+ Comment: GPGTools - http://gpgtools.org`
		`+`
		`+ mQINBFwq9BQBEADHjPDCwsHVtxnMNilgu187W8a9rYTMLgLfQwioSbjsF7dUJu8m`
		`+ r1w2stcsatRs7HBk/j26RNJagY2Jt0QufOQLlTePpTl6UPU8EeiJ8c15DNf45TMk`
		`+ pa/3MdIVpDnBioyD1JNqsI4z+yCYZ7p/TRVCyh5vCcwmt5pdKjKMTcu7aD2PtTtI`
		`+ yhTIetJavy1HQmgOl4/t/nKL7Lll2xtZ56JFUt7epo0h69fiUvPewkhykzoEf4UG`
		`+ ZFHSLZKqdMNPs/Jr9n7zS+iOgEXJnKDkp8SoXpAcgJ5fncROMXpxgY2U+G5rB9n0`
		`+ /hvV1zG+EP6OLIGqekiDUga84LdmR/8Cyc7DimUmaoIZXrAo0Alpt0aZ8GimdKmh`
		`+ qirIguJOSrrsZTeZLilCWu37fRIjCQ3dSMNyhHJaOhRJQpQOEDG7jHxFak7627aF`
		`+ UnVwBAOK3NlFfbomapXQm64lYNoONGrpV0ctueD3VoPipxIyzNHHgcsXDZ6C00sv`
		`+ SbuuS9jlFEDonA6S8tApKgkEJuToBuopM4xqqwHNJ4e6QoXYjERIgIBTco3r/76D`
		`+ o22ZxSK1m2m2i+p0gnWTlFn6RH+r6gfLwZRj8iR4fa0yMn3DztyTO6H8AiaslONt`
		`+ LV2kvkhBar1/6dzlBvMdiRBejrVnw+Jg2bOmYTncFN00szPOXbEalps8wwARAQAB`
		`+ tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5`
		`+ LCAyMDE5LTIwMjApIDxjb2Rlc2lnbkBpc2Mub3JnPokCVAQTAQgAPhYhBK4/rHln`
		`+ EexZ/AB6pHS7a5pMuz04BQJcKvQUAhsDBQkD7JcABQsJCAcCBhUKCQgLAgQWAgMB`
		`+ Ah4BAheAAAoJEHS7a5pMuz0476oP/1+UaSHfe4WVHV43QaQ/z1rw7vg2aHEwyWJA`
		`+ 1D1tBr9+LvfohswwWBLIjcKRaoXZ4pLBFjuiYHBTsdaAQFeQQvQTXMmBx21ZyUZj`
		`+ tjim8f9T1JhmIrMx6tF14NbqFpjw82Mv0rc8y74pdRvkdnFigqLKUoN2tFQlKeG+`
		`+ 5T24zNwrGrlR3S7gnM47nD1JqKwt4GnczLnMBW/0gbLscMUpAeNo/gY4g0GV/zkn`
		`+ Rt91bLpcEyDAv+ZhQZbkJ49dnNzl5cTK5+uQWnlAZAdPecdLkvBNRNgj/FKL41RF`
		`+ JGN6eqq3+jlPbyj9okeJoGQ64Ibv1ZHVTQIx5vT1+PuVX/Nm0GqSUZdLqR33daKI`
		`+ hjpgUdUK/D0AnN5ulVuE1NnZWjVDTXVEeU8DFvi4lxZVHnZixejxFIZ7vRMvyaHa`
		`+ xLwbevwEUuPLzWn3XhC5yQeqCe6zmzzaPhPlg6NTnM5wgzcKORqCXgxzmtnX+Pbd`
		`+ gXTwNKAJId/141vj1OtZQKJexG9QLufMjBg5rg/qdKooozremeM+FovIocbdFnmX`
		`+ pzP8it8r8FKi7FpXRE3fwxwba4Y9AS2/owtuixlJ2+7M2OXwZEtxyXTXw2v5GFOP`
		`+ vN64G/b71l9c3yKVlQ3BXD0jErv9XcieeFDR9PK0XGlsxykPcIXZYVy2KSWptkSf`
		`+ 6f2op3tMiQEzBBABCAAdFiEEFcm6uMUTPAcGawLtlumWUDlMmawFAlwuSqAACgkQ`
		`+ lumWUDlMmaz+igf/ZW8OY5aWjRk7QiXp93jkWRIbMi8kB9jW5u6tfYXFjMADpqiQ`
		`+ yYdzEHFayRF92PQwj81UzIWzOWjErFWLDE2xol9sP5LdzeqoyED+XTqKggpVsIs+`
		`+ Lq672qnumQoZKp1YGb8MDocU2DNg/VsMdi7kCnEnPbcSuBxksmxGYomusXNrAF94`
		`+ 1OJ2sqd9BuFamLIyn8XUCGGYlsvMoe4kTCg6Cc1sQvx0lDG8urKN57jBKWbP4alV`
		`+ +JBV5KQcf74gzPmE3ypgY1tMEwxyH/WyS9ekDbai0qauX6eUAsM1bduH8fIcknLS`
		`+ Zl5hrJTrzWFF9/DKOth8QOwhJ9zoIF1fcAsx9okBMwQQAQgAHRYhBHpqR7X54SM6`
		`+ 0lUrXL2X3GOe6MR7BQJcLktcAAoJEL2X3GOe6MR7jwEH/iaolMeno1oeWAgzN6Mg`
		`+ bx3maweh/9Vqty1fwk7Crq1G78X5i1OCkknEL2p0Bfle4ApwcC4HZVcqCgoYpRV3`
		`+ /EEXtwkMNy3plWdBbLCQSev/E1D39GzgAHiMnv7NUJnkoJbvMrvrAiUTXPTtARMM`
		`+ gjEpvgEs60wuJxS8ESomRhe/KW4myxDoBxF+K+e5bOkOvvWVcAYJHWZ1BIZs4n6b`
		`+ +C2vO8q5aKTkQ/XvNT7utbTOqj1SGhItRaAQKXHBdzkQ1Et3wTA4+uRg4gK12624`
		`+ 9LperYs26w9X9UzApl+qVxQhtWUw3tnUXMastDfQrRcvJgq1xpv++OqX5Uc93RTf`
		`+ SNWJAjMEEAEIAB0WIQS+DpdItxglOii7if/xsRvwXPAuVwUCXC5LlQAKCRDxsRvw`
		`+ XPAuV29KEACEwlTVVKe4gnBYHnlAD7csoQ0+gJ6C+Ofzlw+UItRIcFeVCAknSGBs`
		`+ NPxr9JStIvKpmsbSKpCNUEAYnRP2immh94y/C6BuTe1uUUmqBGr1f4OAUwZpmI29`
		`+ ixYeY/uUs9FZO3bS0/WtG46tdcJK41qtM0DYAGT3oeZhJMTW15dfvMGlFukauSOU`
		`+ +BbR+6sZhqdbWl/AOTE/6x5otnAaW0GObY/BW240Xq/KTgBrzVdK5qNoYsMVsiTd`
		`+ 0im0JKvFG08ED+ZfcILhlO6G9jRhoTkhtYuf8CKN1dPf2IoB5FrRFf0xqRr9hNlk`
		`+ X7ViNMP9OPb8i3BubWvRi5rNSquCwrFATSiAgaA9Yi1BNzQsmQxOql9lsh7eCH7m`
		`+ +8zzUg9umWI6PkSv8vHBo2kPX73wmtEsF6vxJlk0yDBuQw7y0uuKh406tEEk4cP2`
		`+ 8U4baq+ihpioupDhNuEII1h1Eh/RBE408RAOpcr+2F0m/fKOoJyz7u+AxyV81Ia6`
		`+ fyBnUfZnlfKo16w87c1HJRs9dKkRa5yGziBf9TcED3sru58Pftes2Nr80/iOh26i`
		`+ P2pRihcIyrmeAqDWnneErVCmPMDTe6zkMrm/0iZ25/Jfq+M8IHEzFEw3Y1FBOeFg`
		`+ 9TyMDwYG2biJPTNTDO0BQ+Rrvs4SjFWEYSxgJSvG1jMfSPt5AR6MJrkCDQRcKvQU`
		`+ ARAAufZX5WzJr0lZAhxaGpHY6JMBr4jVOCP4TrDZhwC2K4CXNM/PLLNisWzquiWa`
		`+ FvUDhB89kCxrEhipwVFYhBr16CDQxrr8yhah3RIxrBMYhRTxgIAkANgkhGWfDJSE`
		`+ zXauA7krYtS3rYwhfXe4cNsTkLPbnMUlyLJcqj2wnZcZIt97aL+NFRPyfIw1KfUb`
		`+ 9u3tB9seDYbvTEULeL07aTnHpWM5f3bTwJrJ2OFPzXseCCzPiVNh3Bv+YtJ1pMTr`
		`+ c/UHO5DoJuHLsF0wicPSrpD0twspFdR/0rT6eNycsaCtV4GQzBcMPvY7qai5XrZm`
		`+ Cqgluo1W6l6+F5YrKvRMtyyFkUNGcPywdjSlP44JyRrS2uzvFUViSsJArcmFG2TJ`
		`+ LCohnse8wqjw0dIUVbmDbE4zjaG56zkvu0k+04Wwp3XPgOZrbl6cbhX3yLhu/Gt0`
		`+ dzd9EReoNfKXk32hBzKas/vdeB5DZejbOOOWYftqyZC1LvDvvrYFhFK6VGozfZ6L`
		`+ Fml1hzn+xPahp5tRv93/T9zXeVPm9zilGMqm/gjRgh8ojWxNQoNzJyqTPWIvWmbu`
		`+ EIP3T3cTFq6lJpJsg3+sfzofGWZCGnBZQGqm8rEOoUWiaKe1BvQCX1x8p4/x8/tX`
		`+ TaVDpQCGoqxXt09plkDuGMuiDICxBlaHWUR2jLoHc2cLrB8AEQEAAYkCPAQYAQgA`
		`+ JhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcKvQUAhsMBQkD7JcAAAoJEHS7a5pM`
		`+ uz04pB8P/Amfg54IFeALiPOrKbjC3bVAQzrsf09IL8sUln/LCZIx9HgGAJj/f35S`
		`+ Q35sK2ucjWiDX6qCxVrWmC6caQXFgXOFSKIlqladmmgj4sIdLM5wj4nbomHChpB5`
		`+ rqV/GgkFwWBQ3kPCatXvc8Bg+zKJ+wXgTuPFXefyE9R+SLuas2grQ9hAjvTGHYbq`
		`+ iYxSlNDFc1aHLAQ3bS76351MHuMHOpLzoB0OkZDCVNW4GNEqrLbINdr50RAK+Loo`
		`+ Z2UBIobEZjXYor9A2FWkSvdjyz6X1QKMdQMath6R91k/O0abBa7ly4/805eAGXM3`
		`+ w1Xf2eMlpiUs69BeYoJBklK8aNMntpDREunJjhiPU4JoDzSxl5Qv7LuXylyo0YJA`
		`+ 9YmydKhTTcRdwsKc//nGr/ckg4BRl+VbtJBYvd3xGB7IQ+pT/TOakv9qCospAhr3`
		`+ EQjVP/XpnWJRd+x+dq8UXqwWmTenWDE42cNr7BDFJdOqS5ZWy4sIz4sdjpSxXMB9`
		`+ 8iiRtKSpKRCJgXScB7SYebh835EgG2YyQGdhJMO7C6ok9POYQBqL8sBqRzImJKoT`
		`+ VDvOH42WArKwJWTHa4mPdiDHEIZlkONerec3JXtl4Mfv8cwZ5Lb8fSiB/x8AWvqs`
		`+ puc/7hQtkus4TcgutS1fwhAwpnFItpVF6+73CMQrJsblBdTjW0T+uQINBFxbVHwB`
		`+ EADebZOJbhPdhHeBPdlZYE3rRjB8scDpWdjrCupfmeTC9MM6JgCE4DEMBtBXk+h1`
		`+ +7wfpblYYNFwGVFvytG5nvGRDtHWxwd1Z9O8Fx4Zqu0Fx/wAn7ZL3ryE+tdHR7JK`
		`+ 7SLxOa2X49T/8LY0U8Q65I4ZRo/b4VMcXApCmncw3QSRqHT/mYdNnf+HHPvi3jza`
		`+ md3iVptCS4Iaisc079DFda+htWXspBc13lmPi2vGQkWjjS3B4yO8JackyQPVhpsg`
		`+ KYbRBzOH0Kii8bXmyA6O5uIJYEddp5Veged4FE/ej3CrgGP1D0Yk1epx8lLbi9RB`
		`+ kwFS7DA5rQ23UnbSy1WyV1ZgPrWqQAWuGpjMTVTWN0ElI3AGxAnE8lZlSXyE+XyV`
		`+ uHjjIVrayBjLKVqDuSLdKZeCvI4QsyHH6F0NKJQkngvXxLZYxO6s0c2EFFLzdVWT`
		`+ 1V9GMP8UsDrrb+JsZjUVmPR1tTP4xqEQG6KjfFoQm5XWpGtFwh91OK1lwf/Bx2/C`
		`+ j+PquLLFcj7hEP79VDTUZPQAduTTxIeTzHXH+x1PCHFB10xxH3e82VSdJeBUrJxn`
		`+ riXzK50SKTTmF+uYpHqE8Jg1N2Y1n5ksuxeYUy8PFjhAeBCqZ6ZcldUDf4999e/z`
		`+ PT8bwfCDr8jRdqJHrq7RxTJiP5RsMudWpKeohzJGwQ5uZwARAQABiQRyBBgBCAAm`
		`+ FiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVHwCGwIFCQO9IQACQAkQdLtrmky7`
		`+ PTjBdCAEGQEIAB0WIQSVztolaxygoV8wL7WVIaftXazpGAUCXFtUfAAKCRCVIaft`
		`+ XazpGPeMEACm9nxA/VKf8RxDo2ZuTgyuSwlR8tCjAE4k3+UoiYUbamkW4pjx9Vgd`
		`+ 1zC5bNxSWZ5vlJ4CH8ArKFqNK5LBVDZqhYureAo/1Af2b9vRJw0/QQHhuXz/jqeT`
		`+ wwrLuKpy796Gpt+aFfcmS0ZC4QXfxJERhAP6tu1p6YmAsSb+bjziQVkKrt9mhOrL`
		`+ dtz6WP0Fg1joRj33FgnnLtayHvtgQrNFI3ztCjk/B2FjYZxqbBGfk5gyo0cTE2Fi`
		`+ oLhG/XrxIoZepFMJkGYETnYQXrOt2KuJLvawV70YQmG8EqHYY8drKA0XDZs8TVdT`
		`+ 5cvGvtm8ERz5znsssRBxQMI5Ml6O2ahrXp8Eq4htCzlvO8t2MOtzvqAJRiyAd6bA`
		`+ Uo+MGVRpnvePOR1SAgBXCd416rF0iCXc1utZxnqwdq9kJAZ+8mCLx4N4jk6AdGpX`
		`+ zcNkLg7QmUzXn75RxZ6GrIUYZJNMlswXq5XhSW4o8ePlaxWjh9+QTtU964AZhpA1`
		`+ uoHsKGTBxHJs0w6McZm14kb2PuaO2/rpf8s8IZyc93+Y5O/gHZ6/agBjA9qN6wkQ`
		`+ R1d5UhJC4QS/m35rBGBKK9X3fqQxaBCio6Qz+m4A3GchrztJpq+2P+ma5ylsTq5j`
		`+ V4njky26WNtrV7+N0C4Moj3I4Qn6YU/eSManTXzHzoiPZCEH/IOxgXIiD/9Zm3Zz`
		`+ I+h4NCfSGyP11/w1gEzlTHQ4at/FXIIDh0Y2ZNpWPffuFQLtcER2vyKPwhDYpGMy`
		`+ NNHXks4azfrXVCv0wmSNBbeS8pJrYtopZpCEBrAbg/YLv9m5lpDSRHaR3gv/qMZ7`
		`+ QxY+NwqciqTwGq68PuF4mDSvtfuFmbEES9Iybiie+eL/6DU2knfBjgshUe6vElR+`
		`+ LYoPQ45GY2IxRTJ1pMXaZw1+evwH3UvseRGkRygiaBgoU/qR4prynvjMQcacCa+C`
		`+ aRnXZJYp/usVBeY0xut9toc9/OcLGoBr5h9l5YjruO2vu8VHou8N0tarVQn3YbQR`
		`+ Fi+YtNtclWJa8Pq1AsKRTCFwDwP6eODv6mNOrEFydNRcpiQmzp47VWF/YHRfHzCq`
		`+ A1wHLxLUrpQTaVw6J4FqedAQ31aAO4faA7MS+ZMNBqZCZ7lTGC6TvojqqBAN2yX7`
		`+ AnnYpZHM+lGpi2/ukVzLqSkGmdNOgbu+UZvoej3YnHYig4yWP+z2xrlJl8bkhU/d`
		`+ r9IQE5aRCEPB/JWhHJ2/GqYl9qjshlB52+6X2KDarwptOtzT9ooArYhpMwKIYh34`
		`+ c7X8tlAKYk7V5j7txIRFDKKAftC7dM82PntXJxSkWyR70GYnYjiXyrqqerqT7xIC`
		`+ mDEQgFOPpy09zFW62paO9uiZw6qwybwqgGpoX7kCDQRcW1TbARAA3ERo2mPv2VVg`
		`+ ZUFr4MtPDm4UG00YJW/LYa3D3k0e9tdSScACXprk1sAoxUlQx/CSdErPKwXG4rax`
		`+ iN4t5nICUUNYSC0dh09G25jC7nwsWc0AYyZu+h/FzfvpOm3fBwmBlzILlGh0URwH`
		`+ Ffj9fHt6hos4C+3PFZZ/X24aMJF/cov1oYi9rqFwt/l0mgtPE88Iyj2/Vp3Lergg`
		`+ QMzKfEuyluj9fL2cgU0Qa7oAPXmaxhHtua4cvbM5SXGo3FXjIgzH9OfM+2orebeN`
		`+ wH1M3ec6w+nPmRmCJLvPKGOeS7GVXL5/aOyPlDWzSXYnpCKS2ntw4K4nt0IA8n8z`
		`+ 1db109l/C2noDrDSJEqOo843ShNGTYOMVUrj3a+Y7o2ATc9pNZalf0PwnKas7NDb`
		`+ IJ152PEQw665iYXcv2awjLF6W0yuSq8kfiaAxIrsie2Dto0zgqOs0Ot9Y74u11Hh`
		`+ wBSHUO3mEZJScAAcI/yDF2PvjvCQSzu4mdXb77t6X2O6YHULz4A7bVQCMazcTDI9`
		`+ /S0W2+ixPnnJVnE3xgjK9zuizji8JDJw1hJCQM+yTLVqq9pfvcRfQ6uwpMRzz/O3`
		`+ S0zDRiA69/GyfNwkpgz5QaGpY02IK5WrQU1doRjIz4BHAYzoIOkMkRqTtjdElQZw`
		`+ /D3wSO2uwsEMNwRzibR/Lz1JF2aGn6EAEQEAAYkEcgQYAQgAJhYhBK4/rHlnEexZ`
		`+ /AB6pHS7a5pMuz04BQJcW1TbAhsCBQkDvSEAAkAJEHS7a5pMuz04wXQgBBkBCAAd`
		`+ FiEE1wyE5ktVjlvM7AchMuIXXx11eioFAlxbVNsACgkQMuIXXx11eiqCfQ//SFDf`
		`+ rOIEoslp6n6vlCuavOg02wvjskKQGP1P1Q4v40Fw1Gl87n9uXAoMpeF4H+pzUxOi`
		`+ BHYCQi+EemwocSThzaWfPzd3JG/0OcRymf+ZOcBb+58VJL7p88QdMFIAi5J+KMuA`
		`+ fEG0zLkc9anEnXoVMmQJX5K+6PyeVDvBbYGjLjQAsWTZTiVuQI0w3WxFtDGWqQII`
		`+ 8e/qE0DA7c/auGn7j2hid308+FcdfpmLefW9YesWjE1yYvHoCRdFOJ/7Sft4MQCI`
		`+ Re7UET3TRMBvtisP2DcqyzGPp22s4ZYFCCJJNiB92bXdEl5zXe4Ff7JTfNE/QrR7`
		`+ Wg5R9hZHgHdbp8p8bA3f0y29YCx3puYg7BbmQWiMh3rXWE5b090pSpw0K9BQU3vO`
		`+ irr+5/2TaFOJXHl4VF03GrWsSncShCbdsdRIv4TB0lY2mN4q+e7bjlAzJJeoaS97`
		`+ GIqu3DBlAJyx/ZwWW23DXXwoQ4jNuJhpl2jaCE7rVQB0uLjbp0i9Zdd4SdYZxmO/`
		`+ Y+JfgoJz8eyx8wZi4eDz1ijN0WKsIGjxJH5VUK9STjijDMeG6ZZRLc6b1QCGhe97`
		`+ ZbDkEUTdQGoeu4L5Fiqoma13NEsf8ofBDv+myJm/O67Va9JI3gxhIrhmF7LMzQQp`
		`+ lYx2peZC1CmhEnn83dtt83mhXvX6Dth657BW/Qd+GQ//SVuTPuNkBXfrTi4dbnv+`
		`+ cU6IsoIBodTF/WsQ6h4kbtsPhO5DbrsLNuNumrqVEN8jw+HUsEeNvFNeMrTPdG2V`
		`+ 87ShQ4BQGkCf+GFRBj0myxxXOFZYQx6RpY5fCe7yOcTzpkbnPWmm7V8HdOuZ0NnL`
		`+ JNQ5YogOI6UvXVKv35R9qBo+G9jkhhb0eaAu6BERzKVANKfsGN7545ElZ1qlffMh`
		`+ AQhXGb6TsvCeSg2cWGb2cnVL2d58uVukD4PDiq4qqwgClkF3bOO70SIgGrCteHbi`
		`+ 4Hseopex5m6GqqjoUYXr7QQBwSaQdc+gKtEjMHCsHbUyHRk0qEHdEe+2RmL0d0ra`
		`+ QMJfKyYQjcCR7tnrgN4WD1h4NKRdC/KRW31MDmH9XVPrkOMQCUCnArXkOwdKWsKf`
		`+ h8af9HqweXOT1FHJN/M3tWaBpv6KoduF2f2pj1VhPZ2EqFUycJ26lrHyOpsynQR6`
		`+ +TD+c1uXotDwKN5RW+YL1cydk6mhib64fdOyPUeTcHehjMAFgM2f5wi35Ujcj8id`
		`+ 37cWOqRsggSbMnGO4AUA/YtcVNG8TjZbakson8ENK7e8q4sEiNFUZ7/CtzNokwHQ`
		`+ 5uOG1+qB85Y4ImGnIZVeiBpjt73VVawg4Zvm/omtW50P9R+4rVhMJZZFAgrWg8BH`
		`+ H/KNznW0vUuShG8B+2FA/eu5Ag0EXFtVDAEQAL5ftI1GgVJEFgX5VsuFnfBnH95c`
		`+ zqmwEXaTP4s7Xm3O0Wy579EzRUD1eEw/UaD/q2OHScwvMP65cZYQ9w4hnCN6H96P`
		`+ 96Teo7LOMCssvSXIO7gqP33LKTqDzsIoAFHwWE3dq1jbyP6T1Je85mr0Edvk8kOC`
		`+ B1hudswAARno/7X9zGulhhwuEHk5Iey7R59yRUQqBctdNcetGyaiFjjX0evuVADi`
		`+ /z/s07XhDLDt7+3Vglh1/7XGC64QhB9QjZ8j0u7+0xfmLLjhi+7EpkDlAHIJXX1H`
		`+ 0wAsPOGKlYruQUmIsMNfBINZeulHEBZ4cAd30xsM296DzJ6QL9sAGfYMhRs0YHB/`
		`+ EJ10Zv0iw1pU2jCCUv/9Kf4F4nwgHQWQP7JAbfhOIUOUq/YlxjTLnkd25+7vD3KH`
		`+ NQ6UiRDROR9Jwetpd/zokpf5O5iTBpVL+sCq+NsTZyDOjITve2sY0V8v10M+Z+pL`
		`+ cp/cUZ4JEDS/WJ4/ovBNJP8b+YwN/RBgCjl8UBX/N+e7AA52eYP2H9GK9XPkzSCE`
		`+ VxEf5PyjGrwedpoLkzagrHsDuWo3uBquLyneT/ozihqKQAuInUy5B7rWU4mpKHe5`
		`+ Vto5o6Zuj+6MgHgIQzRK6Da2ziMNEmroxwZibcYCtUPdvcvxGh+byclnzBclKjOw`
		`+ kAalFPx0SxEbHmzPABEBAAGJBHIEGAEIACYWIQSuP6x5ZxHsWfwAeqR0u2uaTLs9`
		`+ OAUCXFtVDAIbAgUJA70hAAJACRB0u2uaTLs9OMF0IAQZAQgAHRYhBK7WIv4CB360`
		`+ tcFGwUKiedJIzcMQBQJcW1UMAAoJEEKiedJIzcMQH+cQAIQYXDnqi4Hl21LtAgky`
		`+ pZxug+x/LECVlwkrIfaQF337+fG+H9J7SdU87Sn1Xe/YUgQnF0XP/fjIVFM0e/Tb`
		`+ xVlmTFqiejLnIwJJDgUaHO3POT2sGEyO3tc0mqSzyRBxtMQ8yvApccBhL5QODv3h`
		`+ hlRWgk5MXU0IPeXw134IWm+o/PRiPBoXPawvVfEVIBlUFaiSZASf4BAiSad4aJQe`
		`+ P8PyP7FPvQB1xiib0iSetn6ZmNeN2OSUJPiPA8aE9JCKuFtomVQEDM0BqQDl5A7h`
		`+ 5O2uyf0Li+/ArqBvfBjrH03e5zbID02dO3D2BjsV3jUeVPQ5WDgVg8LH+nfg/rRy`
		`+ wfCsx9zFp1mt3K4xN2v7IKwxGndApgCcx17gsjzMvLz0J7sSGov4MNjzqvGEDKCl`
		`+ uUvNKXqy7je9xcQLpoyvWtoWFXWTbQAcK5Vv+hC67r9bHpjI1KuqA8hYqNKxsv7s`
		`+ wiLZdd4SK9SIuwf0j8/XTZwmoFfGolJil0ZNxyqBF39+CMVpaHdLM1qKZz99TVzS`
		`+ h4obOOjkUjK458xSo0XCbJ4qXYp7PgxyWK6GIbTozbbG/1ldw+LUnqxt8Shf797L`
		`+ J9lbI3ICuR2P5PYlKJf3b6D9GyfqyrP387fKAKhHsYkZ1XD54/8wIgTrdfeNPtL0`
		`+ 1mjWDjw5KvO9kuPBjcmzgt+NrtsQAJwKeZsiqLLcY8kJ9xP+/xtTlh2iVuZMfxwq`
		`+ hwlo4MMCzpobLDZ/JKU398m77eboTKJSBfeUYxQd4ATn1L8NLKjLxKAaBkjEk0nN`
		`+ 8w9OUQbFlhQ/asLzzF7Z9IGGh9/SEgBZ8V67a0O3Qw9Xdi3ARK3bbZ8RIVJ0+P9G`
		`+ CGrfq9j4ZmGA2L4irLjsvDAv7CSMb4WBKW8j0Jz5LFMwOMJgG1TT5c6lNqFj6y09`
		`+ rZcVLnt8+lUv2Bw3LC0oI1TjFkrrCzIdfg++mPi3K/ZFc50bvnWF4eCOjgZ5U9Vb`
		`+ sxFZq3+vTRcIfI9z2lZ9CNDRA1O5jGvuVtEGLiSLF2aJ6kiNriLuuGTlXfg/Fpgh`
		`+ GTvyppOTzF7PtHzHBQ/ZjnhWojnc/jyJRwLK8cCl6+EOc887v8BDmqgFWtmycsE2`
		`+ 5fDJ7UFGP13g/eDL3ZUgMDty5dQaUOTX145t2KT+lMqpY6ZK2EC+eoqrnIGJ+tYy`
		`+ 0l4RRxi10mbNhuPIIDdph7X+mUHgCeA9gyF0Y+LqiB6CX+zFg7ovLvnCbMPxdGXq`
		`+ z7AjfwqZBKI+BVuBeDtyW4onmElCu5cXNKsg3W0IlQlZf9PMDU6Ht0XLUs7EPfbQ`
		`+ sH1Vqi1XE1W/tGnkmjcpG/qlt9Gx1uwFGLP6iomqUBc2c0GZ6R1xplXvd3w3yC8d`
		`+ 8lAgPGImuQINBFxbVToBEADkuxhQx9gxlzzCc0nUu2v82XsD+GzONp9irt14gslx`
		`+ te96eKaTXTi0t5eya0X5TIY3wbREwjlfAeM9AfcAmWcsM4izrfPtANM6WOxB2Tbz`
		`+ EY2cqv7NBQii7Z5aqPyjcIiT0b0Gs2evlDkn3xEBBqTSrNcnGSA29bZPIkaUb7Qo`
		`+ p/Ani0S3/tgcR21gXsJwkgpfNKwvPT03Lz3/o5rXAyag0M/25adgk9SVKNcXc8h2`
		`+ HSGv5ENjwUKNNnowVbNLw4287mFUM2Vd6unGJ2MBj7aUwTrfBl7gNV96mMdDJWcB`
		`+ hGKYkxUvibuHCa2KH7gTrnV6X7sdrgD5CbJMPq6OZNSP6n6bUVg22eHxoETplFwT`
		`+ 4NvV3clRMWIAG1XgXR1l99LAh7PPnPMM1pHQGPwYHQskoBFS4g5knzHpB9h9TfZ3`
		`+ MM4cDZR5NgWmE0fYVnWe5ax+wW0/IOklUoHv3qoL4yiN9wFJq2oLzUNQd9+tsqiy`
		`+ vxSTh8iYmHegyn5KuBPsrMPgvqiKOdalTZKkak9DOx4cGQL2qHspKxiBOb6uox2v`
		`+ fjMQ5bDeUn+4DYMdnZNHeywCUegJmDakUtlfvN+136IDHGwfdGcitqzswzd3+PI2`
		`+ qlwPE19gkrp9NUaD3Qj2ZtDP7sU2cThc6Gra5KRFW8f98bI77j1Wu6pCnYFLqPz4`
		`+ QQARAQABiQRyBBgBCAAmFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAlxbVToCGwIF`
		`+ CQO9IQACQAkQdLtrmky7PTjBdCAEGQEIAB0WIQR5HX64jryNAThDSqwz3zWa56YK`
		`+ eQUCXFtVOgAKCRAz3zWa56YKeSWOEADK8u03LESGSQlZQqnnCAI8iYs1s+XRMEnG`
		`+ 2tAQ1OK7/4eNgr1yZckmaW4FBMgeEgYIBJ7v3SlW7Hf7dE10TYPNGbP6UxVW8HIP`
		`+ rA4CINcGZXWWwpS374JNMS6A5eb6viuEgEMEi00jx0MmLvCMZKypmwXQUl5YJ5nB`
		`+ ytpQ1681mCQxGBMhT1eKQt3B4nAsoEnP+HnqVM/nKxBemSBNXX+C0b/YeQoLC3sD`
		`+ L+Z0NRI8U6PZl9Rokod3uynH0vfBYCEJd6MvsjtnJlVVaseYIA3ESNrFG12tw95I`
		`+ wKNrVCANZ1DBSyK4ovmmWsDrH+uFTHSLNjlxIuVxUfmXcLfgcepVCmd/7Z7UrWYr`
		`+ SXSvP0VG4ZmEPE7tNb8bfyADftO1cVsmcHBQeSrgvpSrTv9L8MocojpR5vJc1f+a`
		`+ sBT7rAeGzZP9riz1GmryXawaZgdLfaaJfzRQkc1uTChb7kMN+UMhVUdCAXmho0XO`
		`+ SfcsW84u/LpjdYh2Ww41xQO6EWvbZDNgD/Fdmp8Uh1MqJ1Dejri6kjNn6wPImXJd`
		`+ Eu6nHqWDRdYsfT4XUB18tB+4aIpFzCyIgpf7p1uaVU7Oqip5sZkc/WXKr77lV23m`
		`+ PQvpGRNCzgU2TJY7ktR3LOvUVN6wNfLMHzeQk18NdmcEGUrJ0YYtl9vE5/Eg9L6x`
		`+ LBH9PKt17IQ8D/9DLwQX8pl3fuTM8ZbzIPLxiXhbgzBBTXKRE2u1888+RIq9xE7c`
		`+ aVFjwq4qpgqZ5SFonTcG4Pi5ck3mFAzyA5zLRF+ckpmBpwSPMpLwCpv10369D1jh`
		`+ AF3JsUwt6DIb2BISMhh2ThSUMSKO75q8GSotsKjJyjD6vl1x4L7WXubTWxEiNuwD`
		`+ 3kAjFWS1Z1VWtA9SURWAbsDaCV4VmwCCpSIwRr9OTbyu9XuMdMxGNpl8SwW7MVQb`
		`+ x4aYNvR7Hl/wIR71AHAXoSfrKp3p12anXjYYASHmbm16ugP4H7HLMBfznKet2f76`
		`+ gIxJr1CsAMTSqypcC1UoVb6Gz8djeIR+GU+6efHI4TIUMy5uMIUx8tYbwSEeo/y6`
		`+ NnjpJFYYjJa671iSABInNxs4+X+1zrFa+wl45EnaFxziEet2Qzv/VsusoLvLwnYi`
		`+ BZckclAS5xoVGFW0WJ01OfLUDHxGMt9GSheL8c+GLMaMtaCWunpmmt9zZ9WdpBOu`
		`+ AGluMG1Cee50TrhXaGE8CdNr8nOdSeLNAveBAPmuVa0JDSe20/D/RuYJLKeG9Vsq`
		`+ BZvjuGlOUsfl6UjtiGRbgS9OWpxeez5ugc9yyV+rBGIpmnIb+9quz2HmGxE65eA2`
		`+ cRNsZRIjFLzeAx/0RMaT1nlLFTBbUuZ+tJ+fgFtRGMhifZn1pb2dMQo0N7kCDQRc`
		`+ W1VuARAAv4LYaNq2Zev/v7M5DnxLpgHRcMkG7TOQpycrlK5653llpZzTy3mh5peW`
		`+ vcq3IDmdeUIJxQ+WDh2f0vS+NIKDC/HAddfHrZPbhO7zLxLcMW5KmV05ancaRSP0`
		`+ s0+IyQmvVxUNrgPinZiphlvRGoLXS6pdgfc4jIR9B2umPecfvfu/6EWFPnXZgG8K`
		`+ yY3Z+mwrmEO0FaXHBQuu6nactiPe79N4bLe8hk9RW6yIxLBeJzIoOlIcJmuRHapt`
		`+ nS2lV3mfhZdFnkAp1o6a2TL5BwgMY0wZUKZr78HEMKh6LbPN9rPepf0neUeq/k1l`
		`+ NJU7V6XMS+rezF31vgSJ5KoNGYhxtWZ54uksH2rcw7+ltpSVtqY91G/vibpRCJG3`
		`+ LdX/kxHni1NEWyZlpS/6ntuH6HSoNYsR9IMsbESs3QVCH74ApK88CxYCRB0SEo0M`
		`+ yAElbQ3bfEKCKl/FwC4IzAYAJ2arWKwBHRSJlsrNCtczrjG7j3EyJrn8+Tm5yjO6`
		`+ 0THQjvc/nBxrNE09r1Lzz7jrDWC9Rl+BH6wqdniymoYyUAQsX2rZ+Jhah1Zkf+Gu`
		`+ 76qtY+EH494dPM+0FazcBlgBd6/J5mh3Wk9JuecXLTEUGtzd1GmI9CENPAklCauX`
		`+ tNOWeTop27djuKWsZxuP1GyV6UYixFVOSWteyAbA32cncVv/2ZUAEQEAAYkEcgQY`
		`+ AQgAJhYhBK4/rHlnEexZ/AB6pHS7a5pMuz04BQJcW1VuAhsCBQkDvSEAAkAJEHS7`
		`+ a5pMuz04wXQgBBkBCAAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAlxbVW4ACgkQ`
		`+ F8xdsfAIhAd4jxAAiO9+VRQQ3eBOsJRgANdgL/l51kq7qE3u8xnSqNkrmdYDdT2H`
		`+ TYH5W4n2AmGo50BDafdjd6tut0qtzA3/hGWCooydxKFOsnIYziUeoHvlICj3RkHO`
		`+ y7utcFhAgRWi+kzFwnnXGf13dMU9iG7yvKrCrCEw44gzoQ1KnY1Xsj18n5JkqxeT`
		`+ 94bzcSbz20OpOSIMfSQPrpy18WrZYwHodcIZ3IUUACCpMZdfTa9c/qHRQ/rcwl+B`
		`+ 0JlHx0V4AYiSAsiMVgflO1Eqi7apPuwxPPd5nnHkrdDM9CYC3LdBORBXwncG3oZ5`
		`+ eTSXmsvFxHXH41JHsm/1QFcVmFAYhu9qJFCGiD+8UeTFtT+nnHU69BszgtUskqX8`
		`+ k9PqLdK7Vxkp16wc6WOp1NeIQ6Fd4PxTGrPqs9bJk7TlYtTFWpA0X+EMj/San+Ku`
		`+ PxqLEa4Ab12R4vs1pCrn/g1z3C/6ujH4B70HOrRTIeTjULJ6xdwXGtwUA09hio0r`
		`+ pHhtyZhAh5irUJNto4ZOk/Qyd+dfMsNvRJfbVIK2mmeRaBnp902AsQNgYVdi2Aki`
		`+ 0h4kz3bVLGw7iD/xV2hV69+JwLSijkkmOpz/EjMwj0hDDYrHH3Y3o0dV3dNdk/5i`
		`+ 6lQgcxSVsl9kWlHcoEllKbf0Hb1muKVwoGGYxFYna2jsLFVjG29M7iPSgrHjmg/+`
		`+ I3fmsLZ0VI9kmxniUlZ6gz5NB5PJ3RXmwKO9LkBgE5C1wpuZbNEQ1NsR2bprlJPm`
		`+ ++GNSo8HaheuTRJn42kkOgfIJwjuvXih3FE/NtRA/W8H2uF6YLDjBKGZJbxQcmsd`
		`+ CTEuCRCVP8X7C5n3rl1YqzfWfNr8QFxvH7ivG7KOlSxvyTKcYatWb9uDUPrnr74f`
		`+ ZaMljHGsNyKj70MzZcrrsmt61yWGR0h+02rmIKlskl4hkh+qF5ehI+Bkd7eblsBy`
		`+ rxEREHq/ij2Vd7l0Z606YCE8vj8WfcsJj8JjwR3A+nND/oNJTTbQ3b8OvasvqIey`
		`+ WqqmGg73nbHjd/VIAUsfvnsEYatDk4pAA/wQr9c4T4s5Q/QRwDrAsa4J89FrDjWC`
		`+ hQBPL7TaP8Af/3Y3/86jLCN4lnW1qjPXv5rhBFeI0EVi1k1qdV06qr5HOk7CwQTT`
		`+ uc4rCdFcEnw8kVKZa/yFnlJfRa0Z4IwSahdp5fdFEuad6LpOcFFnYxWtIWhcg4GT`
		`+ RcMha/OZnsfqOqiAt6In+1IwuJBz3uMM7xw2AMaxzAejGEL63F81C5iJ6Ld6kQK+`
		`+ XblDW0G643bVbzkBb46MAT+UnLuWQUs3NDtk1FEioJyWUgbO/srMH4MoWM7rG8ZT`
		`+ nQPohNmPBrqL2phmE27HQsQ0rTjH2Z2ol7iy9OFMtT0=`
		`+ =MkGo`
		`+ -----END PGP PUBLIC KEY BLOCK-----`

named-chroot.files

file modified

-2

		`@@ -16,8 +16,6 @@`
		`/etc/named`
		`/usr/lib64/bind`
		`/usr/lib/bind`
		`- /usr/lib64/named`
		`- /usr/lib/named`
		`/usr/share/GeoIP`
		`/run/named`
		`/proc/sys/net/ipv4/ip_local_port_range`

named-chroot.service

file modified

+1 -1

		`@@ -17,7 +17,7 @@`
		`Environment=KRB5_KTNAME=/etc/named.keytab`
		`PIDFile=/var/named/chroot/run/named/named.pid`

		`- ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'`
		`+ ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'`
		`ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS`

		`ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'`

named-pkcs11.service

file removed

-26

		`@@ -1,26 +0,0 @@`
		`- [Unit]`
		`- Description=Berkeley Internet Name Domain (DNS) with native PKCS#11`
		`- Wants=nss-lookup.target`
		`- Wants=named-setup-rndc.service`
		`- Before=nss-lookup.target`
		`- After=network.target`
		`- After=named-setup-rndc.service`
		`-`
		`- [Service]`
		`- Type=forking`
		`- Environment=NAMEDCONF=/etc/named.conf`
		`- EnvironmentFile=-/etc/sysconfig/named`
		`- Environment=KRB5_KTNAME=/etc/named.keytab`
		`- PIDFile=/run/named/named.pid`
		`-`
		`- ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'`
		`- ExecStart=/usr/sbin/named-pkcs11 -u named -c ${NAMEDCONF} $OPTIONS`
		`-`
		`- ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'`
		`-`
		`- ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 \|\| /bin/kill -TERM $MAINPID'`
		`-`
		`- PrivateTmp=true`
		`-`
		`- [Install]`
		`- WantedBy=multi-user.target`

named.root

file modified

+92 -61

		`@@ -1,61 +1,92 @@`
		`-`
		`- ; <<>> DiG 9.11.3-RedHat-9.11.3-3.fc27 <<>> +bufsize=1200 +norec @a.root-servers.net`
		`- ; (2 servers found)`
		`- ;; global options: +cmd`
		`- ;; Got answer:`
		`- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46900`
		`- ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27`
		`-`
		`- ;; OPT PSEUDOSECTION:`
		`- ; EDNS: version: 0, flags:; udp: 1472`
		`- ;; QUESTION SECTION:`
		`- ;. IN NS`
		`-`
		`- ;; ANSWER SECTION:`
		`- . 518400 IN NS a.root-servers.net.`
		`- . 518400 IN NS b.root-servers.net.`
		`- . 518400 IN NS c.root-servers.net.`
		`- . 518400 IN NS d.root-servers.net.`
		`- . 518400 IN NS e.root-servers.net.`
		`- . 518400 IN NS f.root-servers.net.`
		`- . 518400 IN NS g.root-servers.net.`
		`- . 518400 IN NS h.root-servers.net.`
		`- . 518400 IN NS i.root-servers.net.`
		`- . 518400 IN NS j.root-servers.net.`
		`- . 518400 IN NS k.root-servers.net.`
		`- . 518400 IN NS l.root-servers.net.`
		`- . 518400 IN NS m.root-servers.net.`
		`-`
		`- ;; ADDITIONAL SECTION:`
		`- a.root-servers.net. 518400 IN A 198.41.0.4`
		`- b.root-servers.net. 518400 IN A 199.9.14.201`
		`- c.root-servers.net. 518400 IN A 192.33.4.12`
		`- d.root-servers.net. 518400 IN A 199.7.91.13`
		`- e.root-servers.net. 518400 IN A 192.203.230.10`
		`- f.root-servers.net. 518400 IN A 192.5.5.241`
		`- g.root-servers.net. 518400 IN A 192.112.36.4`
		`- h.root-servers.net. 518400 IN A 198.97.190.53`
		`- i.root-servers.net. 518400 IN A 192.36.148.17`
		`- j.root-servers.net. 518400 IN A 192.58.128.30`
		`- k.root-servers.net. 518400 IN A 193.0.14.129`
		`- l.root-servers.net. 518400 IN A 199.7.83.42`
		`- m.root-servers.net. 518400 IN A 202.12.27.33`
		`- a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30`
		`- b.root-servers.net. 518400 IN AAAA 2001:500:200::b`
		`- c.root-servers.net. 518400 IN AAAA 2001:500:2::c`
		`- d.root-servers.net. 518400 IN AAAA 2001:500:2d::d`
		`- e.root-servers.net. 518400 IN AAAA 2001:500:a8::e`
		`- f.root-servers.net. 518400 IN AAAA 2001:500:2f::f`
		`- g.root-servers.net. 518400 IN AAAA 2001:500:12::d0d`
		`- h.root-servers.net. 518400 IN AAAA 2001:500:1::53`
		`- i.root-servers.net. 518400 IN AAAA 2001:7fe::53`
		`- j.root-servers.net. 518400 IN AAAA 2001:503:c27::2:30`
		`- k.root-servers.net. 518400 IN AAAA 2001:7fd::1`
		`- l.root-servers.net. 518400 IN AAAA 2001:500:9f::42`
		`- m.root-servers.net. 518400 IN AAAA 2001:dc3::35`
		`-`
		`- ;; Query time: 24 msec`
		`- ;; SERVER: 198.41.0.4#53(198.41.0.4)`
		`- ;; WHEN: Thu Apr 05 15:57:34 CEST 2018`
		`- ;; MSG SIZE rcvd: 811`
		`-`
		`+ ; This file holds the information on root name servers needed to`
		`+ ; initialize cache of Internet domain name servers`
		`+ ; (e.g. reference this file in the "cache . <file>"`
		`+ ; configuration file of BIND domain name servers).`
		`+ ;`
		`+ ; This file is made available by InterNIC`
		`+ ; under anonymous FTP as`
		`+ ; file /domain/named.cache`
		`+ ; on server FTP.INTERNIC.NET`
		`+ ; -OR- RS.INTERNIC.NET`
		`+ ;`
		`+ ; last update: June 24, 2021`
		`+ ; related version of root zone: 2021062401`
		`+ ;`
		`+ ; FORMERLY NS.INTERNIC.NET`
		`+ ;`
		`+ . 3600000 NS A.ROOT-SERVERS.NET.`
		`+ A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4`
		`+ A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30`
		`+ ;`
		`+ ; FORMERLY NS1.ISI.EDU`
		`+ ;`
		`+ . 3600000 NS B.ROOT-SERVERS.NET.`
		`+ B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201`
		`+ B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b`
		`+ ;`
		`+ ; FORMERLY C.PSI.NET`
		`+ ;`
		`+ . 3600000 NS C.ROOT-SERVERS.NET.`
		`+ C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12`
		`+ C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c`
		`+ ;`
		`+ ; FORMERLY TERP.UMD.EDU`
		`+ ;`
		`+ . 3600000 NS D.ROOT-SERVERS.NET.`
		`+ D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13`
		`+ D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d`
		`+ ;`
		`+ ; FORMERLY NS.NASA.GOV`
		`+ ;`
		`+ . 3600000 NS E.ROOT-SERVERS.NET.`
		`+ E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10`
		`+ E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e`
		`+ ;`
		`+ ; FORMERLY NS.ISC.ORG`
		`+ ;`
		`+ . 3600000 NS F.ROOT-SERVERS.NET.`
		`+ F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241`
		`+ F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f`
		`+ ;`
		`+ ; FORMERLY NS.NIC.DDN.MIL`
		`+ ;`
		`+ . 3600000 NS G.ROOT-SERVERS.NET.`
		`+ G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4`
		`+ G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d`
		`+ ;`
		`+ ; FORMERLY AOS.ARL.ARMY.MIL`
		`+ ;`
		`+ . 3600000 NS H.ROOT-SERVERS.NET.`
		`+ H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53`
		`+ H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53`
		`+ ;`
		`+ ; FORMERLY NIC.NORDU.NET`
		`+ ;`
		`+ . 3600000 NS I.ROOT-SERVERS.NET.`
		`+ I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17`
		`+ I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53`
		`+ ;`
		`+ ; OPERATED BY VERISIGN, INC.`
		`+ ;`
		`+ . 3600000 NS J.ROOT-SERVERS.NET.`
		`+ J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30`
		`+ J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30`
		`+ ;`
		`+ ; OPERATED BY RIPE NCC`
		`+ ;`
		`+ . 3600000 NS K.ROOT-SERVERS.NET.`
		`+ K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129`
		`+ K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1`
		`+ ;`
		`+ ; OPERATED BY ICANN`
		`+ ;`
		`+ . 3600000 NS L.ROOT-SERVERS.NET.`
		`+ L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42`
		`+ L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42`
		`+ ;`
		`+ ; OPERATED BY WIDE`
		`+ ;`
		`+ . 3600000 NS M.ROOT-SERVERS.NET.`
		`+ M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33`
		`+ M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35`
		`+ ; End of file`
		`\ No newline at end of file`

named.service

file modified

+1 -1

		`@@ -13,7 +13,7 @@`
		`Environment=KRB5_KTNAME=/etc/named.keytab`
		`PIDFile=/run/named/named.pid`

		`- ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'`
		`+ ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'`
		`ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS`
		`ExecReload=/bin/sh -c 'if /usr/sbin/rndc null > /dev/null 2>&1; then /usr/sbin/rndc reload; else /bin/kill -HUP $MAINPID; fi'`

setup-named-chroot.sh

file modified

+4 -4

		`@@ -10,7 +10,7 @@`
		`echo 'Usage: setup-named-chroot.sh ROOTDIR <on\|off> [chroot.files]'`
		`}`

		`- if ! [ "$#" -ge 2 ] && [ "$#" -le 3 ]; then`
		`+ if ! [ "$#" -ge 2 -a "$#" -le 3 ]; then`
		`echo 'Wrong number of arguments'`
		`usage`
		`exit 1`
		`@@ -34,9 +34,9 @@`
		`DEVNAME="$ROOTDIR/dev/$1"`
		`shift`
		`if ! [ -e "$DEVNAME" ]; then`
		`- /bin/mknod -m 0664 "$DEVNAME" "$@"`
		`+ /bin/mknod -m 0664 "$DEVNAME" $@`
		`/bin/chgrp named "$DEVNAME"`
		`- if [ -x /usr/sbin/selinuxenabled ] && [ -x /sbin/restorecon ]; then`
		`+ if [ -x /usr/sbin/selinuxenabled -a -x /sbin/restorecon ]; then`
		`/usr/sbin/selinuxenabled && /sbin/restorecon "$DEVNAME" > /dev/null \|\| :`
		`fi`
		`fi`
		`@@ -78,7 +78,7 @@`
		`else`
		`# Mount source is a directory. Mount it only if directory in chroot is`
		`# empty.`
		- if [ -e "$all" ] && [ `ls -1A "$ROOTDIR$all" \| wc -l` -eq 0 ]; then
		+ if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all \| wc -l` -eq 0 ]; then
		`mount --bind --make-private "$all" "$ROOTDIR$all"`
		`fi`
		`fi`

sources

file modified

+2 -2

		`@@ -1,2 +1,2 @@`
		`- SHA512 (bind-9.16.30.tar.xz) = cc9bcbedf63c2efe0a23f14db3e57fdae46f0509aac58e5840a6805ce4fbd76cad5bfde4d461442adb88c4d947f8d79bf979aeb24aeb9303b6adc8d169b7118c`
		`- SHA512 (bind-9.16.30.tar.xz.asc) = 943ff140aaa413f125d039748a0c10d7ae20b0fa4075227ab0b9d065816e7960a3c4e0fb2a4498946926409568c71076026cbd0be33a78db73966366d43bfdb1`
		`+ SHA512 (bind-9.18.4.tar.xz) = 5deb46f6549e42087734fe80f8cd8de8f3fa54590e4635f8c0e2e8d362f8756404e911e46d7fe1cd75f0f19217532ca402e7a5947111f16e412c8aaa754b9e16`
		`+ SHA512 (bind-9.18.4.tar.xz.asc) = dfe7b24c499e6e54bc836350b73ef24deb78e1394059d75acc434512b3a60ab44708d3e1faa861be161afa0e69f789fd6b75dd881777679e4845a56f2fd6ab9a`

pemensik commented 2 years ago

Prepare a PR for a change https://fedoraproject.org/wiki/Changes/BIND_9.18

Metadata

Assignee

None

Tags

No Tags

Changes Summary 23

file removed

bind-9.10-dist-native-pkcs11.patch

+125 -184

file changed

bind-9.11-fips-tests.patch

-58

file removed

bind-9.11-kyua-pkcs11.patch

-29

file removed

bind-9.11-rh1666814.patch

-83

file removed

bind-9.14-config-pkcs11.patch

+23 -17

file changed

bind-9.16-redhat_doc.patch

-113

file removed

bind-9.16-resolv.conf-options-timeout-test.patch

-203

file removed

bind-9.16-resolv.conf-options-timeout.patch

file removed

bind-9.5-dlz-64bit.patch

-31

file removed

bind-9.9.1-P2-dlz-libdb.patch

file removed

bind93-rh490837.patch

file added

file removed

setup-named-chroot.sh

+2 -2

file changed

sources

		`@@ -22,10 +22,8 @@`
		`* bind-utils -- set of tools to analyse DNS responses or update entries (dig, host)`
		`* bind-doc -- documentation for current bind, BIND 9 Administrator Reference Manual.`
		`* bind-license -- Shared license for all packages but bind-export-libs.`
		- * bind-pkcs11 -- named daemon built with native PKCS#11 support. Can be disabled by `--without PKCS11`.
		`- * bind-libs and bind-libs-lite -- Shared libraries used by some others programs`
		`- * bind-devel -- Development headers for libs.`
		`- * bind-dlz-\* -- Dynamic loadable [DLZ plugins](http://bind-dlz.sourceforge.net/) with support for external databases`
		`+ * bind-libs -- Shared libraries used by some others programs`
		+ * bind-devel -- Development headers for libs. Can be disabled by `--without DEVEL`


		`## Optional features`

rpms / bind

Source Code

#13 Upgrade to BIND 9.18 Closed 2 years ago by pemensik. Opened 2 years ago by pemensik. rpms/ pemensik/bind v9_18-upgrade into rawhide

Metadata

Changes Summary 23

#13 Upgrade to BIND 9.18

Closed 2 years ago by pemensik. Opened 2 years ago by pemensik.

rpms/ pemensik/bind v9_18-upgrade into rawhide