* Update to 9.8.1.
* Add patches.
* Also build named and libs.
* Run daemon in chroot env.
* Create sub packages.
###############################################################################
name = bind
-version = 9.7.2-P3
+version = 9.8.1
release = 1
groups = Networking/Tools
source_dl = ftp://ftp.isc.org/isc/bind/%{version}/
+sources = \
+ bind-9.8.1.tar.gz \
+ bind-config-8.tar.bz2
+
+# Apply patches in a special order.
+patches = \
+ bind-nonexec.patch \
+ bind-9.5-PIE.patch \
+ bind-9.3.2-redhat_doc.patch \
+ bind-96-dyndb.patch \
+ bind98-rh725741.patch \
+ bind-9.5-overflow.patch \
+ bind-9.5-dlz-64bit.patch \
+ bind-9.5-libidn.patch \
+ bind-9.5-libidn2.patch \
+ bind-9.5-libidn3.patch \
+ bind-9.5-parallel-build.patch \
+ bind95-rh461409.patch\
+ bind-96-libtool2.patch \
+ bind-95-rh452060.patch \
+ bind97-dist-pkcs11.patch \
+ bind97-rh478718.patch \
+ bind97-rh570851.patch \
+ bind97-exportlib.patch \
+ bind97-rh645544.patch \
+ bind97-rh699951.patch \
+ bind97-rh693982.patch \
+ bind97-rh700097.patch \
+ bind97-rh714049.patch \
+ bind98-dlz_buildfix.patch \
+ bind98-rh735103.patch
+
build
requires
+ autoconf
+ automake
+ chrpath
db4-devel
+ libtool
+ libcap-devel
+ libidn-devel
+ pkg-config
openssl-devel
end
- build
- ./configure \
- --prefix=/usr \
- --mandir=/usr/share/man
+ configure_options += \
+ --with-libtool \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --enable-threads \
+ --enable-ipv6 \
+ --with-pic \
+ --disable-static \
+ --disable-openssl-version-check \
+ --enable-exportlib \
+ --with-export-libdir=/lib/ \
+ --with-export-includedir=/usr/include/ \
+ --includedir=/usr/include/bind9/ \
+ --with-pkcs11=/usr/lib/pkcs11/PKCS11_API.so \
+ --with-gssapi=yes \
+ --disable-isc-spnego
+
+ prepare
+ cd %{DIR_SRC} && %{MACRO_EXTRACT} %{DIR_DL}/%{thisapp}.tar.gz
+
+ # Create m4 directory.
+ cd %{DIR_APP} && mkdir -pv m4
- make -C lib/dns #%{PARALLELISMFLAGS}
- make -C lib/isc #%{PARALLELISMFLAGS}
- make -C lib/bind9 #%{PARALLELISMFLAGS}
- make -C lib/isccfg #%{PARALLELISMFLAGS}
- make -C lib/lwres #%{PARALLELISMFLAGS}
- make -C bin/dig #%{PARALLELISMFLAGS}
+ # Apply all patches.
+ %{MACRO_PATCHES}
+
+ # Branding.
+ sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{DISTRO_NAME}-%{version}-%{release}/' version
+
+ # Regenerate build environment
+ libtoolize -c -f
+ aclocal -I m4 --force
+ autoconf -f
end
install
- make -C bin/dig install DESTDIR=%{BUILDROOT}
+ # Compress doc files.
+ gzip -9 doc/rfc/*
+
+ # Create directory layout.
+ mkdir -pv %{BUILDROOT}/usr/lib/bind
+ mkdir -pv %{BUILDROOT}/var/named/{slaves,data,dynamic}
+ mkdir -pv %{BUILDROOT}/usr/share/man/{man1,man5,man8}
+ mkdir -pv %{BUILDROOT}/run/named
+ mkdir -pv %{BUILDROOT}/var/log
+
+ # Create named chroot environment.
+ mkdir -pv %{BUILDROOT}/var/named/chroot/{dev,etc,var}
+ mkdir -pv %{BUILDROOT}/var/named/chroot/var/{log,named,run/named,tmp}
+ mkdir -pv %{BUILDROOT}/var/named/chroot/etc/{pki/dnssec-keys,named}
+ mkdir -pv %{BUILDROOT}/var/named/chroot/usr/lib/bind
+ mkdir -pv %{BUILDROOT}/var/named/chroot/dev/null
+ mkdir -pv %{BUILDROOT}/var/named/chroot/dev/random
+ mkdir -pv %{BUILDROOT}/var/named/chroot/dev/zero
+ mkdir -pv %{BUILDROOT}/var/named/chroot/etc/localtime
+
+ touch %{BUILDROOT}/var/named/chroot/etc/named.conf
+
+ # Run make install
+ make DESTDIR=%{BUILDROOT} install
+
+ # Remove RPATH from libraries.
+ chrpath --delete %{BUILDROOT}/lib*/*export*.so.*
+
+ # Remove unwanted files
+ rm -rvf %{BUILDROOT}/etc/bind.keys
+
+ # Create ghost config files
+ touch %{BUILDROOT}/var/log/named.log
+
+ # Configuration files
+ tar -C %{BUILDROOT} -xaf %{DIR_DL}/bind-config-8.tar.bz2
+ touch %{BUILDROOT}/etc/rndc.key
+ touch %{BUILDROOT}/etc/rndc.conf
+
+ mkdir %{BUILDROOT}/etc/named
+ install -m 644 bind.keys %{BUILDROOT}/etc/named.iscdlv.key
+ install -m 644 %{DIR_SOURCE}/trusted-key.key %{BUILDROOT}/etc/trusted-key.key
+
+ # Recreate symlinks for export libraries
+ rm -rf %{BUILDROOT}/lib/lib*-export.so
+
+ ln -svf ../../lib/libdns-export.so.81 %{BUILDROOT}/usr/lib/libdns-export.so
+ ln -svf ../../lib/libirs-export.so.80 %{BUILDROOT}/usr/lib/libirs-export.so
+ ln -svf ../../lib/libisccfg-export.so.82 %{BUILDROOT}/usr/lib/libisccfg-export.so
+ ln -svf ../../lib/libisc-export.so.83 %{BUILDROOT}/usr/lib/libisc-export.so
end
end
packages
+ package %{name}
+ requires
+ bind-utils
+ bind-chroot
+ end
+
+ prerequires += shadow-utils
+
+ script prein
+ # Create unprivileged user and group.
+ getent group named > /dev/null || groupadd -r named
+ getent passwd named > /dev/null || \
+ useradd -r -g named -d /var/named -s /sbin/nologin \
+ -c "User for bind DNS server" named
+ exit0
+ end
+
+ # XXX Add systemd scriptlet if a service file becomes available
+ end
+
package %{name}-utils
- template MAIN
+ summary = Utilities for querying bind DNS name server.
+ description = %{summary}
+
+ files
+ /usr/bin/dig
+ /usr/bin/host
+ /usr/bin/nslookup
+ /usr/bin/nsupdate
+ /usr/share/man/man1/dig.1*
+ /usr/share/man/man1/host.1*
+ /usr/share/man/man1/nslookup.1*
+ /usr/share/man/man1/nsupdate.1*
+ end
+ end
+
+ package %{name}-chroot
+ summary = Chroot environment for bind DNS servers.
+ description = %{summary}
+
+ files
+ /var/named/chroot
+ end
+ end
+
+ package %{name}-libs
+ template LIBS
+ end
+
+ package %{name}-devel
+ template DEVEL
end
end
--- /dev/null
+/var/named/data/named.run {
+ missingok
+ su named named
+ create 0644 named named
+ postrotate
+ /sbin/service named reload 2> /dev/null > /dev/null || true
+ endscript
+}
--- /dev/null
+d /var/run/named 0755 named named -
--- /dev/null
+--- bind-9.4.0/bin/named/named.8.redhat_doc 2007-01-30 01:23:44.000000000 +0100
++++ bind-9.4.0/bin/named/named.8 2007-03-12 15:39:19.000000000 +0100
+@@ -205,6 +205,63 @@
+ \fI/var/run/named/named.pid\fR
+ .RS 4
+ The default process\-id file.
++.PP
++.SH "NOTES"
++.PP
++.TP
++\fBRed Hat SELinux BIND Security Profile:\fR
++.PP
++By default, Red Hat ships BIND with the most secure SELinux policy
++that will not prevent normal BIND operation and will prevent exploitation
++of all known BIND security vulnerabilities . See the selinux(8) man page
++for information about SElinux.
++.PP
++It is not necessary to run named in a chroot environment if the Red Hat
++SELinux policy for named is enabled. When enabled, this policy is far
++more secure than a chroot environment. Users are recommended to enable
++SELinux and remove the bind-chroot package.
++.PP
++With this extra security comes some restrictions:
++.PP
++By default, the SELinux policy does not allow named to write any master
++zone database files. Only the root user may create files in the $ROOTDIR/var/named
++zone database file directory (the options { "directory" } option), where
++$ROOTDIR is set in /etc/sysconfig/named.
++.PP
++The "named" group must be granted read privelege to
++these files in order for named to be enabled to read them.
++.PP
++Any file created in the zone database file directory is automatically assigned
++the SELinux file context named_zone_t .
++.PP
++By default, SELinux prevents any role from modifying named_zone_t files; this
++means that files in the zone database directory cannot be modified by dynamic
++DNS (DDNS) updates or zone transfers.
++.PP
++The Red Hat BIND distribution and SELinux policy creates three directories where
++named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
++/var/named/data. By placing files you want named to modify, such as
++slave or DDNS updateable zone files and database / statistics dump files in
++these directories, named will work normally and no further operator action is
++required. Files in these directories are automatically assigned the 'named_cache_t'
++file context, which SELinux allows named to write.
++.PP
++\fBRed Hat BIND SDB support:\fR
++.PP
++Red Hat ships named with compiled in Simplified Database Backend modules that ISC
++provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them
++.PP
++The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb.
++.PP
++See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
++.br
++.PP
++\fBRed Hat system-config-bind:\fR
++.PP
++Red Hat provides the system-config-bind GUI to configure named.conf and zone
++database files. Run the "system-config-bind" command and access the manual
++by selecting the Help menu.
++.PP
+ .RE
+ .SH "SEE ALSO"
+ .PP
--- /dev/null
+--- bind-9.5.0b2/bin/named/Makefile.in.pie 2008-02-11 17:21:47.000000000 +0100
++++ bind-9.5.0b2/bin/named/Makefile.in 2008-02-11 17:22:10.000000000 +0100
+@@ -100,8 +100,12 @@ HTMLPAGES = named.html lwresd.html named
+
+ MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
++EXT_CFLAGS = -fpie
++
+ @BIND9_MAKE_RULES@
+
++LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
++
+ main.@O@: main.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ -DVERSION=\"${VERSION}\" \
+diff -up bind-9.5.0b2/bin/named/unix/Makefile.in.pie bind-9.5.0b2/bin/named/unix/Makefile.in
+--- bind-9.5.0b2/bin/named/unix/Makefile.in.pie 2008-02-11 17:22:21.000000000 +0100
++++ bind-9.5.0b2/bin/named/unix/Makefile.in 2008-02-11 17:23:00.000000000 +0100
+@@ -19,6 +19,8 @@ srcdir = @srcdir@
+ VPATH = @srcdir@
+ top_srcdir = @top_srcdir@
+
++EXT_CFLAGS = -fpie
++
+ @BIND9_MAKE_INCLUDES@
+
+ CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
--- /dev/null
+diff -up bind-9.5.1b1/contrib/dlz/config.dlz.in.64bit bind-9.5.1b1/contrib/dlz/config.dlz.in
+--- bind-9.5.1b1/contrib/dlz/config.dlz.in.64bit 2008-06-17 06:03:31.000000000 +0200
++++ bind-9.5.1b1/contrib/dlz/config.dlz.in 2008-07-11 12:08:43.000000000 +0200
+@@ -17,6 +17,13 @@
+ #
+ dlzdir='${DLZ_DRIVER_DIR}'
+
++AC_MSG_CHECKING([for target libdir])
++AC_RUN_IFELSE([int main(void) {exit((sizeof(void *) == 8) ? 0 : 1);}],
++ [target_lib=lib64],
++ [target_lib=lib],
++)
++AC_MSG_RESULT(["$target_lib"])
++
+ #
+ # Private autoconf macro to simplify configuring drivers:
+ #
+@@ -135,9 +142,9 @@ then
+ then
+ use_dlz_mysql=$d
+ mysql_include=$d/include/mysql
+- if test -d $d/lib/mysql
++ if test -d $d/${target_lib}/mysql
+ then
+- mysql_lib=$d/lib/mysql
++ mysql_lib=$d/${target_lib}/mysql
+ else
+ mysql_lib=$d/lib
+ fi
+@@ -274,11 +281,11 @@ case "$use_dlz_bdb" in
+ bdb_libnames="db42 db-4.2 db41 db-4.1 db"
+ for d in $bdb_libnames
+ do
+- if test -f "$dd/lib/lib${d}.so"
++ if test -f "$dd/${target_lib}/lib${d}.so"
+ then
+ if test "$dd" != "/usr"
+ then
+- dlz_bdb_libs="-L${dd}/lib "
++ dlz_bdb_libs="-L${dd}/${target_lib} "
+ else
+ dlz_bdb_libs=""
+ fi
+@@ -383,7 +390,7 @@ case "$use_dlz_ldap" in
+ *)
+ DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
+ [-I$use_dlz_ldap/include],
+- [-L$use_dlz_ldap/lib -lldap -llber])
++ [-L$use_dlz_ldap/${target_lib} -lldap -llber])
+
+ AC_MSG_RESULT(
+ [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])
+@@ -407,7 +414,7 @@ then
+ odbcdirs="/usr /usr/local /usr/pkg"
+ for d in $odbcdirs
+ do
+- if test -f $d/include/sql.h -a -f $d/lib/libodbc.a
++ if test -f $d/include/sql.h -a -f $d/${target_lib}/libodbc.a
+ then
+ use_dlz_odbc=$d
+ break
+@@ -427,7 +434,7 @@ case "$use_dlz_odbc" in
+ *)
+ DLZ_ADD_DRIVER(ODBC, dlz_odbc_driver,
+ [-I$use_dlz_odbc/include],
+- [-L$use_dlz_odbc/lib -lodbc])
++ [-L$use_dlz_odbc/${target_lib} -lodbc])
+
+ AC_MSG_RESULT([using ODBC from $use_dlz_odbc])
+ ;;
--- /dev/null
+diff -up bind-9.7.0b1/bin/dig/dighost.c.libidn bind-9.7.0b1/bin/dig/dighost.c
+--- bind-9.7.0b1/bin/dig/dighost.c.libidn 2009-09-16 01:48:09.000000000 +0200
++++ bind-9.7.0b1/bin/dig/dighost.c 2009-10-20 10:49:26.719056220 +0200
+@@ -44,6 +44,11 @@
+ #include <idn/api.h>
+ #endif
+
++#ifdef WITH_LIBIDN
++#include <stringprep.h>
++#include <idna.h>
++#endif
++
+ #include <dns/byaddr.h>
+ #ifdef DIG_SIGCHASE
+ #include <dns/dnssec.h>
+@@ -153,6 +158,14 @@ static void idn_check_result(idn_result
+ int idnoptions = 0;
+ #endif
+
++#ifdef WITH_LIBIDN
++static isc_result_t libidn_locale_to_utf8 (const char* from, char **to);
++static isc_result_t libidn_utf8_to_ascii (const char* from, char *to);
++static isc_result_t output_filter (isc_buffer_t *buffer,
++ unsigned int used_org,
++ isc_boolean_t absolute);
++#endif
++
+ /*%
+ * Exit Codes:
+ *
+@@ -1184,6 +1197,9 @@ setup_system(void) {
+ dig_searchlist_t *domain = NULL;
+ lwres_result_t lwresult;
+ unsigned int lwresflags;
++#ifdef WITH_LIBIDN
++ isc_result_t result;
++#endif
+
+ debug("setup_system()");
+
+@@ -1242,8 +1258,15 @@ setup_system(void) {
+
+ #ifdef WITH_IDN
+ initialize_idn();
++
++#endif
++#ifdef WITH_LIBIDN
++ result = dns_name_settotextfilter(output_filter);
++ check_result(result, "dns_name_settotextfilter");
++#ifdef HAVE_SETLOCALE
++ setlocale (LC_ALL, "");
++#endif
+ #endif
+-
+ if (keyfile[0] != 0)
+ setup_file_key();
+ else if (keysecret[0] != 0)
+@@ -1957,12 +1980,18 @@ setup_lookup(dig_lookup_t *lookup) {
+ idn_result_t mr;
+ char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME];
+ #endif
++#ifdef WITH_LIBIDN
++ char *utf8_str = NULL, utf8_name[MXNAME], ascii_name[MXNAME];
++#endif
+
+ #ifdef WITH_IDN
+ result = dns_name_settotextfilter(output_filter);
+ check_result(result, "dns_name_settotextfilter");
+ #endif
+-
++#ifdef WITH_LIBIDN
++ result = dns_name_settotextfilter (output_filter);
++ check_result(result, "dns_name_settotextfilter");
++#endif
+ REQUIRE(lookup != NULL);
+ INSIST(!free_now);
+
+@@ -1999,6 +2028,16 @@ setup_lookup(dig_lookup_t *lookup) {
+ mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname,
+ utf8_textname, sizeof(utf8_textname));
+ idn_check_result(mr, "convert textname to UTF-8");
++#elif defined (WITH_LIBIDN)
++ result = libidn_locale_to_utf8 (lookup->textname, &utf8_str);
++ check_result (result, "converting textname to UTF-8");
++ len = strlen (utf8_str);
++ if (len < MXNAME) {
++ (void) strcpy (utf8_name, utf8_str);
++ } else {
++ fatal ("Too long name");
++ }
++ isc_mem_free (mctx, utf8_str);
+ #endif
+
+ /*
+@@ -2018,6 +2057,15 @@ setup_lookup(dig_lookup_t *lookup) {
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ }
++#elif defined (WITH_LIBIDN)
++ if ((count_dots(utf8_name) >= ndots) || !usesearch) {
++ lookup->origin = NULL; /* Force abs lookup */
++ lookup->done_as_is = ISC_TRUE;
++ lookup->need_search = usesearch;
++ } else if (lookup->origin == NULL && usesearch) {
++ lookup->origin = ISC_LIST_HEAD(search_list);
++ lookup->need_search = ISC_FALSE;
++ }
+ #else
+ if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
+ lookup->origin = NULL; /* Force abs lookup */
+@@ -2044,6 +2092,20 @@ setup_lookup(dig_lookup_t *lookup) {
+ IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
+ idn_textname, sizeof(idn_textname));
+ idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
++#elif defined (WITH_LIBIDN)
++ if (lookup->origin != NULL) {
++ result = libidn_locale_to_utf8 (lookup->origin->origin, &utf8_str);
++ check_result (result, "convert origin to UTF-8");
++ if (len + strlen (utf8_str) + 1 < MXNAME) {
++ utf8_name[len++] = '.';
++ (void) strcpy (utf8_name + len, utf8_str);
++ } else {
++ fatal ("Too long name + origin");
++ }
++ isc_mem_free (mctx, utf8_str);
++ }
++
++ result = libidn_utf8_to_ascii (utf8_name, ascii_name);
+ #else
+ if (lookup->origin != NULL) {
+ debug("trying origin %s", lookup->origin->origin);
+@@ -2099,6 +2161,13 @@ setup_lookup(dig_lookup_t *lookup) {
+ result = dns_name_fromtext(lookup->name, &b,
+ dns_rootname, 0,
+ &lookup->namebuf);
++#elif defined (WITH_LIBIDN)
++ len = strlen (ascii_name);
++ isc_buffer_init(&b, ascii_name, len);
++ isc_buffer_add(&b, len);
++ result = dns_name_fromtext(lookup->name, &b,
++ dns_rootname, 0,
++ &lookup->namebuf);
+ #else
+ len = strlen(lookup->textname);
+ isc_buffer_init(&b, lookup->textname, len);
+@@ -3617,7 +3686,7 @@ destroy_libs(void) {
+ void * ptr;
+ dig_message_t *chase_msg;
+ #endif
+-#ifdef WITH_IDN
++#if defined (WITH_IDN) || defined (WITH_LIBIDN)
+ isc_result_t result;
+ #endif
+
+@@ -3656,6 +3725,10 @@ destroy_libs(void) {
+ result = dns_name_settotextfilter(NULL);
+ check_result(result, "dns_name_settotextfilter");
+ #endif
++#ifdef WITH_LIBIDN
++ result = dns_name_settotextfilter (NULL);
++ check_result(result, "clearing dns_name_settotextfilter");
++#endif
+ dns_name_destroy();
+
+ if (commctx != NULL) {
+@@ -3834,6 +3907,79 @@ idn_check_result(idn_result_t r, const c
+ }
+ }
+ #endif /* WITH_IDN */
++#ifdef WITH_LIBIDN
++/* If stringprep_locale_to_utf8 fails simple copy string */
++static isc_result_t
++libidn_locale_to_utf8 (const char *from, char **to) {
++ char *utf8_str;
++
++ utf8_str = stringprep_locale_to_utf8 (from);
++ if (utf8_str == NULL) {
++ *to = isc_mem_allocate (mctx, strlen (from) + 1);
++ if (*to == NULL)
++ return (ISC_R_NOMEMORY);
++ (void) strcpy (*to, from);
++ } else {
++ *to = isc_mem_allocate (mctx, strlen (utf8_str) + 1);
++ if (*to == NULL)
++ return (ISC_R_NOMEMORY);
++ (void) strcpy (*to, utf8_str);
++ free (utf8_str);
++ }
++ return (ISC_R_SUCCESS);
++}
++static isc_result_t
++libidn_utf8_to_ascii (const char *from, char *to) {
++ char *ascii;
++
++ if (idna_to_ascii_8z (from, &ascii, 0) != IDNA_SUCCESS)
++ return (ISC_R_FAILURE);
++
++ (void) strcpy (to, ascii);
++ free (ascii);
++ return (ISC_R_SUCCESS);
++}
++/* based on idnkit's code*/
++static isc_result_t
++output_filter (isc_buffer_t *buffer, unsigned int used_org,
++ isc_boolean_t absolute) {
++ char tmp1[MXNAME], *tmp2;
++ size_t fromlen, tolen;
++ isc_boolean_t end_with_dot;
++
++ fromlen = isc_buffer_usedlength(buffer) - used_org;
++ if (fromlen >= MXNAME)
++ return (ISC_R_SUCCESS);
++ memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen);
++ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
++ if (absolute && !end_with_dot) {
++ fromlen++;
++ if (fromlen >= MXNAME)
++ return (ISC_R_SUCCESS);
++ tmp1[fromlen - 1] = '.';
++ }
++ tmp1[fromlen] = '\0';
++
++ if (idna_to_unicode_lzlz (tmp1, &tmp2, 0) != IDNA_SUCCESS)
++ return (ISC_R_SUCCESS);
++
++ (void) strcpy (tmp1, tmp2);
++ free (tmp2);
++
++ tolen = strlen(tmp1);
++ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
++ tolen--;
++
++ if (isc_buffer_length(buffer) < used_org + tolen)
++ return (ISC_R_NOSPACE);
++
++ isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org);
++ memcpy(isc_buffer_used(buffer), tmp1, tolen);
++ isc_buffer_add(buffer, tolen);
++
++ return (ISC_R_SUCCESS);
++}
++#endif /* WITH_LIBIDN*/
+
+ #ifdef DIG_SIGCHASE
+ void
+diff -up bind-9.7.0b1/bin/dig/Makefile.in.libidn bind-9.7.0b1/bin/dig/Makefile.in
+--- bind-9.7.0b1/bin/dig/Makefile.in.libidn 2009-09-22 10:47:55.000000000 +0200
++++ bind-9.7.0b1/bin/dig/Makefile.in 2009-10-20 10:50:06.201543709 +0200
+@@ -46,10 +46,10 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS}
+ ${LWRESDEPLIBS}
+
+ LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+- ${ISCLIBS} @IDNLIBS@ @LIBS@
++ ${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn
+
+ NOSYMLIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+- ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
++ ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn
+
+ SUBDIRS =
+
+@@ -67,6 +67,8 @@ HTMLPAGES = dig.html host.html nslookup.
+
+ MANOBJS = ${MANPAGES} ${HTMLPAGES}
+
++EXT_CFLAGS = -DWITH_LIBIDN
++
+ @BIND9_MAKE_RULES@
+
+ dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
--- /dev/null
+diff -up bind-9.5.0b1/bin/dig/dighost.c.libidn2 bind-9.5.0b1/bin/dig/dighost.c
+--- bind-9.5.0b1/bin/dig/dighost.c.libidn2 2007-12-10 13:12:26.000000000 +0100
++++ bind-9.5.0b1/bin/dig/dighost.c 2007-12-10 14:21:09.000000000 +0100
+@@ -153,7 +153,7 @@ int idnoptions = 0;
+ #endif
+
+ #ifdef WITH_LIBIDN
+-static isc_result_t libidn_locale_to_utf8 (const char* from, char **to);
++static isc_result_t libidn_locale_to_utf8 (const char* from, char *to);
+ static isc_result_t libidn_utf8_to_ascii (const char* from, char *to);
+ static isc_result_t output_filter (isc_buffer_t *buffer,
+ unsigned int used_org,
+@@ -1764,17 +1764,13 @@ setup_lookup(dig_lookup_t *lookup) {
+ char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME];
+ #endif
+ #ifdef WITH_LIBIDN
+- char *utf8_str = NULL, utf8_name[MXNAME], ascii_name[MXNAME];
++ char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME];
+ #endif
+
+-#ifdef WITH_IDN
++#if defined (WITH_IDN) || defined (WITH_LIBIDN)
+ result = dns_name_settotextfilter(output_filter);
+ check_result(result, "dns_name_settotextfilter");
+ #endif
+-#ifdef WITH_LIBIDN
+- result = dns_name_settotextfilter (output_filter);
+- check_result(result, "dns_name_settotextfilter");
+-#endif
+ REQUIRE(lookup != NULL);
+ INSIST(!free_now);
+
+@@ -1812,15 +1808,13 @@ setup_lookup(dig_lookup_t *lookup) {
+ utf8_textname, sizeof(utf8_textname));
+ idn_check_result(mr, "convert textname to UTF-8");
+ #elif defined (WITH_LIBIDN)
+- result = libidn_locale_to_utf8 (lookup->textname, &utf8_str);
+- check_result (result, "converting textname to UTF-8");
++ result = libidn_locale_to_utf8 (lookup->textname, utf8_str);
++ check_result (result, "convert textname to UTF-8");
+ len = strlen (utf8_str);
+- if (len < MXNAME) {
++ if (len < MXNAME)
+ (void) strcpy (utf8_name, utf8_str);
+- } else {
++ else
+ fatal ("Too long name");
+- }
+- isc_mem_free (mctx, utf8_str);
+ #endif
+
+ /*
+@@ -1833,24 +1827,11 @@ setup_lookup(dig_lookup_t *lookup) {
+ if (lookup->new_search) {
+ #ifdef WITH_IDN
+ if ((count_dots(utf8_textname) >= ndots) || !usesearch) {
+- lookup->origin = NULL; /* Force abs lookup */
+- lookup->done_as_is = ISC_TRUE;
+- lookup->need_search = usesearch;
+- } else if (lookup->origin == NULL && usesearch) {
+- lookup->origin = ISC_LIST_HEAD(search_list);
+- lookup->need_search = ISC_FALSE;
+- }
+ #elif defined (WITH_LIBIDN)
+ if ((count_dots(utf8_name) >= ndots) || !usesearch) {
+- lookup->origin = NULL; /* Force abs lookup */
+- lookup->done_as_is = ISC_TRUE;
+- lookup->need_search = usesearch;
+- } else if (lookup->origin == NULL && usesearch) {
+- lookup->origin = ISC_LIST_HEAD(search_list);
+- lookup->need_search = ISC_FALSE;
+- }
+ #else
+ if ((count_dots(lookup->textname) >= ndots) || !usesearch) {
++#endif
+ lookup->origin = NULL; /* Force abs lookup */
+ lookup->done_as_is = ISC_TRUE;
+ lookup->need_search = usesearch;
+@@ -1858,7 +1839,6 @@ setup_lookup(dig_lookup_t *lookup) {
+ lookup->origin = ISC_LIST_HEAD(search_list);
+ lookup->need_search = ISC_FALSE;
+ }
+-#endif
+ }
+
+ #ifdef WITH_IDN
+@@ -1877,15 +1857,12 @@ setup_lookup(dig_lookup_t *lookup) {
+ idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
+ #elif defined (WITH_LIBIDN)
+ if (lookup->origin != NULL) {
+- result = libidn_locale_to_utf8 (lookup->origin->origin, &utf8_str);
++ result = libidn_locale_to_utf8 (lookup->origin->origin, utf8_str);
+ check_result (result, "convert origin to UTF-8");
+- if (len + strlen (utf8_str) + 1 < MXNAME) {
+- utf8_name[len++] = '.';
++ if (len + strlen (utf8_str) < MXNAME)
+ (void) strcpy (utf8_name + len, utf8_str);
+- } else {
++ else
+ fatal ("Too long name + origin");
+- }
+- isc_mem_free (mctx, utf8_str);
+ }
+
+ result = libidn_utf8_to_ascii (utf8_name, ascii_name);
+@@ -3600,76 +3577,85 @@ idn_check_result(idn_result_t r, const c
+ }
+ #endif /* WITH_IDN */
+ #ifdef WITH_LIBIDN
+-/* If stringprep_locale_to_utf8 fails simple copy string */
+ static isc_result_t
+-libidn_locale_to_utf8 (const char *from, char **to) {
++libidn_locale_to_utf8 (const char *from, char *to) {
+ char *utf8_str;
+
++ debug ("libidn_locale_to_utf8");
+ utf8_str = stringprep_locale_to_utf8 (from);
+- if (utf8_str == NULL) {
+- *to = isc_mem_allocate (mctx, strlen (from) + 1);
+- if (*to == NULL)
+- return (ISC_R_NOMEMORY);
+- (void) strcpy (*to, from);
+- } else {
+- *to = isc_mem_allocate (mctx, strlen (utf8_str) + 1);
+- if (*to == NULL)
+- return (ISC_R_NOMEMORY);
+- (void) strcpy (*to, utf8_str);
++ if (utf8_str != NULL) {
++ (void) strcpy (to, utf8_str);
+ free (utf8_str);
++ return ISC_R_SUCCESS;
+ }
+- return (ISC_R_SUCCESS);
++
++ debug ("libidn_locale_to_utf8: failure");
++ return ISC_R_FAILURE;
+ }
+ static isc_result_t
+ libidn_utf8_to_ascii (const char *from, char *to) {
+ char *ascii;
++ int iresult;
+
+- if (idna_to_ascii_8z (from, &ascii, 0) != IDNA_SUCCESS)
+- return (ISC_R_FAILURE);
++ debug ("libidn_utf8_to_ascii");
++ iresult = idna_to_ascii_8z (from, &ascii, 0);
++ if (iresult != IDNA_SUCCESS) {
++ debug ("idna_to_ascii_8z: %s", idna_strerror (iresult));
++ return ISC_R_FAILURE;
++ }
+
+ (void) strcpy (to, ascii);
+ free (ascii);
+- return (ISC_R_SUCCESS);
++ return ISC_R_SUCCESS;
+ }
+-/* based on idnkit's code*/
++
+ static isc_result_t
+ output_filter (isc_buffer_t *buffer, unsigned int used_org,
+ isc_boolean_t absolute) {
++
+ char tmp1[MXNAME], *tmp2;
+ size_t fromlen, tolen;
+ isc_boolean_t end_with_dot;
++ int iresult;
++
++ debug ("output_filter");
+
+- fromlen = isc_buffer_usedlength(buffer) - used_org;
++ fromlen = isc_buffer_usedlength (buffer) - used_org;
+ if (fromlen >= MXNAME)
+- return (ISC_R_SUCCESS);
+- memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen);
++ return ISC_R_SUCCESS;
++ memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org, fromlen);
+ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE;
+ if (absolute && !end_with_dot) {
+ fromlen++;
+ if (fromlen >= MXNAME)
+- return (ISC_R_SUCCESS);
++ return ISC_R_SUCCESS;
+ tmp1[fromlen - 1] = '.';
+ }
+ tmp1[fromlen] = '\0';
+
+- if (idna_to_unicode_lzlz (tmp1, &tmp2, 0) != IDNA_SUCCESS)
+- return (ISC_R_SUCCESS);
++ iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0);
++ if (iresult != IDNA_SUCCESS) {
++ debug ("output_filter: %s", idna_strerror (iresult));
++ return ISC_R_SUCCESS;
++ }
+
+ (void) strcpy (tmp1, tmp2);
+ free (tmp2);
+
+- tolen = strlen(tmp1);
++ tolen = strlen (tmp1);
+ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
+ tolen--;
+
+- if (isc_buffer_length(buffer) < used_org + tolen)
+- return (ISC_R_NOSPACE);
++ if (isc_buffer_length (buffer) < used_org + tolen)
++ return ISC_R_NOSPACE;
++
++ debug ("%s", tmp1);
+
+- isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org);
+- memcpy(isc_buffer_used(buffer), tmp1, tolen);
+- isc_buffer_add(buffer, tolen);
++ isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) - used_org);
++ memcpy (isc_buffer_used (buffer), tmp1, tolen);
++ isc_buffer_add (buffer, tolen);
+
+- return (ISC_R_SUCCESS);
++ return ISC_R_SUCCESS;
+ }
+ #endif /* WITH_LIBIDN*/
+
--- /dev/null
+diff -up bind-9.5.0b1/bin/dig/dighost.c.libidn3 bind-9.5.0b1/bin/dig/dighost.c
+--- bind-9.5.0b1/bin/dig/dighost.c.libidn3 2007-12-20 13:24:27.000000000 +0100
++++ bind-9.5.0b1/bin/dig/dighost.c 2007-12-20 13:27:10.000000000 +0100
+@@ -1859,10 +1859,13 @@ setup_lookup(dig_lookup_t *lookup) {
+ if (lookup->origin != NULL) {
+ result = libidn_locale_to_utf8 (lookup->origin->origin, utf8_str);
+ check_result (result, "convert origin to UTF-8");
+- if (len + strlen (utf8_str) < MXNAME)
+- (void) strcpy (utf8_name + len, utf8_str);
+- else
+- fatal ("Too long name + origin");
++ if (len > 0 && utf8_name[len - 1] != '.') {
++ utf8_name[len++] = '.';
++ if (len + strlen (utf8_str) < MXNAME)
++ (void) strcpy (utf8_name + len, utf8_str);
++ else
++ fatal ("Too long name + origin");
++ }
+ }
+
+ result = libidn_utf8_to_ascii (utf8_name, ascii_name);
--- /dev/null
+diff -up bind-9.5.0a5/lib/isc/pthreads/condition.c.overflow bind-9.5.0a5/lib/isc/pthreads/condition.c
+--- bind-9.5.0a5/lib/isc/pthreads/condition.c.overflow 2007-07-17 07:53:59.000000000 +0200
++++ bind-9.5.0a5/lib/isc/pthreads/condition.c 2007-07-17 07:55:08.000000000 +0200
+@@ -43,7 +43,7 @@ isc_condition_waituntil(isc_condition_t
+ * POSIX defines a timespec's tv_sec as time_t.
+ */
+ result = isc_time_secondsastimet(t, &ts.tv_sec);
+- if (result != ISC_R_SUCCESS)
++ if (result != ISC_R_RANGE && result != ISC_R_SUCCESS)
+ return (result);
+
+ /*!
+diff -up bind-9.5.0a5/lib/isc/unix/time.c.overflow bind-9.5.0a5/lib/isc/unix/time.c
+--- bind-9.5.0a5/lib/isc/unix/time.c.overflow 2007-02-14 01:27:27.000000000 +0100
++++ bind-9.5.0a5/lib/isc/unix/time.c 2007-07-17 07:53:08.000000000 +0200
+@@ -379,6 +379,9 @@ isc_time_secondsastimet(const isc_time_t
+ * (Let's hope the compiler got the actual test right.)
+ */
+ UNUSED(i);
++
++ /* Means that t->seconds > maximum value in time_t and we have int time_t */
++ seconds = INT_MAX;
+ return (ISC_R_RANGE);
+ }
--- /dev/null
+diff -up bind-9.5.0b1/lib/dns/Makefile.in.parallel bind-9.5.0b1/lib/dns/Makefile.in
+--- bind-9.5.0b1/lib/dns/Makefile.in.parallel 2008-01-17 18:27:38.000000000 +0100
++++ bind-9.5.0b1/lib/dns/Makefile.in 2008-01-17 18:27:45.000000000 +0100
+@@ -19,10 +19,6 @@ srcdir = @srcdir@
+ VPATH = @srcdir@
+ top_srcdir = @top_srcdir@
+
+-# Attempt to disable parallel processing.
+-.NOTPARALLEL:
+-.NO_PARALLEL:
+-
+ @BIND9_VERSION@
+
+ @LIBDNS_API@
--- /dev/null
+diff -up bind-9.5.0-P2/bin/dig/dighost.c.rh452060 bind-9.5.0-P2/bin/dig/dighost.c
+--- bind-9.5.0-P2/bin/dig/dighost.c.rh452060 2008-12-01 22:30:01.000000000 +0100
++++ bind-9.5.0-P2/bin/dig/dighost.c 2008-12-01 22:30:07.000000000 +0100
+@@ -1280,6 +1280,12 @@ clear_query(dig_query_t *query) {
+
+ debug("clear_query(%p)", query);
+
++ if (query->waiting_senddone) {
++ debug("send_done not yet called");
++ query->pending_free = ISC_TRUE;
++ return;
++ }
++
+ lookup = query->lookup;
+
+ if (lookup->current_query == query)
+@@ -1301,10 +1307,7 @@ clear_query(dig_query_t *query) {
+ isc_mempool_put(commctx, query->recvspace);
+ isc_buffer_invalidate(&query->recvbuf);
+ isc_buffer_invalidate(&query->lengthbuf);
+- if (query->waiting_senddone)
+- query->pending_free = ISC_TRUE;
+- else
+- isc_mem_free(mctx, query);
++ isc_mem_free(mctx, query);
+ }
+
+ /*%
+@@ -2175,9 +2178,9 @@ send_done(isc_task_t *_task, isc_event_t
+ isc_event_free(&event);
+
+ if (query->pending_free)
+- isc_mem_free(mctx, query);
++ clear_query(query);
+
+- check_if_done();
++ check_next_lookup(l);
+ UNLOCK_LOOKUP;
+ }
+
--- /dev/null
+diff -up bind-9.8.1rc1/bin/named/main.c.dyndb bind-9.8.1rc1/bin/named/main.c
+--- bind-9.8.1rc1/bin/named/main.c.dyndb 2011-03-11 07:47:00.000000000 +0100
++++ bind-9.8.1rc1/bin/named/main.c 2011-08-31 14:25:02.244088457 +0200
+@@ -45,6 +45,7 @@
+ #include <isccc/result.h>
+
+ #include <dns/dispatch.h>
++#include <dns/dynamic_db.h>
+ #include <dns/name.h>
+ #include <dns/result.h>
+ #include <dns/view.h>
+@@ -884,6 +885,8 @@ setup(void) {
+
+ static void
+ cleanup(void) {
++ dns_dynamic_db_cleanup(ISC_TRUE);
++
+ destroy_managers();
+
+ ns_server_destroy(&ns_g_server);
+diff -up bind-9.8.1rc1/bin/named/server.c.dyndb bind-9.8.1rc1/bin/named/server.c
+--- bind-9.8.1rc1/bin/named/server.c.dyndb 2011-08-02 06:58:45.000000000 +0200
++++ bind-9.8.1rc1/bin/named/server.c 2011-08-31 14:29:04.261071645 +0200
+@@ -61,6 +61,7 @@
+ #include <dns/db.h>
+ #include <dns/dispatch.h>
+ #include <dns/dlz.h>
++#include <dns/dynamic_db.h>
+ #include <dns/dns64.h>
+ #include <dns/forward.h>
+ #include <dns/journal.h>
+@@ -1151,6 +1152,72 @@ configure_peer(const cfg_obj_t *cpeer, i
+ }
+
+ static isc_result_t
++configure_dynamic_db(const cfg_obj_t *dynamic_db, isc_mem_t *mctx,
++ const dns_dyndb_arguments_t *dyndb_args)
++{
++ isc_result_t result;
++ const cfg_obj_t *obj;
++ const cfg_obj_t *options;
++ const cfg_listelt_t *element;
++ const char *name;
++ const char *libname;
++ const char **argv = NULL;
++ unsigned int i;
++ unsigned int len;
++
++ /* Get the name of the database. */
++ obj = cfg_tuple_get(dynamic_db, "name");
++ name = cfg_obj_asstring(obj);
++
++ /* Get options. */
++ options = cfg_tuple_get(dynamic_db, "options");
++
++ /* Get library name. */
++ obj = NULL;
++ CHECK(cfg_map_get(options, "library", &obj));
++ libname = cfg_obj_asstring(obj);
++
++ /* Create a list of arguments. */
++ obj = NULL;
++ result = cfg_map_get(options, "arg", &obj);
++ if (result == ISC_R_NOTFOUND)
++ len = 0;
++ else if (result == ISC_R_SUCCESS)
++ len = cfg_list_length(obj, isc_boolean_false);
++ else
++ goto cleanup;
++
++ /* Account for the last terminating NULL. */
++ len++;
++
++ argv = isc_mem_allocate(mctx, len * sizeof(const char *));
++ if (argv == NULL) {
++ result = ISC_R_NOMEMORY;
++ goto cleanup;
++ }
++ for (element = cfg_list_first(obj), i = 0;
++ element != NULL;
++ element = cfg_list_next(element), i++)
++ {
++ REQUIRE(i < len);
++
++ obj = cfg_listelt_value(element);
++ argv[i] = cfg_obj_asstring(obj);
++ }
++ REQUIRE(i < len);
++ argv[i] = NULL;
++
++ CHECK(dns_dynamic_db_load(libname, name, mctx, argv, dyndb_args));
++
++cleanup:
++ if (argv != NULL)
++ isc_mem_free(mctx, argv);
++
++ return result;
++}
++
++
++static isc_result_t
+ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
+ isc_result_t result;
+ const cfg_obj_t *algorithms;
+@@ -1562,6 +1629,7 @@ configure_view(dns_view_t *view, cfg_obj
+ const cfg_obj_t *dlz;
+ unsigned int dlzargc;
+ char **dlzargv;
++ const cfg_obj_t *dynamic_db_list;
+ const cfg_obj_t *disabled;
+ const cfg_obj_t *obj;
+ const cfg_listelt_t *element;
+@@ -1792,6 +1860,39 @@ configure_view(dns_view_t *view, cfg_obj
+ }
+ }
+
++
++
++ /*
++ * Configure dynamic databases.
++ */
++ dynamic_db_list = NULL;
++ if (voptions != NULL)
++ (void)cfg_map_get(voptions, "dynamic-db", &dynamic_db_list);
++ else
++ (void)cfg_map_get(config, "dynamic-db", &dynamic_db_list);
++ element = cfg_list_first(dynamic_db_list);
++ if (element != NULL) {
++ dns_dyndb_arguments_t *args;
++
++ args = dns_dyndb_arguments_create(mctx);
++ if (args == NULL) {
++ result = ISC_R_NOMEMORY;
++ goto cleanup;
++ }
++ dns_dyndb_set_view(args, view);
++ dns_dyndb_set_zonemgr(args, ns_g_server->zonemgr);
++ dns_dyndb_set_task(args, ns_g_server->task);
++ dns_dyndb_set_timermgr(args, ns_g_timermgr);
++ while (element != NULL) {
++ obj = cfg_listelt_value(element);
++ CHECK(configure_dynamic_db(obj, mctx, args));
++
++ element = cfg_list_next(element);
++ }
++
++ dns_dyndb_arguments_destroy(mctx, args);
++ }
++
+ /*
+ * Obtain configuration parameters that affect the decision of whether
+ * we can reuse/share an existing cache.
+@@ -4292,6 +4393,7 @@ load_configuration(const char *filename,
+ cfg_aclconfctx_detach(&ns_g_aclconfctx);
+ CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
+
++ dns_dynamic_db_cleanup(ISC_FALSE);
+ /*
+ * Parse the global default pseudo-config file.
+ */
+diff -up bind-9.8.1rc1/lib/dns/dynamic_db.c.dyndb bind-9.8.1rc1/lib/dns/dynamic_db.c
+--- bind-9.8.1rc1/lib/dns/dynamic_db.c.dyndb 2011-08-31 14:25:02.249088456 +0200
++++ bind-9.8.1rc1/lib/dns/dynamic_db.c 2011-08-31 14:25:02.249088456 +0200
+@@ -0,0 +1,366 @@
++/*
++ * Copyright (C) 2008-2011 Red Hat, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND Red Hat DISCLAIMS ALL WARRANTIES WITH
++ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS. IN NO EVENT SHALL Red Hat BE LIABLE FOR ANY SPECIAL, DIRECT,
++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++ * PERFORMANCE OF THIS SOFTWARE.
++ */
++
++
++#include <config.h>
++
++#include <isc/buffer.h>
++#include <isc/mem.h>
++#include <isc/mutex.h>
++#include <isc/once.h>
++#include <isc/result.h>
++#include <isc/region.h>
++#include <isc/task.h>
++#include <isc/types.h>
++#include <isc/util.h>
++
++#include <dns/dynamic_db.h>
++#include <dns/log.h>
++#include <dns/types.h>
++#include <dns/view.h>
++#include <dns/zone.h>
++
++#include <string.h>
++
++#if HAVE_DLFCN_H
++#include <dlfcn.h>
++#endif
++
++#ifndef DYNDB_LIBDIR
++#define DYNDB_LIBDIR ""
++#endif
++
++#define CHECK(op) \
++ do { result = (op); \
++ if (result != ISC_R_SUCCESS) goto cleanup; \
++ } while (0)
++
++
++typedef isc_result_t (*register_func_t)(isc_mem_t *mctx, const char *name,
++ const char * const *argv,
++ const dns_dyndb_arguments_t *dyndb_args);
++typedef void (*destroy_func_t)(void);
++
++typedef struct dyndb_implementation dyndb_implementation_t;
++
++struct dyndb_implementation {
++ isc_mem_t *mctx;
++ void *handle;
++ register_func_t register_function;
++ destroy_func_t destroy_function;
++ LINK(dyndb_implementation_t) link;
++};
++
++struct dns_dyndb_arguments {
++ dns_view_t *view;
++ dns_zonemgr_t *zmgr;
++ isc_task_t *task;
++ isc_timermgr_t *timermgr;
++};
++
++/* List of implementations. Locked by dyndb_lock. */
++static LIST(dyndb_implementation_t) dyndb_implementations;
++/* Locks dyndb_implementations. */
++static isc_mutex_t dyndb_lock;
++static isc_once_t once = ISC_ONCE_INIT;
++
++static void
++dyndb_initialize(void) {
++ RUNTIME_CHECK(isc_mutex_init(&dyndb_lock) == ISC_R_SUCCESS);
++ INIT_LIST(dyndb_implementations);
++}
++
++
++#if HAVE_DLFCN_H
++static isc_result_t
++load_symbol(void *handle, const char *symbol_name, void **symbolp)
++{
++ const char *errmsg;
++ void *symbol;
++
++ REQUIRE(handle != NULL);
++ REQUIRE(symbolp != NULL && *symbolp == NULL);
++
++ symbol = dlsym(handle, symbol_name);
++ if (symbol == NULL) {
++ errmsg = dlerror();
++ if (errmsg == NULL)
++ errmsg = "returned function pointer is NULL";
++ isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
++ DNS_LOGMODULE_DYNDB, ISC_LOG_ERROR,
++ "failed to lookup symbol %s: %s",
++ symbol_name, errmsg);
++ return ISC_R_FAILURE;
++ }
++ dlerror();
++
++ *symbolp = symbol;
++
++ return ISC_R_SUCCESS;
++}
++
++static isc_result_t
++load_library(isc_mem_t *mctx, const char *filename, dyndb_implementation_t **impp)
++{
++ isc_result_t result;
++ size_t module_size;
++ isc_buffer_t *module_buf = NULL;
++ isc_region_t module_region;
++ void *handle = NULL;
++ dyndb_implementation_t *imp;
++ register_func_t register_function = NULL;
++ destroy_func_t destroy_function = NULL;
++
++ REQUIRE(impp != NULL && *impp == NULL);
++
++ /* Build up the full path. */
++ module_size = strlen(DYNDB_LIBDIR) + strlen(filename) + 1;
++ CHECK(isc_buffer_allocate(mctx, &module_buf, module_size));
++ isc_buffer_putstr(module_buf, DYNDB_LIBDIR);
++ isc_buffer_putstr(module_buf, filename);
++ isc_buffer_putuint8(module_buf, 0);
++ isc_buffer_region(module_buf, &module_region);
++
++ handle = dlopen((char *)module_region.base, RTLD_LAZY);
++ if (handle == NULL) {
++ isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
++ DNS_LOGMODULE_DYNDB, ISC_LOG_ERROR,
++ "failed to dynamically load driver '%s': %s",
++ filename, dlerror());
++ result = ISC_R_FAILURE;
++ goto cleanup;
++ }
++ dlerror();
++
++ CHECK(load_symbol(handle, "dynamic_driver_init",
++ (void **)®ister_function));
++ CHECK(load_symbol(handle, "dynamic_driver_destroy",
++ (void **)&destroy_function));
++
++ imp = isc_mem_get(mctx, sizeof(dyndb_implementation_t));
++ if (imp == NULL) {
++ result = ISC_R_NOMEMORY;
++ goto cleanup;
++ }
++
++ imp->mctx = NULL;
++ isc_mem_attach(mctx, &imp->mctx);
++ imp->handle = handle;
++ imp->register_function = register_function;
++ imp->destroy_function = destroy_function;
++ INIT_LINK(imp, link);
++
++ *impp = imp;
++
++cleanup:
++ if (result != ISC_R_SUCCESS && handle != NULL)
++ dlclose(handle);
++ if (module_buf != NULL)
++ isc_buffer_free(&module_buf);
++
++ return result;
++}
++
++static void
++unload_library(dyndb_implementation_t **impp)
++{
++ dyndb_implementation_t *imp;
++
++ REQUIRE(impp != NULL && *impp != NULL);
++
++ imp = *impp;
++
++ isc_mem_putanddetach(&imp->mctx, imp, sizeof(dyndb_implementation_t));
++
++ *impp = NULL;
++}
++
++#else /* HAVE_DLFCN_H */
++static isc_result_t
++load_library(isc_mem_t *mctx, const char *filename, dyndb_implementation_t **impp)
++{
++ UNUSED(mctx);
++ UNUSED(filename);
++ UNUSED(impp);
++
++ isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_DYNDB,
++ ISC_LOG_ERROR,
++ "dynamic database support is not implemented")
++
++ return ISC_R_NOTIMPLEMENTED;
++}
++
++static void
++unload_library(dyndb_implementation_t **impp)
++{
++ dyndb_implementation_t *imp;
++
++ REQUIRE(impp != NULL && *impp != NULL);
++
++ imp = *impp;
++
++ isc_mem_putanddetach(&imp->mctx, imp, sizeof(dyndb_implementation_t));
++
++ *impp = NULL;
++}
++#endif /* HAVE_DLFCN_H */
++
++isc_result_t
++dns_dynamic_db_load(const char *libname, const char *name, isc_mem_t *mctx,
++ const char * const *argv,
++ const dns_dyndb_arguments_t *dyndb_args)
++{
++ isc_result_t result;
++ dyndb_implementation_t *implementation = NULL;
++
++ RUNTIME_CHECK(isc_once_do(&once, dyndb_initialize) == ISC_R_SUCCESS);
++
++ CHECK(load_library(mctx, libname, &implementation));
++ CHECK(implementation->register_function(mctx, name, argv, dyndb_args));
++
++ LOCK(&dyndb_lock);
++ APPEND(dyndb_implementations, implementation, link);
++ UNLOCK(&dyndb_lock);
++
++ return ISC_R_SUCCESS;
++
++cleanup:
++ if (implementation != NULL)
++ unload_library(&implementation);
++
++ return result;
++}
++
++void
++dns_dynamic_db_cleanup(isc_boolean_t exiting)
++{
++ dyndb_implementation_t *elem;
++ dyndb_implementation_t *prev;
++
++ RUNTIME_CHECK(isc_once_do(&once, dyndb_initialize) == ISC_R_SUCCESS);
++
++ LOCK(&dyndb_lock);
++ elem = TAIL(dyndb_implementations);
++ while (elem != NULL) {
++ prev = PREV(elem, link);
++ UNLINK(dyndb_implementations, elem, link);
++ elem->destroy_function();
++ unload_library(&elem);
++ elem = prev;
++ }
++ UNLOCK(&dyndb_lock);
++
++ if (exiting == ISC_TRUE)
++ isc_mutex_destroy(&dyndb_lock);
++}
++
++dns_dyndb_arguments_t *
++dns_dyndb_arguments_create(isc_mem_t *mctx)
++{
++ dns_dyndb_arguments_t *args;
++
++ args = isc_mem_get(mctx, sizeof(*args));
++ if (args != NULL)
++ memset(args, 0, sizeof(*args));
++
++ return args;
++}
++
++void
++dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args)
++{
++ REQUIRE(args != NULL);
++
++ dns_dyndb_set_view(args, NULL);
++ dns_dyndb_set_zonemgr(args, NULL);
++ dns_dyndb_set_task(args, NULL);
++ dns_dyndb_set_timermgr(args, NULL);
++
++ isc_mem_put(mctx, args, sizeof(*args));
++}
++
++void
++dns_dyndb_set_view(dns_dyndb_arguments_t *args, dns_view_t *view)
++{
++ REQUIRE(args != NULL);
++
++ if (args->view != NULL)
++ dns_view_detach(&args->view);
++ if (view != NULL)
++ dns_view_attach(view, &args->view);
++}
++
++dns_view_t *
++dns_dyndb_get_view(dns_dyndb_arguments_t *args)
++{
++ REQUIRE(args != NULL);
++
++ return args->view;
++}
++
++void
++dns_dyndb_set_zonemgr(dns_dyndb_arguments_t *args, dns_zonemgr_t *zmgr)
++{
++ REQUIRE(args != NULL);
++
++ if (args->zmgr != NULL)
++ dns_zonemgr_detach(&args->zmgr);
++ if (zmgr != NULL)
++ dns_zonemgr_attach(zmgr, &args->zmgr);
++}
++
++dns_zonemgr_t *
++dns_dyndb_get_zonemgr(dns_dyndb_arguments_t *args)
++{
++ REQUIRE(args != NULL);
++
++ return args->zmgr;
++}
++
++void
++dns_dyndb_set_task(dns_dyndb_arguments_t *args, isc_task_t *task)
++{
++ REQUIRE(args != NULL);
++
++ if (args->task != NULL)
++ isc_task_detach(&args->task);
++ if (task != NULL)
++ isc_task_attach(task, &args->task);
++}
++
++isc_task_t *
++dns_dyndb_get_task(dns_dyndb_arguments_t *args)
++{
++ REQUIRE(args != NULL);
++
++ return args->task;
++}
++
++void
++dns_dyndb_set_timermgr(dns_dyndb_arguments_t *args, isc_timermgr_t *timermgr)
++{
++ REQUIRE(args != NULL);
++
++ args->timermgr = timermgr;
++}
++
++isc_timermgr_t *
++dns_dyndb_get_timermgr(dns_dyndb_arguments_t *args)
++{
++ REQUIRE(args != NULL);
++
++ return args->timermgr;
++}
+diff -up bind-9.8.1rc1/lib/dns/include/dns/dynamic_db.h.dyndb bind-9.8.1rc1/lib/dns/include/dns/dynamic_db.h
+--- bind-9.8.1rc1/lib/dns/include/dns/dynamic_db.h.dyndb 2011-08-31 14:25:02.249088456 +0200
++++ bind-9.8.1rc1/lib/dns/include/dns/dynamic_db.h 2011-08-31 14:25:02.249088456 +0200
+@@ -0,0 +1,50 @@
++/*
++ * Copyright (C) 2008-2011 Red Hat, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND Red Hat DISCLAIMS ALL WARRANTIES WITH
++ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS. IN NO EVENT SHALL Red Hat BE LIABLE FOR ANY SPECIAL, DIRECT,
++ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
++ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
++ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
++ * PERFORMANCE OF THIS SOFTWARE.
++ */
++
++
++#ifndef DYNAMIC_DB_H
++#define DYNAMIC_DB_H
++
++#include <isc/types.h>
++
++#include <dns/types.h>
++
++/*
++ * TODO:
++ * Reformat the prototypes.
++ * Add annotated comments.
++ */
++
++isc_result_t dns_dynamic_db_load(const char *libname, const char *name,
++ isc_mem_t *mctx, const char * const *argv,
++ const dns_dyndb_arguments_t *dyndb_args);
++
++void dns_dynamic_db_cleanup(isc_boolean_t exiting);
++
++dns_dyndb_arguments_t *dns_dyndb_arguments_create(isc_mem_t *mctx);
++void dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args);
++
++void dns_dyndb_set_view(dns_dyndb_arguments_t *args, dns_view_t *view);
++dns_view_t *dns_dyndb_get_view(dns_dyndb_arguments_t *args);
++void dns_dyndb_set_zonemgr(dns_dyndb_arguments_t *args, dns_zonemgr_t *zmgr);
++dns_zonemgr_t *dns_dyndb_get_zonemgr(dns_dyndb_arguments_t *args);
++void dns_dyndb_set_task(dns_dyndb_arguments_t *args, isc_task_t *task);
++isc_task_t *dns_dyndb_get_task(dns_dyndb_arguments_t *args);
++void dns_dyndb_set_timermgr(dns_dyndb_arguments_t *args,
++ isc_timermgr_t *timermgr);
++isc_timermgr_t *dns_dyndb_get_timermgr(dns_dyndb_arguments_t *args);
++
++#endif
+diff -up bind-9.8.1rc1/lib/dns/include/dns/log.h.dyndb bind-9.8.1rc1/lib/dns/include/dns/log.h
+--- bind-9.8.1rc1/lib/dns/include/dns/log.h.dyndb 2009-12-18 23:16:49.000000000 +0100
++++ bind-9.8.1rc1/lib/dns/include/dns/log.h 2011-08-31 14:25:02.250088456 +0200
+@@ -74,6 +74,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodul
+ #define DNS_LOGMODULE_ACACHE (&dns_modules[25])
+ #define DNS_LOGMODULE_DLZ (&dns_modules[26])
+ #define DNS_LOGMODULE_DNSSEC (&dns_modules[27])
++#define DNS_LOGMODULE_DYNDB (&dns_modules[28])
+
+ ISC_LANG_BEGINDECLS
+
+diff -up bind-9.8.1rc1/lib/dns/include/dns/Makefile.in.dyndb bind-9.8.1rc1/lib/dns/include/dns/Makefile.in
+--- bind-9.8.1rc1/lib/dns/include/dns/Makefile.in.dyndb 2011-02-28 02:20:02.000000000 +0100
++++ bind-9.8.1rc1/lib/dns/include/dns/Makefile.in 2011-08-31 14:25:02.250088456 +0200
+@@ -22,7 +22,7 @@ top_srcdir = @top_srcdir@
+ @BIND9_VERSION@
+
+ HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h cert.h compress.h \
+- db.h dbiterator.h dbtable.h diff.h dispatch.h dlz.h \
++ db.h dbiterator.h dbtable.h diff.h dispatch.h dlz.h dynamic_db.h \
+ dnssec.h ds.h events.h fixedname.h iptable.h journal.h \
+ keyflags.h keytable.h keyvalues.h lib.h log.h \
+ master.h masterdump.h message.h name.h ncache.h nsec.h \
+diff -up bind-9.8.1rc1/lib/dns/include/dns/types.h.dyndb bind-9.8.1rc1/lib/dns/include/dns/types.h
+--- bind-9.8.1rc1/lib/dns/include/dns/types.h.dyndb 2010-12-08 03:46:16.000000000 +0100
++++ bind-9.8.1rc1/lib/dns/include/dns/types.h 2011-08-31 14:25:02.251088456 +0200
+@@ -60,6 +60,7 @@ typedef struct dns_dbtable dns_dbtable
+ typedef void dns_dbversion_t;
+ typedef struct dns_dlzimplementation dns_dlzimplementation_t;
+ typedef struct dns_dlzdb dns_dlzdb_t;
++typedef struct dns_dyndb_arguments dns_dyndb_arguments_t;
+ typedef struct dns_sdlzimplementation dns_sdlzimplementation_t;
+ typedef struct dns_decompress dns_decompress_t;
+ typedef struct dns_dispatch dns_dispatch_t;
+diff -up bind-9.8.1rc1/lib/dns/log.c.dyndb bind-9.8.1rc1/lib/dns/log.c
+--- bind-9.8.1rc1/lib/dns/log.c.dyndb 2009-12-19 00:49:03.000000000 +0100
++++ bind-9.8.1rc1/lib/dns/log.c 2011-08-31 14:25:02.251088456 +0200
+@@ -80,6 +80,7 @@ LIBDNS_EXTERNAL_DATA isc_logmodule_t dns
+ { "dns/acache", 0 },
+ { "dns/dlz", 0 },
+ { "dns/dnssec", 0 },
++ { "dns/dynamic_db", 0 },
+ { NULL, 0 }
+ };
+
+diff -up bind-9.8.1rc1/lib/dns/Makefile.in.dyndb bind-9.8.1rc1/lib/dns/Makefile.in
+--- bind-9.8.1rc1/lib/dns/Makefile.in.dyndb 2011-08-31 14:25:02.230088458 +0200
++++ bind-9.8.1rc1/lib/dns/Makefile.in 2011-08-31 14:25:02.251088456 +0200
+@@ -58,7 +58,7 @@ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ bya
+ cache.@O@ callbacks.@O@ compress.@O@ \
+ db.@O@ dbiterator.@O@ dbtable.@O@ diff.@O@ dispatch.@O@ \
+ dlz.@O@ dns64.@O@ dnssec.@O@ ds.@O@ forward.@O@ iptable.@O@ \
+- journal.@O@ keydata.@O@ keytable.@O@ \
++ dynamic_db.@O@ journal.@O@ keydata.@O@ keytable.@O@ \
+ lib.@O@ log.@O@ lookup.@O@ \
+ master.@O@ masterdump.@O@ message.@O@ \
+ name.@O@ ncache.@O@ nsec.@O@ nsec3.@O@ order.@O@ peer.@O@ \
+@@ -87,7 +87,7 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c
+ cache.c callbacks.c compress.c \
+ db.c dbiterator.c dbtable.c diff.c dispatch.c \
+ dlz.c dns64.c dnssec.c ds.c forward.c iptable.c journal.c \
+- keydata.c keytable.c lib.c log.c lookup.c \
++ dynamic_db.c keydata.c keytable.c lib.c log.c lookup.c \
+ master.c masterdump.c message.c \
+ name.c ncache.c nsec.c nsec3.c order.c peer.c portlist.c \
+ rbt.c rbtdb.c rbtdb64.c rcode.c rdata.c rdatalist.c \
+@@ -118,6 +118,11 @@ version.@O@: version.c
+ -DLIBAGE=${LIBAGE} \
+ -c ${srcdir}/version.c
+
++dynamic_db.@O@: dynamic_db.c
++ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
++ -DDYNDB_LIBDIR=\"@libdir@/bind/\" \
++ -c ${srcdir}/dynamic_db.c
++
+ libdns.@SA@: ${OBJS}
+ ${AR} ${ARFLAGS} $@ ${OBJS}
+ ${RANLIB} $@
+diff -up bind-9.8.1rc1/lib/isccfg/namedconf.c.dyndb bind-9.8.1rc1/lib/isccfg/namedconf.c
+--- bind-9.8.1rc1/lib/isccfg/namedconf.c.dyndb 2011-05-23 22:56:11.000000000 +0200
++++ bind-9.8.1rc1/lib/isccfg/namedconf.c 2011-08-31 14:25:02.253088456 +0200
+@@ -89,6 +89,7 @@ static cfg_type_t cfg_type_controls;
+ static cfg_type_t cfg_type_controls_sockaddr;
+ static cfg_type_t cfg_type_destinationlist;
+ static cfg_type_t cfg_type_dialuptype;
++static cfg_type_t cfg_type_dynamic_db;
+ static cfg_type_t cfg_type_ixfrdifftype;
+ static cfg_type_t cfg_type_key;
+ static cfg_type_t cfg_type_logfile;
+@@ -860,6 +861,7 @@ namedconf_or_view_clauses[] = {
+ { "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI },
+ /* only 1 DLZ per view allowed */
+ { "dlz", &cfg_type_dynamically_loadable_zones, 0 },
++ { "dynamic-db", &cfg_type_dynamic_db, CFG_CLAUSEFLAG_MULTI },
+ { "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI },
+ { "trusted-keys", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI },
+ { "managed-keys", &cfg_type_managedkeys, CFG_CLAUSEFLAG_MULTI },
+@@ -1860,6 +1862,40 @@ static cfg_type_t cfg_type_dialuptype =
+ &cfg_rep_string, dialup_enums
+ };
+
++/*
++ * Dynamic database clauses.
++ */
++
++static cfg_clausedef_t
++dynamic_db_clauses[] = {
++ { "library", &cfg_type_qstring, 0 },
++ { "arg", &cfg_type_qstring, CFG_CLAUSEFLAG_MULTI },
++ { NULL, NULL, 0 }
++};
++
++static cfg_clausedef_t *
++dynamic_db_clausesets[] = {
++ dynamic_db_clauses,
++ NULL
++};
++
++static cfg_type_t cfg_type_dynamic_db_opts = {
++ "dynamically_loadable_zones_opts", cfg_parse_map,
++ cfg_print_map, cfg_doc_map, &cfg_rep_map,
++ dynamic_db_clausesets
++};
++
++static cfg_tuplefielddef_t dynamic_db_fields[] = {
++ { "name", &cfg_type_astring, 0 },
++ { "options", &cfg_type_dynamic_db_opts, 0 },
++ { NULL, NULL, 0 }
++};
++
++static cfg_type_t cfg_type_dynamic_db = {
++ "dynamic_db", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
++ &cfg_rep_tuple, dynamic_db_fields
++};
++
+ static const char *notify_enums[] = { "explicit", "master-only", NULL };
+ static isc_result_t
+ parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
--- /dev/null
+diff -up bind-9.6.0b1/configure.in.libtool2 bind-9.6.0b1/configure.in
+--- bind-9.6.0b1/configure.in.libtool2 2008-11-24 13:05:37.000000000 +0100
++++ bind-9.6.0b1/configure.in 2008-11-24 13:05:56.000000000 +0100
+@@ -27,6 +27,8 @@ AC_CONFIG_SUBDIRS(lib/bind)
+
+ AC_CONFIG_HEADER(config.h)
+
++AC_CONFIG_MACRO_DIR([m4])
++
+ AC_CANONICAL_HOST
+
+ AC_PROG_MAKE_SET
+diff -up bind-9.6.0b1/Makefile.in.libtool2 bind-9.6.0b1/Makefile.in
--- /dev/null
+diff -up bind-9.7.0rc2/lib/bind9/Makefile.in.nonexec bind-9.7.0rc2/lib/bind9/Makefile.in
+--- bind-9.7.0rc2/lib/bind9/Makefile.in.nonexec 2009-12-06 00:31:40.000000000 +0100
++++ bind-9.7.0rc2/lib/bind9/Makefile.in 2010-01-28 12:13:33.406696161 +0100
+@@ -78,7 +78,7 @@ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libbind9.@A@ ${DESTDIR}${libdir}
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libbind9.@A@ ${DESTDIR}${libdir}
+
+ clean distclean::
+ rm -f libbind9.@A@ timestamp
+diff -up bind-9.7.0rc2/lib/dns/Makefile.in.nonexec bind-9.7.0rc2/lib/dns/Makefile.in
+--- bind-9.7.0rc2/lib/dns/Makefile.in.nonexec 2009-12-06 00:31:40.000000000 +0100
++++ bind-9.7.0rc2/lib/dns/Makefile.in 2010-01-28 12:13:33.406696161 +0100
+@@ -131,7 +131,7 @@ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ ${DESTDIR}${libdir}
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns.@A@ ${DESTDIR}${libdir}
+
+ clean distclean::
+ rm -f libdns.@A@ timestamp
+diff -up bind-9.7.0rc2/lib/isccc/Makefile.in.nonexec bind-9.7.0rc2/lib/isccc/Makefile.in
+--- bind-9.7.0rc2/lib/isccc/Makefile.in.nonexec 2009-12-06 00:31:41.000000000 +0100
++++ bind-9.7.0rc2/lib/isccc/Makefile.in 2010-01-28 12:13:33.406696161 +0100
+@@ -80,7 +80,7 @@ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccc.@A@ ${DESTDIR}${libdir}
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisccc.@A@ ${DESTDIR}${libdir}
+
+ clean distclean::
+ rm -f libisccc.@A@ timestamp
+diff -up bind-9.7.0rc2/lib/isccfg/Makefile.in.nonexec bind-9.7.0rc2/lib/isccfg/Makefile.in
+--- bind-9.7.0rc2/lib/isccfg/Makefile.in.nonexec 2009-12-06 00:31:41.000000000 +0100
++++ bind-9.7.0rc2/lib/isccfg/Makefile.in 2010-01-28 12:13:33.406696161 +0100
+@@ -77,7 +77,7 @@ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ ${DESTDIR}${libdir}
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisccfg.@A@ ${DESTDIR}${libdir}
+
+ clean distclean::
+ rm -f libisccfg.@A@ timestamp
+diff -up bind-9.7.0rc2/lib/isc/Makefile.in.nonexec bind-9.7.0rc2/lib/isc/Makefile.in
+--- bind-9.7.0rc2/lib/isc/Makefile.in.nonexec 2009-12-18 05:09:55.000000000 +0100
++++ bind-9.7.0rc2/lib/isc/Makefile.in 2010-01-28 12:13:53.566696766 +0100
+@@ -121,7 +121,7 @@ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc.@A@ ${DESTDIR}${libdir}
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc.@A@ ${DESTDIR}${libdir}
+
+ clean distclean::
+ rm -f libisc.@A@ libisc-nosymtbl.@A@ libisc.la \
+diff -up bind-9.7.0rc2/lib/lwres/Makefile.in.nonexec bind-9.7.0rc2/lib/lwres/Makefile.in
+--- bind-9.7.0rc2/lib/lwres/Makefile.in.nonexec 2007-06-20 01:47:22.000000000 +0200
++++ bind-9.7.0rc2/lib/lwres/Makefile.in 2010-01-28 12:13:33.406696161 +0100
+@@ -78,7 +78,7 @@ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} liblwres.@A@ ${DESTDIR}${libdir}
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} liblwres.@A@ ${DESTDIR}${libdir}
+
+ clean distclean::
+ rm -f liblwres.@A@ liblwres.la timestamp
--- /dev/null
+? patch
+? lib/isc/lex.c.rh490837
+Index: lib/isc/lex.c
+===================================================================
+RCS file: /var/snap/bind9/lib/isc/lex.c,v
+retrieving revision 1.86
+diff -p -u -r1.86 lex.c
+--- lib/isc/lex.c 17 Sep 2007 09:56:29 -0000 1.86
++++ lib/isc/lex.c 6 Apr 2009 13:24:15 -0000
+@@ -425,17 +425,14 @@ isc_lex_gettoken(isc_lex_t *lex, unsigne
+ if (source->is_file) {
+ stream = source->input;
+
+-#if defined(HAVE_FLOCKFILE) && defined(HAVE_GETCUNLOCKED)
+- c = getc_unlocked(stream);
+-#else
+- c = getc(stream);
+-#endif
+- if (c == EOF) {
+- if (ferror(stream)) {
+- source->result = ISC_R_IOERROR;
+- result = source->result;
++ result = isc_stdio_fgetc(stream, &c);
++
++ if (result != ISC_R_SUCCESS) {
++ if (result != ISC_R_EOF) {
++ source->result = result;
+ goto done;
+ }
++
+ source->at_eof = ISC_TRUE;
+ }
+ } else {
+Index: lib/isc/include/isc/stdio.h
+===================================================================
+RCS file: /var/snap/bind9/lib/isc/include/isc/stdio.h,v
+retrieving revision 1.13
+diff -p -u -r1.13 stdio.h
+--- lib/isc/include/isc/stdio.h 19 Jun 2007 23:47:18 -0000 1.13
++++ lib/isc/include/isc/stdio.h 6 Apr 2009 13:24:15 -0000
+@@ -72,6 +72,9 @@ isc_stdio_sync(FILE *f);
+ * direct counterpart in the stdio library.
+ */
+
++isc_result_t
++isc_stdio_fgetc(FILE *f, int *ret);
++
+ ISC_LANG_ENDDECLS
+
+ #endif /* ISC_STDIO_H */
+Index: lib/isc/unix/errno2result.c
+===================================================================
+RCS file: /var/snap/bind9/lib/isc/unix/errno2result.c,v
+retrieving revision 1.17
+diff -p -u -r1.17 errno2result.c
+--- lib/isc/unix/errno2result.c 19 Jun 2007 23:47:18 -0000 1.17
++++ lib/isc/unix/errno2result.c 6 Apr 2009 13:24:15 -0000
+@@ -43,6 +43,7 @@ isc__errno2result(int posixerrno) {
+ case EINVAL: /* XXX sometimes this is not for files */
+ case ENAMETOOLONG:
+ case EBADF:
++ case EISDIR:
+ return (ISC_R_INVALIDFILE);
+ case ENOENT:
+ return (ISC_R_FILENOTFOUND);
+Index: lib/isc/unix/stdio.c
+===================================================================
+RCS file: /var/snap/bind9/lib/isc/unix/stdio.c,v
+retrieving revision 1.8
+diff -p -u -r1.8 stdio.c
+--- lib/isc/unix/stdio.c 19 Jun 2007 23:47:18 -0000 1.8
++++ lib/isc/unix/stdio.c 6 Apr 2009 13:24:15 -0000
+@@ -115,3 +115,22 @@ isc_stdio_sync(FILE *f) {
+ return (isc__errno2result(errno));
+ }
+
++isc_result_t
++isc_stdio_fgetc(FILE *f, int *ret) {
++ int r;
++ isc_result_t result = ISC_R_SUCCESS;
++
++#if defined(HAVE_FLOCKFILE) && defined(HAVE_GETCUNLOCKED)
++ r = fgetc_unlocked(f);
++#else
++ r = fgets(f);
++#endif
++
++ if (r == EOF)
++ result = ferror(f) ? isc__errno2result(errno) : ISC_R_EOF;
++
++ *ret = r;
++
++ return result;
++}
++
--- /dev/null
+diff -up bind-9.5.1b1/bin/dig/dighost.c.rh461409 bind-9.5.1b1/bin/dig/dighost.c
+--- bind-9.5.1b1/bin/dig/dighost.c.rh461409 2008-09-16 14:04:03.000000000 +0200
++++ bind-9.5.1b1/bin/dig/dighost.c 2008-09-16 14:06:06.000000000 +0200
+@@ -3665,6 +3665,15 @@ output_filter (isc_buffer_t *buffer, uns
+ (void) strcpy (tmp1, tmp2);
+ free (tmp2);
+
++ tmp2 = stringprep_utf8_to_locale (tmp1);
++ if (tmp2 == NULL) {
++ debug ("output_filter: stringprep_utf8_to_locale failed");
++ return ISC_R_SUCCESS;
++ }
++
++ (void) strcpy (tmp1, tmp2);
++ free (tmp2);
++
+ tolen = strlen (tmp1);
+ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.')
+ tolen--;
--- /dev/null
+diff -up bind-9.7.0b1/configure.in.dist-pkcs11 bind-9.7.0b1/configure.in
+--- bind-9.7.0b1/configure.in.dist-pkcs11 2009-11-03 11:37:25.481430279 +0100
++++ bind-9.7.0b1/configure.in 2009-11-03 11:41:04.573930858 +0100
+@@ -721,15 +721,16 @@ AC_ARG_WITH(pkcs11,
+ case "$use_pkcs11" in
+ no|'')
+ AC_MSG_RESULT(disabled)
+- USE_PKCS11=''
+ PKCS11_TOOLS=''
+ ;;
+ yes|*)
+ AC_MSG_RESULT(using OpenSSL with PKCS11 support)
+- USE_PKCS11='-DUSE_PKCS11'
+ PKCS11_TOOLS=pkcs11
+ ;;
+ esac
++# We don't want to automatically load engine because it needs to have openct,
++# opencryptoki and friends installed.
++USE_PKCS11=''
+ AC_SUBST(USE_PKCS11)
+ AC_SUBST(PKCS11_TOOLS)
+
--- /dev/null
+diff -up bind-9.7.2-P2/isc-config.sh.in.exportlib bind-9.7.2-P2/isc-config.sh.in
+--- bind-9.7.2-P2/isc-config.sh.in.exportlib 2007-06-20 01:46:59.000000000 +0200
++++ bind-9.7.2-P2/isc-config.sh.in 2010-10-20 14:05:25.423861548 +0200
+@@ -20,6 +20,8 @@
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+ exec_prefix_set=
++libdir=@libdir@
++includedir=@includedir@
+
+ usage()
+ {
+@@ -115,14 +117,14 @@ if test x"$echo_exec_prefix" = x"true" ;
+ echo $exec_prefix
+ fi
+ if test x"$echo_cflags" = x"true"; then
+- includes="-I${exec_prefix}/include"
++ includes="-I${includedir}"
+ if test x"$libisc" = x"true"; then
+ includes="$includes @ALWAYS_DEFINES@ @STD_CINCLUDES@ @STD_CDEFINES@ @CCOPT@"
+ fi
+ echo $includes
+ fi
+ if test x"$echo_libs" = x"true"; then
+- libs=-L${exec_prefix}/lib
++ libs="-L${libdir}"
+ if test x"$liblwres" = x"true" ; then
+ libs="$libs -llwres"
+ fi
+diff -up bind-9.7.2-P2/lib/export/dns/Makefile.in.exportlib bind-9.7.2-P2/lib/export/dns/Makefile.in
+--- bind-9.7.2-P2/lib/export/dns/Makefile.in.exportlib 2010-06-10 01:49:43.000000000 +0200
++++ bind-9.7.2-P2/lib/export/dns/Makefile.in 2010-10-20 14:08:58.123772859 +0200
+@@ -35,9 +35,9 @@ CDEFINES = -DUSE_MD5 @USE_OPENSSL@ @USE_
+
+ CWARNINGS =
+
+-ISCLIBS = ../isc/libisc.@A@
++ISCLIBS = ../isc/libisc-export.@A@
+
+-ISCDEPLIBS = ../isc/libisc.@A@
++ISCDEPLIBS = ../isc/libisc-export.@A@
+
+ LIBS = @LIBS@
+
+@@ -114,29 +114,29 @@ version.@O@: ${srcdir}/version.c
+ -DLIBAGE=${LIBAGE} \
+ -c ${srcdir}/version.c
+
+-libdns.@SA@: ${OBJS}
++libdns-export.@SA@: ${OBJS}
+ ${AR} ${ARFLAGS} $@ ${OBJS}
+ ${RANLIB} $@
+
+-libdns.la: ${OBJS}
++libdns-export.la: ${OBJS}
+ ${LIBTOOL_MODE_LINK} \
+- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns.la \
++ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libdns-export.la \
+ -rpath ${export_libdir} \
+ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
+ ${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
+
+-timestamp: libdns.@A@
++timestamp: libdns-export.@A@
+ touch timestamp
+
+ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ \
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libdns-export.@A@ \
+ ${DESTDIR}${export_libdir}/
+
+ clean distclean::
+- rm -f libdns.@A@ timestamp
++ rm -f libdns-export.@A@ timestamp
+ rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
+ rm -f include/dns/rdatastruct.h
+
+diff -up bind-9.7.2-P2/lib/export/irs/Makefile.in.exportlib bind-9.7.2-P2/lib/export/irs/Makefile.in
+--- bind-9.7.2-P2/lib/export/irs/Makefile.in.exportlib 2009-12-06 00:31:40.000000000 +0100
++++ bind-9.7.2-P2/lib/export/irs/Makefile.in 2010-10-20 14:10:39.893717488 +0200
+@@ -42,9 +42,9 @@ SRCS = context.c \
+ gai_sterror.c getaddrinfo.c getnameinfo.c \
+ resconf.c
+
+-ISCLIBS = ../isc/libisc.@A@
+-DNSLIBS = ../dns/libdns.@A@
+-ISCCFGLIBS = ../isccfg/libisccfg.@A@
++ISCLIBS = ../isc/libisc-export.@A@
++DNSLIBS = ../dns/libdns-export.@A@
++ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
+
+ LIBS = @LIBS@
+
+@@ -61,26 +61,26 @@ version.@O@: ${srcdir}/version.c
+ -DLIBAGE=${LIBAGE} \
+ -c ${srcdir}/version.c
+
+-libirs.@SA@: ${OBJS} version.@O@
++libirs-export.@SA@: ${OBJS} version.@O@
+ ${AR} ${ARFLAGS} $@ ${OBJS} version.@O@
+ ${RANLIB} $@
+
+-libirs.la: ${OBJS} version.@O@
++libirs-export.la: ${OBJS} version.@O@
+ ${LIBTOOL_MODE_LINK} \
+- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs.la \
++ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libirs-export.la \
+ -rpath ${export_libdir} \
+ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
+ ${OBJS} version.@O@ ${LIBS} ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS}
+
+-timestamp: libirs.@A@
++timestamp: libirs-export.@A@
+ touch timestamp
+
+ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libirs.@A@ \
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libirs-export.@A@ \
+ ${DESTDIR}${export_libdir}/
+
+ clean distclean::
+- rm -f libirs.@A@ libirs.la timestamp
++ rm -f libirs-export.@A@ libirs-export.la timestamp
+diff -up bind-9.7.2-P2/lib/export/isccfg/Makefile.in.exportlib bind-9.7.2-P2/lib/export/isccfg/Makefile.in
+--- bind-9.7.2-P2/lib/export/isccfg/Makefile.in.exportlib 2009-12-06 00:31:41.000000000 +0100
++++ bind-9.7.2-P2/lib/export/isccfg/Makefile.in 2010-10-20 14:10:14.593741247 +0200
+@@ -30,11 +30,11 @@ CINCLUDES = -I. ${DNS_INCLUDES} -I${expo
+ CDEFINES =
+ CWARNINGS =
+
+-ISCLIBS = ../isc/libisc.@A@
+-DNSLIBS = ../dns/libdns.@A@
++ISCLIBS = ../isc/libisc-export.@A@
++DNSLIBS = ../dns/libdns-export.@A@
+
+ ISCDEPLIBS = ../../lib/isc/libisc.@A@
+-ISCCFGDEPLIBS = libisccfg.@A@
++ISCCFGDEPLIBS = libisccfg-export.@A@
+
+ LIBS = @LIBS@
+
+@@ -58,26 +58,26 @@ version.@O@: ${srcdir}/version.c
+ -DLIBAGE=${LIBAGE} \
+ -c ${srcdir}/version.c
+
+-libisccfg.@SA@: ${OBJS}
++libisccfg-export.@SA@: ${OBJS}
+ ${AR} ${ARFLAGS} $@ ${OBJS}
+ ${RANLIB} $@
+
+-libisccfg.la: ${OBJS}
++libisccfg-export.la: ${OBJS}
+ ${LIBTOOL_MODE_LINK} \
+- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg.la \
++ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisccfg-export.la \
+ -rpath ${export_libdir} \
+ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
+ ${OBJS} ${LIBS} ${DNSLIBS} ${ISCLIBS}
+
+-timestamp: libisccfg.@A@
++timestamp: libisccfg-export.@A@
+ touch timestamp
+
+ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ \
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisccfg-export.@A@ \
+ ${DESTDIR}${export_libdir}/
+
+ clean distclean::
+- rm -f libisccfg.@A@ timestamp
++ rm -f libisccfg-export.@A@ timestamp
+diff -up bind-9.7.2-P2/lib/export/isc/Makefile.in.exportlib bind-9.7.2-P2/lib/export/isc/Makefile.in
+--- bind-9.7.2-P2/lib/export/isc/Makefile.in.exportlib 2010-06-10 01:49:43.000000000 +0200
++++ bind-9.7.2-P2/lib/export/isc/Makefile.in 2010-10-20 14:05:25.433861543 +0200
+@@ -101,6 +101,10 @@ SRCS = @ISC_EXTRA_SRCS@ \
+
+ LIBS = @LIBS@
+
++# Note: the order of SUBDIRS is important.
++# Attempt to disable parallel processing.
++.NOTPARALLEL:
++.NO_PARALLEL:
+ SUBDIRS = include unix nls @ISC_THREAD_DIR@
+ TARGETS = timestamp
+
+@@ -114,26 +118,26 @@ version.@O@: ${srcdir}/version.c
+ -DLIBAGE=${LIBAGE} \
+ -c ${srcdir}/version.c
+
+-libisc.@SA@: ${OBJS}
++libisc-export.@SA@: ${OBJS}
+ ${AR} ${ARFLAGS} $@ ${OBJS}
+ ${RANLIB} $@
+
+-libisc.la: ${OBJS}
++libisc-export.la: ${OBJS}
+ ${LIBTOOL_MODE_LINK} \
+- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc.la \
++ ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o libisc-export.la \
+ -rpath ${export_libdir} \
+ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
+ ${OBJS} ${LIBS}
+
+-timestamp: libisc.@A@
++timestamp: libisc-export.@A@
+ touch timestamp
+
+ installdirs:
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${export_libdir}
+
+ install:: timestamp installdirs
+- ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisc.@A@ \
++ ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} libisc-export.@A@ \
+ ${DESTDIR}${export_libdir}
+
+ clean distclean::
+- rm -f libisc.@A@ libisc.la timestamp
++ rm -f libisc-export.@A@ libisc-export.la timestamp
+diff -up bind-9.7.2-P2/lib/export/samples/Makefile.in.exportlib bind-9.7.2-P2/lib/export/samples/Makefile.in
+--- bind-9.7.2-P2/lib/export/samples/Makefile.in.exportlib 2009-12-06 00:31:41.000000000 +0100
++++ bind-9.7.2-P2/lib/export/samples/Makefile.in 2010-10-20 14:05:25.433861543 +0200
+@@ -30,15 +30,15 @@ CINCLUDES = -I${srcdir}/include -I../dns
+ CDEFINES =
+ CWARNINGS =
+
+-DNSLIBS = ../dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+-ISCLIBS = ../isc/libisc.@A@
+-ISCCFGLIBS = ../isccfg/libisccfg.@A@
+-IRSLIBS = ../irs/libirs.@A@
+-
+-DNSDEPLIBS = ../dns/libdns.@A@
+-ISCDEPLIBS = ../isc/libisc.@A@
+-ISCCFGDEPLIBS = ../isccfg/libisccfg.@A@
+-IRSDEPLIBS = ../irs/libirs.@A@
++DNSLIBS = ../dns/libdns-export.@A@ @DNS_CRYPTO_LIBS@
++ISCLIBS = ../isc/libisc-export.@A@
++ISCCFGLIBS = ../isccfg/libisccfg-export.@A@
++IRSLIBS = ../irs/libirs-export.@A@
++
++DNSDEPLIBS = ../dns/libdns-export.@A@
++ISCDEPLIBS = ../isc/libisc-export.@A@
++ISCCFGDEPLIBS = ../isccfg/libisccfg-export.@A@
++IRSDEPLIBS = ../irs/libirs-export.@A@
+
+ DEPLIBS = ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
+
--- /dev/null
+diff -up bind-9.7.0/configure.in.rh478718 bind-9.7.0/configure.in
+--- bind-9.7.0/configure.in.rh478718 2010-03-01 14:50:02.331207076 +0100
++++ bind-9.7.0/configure.in 2010-03-01 14:50:21.501207488 +0100
+@@ -2540,6 +2540,10 @@ main() {
+ AC_MSG_RESULT($arch)
+ fi
+
++if test ! "$arch" = "x86_64" -a "$have_xaddq" = "yes"; then
++ AC_MSG_ERROR([XADDQ present but disabled by Fedora patch!])
++fi
++
+ if test "$have_atomic" = "yes"; then
+ AC_MSG_CHECKING([compiler support for inline assembly code])
+
+diff -up bind-9.7.0/lib/isc/include/isc/platform.h.in.rh478718 bind-9.7.0/lib/isc/include/isc/platform.h.in
+--- bind-9.7.0/lib/isc/include/isc/platform.h.in.rh478718 2010-03-01 14:50:31.421207522 +0100
++++ bind-9.7.0/lib/isc/include/isc/platform.h.in 2010-03-01 14:50:40.313707286 +0100
+@@ -255,7 +255,11 @@
+ * If the "xaddq" operation (64bit xadd) is available on this architecture,
+ * ISC_PLATFORM_HAVEXADDQ will be defined.
+ */
+-@ISC_PLATFORM_HAVEXADDQ@
++#ifdef __x86_64__
++#define ISC_PLATFORM_HAVEXADDQ 1
++#else
++#undef ISC_PLATFORM_HAVEXADDQ
++#endif
+
+ /*
+ * If the "atomic swap" operation is available on this architecture,
--- /dev/null
+diff -up bind-9.7.2b1/bin/dig/dighost.c.rh570851 bind-9.7.2b1/bin/dig/dighost.c
+--- bind-9.7.2b1/bin/dig/dighost.c.rh570851 2010-08-10 12:55:14.219403986 +0200
++++ bind-9.7.2b1/bin/dig/dighost.c 2010-08-10 12:56:40.716015777 +0200
+@@ -126,7 +126,8 @@ isc_boolean_t
+ usesearch = ISC_FALSE,
+ showsearch = ISC_FALSE,
+ qr = ISC_FALSE,
+- is_dst_up = ISC_FALSE;
++ is_dst_up = ISC_FALSE,
++ verbose = ISC_FALSE;
+ in_port_t port = 53;
+ unsigned int timeout = 0;
+ unsigned int extrabytes;
+@@ -1240,10 +1241,24 @@ setup_system(void) {
+ }
+ }
+
++ if (lwconf->resdebug) {
++ verbose = ISC_TRUE;
++ debug("verbose is on");
++ }
+ if (ndots == -1) {
+ ndots = lwconf->ndots;
+ debug("ndots is %d.", ndots);
+ }
++ if (lwconf->attempts) {
++ tries = lwconf->attempts + 1;
++ if (tries < 2)
++ tries = 2;
++ debug("tries is %d.", tries);
++ }
++ if (lwconf->timeout) {
++ timeout = lwconf->timeout;
++ debug("timeout is %d.", timeout);
++ }
+
+ /* If user doesn't specify server use nameservers from resolv.conf. */
+ if (ISC_LIST_EMPTY(server_list))
+diff -up bind-9.7.2b1/bin/dig/host.c.rh570851 bind-9.7.2b1/bin/dig/host.c
+--- bind-9.7.2b1/bin/dig/host.c.rh570851 2010-08-10 12:57:16.032758098 +0200
++++ bind-9.7.2b1/bin/dig/host.c 2010-08-10 13:02:12.848559845 +0200
+@@ -659,6 +659,7 @@ parse_args(isc_boolean_t is_batchfile, i
+
+ lookup->servfail_stops = ISC_FALSE;
+ lookup->comments = ISC_FALSE;
++ short_form = !verbose;
+
+ while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
+ switch (c) {
+@@ -869,8 +870,8 @@ main(int argc, char **argv) {
+ result = isc_app_start();
+ check_result(result, "isc_app_start");
+ setup_libs();
+- parse_args(ISC_FALSE, argc, argv);
+ setup_system();
++ parse_args(ISC_FALSE, argc, argv);
+ result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
+ check_result(result, "isc_app_onrun");
+ isc_app_run();
+diff -up bind-9.7.2b1/bin/dig/include/dig/dig.h.rh570851 bind-9.7.2b1/bin/dig/include/dig/dig.h
+--- bind-9.7.2b1/bin/dig/include/dig/dig.h.rh570851 2010-08-10 13:02:32.722244088 +0200
++++ bind-9.7.2b1/bin/dig/include/dig/dig.h 2010-08-10 13:02:48.465158159 +0200
+@@ -278,6 +278,7 @@ extern isc_boolean_t debugging, memdebug
+ extern char *progname;
+ extern int tries;
+ extern int fatalexit;
++extern isc_boolean_t verbose;
+ #ifdef WITH_IDN
+ extern int idnoptions;
+ #endif
+diff -up bind-9.7.2b1/lib/lwres/include/lwres/lwres.h.rh570851 bind-9.7.2b1/lib/lwres/include/lwres/lwres.h
+--- bind-9.7.2b1/lib/lwres/include/lwres/lwres.h.rh570851 2010-08-10 13:04:40.465780506 +0200
++++ bind-9.7.2b1/lib/lwres/include/lwres/lwres.h 2010-08-10 13:05:57.559867830 +0200
+@@ -243,6 +243,8 @@ typedef struct {
+ lwres_uint8_t resdebug; /*%< non-zero if 'options debug' set */
+ lwres_uint8_t ndots; /*%< set to n in 'options ndots:n' */
+ lwres_uint8_t no_tld_query; /*%< non-zero if 'options no_tld_query' */
++ lwres_int32_t attempts; /*%< set to n in 'options attempts:n' */
++ lwres_int32_t timeout; /*%< set to n in 'options timeout:n' */
+ } lwres_conf_t;
+
+ #define LWRES_ADDRTYPE_V4 0x00000001U /*%< ipv4 */
+diff -up bind-9.7.2b1/lib/lwres/lwconfig.c.rh570851 bind-9.7.2b1/lib/lwres/lwconfig.c
+--- bind-9.7.2b1/lib/lwres/lwconfig.c.rh570851 2010-08-10 13:06:08.051778429 +0200
++++ bind-9.7.2b1/lib/lwres/lwconfig.c 2010-08-10 13:09:53.972555776 +0200
+@@ -237,6 +237,8 @@ lwres_conf_init(lwres_context_t *ctx) {
+ confdata->resdebug = 0;
+ confdata->ndots = 1;
+ confdata->no_tld_query = 0;
++ confdata->attempts = 0;
++ confdata->timeout = 0;
+
+ for (i = 0; i < LWRES_CONFMAXNAMESERVERS; i++)
+ lwres_resetaddr(&confdata->nameservers[i]);
+@@ -289,6 +291,8 @@ lwres_conf_clear(lwres_context_t *ctx) {
+ confdata->resdebug = 0;
+ confdata->ndots = 1;
+ confdata->no_tld_query = 0;
++ confdata->attempts = 0;
++ confdata->timeout = 0;
+ }
+
+ static lwres_result_t
+@@ -530,6 +534,8 @@ static lwres_result_t
+ lwres_conf_parseoption(lwres_context_t *ctx, FILE *fp) {
+ int delim;
+ long ndots;
++ long attempts;
++ long timeout;
+ char *p;
+ char word[LWRES_CONFMAXLINELEN];
+ lwres_conf_t *confdata;
+@@ -546,6 +552,8 @@ lwres_conf_parseoption(lwres_context_t *
+ confdata->resdebug = 1;
+ } else if (strcmp("no_tld_query", word) == 0) {
+ confdata->no_tld_query = 1;
++ } else if (strcmp("debug", word) == 0) {
++ confdata->resdebug = 1;
+ } else if (strncmp("ndots:", word, 6) == 0) {
+ ndots = strtol(word + 6, &p, 10);
+ if (*p != '\0') /* Bad string. */
+@@ -553,6 +561,18 @@ lwres_conf_parseoption(lwres_context_t *
+ if (ndots < 0 || ndots > 0xff) /* Out of range. */
+ return (LWRES_R_FAILURE);
+ confdata->ndots = (lwres_uint8_t)ndots;
++ } else if (strncmp("timeout:", word, 8) == 0) {
++ timeout = strtol(word + 8, &p, 10);
++ if (*p != '\0') /* Bad string. */
++ return (LWRES_R_FAILURE);
++ confdata->timeout = (lwres_int32_t)timeout;
++ } else if (strncmp("attempts:", word, 9) == 0) {
++ attempts = strtol(word + 9, &p, 10);
++ if (*p != '\0') /* Bad string. */
++ return (LWRES_R_FAILURE);
++ if (attempts < 0) /* Out of range. */
++ return (LWRES_R_FAILURE);
++ confdata->attempts = (lwres_int32_t)attempts;
+ }
+
+ if (delim == EOF || delim == '\n')
+@@ -716,6 +736,12 @@ lwres_conf_print(lwres_context_t *ctx, F
+ if (confdata->no_tld_query)
+ fprintf(fp, "options no_tld_query\n");
+
++ if (confdata->attempts)
++ fprintf(fp, "options attempts:%d\n", confdata->attempts);
++
++ if (confdata->timeout)
++ fprintf(fp, "options timeout:%d\n", confdata->timeout);
++
+ return (LWRES_R_SUCCESS);
+ }
+
--- /dev/null
+diff -up bind-9.7.2-P2/lib/dns/resolver.c.rh645544 bind-9.7.2-P2/lib/dns/resolver.c
+--- bind-9.7.2-P2/lib/dns/resolver.c.rh645544 2010-11-08 14:32:12.254896255 +0100
++++ bind-9.7.2-P2/lib/dns/resolver.c 2010-11-08 14:33:18.674869633 +0100
+@@ -1097,7 +1097,7 @@ log_edns(fetchctx_t *fctx) {
+
+ dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
+- DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
++ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
+ "success resolving '%s' (in '%s'?) after %s",
+ fctx->info, domainbuf, fctx->reason);
+
+@@ -3795,7 +3795,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrin
+ dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
+ isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
+- DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
++ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
+ "lame server resolving '%s' (in '%s'?): %s",
+ namebuf, domainbuf, addrbuf);
+ }
+@@ -3822,7 +3822,7 @@ log_formerr(fetchctx_t *fctx, const char
+ }
+
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+- DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
++ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
+ "DNS format error from %s resolving %s%s%s: %s",
+ nsbuf, fctx->info, clmsg, clbuf, msgbuf);
+ }
--- /dev/null
+diff -up bind-9.7.3-P3/bin/named/server.c.rh693982 bind-9.7.3-P3/bin/named/server.c
+--- bind-9.7.3-P3/bin/named/server.c.rh693982 2011-08-12 17:18:55.611978110 +0200
++++ bind-9.7.3-P3/bin/named/server.c 2011-08-12 17:19:36.009975303 +0200
+@@ -4444,15 +4444,6 @@ load_configuration(const char *filename,
+ ns_os_changeuser();
+
+ /*
+- * Check that the working directory is writable.
+- */
+- if (access(".", W_OK) != 0) {
+- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+- NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+- "the working directory is not writable");
+- }
+-
+- /*
+ * Configure the logging system.
+ *
+ * Do this after changing UID to make sure that any log
+@@ -4498,6 +4489,15 @@ load_configuration(const char *filename,
+ }
+
+ /*
++ * Check that the working directory is writable.
++ */
++ if (access(".", W_OK) != 0) {
++ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
++ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
++ "the working directory is not writable");
++ }
++
++ /*
+ * Set the default value of the query logging flag depending
+ * whether a "queries" category has been defined. This is
+ * a disgusting hack, but we need to do this for BIND 8
--- /dev/null
+--- bind-9.8.0-P4/lib/dns/request.c.test 2011-08-04 19:13:34.300999355 +0200
++++ bind-9.8.0-P4/lib/dns/request.c 2011-08-04 19:37:40.347002723 +0200
+@@ -97,6 +97,7 @@ struct dns_request {
+ synchronously canceled */
+ #define DNS_REQUEST_F_TIMEDOUT 0x0008 /*%< canceled due to a timeout */
+ #define DNS_REQUEST_F_TCP 0x0010 /*%< This request used TCP */
++#define DNS_REQUEST_F_RESPONSE 0x0020 /*%< We got response */
+ #define DNS_REQUEST_CANCELED(r) \
+ (((r)->flags & DNS_REQUEST_F_CANCELED) != 0)
+ #define DNS_REQUEST_CONNECTING(r) \
+@@ -105,6 +106,8 @@ struct dns_request {
+ (((r)->flags & DNS_REQUEST_F_SENDING) != 0)
+ #define DNS_REQUEST_TIMEDOUT(r) \
+ (((r)->flags & DNS_REQUEST_F_TIMEDOUT) != 0)
++#define DNS_REQUEST_RESPONSE(r) \
++ (((r)->flags & DNS_REQUEST_F_RESPONSE) != 0)
+
+
+ /***
+@@ -1312,9 +1315,15 @@ req_senddone(isc_task_t *task, isc_event
+
+ if (DNS_REQUEST_CANCELED(request)) {
+ /*
+- * Send delayed event.
++ * Response can arrive before we proccess
++ * req_senddone which means we received cancellation
++ * request from req_response(). If we successfully
++ * fetched response, send success. Otherwise
++ * indicate failure.
+ */
+- if (DNS_REQUEST_TIMEDOUT(request))
++ if (DNS_REQUEST_RESPONSE(request))
++ send_if_done(request, ISC_R_SUCCESS);
++ else if (DNS_REQUEST_TIMEDOUT(request))
+ send_if_done(request, ISC_R_TIMEDOUT);
+ else
+ send_if_done(request, ISC_R_CANCELED);
+@@ -1367,6 +1376,8 @@ req_response(isc_task_t *task, isc_event
+ /*
+ * Send completion event.
+ */
++ if (result == ISC_R_SUCCESS)
++ request->flags |= DNS_REQUEST_F_RESPONSE;
+ send_if_done(request, result);
+ UNLOCK(&request->requestmgr->locks[request->hash]);
+ }
--- /dev/null
+diff -up bind-9.7.3-P3/bin/nsupdate/nsupdate.c.rh700097 bind-9.7.3-P3/bin/nsupdate/nsupdate.c
+--- bind-9.7.3-P3/bin/nsupdate/nsupdate.c.rh700097 2011-08-12 16:24:18.730205763 +0200
++++ bind-9.7.3-P3/bin/nsupdate/nsupdate.c 2011-08-12 16:24:27.833205103 +0200
+@@ -2298,6 +2298,7 @@ recvsoa(isc_task_t *task, isc_event_t *e
+ dns_message_destroy(&soaquery);
+ ddebug("Out of recvsoa");
+ done_update();
++ seenerror = ISC_TRUE;
+ return;
+ }
+
--- /dev/null
+diff -up bind-9.7.3-P3/bin/nsupdate/nsupdate.c.rh714049 bind-9.7.3-P3/bin/nsupdate/nsupdate.c
+--- bind-9.7.3-P3/bin/nsupdate/nsupdate.c.rh714049 2011-08-12 14:17:39.520175003 +0200
++++ bind-9.7.3-P3/bin/nsupdate/nsupdate.c 2011-08-12 15:11:01.812173573 +0200
+@@ -109,6 +109,13 @@ extern int h_errno;
+
+ #define DNSDEFAULTPORT 53
+
++/*
++ * Assume that bind9_getaddresses returns IPv6 and IPv4 addrs
++ * so when master server is not reachable via IPv6
++ * we can switch to IPv4.
++ */
++#define MAX_SERVERADDRS 4
++
+ static isc_uint16_t dnsport = DNSDEFAULTPORT;
+
+ #ifndef RESOLV_CONF
+@@ -151,6 +158,8 @@ static isc_sockaddr_t *servers;
+ static int ns_inuse = 0;
+ static int ns_total = 0;
+ static isc_sockaddr_t *userserver = NULL;
++static int curserver = 0;
++static int userservers = 0;
+ static isc_sockaddr_t *localaddr = NULL;
+ static isc_sockaddr_t *serveraddr = NULL;
+ static isc_sockaddr_t tempaddr;
+@@ -703,7 +712,8 @@ doshutdown(void) {
+ isc_task_detach(&global_task);
+
+ if (userserver != NULL)
+- isc_mem_put(mctx, userserver, sizeof(isc_sockaddr_t));
++ isc_mem_put(mctx, userserver,
++ MAX_SERVERADDRS * sizeof(isc_sockaddr_t));
+
+ if (localaddr != NULL)
+ isc_mem_put(mctx, localaddr, sizeof(isc_sockaddr_t));
+@@ -914,17 +924,21 @@ setup_system(void) {
+ }
+
+ static void
+-get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
++get_addresses(char *host, in_port_t port, isc_sockaddr_t *sockaddr, int *naddrs) {
+ int count;
+ isc_result_t result;
+
+ isc_app_block();
+- result = bind9_getaddresses(host, port, sockaddr, 1, &count);
++ result = bind9_getaddresses(host, port, sockaddr,
++ (naddrs == NULL) ? 1 : MAX_SERVERADDRS, &count);
+ isc_app_unblock();
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ host, isc_result_totext(result));
+- INSIST(count == 1);
++ if (naddrs == NULL)
++ INSIST(count == 1);
++ else
++ *naddrs = count;
+ }
+
+ #define PARSE_ARGS_FMT "dDML:y:ghlovk:p:rR::t:u:"
+@@ -1364,12 +1378,14 @@ evaluate_server(char *cmdline) {
+ }
+
+ if (userserver == NULL) {
+- userserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t));
++ userserver = isc_mem_get(mctx,
++ MAX_SERVERADDRS * sizeof(isc_sockaddr_t));
+ if (userserver == NULL)
+ fatal("out of memory");
+ }
+
+- get_address(server, (in_port_t)port, userserver);
++ memset(userserver, 0, MAX_SERVERADDRS * sizeof(isc_sockaddr_t));
++ get_addresses(server, (in_port_t)port, userserver, &userservers);
+
+ return (STATUS_MORE);
+ }
+@@ -2207,19 +2223,25 @@ recvsoa(isc_task_t *task, isc_event_t *e
+
+ if (eresult != ISC_R_SUCCESS) {
+ char addrbuf[ISC_SOCKADDR_FORMATSIZE];
++ isc_sockaddr_t *server;
+
+ isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
+ fprintf(stderr, "; Communication with %s failed: %s\n",
+ addrbuf, isc_result_totext(eresult));
+- if (userserver != NULL)
+- fatal("could not talk to specified name server");
+- else if (++ns_inuse >= lwconf->nsnext)
++ if (userserver != NULL) {
++ if (++curserver == MAX_SERVERADDRS)
++ fatal("could not talk to specified name server");
++ else
++ ddebug("recvsoa: trying next server");
++ } else if (++ns_inuse >= lwconf->nsnext)
+ fatal("could not talk to any default name server");
+ ddebug("Destroying request [%p]", request);
+ dns_request_destroy(&request);
+ dns_message_renderreset(soaquery);
+ dns_message_settsigkey(soaquery, NULL);
+- sendrequest(localaddr, &servers[ns_inuse], soaquery, &request);
++ server = (userserver != NULL) ? &userserver[curserver] :
++ &servers[ns_inuse];
++ sendrequest(localaddr, server, soaquery, &request);
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t));
+ isc_event_free(&event);
+ setzoneclass(dns_rdataclass_none);
+@@ -2351,7 +2373,7 @@ recvsoa(isc_task_t *task, isc_event_t *e
+ }
+
+ if (userserver != NULL)
+- serveraddr = userserver;
++ serveraddr = &userserver[curserver];
+ else {
+ char serverstr[DNS_NAME_MAXTEXT+1];
+ isc_buffer_t buf;
+@@ -2360,7 +2382,7 @@ recvsoa(isc_task_t *task, isc_event_t *e
+ result = dns_name_totext(&master, ISC_TRUE, &buf);
+ check_result(result, "dns_name_totext");
+ serverstr[isc_buffer_usedlength(&buf)] = 0;
+- get_address(serverstr, dnsport, &tempaddr);
++ get_addresses(serverstr, dnsport, &tempaddr, NULL);
+ serveraddr = &tempaddr;
+ }
+ dns_rdata_freestruct(&soa);
+@@ -2464,9 +2486,9 @@ start_gssrequest(dns_name_t *master)
+ fatal("out of memory");
+ }
+ if (userserver == NULL)
+- get_address(namestr, dnsport, kserver);
++ get_addresses(namestr, dnsport, kserver, NULL);
+ else
+- (void)memcpy(kserver, userserver, sizeof(isc_sockaddr_t));
++ (void)memcpy(kserver, &userserver[curserver], sizeof(isc_sockaddr_t));
+
+ dns_fixedname_init(&fname);
+ servname = dns_fixedname_name(&fname);
+@@ -2594,15 +2616,17 @@ recvgss(isc_task_t *task, isc_event_t *e
+ isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf));
+ fprintf(stderr, "; Communication with %s failed: %s\n",
+ addrbuf, isc_result_totext(eresult));
+- if (userserver != NULL)
++ if (userserver != NULL) {
+ fatal("could not talk to specified name server");
+- else if (++ns_inuse >= lwconf->nsnext)
++ } else if (++ns_inuse >= lwconf->nsnext)
+ fatal("could not talk to any default name server");
+ ddebug("Destroying request [%p]", request);
+ dns_request_destroy(&request);
+ dns_message_renderreset(tsigquery);
+- sendrequest(localaddr, &servers[ns_inuse], tsigquery,
+- &request);
++ sendrequest(localaddr,
++ (userserver != NULL) ? &userserver[curserver] :
++ &servers[ns_inuse],
++ tsigquery, &request);
+ isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t));
+ isc_event_free(&event);
+ return;
--- /dev/null
+diff -up bind-9.8.1rc1/bin/tests/system/dlzexternal/Makefile.in.dlz_buildfix bind-9.8.1rc1/bin/tests/system/dlzexternal/Makefile.in
+diff -up bind-9.8.1rc1/bin/tests/system/Makefile.in.dlz_buildfix bind-9.8.1rc1/bin/tests/system/Makefile.in
+--- bind-9.8.1rc1/bin/tests/system/Makefile.in.dlz_buildfix 2011-08-31 17:04:34.466423526 +0200
++++ bind-9.8.1rc1/bin/tests/system/Makefile.in 2011-08-31 17:04:38.512423247 +0200
+@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
+
+ @BIND9_MAKE_INCLUDES@
+
+-SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss
++SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss
+ TARGETS =
+
+ @BIND9_MAKE_RULES@
+diff -up bind-9.8.1rc1/contrib/dlz/drivers/sdlz_helper.c.dlz_buildfix bind-9.8.1rc1/contrib/dlz/drivers/sdlz_helper.c
+--- bind-9.8.1rc1/contrib/dlz/drivers/sdlz_helper.c.dlz_buildfix 2010-05-14 08:29:37.000000000 +0200
++++ bind-9.8.1rc1/contrib/dlz/drivers/sdlz_helper.c 2011-08-31 16:53:47.736468453 +0200
+@@ -50,7 +50,7 @@
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+-#ifdef DLZ
++#ifdef CONTRIB_DLZ
+
+ #include <config.h>
+
--- /dev/null
+diff -up bind-9.8.0-P4/bin/named/main.c.rh725741 bind-9.8.0-P4/bin/named/main.c
+--- bind-9.8.0-P4/bin/named/main.c.rh725741 2011-08-03 15:20:28.487516386 +0200
++++ bind-9.8.0-P4/bin/named/main.c 2011-08-03 15:20:50.197514932 +0200
+@@ -872,8 +872,6 @@ setup(void) {
+
+ static void
+ cleanup(void) {
+- dns_dynamic_db_cleanup(ISC_TRUE);
+-
+ destroy_managers();
+
+ ns_server_destroy(&ns_g_server);
+diff -up bind-9.8.0-P4/bin/named/server.c.rh725741 bind-9.8.0-P4/bin/named/server.c
+--- bind-9.8.0-P4/bin/named/server.c.rh725741 2011-08-03 15:20:42.009515447 +0200
++++ bind-9.8.0-P4/bin/named/server.c 2011-08-03 15:21:01.878514035 +0200
+@@ -5263,6 +5263,8 @@ shutdown_server(isc_task_t *task, isc_ev
+ dns_view_detach(&view);
+ }
+
++ dns_dynamic_db_cleanup(ISC_TRUE);
++
+ while ((nsc = ISC_LIST_HEAD(server->cachelist)) != NULL) {
+ ISC_LIST_UNLINK(server->cachelist, nsc, link);
+ dns_cache_detach(&nsc->cache);
--- /dev/null
+diff -up bind-9.8.1rc1/lib/isc/unix/socket.c.rh735103 bind-9.8.1rc1/lib/isc/unix/socket.c
+--- bind-9.8.1rc1/lib/isc/unix/socket.c.rh735103 2011-07-29 04:19:20.000000000 +0200
++++ bind-9.8.1rc1/lib/isc/unix/socket.c 2011-09-07 18:49:54.100215897 +0200
+@@ -57,6 +57,20 @@
+ #include <isc/util.h>
+ #include <isc/xml.h>
+
++/* See task.c about the following definition: */
++#ifdef BIND9
++#ifdef ISC_PLATFORM_USETHREADS
++#define USE_WATCHER_THREAD
++#else
++#define USE_SHARED_MANAGER
++#endif /* ISC_PLATFORM_USETHREADS */
++#else /* BIND9 */
++#undef ISC_PLATFORM_HAVESYSUNH
++#undef ISC_PLATFORM_HAVEKQUEUE
++#undef ISC_PLATFORM_HAVEEPOLL
++#undef ISC_PLATFORM_HAVEDEVPOLL
++#endif /* BIND9 */
++
+ #ifdef ISC_PLATFORM_HAVESYSUNH
+ #include <sys/un.h>
+ #endif
+@@ -76,15 +90,6 @@
+
+ #include "errno2result.h"
+
+-/* See task.c about the following definition: */
+-#ifdef BIND9
+-#ifdef ISC_PLATFORM_USETHREADS
+-#define USE_WATCHER_THREAD
+-#else
+-#define USE_SHARED_MANAGER
+-#endif /* ISC_PLATFORM_USETHREADS */
+-#endif /* BIND9 */
+-
+ #ifndef USE_WATCHER_THREAD
+ #include "socket_p.h"
+ #include "../task_p.h"
--- /dev/null
+. 3600 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=\r