Module Name: src Committed By: christos Date: Tue Oct 4 23:46:01 UTC 2016
Modified Files: src/external/bsd/bind/dist: CHANGES README srcid version src/external/bsd/bind/dist/bin/named: lwdgrbn.c src/external/bsd/bind/dist/bin/pkcs11: pkcs11-destroy.8 pkcs11-keygen.8 pkcs11-list.8 src/external/bsd/bind/dist/bin/tests/system/lwresd: lwtest.c src/external/bsd/bind/dist/doc/arm: Bv9ARM.ch04.html Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.html Bv9ARM.pdf man.arpaname.html man.ddns-confgen.html man.delv.html man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html man.dnssec-dsfromkey.html man.dnssec-importkey.html man.dnssec-keyfromlabel.html man.dnssec-keygen.html man.dnssec-revoke.html man.dnssec-settime.html man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html man.host.html man.isc-hmac-fixup.html man.named-checkconf.html man.named-checkzone.html man.named-journalprint.html man.named-rrchecker.html man.named.html man.nsec3hash.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html src/external/bsd/bind/dist/lib/dns: api message.c nsec3.c rbtdb.c src/external/bsd/bind/dist/lib/dns/rdata/generic: opt_41.c src/external/bsd/bind/dist/lib/dns/tests: rdata_test.c Log Message: Merge conflicts. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/external/bsd/bind/dist/CHANGES cvs rdiff -u -r1.9 -r1.10 src/external/bsd/bind/dist/README cvs rdiff -u -r1.15 -r1.16 src/external/bsd/bind/dist/srcid cvs rdiff -u -r1.19 -r1.20 src/external/bsd/bind/dist/version cvs rdiff -u -r1.7 -r1.8 src/external/bsd/bind/dist/bin/named/lwdgrbn.c cvs rdiff -u -r1.5 -r1.6 \ src/external/bsd/bind/dist/bin/pkcs11/pkcs11-destroy.8 \ src/external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.8 cvs rdiff -u -r1.4 -r1.5 src/external/bsd/bind/dist/bin/pkcs11/pkcs11-list.8 cvs rdiff -u -r1.8 -r1.9 \ src/external/bsd/bind/dist/bin/tests/system/lwresd/lwtest.c cvs rdiff -u -r1.9 -r1.10 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \ src/external/bsd/bind/dist/doc/arm/man.arpaname.html \ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.delv.html \ src/external/bsd/bind/dist/doc/arm/man.dig.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html \ src/external/bsd/bind/dist/doc/arm/man.genrandom.html \ src/external/bsd/bind/dist/doc/arm/man.host.html \ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html \ src/external/bsd/bind/dist/doc/arm/man.named.html \ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html \ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.html cvs rdiff -u -r1.15 -r1.16 src/external/bsd/bind/dist/doc/arm/Bv9ARM.pdf cvs rdiff -u -r1.9 -r1.10 src/external/bsd/bind/dist/lib/dns/api cvs rdiff -u -r1.19 -r1.20 src/external/bsd/bind/dist/lib/dns/message.c cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/lib/dns/nsec3.c cvs rdiff -u -r1.22 -r1.23 src/external/bsd/bind/dist/lib/dns/rbtdb.c cvs rdiff -u -r1.10 -r1.11 \ src/external/bsd/bind/dist/lib/dns/rdata/generic/opt_41.c cvs rdiff -u -r1.5 -r1.6 \ src/external/bsd/bind/dist/lib/dns/tests/rdata_test.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/bsd/bind/dist/CHANGES diff -u src/external/bsd/bind/dist/CHANGES:1.21 src/external/bsd/bind/dist/CHANGES:1.22 --- src/external/bsd/bind/dist/CHANGES:1.21 Thu May 26 12:49:55 2016 +++ src/external/bsd/bind/dist/CHANGES Tue Oct 4 19:46:00 2016 @@ -1,3 +1,30 @@ + --- 9.10.4-P3 released --- + +4468. [bug] Address ECS option handling issues. [RT #43191] + + Note: Only the parts required to restore + interoperation with ECS clients have been + included in this security release. The full + fix is included in BIND 9.10.5. + +4467. [security] It was possible to trigger a assertion when rendering + a message. (CVE-2016-2776) [RT #43139] + + --- 9.10.4-P2 released --- + +4406. [bug] getrrsetbyname with a non absolute name could + trigger an infinite recursion bug in lwresd + and named with lwres configured if when combined + with a search list entry the resulting name is + too long. (CVE-2016-2775) [RT #42694] + +4405. [bug] Change 4342 introduced a regression where you could + not remove a delegation in a NSEC3 signed zone using + OPTOUT via nsupdate. [RT #42702] + +4387. [bug] Change 4336 was not complete leading to SERVFAIL + being return as NS records expired. [RT #42683] + --- 9.10.4-P1 released --- 4368. [bug] Fix a crash when calling "rndc stats" on some Index: src/external/bsd/bind/dist/README diff -u src/external/bsd/bind/dist/README:1.9 src/external/bsd/bind/dist/README:1.10 --- src/external/bsd/bind/dist/README:1.9 Thu May 26 12:49:55 2016 +++ src/external/bsd/bind/dist/README Tue Oct 4 19:46:00 2016 @@ -51,13 +51,23 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.10.4-P3 + + This version contains a fix for CVE-2016-2776 and addresses + an interoperability issue with ECS clients. + +BIND 9.10.4-P2 + + This version contains a fix for CVE-2016-2775 and addresses + two regressions introduced with BIND 9.10.4. + BIND 9.10.4-P1 - This version contains tree urgent fixes to BIND 9.10.4: + This version contains three urgent fixes to BIND 9.10.4: 1) Windows installation was failing without manual updating of BINDinstall's attributes. 2) Windows doesn't support the %z printf modifier. - 3) A race condition was causing instability in the rbt + 3) A race condition was causing instability in the RBT tree state. BIND 9.10.4 Index: src/external/bsd/bind/dist/srcid diff -u src/external/bsd/bind/dist/srcid:1.15 src/external/bsd/bind/dist/srcid:1.16 --- src/external/bsd/bind/dist/srcid:1.15 Thu May 26 12:49:55 2016 +++ src/external/bsd/bind/dist/srcid Tue Oct 4 19:46:00 2016 @@ -1 +1 @@ -SRCID=adfc588 +SRCID=7e49f11 Index: src/external/bsd/bind/dist/version diff -u src/external/bsd/bind/dist/version:1.19 src/external/bsd/bind/dist/version:1.20 --- src/external/bsd/bind/dist/version:1.19 Thu May 26 12:49:55 2016 +++ src/external/bsd/bind/dist/version Tue Oct 4 19:46:00 2016 @@ -7,5 +7,5 @@ MAJORVER=9 MINORVER=10 PATCHVER=4 RELEASETYPE=-P -RELEASEVER=1 +RELEASEVER=3 EXTENSIONS= Index: src/external/bsd/bind/dist/bin/named/lwdgrbn.c diff -u src/external/bsd/bind/dist/bin/named/lwdgrbn.c:1.7 src/external/bsd/bind/dist/bin/named/lwdgrbn.c:1.8 --- src/external/bsd/bind/dist/bin/named/lwdgrbn.c:1.7 Thu May 26 12:49:56 2016 +++ src/external/bsd/bind/dist/bin/named/lwdgrbn.c Tue Oct 4 19:46:00 2016 @@ -1,7 +1,7 @@ -/* $NetBSD: lwdgrbn.c,v 1.7 2016/05/26 16:49:56 christos Exp $ */ +/* $NetBSD: lwdgrbn.c,v 1.8 2016/10/04 23:46:00 christos Exp $ */ /* - * Copyright (C) 2004-2007, 2009, 2013-2015 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -405,14 +405,18 @@ start_lookup(ns_lwdclient_t *client) { INSIST(client->lookup == NULL); dns_fixedname_init(&absname); - result = ns_lwsearchctx_current(&client->searchctx, - dns_fixedname_name(&absname)); + /* - * This will return failure if relative name + suffix is too long. - * In this case, just go on to the next entry in the search path. + * Perform search across all search domains until success + * is returned. Return in case of failure. */ - if (result != ISC_R_SUCCESS) - start_lookup(client); + while (ns_lwsearchctx_current(&client->searchctx, + dns_fixedname_name(&absname)) != ISC_R_SUCCESS) { + if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) { + ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); + return; + } + } result = dns_lookup_create(cm->mctx, dns_fixedname_name(&absname), Index: src/external/bsd/bind/dist/bin/pkcs11/pkcs11-destroy.8 diff -u src/external/bsd/bind/dist/bin/pkcs11/pkcs11-destroy.8:1.5 src/external/bsd/bind/dist/bin/pkcs11/pkcs11-destroy.8:1.6 --- src/external/bsd/bind/dist/bin/pkcs11/pkcs11-destroy.8:1.5 Tue Dec 9 23:37:52 2014 +++ src/external/bsd/bind/dist/bin/pkcs11/pkcs11-destroy.8 Tue Oct 4 19:46:00 2016 @@ -1,6 +1,6 @@ -.\" $NetBSD: pkcs11-destroy.8,v 1.5 2014/12/10 04:37:52 christos Exp $ +.\" $NetBSD: pkcs11-destroy.8,v 1.6 2016/10/04 23:46:00 christos Exp $ .\" -.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,26 +14,41 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" Id -.\" .hy 0 .ad l -.\" Title: pkcs11\-destroy +'\" t +.\" Title: pkcs11-destroy .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Sep 18, 2009 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2014-01-15 .\" Manual: BIND9 -.\" Source: BIND9 +.\" Source: ISC +.\" Language: English .\" -.TH "PKCS11\-DESTROY" "8" "Sep 18, 2009" "BIND9" "BIND9" +.TH "PKCS11\-DESTROY" "8" "2014\-01\-15" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- .SH "NAME" -pkcs11\-destroy \- destroy PKCS#11 objects +pkcs11-destroy \- destroy PKCS#11 objects .SH "SYNOPSIS" -.HP 15 +.HP \w'\fBpkcs11\-destroy\fR\ 'u \fBpkcs11\-destroy\fR [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {\-i\ \fIID\fR | \-l\ \fIlabel\fR} [\fB\-p\ \fR\fB\fIPIN\fR\fR] [\fB\-w\ \fR\fB\fIseconds\fR\fR] .SH "DESCRIPTION" .PP @@ -41,50 +56,52 @@ pkcs11\-destroy \- destroy PKCS#11 objec destroys keys stored in a PKCS#11 device, identified by their \fBID\fR or -\fBlabel\fR. +\fBlabel\fR\&. .PP -Matching keys are displayed before being destroyed. By default, there is a five second delay to allow the user to interrupt the process before the destruction takes place. +Matching keys are displayed before being destroyed\&. By default, there is a five second delay to allow the user to interrupt the process before the destruction takes place\&. .SH "ARGUMENTS" .PP \-m \fImodule\fR .RS 4 -Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device. +Specify the PKCS#11 provider module\&. This must be the full path to a shared library object implementing the PKCS#11 API for the device\&. .RE .PP \-s \fIslot\fR .RS 4 -Open the session with the given PKCS#11 slot. The default is slot 0. +Open the session with the given PKCS#11 slot\&. The default is slot 0\&. .RE .PP \-i \fIID\fR .RS 4 -Destroy keys with the given object ID. +Destroy keys with the given object ID\&. .RE .PP \-l \fIlabel\fR .RS 4 -Destroy keys with the given label. +Destroy keys with the given label\&. .RE .PP \-p \fIPIN\fR .RS 4 -Specify the PIN for the device. If no PIN is provided on the command line, +Specify the PIN for the device\&. If no PIN is provided on the command line, \fBpkcs11\-destroy\fR -will prompt for it. +will prompt for it\&. .RE .PP \-w \fIseconds\fR .RS 4 -Specify how long to pause before carrying out key destruction. The default is five seconds. If set to -0, destruction will be immediate. +Specify how long to pause before carrying out key destruction\&. The default is five seconds\&. If set to +0, destruction will be immediate\&. .RE .SH "SEE ALSO" .PP -\fBpkcs11\-list\fR(3), -\fBpkcs11\-keygen\fR(3) +\fBpkcs11-keygen\fR(8), +\fBpkcs11-list\fR(8), +\fBpkcs11-tokens\fR(8) .SH "AUTHOR" .PP -Internet Systems Consortium +\fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" -Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") .br Index: src/external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.8 diff -u src/external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.8:1.5 src/external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.8:1.6 --- src/external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.8:1.5 Tue Dec 9 23:37:52 2014 +++ src/external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.8 Tue Oct 4 19:46:00 2016 @@ -1,6 +1,6 @@ -.\" $NetBSD: pkcs11-keygen.8,v 1.5 2014/12/10 04:37:52 christos Exp $ +.\" $NetBSD: pkcs11-keygen.8,v 1.6 2016/10/04 23:46:00 christos Exp $ .\" -.\" Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,26 +14,41 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" Id -.\" .hy 0 .ad l -.\" Title: pkcs11\-ecgen +'\" t +.\" Title: pkcs11-keygen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Feb 30, 2012 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2014-01-15 .\" Manual: BIND9 -.\" Source: BIND9 +.\" Source: ISC +.\" Language: English .\" -.TH "PKCS11\-ECGEN" "8" "Feb 30, 2012" "BIND9" "BIND9" +.TH "PKCS11\-KEYGEN" "8" "2014\-01\-15" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- .SH "NAME" -pkcs11\-keygen \- generate keys on a PKCS#11 device +pkcs11-keygen \- generate keys on a PKCS#11 device .SH "SYNOPSIS" -.HP 14 +.HP \w'\fBpkcs11\-keygen\fR\ 'u \fBpkcs11\-keygen\fR {\-a\ \fIalgorithm\fR} [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-e\fR] [\fB\-i\ \fR\fB\fIid\fR\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-P\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR] [\fB\-q\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] {label} .SH "DESCRIPTION" .PP @@ -42,74 +57,74 @@ causes a PKCS#11 device to generate a ne \fBlabel\fR (which must be unique) and with \fBkeysize\fR -bits of prime. +bits of prime\&. .SH "ARGUMENTS" .PP \-a \fIalgorithm\fR .RS 4 -Specify the key algorithm class: Supported classes are RSA, DSA, DH, and ECC. In addition to these strings, the +Specify the key algorithm class: Supported classes are RSA, DSA, DH, and ECC\&. In addition to these strings, the \fBalgorithm\fR -can be specified as a DNSSEC signing algorithm that will be used with this key; for example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps to ECC. The default class is "RSA". +can be specified as a DNSSEC signing algorithm that will be used with this key; for example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps to ECC\&. The default class is "RSA"\&. .RE .PP \-b \fIkeysize\fR .RS 4 Create the key pair with \fBkeysize\fR -bits of prime. For ECC keys, the only valid values are 256 and 384, and the default is 256. +bits of prime\&. For ECC keys, the only valid values are 256 and 384, and the default is 256\&. .RE .PP \-e .RS 4 -For RSA keys only, use a large exponent. +For RSA keys only, use a large exponent\&. .RE .PP \-i \fIid\fR .RS 4 -Create key objects with id. The id is either an unsigned short 2 byte or an unsigned long 4 byte number. +Create key objects with id\&. The id is either an unsigned short 2 byte or an unsigned long 4 byte number\&. .RE .PP \-m \fImodule\fR .RS 4 -Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device. +Specify the PKCS#11 provider module\&. This must be the full path to a shared library object implementing the PKCS#11 API for the device\&. .RE .PP \-P .RS 4 -Set the new private key to be non\-sensitive and extractable. The allows the private key data to be read from the PKCS#11 device. The default is for private keys to be sensitive and non\-extractable. +Set the new private key to be non\-sensitive and extractable\&. The allows the private key data to be read from the PKCS#11 device\&. The default is for private keys to be sensitive and non\-extractable\&. .RE .PP \-p \fIPIN\fR .RS 4 -Specify the PIN for the device. If no PIN is provided on the command line, -\fBpkcs11\-ecgen\fR -will prompt for it. +Specify the PIN for the device\&. If no PIN is provided on the command line, +\fBpkcs11\-keygen\fR +will prompt for it\&. .RE .PP -\-e +\-q .RS 4 -Quiet mode: suppress unnecessary output. +Quiet mode: suppress unnecessary output\&. .RE .PP \-S .RS 4 -For Diffie\-Hellman (DH) keys only, use a special prime of 768, 1024 or 1536 bit size and base (aka generator) 2. If not specified, bit size will default to 1024. +For Diffie\-Hellman (DH) keys only, use a special prime of 768, 1024 or 1536 bit size and base (aka generator) 2\&. If not specified, bit size will default to 1024\&. .RE .PP \-s \fIslot\fR .RS 4 -Open the session with the given PKCS#11 slot. The default is slot 0. +Open the session with the given PKCS#11 slot\&. The default is slot 0\&. .RE .SH "SEE ALSO" .PP -\fBpkcs11\-rsagen\fR(3), -\fBpkcs11\-dsagen\fR(3), -\fBpkcs11\-list\fR(3), -\fBpkcs11\-destroy\fR(3), -\fBdnssec\-keyfromlabel\fR(3), +\fBpkcs11-destroy\fR(8), +\fBpkcs11-list\fR(8), +\fBpkcs11-tokens\fR(8), +\fBdnssec-keyfromlabel\fR(8) .SH "AUTHOR" .PP -Internet Systems Consortium +\fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" -Copyright \(co 2012 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") .br Index: src/external/bsd/bind/dist/bin/pkcs11/pkcs11-list.8 diff -u src/external/bsd/bind/dist/bin/pkcs11/pkcs11-list.8:1.4 src/external/bsd/bind/dist/bin/pkcs11/pkcs11-list.8:1.5 --- src/external/bsd/bind/dist/bin/pkcs11/pkcs11-list.8:1.4 Tue Dec 9 23:37:52 2014 +++ src/external/bsd/bind/dist/bin/pkcs11/pkcs11-list.8 Tue Oct 4 19:46:00 2016 @@ -1,39 +1,54 @@ -.\" $NetBSD: pkcs11-list.8,v 1.4 2014/12/10 04:37:52 christos Exp $ -.\" -.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" $NetBSD: pkcs11-list.8,v 1.5 2016/10/04 23:46:00 christos Exp $ .\" +.\" Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") +.\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. -.\" +.\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" Id: pkcs11-list.8,v 1.3 2009/10/06 04:40:14 tbox Exp -.\" .hy 0 .ad l -.\" Title: pkcs11\-list +'\" t +.\" Title: pkcs11-list .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Sep 18, 2009 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2009-10-05 .\" Manual: BIND9 -.\" Source: BIND9 +.\" Source: ISC +.\" Language: English .\" -.TH "PKCS11\-LIST" "8" "Sep 18, 2009" "BIND9" "BIND9" +.TH "PKCS11\-LIST" "8" "2009\-10\-05" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- .SH "NAME" -pkcs11\-list \- list PKCS#11 objects +pkcs11-list \- list PKCS#11 objects .SH "SYNOPSIS" -.HP 12 +.HP \w'\fBpkcs11\-list\fR\ 'u \fBpkcs11\-list\fR [\fB\-P\fR] [\fB\-m\ \fR\fB\fImodule\fR\fR] [\fB\-s\ \fR\fB\fIslot\fR\fR] [\-i\ \fIID\fR] [\-l\ \fIlabel\fR] [\fB\-p\ \fR\fB\fIPIN\fR\fR] .SH "DESCRIPTION" .PP @@ -42,47 +57,49 @@ lists the PKCS#11 objects with \fBID\fR or \fBlabel\fR -or by default all objects. +or by default all objects\&. .SH "ARGUMENTS" .PP \-P .RS 4 -List only the public objects. (Note that on some PKCS#11 devices, all objects are private.) +List only the public objects\&. (Note that on some PKCS#11 devices, all objects are private\&.) .RE .PP \-m \fImodule\fR .RS 4 -Specify the PKCS#11 provider module. This must be the full path to a shared library object implementing the PKCS#11 API for the device. +Specify the PKCS#11 provider module\&. This must be the full path to a shared library object implementing the PKCS#11 API for the device\&. .RE .PP \-s \fIslot\fR .RS 4 -Open the session with the given PKCS#11 slot. The default is slot 0. +Open the session with the given PKCS#11 slot\&. The default is slot 0\&. .RE .PP \-i \fIID\fR .RS 4 -List only key objects with the given object ID. +List only key objects with the given object ID\&. .RE .PP \-l \fIlabel\fR .RS 4 -List only key objects with the given label. +List only key objects with the given label\&. .RE .PP \-p \fIPIN\fR .RS 4 -Specify the PIN for the device. If no PIN is provided on the command line, +Specify the PIN for the device\&. If no PIN is provided on the command line, \fBpkcs11\-list\fR -will prompt for it. +will prompt for it\&. .RE .SH "SEE ALSO" .PP -\fBpkcs11\-keygen\fR(3), -\fBpkcs11\-destroy\fR(3) +\fBpkcs11-destroy\fR(8), +\fBpkcs11-keygen\fR(8), +\fBpkcs11-tokens\fR(8) .SH "AUTHOR" .PP -Internet Systems Consortium +\fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" -Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") .br Index: src/external/bsd/bind/dist/bin/tests/system/lwresd/lwtest.c diff -u src/external/bsd/bind/dist/bin/tests/system/lwresd/lwtest.c:1.8 src/external/bsd/bind/dist/bin/tests/system/lwresd/lwtest.c:1.9 --- src/external/bsd/bind/dist/bin/tests/system/lwresd/lwtest.c:1.8 Wed Dec 16 23:00:42 2015 +++ src/external/bsd/bind/dist/bin/tests/system/lwresd/lwtest.c Tue Oct 4 19:46:00 2016 @@ -1,7 +1,7 @@ -/* $NetBSD: lwtest.c,v 1.8 2015/12/17 04:00:42 christos Exp $ */ +/* $NetBSD: lwtest.c,v 1.9 2016/10/04 23:46:00 christos Exp $ */ /* - * Copyright (C) 2004, 2007, 2008, 2012, 2013, 2015 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2008, 2012, 2013, 2015, 2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -771,6 +771,14 @@ main(void) { test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1); test_getrrsetbyname("", 1, 1, 0, 0, 0); + test_getrrsetbyname("123456789.123456789.123456789.123456789." + "123456789.123456789.123456789.123456789." + "123456789.123456789.123456789.123456789." + "123456789.123456789.123456789.123456789." + "123456789.123456789.123456789.123456789." + "123456789.123456789.123456789.123456789." + "123456789", 1, 1, 0, 0, 0); + if (fails == 0) printf("I:ok\n"); return (fails); Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.9 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.10 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Tue Oct 4 19:46:01 2016 @@ -2326,6 +2326,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.9 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.10 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Tue Oct 4 19:46:01 2016 @@ -12845,6 +12845,6 @@ HOST-127.EXAMPLE. MX 0 . </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.9 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.10 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Tue Oct 4 19:46:01 2016 @@ -248,6 +248,6 @@ zone "example.com" { </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.9 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.10 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Tue Oct 4 19:46:01 2016 @@ -134,6 +134,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.9 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.10 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Tue Oct 4 19:46:01 2016 @@ -44,7 +44,7 @@ <div class="toc"> <p><b>Table of Contents</b></p> <dl class="toc"> -<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P1</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P3</a></span></dt> <dd><dl> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> @@ -60,7 +60,7 @@ </div> <div class="section"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P1</h2></div></div></div> +<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P3</h2></div></div></div> <div class="section"> <div class="titlepage"><div><div><h3 class="title"> <a name="relnotes_intro"></a>Introduction</h3></div></div></div> @@ -68,6 +68,15 @@ This document summarizes changes since BIND 9.10.4: </p> <p> + BIND 9.10.4-P3 addresses the security issue described in + CVE-2016-2776 and addresses an interoperability issue with + ECS clients. + </p> +<p> + BIND 9.10.4-P2 addresses the security issue described in + CVE-2016-2775. + </p> +<p> BIND 9.10.4-P1 addresses Windows installation issues, the %z modifier is not supported under Windows and a race condition in the rbt/rbtdb implementation resulting in named exiting @@ -88,9 +97,20 @@ <div class="section"> <div class="titlepage"><div><div><h3 class="title"> <a name="relnotes_security"></a>Security Fixes</h3></div></div></div> -<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> - None. - </p></li></ul></div> +<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> +<li class="listitem"><p> + It was possible to trigger a assertion when rendering a + message using a specially crafted request. This flaw is + disclosed in CVE-2016-2776. [RT #43139] + </p></li> +<li class="listitem"><p> + getrrsetbyname with a non absolute name could trigger an + infinite recursion bug in lwresd and named with lwres + configured if when combined with a search list entry the + resulting name is too long. This flaw is disclosed in + CVE-2016-2775. [RT #42694] + </p></li> +</ul></div> </div> <div class="section"> <div class="titlepage"><div><div><h3 class="title"> @@ -118,6 +138,10 @@ <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> <li class="listitem"><p> + ECS clients with the option set to 0.0.0.0/0/0 or ::/0/0 + where incorrectly getting a FORMERR response. + </p></li> +<li class="listitem"><p> Windows installs were failing due to triggering UAC without the installation binary being signed. </p></li> @@ -166,6 +190,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.9 src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.10 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html Tue Oct 4 19:46:01 2016 @@ -40,7 +40,7 @@ <div> <div><h1 class="title"> <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div> -<div><p class="releaseinfo">BIND Version 9.10.4-P1</p></div> +<div><p class="releaseinfo">BIND Version 9.10.4-P3</p></div> <div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div> <div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div> </div> @@ -239,7 +239,7 @@ </dl></dd> <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt> <dd><dl> -<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P1</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P3</a></span></dt> <dd><dl> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> @@ -385,6 +385,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.arpaname.html diff -u src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.9 src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.arpaname.html Tue Oct 4 19:46:01 2016 @@ -81,6 +81,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html diff -u src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.9 src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html Tue Oct 4 19:46:01 2016 @@ -185,6 +185,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.delv.html diff -u src/external/bsd/bind/dist/doc/arm/man.delv.html:1.9 src/external/bsd/bind/dist/doc/arm/man.delv.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.delv.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.delv.html Tue Oct 4 19:46:01 2016 @@ -498,6 +498,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dig.html diff -u src/external/bsd/bind/dist/doc/arm/man.dig.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dig.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dig.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dig.html Tue Oct 4 19:46:01 2016 @@ -809,6 +809,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html Tue Oct 4 19:46:01 2016 @@ -112,6 +112,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html Tue Oct 4 19:46:01 2016 @@ -219,6 +219,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html Tue Oct 4 19:46:01 2016 @@ -213,6 +213,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html Tue Oct 4 19:46:01 2016 @@ -177,6 +177,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html Tue Oct 4 19:46:01 2016 @@ -381,6 +381,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html Tue Oct 4 19:46:01 2016 @@ -455,6 +455,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html Tue Oct 4 19:46:01 2016 @@ -134,6 +134,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html Tue Oct 4 19:46:01 2016 @@ -264,6 +264,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html Tue Oct 4 19:46:01 2016 @@ -564,6 +564,6 @@ db.example.com.signed </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.9 src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html Tue Oct 4 19:46:01 2016 @@ -164,6 +164,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.genrandom.html diff -u src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.9 src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.genrandom.html Tue Oct 4 19:46:01 2016 @@ -102,6 +102,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.host.html diff -u src/external/bsd/bind/dist/doc/arm/man.host.html:1.9 src/external/bsd/bind/dist/doc/arm/man.host.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.host.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.host.html Tue Oct 4 19:46:01 2016 @@ -247,6 +247,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html diff -u src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.9 src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html Tue Oct 4 19:46:01 2016 @@ -112,6 +112,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.9 src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html Tue Oct 4 19:46:01 2016 @@ -151,6 +151,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.9 src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html Tue Oct 4 19:46:01 2016 @@ -338,6 +338,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.9 src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html Tue Oct 4 19:46:01 2016 @@ -102,6 +102,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.9 src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html Tue Oct 4 19:46:01 2016 @@ -104,6 +104,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named.html diff -u src/external/bsd/bind/dist/doc/arm/man.named.html:1.9 src/external/bsd/bind/dist/doc/arm/man.named.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.named.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.named.html Tue Oct 4 19:46:01 2016 @@ -369,6 +369,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html diff -u src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.9 src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html Tue Oct 4 19:46:01 2016 @@ -103,6 +103,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.nsupdate.html diff -u src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.9 src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html Tue Oct 4 19:46:01 2016 @@ -663,6 +663,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.9 src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html Tue Oct 4 19:46:01 2016 @@ -223,6 +223,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.9 src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html Tue Oct 4 19:46:01 2016 @@ -246,6 +246,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.9 src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.10 --- src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/doc/arm/man.rndc.html Tue Oct 4 19:46:01 2016 @@ -621,6 +621,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P1</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P3</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.pdf Binary files are different Index: src/external/bsd/bind/dist/lib/dns/api diff -u src/external/bsd/bind/dist/lib/dns/api:1.9 src/external/bsd/bind/dist/lib/dns/api:1.10 --- src/external/bsd/bind/dist/lib/dns/api:1.9 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/lib/dns/api Tue Oct 4 19:46:01 2016 @@ -6,5 +6,5 @@ # 9.9-sub: 130-139, 150-159 # 9.10: 140-149, 160-169 LIBINTERFACE = 165 -LIBREVISION = 0 +LIBREVISION = 2 LIBAGE = 0 Index: src/external/bsd/bind/dist/lib/dns/message.c diff -u src/external/bsd/bind/dist/lib/dns/message.c:1.19 src/external/bsd/bind/dist/lib/dns/message.c:1.20 --- src/external/bsd/bind/dist/lib/dns/message.c:1.19 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/lib/dns/message.c Tue Oct 4 19:46:01 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: message.c,v 1.19 2016/05/26 16:49:58 christos Exp $ */ +/* $NetBSD: message.c,v 1.20 2016/10/04 23:46:01 christos Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -1730,7 +1730,7 @@ dns_message_renderbegin(dns_message_t *m if (r.length < DNS_MESSAGE_HEADERLEN) return (ISC_R_NOSPACE); - if (r.length < msg->reserved) + if (r.length - DNS_MESSAGE_HEADERLEN < msg->reserved) return (ISC_R_NOSPACE); /* @@ -1871,8 +1871,29 @@ norender_rdataset(const dns_rdataset_t * return (ISC_TRUE); } - #endif + +static isc_result_t +renderset(dns_rdataset_t *rdataset, dns_name_t *owner_name, + dns_compress_t *cctx, isc_buffer_t *target, + unsigned int reserved, unsigned int options, unsigned int *countp) +{ + isc_result_t result; + + /* + * Shrink the space in the buffer by the reserved amount. + */ + if (target->length - target->used < reserved) + return (ISC_R_NOSPACE); + + target->length -= reserved; + result = dns_rdataset_towire(rdataset, owner_name, + cctx, target, options, countp); + target->length += reserved; + + return (result); +} + isc_result_t dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, unsigned int options) @@ -1915,6 +1936,8 @@ dns_message_rendersection(dns_message_t /* * Shrink the space in the buffer by the reserved amount. */ + if (msg->buffer->length - msg->buffer->used < msg->reserved) + return (ISC_R_NOSPACE); msg->buffer->length -= msg->reserved; total = 0; @@ -2190,9 +2213,8 @@ dns_message_renderend(dns_message_t *msg * Render. */ count = 0; - result = dns_rdataset_towire(msg->opt, dns_rootname, - msg->cctx, msg->buffer, 0, - &count); + result = renderset(msg->opt, dns_rootname, msg->cctx, + msg->buffer, msg->reserved, 0, &count); msg->counts[DNS_SECTION_ADDITIONAL] += count; if (result != ISC_R_SUCCESS) return (result); @@ -2208,9 +2230,8 @@ dns_message_renderend(dns_message_t *msg if (result != ISC_R_SUCCESS) return (result); count = 0; - result = dns_rdataset_towire(msg->tsig, msg->tsigname, - msg->cctx, msg->buffer, 0, - &count); + result = renderset(msg->tsig, msg->tsigname, msg->cctx, + msg->buffer, msg->reserved, 0, &count); msg->counts[DNS_SECTION_ADDITIONAL] += count; if (result != ISC_R_SUCCESS) return (result); @@ -2231,9 +2252,8 @@ dns_message_renderend(dns_message_t *msg * the owner name of a SIG(0) is irrelevant, and will not * be set in a message being rendered. */ - result = dns_rdataset_towire(msg->sig0, dns_rootname, - msg->cctx, msg->buffer, 0, - &count); + result = renderset(msg->sig0, dns_rootname, msg->cctx, + msg->buffer, msg->reserved, 0, &count); msg->counts[DNS_SECTION_ADDITIONAL] += count; if (result != ISC_R_SUCCESS) return (result); Index: src/external/bsd/bind/dist/lib/dns/nsec3.c diff -u src/external/bsd/bind/dist/lib/dns/nsec3.c:1.12 src/external/bsd/bind/dist/lib/dns/nsec3.c:1.13 --- src/external/bsd/bind/dist/lib/dns/nsec3.c:1.12 Wed Dec 16 23:00:43 2015 +++ src/external/bsd/bind/dist/lib/dns/nsec3.c Tue Oct 4 19:46:01 2016 @@ -1,7 +1,7 @@ -/* $NetBSD: nsec3.c,v 1.12 2015/12/17 04:00:43 christos Exp $ */ +/* $NetBSD: nsec3.c,v 1.13 2016/10/04 23:46:01 christos Exp $ */ /* - * Copyright (C) 2006, 2008-2015 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006, 2008-2016 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -1340,7 +1340,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbv CHECK(dns_db_createiterator(db, DNS_DB_NSEC3ONLY, &dbit)); result = dns_dbiterator_seek(dbit, hashname); - if (result == ISC_R_NOTFOUND) + if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) goto success; if (result != ISC_R_SUCCESS) goto failure; @@ -1445,7 +1445,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbv &empty, origin, hash, iterations, salt, salt_length)); result = dns_dbiterator_seek(dbit, hashname); - if (result == ISC_R_NOTFOUND) + if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) goto success; if (result != ISC_R_SUCCESS) goto failure; Index: src/external/bsd/bind/dist/lib/dns/rbtdb.c diff -u src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.22 src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.23 --- src/external/bsd/bind/dist/lib/dns/rbtdb.c:1.22 Thu May 26 12:49:58 2016 +++ src/external/bsd/bind/dist/lib/dns/rbtdb.c Tue Oct 4 19:46:01 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: rbtdb.c,v 1.22 2016/05/26 16:49:58 christos Exp $ */ +/* $NetBSD: rbtdb.c,v 1.23 2016/10/04 23:46:01 christos Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -520,6 +520,10 @@ struct acachectl { #define ZEROTTL(header) \ (((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0) +#define ACTIVE(header, now) \ + (((header)->rdh_ttl > (now)) || \ + ((header)->rdh_ttl == (now) && ZEROTTL(header))) + #define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */ /*% @@ -4533,8 +4537,7 @@ check_stale_rdataset(dns_rbtnode_t *node UNUSED(lock); #endif - if (header->rdh_ttl < search->now || - (header->rdh_ttl == search->now && !ZEROTTL(header))) { + if (!ACTIVE(header, search->now)) { /* * This rdataset is stale. If no one else is using the * node, we can clean it up right now, otherwise we mark @@ -5739,7 +5742,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn for (header = rbtnode->data; header != NULL; header = header_next) { header_next = header->next; - if (header->rdh_ttl < now) { + if (!ACTIVE(header, now)) { if ((header->rdh_ttl < now - RBTDB_VIRTUAL) && (locktype == isc_rwlocktype_write || NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { @@ -6063,7 +6066,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t } } if (topheader != NULL && EXISTS(topheader) && - topheader->rdh_ttl >= now) { + ACTIVE(topheader, now)) { /* * Found one. */ @@ -6128,7 +6131,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t * has no effect, provided that the cache data isn't stale. */ if (rbtversion == NULL && trust < header->trust && - (header->rdh_ttl >= now || header_nx)) { + (ACTIVE(header, now) || header_nx)) { free_rdataset(rbtdb, rbtdb->common.mctx, newheader); if (addedrdataset != NULL) bind_rdataset(rbtdb, rbtnode, header, now, @@ -6199,7 +6202,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t * Don't lower trust of existing record if the * update is forced. */ - if (IS_CACHE(rbtdb) && header->rdh_ttl >= now && + if (IS_CACHE(rbtdb) && ACTIVE(header, now) && header->type == dns_rdatatype_ns && !header_nx && !newheader_nx && header->trust >= newheader->trust && @@ -6235,7 +6238,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t * to be no more than the current NS RRset's TTL. This * ensures the delegations that are withdrawn are honoured. */ - if (IS_CACHE(rbtdb) && header->rdh_ttl >= now && + if (IS_CACHE(rbtdb) && ACTIVE(header, now) && header->type == dns_rdatatype_ns && !header_nx && !newheader_nx && header->trust <= newheader->trust) { @@ -6243,7 +6246,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t newheader->rdh_ttl = header->rdh_ttl; } } - if (IS_CACHE(rbtdb) && header->rdh_ttl >= now && + if (IS_CACHE(rbtdb) && ACTIVE(header, now) && (options & DNS_DBADD_PREFETCH) == 0 && (header->type == dns_rdatatype_a || header->type == dns_rdatatype_aaaa || @@ -9003,6 +9006,8 @@ dbiterator_first(dns_dbiterator_t *itera dns_name_t *name, *origin; if (rbtdbiter->result != ISC_R_SUCCESS && + rbtdbiter->result != ISC_R_NOTFOUND && + rbtdbiter->result != DNS_R_PARTIALMATCH && rbtdbiter->result != ISC_R_NOMORE) return (rbtdbiter->result); @@ -9056,6 +9061,8 @@ dbiterator_last(dns_dbiterator_t *iterat dns_name_t *name, *origin; if (rbtdbiter->result != ISC_R_SUCCESS && + rbtdbiter->result != ISC_R_NOTFOUND && + rbtdbiter->result != DNS_R_PARTIALMATCH && rbtdbiter->result != ISC_R_NOMORE) return (rbtdbiter->result); @@ -9106,6 +9113,7 @@ dbiterator_seek(dns_dbiterator_t *iterat if (rbtdbiter->result != ISC_R_SUCCESS && rbtdbiter->result != ISC_R_NOTFOUND && + rbtdbiter->result != DNS_R_PARTIALMATCH && rbtdbiter->result != ISC_R_NOMORE) return (rbtdbiter->result); @@ -9331,6 +9339,8 @@ dbiterator_pause(dns_dbiterator_t *itera rbtdb_dbiterator_t *rbtdbiter = (rbtdb_dbiterator_t *)iterator; if (rbtdbiter->result != ISC_R_SUCCESS && + rbtdbiter->result != ISC_R_NOTFOUND && + rbtdbiter->result != DNS_R_PARTIALMATCH && rbtdbiter->result != ISC_R_NOMORE) return (rbtdbiter->result); Index: src/external/bsd/bind/dist/lib/dns/rdata/generic/opt_41.c diff -u src/external/bsd/bind/dist/lib/dns/rdata/generic/opt_41.c:1.10 src/external/bsd/bind/dist/lib/dns/rdata/generic/opt_41.c:1.11 --- src/external/bsd/bind/dist/lib/dns/rdata/generic/opt_41.c:1.10 Thu May 26 12:49:59 2016 +++ src/external/bsd/bind/dist/lib/dns/rdata/generic/opt_41.c Tue Oct 4 19:46:01 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: opt_41.c,v 1.10 2016/05/26 16:49:59 christos Exp $ */ +/* $NetBSD: opt_41.c,v 1.11 2016/10/04 23:46:01 christos Exp $ */ /* * Copyright (C) 2004, 2005, 2007, 2009, 2011-2016 Internet Systems Consortium, Inc. ("ISC") @@ -136,9 +136,6 @@ fromwire_opt(ARGS_FROMWIRE) { scope = uint8_fromregion(&sregion); isc_region_consume(&sregion, 1); - if (addrlen == 0U && family != 0U) - return (DNS_R_OPTERR); - switch (family) { case 0: /* Index: src/external/bsd/bind/dist/lib/dns/tests/rdata_test.c diff -u src/external/bsd/bind/dist/lib/dns/tests/rdata_test.c:1.5 src/external/bsd/bind/dist/lib/dns/tests/rdata_test.c:1.6 --- src/external/bsd/bind/dist/lib/dns/tests/rdata_test.c:1.5 Thu May 26 12:49:59 2016 +++ src/external/bsd/bind/dist/lib/dns/tests/rdata_test.c Tue Oct 4 19:46:01 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: rdata_test.c,v 1.5 2016/05/26 16:49:59 christos Exp $ */ +/* $NetBSD: rdata_test.c,v 1.6 2016/10/04 23:46:01 christos Exp $ */ /* * Copyright (C) 2012, 2013, 2015, 2016 Internet Systems Consortium, Inc. ("ISC") @@ -107,7 +107,7 @@ ATF_TC_BODY(edns_client_subnet, tc) { 0x00, 0x08, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00 }, - 8, ISC_FALSE + 8, ISC_TRUE }, { /* Option code family 2 (ipv6) , source 0, scope 0 */ @@ -115,7 +115,7 @@ ATF_TC_BODY(edns_client_subnet, tc) { 0x00, 0x08, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00 }, - 8, ISC_FALSE + 8, ISC_TRUE }, { /* extra octet */