Module Name: src Committed By: christos Date: Thu Feb 9 00:23:27 UTC 2017
Modified Files: src/external/bsd/bind/dist: CHANGES README srcid version src/external/bsd/bind/dist/bin/named: query.c src/external/bsd/bind/dist/doc/arm: Bv9ARM.ch04.html Bv9ARM.ch06.html Bv9ARM.ch07.html Bv9ARM.ch08.html Bv9ARM.ch09.html Bv9ARM.html Bv9ARM.pdf man.arpaname.html man.ddns-confgen.html man.delv.html man.dig.html man.dnssec-checkds.html man.dnssec-coverage.html man.dnssec-dsfromkey.html man.dnssec-importkey.html man.dnssec-keyfromlabel.html man.dnssec-keygen.html man.dnssec-revoke.html man.dnssec-settime.html man.dnssec-signzone.html man.dnssec-verify.html man.genrandom.html man.host.html man.isc-hmac-fixup.html man.named-checkconf.html man.named-checkzone.html man.named-journalprint.html man.named-rrchecker.html man.named.html man.nsec3hash.html man.nsupdate.html man.rndc-confgen.html man.rndc.conf.html man.rndc.html src/external/bsd/bind/dist/lib/dns: api message.c rdataset.c resolver.c Log Message: Merge 9.10.4-P6 4558. [bug] Synthesised CNAME before matching DNAME was still being cached when it should have been. [RT #44318] 4557. [security] Combining dns64 and rpz can result in dereferencing a NULL pointer (read). (CVE-2017-3135) [RT#44434] To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/external/bsd/bind/dist/CHANGES cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/README cvs rdiff -u -r1.18 -r1.19 src/external/bsd/bind/dist/srcid cvs rdiff -u -r1.22 -r1.23 src/external/bsd/bind/dist/version cvs rdiff -u -r1.22 -r1.23 src/external/bsd/bind/dist/bin/named/query.c cvs rdiff -u -r1.12 -r1.13 \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html \ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html \ src/external/bsd/bind/dist/doc/arm/man.arpaname.html \ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.delv.html \ src/external/bsd/bind/dist/doc/arm/man.dig.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html \ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html \ src/external/bsd/bind/dist/doc/arm/man.genrandom.html \ src/external/bsd/bind/dist/doc/arm/man.host.html \ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html \ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html \ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html \ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html \ src/external/bsd/bind/dist/doc/arm/man.named.html \ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html \ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html \ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html \ src/external/bsd/bind/dist/doc/arm/man.rndc.html cvs rdiff -u -r1.17 -r1.18 src/external/bsd/bind/dist/doc/arm/Bv9ARM.pdf cvs rdiff -u -r1.12 -r1.13 src/external/bsd/bind/dist/lib/dns/api cvs rdiff -u -r1.21 -r1.22 src/external/bsd/bind/dist/lib/dns/message.c cvs rdiff -u -r1.8 -r1.9 src/external/bsd/bind/dist/lib/dns/rdataset.c cvs rdiff -u -r1.28 -r1.29 src/external/bsd/bind/dist/lib/dns/resolver.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/bsd/bind/dist/CHANGES diff -u src/external/bsd/bind/dist/CHANGES:1.24 src/external/bsd/bind/dist/CHANGES:1.25 --- src/external/bsd/bind/dist/CHANGES:1.24 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/CHANGES Wed Feb 8 19:23:26 2017 @@ -1,3 +1,11 @@ + --- 9.10.4-P6 released --- + +4558. [bug] Synthesised CNAME before matching DNAME was still + being cached when it should have been. [RT #44318] + +4557. [security] Combining dns64 and rpz can result in dereferencing + a NULL pointer (read). (CVE-2017-3135) [RT#44434] + --- 9.10.4-P5 released --- 4530. [bug] Change 4489 broke the handling of CNAME -> DNAME Index: src/external/bsd/bind/dist/README diff -u src/external/bsd/bind/dist/README:1.12 src/external/bsd/bind/dist/README:1.13 --- src/external/bsd/bind/dist/README:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/README Wed Feb 8 19:23:26 2017 @@ -51,6 +51,12 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.10.4-P6 + + This version contains a fix for CVE-2017-3135, and a bug fix + for a regression in CNAME/DNAME caching that was introduced + in an earlier security release. + BIND 9.10.4-P5 This version contains fixes for CVE-2016-9131, CVE-2016-9147, Index: src/external/bsd/bind/dist/srcid diff -u src/external/bsd/bind/dist/srcid:1.18 src/external/bsd/bind/dist/srcid:1.19 --- src/external/bsd/bind/dist/srcid:1.18 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/srcid Wed Feb 8 19:23:26 2017 @@ -1 +1 @@ -SRCID=2b12043 +SRCID=a6837d0 Index: src/external/bsd/bind/dist/version diff -u src/external/bsd/bind/dist/version:1.22 src/external/bsd/bind/dist/version:1.23 --- src/external/bsd/bind/dist/version:1.22 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/version Wed Feb 8 19:23:26 2017 @@ -7,5 +7,5 @@ MAJORVER=9 MINORVER=10 PATCHVER=4 RELEASETYPE=-P -RELEASEVER=5 +RELEASEVER=6 EXTENSIONS= Index: src/external/bsd/bind/dist/bin/named/query.c diff -u src/external/bsd/bind/dist/bin/named/query.c:1.22 src/external/bsd/bind/dist/bin/named/query.c:1.23 --- src/external/bsd/bind/dist/bin/named/query.c:1.22 Thu May 26 12:49:56 2016 +++ src/external/bsd/bind/dist/bin/named/query.c Wed Feb 8 19:23:26 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: query.c,v 1.22 2016/05/26 16:49:56 christos Exp $ */ +/* $NetBSD: query.c,v 1.23 2017/02/09 00:23:26 christos Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -6245,7 +6245,7 @@ query_find(ns_client_t *client, dns_fetc dns_rpz_st_t *rpz_st; isc_boolean_t resuming; int line = -1; - isc_boolean_t dns64_exclude, dns64; + isc_boolean_t dns64_exclude, dns64, rpz; isc_boolean_t nxrewrite = ISC_FALSE; isc_boolean_t redirected = ISC_FALSE; dns_clientinfomethods_t cm; @@ -6258,6 +6258,7 @@ query_find(ns_client_t *client, dns_fetc char mbuf[BUFSIZ]; char qbuf[DNS_NAME_FORMATSIZE]; #endif + dns_name_t *rpzqname; CTRACE(ISC_LOG_DEBUG(3), "query_find"); @@ -6283,7 +6284,7 @@ query_find(ns_client_t *client, dns_fetc zone = NULL; need_wildcardproof = ISC_FALSE; empty_wild = ISC_FALSE; - dns64_exclude = dns64 = ISC_FALSE; + dns64_exclude = dns64 = rpz = ISC_FALSE; options = 0; resuming = ISC_FALSE; is_zone = ISC_FALSE; @@ -6473,6 +6474,7 @@ query_find(ns_client_t *client, dns_fetc authoritative = ISC_FALSE; version = NULL; need_wildcardproof = ISC_FALSE; + rpz = ISC_FALSE; if (client->view->checknames && !dns_rdata_checkowner(client->query.qname, @@ -6614,11 +6616,29 @@ query_find(ns_client_t *client, dns_fetc } /* - * Now look for an answer in the database. + * Now look for an answer in the database. If this is a dns64 + * AAAA lookup on a rpz database adjust the qname. */ - result = dns_db_findext(db, client->query.qname, version, type, + if (dns64 && rpz) + rpzqname = client->query.rpz_st->p_name; + else + rpzqname = client->query.qname; + + result = dns_db_findext(db, rpzqname, version, type, client->query.dboptions, client->now, &node, fname, &cm, &ci, rdataset, sigrdataset); + /* + * Fixup fname and sigrdataset. + */ + if (dns64 && rpz) { + isc_result_t rresult; + + rresult = dns_name_copy(client->query.qname, fname, NULL); + RUNTIME_CHECK(rresult == ISC_R_SUCCESS); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + } if (!is_zone) dns_cache_updatestats(client->view->cache, result); @@ -6848,10 +6868,12 @@ query_find(ns_client_t *client, dns_fetc case DNS_RPZ_POLICY_NXDOMAIN: result = DNS_R_NXDOMAIN; nxrewrite = ISC_TRUE; + rpz = ISC_TRUE; break; case DNS_RPZ_POLICY_NODATA: result = DNS_R_NXRRSET; nxrewrite = ISC_TRUE; + rpz = ISC_TRUE; break; case DNS_RPZ_POLICY_RECORD: result = rpz_st->m.result; @@ -6871,6 +6893,7 @@ query_find(ns_client_t *client, dns_fetc rdataset->ttl = ISC_MIN(rdataset->ttl, rpz_st->m.ttl); } + rpz = ISC_TRUE; break; case DNS_RPZ_POLICY_WILDCNAME: result = dns_rdataset_first(rdataset); @@ -6913,7 +6936,6 @@ query_find(ns_client_t *client, dns_fetc NS_CLIENTATTR_WANTAD); client->message->flags &= ~DNS_MESSAGEFLAG_AD; query_putrdataset(client, &sigrdataset); - rpz_st->q.is_zone = is_zone; is_zone = ISC_TRUE; rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy, rpz_st->m.type, zone, rpz_st->p_name); @@ -7297,15 +7319,6 @@ query_find(ns_client_t *client, dns_fetc rdataset = NULL; sigrdataset = NULL; type = qtype = dns_rdatatype_a; - rpz_st = client->query.rpz_st; - if (rpz_st != NULL) { - /* - * Arrange for RPZ rewriting of any A records. - */ - if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0) - is_zone = rpz_st->q.is_zone; - rpz_st_clear(client); - } dns64 = ISC_TRUE; goto db_find; } @@ -7620,15 +7633,6 @@ query_find(ns_client_t *client, dns_fetc sigrdataset = NULL; fname = NULL; type = qtype = dns_rdatatype_a; - rpz_st = client->query.rpz_st; - if (rpz_st != NULL) { - /* - * Arrange for RPZ rewriting of any A records. - */ - if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0) - is_zone = rpz_st->q.is_zone; - rpz_st_clear(client); - } dns64 = ISC_TRUE; goto db_find; } @@ -8162,15 +8166,6 @@ query_find(ns_client_t *client, dns_fetc rdataset = NULL; sigrdataset = NULL; type = qtype = dns_rdatatype_a; - rpz_st = client->query.rpz_st; - if (rpz_st != NULL) { - /* - * Arrange for RPZ rewriting of any A records. - */ - if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0) - is_zone = rpz_st->q.is_zone; - rpz_st_clear(client); - } dns64_exclude = dns64 = ISC_TRUE; goto db_find; } Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.13 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Wed Feb 8 19:23:26 2017 @@ -2326,6 +2326,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.13 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html Wed Feb 8 19:23:26 2017 @@ -12845,6 +12845,6 @@ HOST-127.EXAMPLE. MX 0 . </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.13 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html Wed Feb 8 19:23:27 2017 @@ -248,6 +248,6 @@ zone "example.com" { </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.13 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html Wed Feb 8 19:23:27 2017 @@ -134,6 +134,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.13 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html Wed Feb 8 19:23:27 2017 @@ -44,7 +44,7 @@ <div class="toc"> <p><b>Table of Contents</b></p> <dl class="toc"> -<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P6</a></span></dt> <dd><dl> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> @@ -60,7 +60,7 @@ </div> <div class="section"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div> +<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P6</h2></div></div></div> <div class="section"> <div class="titlepage"><div><div><h3 class="title"> <a name="relnotes_intro"></a>Introduction</h3></div></div></div> @@ -68,8 +68,13 @@ This document summarizes changes since BIND 9.10.4: </p> <p> + BIND 9.10.4-P6 addresses the security issue described in + CVE-2017-3135, and fixes a regression introduced in a prior + security release. + </p> +<p> BIND 9.10.4-P5 addresses the security issues described in - CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. + CVE-2016-9131, CVE-2016-9147, CVE-2016-9444 and CVE-2016-9778. </p> <p> BIND 9.10.4-P4 addresses the security issue described in @@ -107,24 +112,33 @@ <a name="relnotes_security"></a>Security Fixes</h3></div></div></div> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> <li class="listitem"><p> - Named could mishandle authority sections that were missing - RRSIGs triggering an assertion failure. This flaw is - disclosed in CVE-2016-9444. [RT # 43632] + If a server is configured with a response policy zone (RPZ) + that rewrites an answer with local data, and is also configured + for DNS64 address mapping, a NULL pointer can be read + triggering a server crash. This flaw is disclosed in + CVE-2017-3135. [RT #44434] + </p></li> +<li class="listitem"><p> + <span class="command"><strong>named</strong></span> could mishandle authority sections + with missing RRSIGs, triggering an assertion failure. This + flaw is disclosed in CVE-2016-9444. [RT #43632] </p></li> <li class="listitem"><p> - Named mishandled some responses where covering RRSIG - records are returned without the requested data - resulting in a assertion failure. This flaw is disclosed in - CVE-2016-9147. [RT #43548] + <span class="command"><strong>named</strong></span> mishandled some responses where + covering RRSIG records were returned without the requested + data, resulting in an assertion failure. This flaw is + disclosed in CVE-2016-9147. [RT #43548] </p></li> <li class="listitem"><p> - Named incorrectly tried to cache TKEY records which could - trigger a assertion failure when there was a class mismatch. - This flaw is disclosed in CVE-2016-9131. [RT #43522] + <span class="command"><strong>named</strong></span> incorrectly tried to cache TKEY + records which could trigger an assertion failure when there was + a class mismatch. This flaw is disclosed in CVE-2016-9131. + [RT #43522] </p></li> <li class="listitem"><p> It was possible to trigger assertions when processing - a response. This flaw is disclosed in CVE-2016-8864. [RT #43465] + responses containing answers of type DNAME. This flaw is + disclosed in CVE-2016-8864. [RT #43465] </p></li> <li class="listitem"><p> It was possible to trigger a assertion when rendering a @@ -132,11 +146,13 @@ disclosed in CVE-2016-2776. [RT #43139] </p></li> <li class="listitem"><p> - getrrsetbyname with a non absolute name could trigger an - infinite recursion bug in lwresd and named with lwres - configured if when combined with a search list entry the - resulting name is too long. This flaw is disclosed in - CVE-2016-2775. [RT #42694] + Calling <span class="command"><strong>getrrsetbyname()</strong></span> with a non + absolute name could trigger an infinite recursion bug in + <span class="command"><strong>lwresd</strong></span> or <span class="command"><strong>named</strong></span> with + <span class="command"><strong>lwres</strong></span> configured if, when combined with + a search list entry from <code class="filename">resolv.conf</code>, + the resulting name is too long. This flaw is disclosed in + CVE-2016-2775. [RT #42694] </p></li> </ul></div> </div> @@ -166,8 +182,19 @@ <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> <li class="listitem"><p> + A synthesized CNAME record appearing in a response before the + associated DNAME could be cached, when it should not have been. + This was a regression introduced while addressing CVE-2016-8864. + [RT #44318] + </p></li> +<li class="listitem"><p> + Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some + Windows builds: some Visual Studio compilers generate code that + crashes when the "%z" printf() format specifier is used. [RT #42380] + </p></li> +<li class="listitem"><p> ECS clients with the option set to 0.0.0.0/0/0 or ::/0/0 - where incorrectly getting a FORMERR response. + were incorrectly getting a FORMERR response. </p></li> <li class="listitem"><p> Windows installs were failing due to triggering UAC without @@ -218,6 +245,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.html diff -u src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.12 src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.13 --- src/external/bsd/bind/dist/doc/arm/Bv9ARM.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/Bv9ARM.html Wed Feb 8 19:23:27 2017 @@ -40,7 +40,7 @@ <div> <div><h1 class="title"> <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div> -<div><p class="releaseinfo">BIND Version 9.10.4-P5</p></div> +<div><p class="releaseinfo">BIND Version 9.10.4-P6</p></div> <div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div> <div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div> </div> @@ -239,7 +239,7 @@ </dl></dd> <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt> <dd><dl> -<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt> +<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P6</a></span></dt> <dd><dl> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> @@ -385,6 +385,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.arpaname.html diff -u src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.12 src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.arpaname.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.arpaname.html Wed Feb 8 19:23:27 2017 @@ -81,6 +81,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html diff -u src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.12 src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.ddns-confgen.html Wed Feb 8 19:23:27 2017 @@ -185,6 +185,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.delv.html diff -u src/external/bsd/bind/dist/doc/arm/man.delv.html:1.12 src/external/bsd/bind/dist/doc/arm/man.delv.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.delv.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.delv.html Wed Feb 8 19:23:27 2017 @@ -498,6 +498,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dig.html diff -u src/external/bsd/bind/dist/doc/arm/man.dig.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dig.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dig.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dig.html Wed Feb 8 19:23:27 2017 @@ -809,6 +809,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html Wed Feb 8 19:23:27 2017 @@ -112,6 +112,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html Wed Feb 8 19:23:27 2017 @@ -219,6 +219,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html Wed Feb 8 19:23:27 2017 @@ -213,6 +213,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html Wed Feb 8 19:23:27 2017 @@ -177,6 +177,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html Wed Feb 8 19:23:27 2017 @@ -381,6 +381,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html Wed Feb 8 19:23:27 2017 @@ -455,6 +455,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html Wed Feb 8 19:23:27 2017 @@ -134,6 +134,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-settime.html Wed Feb 8 19:23:27 2017 @@ -264,6 +264,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html Wed Feb 8 19:23:27 2017 @@ -564,6 +564,6 @@ db.example.com.signed </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html diff -u src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.12 src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.dnssec-verify.html Wed Feb 8 19:23:27 2017 @@ -164,6 +164,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.genrandom.html diff -u src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.12 src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.genrandom.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.genrandom.html Wed Feb 8 19:23:27 2017 @@ -102,6 +102,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.host.html diff -u src/external/bsd/bind/dist/doc/arm/man.host.html:1.12 src/external/bsd/bind/dist/doc/arm/man.host.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.host.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.host.html Wed Feb 8 19:23:27 2017 @@ -247,6 +247,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html diff -u src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.12 src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html Wed Feb 8 19:23:27 2017 @@ -112,6 +112,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.named-checkconf.html Wed Feb 8 19:23:27 2017 @@ -151,6 +151,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.named-checkzone.html Wed Feb 8 19:23:27 2017 @@ -338,6 +338,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.named-journalprint.html Wed Feb 8 19:23:27 2017 @@ -102,6 +102,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html diff -u src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.named-rrchecker.html Wed Feb 8 19:23:27 2017 @@ -104,6 +104,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.named.html diff -u src/external/bsd/bind/dist/doc/arm/man.named.html:1.12 src/external/bsd/bind/dist/doc/arm/man.named.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.named.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.named.html Wed Feb 8 19:23:27 2017 @@ -369,6 +369,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html diff -u src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.12 src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.nsec3hash.html Wed Feb 8 19:23:27 2017 @@ -103,6 +103,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.nsupdate.html diff -u src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.12 src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.nsupdate.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.nsupdate.html Wed Feb 8 19:23:27 2017 @@ -663,6 +663,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.12 src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.rndc-confgen.html Wed Feb 8 19:23:27 2017 @@ -223,6 +223,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.12 src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.rndc.conf.html Wed Feb 8 19:23:27 2017 @@ -246,6 +246,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/man.rndc.html diff -u src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.12 src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.13 --- src/external/bsd/bind/dist/doc/arm/man.rndc.html:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/doc/arm/man.rndc.html Wed Feb 8 19:23:27 2017 @@ -621,6 +621,6 @@ </tr> </table> </div> -<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P5</p> +<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.10.4-P6</p> </body> </html> Index: src/external/bsd/bind/dist/doc/arm/Bv9ARM.pdf Binary files are different Index: src/external/bsd/bind/dist/lib/dns/api diff -u src/external/bsd/bind/dist/lib/dns/api:1.12 src/external/bsd/bind/dist/lib/dns/api:1.13 --- src/external/bsd/bind/dist/lib/dns/api:1.12 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/lib/dns/api Wed Feb 8 19:23:27 2017 @@ -6,5 +6,5 @@ # 9.9-sub: 130-139, 150-159 # 9.10: 140-149, 160-169 LIBINTERFACE = 165 -LIBREVISION = 4 +LIBREVISION = 5 LIBAGE = 0 Index: src/external/bsd/bind/dist/lib/dns/message.c diff -u src/external/bsd/bind/dist/lib/dns/message.c:1.21 src/external/bsd/bind/dist/lib/dns/message.c:1.22 --- src/external/bsd/bind/dist/lib/dns/message.c:1.21 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/lib/dns/message.c Wed Feb 8 19:23:27 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: message.c,v 1.21 2017/01/12 08:21:32 spz Exp $ */ +/* $NetBSD: message.c,v 1.22 2017/02/09 00:23:27 christos Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -1221,8 +1221,8 @@ getsection(isc_buffer_t *source, dns_mes { isc_region_t r; unsigned int count, rdatalen; - dns_name_t *name; - dns_name_t *name2; + dns_name_t *name = NULL; + dns_name_t *name2 = NULL; dns_offsets_t *offsets; dns_rdataset_t *rdataset = NULL; dns_rdatalist_t *rdatalist; @@ -1232,7 +1232,7 @@ getsection(isc_buffer_t *source, dns_mes dns_rdata_t *rdata; dns_ttl_t ttl; dns_namelist_t *section; - isc_boolean_t free_name, free_rdataset; + isc_boolean_t free_name = ISC_FALSE, free_rdataset = ISC_FALSE; isc_boolean_t preserve_order, best_effort, seen_problem; isc_boolean_t issigzero; Index: src/external/bsd/bind/dist/lib/dns/rdataset.c diff -u src/external/bsd/bind/dist/lib/dns/rdataset.c:1.8 src/external/bsd/bind/dist/lib/dns/rdataset.c:1.9 --- src/external/bsd/bind/dist/lib/dns/rdataset.c:1.8 Wed Jul 8 13:28:59 2015 +++ src/external/bsd/bind/dist/lib/dns/rdataset.c Wed Feb 8 19:23:27 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: rdataset.c,v 1.8 2015/07/08 17:28:59 christos Exp $ */ +/* $NetBSD: rdataset.c,v 1.9 2017/02/09 00:23:27 christos Exp $ */ /* * Copyright (C) 2004-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") @@ -340,6 +340,7 @@ towiresorted(dns_rdataset_t *rdataset, c */ REQUIRE(DNS_RDATASET_VALID(rdataset)); + REQUIRE(rdataset->methods != NULL); REQUIRE(countp != NULL); REQUIRE((order == NULL) == (order_arg == NULL)); REQUIRE(cctx != NULL && cctx->mctx != NULL); Index: src/external/bsd/bind/dist/lib/dns/resolver.c diff -u src/external/bsd/bind/dist/lib/dns/resolver.c:1.28 src/external/bsd/bind/dist/lib/dns/resolver.c:1.29 --- src/external/bsd/bind/dist/lib/dns/resolver.c:1.28 Thu Jan 12 03:21:32 2017 +++ src/external/bsd/bind/dist/lib/dns/resolver.c Wed Feb 8 19:23:27 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: resolver.c,v 1.28 2017/01/12 08:21:32 spz Exp $ */ +/* $NetBSD: resolver.c,v 1.29 2017/02/09 00:23:27 christos Exp $ */ /* * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") @@ -6101,9 +6101,13 @@ cname_target(dns_rdataset_t *rdataset, d return (ISC_R_SUCCESS); } +/*% + * Construct the synthesised CNAME from the existing QNAME and + * the DNAME RR and store it in 'target'. + */ static inline isc_result_t dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, - unsigned int nlabels, dns_fixedname_t *fixeddname) + unsigned int nlabels, dns_name_t *target) { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; @@ -6123,14 +6127,33 @@ dname_target(dns_rdataset_t *rdataset, d dns_fixedname_init(&prefix); dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL); - dns_fixedname_init(fixeddname); result = dns_name_concatenate(dns_fixedname_name(&prefix), - &dname.dname, - dns_fixedname_name(fixeddname), NULL); + &dname.dname, target, NULL); dns_rdata_freestruct(&dname); return (result); } +/*% + * Check if it was possible to construct 'qname' from 'lastcname' + * and 'rdataset'. + */ +static inline isc_result_t +fromdname(dns_rdataset_t *rdataset, dns_name_t *lastcname, + unsigned int nlabels, const dns_name_t *qname) +{ + dns_fixedname_t fixed; + isc_result_t result; + dns_name_t *target; + + dns_fixedname_init(&fixed); + target = dns_fixedname_name(&fixed); + result = dname_target(rdataset, lastcname, nlabels, target); + if (result != ISC_R_SUCCESS || !dns_name_equal(qname, target)) + return (ISC_R_NOTFOUND); + + return (ISC_R_SUCCESS); +} + static isc_boolean_t is_answeraddress_allowed(dns_view_t *view, dns_name_t *name, dns_rdataset_t *rdataset) @@ -6747,12 +6770,12 @@ answer_response(fetchctx_t *fctx) { isc_result_t result; dns_message_t *message; dns_name_t *name, *dname = NULL, *qname, tname, *ns_name; - dns_name_t *cname = NULL; + dns_name_t *cname = NULL, *lastcname = NULL; dns_rdataset_t *rdataset, *ns_rdataset; - isc_boolean_t done, external, chaining, aa, found, want_chaining; + isc_boolean_t done, external, aa, found, want_chaining; isc_boolean_t have_answer, found_cname, found_dname, found_type; isc_boolean_t wanted_chaining; - unsigned int aflag; + unsigned int aflag, chaining; dns_rdatatype_t type; dns_fixedname_t fdname, fqname; dns_view_t *view; @@ -6770,9 +6793,9 @@ answer_response(fetchctx_t *fctx) { found_cname = ISC_FALSE; found_dname = ISC_FALSE; found_type = ISC_FALSE; - chaining = ISC_FALSE; have_answer = ISC_FALSE; want_chaining = ISC_FALSE; + chaining = 0; POST(want_chaining); if ((message->flags & DNS_MESSAGEFLAG_AA) != 0) aa = ISC_TRUE; @@ -6783,14 +6806,15 @@ answer_response(fetchctx_t *fctx) { view = fctx->res->view; result = dns_message_firstname(message, DNS_SECTION_ANSWER); while (!done && result == ISC_R_SUCCESS) { - dns_namereln_t namereln; - int order; - unsigned int nlabels; + dns_namereln_t namereln, lastreln; + int order, lastorder; + unsigned int nlabels, lastnlabels; name = NULL; dns_message_currentname(message, DNS_SECTION_ANSWER, &name); external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain)); namereln = dns_name_fullcompare(qname, name, &order, &nlabels); + if (namereln == dns_namereln_equal) { wanted_chaining = ISC_FALSE; for (rdataset = ISC_LIST_HEAD(name->list); @@ -6896,6 +6920,7 @@ answer_response(fetchctx_t *fctx) { &fctx->domain)) { return (DNS_R_SERVFAIL); } + lastcname = name; } else if (rdataset->type == dns_rdatatype_rrsig && rdataset->covers == dns_rdatatype_cname @@ -6919,7 +6944,7 @@ answer_response(fetchctx_t *fctx) { rdataset->attributes |= DNS_RDATASETATTR_CACHE; rdataset->trust = dns_trust_answer; - if (!chaining) { + if (chaining == 0) { /* * This data is "the" answer * to our question only if @@ -6996,10 +7021,21 @@ answer_response(fetchctx_t *fctx) { * cause us to ignore the signatures of * CNAMEs. */ - if (wanted_chaining) - chaining = ISC_TRUE; + if (wanted_chaining && chaining < 2U) + chaining++; } else { dns_rdataset_t *dnameset = NULL; + isc_boolean_t synthcname = ISC_FALSE; + + if (lastcname != NULL) { + lastreln = dns_name_fullcompare(lastcname, + name, + &lastorder, + &lastnlabels); + if (lastreln == dns_namereln_subdomain && + lastnlabels == dns_name_countlabels(name)) + synthcname = ISC_TRUE; + } /* * Look for a DNAME (or its SIG). Anything else is @@ -7028,7 +7064,7 @@ answer_response(fetchctx_t *fctx) { * If we're not chaining, then the DNAME and * its signature should not be external. */ - if (!chaining && external) { + if (chaining == 0 && external) { char qbuf[DNS_NAME_FORMATSIZE]; char obuf[DNS_NAME_FORMATSIZE]; @@ -7046,16 +7082,9 @@ answer_response(fetchctx_t *fctx) { /* * If DNAME + synthetic CNAME then the * namereln is dns_namereln_subdomain. - * - * If synthetic CNAME + DNAME then the - * namereln is dns_namereln_commonancestor - * and the number of label must match the - * DNAME. This order is not RFC compliant. */ - if (namereln != dns_namereln_subdomain && - (namereln != dns_namereln_commonancestor || - nlabels != dns_name_countlabels(name))) + !synthcname) { char qbuf[DNS_NAME_FORMATSIZE]; char obuf[DNS_NAME_FORMATSIZE]; @@ -7075,8 +7104,19 @@ answer_response(fetchctx_t *fctx) { want_chaining = ISC_TRUE; POST(want_chaining); aflag = DNS_RDATASETATTR_ANSWER; - result = dname_target(rdataset, qname, - nlabels, &fdname); + dns_fixedname_init(&fdname); + dname = dns_fixedname_name(&fdname); + if (synthcname) { + result = fromdname(rdataset, + lastcname, + lastnlabels, + qname); + } else { + result = dname_target(rdataset, + qname, + nlabels, + dname); + } if (result == ISC_R_NOSPACE) { /* * We can't construct the @@ -7090,8 +7130,8 @@ answer_response(fetchctx_t *fctx) { else dnameset = rdataset; - dname = dns_fixedname_name(&fdname); - if (!is_answertarget_allowed(view, + if (!synthcname && + !is_answertarget_allowed(view, qname, rdataset->type, dname, &fctx->domain)) { @@ -7112,7 +7152,13 @@ answer_response(fetchctx_t *fctx) { name->attributes |= DNS_NAMEATTR_CACHE; rdataset->attributes |= DNS_RDATASETATTR_CACHE; rdataset->trust = dns_trust_answer; - if (!chaining) { + /* + * If we are not chaining or the first CNAME + * is a synthesised CNAME before the DNAME. + */ + if ((chaining == 0) || + (chaining == 1U && synthcname)) + { /* * This data is "the" answer to * our question only if we're @@ -7122,9 +7168,12 @@ answer_response(fetchctx_t *fctx) { if (aflag == DNS_RDATASETATTR_ANSWER) { have_answer = ISC_TRUE; found_dname = ISC_TRUE; - if (cname != NULL) + if (cname != NULL && + synthcname) + { cname->attributes &= ~DNS_NAMEATTR_ANSWER; + } name->attributes |= DNS_NAMEATTR_ANSWER; } @@ -7142,26 +7191,35 @@ answer_response(fetchctx_t *fctx) { * DNAME chaining. */ if (dnameset != NULL) { - /* - * Copy the dname into the qname fixed name. - * - * Although we check for failure of the copy - * operation, in practice it should never fail - * since we already know that the result fits - * in a fixedname. - */ - dns_fixedname_init(&fqname); - qname = dns_fixedname_name(&fqname); - result = dns_name_copy(dname, qname, NULL); - if (result != ISC_R_SUCCESS) - return (result); + if (!synthcname) { + /* + * Copy the dname into the qname fixed + * name. + * + * Although we check for failure of the + * copy operation, in practice it + * should never fail since we already + * know that the result fits in a + * fixedname. + */ + dns_fixedname_init(&fqname); + qname = dns_fixedname_name(&fqname); + result = dns_name_copy(dname, qname, + NULL); + if (result != ISC_R_SUCCESS) + return (result); + } wanted_chaining = ISC_TRUE; name->attributes |= DNS_NAMEATTR_CHAINING; dnameset->attributes |= DNS_RDATASETATTR_CHAINING; } - if (wanted_chaining) - chaining = ISC_TRUE; + /* + * Ensure that we can't ever get chaining == 1 + * above if we have processed a DNAME. + */ + if (wanted_chaining && chaining < 2U) + chaining += 2; } result = dns_message_nextname(message, DNS_SECTION_ANSWER); } @@ -7186,7 +7244,7 @@ answer_response(fetchctx_t *fctx) { /* * Did chaining end before we got the final answer? */ - if (chaining) { + if (chaining != 0) { /* * Yes. This may be a negative reply, so hand off * authority section processing to the noanswer code. @@ -7235,7 +7293,7 @@ answer_response(fetchctx_t *fctx) { DNS_NAMEATTR_CACHE; rdataset->attributes |= DNS_RDATASETATTR_CACHE; - if (aa && !chaining) + if (aa && chaining == 0) rdataset->trust = dns_trust_authauthority; else