Author: erwin
Date: Mon Mar 3 09:18:19 2014
New Revision: 262706
URL: http://svnweb.freebsd.org/changeset/base/262706
Log:
MFV 262445:
Update BIND to 9.9.5
Release note:
https://lists.isc.org/pipermail/bind-announce/2013-September/000871.html
https://lists.isc.org/pipermail/bind-announce/2014-January/000896.html
Note this is a commit straight to stable as BIND no longer exists in head.
Sponsored by: DK Hostmaster A/S
Added:
stable/9/contrib/bind9/bin/dnssec/dnssec-importkey.8
- copied unchanged from r262445,
vendor/bind9/dist/bin/dnssec/dnssec-importkey.8
stable/9/contrib/bind9/bin/dnssec/dnssec-importkey.c
- copied unchanged from r262445,
vendor/bind9/dist/bin/dnssec/dnssec-importkey.c
stable/9/contrib/bind9/bin/dnssec/dnssec-importkey.docbook
- copied unchanged from r262445,
vendor/bind9/dist/bin/dnssec/dnssec-importkey.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-importkey.html
- copied unchanged from r262445,
vendor/bind9/dist/bin/dnssec/dnssec-importkey.html
stable/9/contrib/bind9/doc/arm/man.dnssec-checkds.html
- copied unchanged from r262445,
vendor/bind9/dist/doc/arm/man.dnssec-checkds.html
stable/9/contrib/bind9/doc/arm/man.dnssec-coverage.html
- copied unchanged from r262445,
vendor/bind9/dist/doc/arm/man.dnssec-coverage.html
stable/9/contrib/bind9/lib/dns/include/dns/rrl.h
- copied unchanged from r262445,
vendor/bind9/dist/lib/dns/include/dns/rrl.h
stable/9/contrib/bind9/lib/dns/rrl.c
- copied unchanged from r262445, vendor/bind9/dist/lib/dns/rrl.c
stable/9/contrib/bind9/lib/isc/include/isc/safe.h
- copied unchanged from r262445,
vendor/bind9/dist/lib/isc/include/isc/safe.h
stable/9/contrib/bind9/lib/isc/include/isc/tm.h
- copied unchanged from r262445, vendor/bind9/dist/lib/isc/include/isc/tm.h
stable/9/contrib/bind9/lib/isc/safe.c
- copied unchanged from r262445, vendor/bind9/dist/lib/isc/safe.c
stable/9/contrib/bind9/lib/isc/tm.c
- copied unchanged from r262445, vendor/bind9/dist/lib/isc/tm.c
stable/9/usr.sbin/dnssec-importkey/
stable/9/usr.sbin/dnssec-importkey/Makefile (contents, props changed)
Modified:
stable/9/contrib/bind9/CHANGES
stable/9/contrib/bind9/COPYRIGHT
stable/9/contrib/bind9/Makefile.in
stable/9/contrib/bind9/README
stable/9/contrib/bind9/bin/check/named-checkconf.8
stable/9/contrib/bind9/bin/check/named-checkconf.c
stable/9/contrib/bind9/bin/check/named-checkconf.docbook
stable/9/contrib/bind9/bin/check/named-checkconf.html
stable/9/contrib/bind9/bin/confgen/ddns-confgen.c
stable/9/contrib/bind9/bin/confgen/rndc-confgen.c
stable/9/contrib/bind9/bin/dig/dig.1
stable/9/contrib/bind9/bin/dig/dig.c
stable/9/contrib/bind9/bin/dig/dig.docbook
stable/9/contrib/bind9/bin/dig/dig.html
stable/9/contrib/bind9/bin/dig/dighost.c
stable/9/contrib/bind9/bin/dig/host.c
stable/9/contrib/bind9/bin/dig/include/dig/dig.h
stable/9/contrib/bind9/bin/dig/nslookup.1
stable/9/contrib/bind9/bin/dig/nslookup.c
stable/9/contrib/bind9/bin/dig/nslookup.docbook
stable/9/contrib/bind9/bin/dig/nslookup.html
stable/9/contrib/bind9/bin/dnssec/Makefile.in
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.c
stable/9/contrib/bind9/bin/dnssec/dnssec-settime.c
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.8
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.c
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.html
stable/9/contrib/bind9/bin/dnssec/dnssectool.c
stable/9/contrib/bind9/bin/named/Makefile.in
stable/9/contrib/bind9/bin/named/bind9.ver3.xsl
stable/9/contrib/bind9/bin/named/bind9.ver3.xsl.h
stable/9/contrib/bind9/bin/named/builtin.c
stable/9/contrib/bind9/bin/named/client.c
stable/9/contrib/bind9/bin/named/config.c
stable/9/contrib/bind9/bin/named/control.c
stable/9/contrib/bind9/bin/named/controlconf.c
stable/9/contrib/bind9/bin/named/include/named/globals.h
stable/9/contrib/bind9/bin/named/include/named/main.h
stable/9/contrib/bind9/bin/named/include/named/query.h
stable/9/contrib/bind9/bin/named/include/named/server.h
stable/9/contrib/bind9/bin/named/interfacemgr.c
stable/9/contrib/bind9/bin/named/logconf.c
stable/9/contrib/bind9/bin/named/lwaddr.c
stable/9/contrib/bind9/bin/named/lwdgnba.c
stable/9/contrib/bind9/bin/named/lwdgrbn.c
stable/9/contrib/bind9/bin/named/main.c
stable/9/contrib/bind9/bin/named/named.conf.5
stable/9/contrib/bind9/bin/named/named.conf.docbook
stable/9/contrib/bind9/bin/named/named.conf.html
stable/9/contrib/bind9/bin/named/query.c
stable/9/contrib/bind9/bin/named/server.c
stable/9/contrib/bind9/bin/named/statschannel.c
stable/9/contrib/bind9/bin/named/unix/os.c
stable/9/contrib/bind9/bin/named/update.c
stable/9/contrib/bind9/bin/named/zoneconf.c
stable/9/contrib/bind9/bin/nsupdate/Makefile.in
stable/9/contrib/bind9/bin/nsupdate/nsupdate.c
stable/9/contrib/bind9/bin/rndc/rndc.8
stable/9/contrib/bind9/bin/rndc/rndc.c
stable/9/contrib/bind9/bin/rndc/rndc.docbook
stable/9/contrib/bind9/bin/rndc/rndc.html
stable/9/contrib/bind9/config.guess
stable/9/contrib/bind9/config.h.in
stable/9/contrib/bind9/config.sub
stable/9/contrib/bind9/configure.in
stable/9/contrib/bind9/doc/arm/Bv9ARM-book.xml
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch03.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch05.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf
stable/9/contrib/bind9/doc/arm/man.arpaname.html
stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html
stable/9/contrib/bind9/doc/arm/man.dig.html
stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html
stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html
stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html
stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html
stable/9/contrib/bind9/doc/arm/man.dnssec-verify.html
stable/9/contrib/bind9/doc/arm/man.genrandom.html
stable/9/contrib/bind9/doc/arm/man.host.html
stable/9/contrib/bind9/doc/arm/man.isc-hmac-fixup.html
stable/9/contrib/bind9/doc/arm/man.named-checkconf.html
stable/9/contrib/bind9/doc/arm/man.named-checkzone.html
stable/9/contrib/bind9/doc/arm/man.named-journalprint.html
stable/9/contrib/bind9/doc/arm/man.named.html
stable/9/contrib/bind9/doc/arm/man.nsec3hash.html
stable/9/contrib/bind9/doc/arm/man.nsupdate.html
stable/9/contrib/bind9/doc/arm/man.rndc-confgen.html
stable/9/contrib/bind9/doc/arm/man.rndc.conf.html
stable/9/contrib/bind9/doc/arm/man.rndc.html
stable/9/contrib/bind9/doc/arm/pkcs11.xml
stable/9/contrib/bind9/doc/misc/options
stable/9/contrib/bind9/lib/bind9/api
stable/9/contrib/bind9/lib/bind9/check.c
stable/9/contrib/bind9/lib/dns/Makefile.in
stable/9/contrib/bind9/lib/dns/acache.c
stable/9/contrib/bind9/lib/dns/acl.c
stable/9/contrib/bind9/lib/dns/adb.c
stable/9/contrib/bind9/lib/dns/api
stable/9/contrib/bind9/lib/dns/client.c
stable/9/contrib/bind9/lib/dns/diff.c
stable/9/contrib/bind9/lib/dns/dispatch.c
stable/9/contrib/bind9/lib/dns/dns64.c
stable/9/contrib/bind9/lib/dns/dnssec.c
stable/9/contrib/bind9/lib/dns/dst_api.c
stable/9/contrib/bind9/lib/dns/dst_internal.h
stable/9/contrib/bind9/lib/dns/dst_parse.c
stable/9/contrib/bind9/lib/dns/dst_result.c
stable/9/contrib/bind9/lib/dns/gen.c
stable/9/contrib/bind9/lib/dns/gssapi_link.c
stable/9/contrib/bind9/lib/dns/gssapictx.c
stable/9/contrib/bind9/lib/dns/hmac_link.c
stable/9/contrib/bind9/lib/dns/include/dns/Makefile.in
stable/9/contrib/bind9/lib/dns/include/dns/client.h
stable/9/contrib/bind9/lib/dns/include/dns/dnssec.h
stable/9/contrib/bind9/lib/dns/include/dns/log.h
stable/9/contrib/bind9/lib/dns/include/dns/master.h
stable/9/contrib/bind9/lib/dns/include/dns/masterdump.h
stable/9/contrib/bind9/lib/dns/include/dns/message.h
stable/9/contrib/bind9/lib/dns/include/dns/nsec3.h
stable/9/contrib/bind9/lib/dns/include/dns/rdata.h
stable/9/contrib/bind9/lib/dns/include/dns/view.h
stable/9/contrib/bind9/lib/dns/include/dns/zone.h
stable/9/contrib/bind9/lib/dns/include/dst/dst.h
stable/9/contrib/bind9/lib/dns/include/dst/gssapi.h
stable/9/contrib/bind9/lib/dns/journal.c
stable/9/contrib/bind9/lib/dns/keydata.c
stable/9/contrib/bind9/lib/dns/log.c
stable/9/contrib/bind9/lib/dns/master.c
stable/9/contrib/bind9/lib/dns/masterdump.c
stable/9/contrib/bind9/lib/dns/message.c
stable/9/contrib/bind9/lib/dns/name.c
stable/9/contrib/bind9/lib/dns/nsec.c
stable/9/contrib/bind9/lib/dns/nsec3.c
stable/9/contrib/bind9/lib/dns/openssldh_link.c
stable/9/contrib/bind9/lib/dns/openssldsa_link.c
stable/9/contrib/bind9/lib/dns/opensslecdsa_link.c
stable/9/contrib/bind9/lib/dns/opensslgost_link.c
stable/9/contrib/bind9/lib/dns/opensslrsa_link.c
stable/9/contrib/bind9/lib/dns/portlist.c
stable/9/contrib/bind9/lib/dns/rbt.c
stable/9/contrib/bind9/lib/dns/rbtdb.c
stable/9/contrib/bind9/lib/dns/rcode.c
stable/9/contrib/bind9/lib/dns/rdata.c
stable/9/contrib/bind9/lib/dns/rdata/ch_3/a_1.c
stable/9/contrib/bind9/lib/dns/rdata/generic/afsdb_18.c
stable/9/contrib/bind9/lib/dns/rdata/generic/dnskey_48.c
stable/9/contrib/bind9/lib/dns/rdata/generic/eui48_108.c
stable/9/contrib/bind9/lib/dns/rdata/generic/eui64_109.c
stable/9/contrib/bind9/lib/dns/rdata/generic/hip_55.c
stable/9/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c
stable/9/contrib/bind9/lib/dns/rdata/generic/isdn_20.c
stable/9/contrib/bind9/lib/dns/rdata/generic/key_25.c
stable/9/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
stable/9/contrib/bind9/lib/dns/rdata/generic/l32_105.c
stable/9/contrib/bind9/lib/dns/rdata/generic/l64_106.c
stable/9/contrib/bind9/lib/dns/rdata/generic/nid_104.c
stable/9/contrib/bind9/lib/dns/rdata/generic/opt_41.c
stable/9/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c
stable/9/contrib/bind9/lib/dns/rdata/generic/rt_21.c
stable/9/contrib/bind9/lib/dns/rdata/generic/soa_6.c
stable/9/contrib/bind9/lib/dns/rdata/generic/spf_99.c
stable/9/contrib/bind9/lib/dns/rdata/generic/txt_16.c
stable/9/contrib/bind9/lib/dns/rdata/hs_4/a_1.c
stable/9/contrib/bind9/lib/dns/rdata/in_1/a6_38.c
stable/9/contrib/bind9/lib/dns/rdata/in_1/a_1.c
stable/9/contrib/bind9/lib/dns/rdata/in_1/aaaa_28.c
stable/9/contrib/bind9/lib/dns/rdata/in_1/apl_42.c
stable/9/contrib/bind9/lib/dns/rdata/in_1/wks_11.c
stable/9/contrib/bind9/lib/dns/rdataslab.c
stable/9/contrib/bind9/lib/dns/resolver.c
stable/9/contrib/bind9/lib/dns/rootns.c
stable/9/contrib/bind9/lib/dns/rpz.c
stable/9/contrib/bind9/lib/dns/spnego.c
stable/9/contrib/bind9/lib/dns/spnego_asn1.c
stable/9/contrib/bind9/lib/dns/ssu.c
stable/9/contrib/bind9/lib/dns/ssu_external.c
stable/9/contrib/bind9/lib/dns/time.c
stable/9/contrib/bind9/lib/dns/tkey.c
stable/9/contrib/bind9/lib/dns/tsig.c
stable/9/contrib/bind9/lib/dns/ttl.c
stable/9/contrib/bind9/lib/dns/update.c
stable/9/contrib/bind9/lib/dns/validator.c
stable/9/contrib/bind9/lib/dns/view.c
stable/9/contrib/bind9/lib/dns/xfrin.c
stable/9/contrib/bind9/lib/dns/zone.c
stable/9/contrib/bind9/lib/export/isc/Makefile.in
stable/9/contrib/bind9/lib/export/samples/nsprobe.c
stable/9/contrib/bind9/lib/export/samples/sample-request.c
stable/9/contrib/bind9/lib/export/samples/sample-update.c
stable/9/contrib/bind9/lib/export/samples/sample.c
stable/9/contrib/bind9/lib/irs/Makefile.in
stable/9/contrib/bind9/lib/irs/api
stable/9/contrib/bind9/lib/irs/getaddrinfo.c
stable/9/contrib/bind9/lib/irs/include/irs/Makefile.in
stable/9/contrib/bind9/lib/irs/include/irs/resconf.h
stable/9/contrib/bind9/lib/irs/resconf.c
stable/9/contrib/bind9/lib/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/api
stable/9/contrib/bind9/lib/isc/app_api.c
stable/9/contrib/bind9/lib/isc/backtrace.c
stable/9/contrib/bind9/lib/isc/base32.c
stable/9/contrib/bind9/lib/isc/base64.c
stable/9/contrib/bind9/lib/isc/buffer.c
stable/9/contrib/bind9/lib/isc/commandline.c
stable/9/contrib/bind9/lib/isc/hash.c
stable/9/contrib/bind9/lib/isc/heap.c
stable/9/contrib/bind9/lib/isc/hex.c
stable/9/contrib/bind9/lib/isc/hmacmd5.c
stable/9/contrib/bind9/lib/isc/hmacsha.c
stable/9/contrib/bind9/lib/isc/httpd.c
stable/9/contrib/bind9/lib/isc/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/include/isc/app.h
stable/9/contrib/bind9/lib/isc/include/isc/buffer.h
stable/9/contrib/bind9/lib/isc/include/isc/file.h
stable/9/contrib/bind9/lib/isc/include/isc/hash.h
stable/9/contrib/bind9/lib/isc/include/isc/httpd.h
stable/9/contrib/bind9/lib/isc/include/isc/namespace.h
stable/9/contrib/bind9/lib/isc/include/isc/platform.h.in
stable/9/contrib/bind9/lib/isc/include/isc/radix.h
stable/9/contrib/bind9/lib/isc/include/isc/socket.h
stable/9/contrib/bind9/lib/isc/include/isc/stdio.h
stable/9/contrib/bind9/lib/isc/include/isc/string.h
stable/9/contrib/bind9/lib/isc/include/isc/types.h
stable/9/contrib/bind9/lib/isc/inet_aton.c
stable/9/contrib/bind9/lib/isc/inet_pton.c
stable/9/contrib/bind9/lib/isc/lex.c
stable/9/contrib/bind9/lib/isc/log.c
stable/9/contrib/bind9/lib/isc/md5.c
stable/9/contrib/bind9/lib/isc/mem.c
stable/9/contrib/bind9/lib/isc/netaddr.c
stable/9/contrib/bind9/lib/isc/nothreads/include/isc/thread.h
stable/9/contrib/bind9/lib/isc/pthreads/include/isc/thread.h
stable/9/contrib/bind9/lib/isc/pthreads/thread.c
stable/9/contrib/bind9/lib/isc/radix.c
stable/9/contrib/bind9/lib/isc/random.c
stable/9/contrib/bind9/lib/isc/sha1.c
stable/9/contrib/bind9/lib/isc/sha2.c
stable/9/contrib/bind9/lib/isc/sockaddr.c
stable/9/contrib/bind9/lib/isc/stats.c
stable/9/contrib/bind9/lib/isc/string.c
stable/9/contrib/bind9/lib/isc/strtoul.c
stable/9/contrib/bind9/lib/isc/unix/app.c
stable/9/contrib/bind9/lib/isc/unix/file.c
stable/9/contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c
stable/9/contrib/bind9/lib/isc/unix/ifiter_ioctl.c
stable/9/contrib/bind9/lib/isc/unix/ifiter_sysctl.c
stable/9/contrib/bind9/lib/isc/unix/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/unix/include/isc/time.h
stable/9/contrib/bind9/lib/isc/unix/interfaceiter.c
stable/9/contrib/bind9/lib/isc/unix/socket.c
stable/9/contrib/bind9/lib/isc/unix/stdio.c
stable/9/contrib/bind9/lib/isc/unix/time.c
stable/9/contrib/bind9/lib/isccc/api
stable/9/contrib/bind9/lib/isccc/base64.c
stable/9/contrib/bind9/lib/isccc/cc.c
stable/9/contrib/bind9/lib/isccc/include/isccc/util.h
stable/9/contrib/bind9/lib/isccc/sexpr.c
stable/9/contrib/bind9/lib/isccfg/api
stable/9/contrib/bind9/lib/isccfg/include/isccfg/cfg.h
stable/9/contrib/bind9/lib/isccfg/include/isccfg/grammar.h
stable/9/contrib/bind9/lib/isccfg/namedconf.c
stable/9/contrib/bind9/lib/isccfg/parser.c
stable/9/contrib/bind9/lib/lwres/api
stable/9/contrib/bind9/lib/lwres/context.c
stable/9/contrib/bind9/lib/lwres/getaddrinfo.c
stable/9/contrib/bind9/lib/lwres/gethost.c
stable/9/contrib/bind9/lib/lwres/getipnode.c
stable/9/contrib/bind9/lib/lwres/getrrset.c
stable/9/contrib/bind9/lib/lwres/herror.c
stable/9/contrib/bind9/lib/lwres/lwbuffer.c
stable/9/contrib/bind9/lib/lwres/lwconfig.c
stable/9/contrib/bind9/lib/lwres/lwinetaton.c
stable/9/contrib/bind9/lib/lwres/lwinetpton.c
stable/9/contrib/bind9/lib/lwres/lwres_gabn.c
stable/9/contrib/bind9/lib/lwres/lwres_gnba.c
stable/9/contrib/bind9/lib/lwres/lwres_grbn.c
stable/9/contrib/bind9/lib/lwres/lwres_noop.c
stable/9/contrib/bind9/lib/lwres/lwresutil.c
stable/9/contrib/bind9/lib/lwres/strtoul.c
stable/9/contrib/bind9/make/mkdep.in
stable/9/contrib/bind9/version
stable/9/lib/bind/config.h
stable/9/lib/bind/dns/Makefile
stable/9/lib/bind/dns/code.h
stable/9/lib/bind/dns/dns/enumclass.h
stable/9/lib/bind/dns/dns/enumtype.h
stable/9/lib/bind/dns/dns/rdatastruct.h
stable/9/lib/bind/isc/Makefile
stable/9/lib/bind/isc/isc/platform.h
stable/9/usr.sbin/named/Makefile
Directory Properties:
stable/9/contrib/bind9/ (props changed)
Modified: stable/9/contrib/bind9/CHANGES
==============================================================================
--- stable/9/contrib/bind9/CHANGES Mon Mar 3 08:01:36 2014
(r262705)
+++ stable/9/contrib/bind9/CHANGES Mon Mar 3 09:18:19 2014
(r262706)
@@ -1,13 +1,395 @@
- --- 9.9.3-P2 released ---
+ --- 9.9.5 released ---
+
+ --- 9.9.5rc2 released ---
+
+3710. [bug] Address double dns_zone_detach when switching to
+ using automatic empty zones from regular zones.
+ [RT #35177]
+
+3709. [port] Use built-in versions of strptime() and timegm()
+ on all platforms to avoid portability issues.
+ [RT #35183]
+
+3708. [bug] Address a portentry locking issue in dispatch.c.
+ [RT #35128]
+
+3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
+ on a missing resolv.conf file and initializes the
+ structure as if it had been configured with:
+
+ nameserver ::1
+ nameserver 127.0.0.1
+
+ Note: Callers will need to be updated to treat
+ ISC_R_FILENOTFOUND as a qualified success or else
+ they will leak memory. The following code fragment
+ will work with both old and new versions without
+ changing the behaviour of the existing code.
+
+ resconf = NULL;
+ result = irs_resconf_load(mctx, "/etc/resolv.conf",
+ &resconf);
+ if (result != ISC_SUCCESS) {
+ if (resconf != NULL)
+ irs_resconf_destroy(&resconf);
+ ....
+ }
+
+ [RT #35194]
+
+3706. [contrib] queryperf: Fixed a possible integer overflow when
+ printing results. [RT #35182]
+
+3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
+
+ --- 9.9.5rc1 released ---
+
+3701. [func] named-checkconf can now obscure shared secrets
+ when printing by specifying '-x'. [RT #34465]
+
+3699. [bug] Improvements to statistics channel XSL stylesheet:
+ the stylesheet can now be cached by the browser;
+ section headers are omitted from the stats display
+ when there is no data in those sections to be
+ displayed; counters are now right-justified for
+ easier readability. (Only available with
+ configure --enable-newstats.) [RT #35117]
+
+3698. [cleanup] Replaced all uses of memcpy() with memmove().
+ [RT #35120]
+
+3697. [bug] Handle "." as a search list element when IDN support
+ is enabled. [RT #35133]
+
+3696. [bug] dig failed to handle AXFR style IXFR responses which
+ span multiple messages. [RT #35137]
+
+3695. [bug] Address a possible race in dispatch.c. [RT #35107]
+
+3694. [bug] Warn when a key-directory is configured for a zone,
+ but does not exist or is not a directory. [RT #35108]
+
+3693. [security] memcpy was incorrectly called with overlapping
+ ranges resulting in malformed names being generated
+ on some platforms. This could cause INSIST failures
+ when serving NSEC3 signed zones (CVE-2014-0591).
+ [RT #35120]
+
+3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
+ was no data at the node. [RT #35080]
+
+3690. [bug] Iterative responses could be missed when the source
+ port for an upstream query was the same as the
+ listener port (53). [RT #34925]
+
+3689. [bug] Fixed a bug causing an insecure delegation from one
+ static-stub zone to another to fail with a broken
+ trust chain. [RT #35081]
+
+ --- 9.9.5b1 released ---
+
+3688. [bug] loadnode could return a freed node on out of memory.
+ [RT #35106]
+
+3687. [bug] Address null pointer dereference in zone_xfrdone.
+ [RT #35042]
+
+3686. [func] "dnssec-signzone -Q" drops signatures from keys
+ that are still published but no longer active.
+ [RT #34990]
+
+3685. [bug] "rndc refresh" didn't work correctly with slave
+ zones using inline-signing. [RT #35105]
+
+3683. [cleanup] Add a more detailed "not found" message to rndc
+ commands which specify a zone name. [RT #35059]
+
+3682. [bug] Correct the behavior of rndc retransfer to allow
+ inline-signing slave zones to retain NSEC3 parameters
+ instead of reverting to NSEC. [RT #34745]
+
+3681. [port] Update the Windows build system to support feature
+ selection and WIN64 builds. This is a work in
+ progress. [RT #34160]
+
+3679. [bug] dig could fail to clean up TCP sockets still
+ waiting on connect(). [RT #35074]
+
+3678. [port] Update config.guess and config.sub. [RT #35060]
+
+3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
+ times. [RT #35073]
+
+3676. [bug] "named-checkconf -z" now checks zones of type
+ hint and redirect as well as master. [RT #35046]
+
+3675. [misc] Provide a place for third parties to add version
+ information for their extensions in the version
+ file by setting the EXTENSIONS variable.
+
+3674. [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
+
+3672. [func] Local address can now be specified when using
+ dns_client API. [RT #34811]
+
+3671. [bug] Don't allow dnssec-importkey overwrite a existing
+ non-imported private key.
+
+3670. [bug] Address read after free in server side of
+ lwres_getrrsetbyname. [RT #29075]
+
+3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
+
+3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
+ [RT #34993]
+
+3667. [test] dig: add support to keep the TCP socket open between
+ successive queries (+[no]keepopen). [RT #34918]
+
+3665. [bug] Failure to release lock on error in receive_secure_db.
+ [RT #34944]
+
+3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
+ locking and other bugs. [RT #34855]
+
+3663. [bug] Address bugs in dns_rdata_fromstruct and
+ dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
+
+3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
+
+3661. [bug] Address lock order reversal deadlock with inline zones.
+ [RT #34856]
+
+3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
+ [RT #23825]
+
+3659. [port] solaris: don't add explict dependancies/rules for
+ python programs as make won't use the implicit rules.
+ [RT #34835]
+
+3658. [port] linux: Address platform specific compilation issue
+ when libcap-devel is installed. [RT #34838]
+
+3657. [port] Some readline clones don't accept NULL pointers when
+ calling add_history. [RT #34842]
+
+3656. [security] Treat an all zero netmask as invalid when generating
+ the localnets acl. (The prior behavior could
+ allow unexpected matches when using some versions
+ of Winsock: CVE-2013-6320.) [RT #34687]
+
+3655. [cleanup] Simplify TCP message processing when requesting a
+ zone transfer. [RT #34825]
+
+3654. [bug] Address race condition with manual notify requests.
+ [RT #34806]
+
+3653. [func] Create delegations for all "children" of empty zones
+ except "forward first". [RT #34826]
+
+3651. [tuning] Adjust when a master server is deemed unreachable.
+ [RT #27075]
+
+3650. [tuning] Use separate rate limiting queues for refresh and
+ notify requests. [RT #30589]
+
+3649. [cleanup] Include a comment in .nzf files, giving the name of
+ the associated view. [RT #34765]
+
+3648. [test] Updated the ATF test framework to version 0.17.
+ [RT #25627]
+
+3647. [bug] Address a race condition when shutting down a zone.
+ [RT #34750]
+
+3646. [bug] Journal filename string could be set incorrectly,
+ causing garbage in log messages. [RT #34738]
+
+3645. [protocol] Use case sensitive compression when responding to
+ queries. [RT #34737]
+
+3644. [protocol] Check that EDNS subnet client options are well formed.
+ [RT #34718]
+
+3642. [func] Allow externally generated DNSKEY to be imported
+ into the DNSKEY management framework. A new tool
+ dnssec-importkey is used to do this. [RT #34698]
+
+3641. [bug] Handle changes to sig-validity-interval settings
+ better. [RT #34625]
+
+3640. [bug] ndots was not being checked when searching. Only
+ continue searching on NXDOMAIN responses. Add the
+ ability to specify ndots to nslookup. [RT #34711]
+
+3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
+ in a key zone. [RT #34238]
+
+ --- 9.9.4 released ---
+
+3643. [doc] Clarify RRL "slip" documentation.
+
+3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
+ encountered. [RT #34668]
+
+ --- 9.9.4rc2 released ---
+
+3637. [bug] 'allow-query-on' was checking the source address
+ rather than the destination address. [RT #34590]
+
+3636. [bug] Automatic empty zones now behave better with
+ forward only "zones" beneath them. [RT #34583]
+
+3635. [bug] Signatures were not being removed from a zone with
+ only KSK keys for a algorithm. [RT #34439]
+
+3634. [func] Report build-id in rndc status. Report build-id
+ when building from a git repository. [RT #20422]
+
+3633. [cleanup] Refactor OPT processing in named to make it easier
+ to support new EDNS options. [RT #34414]
+
+3632. [bug] Signature from newly inactive keys were not being
+ removed. [RT #32178]
+
+3631. [bug] Remove spurious warning about missing signatures when
+ qtype is SIG. [RT #34600]
+
+3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
+
+3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
+
+3625. [bug] Don't send notify messages to machines outside of the
+ test setup.
+
+3623. [bug] zone-statistics was only effective in new statistics.
+ [RT #34466]
+
+ --- 9.9.4rc1 released ---
3621. [security] Incorrect bounds checking on private type 'keydata'
can lead to a remotely triggerable REQUIRE failure
(CVE-2013-4854). [RT #34238]
- --- 9.9.3-P1 released ---
+3617. [bug] Named was failing to answer queries during
+ "rndc reload" [RT #34098]
+
+3616. [bug] Change #3613 was incomplete. [RT #34177]
+
+3615. [cleanup] "configure" now finishes by printing a summary
+ of optional BIND features and whether they are
+ active or inactive. ("configure --enable-full-report"
+ increases the verbosity of the summary.) [RT #31777]
+
+3614. [port] Check for <linux/types.h>. [RT #34162]
+
+3613. [bug] named could crash when deleting inline-signing
+ zones with "rndc delzone". [RT #34066]
+
+3611. [bug] Improved resistance to a theoretical authentication
+ attack based on differential timing. [RT #33939]
+
+3610. [cleanup] win32: Some executables had been omitted from the
+ installer. [RT #34116]
+
+3608. [port] win32: added todos.pl script to ensure all text files
+ the win32 build depends on are converted to DOS
+ newline format. [RT #22067]
+
+3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
+ message. [RT #34045]
+
+ --- 9.9.4b1 released ---
+
+3605. [port] win32: Addressed several compatibility issues
+ with newer versions of Visual Studio. [RT #33916]
+
+3603. [bug] Install <isc/stat.h>. [RT #33956]
+
+3601. [bug] Added to PKCS#11 openssl patches a value len
+ attribute in DH derive key. [RT #33928]
+
+3600. [cleanup] dig: Fixed a typo in the warning output when receiving
+ an oversized response. [RT #33910]
+
+3599. [tuning] Check for pointer equivalence in name comparisons.
+ [RT #18125]
+
+3596. [port] Updated win32 build documentation, added
+ dnssec-verify. [RT #22067]
+
+3594. [maint] Update config.guess and config.sub. [RT #33816]
+
+3592. [doc] Moved documentation of rndc command options to the
+ rndc man page. [RT #33506]
+
+3590. [bug] When using RRL on recursive servers, defer
+ rate-limiting until after recursion is complete;
+ also, use correct rcode for slipped NXDOMAIN
+ responses. [RT #33604]
+
+3588. [bug] dig: addressed a memory leak in the sigchase code
+ that could cause a shutdown crash. [RT #33733]
+
+3587. [func] 'named -g' now checks the logging configuration but
+ does not use it. [RT #33473]
+
+3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
3584. [security] Caching data from an incompletely signed zone could
- trigger an assertion failure in resolver.c [RT #33690]
+ trigger an assertion failure in resolver.c
+ (CVE-2013-3919). [RT #33690]
+
+3583. [bug] Address memory leak in GSS-API processing [RT #33574]
+
+3582. [bug] Silence false positive warning regarding missing file
+ directive for inline slave zones. [RT #33662]
+
+3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
+
+3580. [bug] Addressed a possible race in acache.c [RT #33602]
+
+3579. [maint] Updates to PKCS#11 openssl patches, supporting
+ versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
+
+3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
+ [RT #33571]
+
+3577. [bug] Handle zero TTL values better. [RT #33411]
+
+3576. [bug] Address a shutdown race when validating. [RT #33573]
+
+3575. [func] Changed the logging category for RRL events from
+ 'queries' to 'query-errors'. [RT #33540]
+
+3574. [doc] The 'hostname' keyword was missing from server-id
+ description in the named.conf man page. [RT #33476]
+
+3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
+ zone names containing punctuation marks and other
+ nonstandard characters. [RT #33419]
+
+3571. [bug] Address race condition in dns_client_startresolve().
+ [RT #33234]
+
+3566. [func] Log when forwarding updates to master. [RT #33240]
+
+3554. [bug] RRL failed to correctly rate-limit upward
+ referrals and failed to count dropped error
+ responses in the statistics. [RT #33225]
+
+3545. [bug] RRL slip behavior was incorrect when set to 1.
+ [RT #33111]
+
+3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
+ so that all dns_rrl_rtype_t enum values fit regardless
+ of whether it is teated as signed or unsigned by
+ the compiler. [RT #32792]
+
+3494. [func] DNS RRL: Blunt the impact of DNS reflection and
+ amplification attacks by rate-limiting substantially-
+ identical responses. To enable, use "configure
+ --enable-rrl". [RT #28130]
--- 9.9.3 released ---
Modified: stable/9/contrib/bind9/COPYRIGHT
==============================================================================
--- stable/9/contrib/bind9/COPYRIGHT Mon Mar 3 08:01:36 2014
(r262705)
+++ stable/9/contrib/bind9/COPYRIGHT Mon Mar 3 09:18:19 2014
(r262706)
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
@@ -13,8 +13,6 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.19 2012/01/03 23:46:59 tbox Exp $
-
Portions of this code release fall under one or more of the
following Copyright notices. Please see individual source
files for details.
@@ -99,11 +97,7 @@ are met:
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by the University of
- California, Berkeley and its contributors.
-4. Neither the name of the University nor the names of its contributors
+3. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
@@ -516,3 +510,29 @@ STRICT LIABILITY, OR TORT (INCLUDING NEG
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+
+Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
Modified: stable/9/contrib/bind9/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/Makefile.in Mon Mar 3 08:01:36 2014
(r262705)
+++ stable/9/contrib/bind9/Makefile.in Mon Mar 3 09:18:19 2014
(r262706)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -54,7 +54,11 @@ installdirs:
install:: isc-config.sh installdirs
${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
+ rm -f ${DESTDIR}${bindir}/bind9-config
+ @LN@ ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config
${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
+ rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
+ @LN@ ${DESTDIR}${mandir}/man1/isc-config.sh.1
${DESTDIR}${mandir}/man1/bind9-config.1
${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
tags:
@@ -86,5 +90,8 @@ FAQ: FAQ.xml
LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp
mv $@.tmp $@
+unit::
+ sh ${top_srcdir}/unit/unittest.sh
+
clean::
rm -f FAQ.tmp
Modified: stable/9/contrib/bind9/README
==============================================================================
--- stable/9/contrib/bind9/README Mon Mar 3 08:01:36 2014
(r262705)
+++ stable/9/contrib/bind9/README Mon Mar 3 09:18:19 2014
(r262706)
@@ -48,8 +48,34 @@ BIND 9
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
- For up-to-date release notes and errata, see
- http://www.isc.org/software/bind9/releasenotes
+ For up-to-date release notes and errata, see
+ http://www.isc.org/software/bind9/releasenotes
+
+BIND 9.9.5
+
+ BIND 9.9.5 is a maintenance release, and patches the security
+ flaws described in CVE-2013-6320 and CVE-2014-0591. It also
+ includes the following functional enhancements:
+
+ - "named" now preserves the capitalization of names when
+ responding to queries.
+ - new "dnssec-importkey" command allows the use of offline
+ DNSSEC keys with automatic DNSKEY management.
+ - When re-signing a zone, the new "dnssec-signzone -Q" option
+ drops signatures from keys that are still published but are
+ no longer active.
+ - "named-checkconf -px" will print the contents of configuration
+ files with the shared secrets obscured, making it easier to
+ share configuration (e.g. when submitting a bug report)
+ without revealing private information.
+
+BIND 9.9.4
+
+ BIND 9.9.4 is a maintenance release, and patches the security
+ flaws described in CVE-2013-3919 and CVE-2013-4854. It also
+ introduces DNS Response Rate Limiting (DNS RRL) as a
+ compile-time option. To use this feature, configure with
+ the "--enable-rrl" option.
BIND 9.9.3
@@ -70,45 +96,45 @@ BIND 9.9.0
BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
releases. New features include:
- - Inline signing, allowing automatic DNSSEC signing of
- master zones without modification of the zonefile, or
- "bump in the wire" signing in slaves.
- - NXDOMAIN redirection.
- - New 'rndc flushtree' command clears all data under a given
- name from the DNS cache.
- - New 'rndc sync' command dumps pending changes in a dynamic
- zone to disk without a freeze/thaw cycle.
- - New 'rndc signing' command displays or clears signing status
- records in 'auto-dnssec' zones.
- - NSEC3 parameters for 'auto-dnssec' zones can now be set prior
- to signing, eliminating the need to initially sign with NSEC.
- - Startup time improvements on large authoritative servers.
- - Slave zones are now saved in raw format by default.
- - Several improvements to response policy zones (RPZ).
- - Improved hardware scalability by using multiple threads
- to listen for queries and using finer-grained client locking
- - The 'also-notify' option now takes the same syntax as
- 'masters', so it can used named masterlists and TSIG keys.
- - 'dnssec-signzone -D' writes an output file containing only DNSSEC
- data, which can be included by the primary zone file.
- - 'dnssec-signzone -R' forces removal of signatures that are
- not expired but were created by a key which no longer exists.
- - 'dnssec-signzone -X' allows a separate expiration date to
- be specified for DNSKEY signatures from other signatures.
- - New '-L' option to dnssec-keygen, dnssec-settime, and
- dnssec-keyfromlabel sets the default TTL for the key.
- - dnssec-dsfromkey now supports reading from standard input,
- to make it easier to convert DNSKEY to DS.
- - RFC 1918 reverse zones have been added to the empty-zones
- table per RFC 6303.
- - Dynamic updates can now optionally set the zone's SOA serial
- number to the current UNIX time.
- - DLZ modules can now retrieve the source IP address of
- the querying client.
- - 'request-ixfr' option can now be set at the per-zone level.
- - 'dig +rrcomments' turns on comments about DNSKEY records,
- indicating their key ID, algorithm and function
- - Simplified nsupdate syntax and added readline support
+ - Inline signing, allowing automatic DNSSEC signing of
+ master zones without modification of the zonefile, or
+ "bump in the wire" signing in slaves.
+ - NXDOMAIN redirection.
+ - New 'rndc flushtree' command clears all data under a given
+ name from the DNS cache.
+ - New 'rndc sync' command dumps pending changes in a dynamic
+ zone to disk without a freeze/thaw cycle.
+ - New 'rndc signing' command displays or clears signing status
+ records in 'auto-dnssec' zones.
+ - NSEC3 parameters for 'auto-dnssec' zones can now be set prior
+ to signing, eliminating the need to initially sign with NSEC.
+ - Startup time improvements on large authoritative servers.
+ - Slave zones are now saved in raw format by default.
+ - Several improvements to response policy zones (RPZ).
+ - Improved hardware scalability by using multiple threads
+ to listen for queries and using finer-grained client locking
+ - The 'also-notify' option now takes the same syntax as
+ 'masters', so it can used named masterlists and TSIG keys.
+ - 'dnssec-signzone -D' writes an output file containing only DNSSEC
+ data, which can be included by the primary zone file.
+ - 'dnssec-signzone -R' forces removal of signatures that are
+ not expired but were created by a key which no longer exists.
+ - 'dnssec-signzone -X' allows a separate expiration date to
+ be specified for DNSKEY signatures from other signatures.
+ - New '-L' option to dnssec-keygen, dnssec-settime, and
+ dnssec-keyfromlabel sets the default TTL for the key.
+ - dnssec-dsfromkey now supports reading from standard input,
+ to make it easier to convert DNSKEY to DS.
+ - RFC 1918 reverse zones have been added to the empty-zones
+ table per RFC 6303.
+ - Dynamic updates can now optionally set the zone's SOA serial
+ number to the current UNIX time.
+ - DLZ modules can now retrieve the source IP address of
+ the querying client.
+ - 'request-ixfr' option can now be set at the per-zone level.
+ - 'dig +rrcomments' turns on comments about DNSKEY records,
+ indicating their key ID, algorithm and function
+ - Simplified nsupdate syntax and added readline support
Building
@@ -128,9 +154,9 @@ Building
Ubuntu 7.04, 7.10
Windows XP/2003/2008
- NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
- Windows, including Windows NT and Windows 2000, are no longer
- supported.
+ NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
+ Windows, including Windows NT and Windows 2000, are no longer
+ supported.
We have recent reports from the user community that a supported
version of BIND will build and run on the following systems:
@@ -231,10 +257,10 @@ Building
on the configure command line. The default is operating
system dependent.
- Support for the "fixed" rrset-order option can be enabled
- or disabled by specifying "--enable-fixed-rrset" or
- "--disable-fixed-rrset" on the configure command line.
- The default is "disabled", to reduce memory footprint.
+ Support for the "fixed" rrset-order option can be enabled
+ or disabled by specifying "--enable-fixed-rrset" or
+ "--disable-fixed-rrset" on the configure command line.
+ The default is "disabled", to reduce memory footprint.
If your operating system has integrated support for IPv6, it
will be used automatically. If you have installed KAME IPv6
@@ -305,8 +331,8 @@ Documentation
Frequently asked questions and their answers can be found in
FAQ.
- Additional information on various subjects can be found
- in the other README files.
+ Additional information on various subjects can be found
+ in the other README files.
Change Log
@@ -337,10 +363,10 @@ Change Log
[protocol] Updates to the DNS protocol such as new
RR types
- [test] Changes to the automatic tests, not
- affecting server functionality
+ [test] Changes to the automatic tests, not
+ affecting server functionality
- [cleanup] Minor corrections and refactoring
+ [cleanup] Minor corrections and refactoring
[doc] Documentation
Modified: stable/9/contrib/bind9/bin/check/named-checkconf.8
==============================================================================
--- stable/9/contrib/bind9/bin/check/named-checkconf.8 Mon Mar 3 08:01:36
2014 (r262705)
+++ stable/9/contrib/bind9/bin/check/named-checkconf.8 Mon Mar 3 09:18:19
2014 (r262706)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc.
("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium,
Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -33,7 +33,7 @@
named\-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS"
.HP 16
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\
\fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\
\fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\-checkconf\fR
@@ -84,6 +84,14 @@ Print out the
and included files in canonical form if no errors were detected.
.RE
.PP
+\-x
+.RS 4
+When printing the configuration files in canonical form, obscure shared
secrets by replacing them with strings of question marks ('?'). This allows the
contents of
+\fInamed.conf\fR
+and related files to be shared \(em for example, when submitting bug reports
\(em without compromising private data. This option cannot be used without
+\fB\-p\fR.
+.RE
+.PP
\-z
.RS 4
Perform a test load of all master zones found in
@@ -113,7 +121,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc.
("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
Modified: stable/9/contrib/bind9/bin/check/named-checkconf.c
==============================================================================
--- stable/9/contrib/bind9/bin/check/named-checkconf.c Mon Mar 3 08:01:36
2014 (r262705)
+++ stable/9/contrib/bind9/bin/check/named-checkconf.c Mon Mar 3 09:18:19
2014 (r262706)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc.
("ISC")
+ * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc.
("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -39,10 +39,13 @@
#include <bind9/check.h>
+#include <dns/db.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/name.h>
+#include <dns/rdataclass.h>
#include <dns/result.h>
+#include <dns/rootns.h>
#include <dns/zone.h>
#include "check-tool.h"
@@ -151,6 +154,30 @@ config_get(const cfg_obj_t **maps, const
}
}
+static isc_result_t
+configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_rdataclass_t rdclass;
+ isc_textregion_t r;
+
+ if (zfile == NULL)
+ return (ISC_R_FAILURE);
+
+ DE_CONST(zclass, r.base);
+ r.length = strlen(zclass);
+ result = dns_rdataclass_fromtext(&rdclass, &r);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = dns_rootns_create(mctx, rdclass, zfile, &db);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ dns_db_detach(&db);
+ return (ISC_R_SUCCESS);
+}
+
/*% configure the zone */
static isc_result_t
configure_zone(const char *vclass, const char *view,
@@ -161,7 +188,7 @@ configure_zone(const char *vclass, const
isc_result_t result;
const char *zclass;
const char *zname;
- const char *zfile;
+ const char *zfile = NULL;
const cfg_obj_t *maps[4];
const cfg_obj_t *zoptions = NULL;
const cfg_obj_t *classobj = NULL;
@@ -195,15 +222,28 @@ configure_zone(const char *vclass, const
cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL)
return (ISC_R_FAILURE);
- if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
+
+ cfg_map_get(zoptions, "file", &fileobj);
+ if (fileobj != NULL)
+ zfile = cfg_obj_asstring(fileobj);
+
+ /*
+ * Check hints files for hint zones.
+ * Skip loading checks for any type other than
+ * master and redirect
+ */
+ if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0)
+ return (configure_hint(zfile, zclass, mctx));
+ else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) &&
+ (strcasecmp(cfg_obj_asstring(typeobj), "redirect") != 0))
return (ISC_R_SUCCESS);
+
+ if (zfile == NULL)
+ return (ISC_R_FAILURE);
+
cfg_map_get(zoptions, "database", &dbobj);
if (dbobj != NULL)
return (ISC_R_SUCCESS);
- cfg_map_get(zoptions, "file", &fileobj);
- if (fileobj == NULL)
- return (ISC_R_FAILURE);
- zfile = cfg_obj_asstring(fileobj);
obj = NULL;
if (get_maps(maps, "check-dup-records", &obj)) {
@@ -341,7 +381,7 @@ configure_zone(const char *vclass, const
if (result != ISC_R_SUCCESS)
fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
dns_result_totext(result));
- return(result);
+ return (result);
}
/*% configure a view */
@@ -442,10 +482,11 @@ main(int argc, char **argv) {
isc_entropy_t *ectx = NULL;
isc_boolean_t load_zones = ISC_FALSE;
isc_boolean_t print = ISC_FALSE;
+ unsigned int flags = 0;
isc_commandline_errprint = ISC_FALSE;
- while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) {
+ while ((c = isc_commandline_parse(argc, argv, "dhjt:pvxz")) != EOF) {
switch (c) {
case 'd':
debug++;
@@ -472,6 +513,10 @@ main(int argc, char **argv) {
printf(VERSION "\n");
exit(0);
+ case 'x':
+ flags |= CFG_PRINTER_XKEY;
+ break;
+
case 'z':
load_zones = ISC_TRUE;
docheckmx = ISC_FALSE;
@@ -494,6 +539,11 @@ main(int argc, char **argv) {
}
}
+ if (((flags & CFG_PRINTER_XKEY) != 0) && !print) {
+ fprintf(stderr, "%s: -x cannot be used without -p\n", program);
+ exit(1);
+ }
+
if (isc_commandline_index + 1 < argc)
usage();
if (argv[isc_commandline_index] != NULL)
@@ -534,7 +584,7 @@ main(int argc, char **argv) {
}
if (print && exit_status == 0)
- cfg_print(config, output, NULL);
+ cfg_printx(config, flags, output, NULL);
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
Modified: stable/9/contrib/bind9/bin/check/named-checkconf.docbook
==============================================================================
--- stable/9/contrib/bind9/bin/check/named-checkconf.docbook Mon Mar 3
08:01:36 2014 (r262705)
+++ stable/9/contrib/bind9/bin/check/named-checkconf.docbook Mon Mar 3
09:18:19 2014 (r262706)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd";
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc.
("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium,
Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -36,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -60,6 +61,7 @@
<arg><option>-t <replaceable
class="parameter">directory</replaceable></option></arg>
<arg choice="req">filename</arg>
<arg><option>-p</option></arg>
+ <arg><option>-x</option></arg>
<arg><option>-z</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -130,6 +132,21 @@
</varlistentry>
<varlistentry>
+ <term>-x</term>
+ <listitem>
+ <para>
+ When printing the configuration files in canonical
+ form, obscure shared secrets by replacing them with
+ strings of question marks ('?'). This allows the
+ contents of <filename>named.conf</filename> and related
+ files to be shared — for example, when submitting
+ bug reports — without compromising private data.
+ This option cannot be used without <option>-p</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-z</term>
<listitem>
<para>
Modified: stable/9/contrib/bind9/bin/check/named-checkconf.html
==============================================================================
--- stable/9/contrib/bind9/bin/check/named-checkconf.html Mon Mar 3
08:01:36 2014 (r262705)
+++ stable/9/contrib/bind9/bin/check/named-checkconf.html Mon Mar 3
09:18:19 2014 (r262706)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc.
("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium,
Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>
[<code class="option">-h</code>] [<code class="option">-v</code>] [<code
class="option">-j</code>] [<code class="option">-t <em
class="replaceable"><code>directory</code></em></code>] {filename} [<code
class="option">-p</code>] [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>
[<code class="option">-h</code>] [<code class="option">-v</code>] [<code
class="option">-j</code>] [<code class="option">-t <em
class="replaceable"><code>directory</code></em></code>] {filename} [<code
class="option">-p</code>] [<code class="option">-x</code>] [<code
class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543396"></a><h2>DESCRIPTION</h2>
+<a name="id2543403"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file.
The file is parsed
@@ -52,7 +52,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543445"></a><h2>OPTIONS</h2>
+<a name="id2543452"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -74,6 +74,16 @@
Print out the <code class="filename">named.conf</code> and included
files
in canonical form if no errors were detected.
</p></dd>
+<dt><span class="term">-x</span></dt>
+<dd><p>
+ When printing the configuration files in canonical
+ form, obscure shared secrets by replacing them with
+ strings of question marks ('?'). This allows the
+ contents of <code class="filename">named.conf</code> and related
+ files to be shared — for example, when submitting
+ bug reports — without compromising private data.
+ This option cannot be used without <code class="option">-p</code>.
+ </p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
Perform a test load of all master zones found in
@@ -91,21 +101,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543569"></a><h2>RETURN VALUES</h2>
+<a name="id2543596"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543580"></a><h2>SEE ALSO</h2>
+<a name="id2543608"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span
class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span
class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543610"></a><h2>AUTHOR</h2>
+<a name="id2543638"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: stable/9/contrib/bind9/bin/confgen/ddns-confgen.c
==============================================================================
--- stable/9/contrib/bind9/bin/confgen/ddns-confgen.c Mon Mar 3 08:01:36
2014 (r262705)
+++ stable/9/contrib/bind9/bin/confgen/ddns-confgen.c Mon Mar 3 09:18:19
2014 (r262706)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -101,7 +101,7 @@ main(int argc, char **argv) {
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
- memcpy(program, "ddns-confgen", 13);
+ memmove(program, "ddns-confgen", 13);
progname = program;
isc_commandline_errprint = ISC_FALSE;
Modified: stable/9/contrib/bind9/bin/confgen/rndc-confgen.c
==============================================================================
--- stable/9/contrib/bind9/bin/confgen/rndc-confgen.c Mon Mar 3 08:01:36
2014 (r262705)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
