svn commit: r245163 - in stable/9: contrib/bind9 contrib/bind9/bin contrib/bind9/bin/check contrib/bind9/bin/confgen contrib/bind9/bin/confgen/unix contrib/bind9/bin/dig contrib/bind9/bin/dnssec co...
Erwin Lansing
erwin at FreeBSD.org
Tue Jan 8 09:05:16 UTC 2013
Author: erwin
Date: Tue Jan 8 09:05:09 2013
New Revision: 245163
URL: http://svnweb.freebsd.org/changeset/base/245163
Log:
MFC r243981,243987:
Update to 9.8.4-P1.
New Features
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
Feature Changes
* Improves OpenSSL error logging [RT #29932]
* nslookup now returns a nonzero exit code when it is unable to get
an answer. [RT #29492]
Other critical bug fixes are included.
Approved by: delphij (mentor)
Sponsored by: DK Hostmaster A/S
Added:
stable/9/contrib/bind9/lib/dns/opensslecdsa_link.c
- copied unchanged from r243981, head/contrib/bind9/lib/dns/opensslecdsa_link.c
Modified:
stable/9/contrib/bind9/CHANGES
stable/9/contrib/bind9/Makefile.in
stable/9/contrib/bind9/README
stable/9/contrib/bind9/acconfig.h
stable/9/contrib/bind9/bin/Makefile.in
stable/9/contrib/bind9/bin/check/Makefile.in
stable/9/contrib/bind9/bin/check/check-tool.c
stable/9/contrib/bind9/bin/confgen/Makefile.in
stable/9/contrib/bind9/bin/confgen/unix/Makefile.in
stable/9/contrib/bind9/bin/dig/Makefile.in
stable/9/contrib/bind9/bin/dig/nslookup.c
stable/9/contrib/bind9/bin/dnssec/Makefile.in
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.8
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.c
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.html
stable/9/contrib/bind9/bin/dnssec/dnssec-settime.c
stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.c
stable/9/contrib/bind9/bin/named/Makefile.in
stable/9/contrib/bind9/bin/named/builtin.c
stable/9/contrib/bind9/bin/named/config.c
stable/9/contrib/bind9/bin/named/controlconf.c
stable/9/contrib/bind9/bin/named/convertxsl.pl
stable/9/contrib/bind9/bin/named/query.c
stable/9/contrib/bind9/bin/named/server.c
stable/9/contrib/bind9/bin/named/statschannel.c
stable/9/contrib/bind9/bin/named/unix/Makefile.in
stable/9/contrib/bind9/bin/nsupdate/Makefile.in
stable/9/contrib/bind9/bin/nsupdate/nsupdate.c
stable/9/contrib/bind9/bin/rndc/Makefile.in
stable/9/contrib/bind9/bin/tools/Makefile.in
stable/9/contrib/bind9/config.h.in
stable/9/contrib/bind9/configure.in
stable/9/contrib/bind9/doc/Makefile.in
stable/9/contrib/bind9/doc/arm/Bv9ARM-book.xml
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch04.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch06.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch07.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch08.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.ch09.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.html
stable/9/contrib/bind9/doc/arm/Bv9ARM.pdf
stable/9/contrib/bind9/doc/arm/Makefile.in
stable/9/contrib/bind9/doc/arm/man.arpaname.html
stable/9/contrib/bind9/doc/arm/man.ddns-confgen.html
stable/9/contrib/bind9/doc/arm/man.dig.html
stable/9/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html
stable/9/contrib/bind9/doc/arm/man.dnssec-keygen.html
stable/9/contrib/bind9/doc/arm/man.dnssec-revoke.html
stable/9/contrib/bind9/doc/arm/man.dnssec-settime.html
stable/9/contrib/bind9/doc/arm/man.dnssec-signzone.html
stable/9/contrib/bind9/doc/arm/man.genrandom.html
stable/9/contrib/bind9/doc/arm/man.host.html
stable/9/contrib/bind9/doc/arm/man.isc-hmac-fixup.html
stable/9/contrib/bind9/doc/arm/man.named-checkconf.html
stable/9/contrib/bind9/doc/arm/man.named-checkzone.html
stable/9/contrib/bind9/doc/arm/man.named-journalprint.html
stable/9/contrib/bind9/doc/arm/man.named.html
stable/9/contrib/bind9/doc/arm/man.nsec3hash.html
stable/9/contrib/bind9/doc/arm/man.nsupdate.html
stable/9/contrib/bind9/doc/arm/man.rndc-confgen.html
stable/9/contrib/bind9/doc/arm/man.rndc.conf.html
stable/9/contrib/bind9/doc/arm/man.rndc.html
stable/9/contrib/bind9/doc/misc/Makefile.in
stable/9/contrib/bind9/doc/misc/format-options.pl
stable/9/contrib/bind9/doc/misc/options
stable/9/contrib/bind9/doc/misc/sort-options.pl
stable/9/contrib/bind9/isc-config.sh.in
stable/9/contrib/bind9/lib/Makefile.in
stable/9/contrib/bind9/lib/bind9/Makefile.in
stable/9/contrib/bind9/lib/bind9/api
stable/9/contrib/bind9/lib/bind9/check.c
stable/9/contrib/bind9/lib/bind9/include/Makefile.in
stable/9/contrib/bind9/lib/bind9/include/bind9/Makefile.in
stable/9/contrib/bind9/lib/dns/Makefile.in
stable/9/contrib/bind9/lib/dns/adb.c
stable/9/contrib/bind9/lib/dns/api
stable/9/contrib/bind9/lib/dns/db.c
stable/9/contrib/bind9/lib/dns/dnssec.c
stable/9/contrib/bind9/lib/dns/ds.c
stable/9/contrib/bind9/lib/dns/dst_api.c
stable/9/contrib/bind9/lib/dns/dst_internal.h
stable/9/contrib/bind9/lib/dns/dst_openssl.h
stable/9/contrib/bind9/lib/dns/dst_parse.c
stable/9/contrib/bind9/lib/dns/dst_parse.h
stable/9/contrib/bind9/lib/dns/dst_result.c
stable/9/contrib/bind9/lib/dns/include/Makefile.in
stable/9/contrib/bind9/lib/dns/include/dns/db.h
stable/9/contrib/bind9/lib/dns/include/dns/dnssec.h
stable/9/contrib/bind9/lib/dns/include/dns/ds.h
stable/9/contrib/bind9/lib/dns/include/dns/iptable.h
stable/9/contrib/bind9/lib/dns/include/dns/keyvalues.h
stable/9/contrib/bind9/lib/dns/include/dns/log.h
stable/9/contrib/bind9/lib/dns/include/dns/rdataset.h
stable/9/contrib/bind9/lib/dns/include/dns/rpz.h
stable/9/contrib/bind9/lib/dns/include/dns/stats.h
stable/9/contrib/bind9/lib/dns/include/dns/view.h
stable/9/contrib/bind9/lib/dns/include/dns/zone.h
stable/9/contrib/bind9/lib/dns/include/dst/Makefile.in
stable/9/contrib/bind9/lib/dns/include/dst/dst.h
stable/9/contrib/bind9/lib/dns/include/dst/result.h
stable/9/contrib/bind9/lib/dns/log.c
stable/9/contrib/bind9/lib/dns/master.c
stable/9/contrib/bind9/lib/dns/masterdump.c
stable/9/contrib/bind9/lib/dns/openssl_link.c
stable/9/contrib/bind9/lib/dns/openssldh_link.c
stable/9/contrib/bind9/lib/dns/openssldsa_link.c
stable/9/contrib/bind9/lib/dns/opensslgost_link.c
stable/9/contrib/bind9/lib/dns/opensslrsa_link.c
stable/9/contrib/bind9/lib/dns/rbtdb.c
stable/9/contrib/bind9/lib/dns/rcode.c
stable/9/contrib/bind9/lib/dns/rdata.c
stable/9/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c
stable/9/contrib/bind9/lib/dns/rdata/generic/ds_43.c
stable/9/contrib/bind9/lib/dns/rdataset.c
stable/9/contrib/bind9/lib/dns/resolver.c
stable/9/contrib/bind9/lib/dns/rpz.c
stable/9/contrib/bind9/lib/dns/spnego_asn1.pl
stable/9/contrib/bind9/lib/dns/validator.c
stable/9/contrib/bind9/lib/dns/view.c
stable/9/contrib/bind9/lib/dns/zone.c
stable/9/contrib/bind9/lib/export/Makefile.in
stable/9/contrib/bind9/lib/export/dns/Makefile.in
stable/9/contrib/bind9/lib/export/dns/include/Makefile.in
stable/9/contrib/bind9/lib/export/dns/include/dns/Makefile.in
stable/9/contrib/bind9/lib/export/dns/include/dst/Makefile.in
stable/9/contrib/bind9/lib/export/irs/include/irs/Makefile.in
stable/9/contrib/bind9/lib/export/isc/Makefile.in
stable/9/contrib/bind9/lib/export/isc/include/isc/Makefile.in
stable/9/contrib/bind9/lib/export/isc/nls/Makefile.in
stable/9/contrib/bind9/lib/export/isc/nothreads/Makefile.in
stable/9/contrib/bind9/lib/export/isc/nothreads/include/isc/Makefile.in
stable/9/contrib/bind9/lib/export/isc/pthreads/Makefile.in
stable/9/contrib/bind9/lib/export/isc/pthreads/include/isc/Makefile.in
stable/9/contrib/bind9/lib/export/isc/unix/Makefile.in
stable/9/contrib/bind9/lib/export/isc/unix/include/isc/Makefile.in
stable/9/contrib/bind9/lib/export/isccfg/include/isccfg/Makefile.in
stable/9/contrib/bind9/lib/export/samples/Makefile-postinstall.in
stable/9/contrib/bind9/lib/export/samples/Makefile.in
stable/9/contrib/bind9/lib/irs/Makefile.in
stable/9/contrib/bind9/lib/irs/include/Makefile.in
stable/9/contrib/bind9/lib/irs/include/irs/Makefile.in
stable/9/contrib/bind9/lib/isc/alpha/Makefile.in
stable/9/contrib/bind9/lib/isc/alpha/include/Makefile.in
stable/9/contrib/bind9/lib/isc/alpha/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/api
stable/9/contrib/bind9/lib/isc/ia64/Makefile.in
stable/9/contrib/bind9/lib/isc/ia64/include/Makefile.in
stable/9/contrib/bind9/lib/isc/ia64/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/ia64/include/isc/atomic.h
stable/9/contrib/bind9/lib/isc/include/Makefile.in
stable/9/contrib/bind9/lib/isc/include/isc/file.h
stable/9/contrib/bind9/lib/isc/include/isc/namespace.h
stable/9/contrib/bind9/lib/isc/include/isc/task.h
stable/9/contrib/bind9/lib/isc/mem.c
stable/9/contrib/bind9/lib/isc/mips/Makefile.in
stable/9/contrib/bind9/lib/isc/mips/include/Makefile.in
stable/9/contrib/bind9/lib/isc/mips/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/nls/Makefile.in
stable/9/contrib/bind9/lib/isc/noatomic/Makefile.in
stable/9/contrib/bind9/lib/isc/noatomic/include/Makefile.in
stable/9/contrib/bind9/lib/isc/noatomic/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/nothreads/Makefile.in
stable/9/contrib/bind9/lib/isc/nothreads/include/Makefile.in
stable/9/contrib/bind9/lib/isc/nothreads/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/powerpc/Makefile.in
stable/9/contrib/bind9/lib/isc/powerpc/include/Makefile.in
stable/9/contrib/bind9/lib/isc/powerpc/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/pthreads/Makefile.in
stable/9/contrib/bind9/lib/isc/pthreads/condition.c
stable/9/contrib/bind9/lib/isc/pthreads/include/Makefile.in
stable/9/contrib/bind9/lib/isc/pthreads/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/sparc64/Makefile.in
stable/9/contrib/bind9/lib/isc/sparc64/include/Makefile.in
stable/9/contrib/bind9/lib/isc/sparc64/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/task.c
stable/9/contrib/bind9/lib/isc/task_api.c
stable/9/contrib/bind9/lib/isc/unix/Makefile.in
stable/9/contrib/bind9/lib/isc/unix/file.c
stable/9/contrib/bind9/lib/isc/unix/include/Makefile.in
stable/9/contrib/bind9/lib/isc/unix/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/x86_32/Makefile.in
stable/9/contrib/bind9/lib/isc/x86_32/include/Makefile.in
stable/9/contrib/bind9/lib/isc/x86_32/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isc/x86_64/Makefile.in
stable/9/contrib/bind9/lib/isc/x86_64/include/Makefile.in
stable/9/contrib/bind9/lib/isc/x86_64/include/isc/Makefile.in
stable/9/contrib/bind9/lib/isccc/api
stable/9/contrib/bind9/lib/isccc/cc.c
stable/9/contrib/bind9/lib/isccc/include/Makefile.in
stable/9/contrib/bind9/lib/isccc/include/isccc/Makefile.in
stable/9/contrib/bind9/lib/isccfg/api
stable/9/contrib/bind9/lib/isccfg/include/Makefile.in
stable/9/contrib/bind9/lib/isccfg/include/isccfg/Makefile.in
stable/9/contrib/bind9/lib/isccfg/namedconf.c
stable/9/contrib/bind9/lib/lwres/Makefile.in
stable/9/contrib/bind9/lib/lwres/api
stable/9/contrib/bind9/lib/lwres/getaddrinfo.c
stable/9/contrib/bind9/lib/lwres/include/Makefile.in
stable/9/contrib/bind9/lib/lwres/include/lwres/Makefile.in
stable/9/contrib/bind9/lib/lwres/man/Makefile.in
stable/9/contrib/bind9/make/rules.in
stable/9/contrib/bind9/version
stable/9/lib/bind/config.h
stable/9/lib/bind/dns/Makefile
stable/9/lib/bind/isc/isc/platform.h
Directory Properties:
stable/9/contrib/bind9/ (props changed)
stable/9/lib/bind/ (props changed)
Modified: stable/9/contrib/bind9/CHANGES
==============================================================================
--- stable/9/contrib/bind9/CHANGES Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/CHANGES Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,15 +1,81 @@
- --- 9.8.3-P4 released ---
+ --- 9.8.4-P1 released ---
+
+3407. [security] Named could die on specific queries with dns64 enabled.
+ [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
+
+ --- 9.8.4 released ---
3383. [security] A certain combination of records in the RBT could
cause named to hang while populating the additional
section of a response. [RT #31090]
- --- 9.8.3-P3 released ---
+3373. [bug] win32: open raw files in binary mode. [RT #30944]
3364. [security] Named could die on specially crafted record.
[RT #30416]
- --- 9.8.3-P2 released ---
+ --- 9.8.4rc1 released ---
+
+3369. [bug] nsupdate terminated unexpectedly in interactive mode
+ if built with readline support. [RT #29550]
+
+3368. [bug] <dns/iptable.h> and <dns/zone.h> were not C++ safe.
+
+3367. [bug] dns_dnsseckey_create() result was not being checked.
+ [RT #30685]
+
+3366. [bug] Fixed Read-After-Write dependency violation for IA64
+ atomic operations. [RT #25181]
+
+3365. [bug] Removed spurious newlines from log messages in
+ zone.c [RT #30675]
+
+3363. [bug] Need to allow "forward" and "fowarders" options
+ in static-stub zones; this had been overlooked.
+ [RT #30482]
+
+3362. [bug] Setting some option values to 0 in named.conf
+ could trigger an assertion failure on startup.
+ [RT #27730]
+
+3360. [bug] 'host -w' could die. [RT #18723]
+
+3359. [bug] An improperly-formed TSIG secret could cause a
+ memory leak. [RT #30607]
+
+3357. [port] Add support for libxml2-2.8.x [RT #30440]
+
+3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
+ approaching their expiry, so they don't remain
+ in caches after expiry. [RT #26429]
+
+ --- 9.8.4b1 released ---
+
+3354. [func] Improve OpenSSL error logging. [RT #29932]
+
+3353. [bug] Use a single task for task exclusive operations.
+ [RT #29872]
+
+3352. [bug] Ensure that learned server attributes timeout of the
+ adb cache. [RT #29856]
+
+3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
+ caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
+ memory debugging flags are set. [RT #30243]
+
+3350. [bug] Memory read overrun in isc___mem_reallocate if
+ ISC_MEM_DEBUGCTX memory debugging flag is set.
+ [RT #30240]
+
+3348. [bug] Prevent RRSIG data from being cached if a negative
+ record matching the covering type exists at a higher
+ trust level. Such data already can't be retrieved from
+ the cache since change 3218 -- this prevents it
+ being inserted into the cache as well. [RT #26809]
+
+3347. [bug] dnssec-settime: Issue a warning when writing a new
+ private key file would cause a change in the
+ permissions of the existing file. [RT #27724]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
@@ -18,11 +84,47 @@
resulting in excessive cpu usage in some cases.
[RT #29952]
- --- 9.8.3-P1 released ---
+3337. [bug] Change #3294 broke support for the multiple keys
+ in controls. [RT #29694]
+
+3335. [func] nslookup: return a nonzero exit code when unable
+ to get an answer. [RT #29492]
+
+3333. [bug] Setting resolver-query-timeout too low can cause
+ named to not recover if it loses connectivity.
+ [RT #29623]
+
+3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
-
+
+3330. [func] Fix missing signatures on NOERROR results despite
+ RPZ rewriting. Also
+ - add optional "recursive-only yes|no" to the
+ response-policy statement
+ - add optional "max-policy-ttl" to the response-policy
+ statement to limit the false data that
+ "recursive-only no" can introduce into
+ resolvers' caches
+ - add a RPZ performance test to bin/tests/system/rpz
+ when queryperf is available.
+ - the encoding of PASSTHRU action to "rpz-passthru".
+ (The old encoding is still accepted.)
+ [RT #26172]
+
+
+3329. [bug] Handle RRSIG signer-name case consistently: We
+ generate RRSIG records with the signer-name in
+ lower case. We accept them with any case, but if
+ they fail to validate, we try again in lower case.
+ [RT #27451]
+
+3328. [bug] Fixed inconsistent data checking in dst_parse.c.
+ [RT #29401]
+
+3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
+
--- 9.8.3 released ---
3318. [tuning] Reduce the amount of work performed while holding a
Modified: stable/9/contrib/bind9/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: stable/9/contrib/bind9/README
==============================================================================
--- stable/9/contrib/bind9/README Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/README Tue Jan 8 09:05:09 2013 (r245163)
@@ -51,6 +51,11 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.8.4
+
+ BIND 9.8.4 includes several bug fixes and patches security
+ flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
+
BIND 9.8.3
BIND 9.8.3 is a maintenance release.
Modified: stable/9/contrib/bind9/acconfig.h
==============================================================================
--- stable/9/contrib/bind9/acconfig.h Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/acconfig.h Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -138,6 +138,9 @@ int sigwait(const unsigned int *set, int
/* Define if OpenSSL includes DSA support */
#undef HAVE_OPENSSL_DSA
+/* Define if OpenSSL includes ECDSA support */
+#undef HAVE_OPENSSL_ECDSA
+
/* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T
Modified: stable/9/contrib/bind9/bin/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/bin/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: stable/9/contrib/bind9/bin/check/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/bin/check/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/check/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: stable/9/contrib/bind9/bin/check/check-tool.c
==============================================================================
--- stable/9/contrib/bind9/bin/check/check-tool.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/check/check-tool.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -639,6 +639,9 @@ dump_zone(const char *zonename, dns_zone
{
isc_result_t result;
FILE *output = stdout;
+ const char *flags;
+
+ flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
if (debug) {
if (filename != NULL && strcmp(filename, "-") != 0)
@@ -649,7 +652,7 @@ dump_zone(const char *zonename, dns_zone
}
if (filename != NULL && strcmp(filename, "-") != 0) {
- result = isc_stdio_open(filename, "w+", &output);
+ result = isc_stdio_open(filename, flags, &output);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not open output "
Modified: stable/9/contrib/bind9/bin/confgen/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/bin/confgen/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/confgen/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
Modified: stable/9/contrib/bind9/bin/confgen/unix/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/bin/confgen/unix/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/confgen/unix/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
Modified: stable/9/contrib/bind9/bin/dig/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/bin/dig/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dig/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: stable/9/contrib/bind9/bin/dig/nslookup.c
==============================================================================
--- stable/9/contrib/bind9/bin/dig/nslookup.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dig/nslookup.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -57,6 +57,7 @@ static isc_boolean_t in_use = ISC_FALSE;
static char defclass[MXRD] = "IN";
static char deftype[MXRD] = "A";
static isc_event_t *global_event = NULL;
+static int query_error = 1, print_error = 0;
static char domainopt[DNS_NAME_MAXTEXT];
@@ -406,6 +407,9 @@ isc_result_t
printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char servtext[ISC_SOCKADDR_FORMATSIZE];
+ /* I've we've gotten this far, we've reached a server. */
+ query_error = 0;
+
debug("printmessage()");
isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
@@ -433,6 +437,9 @@ printmessage(dig_query_t *query, dns_mes
(msg->rcode != dns_rcode_nxdomain) ? nametext :
query->lookup->textname, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
+
+ /* the lookup failed */
+ print_error |= 1;
return (ISC_R_SUCCESS);
}
@@ -887,5 +894,5 @@ main(int argc, char **argv) {
destroy_libs();
isc_app_finish();
- return (0);
+ return (query_error | print_error);
}
Modified: stable/9/contrib/bind9/bin/dnssec/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8 Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8 Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -55,7 +55,7 @@ Use SHA\-256 as the digest algorithm.
.RS 4
Select the digest algorithm. The value of
\fBalgorithm\fR
-must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive.
+must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
.RE
.PP
\-K \fIdirectory\fR
@@ -139,5 +139,5 @@ RFC 4509.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -296,7 +296,7 @@ usage(void) {
fprintf(stderr, " -K <directory>: directory in which to find "
"key file or keyset file\n");
fprintf(stderr, " -a algorithm: digest algorithm "
- "(SHA-1, SHA-256 or GOST)\n");
+ "(SHA-1, SHA-256, GOST or SHA-384)\n");
fprintf(stderr, " -1: use SHA-1\n");
fprintf(stderr, " -2: use SHA-256\n");
fprintf(stderr, " -l: add lookaside zone and print DLV records\n");
@@ -415,6 +415,9 @@ main(int argc, char **argv) {
else if (strcasecmp(algname, "GOST") == 0)
dtype = DNS_DSDIGEST_GOST;
#endif
+ else if (strcasecmp(algname, "SHA384") == 0 ||
+ strcasecmp(algname, "SHA-384") == 0)
+ dtype = DNS_DSDIGEST_SHA384;
else
fatal("unknown algorithm %s", algname);
}
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.docbook Tue Jan 8 09:05:09 2013 (r245163)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -39,6 +39,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
+ <year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -107,7 +108,8 @@
<para>
Select the digest algorithm. The value of
<option>algorithm</option> must be one of SHA-1 (SHA1),
- SHA-256 (SHA256) or GOST. These values are case insensitive.
+ SHA-256 (SHA256), GOST or SHA-384 (SHA384).
+ These values are case insensitive.
</para>
</listitem>
</varlistentry>
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-dsfromkey.html Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -32,14 +32,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543465"></a><h2>DESCRIPTION</h2>
+<a name="id2543468"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543477"></a><h2>OPTIONS</h2>
+<a name="id2543480"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@@ -54,7 +54,8 @@
<dd><p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
- SHA-256 (SHA256) or GOST. These values are case insensitive.
+ SHA-256 (SHA256), GOST or SHA-384 (SHA384).
+ These values are case insensitive.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -100,7 +101,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543664"></a><h2>EXAMPLE</h2>
+<a name="id2543667"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -115,7 +116,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543693"></a><h2>FILES</h2>
+<a name="id2543697"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -129,13 +130,13 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543729"></a><h2>CAVEAT</h2>
+<a name="id2543732"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543738"></a><h2>SEE ALSO</h2>
+<a name="id2543741"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -145,7 +146,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543778"></a><h2>AUTHOR</h2>
+<a name="id2543781"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8 Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.8 Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -47,7 +47,7 @@ of the key is specified on the command l
.RS 4
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. These values are case insensitive.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
@@ -215,5 +215,5 @@ RFC 4034.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC")
.br
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -55,7 +55,8 @@ int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
" NSEC3DSA | NSEC3RSASHA1 |"
- " RSASHA256 | RSASHA512 | ECCGOST";
+ " RSASHA256 | RSASHA512 | ECCGOST |"
+ " ECDSAP256SHA256 | ECDSAP384SHA384";
ISC_PLATFORM_NORETURN_PRE static void
usage(void) ISC_PLATFORM_NORETURN_POST;
@@ -369,7 +370,8 @@ main(int argc, char **argv) {
if (use_nsec3 &&
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
- alg != DST_ALG_ECCGOST) {
+ alg != DST_ALG_ECCGOST &&
+ alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
fatal("%s is incompatible with NSEC3; "
"do not use the -3 option", algname);
}
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.docbook Tue Jan 8 09:05:09 2013 (r245163)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -40,6 +40,7 @@
<year>2009</year>
<year>2010</year>
<year>2011</year>
+ <year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -94,7 +95,8 @@
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+ DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+ ECDSAP256SHA256 or ECDSAP384SHA384.
These values are case insensitive.
</para>
<para>
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.html Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code cl
ass="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543495"></a><h2>DESCRIPTION</h2>
+<a name="id2543498"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -44,14 +44,15 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543513"></a><h2>OPTIONS</h2>
+<a name="id2543516"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+ DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+ ECDSAP256SHA256 or ECDSAP384SHA384.
These values are case insensitive.
</p>
<p>
@@ -163,7 +164,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543877"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543880"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -210,7 +211,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544043"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2544046"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@@ -249,7 +250,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544116"></a><h2>SEE ALSO</h2>
+<a name="id2544119"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -257,7 +258,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544149"></a><h2>AUTHOR</h2>
+<a name="id2544152"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.8
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.8 Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.8 Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -48,7 +48,7 @@ of the key is specified on the command l
.RS 4
Selects the cryptographic algorithm. For DNSSEC keys, the value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
@@ -63,7 +63,7 @@ Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 th
.PP
\-b \fIkeysize\fR
.RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits. Elliptic curve algorithms don't need this parameter.
.sp
The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSK's) and 2048 bits for key signing keys (KSK's, generated with
\fB\-f KSK\fR). However, if an algorithm is explicitly specified with the
@@ -81,7 +81,7 @@ must either be ZONE (for a DNSSEC zone k
.PP
\-3
.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms are NSEC3\-capable.
+Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384 algorithms are NSEC3\-capable.
.RE
.PP
\-C
@@ -298,7 +298,7 @@ RFC 4034.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.c
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -85,6 +85,7 @@ usage(void) {
fprintf(stderr, " RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
" | NSEC3DSA |\n");
fprintf(stderr, " RSASHA256 | RSASHA512 | ECCGOST |\n");
+ fprintf(stderr, " ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
fprintf(stderr, " DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
"HMAC-SHA256 | \n");
fprintf(stderr, " HMAC-SHA384 | HMAC-SHA512\n");
@@ -102,6 +103,8 @@ usage(void) {
fprintf(stderr, " NSEC3DSA:\t[512..1024] and divisible "
"by 64\n");
fprintf(stderr, " ECCGOST:\tignored\n");
+ fprintf(stderr, " ECDSAP256SHA256:\tignored\n");
+ fprintf(stderr, " ECDSAP384SHA384:\tignored\n");
fprintf(stderr, " HMAC-MD5:\t[1..512]\n");
fprintf(stderr, " HMAC-SHA1:\t[1..160]\n");
fprintf(stderr, " HMAC-SHA224:\t[1..224]\n");
@@ -549,7 +552,8 @@ main(int argc, char **argv) {
if (use_nsec3 &&
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
alg != DST_ALG_RSASHA256 && alg!= DST_ALG_RSASHA512 &&
- alg != DST_ALG_ECCGOST) {
+ alg != DST_ALG_ECCGOST &&
+ alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
fatal("%s is incompatible with NSEC3; "
"do not use the -3 option", algname);
}
@@ -579,9 +583,11 @@ main(int argc, char **argv) {
size = 1024;
if (verbose > 0)
fprintf(stderr, "key size not "
- "specified; defaulting "
- "to %d\n", size);
- } else if (alg != DST_ALG_ECCGOST)
+ "specified; defaulting"
+ " to %d\n", size);
+ } else if (alg != DST_ALG_ECCGOST &&
+ alg != DST_ALG_ECDSA256 &&
+ alg != DST_ALG_ECDSA384)
fatal("key size not specified (-b option)");
}
@@ -710,6 +716,8 @@ main(int argc, char **argv) {
fatal("invalid DSS key size: %d", size);
break;
case DST_ALG_ECCGOST:
+ case DST_ALG_ECDSA256:
+ case DST_ALG_ECDSA384:
break;
case DST_ALG_HMACMD5:
options |= DST_TYPE_KEY;
@@ -775,7 +783,8 @@ main(int argc, char **argv) {
if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
- alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST) &&
+ alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST ||
+ alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384) &&
rsa_exp != 0)
fatal("specified RSA exponent for a non-RSA key");
@@ -849,6 +858,8 @@ main(int argc, char **argv) {
case DNS_KEYALG_DSA:
case DNS_KEYALG_NSEC3DSA:
case DST_ALG_ECCGOST:
+ case DST_ALG_ECDSA256:
+ case DST_ALG_ECDSA384:
show_progress = ISC_TRUE;
/* fall through */
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.docbook
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.docbook Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.docbook Tue Jan 8 09:05:09 2013 (r245163)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -43,6 +43,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
+ <year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -114,7 +115,8 @@
<para>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+ DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+ ECDSAP256SHA256 or ECDSAP384SHA384.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
@@ -148,7 +150,8 @@
between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC keys must be
- between 1 and 512 bits.
+ between 1 and 512 bits. Elliptic curve algorithms don't need
+ this parameter.
</para>
<para>
The key size does not need to be specified if using a default
@@ -184,7 +187,8 @@
Use an NSEC3-capable algorithm to generate a DNSSEC key.
If this option is used and no algorithm is explicitly
set on the command line, NSEC3RSASHA1 will be used by
- default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
+ default. Note that RSASHA256, RSASHA512, ECCGOST,
+ ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
are NSEC3-capable.
</para>
</listitem>
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.html
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.html Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-keygen.html Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code
class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="
option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543579"></a><h2>DESCRIPTION</h2>
+<a name="id2543582"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -46,14 +46,15 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543597"></a><h2>OPTIONS</h2>
+<a name="id2543601"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
+ DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
+ ECDSAP256SHA256 or ECDSAP384SHA384.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
@@ -84,7 +85,8 @@
between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC keys must be
- between 1 and 512 bits.
+ between 1 and 512 bits. Elliptic curve algorithms don't need
+ this parameter.
</p>
<p>
The key size does not need to be specified if using a default
@@ -111,7 +113,8 @@
Use an NSEC3-capable algorithm to generate a DNSSEC key.
If this option is used and no algorithm is explicitly
set on the command line, NSEC3RSASHA1 will be used by
- default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
+ default. Note that RSASHA256, RSASHA512, ECCGOST,
+ ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
are NSEC3-capable.
</p></dd>
<dt><span class="term">-C</span></dt>
@@ -248,7 +251,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544166"></a><h2>TIMING OPTIONS</h2>
+<a name="id2544169"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -319,7 +322,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544356"></a><h2>GENERATED KEYS</h2>
+<a name="id2544359"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -365,7 +368,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544506"></a><h2>EXAMPLE</h2>
+<a name="id2544441"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -386,7 +389,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544550"></a><h2>SEE ALSO</h2>
+<a name="id2544485"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -395,7 +398,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544581"></a><h2>AUTHOR</h2>
+<a name="id2544584"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-settime.c
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-settime.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-settime.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -38,6 +38,7 @@
#include <dns/keyvalues.h>
#include <dns/result.h>
+#include <dns/log.h>
#include <dst/dst.h>
@@ -151,6 +152,7 @@ main(int argc, char **argv) {
isc_boolean_t force = ISC_FALSE;
isc_boolean_t epoch = ISC_FALSE;
isc_boolean_t changed = ISC_FALSE;
+ isc_log_t *log = NULL;
if (argc == 1)
usage();
@@ -159,6 +161,8 @@ main(int argc, char **argv) {
if (result != ISC_R_SUCCESS)
fatal("Out of memory");
+ setup_logging(verbose, mctx, &log);
+
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
@@ -578,6 +582,7 @@ main(int argc, char **argv) {
cleanup_entropy(&ectx);
if (verbose > 10)
isc_mem_stats(mctx, stdout);
+ cleanup_logging(&log);
isc_mem_free(mctx, directory);
isc_mem_destroy(&mctx);
Modified: stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.c
==============================================================================
--- stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/dnssec/dnssec-signzone.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -3893,7 +3893,10 @@ main(int argc, char *argv[]) {
check_result(result, "isc_file_mktemplate");
fp = NULL;
- result = isc_file_openunique(tempfile, &fp);
+ if (outputformat == dns_masterformat_text)
+ result = isc_file_openunique(tempfile, &fp);
+ else
+ result = isc_file_bopenunique(tempfile, &fp);
if (result != ISC_R_SUCCESS)
fatal("failed to open temporary output file: %s",
isc_result_totext(result));
Modified: stable/9/contrib/bind9/bin/named/Makefile.in
==============================================================================
--- stable/9/contrib/bind9/bin/named/Makefile.in Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/named/Makefile.in Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
Modified: stable/9/contrib/bind9/bin/named/builtin.c
==============================================================================
--- stable/9/contrib/bind9/bin/named/builtin.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/named/builtin.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -99,9 +99,9 @@ static size_t
dns64_rdata(unsigned char *v, size_t start, unsigned char *rdata) {
size_t i, j = 0;
- for (i = 0; i < 4; i++) {
+ for (i = 0; i < 4U; i++) {
unsigned char c = v[start++];
- if (start == 7)
+ if (start == 7U)
start++;
if (c > 99) {
rdata[j++] = 3;
@@ -164,7 +164,7 @@ dns64_cname(const dns_name_t *zone, cons
i = (nlen % 4) == 2U ? 1 : 0;
j = nlen;
memset(v, 0, sizeof(v));
- while (j != 0) {
+ while (j != 0U) {
INSIST((i/2) < sizeof(v));
if (ndata[0] != 1)
return (ISC_R_NOTFOUND);
Modified: stable/9/contrib/bind9/bin/named/config.c
==============================================================================
--- stable/9/contrib/bind9/bin/named/config.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/named/config.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -89,7 +89,7 @@ options {\n\
#endif
"\
recursive-clients 1000;\n\
- resolver-query-timeout 30;\n\
+ resolver-query-timeout 10;\n\
rrset-order {type NS order random; order cyclic; };\n\
serial-queries 20;\n\
serial-query-rate 20;\n\
Modified: stable/9/contrib/bind9/bin/named/controlconf.c
==============================================================================
--- stable/9/contrib/bind9/bin/named/controlconf.c Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/named/controlconf.c Tue Jan 8 09:05:09 2013 (r245163)
@@ -373,8 +373,10 @@ control_recvmessage(isc_task_t *task, is
if (result == ISC_R_SUCCESS)
break;
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
- log_invalid(&conn->ccmsg, result);
- goto cleanup;
+ if (result != ISCCC_R_BADAUTH) {
+ log_invalid(&conn->ccmsg, result);
+ goto cleanup;
+ }
}
if (key == NULL) {
Modified: stable/9/contrib/bind9/bin/named/convertxsl.pl
==============================================================================
--- stable/9/contrib/bind9/bin/named/convertxsl.pl Tue Jan 8 08:59:39 2013 (r245162)
+++ stable/9/contrib/bind9/bin/named/convertxsl.pl Tue Jan 8 09:05:09 2013 (r245163)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable-9
mailing list