svn commit: r262443 - in vendor/bind9/dist-9.8: . bin/check bin/confgen bin/dig bin/dig/include/dig bin/dnssec bin/named bin/named/include/named bin/named/unix bin/nsupdate bin/rndc doc/arm lib/bin...
Erwin Lansing
erwin at FreeBSD.org
Mon Feb 24 13:57:11 UTC 2014
Author: erwin
Date: Mon Feb 24 13:57:07 2014
New Revision: 262443
URL: http://svnweb.freebsd.org/changeset/base/262443
Log:
Vendor import of BIND 9.8.7
Approved by: delphij (mentor, implicit)
Sponsored by: DK Hostmaster A/S
Added:
vendor/bind9/dist-9.8/lib/isc/include/isc/safe.h
vendor/bind9/dist-9.8/lib/isc/safe.c
Modified:
vendor/bind9/dist-9.8/CHANGES
vendor/bind9/dist-9.8/COPYRIGHT
vendor/bind9/dist-9.8/Makefile.in
vendor/bind9/dist-9.8/README
vendor/bind9/dist-9.8/bin/check/named-checkconf.8
vendor/bind9/dist-9.8/bin/check/named-checkconf.c
vendor/bind9/dist-9.8/bin/check/named-checkconf.docbook
vendor/bind9/dist-9.8/bin/check/named-checkconf.html
vendor/bind9/dist-9.8/bin/confgen/ddns-confgen.c
vendor/bind9/dist-9.8/bin/confgen/rndc-confgen.c
vendor/bind9/dist-9.8/bin/dig/dig.1
vendor/bind9/dist-9.8/bin/dig/dig.c
vendor/bind9/dist-9.8/bin/dig/dig.docbook
vendor/bind9/dist-9.8/bin/dig/dig.html
vendor/bind9/dist-9.8/bin/dig/dighost.c
vendor/bind9/dist-9.8/bin/dig/host.c
vendor/bind9/dist-9.8/bin/dig/include/dig/dig.h
vendor/bind9/dist-9.8/bin/dig/nslookup.1
vendor/bind9/dist-9.8/bin/dig/nslookup.c
vendor/bind9/dist-9.8/bin/dig/nslookup.docbook
vendor/bind9/dist-9.8/bin/dig/nslookup.html
vendor/bind9/dist-9.8/bin/dnssec/dnssec-keygen.c
vendor/bind9/dist-9.8/bin/dnssec/dnssec-signzone.8
vendor/bind9/dist-9.8/bin/dnssec/dnssec-signzone.c
vendor/bind9/dist-9.8/bin/dnssec/dnssec-signzone.docbook
vendor/bind9/dist-9.8/bin/dnssec/dnssec-signzone.html
vendor/bind9/dist-9.8/bin/dnssec/dnssectool.c
vendor/bind9/dist-9.8/bin/named/Makefile.in
vendor/bind9/dist-9.8/bin/named/builtin.c
vendor/bind9/dist-9.8/bin/named/client.c
vendor/bind9/dist-9.8/bin/named/config.c
vendor/bind9/dist-9.8/bin/named/control.c
vendor/bind9/dist-9.8/bin/named/controlconf.c
vendor/bind9/dist-9.8/bin/named/include/named/globals.h
vendor/bind9/dist-9.8/bin/named/include/named/main.h
vendor/bind9/dist-9.8/bin/named/include/named/server.h
vendor/bind9/dist-9.8/bin/named/interfacemgr.c
vendor/bind9/dist-9.8/bin/named/logconf.c
vendor/bind9/dist-9.8/bin/named/lwaddr.c
vendor/bind9/dist-9.8/bin/named/lwdgnba.c
vendor/bind9/dist-9.8/bin/named/lwdgrbn.c
vendor/bind9/dist-9.8/bin/named/main.c
vendor/bind9/dist-9.8/bin/named/named.conf.5
vendor/bind9/dist-9.8/bin/named/named.conf.docbook
vendor/bind9/dist-9.8/bin/named/named.conf.html
vendor/bind9/dist-9.8/bin/named/query.c
vendor/bind9/dist-9.8/bin/named/server.c
vendor/bind9/dist-9.8/bin/named/statschannel.c
vendor/bind9/dist-9.8/bin/named/unix/os.c
vendor/bind9/dist-9.8/bin/named/update.c
vendor/bind9/dist-9.8/bin/named/zoneconf.c
vendor/bind9/dist-9.8/bin/nsupdate/Makefile.in
vendor/bind9/dist-9.8/bin/nsupdate/nsupdate.c
vendor/bind9/dist-9.8/bin/rndc/rndc.8
vendor/bind9/dist-9.8/bin/rndc/rndc.c
vendor/bind9/dist-9.8/bin/rndc/rndc.docbook
vendor/bind9/dist-9.8/bin/rndc/rndc.html
vendor/bind9/dist-9.8/config.guess
vendor/bind9/dist-9.8/config.h.in
vendor/bind9/dist-9.8/config.sub
vendor/bind9/dist-9.8/configure.in
vendor/bind9/dist-9.8/doc/arm/Bv9ARM-book.xml
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.ch03.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.ch04.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.ch05.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.ch06.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.ch07.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.ch08.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.ch09.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.html
vendor/bind9/dist-9.8/doc/arm/Bv9ARM.pdf
vendor/bind9/dist-9.8/doc/arm/man.arpaname.html
vendor/bind9/dist-9.8/doc/arm/man.ddns-confgen.html
vendor/bind9/dist-9.8/doc/arm/man.dig.html
vendor/bind9/dist-9.8/doc/arm/man.dnssec-dsfromkey.html
vendor/bind9/dist-9.8/doc/arm/man.dnssec-keyfromlabel.html
vendor/bind9/dist-9.8/doc/arm/man.dnssec-keygen.html
vendor/bind9/dist-9.8/doc/arm/man.dnssec-revoke.html
vendor/bind9/dist-9.8/doc/arm/man.dnssec-settime.html
vendor/bind9/dist-9.8/doc/arm/man.dnssec-signzone.html
vendor/bind9/dist-9.8/doc/arm/man.genrandom.html
vendor/bind9/dist-9.8/doc/arm/man.host.html
vendor/bind9/dist-9.8/doc/arm/man.isc-hmac-fixup.html
vendor/bind9/dist-9.8/doc/arm/man.named-checkconf.html
vendor/bind9/dist-9.8/doc/arm/man.named-checkzone.html
vendor/bind9/dist-9.8/doc/arm/man.named-journalprint.html
vendor/bind9/dist-9.8/doc/arm/man.named.html
vendor/bind9/dist-9.8/doc/arm/man.nsec3hash.html
vendor/bind9/dist-9.8/doc/arm/man.nsupdate.html
vendor/bind9/dist-9.8/doc/arm/man.rndc-confgen.html
vendor/bind9/dist-9.8/doc/arm/man.rndc.conf.html
vendor/bind9/dist-9.8/doc/arm/man.rndc.html
vendor/bind9/dist-9.8/doc/arm/pkcs11.xml
vendor/bind9/dist-9.8/lib/bind9/api
vendor/bind9/dist-9.8/lib/bind9/check.c
vendor/bind9/dist-9.8/lib/dns/acache.c
vendor/bind9/dist-9.8/lib/dns/acl.c
vendor/bind9/dist-9.8/lib/dns/adb.c
vendor/bind9/dist-9.8/lib/dns/api
vendor/bind9/dist-9.8/lib/dns/client.c
vendor/bind9/dist-9.8/lib/dns/diff.c
vendor/bind9/dist-9.8/lib/dns/dispatch.c
vendor/bind9/dist-9.8/lib/dns/dns64.c
vendor/bind9/dist-9.8/lib/dns/dnssec.c
vendor/bind9/dist-9.8/lib/dns/dst_api.c
vendor/bind9/dist-9.8/lib/dns/dst_internal.h
vendor/bind9/dist-9.8/lib/dns/gen.c
vendor/bind9/dist-9.8/lib/dns/gssapi_link.c
vendor/bind9/dist-9.8/lib/dns/gssapictx.c
vendor/bind9/dist-9.8/lib/dns/hmac_link.c
vendor/bind9/dist-9.8/lib/dns/include/dns/Makefile.in
vendor/bind9/dist-9.8/lib/dns/include/dns/masterdump.h
vendor/bind9/dist-9.8/lib/dns/include/dns/message.h
vendor/bind9/dist-9.8/lib/dns/include/dns/nsec3.h
vendor/bind9/dist-9.8/lib/dns/include/dns/rdata.h
vendor/bind9/dist-9.8/lib/dns/include/dns/zone.h
vendor/bind9/dist-9.8/lib/dns/include/dst/dst.h
vendor/bind9/dist-9.8/lib/dns/include/dst/gssapi.h
vendor/bind9/dist-9.8/lib/dns/journal.c
vendor/bind9/dist-9.8/lib/dns/keydata.c
vendor/bind9/dist-9.8/lib/dns/master.c
vendor/bind9/dist-9.8/lib/dns/masterdump.c
vendor/bind9/dist-9.8/lib/dns/message.c
vendor/bind9/dist-9.8/lib/dns/name.c
vendor/bind9/dist-9.8/lib/dns/nsec.c
vendor/bind9/dist-9.8/lib/dns/nsec3.c
vendor/bind9/dist-9.8/lib/dns/openssldh_link.c
vendor/bind9/dist-9.8/lib/dns/opensslecdsa_link.c
vendor/bind9/dist-9.8/lib/dns/opensslgost_link.c
vendor/bind9/dist-9.8/lib/dns/opensslrsa_link.c
vendor/bind9/dist-9.8/lib/dns/portlist.c
vendor/bind9/dist-9.8/lib/dns/rbt.c
vendor/bind9/dist-9.8/lib/dns/rbtdb.c
vendor/bind9/dist-9.8/lib/dns/rcode.c
vendor/bind9/dist-9.8/lib/dns/rdata.c
vendor/bind9/dist-9.8/lib/dns/rdata/ch_3/a_1.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/afsdb_18.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/dnskey_48.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/eui48_108.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/eui64_109.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/hip_55.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/ipseckey_45.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/isdn_20.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/key_25.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/keydata_65533.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/l32_105.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/l64_106.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/nid_104.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/opt_41.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/rrsig_46.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/rt_21.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/soa_6.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/spf_99.c
vendor/bind9/dist-9.8/lib/dns/rdata/generic/txt_16.c
vendor/bind9/dist-9.8/lib/dns/rdata/hs_4/a_1.c
vendor/bind9/dist-9.8/lib/dns/rdata/in_1/a6_38.c
vendor/bind9/dist-9.8/lib/dns/rdata/in_1/a_1.c
vendor/bind9/dist-9.8/lib/dns/rdata/in_1/aaaa_28.c
vendor/bind9/dist-9.8/lib/dns/rdata/in_1/apl_42.c
vendor/bind9/dist-9.8/lib/dns/rdata/in_1/wks_11.c
vendor/bind9/dist-9.8/lib/dns/rdataslab.c
vendor/bind9/dist-9.8/lib/dns/resolver.c
vendor/bind9/dist-9.8/lib/dns/rootns.c
vendor/bind9/dist-9.8/lib/dns/rpz.c
vendor/bind9/dist-9.8/lib/dns/spnego.c
vendor/bind9/dist-9.8/lib/dns/spnego_asn1.c
vendor/bind9/dist-9.8/lib/dns/ssu.c
vendor/bind9/dist-9.8/lib/dns/ssu_external.c
vendor/bind9/dist-9.8/lib/dns/time.c
vendor/bind9/dist-9.8/lib/dns/tkey.c
vendor/bind9/dist-9.8/lib/dns/tsig.c
vendor/bind9/dist-9.8/lib/dns/ttl.c
vendor/bind9/dist-9.8/lib/dns/validator.c
vendor/bind9/dist-9.8/lib/dns/view.c
vendor/bind9/dist-9.8/lib/dns/xfrin.c
vendor/bind9/dist-9.8/lib/dns/zone.c
vendor/bind9/dist-9.8/lib/export/isc/Makefile.in
vendor/bind9/dist-9.8/lib/export/samples/nsprobe.c
vendor/bind9/dist-9.8/lib/export/samples/sample-request.c
vendor/bind9/dist-9.8/lib/export/samples/sample-update.c
vendor/bind9/dist-9.8/lib/export/samples/sample.c
vendor/bind9/dist-9.8/lib/irs/Makefile.in
vendor/bind9/dist-9.8/lib/irs/api
vendor/bind9/dist-9.8/lib/irs/getaddrinfo.c
vendor/bind9/dist-9.8/lib/irs/include/irs/Makefile.in
vendor/bind9/dist-9.8/lib/irs/include/irs/resconf.h
vendor/bind9/dist-9.8/lib/irs/resconf.c
vendor/bind9/dist-9.8/lib/isc/Makefile.in
vendor/bind9/dist-9.8/lib/isc/api
vendor/bind9/dist-9.8/lib/isc/app_api.c
vendor/bind9/dist-9.8/lib/isc/backtrace.c
vendor/bind9/dist-9.8/lib/isc/base32.c
vendor/bind9/dist-9.8/lib/isc/base64.c
vendor/bind9/dist-9.8/lib/isc/buffer.c
vendor/bind9/dist-9.8/lib/isc/commandline.c
vendor/bind9/dist-9.8/lib/isc/hash.c
vendor/bind9/dist-9.8/lib/isc/heap.c
vendor/bind9/dist-9.8/lib/isc/hex.c
vendor/bind9/dist-9.8/lib/isc/hmacmd5.c
vendor/bind9/dist-9.8/lib/isc/hmacsha.c
vendor/bind9/dist-9.8/lib/isc/include/isc/Makefile.in
vendor/bind9/dist-9.8/lib/isc/include/isc/app.h
vendor/bind9/dist-9.8/lib/isc/include/isc/buffer.h
vendor/bind9/dist-9.8/lib/isc/include/isc/file.h
vendor/bind9/dist-9.8/lib/isc/include/isc/hash.h
vendor/bind9/dist-9.8/lib/isc/include/isc/namespace.h
vendor/bind9/dist-9.8/lib/isc/include/isc/platform.h.in
vendor/bind9/dist-9.8/lib/isc/include/isc/radix.h
vendor/bind9/dist-9.8/lib/isc/include/isc/socket.h
vendor/bind9/dist-9.8/lib/isc/include/isc/stdio.h
vendor/bind9/dist-9.8/lib/isc/inet_aton.c
vendor/bind9/dist-9.8/lib/isc/inet_pton.c
vendor/bind9/dist-9.8/lib/isc/lex.c
vendor/bind9/dist-9.8/lib/isc/log.c
vendor/bind9/dist-9.8/lib/isc/md5.c
vendor/bind9/dist-9.8/lib/isc/mem.c
vendor/bind9/dist-9.8/lib/isc/netaddr.c
vendor/bind9/dist-9.8/lib/isc/radix.c
vendor/bind9/dist-9.8/lib/isc/random.c
vendor/bind9/dist-9.8/lib/isc/sha1.c
vendor/bind9/dist-9.8/lib/isc/sha2.c
vendor/bind9/dist-9.8/lib/isc/sockaddr.c
vendor/bind9/dist-9.8/lib/isc/stats.c
vendor/bind9/dist-9.8/lib/isc/string.c
vendor/bind9/dist-9.8/lib/isc/strtoul.c
vendor/bind9/dist-9.8/lib/isc/unix/app.c
vendor/bind9/dist-9.8/lib/isc/unix/file.c
vendor/bind9/dist-9.8/lib/isc/unix/ifiter_getifaddrs.c
vendor/bind9/dist-9.8/lib/isc/unix/ifiter_ioctl.c
vendor/bind9/dist-9.8/lib/isc/unix/ifiter_sysctl.c
vendor/bind9/dist-9.8/lib/isc/unix/include/isc/Makefile.in
vendor/bind9/dist-9.8/lib/isc/unix/interfaceiter.c
vendor/bind9/dist-9.8/lib/isc/unix/socket.c
vendor/bind9/dist-9.8/lib/isc/unix/stdio.c
vendor/bind9/dist-9.8/lib/isccc/api
vendor/bind9/dist-9.8/lib/isccc/base64.c
vendor/bind9/dist-9.8/lib/isccc/cc.c
vendor/bind9/dist-9.8/lib/isccc/include/isccc/util.h
vendor/bind9/dist-9.8/lib/isccc/sexpr.c
vendor/bind9/dist-9.8/lib/isccfg/api
vendor/bind9/dist-9.8/lib/isccfg/include/isccfg/cfg.h
vendor/bind9/dist-9.8/lib/isccfg/include/isccfg/grammar.h
vendor/bind9/dist-9.8/lib/isccfg/namedconf.c
vendor/bind9/dist-9.8/lib/isccfg/parser.c
vendor/bind9/dist-9.8/lib/lwres/api
vendor/bind9/dist-9.8/lib/lwres/context.c
vendor/bind9/dist-9.8/lib/lwres/getaddrinfo.c
vendor/bind9/dist-9.8/lib/lwres/gethost.c
vendor/bind9/dist-9.8/lib/lwres/getipnode.c
vendor/bind9/dist-9.8/lib/lwres/getrrset.c
vendor/bind9/dist-9.8/lib/lwres/herror.c
vendor/bind9/dist-9.8/lib/lwres/lwbuffer.c
vendor/bind9/dist-9.8/lib/lwres/lwconfig.c
vendor/bind9/dist-9.8/lib/lwres/lwinetaton.c
vendor/bind9/dist-9.8/lib/lwres/lwinetpton.c
vendor/bind9/dist-9.8/lib/lwres/lwres_gabn.c
vendor/bind9/dist-9.8/lib/lwres/lwres_gnba.c
vendor/bind9/dist-9.8/lib/lwres/lwres_grbn.c
vendor/bind9/dist-9.8/lib/lwres/lwres_noop.c
vendor/bind9/dist-9.8/lib/lwres/lwresutil.c
vendor/bind9/dist-9.8/lib/lwres/strtoul.c
vendor/bind9/dist-9.8/make/mkdep.in
vendor/bind9/dist-9.8/version
Modified: vendor/bind9/dist-9.8/CHANGES
==============================================================================
--- vendor/bind9/dist-9.8/CHANGES Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/CHANGES Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,13 +1,289 @@
- --- 9.8.5-P2 released ---
+ --- 9.8.7 released ---
+
+ --- 9.8.7rc2 released ---
+
+3710. [bug] Address double dns_zone_detach when switching to
+ using automatic empty zones from regular zones.
+ [RT #35177]
+
+3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND
+ on a missing resolv.conf file and initializes the
+ structure as if it had been configured with:
+
+ nameserver ::1
+ nameserver 127.0.0.1
+
+ Note: Callers will need to be updated to treat
+ ISC_R_FILENOTFOUND as a qualified success or else
+ they will leak memory. The following code fragment
+ will work with both old and new versions without
+ changing the behaviour of the existing code.
+
+ resconf = NULL;
+ result = irs_resconf_load(mctx, "/etc/resolv.conf",
+ &resconf);
+ if (result != ISC_SUCCESS) {
+ if (resconf != NULL)
+ irs_resconf_destroy(&resconf);
+ ....
+ }
+
+ [RT #35194]
+
+3706. [contrib] queryperf: Fixed a possible integer overflow when
+ printing results. [RT #35182]
+
+3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
+
+ --- 9.8.7rc1 released ---
+
+3701. [func] named-checkconf can now suppress the printing of
+ shared secrets by specifying '-x'. [RT #34465]
+
+3698. [cleanup] Replaced all uses of memcpy() with memmove().
+ [RT #35120]
+
+3697. [bug] Handle "." as a search list element when IDN support
+ is enabled. [RT #35133]
+
+3696. [bug] dig failed to handle AXFR style IXFR responses which
+ span multiple messages. [RT #35137]
+
+3695. [bug] Address a possible race in dispatch.c. [RT #35107]
+
+3694. [bug] Warn when a key-directory is configured for a zone,
+ but does not exist or is not a directory. [RT #35108]
+
+3693. [security] memcpy was incorrectly called with overlapping
+ ranges resulting in malformed names being generated
+ on some platforms. This could cause INSIST failures
+ when serving NSEC3 signed zones (CVE-2014-0591).
+ [RT #35120]
+
+3692. [bug] Two calls to dns_db_getoriginnode were fatal if there
+ was no data at the node. [RT #35080]
+
+3689. [bug] Fixed a bug causing an insecure delegation from one
+ static-stub zone to another to fail with a broken
+ trust chain. [RT #35081]
+
+ --- 9.8.7b1 released ---
+
+3688. [bug] loadnode could return a freed node on out of memory.
+ [RT #35106]
+
+3683. [cleanup] Add a more detailed "not found" message to rndc
+ commands which specify a zone name. [RT #35059]
+
+3681. [port] Update the Windows build system to support feature
+ selection and WIN64 builds. This is a work in
+ progress. [RT #34160]
+
+3679. [bug] dig could fail to clean up TCP sockets still
+ waiting on connect(). [RT #35074]
+
+3678. [port] Update config.guess and config.sub. [RT #35060]
+
+3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple
+ times. [RT #35073]
+
+3676. [bug] "named-checkconf -z" now checks zones of type
+ hint as well as master. [RT #35046]
+
+3675. [misc] Provide a place for third parties to add version
+ information for their extensions in the version
+ file by setting the EXTENSIONS variable.
+
+3670. [bug] Address read after free in server side of
+ lwres_getrrsetbyname. [RT #29075]
+
+3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001]
+
+3668. [bug] Fix cast in lex.c which could see 0xff treated as eof.
+ [RT #34993]
+3667. [test] dig: add support to keep the TCP socket open between
+ successive queries (+[no]keepopen). [RT #34918]
+
+3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list
+ locking and other bugs. [RT #34855]
+
+3663. [bug] Address bugs in dns_rdata_fromstruct and
+ dns_rdata_tostruct for WKS and ISDN types. [RT #34910]
+
+3662. [bug] 'host' could die if a UDP query timed out. [RT #34870]
+
+3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
+ [RT #23825]
+
+3658. [port] linux: Address platform specific compilation issue
+ when libcap-devel is installed. [RT #34838]
+
+3656. [security] Treat an all zero netmask as invalid when generating
+ the localnets acl. (The prior behavior could
+ allow unexpected matches when using some versions
+ of Winsock: CVE-2013-6320.) [RT #34687]
+
+3655. [cleanup] Simplify TCP message processing when requesting a
+ zone transfer. [RT #34825]
+
+3654. [bug] Address race condition with manual notify requests.
+ [RT #34806]
+
+3653. [func] Create delegations for all "children" of empty zones
+ except "forward first". [RT #34826]
+
+3651. [tuning] Adjust when a master server is deemed unreachable.
+ [RT #27075]
+
+3650. [tuning] Use separate rate limiting queues for refresh and
+ notify requests. [RT #30589]
+
+3649. [cleanup] Include a comment in .nzf files, giving the name of
+ the associated view. [RT #34765]
+
+3648. [test] Updated the ATF test framework to version 0.17.
+ [RT #25627]
+
+3646. [bug] Journal filename string could be set incorrectly,
+ causing garbage in log messages. [RT #34738]
+
+3645. [protocol] Use case sensitive compression when responding to
+ queries. [RT #34737]
+
+3644. [protocol] Check that EDNS subnet client options are well formed.
+ [RT #34718]
+
+3641. [bug] Handle changes to sig-validity-interval settings
+ better. [RT #34625]
+
+3640. [bug] ndots was not being checked when searching. Only
+ continue searching on NXDOMAIN responses. Add the
+ ability to specify ndots to nslookup. [RT #34711]
+
+3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used
+ in a key zone. [RT #34238]
+
+ --- 9.8.6 released ---
+
+3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is
+ encountered. [RT #34668]
+
+ --- 9.8.6rc2 released ---
+
+3637. [bug] 'allow-query-on' was checking the source address
+ rather than the destination address. [RT #34590]
+
+3636. [bug] Automatic empty zones now behave better with
+ forward only "zones" beneath them. [RT #34583]
+
+3635. [bug] Signatures were not being removed from a zone with
+ only KSK keys for a algorithm. [RT #34439]
+
+3634. [func] Report build-id in rndc status. Report build-id
+ when building from a git repository. [RT #20422]
+
+3633. [cleanup] Refactor OPT processing in named to make it easier
+ to support new EDNS options. [RT #34414]
+
+3632. [bug] Signature from newly inactive keys were not being
+ removed. [RT #32178]
+
+3631. [bug] Remove spurious warning about missing signatures when
+ qtype is SIG. [RT #34600]
+
+3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033]
+
+3627. [bug] RPZ changes were not effective on slaves. [RT #34450]
+
+3625. [bug] Don't send notify messages to machines outside of the
+ test setup.
+
+ --- 9.8.6rc1 released ---
3621. [security] Incorrect bounds checking on private type 'keydata'
can lead to a remotely triggerable REQUIRE failure
(CVE-2013-4854). [RT #34238]
- --- 9.8.5-P1 released ---
+3615. [cleanup] "configure" now finishes by printing a summary
+ of optional BIND features and whether they are
+ active or inactive. ("configure --enable-full-report"
+ increases the verbosity of the summary.) [RT #31777]
+
+3614. [port] Check for <linux/types.h>. [RT #34162]
+
+3611. [bug] Improved resistance to a theoretical authentication
+ attack based on differential timing. [RT #33939]
+
+3610. [cleanup] win32: Some executables had been omitted from the
+ installer. [RT #34116]
+
+3608. [port] win32: added todos.pl script to ensure all text files
+ the win32 build depends on are converted to DOS
+ newline format. [RT #22067]
+
+3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error
+ message. [RT #34045]
+
+ --- 9.8.6b1 released ---
+
+3605. [port] win32: Addressed several compatibility issues
+ with newer versions of Visual Studio. [RT #33916]
+
+3603. [bug] Install <isc/stat.h>. [RT #33956]
+
+3601. [bug] Added to PKCS#11 openssl patches a value len
+ attribute in DH derive key. [RT #33928]
+
+3600. [cleanup] dig: Fixed a typo in the warning output when receiving
+ an oversized response. [RT #33910]
+
+3599. [tuning] Check for pointer equivalence in name comparisons.
+ [RT #18125]
+
+3594. [maint] Update config.guess and config.sub. [RT #33816]
+
+3592. [doc] Moved documentation of rndc command options to the
+ rndc man page. [RT #33506]
+
+3588. [bug] dig: addressed a memory leak in the sigchase code
+ that could cause a shutdown crash. [RT #33733]
+
+3587. [func] 'named -g' now checks the logging configuration but
+ does not use it. [RT #33473]
+
+3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706]
3584. [security] Caching data from an incompletely signed zone could
- trigger an assertion failure in resolver.c [RT #33690]
+ trigger an assertion failure in resolver.c
+ (CVE-2013-3919). [RT #33690]
+
+3583. [bug] Address memory leak in GSS-API processing [RT #33574]
+
+3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029]
+
+3580. [bug] Addressed a possible race in acache.c [RT #33602]
+
+3579. [maint] Updates to PKCS#11 openssl patches, supporting
+ versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463]
+
+3578. [bug] 'rndc -c file' now fails if 'file' does not exist.
+ [RT #33571]
+
+3577. [bug] Handle zero TTL values better. [RT #33411]
+
+3576. [bug] Address a shutdown race when validating. [RT #33573]
+
+3574. [doc] The 'hostname' keyword was missing from server-id
+ description in the named.conf man page. [RT #33476]
+
+3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled
+ zone names containing punctuation marks and other
+ nonstandard characters. [RT #33419]
+
+3571. [bug] Address race condition in dns_client_startresolve().
+ [RT #33234]
+
+3566. [func] Log when forwarding updates to master. [RT #33240]
--- 9.8.5 released ---
Modified: vendor/bind9/dist-9.8/COPYRIGHT
==============================================================================
--- vendor/bind9/dist-9.8/COPYRIGHT Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/COPYRIGHT Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
@@ -13,8 +13,6 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.17.14.2 2012/01/04 23:46:18 tbox Exp $
-
Portions of this code release fall under one or more of the
following Copyright notices. Please see individual source
files for details.
@@ -99,11 +97,7 @@ are met:
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by the University of
- California, Berkeley and its contributors.
-4. Neither the name of the University nor the names of its contributors
+3. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
@@ -516,3 +510,29 @@ STRICT LIABILITY, OR TORT (INCLUDING NEG
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+
+Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
Modified: vendor/bind9/dist-9.8/Makefile.in
==============================================================================
--- vendor/bind9/dist-9.8/Makefile.in Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/Makefile.in Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -54,7 +54,11 @@ installdirs:
install:: isc-config.sh installdirs
${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
+ rm -f ${DESTDIR}${bindir}/bind9-config
+ @LN@ ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config
${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
+ rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
+ @LN@ ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1
${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
tags:
@@ -86,5 +90,8 @@ FAQ: FAQ.xml
LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp
mv $@.tmp $@
+unit::
+ sh ${top_srcdir}/unit/unittest.sh
+
clean::
rm -f FAQ.tmp
Modified: vendor/bind9/dist-9.8/README
==============================================================================
--- vendor/bind9/dist-9.8/README Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/README Mon Feb 24 13:57:07 2014 (r262443)
@@ -48,18 +48,36 @@ BIND 9
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
- For up-to-date release notes and errata, see
- http://www.isc.org/software/bind9/releasenotes
+ For up-to-date release notes and errata, see
+ http://www.isc.org/software/bind9/releasenotes
+
+BIND 9.8.7
+
+ BIND 9.8.7 includes several bug fixes and patches the security
+ flaws described in CVE-2013-6320 and CVE-2014-0591. It also
+ includes the following functional enhancements:
+
+ - "named" now preserves the capitalization of names when
+ responding to queries.
+ - "named-checkconf -px" will print the contents of configuration
+ files with the shared secrets obscured, making it easier to
+ share configuration (e.g. when submitting a bug report)
+ without revealing private information.
+
+BIND 9.8.6
+
+ BIND 9.8.6 includes several bug fixes and patches the security
+ flaws described in CVE-2013-3919 and CVE-2013-4854.
BIND 9.8.5
- BIND 9.8.5 includes several bug fixes and patches security
- flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
+ BIND 9.8.5 includes several bug fixes and patches security
+ flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
BIND 9.8.4
- BIND 9.8.4 includes several bug fixes and patches security
- flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
+ BIND 9.8.4 includes several bug fixes and patches security
+ flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
BIND 9.8.3
@@ -72,32 +90,32 @@ BIND 9.8.2
BIND 9.8.1
- BIND 9.8.1 includes a number of bug fixes and enhancements from
+ BIND 9.8.1 includes a number of bug fixes and enhancements from
BIND 9.8 and earlier releases. New features include:
- The DLZ "dlopen" driver is now built by default.
- Added a new include file with function typedefs
- for the DLZ "dlopen" driver.
+ for the DLZ "dlopen" driver.
- Made "--with-gssapi" default.
- More verbose error reporting from DLZ LDAP.
BIND 9.8.0
- BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
- releases. New features include:
+ BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
+ releases. New features include:
- - Built-in trust anchor for the root zone, which can be
- switched on via "dnssec-validation auto;"
- - Support for DNS64.
- - Support for response policy zones (RPZ).
- - Support for writable DLZ zones.
- - Improved ease of configuration of GSS/TSIG for
- interoperability with Active Directory
- - Support for GOST signing algorithm for DNSSEC.
- - Removed RTT Banding from server selection algorithm.
- - New "static-stub" zone type.
- - Allow configuration of resolver timeouts via
- "resolver-query-timeout" option.
+ - Built-in trust anchor for the root zone, which can be
+ switched on via "dnssec-validation auto;"
+ - Support for DNS64.
+ - Support for response policy zones (RPZ).
+ - Support for writable DLZ zones.
+ - Improved ease of configuration of GSS/TSIG for
+ interoperability with Active Directory
+ - Support for GOST signing algorithm for DNSSEC.
+ - Removed RTT Banding from server selection algorithm.
+ - New "static-stub" zone type.
+ - Allow configuration of resolver timeouts via
+ "resolver-query-timeout" option.
BIND 9.7.0
@@ -183,9 +201,9 @@ Building
Ubuntu 7.04, 7.10
Windows XP/2003/2008
- NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
- Windows, including Windows NT and Windows 2000, are no longer
- supported.
+ NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
+ Windows, including Windows NT and Windows 2000, are no longer
+ supported.
We have recent reports from the user community that a supported
version of BIND will build and run on the following systems:
@@ -238,7 +256,7 @@ Building
-DDIG_SIGCHASE_BU=1)
Disable dropping queries from particular well known ports.
-DNS_CLIENT_DROPPORT=0
- Sibling glue checking in named-checkzone is enabled by default.
+ Sibling glue checking in named-checkzone is enabled by default.
To disable the default check set. -DCHECK_SIBLING=0
named-checkzone checks out-of-zone addresses by default.
To disable this default set. -DCHECK_LOCAL=0
@@ -285,10 +303,10 @@ Building
on the configure command line. The default is operating
system dependent.
- Support for the "fixed" rrset-order option can be enabled
- or disabled by specifying "--enable-fixed-rrset" or
- "--disable-fixed-rrset" on the configure command line.
- The default is "disabled", to reduce memory footprint.
+ Support for the "fixed" rrset-order option can be enabled
+ or disabled by specifying "--enable-fixed-rrset" or
+ "--disable-fixed-rrset" on the configure command line.
+ The default is "disabled", to reduce memory footprint.
If your operating system has integrated support for IPv6, it
will be used automatically. If you have installed KAME IPv6
@@ -355,8 +373,8 @@ Documentation
Frequently asked questions and their answers can be found in
FAQ.
- Additional information on various subjects can be found
- in the other README files.
+ Additional information on various subjects can be found
+ in the other README files.
Change Log
@@ -373,7 +391,7 @@ Change Log
[security] Fix for a significant security flaw
[experimental] Used for new features when the syntax
- or other aspects of the design are still
+ or other aspects of the design are still
in flux and may change
[port] Portability enhancement
@@ -382,15 +400,15 @@ Change Log
server addresses and keys
[tuning] Changes to built-in configuration defaults
- and constants to improve performanceo
+ and constants to improve performanceo
[protocol] Updates to the DNS protocol such as new
RR types
- [test] Changes to the automatic tests, not
- affecting server functionality
+ [test] Changes to the automatic tests, not
+ affecting server functionality
- [cleanup] Minor corrections and refactoring
+ [cleanup] Minor corrections and refactoring
[doc] Documentation
Modified: vendor/bind9/dist-9.8/bin/check/named-checkconf.8
==============================================================================
--- vendor/bind9/dist-9.8/bin/check/named-checkconf.8 Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/check/named-checkconf.8 Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -33,7 +33,7 @@
named\-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS"
.HP 16
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\-checkconf\fR
@@ -84,6 +84,14 @@ Print out the
and included files in canonical form if no errors were detected.
.RE
.PP
+\-x
+.RS 4
+When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks ('?'). This allows the contents of
+\fInamed.conf\fR
+and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data. This option cannot be used without
+\fB\-p\fR.
+.RE
+.PP
\-z
.RS 4
Perform a test load of all master zones found in
@@ -113,7 +121,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
Modified: vendor/bind9/dist-9.8/bin/check/named-checkconf.c
==============================================================================
--- vendor/bind9/dist-9.8/bin/check/named-checkconf.c Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/check/named-checkconf.c Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -39,10 +39,13 @@
#include <bind9/check.h>
+#include <dns/db.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/name.h>
+#include <dns/rdataclass.h>
#include <dns/result.h>
+#include <dns/rootns.h>
#include <dns/zone.h>
#include "check-tool.h"
@@ -151,6 +154,30 @@ config_get(const cfg_obj_t **maps, const
}
}
+static isc_result_t
+configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_rdataclass_t rdclass;
+ isc_textregion_t r;
+
+ if (zfile == NULL)
+ return (ISC_R_FAILURE);
+
+ DE_CONST(zclass, r.base);
+ r.length = strlen(zclass);
+ result = dns_rdataclass_fromtext(&rdclass, &r);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = dns_rootns_create(mctx, rdclass, zfile, &db);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ dns_db_detach(&db);
+ return (ISC_R_SUCCESS);
+}
+
/*% configure the zone */
static isc_result_t
configure_zone(const char *vclass, const char *view,
@@ -161,7 +188,7 @@ configure_zone(const char *vclass, const
isc_result_t result;
const char *zclass;
const char *zname;
- const char *zfile;
+ const char *zfile = NULL;
const cfg_obj_t *maps[4];
const cfg_obj_t *zoptions = NULL;
const cfg_obj_t *classobj = NULL;
@@ -195,15 +222,26 @@ configure_zone(const char *vclass, const
cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL)
return (ISC_R_FAILURE);
- if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
+
+ cfg_map_get(zoptions, "file", &fileobj);
+ if (fileobj != NULL)
+ zfile = cfg_obj_asstring(fileobj);
+
+ /*
+ * Check hints files for hint zones.
+ * Skip loading checks for any type other than master.
+ */
+ if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0)
+ return (configure_hint(zfile, zclass, mctx));
+ else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0))
return (ISC_R_SUCCESS);
+
+ if (zfile == NULL)
+ return (ISC_R_FAILURE);
+
cfg_map_get(zoptions, "database", &dbobj);
if (dbobj != NULL)
return (ISC_R_SUCCESS);
- cfg_map_get(zoptions, "file", &fileobj);
- if (fileobj == NULL)
- return (ISC_R_FAILURE);
- zfile = cfg_obj_asstring(fileobj);
obj = NULL;
if (get_maps(maps, "check-dup-records", &obj)) {
@@ -341,7 +379,7 @@ configure_zone(const char *vclass, const
if (result != ISC_R_SUCCESS)
fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
dns_result_totext(result));
- return(result);
+ return (result);
}
/*% configure a view */
@@ -442,10 +480,11 @@ main(int argc, char **argv) {
isc_entropy_t *ectx = NULL;
isc_boolean_t load_zones = ISC_FALSE;
isc_boolean_t print = ISC_FALSE;
+ unsigned int flags = 0;
isc_commandline_errprint = ISC_FALSE;
- while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) {
+ while ((c = isc_commandline_parse(argc, argv, "dhjt:pvxz")) != EOF) {
switch (c) {
case 'd':
debug++;
@@ -472,6 +511,10 @@ main(int argc, char **argv) {
printf(VERSION "\n");
exit(0);
+ case 'x':
+ flags |= CFG_PRINTER_XKEY;
+ break;
+
case 'z':
load_zones = ISC_TRUE;
docheckmx = ISC_FALSE;
@@ -494,6 +537,11 @@ main(int argc, char **argv) {
}
}
+ if (((flags & CFG_PRINTER_XKEY) != 0) && !print) {
+ fprintf(stderr, "%s: -x cannot be used without -p\n", program);
+ exit(1);
+ }
+
if (isc_commandline_index + 1 < argc)
usage();
if (argv[isc_commandline_index] != NULL)
@@ -534,7 +582,7 @@ main(int argc, char **argv) {
}
if (print && exit_status == 0)
- cfg_print(config, output, NULL);
+ cfg_printx(config, flags, output, NULL);
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
Modified: vendor/bind9/dist-9.8/bin/check/named-checkconf.docbook
==============================================================================
--- vendor/bind9/dist-9.8/bin/check/named-checkconf.docbook Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/check/named-checkconf.docbook Mon Feb 24 13:57:07 2014 (r262443)
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "—">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -36,6 +36,7 @@
<year>2005</year>
<year>2007</year>
<year>2009</year>
+ <year>2014</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -60,6 +61,7 @@
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg choice="req">filename</arg>
<arg><option>-p</option></arg>
+ <arg><option>-x</option></arg>
<arg><option>-z</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -130,6 +132,21 @@
</varlistentry>
<varlistentry>
+ <term>-x</term>
+ <listitem>
+ <para>
+ When printing the configuration files in canonical
+ form, obscure shared secrets by replacing them with
+ strings of question marks ('?'). This allows the
+ contents of <filename>named.conf</filename> and related
+ files to be shared — for example, when submitting
+ bug reports — without compromising private data.
+ This option cannot be used without <option>-p</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-z</term>
<listitem>
<para>
Modified: vendor/bind9/dist-9.8/bin/check/named-checkconf.html
==============================================================================
--- vendor/bind9/dist-9.8/bin/check/named-checkconf.html Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/check/named-checkconf.html Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543396"></a><h2>DESCRIPTION</h2>
+<a name="id2543403"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@@ -52,7 +52,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543445"></a><h2>OPTIONS</h2>
+<a name="id2543452"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -74,6 +74,16 @@
Print out the <code class="filename">named.conf</code> and included files
in canonical form if no errors were detected.
</p></dd>
+<dt><span class="term">-x</span></dt>
+<dd><p>
+ When printing the configuration files in canonical
+ form, obscure shared secrets by replacing them with
+ strings of question marks ('?'). This allows the
+ contents of <code class="filename">named.conf</code> and related
+ files to be shared — for example, when submitting
+ bug reports — without compromising private data.
+ This option cannot be used without <code class="option">-p</code>.
+ </p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
Perform a test load of all master zones found in
@@ -91,21 +101,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543569"></a><h2>RETURN VALUES</h2>
+<a name="id2543596"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543580"></a><h2>SEE ALSO</h2>
+<a name="id2543608"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543610"></a><h2>AUTHOR</h2>
+<a name="id2543638"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
Modified: vendor/bind9/dist-9.8/bin/confgen/ddns-confgen.c
==============================================================================
--- vendor/bind9/dist-9.8/bin/confgen/ddns-confgen.c Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/confgen/ddns-confgen.c Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -101,7 +101,7 @@ main(int argc, char **argv) {
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
- memcpy(program, "ddns-confgen", 13);
+ memmove(program, "ddns-confgen", 13);
progname = program;
isc_commandline_errprint = ISC_FALSE;
Modified: vendor/bind9/dist-9.8/bin/confgen/rndc-confgen.c
==============================================================================
--- vendor/bind9/dist-9.8/bin/confgen/rndc-confgen.c Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/confgen/rndc-confgen.c Mon Feb 24 13:57:07 2014 (r262443)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -120,7 +120,7 @@ main(int argc, char **argv) {
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
- memcpy(program, "rndc-confgen", 13);
+ memmove(program, "rndc-confgen", 13);
progname = program;
keyname = DEFAULT_KEYNAME;
Modified: vendor/bind9/dist-9.8/bin/dig/dig.1
==============================================================================
--- vendor/bind9/dist-9.8/bin/dig/dig.1 Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/dig/dig.1 Mon Feb 24 13:57:07 2014 (r262443)
@@ -20,11 +20,11 @@
.\" Title: dig
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: Jun 30, 2000
+.\" Date: June 30, 2000
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "DIG" "1" "June 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -57,7 +57,7 @@ allows multiple lookups to be issued fro
Unless it is told to query a specific name server,
\fBdig\fR
will try each of the servers listed in
-\fI/etc/resolv.conf\fR. If no usable server addreses are found,
+\fI/etc/resolv.conf\fR. If no usable server addresses are found,
\fBdig\fR
will send the query to the local host.
.PP
@@ -514,6 +514,12 @@ When chasing DNSSEC signature chains per
.RS 4
Include an EDNS name server ID request when sending a query.
.RE
+.PP
+\fB+[no]keepopen\fR
+.RS 4
+Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is
+\fB+nokeepopen\fR.
+.RE
.SH "MULTIPLE QUERIES"
.PP
The BIND 9 implementation of
Modified: vendor/bind9/dist-9.8/bin/dig/dig.c
==============================================================================
--- vendor/bind9/dist-9.8/bin/dig/dig.c Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/dig/dig.c Mon Feb 24 13:57:07 2014 (r262443)
@@ -225,6 +225,7 @@ help(void) {
#endif
" +[no]multiline (Print records in an expanded format)\n"
" +[no]onesoa (AXFR prints only one soa record)\n"
+" +[no]keepopen (Keep the TCP socket open between queries)\n"
" global d-opts and servers (before host name) affect all queries.\n"
" local d-opts and servers (after host name) affect only that lookup.\n"
" -h (print help and exit)\n"
@@ -534,10 +535,11 @@ printmessage(dig_query_t *query, dns_mes
(msg->rcode == dns_rcode_formerr ||
msg->rcode == dns_rcode_notimp))
printf("\n;; WARNING: EDNS query returned status "
- "%s - retry with '+noedns'\n",
- rcode_totext(msg->rcode));
+ "%s - retry with '%s+noedns'\n",
+ rcode_totext(msg->rcode),
+ query->lookup->dnssec ? "+nodnssec ": "");
if (msg != query->lookup->sendmsg && extrabytes != 0U)
- printf(";; WARNING: Messages has %u extra byte%s at "
+ printf(";; WARNING: Message has %u extra byte%s at "
"end\n", extrabytes, extrabytes != 0 ? "s" : "");
}
@@ -891,6 +893,10 @@ plus_option(char *option, isc_boolean_t
lookup->ignore = ISC_TRUE;
}
break;
+ case 'k':
+ FULLCHECK("keepopen");
+ keep_open = state;
+ break;
case 'm': /* multiline */
FULLCHECK("multiline");
multiline = state;
Modified: vendor/bind9/dist-9.8/bin/dig/dig.docbook
==============================================================================
--- vendor/bind9/dist-9.8/bin/dig/dig.docbook Mon Feb 24 13:43:11 2014 (r262442)
+++ vendor/bind9/dist-9.8/bin/dig/dig.docbook Mon Feb 24 13:57:07 2014 (r262443)
@@ -22,7 +22,7 @@
<refentry id="man.dig">
<refentryinfo>
- <date>Jun 30, 2000</date>
+ <date>June 30, 2000</date>
</refentryinfo>
<refmeta>
@@ -118,7 +118,7 @@
<para>
Unless it is told to query a specific name server,
<command>dig</command> will try each of the servers listed in
- <filename>/etc/resolv.conf</filename>. If no usable server addreses
+ <filename>/etc/resolv.conf</filename>. If no usable server addresses
are found, <command>dig</command> will send the query to the local
host.
</para>
@@ -868,6 +868,16 @@
</listitem>
</varlistentry>
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-vendor
mailing list