From owner-svn-src-all@FreeBSD.ORG Tue Feb 16 05:14:52 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99C6E1065670; Tue, 16 Feb 2010 05:14:52 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 834558FC08; Tue, 16 Feb 2010 05:14:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o1G5Eqbt023479; Tue, 16 Feb 2010 05:14:52 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o1G5Eq20023463; Tue, 16 Feb 2010 05:14:52 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201002160514.o1G5Eq20023463@svn.freebsd.org> From: Doug Barton Date: Tue, 16 Feb 2010 05:14:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203948 - in stable/7: contrib/bind9 contrib/bind9/bin/check contrib/bind9/bin/dig contrib/bind9/bin/dig/include/dig contrib/bind9/bin/dnssec contrib/bind9/bin/named contrib/bind9/bin/n... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Feb 2010 05:14:52 -0000 Author: dougb Date: Tue Feb 16 05:14:51 2010 New Revision: 203948 URL: http://svn.freebsd.org/changeset/base/203948 Log: Upgrade to BIND 9.4-ESV. This version incorporates all bug and security fixes since the release of 9.4.3, including the most recent -P5 security fix detailed below. From the README: BIND 9.4-ESV will be supported until December 31, 2010, at which time you will need to upgrade to the current release of BIND. This versions address the following vulnerabilities: BIND 9 Cache Update from Additional Section https://www.isc.org/advisories/CVE-2009-4022v6 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 A nameserver with DNSSEC validation enabled may incorrectly add unauthenticated records to its cache that are received during the resolution of a recursive client query BIND 9 DNSSEC validation code could cause bogus NXDOMAIN responses https://www.isc.org/advisories/CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly These issues only affect systems with DNSSEC validation enabled. Approved by: re (kensmith) Added: stable/7/contrib/bind9/doc/draft/draft-ietf-6man-text-addr-representation-01.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-6man-text-addr-representation-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-behave-dns64-01.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-behave-dns64-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-axfr-clarify-12.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-axfr-clarify-12.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dns-tcp-requirements-02.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-dns-tcp-requirements-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-09.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-09.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-gost-05.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-dnssec-gost-05.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-rfc2671bis-edns0-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-18.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc3597-bis-00.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-rfc3597-bis-00.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-tsig-md5-deprecated-03.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-default-local-zones-09.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsop-default-local-zones-09.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsop-name-server-management-reqs-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-respsize-06.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsop-respsize-06.txt stable/7/contrib/bind9/doc/rfc/rfc1912.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc1912.txt stable/7/contrib/bind9/doc/rfc/rfc3755.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc3755.txt stable/7/contrib/bind9/doc/rfc/rfc4294.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4294.txt stable/7/contrib/bind9/doc/rfc/rfc4339.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4339.txt stable/7/contrib/bind9/doc/rfc/rfc4471.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4471.txt stable/7/contrib/bind9/doc/rfc/rfc4472.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4472.txt stable/7/contrib/bind9/doc/rfc/rfc4509.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4509.txt stable/7/contrib/bind9/doc/rfc/rfc4635.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4635.txt stable/7/contrib/bind9/doc/rfc/rfc4697.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4697.txt stable/7/contrib/bind9/doc/rfc/rfc4892.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4892.txt stable/7/contrib/bind9/doc/rfc/rfc4955.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4955.txt stable/7/contrib/bind9/doc/rfc/rfc4956.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc4956.txt stable/7/contrib/bind9/doc/rfc/rfc5001.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc5001.txt stable/7/contrib/bind9/doc/rfc/rfc5011.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc5011.txt stable/7/contrib/bind9/doc/rfc/rfc5205.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc5205.txt stable/7/contrib/bind9/doc/rfc/rfc5452.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc5452.txt stable/7/contrib/bind9/doc/rfc/rfc5507.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc5507.txt stable/7/contrib/bind9/doc/rfc/rfc5625.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc5625.txt stable/7/contrib/bind9/doc/rfc/rfc5702.txt - copied unchanged from r203851, vendor/bind9/dist-9.4/doc/rfc/rfc5702.txt Deleted: stable/7/contrib/bind9/doc/draft/draft-baba-dnsext-acl-reqts-01.txt stable/7/contrib/bind9/doc/draft/draft-daigle-napstr-04.txt stable/7/contrib/bind9/doc/draft/draft-danisch-dns-rr-smtp-03.txt stable/7/contrib/bind9/doc/draft/draft-dnsext-opcode-discover-02.txt stable/7/contrib/bind9/doc/draft/draft-durand-dnsop-dynreverse-00.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-2929bis-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-axfr-clarify-05.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dhcid-rr-12.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dns-name-p-s-00.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-2535typecode-change-06.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-experiments-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-online-signing-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-opt-in-07.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-rsasha256-00.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-dnssec-trans-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-ds-sha256-05.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-keyrr-key-signing-flag-12.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-mdns-43.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-nsec3-04.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-nsid-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2536bis-dsa-06.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2538bis-04.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-rfc2539bis-dhk-06.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-signed-nonexistence-requirements-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-tkey-renewal-mode-05.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-trustupdate-threshold-00.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-trustupdate-timers-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-tsig-sha-06.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsext-wcard-clarify-10.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-dnssec-operational-practices-08.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-dns-configuration-06.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-dns-issues-11.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-ipv6-transport-guidelines-01.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-key-rollover-requirements-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-respsize-02.txt stable/7/contrib/bind9/doc/draft/draft-ietf-dnsop-serverid-06.txt stable/7/contrib/bind9/doc/draft/draft-ietf-enum-e164-gstn-np-05.txt stable/7/contrib/bind9/doc/draft/draft-ietf-ipv6-node-requirements-08.txt stable/7/contrib/bind9/doc/draft/draft-ietf-secsh-dns-05.txt stable/7/contrib/bind9/doc/draft/draft-ihren-dnsext-threshold-validation-00.txt stable/7/contrib/bind9/doc/draft/draft-park-ipv6-extensions-dns-pnp-00.txt Modified: stable/7/contrib/bind9/CHANGES stable/7/contrib/bind9/COPYRIGHT stable/7/contrib/bind9/FAQ stable/7/contrib/bind9/FAQ.xml stable/7/contrib/bind9/Makefile.in stable/7/contrib/bind9/README stable/7/contrib/bind9/README.idnkit stable/7/contrib/bind9/acconfig.h stable/7/contrib/bind9/bin/check/check-tool.c stable/7/contrib/bind9/bin/check/named-checkconf.8 stable/7/contrib/bind9/bin/check/named-checkconf.c stable/7/contrib/bind9/bin/check/named-checkconf.html stable/7/contrib/bind9/bin/check/named-checkzone.8 stable/7/contrib/bind9/bin/check/named-checkzone.c stable/7/contrib/bind9/bin/check/named-checkzone.docbook stable/7/contrib/bind9/bin/check/named-checkzone.html stable/7/contrib/bind9/bin/dig/dig.1 stable/7/contrib/bind9/bin/dig/dig.c stable/7/contrib/bind9/bin/dig/dig.docbook stable/7/contrib/bind9/bin/dig/dig.html stable/7/contrib/bind9/bin/dig/dighost.c stable/7/contrib/bind9/bin/dig/host.1 stable/7/contrib/bind9/bin/dig/host.c stable/7/contrib/bind9/bin/dig/host.docbook stable/7/contrib/bind9/bin/dig/host.html stable/7/contrib/bind9/bin/dig/include/dig/dig.h stable/7/contrib/bind9/bin/dig/nslookup.1 stable/7/contrib/bind9/bin/dig/nslookup.c stable/7/contrib/bind9/bin/dig/nslookup.html stable/7/contrib/bind9/bin/dnssec/dnssec-keygen.8 stable/7/contrib/bind9/bin/dnssec/dnssec-keygen.html stable/7/contrib/bind9/bin/dnssec/dnssec-signzone.8 stable/7/contrib/bind9/bin/dnssec/dnssec-signzone.c stable/7/contrib/bind9/bin/dnssec/dnssec-signzone.html stable/7/contrib/bind9/bin/named/client.c stable/7/contrib/bind9/bin/named/control.c stable/7/contrib/bind9/bin/named/include/named/client.h stable/7/contrib/bind9/bin/named/include/named/log.h stable/7/contrib/bind9/bin/named/include/named/lwdclient.h stable/7/contrib/bind9/bin/named/include/named/notify.h stable/7/contrib/bind9/bin/named/include/named/server.h stable/7/contrib/bind9/bin/named/interfacemgr.c stable/7/contrib/bind9/bin/named/log.c stable/7/contrib/bind9/bin/named/lwresd.8 stable/7/contrib/bind9/bin/named/lwresd.docbook stable/7/contrib/bind9/bin/named/lwresd.html stable/7/contrib/bind9/bin/named/main.c stable/7/contrib/bind9/bin/named/named.8 stable/7/contrib/bind9/bin/named/named.conf.5 stable/7/contrib/bind9/bin/named/named.conf.html stable/7/contrib/bind9/bin/named/named.html stable/7/contrib/bind9/bin/named/query.c stable/7/contrib/bind9/bin/named/server.c stable/7/contrib/bind9/bin/named/unix/os.c stable/7/contrib/bind9/bin/named/update.c stable/7/contrib/bind9/bin/named/xfrout.c stable/7/contrib/bind9/bin/nsupdate/nsupdate.1 stable/7/contrib/bind9/bin/nsupdate/nsupdate.c stable/7/contrib/bind9/bin/nsupdate/nsupdate.docbook stable/7/contrib/bind9/bin/nsupdate/nsupdate.html stable/7/contrib/bind9/bin/rndc/include/rndc/os.h stable/7/contrib/bind9/bin/rndc/rndc-confgen.8 stable/7/contrib/bind9/bin/rndc/rndc-confgen.html stable/7/contrib/bind9/bin/rndc/rndc.8 stable/7/contrib/bind9/bin/rndc/rndc.c stable/7/contrib/bind9/bin/rndc/rndc.conf.5 stable/7/contrib/bind9/bin/rndc/rndc.conf.html stable/7/contrib/bind9/bin/rndc/rndc.html stable/7/contrib/bind9/config.guess stable/7/contrib/bind9/config.h.in stable/7/contrib/bind9/configure.in stable/7/contrib/bind9/doc/arm/Bv9ARM-book.xml stable/7/contrib/bind9/doc/arm/Bv9ARM.ch01.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch02.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch03.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch04.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch05.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch06.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch07.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch08.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch09.html stable/7/contrib/bind9/doc/arm/Bv9ARM.ch10.html stable/7/contrib/bind9/doc/arm/Bv9ARM.html stable/7/contrib/bind9/doc/arm/Bv9ARM.pdf stable/7/contrib/bind9/doc/arm/Makefile.in stable/7/contrib/bind9/doc/arm/man.dig.html stable/7/contrib/bind9/doc/arm/man.dnssec-keygen.html stable/7/contrib/bind9/doc/arm/man.dnssec-signzone.html stable/7/contrib/bind9/doc/arm/man.host.html stable/7/contrib/bind9/doc/arm/man.named-checkconf.html stable/7/contrib/bind9/doc/arm/man.named-checkzone.html stable/7/contrib/bind9/doc/arm/man.named.html stable/7/contrib/bind9/doc/arm/man.rndc-confgen.html stable/7/contrib/bind9/doc/arm/man.rndc.conf.html stable/7/contrib/bind9/doc/arm/man.rndc.html stable/7/contrib/bind9/doc/misc/Makefile.in stable/7/contrib/bind9/doc/rfc/index stable/7/contrib/bind9/lib/bind/configure.in stable/7/contrib/bind9/lib/bind9/api stable/7/contrib/bind9/lib/bind9/check.c stable/7/contrib/bind9/lib/bind9/include/bind9/getaddresses.h stable/7/contrib/bind9/lib/dns/adb.c stable/7/contrib/bind9/lib/dns/cache.c stable/7/contrib/bind9/lib/dns/db.c stable/7/contrib/bind9/lib/dns/diff.c stable/7/contrib/bind9/lib/dns/dispatch.c stable/7/contrib/bind9/lib/dns/dlz.c stable/7/contrib/bind9/lib/dns/dnssec.c stable/7/contrib/bind9/lib/dns/dst_api.c stable/7/contrib/bind9/lib/dns/dst_parse.c stable/7/contrib/bind9/lib/dns/gen-unix.h stable/7/contrib/bind9/lib/dns/include/dns/Makefile.in stable/7/contrib/bind9/lib/dns/include/dns/acl.h stable/7/contrib/bind9/lib/dns/include/dns/compress.h stable/7/contrib/bind9/lib/dns/include/dns/db.h stable/7/contrib/bind9/lib/dns/include/dns/diff.h stable/7/contrib/bind9/lib/dns/include/dns/dlz.h stable/7/contrib/bind9/lib/dns/include/dns/journal.h stable/7/contrib/bind9/lib/dns/include/dns/log.h stable/7/contrib/bind9/lib/dns/include/dns/lookup.h stable/7/contrib/bind9/lib/dns/include/dns/message.h stable/7/contrib/bind9/lib/dns/include/dns/name.h stable/7/contrib/bind9/lib/dns/include/dns/peer.h stable/7/contrib/bind9/lib/dns/include/dns/rbt.h stable/7/contrib/bind9/lib/dns/include/dns/rdata.h stable/7/contrib/bind9/lib/dns/include/dns/rdataset.h stable/7/contrib/bind9/lib/dns/include/dns/request.h stable/7/contrib/bind9/lib/dns/include/dns/resolver.h stable/7/contrib/bind9/lib/dns/include/dns/sdb.h stable/7/contrib/bind9/lib/dns/include/dns/sdlz.h stable/7/contrib/bind9/lib/dns/include/dns/tkey.h stable/7/contrib/bind9/lib/dns/include/dns/types.h stable/7/contrib/bind9/lib/dns/include/dns/validator.h stable/7/contrib/bind9/lib/dns/include/dns/view.h stable/7/contrib/bind9/lib/dns/include/dns/xfrin.h stable/7/contrib/bind9/lib/dns/include/dns/zone.h stable/7/contrib/bind9/lib/dns/journal.c stable/7/contrib/bind9/lib/dns/master.c stable/7/contrib/bind9/lib/dns/masterdump.c stable/7/contrib/bind9/lib/dns/message.c stable/7/contrib/bind9/lib/dns/nsec.c stable/7/contrib/bind9/lib/dns/openssl_link.c stable/7/contrib/bind9/lib/dns/openssldsa_link.c stable/7/contrib/bind9/lib/dns/opensslrsa_link.c stable/7/contrib/bind9/lib/dns/rbt.c stable/7/contrib/bind9/lib/dns/rbtdb.c stable/7/contrib/bind9/lib/dns/rdata.c stable/7/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c stable/7/contrib/bind9/lib/dns/rdata/generic/loc_29.c stable/7/contrib/bind9/lib/dns/rdata/generic/soa_6.c stable/7/contrib/bind9/lib/dns/rdata/in_1/wks_11.c stable/7/contrib/bind9/lib/dns/rdataset.c stable/7/contrib/bind9/lib/dns/rdataslab.c stable/7/contrib/bind9/lib/dns/request.c stable/7/contrib/bind9/lib/dns/resolver.c stable/7/contrib/bind9/lib/dns/sdb.c stable/7/contrib/bind9/lib/dns/sdlz.c stable/7/contrib/bind9/lib/dns/time.c stable/7/contrib/bind9/lib/dns/validator.c stable/7/contrib/bind9/lib/dns/zone.c stable/7/contrib/bind9/lib/isc/Makefile.in stable/7/contrib/bind9/lib/isc/alpha/include/isc/atomic.h stable/7/contrib/bind9/lib/isc/api stable/7/contrib/bind9/lib/isc/entropy.c stable/7/contrib/bind9/lib/isc/ia64/include/isc/atomic.h stable/7/contrib/bind9/lib/isc/include/isc/entropy.h stable/7/contrib/bind9/lib/isc/include/isc/file.h stable/7/contrib/bind9/lib/isc/include/isc/fsaccess.h stable/7/contrib/bind9/lib/isc/include/isc/hash.h stable/7/contrib/bind9/lib/isc/include/isc/heap.h stable/7/contrib/bind9/lib/isc/include/isc/log.h stable/7/contrib/bind9/lib/isc/include/isc/mem.h stable/7/contrib/bind9/lib/isc/include/isc/netaddr.h stable/7/contrib/bind9/lib/isc/include/isc/netscope.h stable/7/contrib/bind9/lib/isc/include/isc/platform.h.in stable/7/contrib/bind9/lib/isc/include/isc/portset.h stable/7/contrib/bind9/lib/isc/include/isc/random.h stable/7/contrib/bind9/lib/isc/include/isc/ratelimiter.h stable/7/contrib/bind9/lib/isc/include/isc/serial.h stable/7/contrib/bind9/lib/isc/include/isc/sockaddr.h stable/7/contrib/bind9/lib/isc/include/isc/socket.h stable/7/contrib/bind9/lib/isc/include/isc/symtab.h stable/7/contrib/bind9/lib/isc/include/isc/task.h stable/7/contrib/bind9/lib/isc/inet_aton.c stable/7/contrib/bind9/lib/isc/inet_ntop.c stable/7/contrib/bind9/lib/isc/log.c stable/7/contrib/bind9/lib/isc/mem.c stable/7/contrib/bind9/lib/isc/random.c stable/7/contrib/bind9/lib/isc/rwlock.c stable/7/contrib/bind9/lib/isc/sha2.c stable/7/contrib/bind9/lib/isc/timer.c stable/7/contrib/bind9/lib/isc/unix/dir.c stable/7/contrib/bind9/lib/isc/unix/entropy.c stable/7/contrib/bind9/lib/isc/unix/file.c stable/7/contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c stable/7/contrib/bind9/lib/isc/unix/ifiter_ioctl.c stable/7/contrib/bind9/lib/isc/unix/include/isc/net.h stable/7/contrib/bind9/lib/isc/unix/include/isc/offset.h stable/7/contrib/bind9/lib/isc/unix/include/isc/strerror.h stable/7/contrib/bind9/lib/isc/unix/include/isc/time.h stable/7/contrib/bind9/lib/isc/unix/resource.c stable/7/contrib/bind9/lib/isc/unix/socket.c stable/7/contrib/bind9/lib/isc/unix/strerror.c stable/7/contrib/bind9/lib/isc/x86_32/include/isc/atomic.h stable/7/contrib/bind9/lib/isccfg/include/isccfg/log.h stable/7/contrib/bind9/lib/isccfg/include/isccfg/namedconf.h stable/7/contrib/bind9/lib/lwres/api stable/7/contrib/bind9/lib/lwres/context.c stable/7/contrib/bind9/lib/lwres/context_p.h stable/7/contrib/bind9/lib/lwres/getaddrinfo.c stable/7/contrib/bind9/lib/lwres/getipnode.c stable/7/contrib/bind9/lib/lwres/include/lwres/context.h stable/7/contrib/bind9/lib/lwres/include/lwres/netdb.h.in stable/7/contrib/bind9/lib/lwres/lwconfig.c stable/7/contrib/bind9/lib/lwres/man/lwres.3 stable/7/contrib/bind9/lib/lwres/man/lwres.html stable/7/contrib/bind9/lib/lwres/man/lwres_buffer.3 stable/7/contrib/bind9/lib/lwres/man/lwres_buffer.html stable/7/contrib/bind9/lib/lwres/man/lwres_config.3 stable/7/contrib/bind9/lib/lwres/man/lwres_config.html stable/7/contrib/bind9/lib/lwres/man/lwres_context.3 stable/7/contrib/bind9/lib/lwres/man/lwres_context.html stable/7/contrib/bind9/lib/lwres/man/lwres_gabn.3 stable/7/contrib/bind9/lib/lwres/man/lwres_gabn.html stable/7/contrib/bind9/lib/lwres/man/lwres_gai_strerror.3 stable/7/contrib/bind9/lib/lwres/man/lwres_gai_strerror.html stable/7/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.3 stable/7/contrib/bind9/lib/lwres/man/lwres_getaddrinfo.html stable/7/contrib/bind9/lib/lwres/man/lwres_gethostent.3 stable/7/contrib/bind9/lib/lwres/man/lwres_gethostent.html stable/7/contrib/bind9/lib/lwres/man/lwres_getipnode.3 stable/7/contrib/bind9/lib/lwres/man/lwres_getipnode.html stable/7/contrib/bind9/lib/lwres/man/lwres_getnameinfo.3 stable/7/contrib/bind9/lib/lwres/man/lwres_getnameinfo.html stable/7/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.3 stable/7/contrib/bind9/lib/lwres/man/lwres_getrrsetbyname.html stable/7/contrib/bind9/lib/lwres/man/lwres_gnba.3 stable/7/contrib/bind9/lib/lwres/man/lwres_gnba.html stable/7/contrib/bind9/lib/lwres/man/lwres_hstrerror.3 stable/7/contrib/bind9/lib/lwres/man/lwres_hstrerror.html stable/7/contrib/bind9/lib/lwres/man/lwres_inetntop.3 stable/7/contrib/bind9/lib/lwres/man/lwres_inetntop.html stable/7/contrib/bind9/lib/lwres/man/lwres_noop.3 stable/7/contrib/bind9/lib/lwres/man/lwres_noop.html stable/7/contrib/bind9/lib/lwres/man/lwres_packet.3 stable/7/contrib/bind9/lib/lwres/man/lwres_packet.html stable/7/contrib/bind9/lib/lwres/man/lwres_resutil.3 stable/7/contrib/bind9/lib/lwres/man/lwres_resutil.html stable/7/contrib/bind9/libtool.m4 stable/7/contrib/bind9/ltmain.sh stable/7/contrib/bind9/make/rules.in stable/7/contrib/bind9/version stable/7/lib/bind/config.h stable/7/lib/bind/dns/Makefile stable/7/lib/bind/dns/code.h stable/7/lib/bind/dns/dns/enumclass.h stable/7/lib/bind/dns/dns/enumtype.h stable/7/lib/bind/dns/dns/rdatastruct.h stable/7/lib/bind/isc/Makefile stable/7/lib/bind/isc/isc/platform.h stable/7/lib/bind/lwres/lwres/netdb.h Directory Properties: stable/7/contrib/bind9/ (props changed) Modified: stable/7/contrib/bind9/CHANGES ============================================================================== --- stable/7/contrib/bind9/CHANGES Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/CHANGES Tue Feb 16 05:14:51 2010 (r203948) @@ -1,28 +1,295 @@ - --- 9.4.3-P4 released --- + --- 9.4-ESV released --- + +2831. [security] Do not attempt to validate or cache + out-of-bailiwick data returned with a secure + answer; it must be re-fetched from its original + source and validated in that context. [RT #20819] + +2828. [security] Cached CNAME or DNAME RR could be returned to clients + without DNSSEC validation. [RT #20737] + +2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] + +2797. [bug] Don't decrement the dispatch manager's maxbuffers. + [RT #20613] + +2790. [bug] Handle DS queries to stub zones. [RT #20440] 2772. [security] When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] - --- 9.4.3-P3 released --- + --- 9.4-ESVb1 released --- + +2698. [cleanup] configure --enable-libbind is deprecated. [RT #20090] + +2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and + S_IFREG are defined after including . + [RT #20309] + +2690. [bug] win32: fix isc_thread_key_getspecific() prototype. + [RT #20315] + +2689. [bug] Correctly handle snprintf result. [RT #20306] + +2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT, + to decide to fetch the destination address. [RT #20305] + +2681. [bug] IPSECKEY RR of gateway type 3 was not correctly + decoded. [RT #20269] + +2672. [bug] Don't enable searching in 'host' when doing reverse + lookups. [RT #20218] + +2525. [experimental] New logging category "query-errors" to provide detailed + internal information about query failures, especially + about server failures. (backported as a special + exception to the general policy) [RT #19027] + +2670. [bug] Unexpected connect failures failed to log enough + information to be useful. [RT #20205] + +2649. [bug] Set the domain for forward only zones. [RT #19944] + +2648. [port] win32: isc_time_seconds() was broken. [RT #19900] + +2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987] + +2642. [bug] nsupdate could dump core on solaris when reading + improperly formatted key files. [RT #20015] 2640. [security] A specially crafted update packet will cause named to exit. [RT #20000] - --- 9.4.3-P2 released --- +2637. [func] Rationalize dnssec-signzone's signwithkey() calling. + [RT #19959] + +2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses. + [RT #19716] + +2633. [bug] Handle 15 bit rand() functions. [RT #19783] + +2632. [func] util/kit.sh: warn if documentation appears to be out of + date. [RT #19922] + +2623. [bug] Named started seaches for DS non-optimally. [RT #19915] + +2621. [doc] Made copyright boilterplate consistent. [RT #19833] + +2920. [bug] Delay thawing the zone until the reload of it has + completed successfully. [RT #19750] + +2618. [bug] The sdb and sdlz db_interator_seek() methods could + loop infinitely. [RT #19847] + +2617. [bug] ifconfig.sh failed to emit an error message when + run from the wrong location. [RT #19375] + +2616. [bug] 'host' used the nameservers from resolv.conf even + when a explicit nameserver was specified. [RT #19852] + +2615. [bug] "__attribute__((unused))" was in the wrong place + for ia64 gcc builds. [RT #19854] + +2614. [port] win32: 'named -v' should automatically be executed + in the foreground. [RT #19844] + +2610. [port] sunos: Change #2363 was not complete. [RT #19796] + +2606. [bug] "delegation-only" was not being accepted in + delegation-only type zones. [RT #19717] + +2605. [bug] Accept DS responses from delegation only zones. + [RT # 19296] + +2603. [port] win32: handle .exe extension of named-checkzone and + named-comilezone argv[0] names under windows. + [RT #19767] + +2602. [port] win32: fix debugging command line build of libisccfg. + [RT #19767] + +2599. [bug] Address rapid memory growth when validation fails. + [RT #19654] + +2595. [bug] Fix unknown extended rcodes in dig. [RT #19625] + +2592. [bug] Treat "any" as a type in nsupdate. [RT #19455] + +2591. [bug] named could die when processing a update in + removed_orphaned_ds(). [RT #19507] + +2589. [bug] dns_db_unregister() failed to clear '*dbimp'. + [RT #19626] + +2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB + or SDB. [RT #19577] + +2584. [bug] alpha: gcc optimization could break atomic operations. + [RT #19227] + +2583. [port] netbsd: provide a control to not add the compile + date to the version string, -DNO_VERSION_DATE. + +2582. [bug] Don't emit warning log message when we attempt to + remove non-existant journal. [RT #19516] + +2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection. + Requires MySQL 5.0.19 or later. [RT #19084] 2579. [bug] DNSSEC lookaside validation failed to handle unknown algorithms. [RT #19479] - --- 9.4.3-P1 released --- +2573. [bug] Replacing a non-CNAME record with a CNAME record in a + single transaction in a signed zone failed. [RT #19397] + +2568. [bug] Report when the write to indicate a otherwise + successful start fails. [RT #19360] + +2567. [bug] dst__privstruct_writefile() could miss write errors. + write_public_key() could miss write errors. + [RT #19360] + +2564. [bug] Only take EDNS fallback steps when processing timeouts. + [RT #19405] + +2563. [bug] Dig could leak a socket causing it to wait forever + to exit. [RT #19359] + +2562. [doc] ARM: miscellaneous improvements, reorganization, + and some new content. + +2561. [doc] Add isc-config.sh(1) man page. [RT #16378] + +2557. [cleanup] PCI compliance: + * new libisc log module file + * isc_dir_chroot() now also changes the working + directory to "/". + * additional INSISTs + * additional logging when files can't be removed. + +2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] + +2552. [bug] zero-no-soa-ttl-cache was not being honoured. + [RT #19340] + +2551. [bug] Potential Reference leak on return. [RT #19341] + +2550. [bug] Check --with-openssl= finds . + [RT #19343] + +2549. [port] linux: define NR_OPEN if not currently defined. + [RT #19344] + +2547. [bug] openssl_link.c:mem_realloc() could reference an + out-of-range area of the source buffer. New public + function isc_mem_reallocate() was introduced to address + this bug. [RT #19313] + +2545. [doc] ARM: Legal hostname checking (check-names) is + for SRV RDATA too. [RT #19304] + +2544. [cleanup] Removed unused structure members in adb.c. [RT #19225] + +2542. [doc] Update the description of dig +adflag. [RT #19290] + +2539. [security] Update the interaction between recursion, allow-query, + allow-query-cache and allow-recursion. [RT #19198] + +2536. [cleanup] Silence some warnings when -Werror=format-security is + specified. [RT #19083] + +2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091] + +2532. [bug] dig: check the question section of the response to + see if it matches the asked question. [RT #18495] + +2531. [bug] Change #2207 was incomplete. [RT #19098] + +2529. [cleanup] Upgrade libtool to silence complaints from recent + version of autoconf. [RT #18657] + +2528. [cleanup] Silence spurious configure warning about + --datarootdir [RT #19096] + +2527. [bug] named could reuse cache on reload with + enabling/disabling validation. [RT #19119] + +2523. [bug] Random type rdata freed by dns_nsec_typepresent(). + [RT #19112] 2522. [security] Handle -1 from DSA_do_verify(). +2521. [bug] Improve epoll cross compilation support. [RT #19047] + +2519. [bug] dig/host with -4 or -6 didn't work if more than two + nameserver addresses of the excluded address family + preceded in resolv.conf. [RT #19081] + +2517. [bug] dig +trace with -4 or -6 failed when it chose a + nameserver address of the excluded address type. + [RT #18843] + +2516. [bug] glue sort for responses was performed even when not + needed. [RT #19039] + +2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains + a nameserver of the excluded address family. + [RT #18848] + +2511. [cleanup] dns_rdata_tofmttext() add const to linebreak. + [RT #18885] + +2510. [bug] "dig +sigchase" could trigger REQUIRE failures. + [RT #19033] + +2509. [bug] Specifying a fixed query source port was broken. + [RT #19051] + +2506. [port] solaris: Check at configure time if + hack_shutup_pthreadonceinit is needed. [RT #19037] + +2505. [port] Treat amd64 similarly to x86_64 when determining + atomic operation support. [RT #19031] + +2504. [bug] Address race condition in the socket code. [RT #18899] + +2503. [port] linux: improve compatibility with Linux Standard + Base. [RT #18793] + +2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent + function. [RT #18582] + +2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash. + [RT #18837] + 2498. [bug] Removed a bogus function argument used with ISC_SOCKET_USE_POLLWATCH: it could cause compiler warning or crash named with the debug 1 level of logging. [RT #18917] +2495. [bug] Tighten RRSIG checks. [RT #18795] + +2494. [bug] dns/sdlz.h and dns/dlz.h were not being installed. + [RT #18826] + +2487. [bug] Give TCP connections longer to complete. [RT #18675] + +2485. [bug] Change update's the handling of obscured RRSIG + records. Not all orphand DS records were being + removed. [RT #18828] + +2479. [bug] xfrout:covers was not properly initalized. [RT #18801] + +2478. [bug] 'addresses' could be used uninitalized in + configure_forward(). [RT #18800] + +2476. [doc] ARM: improve documentation for max-journal-size and + ixfr-from-differences. [RT #15909] [RT #18541] + +2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails. + [RT #18297] + --- 9.4.3 released --- 2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO @@ -38,7 +305,7 @@ 2473. [port] linux: raise the limit on open files to the possible maximum value before spawning threads; 'files' - specified in named.conf doesn't seem to work with + specified in named.conf doesn't seem to work with threads as expected. [RT #18784] 2472. [port] linux: check the number of available cpu's before @@ -61,10 +328,11 @@ 2465. [bug] Adb's handling of lame addresses was different for IPv4 and IPv6. [RT #18738] -2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket +2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket API and glibc hides parts of the IPv6 Advanced Socket API as a result. This is stupid as it breaks how the - two halves (Basic and Advanced) of the IPv6 Socket API were designed to be used but we have to live with it. + two halves (Basic and Advanced) of the IPv6 Socket API + were designed to be used but we have to live with it. Define _GNU_SOURCE to pull in the IPv6 Advanced Socket API. [RT #18388] @@ -170,6 +438,10 @@ for select(). To enable this, set ISC_SOCKET_MAXSOCKETS at compilation time. [RT #18433] + Note: with changes #2469 and #2421 above, there is no + need to tweak ISC_SOCKET_MAXSOCKETS at compilation time + any more. + 2410. [bug] Correctly delete m_versionInfo. [RT #18432] 2408. [bug] A duplicate TCP dispatch event could be sent, which @@ -241,7 +513,7 @@ 2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET proofs which, in turn, caused validation failures for insecure zones immediately below a secure zone - the server was authoritative for. [RT #18112] + the server was authoritative for. [RT #18112] 2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant TLDs and supported RRs with TTLs [RT #17972] Modified: stable/7/contrib/bind9/COPYRIGHT ============================================================================== --- stable/7/contrib/bind9/COPYRIGHT Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/COPYRIGHT Tue Feb 16 05:14:51 2010 (r203948) @@ -1,4 +1,4 @@ -Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.9.18.5 2008/01/02 23:46:02 tbox Exp $ +$Id: COPYRIGHT,v 1.9.18.7 2010/01/07 23:46:07 tbox Exp $ Portions Copyright (C) 1996-2001 Nominum, Inc. Modified: stable/7/contrib/bind9/FAQ ============================================================================== --- stable/7/contrib/bind9/FAQ Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/FAQ Tue Feb 16 05:14:51 2010 (r203948) @@ -1,6 +1,6 @@ Frequently Asked Questions about BIND 9 -Copyright © 2004-2008 Internet Systems Consortium, Inc. ("ISC") +Copyright © 2004-2009 Internet Systems Consortium, Inc. ("ISC") Copyright © 2000-2003 Internet Software Consortium. @@ -153,24 +153,29 @@ A: BIND 9.3 and later: Use TSIG to selec Master 10.0.1.1: key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; + algorithm hmac-sha256; + secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; view "internal" { - match-clients { !key external; 10.0.1/24; }; + match-clients { !key external; // reject message ment for the + // external view. + 10.0.1/24; }; // accept from these addresses. ... }; view "external" { match-clients { key external; any; }; - server 10.0.1.2 { keys external; }; + server 10.0.1.2 { keys external; }; // tag messages from the + // external view to the + // other servers for the + // view. recursion no; ... }; Slave 10.0.1.2: key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; + algorithm hmac-sha256; + secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; view "internal" { match-clients { !key external; 10.0.1/24; }; @@ -220,13 +225,13 @@ A: You choose one view to be master and Master 10.0.1.1: key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; + algorithm hmac-sha256; + secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; key "mykey" { - algorithm hmac-md5; - secret "yyyyyyyy"; + algorithm hmac-sha256; + secret "yyyyyyyyyyyyyyyyyyyyyyyy"; }; view "internal" { @@ -600,7 +605,7 @@ Q: Why do queries for NSEC3 records fail A: NSEC3 records are strictly meta data and can only be returned in the authority section. This is done so that signing the zone using NSEC3 - records does not bring names into existance that do not exist in the + records does not bring names into existence that do not exist in the unsigned version of the zone. 5. Operating-System Specific Questions @@ -825,7 +830,6 @@ A: /dev/random is not configured. Use rn use certain interrupts as a source of random events. You can make this permanent by setting rand_irqs in /etc/rc.conf. - /etc/rc.conf rand_irqs="3 14 15" See also . Modified: stable/7/contrib/bind9/FAQ.xml ============================================================================== --- stable/7/contrib/bind9/FAQ.xml Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/FAQ.xml Tue Feb 16 05:14:51 2010 (r203948) @@ -1,7 +1,7 @@ - +
Frequently Asked Questions about BIND 9 @@ -28,6 +28,7 @@ 2006 2007 2008 + 2009 Internet Systems Consortium, Inc. ("ISC") @@ -318,24 +319,29 @@ Slave: 10.0.1.3 (internal), 10.0.1.4 (ex Master 10.0.1.1: key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; + algorithm hmac-sha256; + secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; view "internal" { - match-clients { !key external; 10.0.1/24; }; + match-clients { !key external; // reject message ment for the + // external view. + 10.0.1/24; }; // accept from these addresses. ... }; view "external" { match-clients { key external; any; }; - server 10.0.1.2 { keys external; }; + server 10.0.1.2 { keys external; }; // tag messages from the + // external view to the + // other servers for the + // view. recursion no; ... }; Slave 10.0.1.2: key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; + algorithm hmac-sha256; + secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; view "internal" { match-clients { !key external; 10.0.1/24; }; @@ -423,13 +429,13 @@ named-checkzone example.com tmp Master 10.0.1.1: key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; + algorithm hmac-sha256; + secret "xxxxxxxxxxxxxxxxxxxxxxxx"; }; key "mykey" { - algorithm hmac-md5; - secret "yyyyyyyy"; + algorithm hmac-sha256; + secret "yyyyyyyyyyyyyyyyyyyyyyyy"; }; view "internal" { @@ -1067,7 +1073,7 @@ empty: NSEC3 records are strictly meta data and can only be returned in the authority section. This is done so that signing the zone using NSEC3 records does not bring names - into existance that do not exist in the unsigned version + into existence that do not exist in the unsigned version of the zone. @@ -1470,7 +1476,6 @@ options { -/etc/rc.conf rand_irqs="3 14 15" Modified: stable/7/contrib/bind9/Makefile.in ============================================================================== --- stable/7/contrib/bind9/Makefile.in Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/Makefile.in Tue Feb 16 05:14:51 2010 (r203948) @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.43.18.6 2007/09/03 23:46:21 tbox Exp $ +# $Id: Makefile.in,v 1.43.18.8 2009/02/20 23:46:01 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -24,6 +24,12 @@ top_srcdir = @top_srcdir@ SUBDIRS = make lib bin doc @LIBBIND@ TARGETS = +MANPAGES = isc-config.sh.1 + +HTMLPAGES = isc-config.sh.html + +MANOBJS = ${MANPAGES} ${HTMLPAGES} + @BIND9_MAKE_RULES@ distclean:: @@ -43,12 +49,19 @@ distclean:: maintainer-clean:: rm -f configure +docclean manclean maintainer-clean:: + rm -f ${MANOBJS} + +doc man:: ${MANOBJS} + installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \ ${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 install:: isc-config.sh installdirs ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir} + ${INSTALL_DATA} ${srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1 tags: rm -f TAGS Modified: stable/7/contrib/bind9/README ============================================================================== --- stable/7/contrib/bind9/README Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/README Tue Feb 16 05:14:51 2010 (r203948) @@ -27,8 +27,8 @@ BIND 9 - Improved Portability Architecture - BIND version 9 development has been underwritten by the following - organizations: + BIND version 9 development has been under written by the following + organisations: Sun Microsystems, Inc. Hewlett Packard @@ -42,6 +42,16 @@ BIND 9 Stichting NLnet - NLnet Foundation Nominum, Inc. +BIND 9.4-ESV (Extended Support Version) + + BIND 9.4-ESV is the Extended Support Version of BIND 9.4 + and incorporates the final maintenance release fixing bugs + in BIND 9.4.3. + + BIND 9.4-ESV will be supported until December 31, 2010, at + which time you will need to upgrade to the current release + of BIND. + BIND 9.4.3 BIND 9.4.3 is a maintenance release, fixing bugs in 9.4.2. @@ -67,7 +77,7 @@ BIND 9.4.0 Implemented "additional section caching" (or "acache"), an internal cache framework for additional section content to improve response performance. Several configuration options - were provided to control the behavior. + were provided to control the behaviour. New notify type 'master-only'. Enable notify for master zones only. @@ -76,13 +86,14 @@ BIND 9.4.0 rndc now allows addresses to be set in the server clauses. - New option "allow-query-cache". This lets allow-query be - used to specify the default zone access level rather than - having to have every zone override the global value. - allow-query-cache can be set at both the options and view - levels. If allow-query-cache is not set then allow-recursion - is used if set, otherwise allow-query is used if set, otherwise - the default (localhost; localnets;) is used. + New option "allow-query-cache". This lets "allow-query" + be used to specify the default zone access level rather + than having to have every zone override the global value. + "allow-query-cache" can be set at both the options and view + levels. If "allow-query-cache" is not set then "allow-recursion" + is used if set, otherwise "allow-query" is used if set + unless "recursion no;" is set in which case "none;" is used, + otherwise the default (localhost; localnets;) is used. rndc: the source address can now be specified. @@ -150,12 +161,12 @@ BIND 9.4.0 options for dnssec-signzone specify the input and output formats. - dnssec-signzone can now randomize signature end times + dnssec-signzone can now randomise signature end times (dnssec-signzone -j jitter). Add support for CH A record. - Add additional zone data consistancy checks. named-checkzone + Add additional zone data consistency checks. named-checkzone has extended checking of NS, MX and SRV record and the hosts they reference. named has extended post zone load checks. New zone options: check-mx and integrity-check. Modified: stable/7/contrib/bind9/README.idnkit ============================================================================== --- stable/7/contrib/bind9/README.idnkit Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/README.idnkit Tue Feb 16 05:14:51 2010 (r203948) @@ -55,7 +55,7 @@ at least specify `--with-idn' option to `--with-libiconv' assumes that your C compiler has `-R' option, and that the option adds the specified run-time path - to an exacutable binary. If `-R' option of your compiler has + to an executable binary. If `-R' option of your compiler has different meaning, or your compiler lacks the option, you should use `--with-iconv' option instead. Binary command without run-time path information might be unexecutable. @@ -68,7 +68,7 @@ at least specify `--with-idn' option to specified, `--with-iconv' is prior to `--with-libiconv'. --with-iconv=ICONV_LIBSPEC - If your libc doens't provide iconv(), you need to specify the + If your libc doesn't provide iconv(), you need to specify the library containing iconv() with this option. `ICONV_LIBSPEC' is the argument(s) to `cc' or `ld' to link the library, for example, `--with-iconv="-L/usr/local/lib -liconv"'. @@ -82,7 +82,7 @@ at least specify `--with-idn' option to this option is not specified, `-L${PREFIX}/lib -lidnkit' is assumed, where ${PREFIX} is the installation prefix specified with `--with-idn' option above. You may need to use this - option to specify extra argments, for example, + option to specify extra arguments, for example, `--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'. Please consult `README' for other configuration options. @@ -109,4 +109,4 @@ about idnkit and this patch. Bug reports and comments on this kit should be sent to mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively. -; $Id: README.idnkit,v 1.2.2.2 2005/09/12 02:12:08 marka Exp $ +; $Id: README.idnkit,v 1.2.2.3 2009/01/19 00:36:25 marka Exp $ Modified: stable/7/contrib/bind9/acconfig.h ============================================================================== --- stable/7/contrib/bind9/acconfig.h Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/acconfig.h Tue Feb 16 05:14:51 2010 (r203948) @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acconfig.h,v 1.44.18.5 2005/04/29 00:15:20 marka Exp $ */ +/* $Id: acconfig.h,v 1.44.18.7 2008/12/01 23:45:56 tbox Exp $ */ /*! \file */ @@ -25,9 +25,6 @@ ***/ @TOP@ -/** define to `int' if doesn't define. */ -#undef ssize_t - /** define on DEC OSF to enable 4.4BSD style sa_len support */ #undef _SOCKADDR_LEN @@ -61,9 +58,6 @@ /** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */ #undef HAVE_IFLIST_SYSCTL -/** define if chroot() is available */ -#undef HAVE_CHROOT - /** define if tzset() is available */ #undef HAVE_TZSET @@ -115,7 +109,7 @@ int sigwait(const unsigned int *set, int * The silly continuation line is to keep configure from * commenting out the #undef. */ - + #undef \ va_start #define va_start(ap, last) \ Modified: stable/7/contrib/bind9/bin/check/check-tool.c ============================================================================== --- stable/7/contrib/bind9/bin/check/check-tool.c Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/bin/check/check-tool.c Tue Feb 16 05:14:51 2010 (r203948) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.c,v 1.10.18.20 2008/10/24 01:43:17 tbox Exp $ */ +/* $Id: check-tool.c,v 1.10.18.23 2009/09/24 21:38:50 jinmei Exp $ */ /*! \file */ @@ -105,6 +105,7 @@ static isc_logcategory_t categories[] = { "queries", 0 }, { "unmatched", 0 }, { "update-security", 0 }, + { "query-errors", 0 }, { NULL, 0 } }; @@ -156,7 +157,7 @@ checkns(dns_zone_t *zone, dns_name_t *na cur->ai_next != NULL) cur = cur->ai_next; if (cur != NULL && cur->ai_canonname != NULL && - strcasecmp(ai->ai_canonname, namebuf) != 0) { + strcasecmp(cur->ai_canonname, namebuf) != 0) { dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) " "is a CNAME (illegal)", Modified: stable/7/contrib/bind9/bin/check/named-checkconf.8 ============================================================================== --- stable/7/contrib/bind9/bin/check/named-checkconf.8 Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/bin/check/named-checkconf.8 Tue Feb 16 05:14:51 2010 (r203948) @@ -1,7 +1,7 @@ .\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.16.18.13 2007/06/20 02:26:58 marka Exp $ +.\" $Id: named-checkconf.8,v 1.16.18.14 2009/07/11 01:31:43 tbox Exp $ .\" .hy 0 .ad l Modified: stable/7/contrib/bind9/bin/check/named-checkconf.c ============================================================================== --- stable/7/contrib/bind9/bin/check/named-checkconf.c Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/bin/check/named-checkconf.c Tue Feb 16 05:14:51 2010 (r203948) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.28.18.16 2007/11/26 23:46:18 tbox Exp $ */ +/* $Id: named-checkconf.c,v 1.28.18.18 2009/02/16 23:46:03 tbox Exp $ */ /*! \file */ @@ -59,9 +59,9 @@ isc_log_t *logc = NULL; /*% usage */ static void usage(void) { - fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] " + fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] " "[named.conf]\n"); - exit(1); + exit(1); } /*% directory callback */ @@ -171,9 +171,9 @@ configure_zone(const char *vclass, const zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); classobj = cfg_tuple_get(zconfig, "class"); - if (!cfg_obj_isstring(classobj)) - zclass = vclass; - else + if (!cfg_obj_isstring(classobj)) + zclass = vclass; + else zclass = cfg_obj_asstring(classobj); zoptions = cfg_tuple_get(zconfig, "options"); @@ -192,9 +192,9 @@ configure_zone(const char *vclass, const return (ISC_R_FAILURE); if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) return (ISC_R_SUCCESS); - cfg_map_get(zoptions, "database", &dbobj); - if (dbobj != NULL) - return (ISC_R_SUCCESS); + cfg_map_get(zoptions, "database", &dbobj); + if (dbobj != NULL) + return (ISC_R_SUCCESS); cfg_map_get(zoptions, "file", &fileobj); if (fileobj == NULL) return (ISC_R_FAILURE); @@ -285,8 +285,8 @@ configure_zone(const char *vclass, const } else INSIST(0); } else { - zone_options |= DNS_ZONEOPT_CHECKNAMES; - zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL; + zone_options |= DNS_ZONEOPT_CHECKNAMES; + zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL; } masterformat = dns_masterformat_text; @@ -397,7 +397,7 @@ main(int argc, char **argv) { int exit_status = 0; isc_entropy_t *ectx = NULL; isc_boolean_t load_zones = ISC_FALSE; - + while ((c = isc_commandline_parse(argc, argv, "djt:vz")) != EOF) { switch (c) { case 'd': @@ -415,12 +415,6 @@ main(int argc, char **argv) { isc_result_totext(result)); exit(1); } - result = isc_dir_chdir("/"); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "isc_dir_chdir: %s\n", - isc_result_totext(result)); - exit(1); - } break; case 'v': Modified: stable/7/contrib/bind9/bin/check/named-checkconf.html ============================================================================== --- stable/7/contrib/bind9/bin/check/named-checkconf.html Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/bin/check/named-checkconf.html Tue Feb 16 05:14:51 2010 (r203948) @@ -2,7 +2,7 @@ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + Modified: stable/7/contrib/bind9/bin/check/named-checkzone.8 ============================================================================== --- stable/7/contrib/bind9/bin/check/named-checkzone.8 Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/bin/check/named-checkzone.8 Tue Feb 16 05:14:51 2010 (r203948) @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.18.18.23 2007/06/20 02:26:58 marka Exp $ +.\" $Id: named-checkzone.8,v 1.18.18.25 2009/07/11 01:31:43 tbox Exp $ .\" .hy 0 .ad l @@ -77,7 +77,7 @@ When loading the zone file read the jour .PP \-c \fIclass\fR .RS 4 -Specify the class of the zone. If not specified "IN" is assumed. +Specify the class of the zone. If not specified, "IN" is assumed. .RE .PP \-i \fImode\fR @@ -263,7 +263,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007, 2009 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br Modified: stable/7/contrib/bind9/bin/check/named-checkzone.c ============================================================================== --- stable/7/contrib/bind9/bin/check/named-checkzone.c Tue Feb 16 02:48:11 2010 (r203947) +++ stable/7/contrib/bind9/bin/check/named-checkzone.c Tue Feb 16 05:14:51 2010 (r203948) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkzone.c,v 1.29.18.21 2008/10/24 01:43:17 tbox Exp $ */ +/* $Id: named-checkzone.c,v 1.29.18.24 2009/05/29 02:19:20 marka Exp $ */ /*! \file */ @@ -122,9 +122,13 @@ main(int argc, char **argv) { */ if (strncmp(prog_name, "lt-", 3) == 0) prog_name += 3; - if (strcmp(prog_name, "named-checkzone") == 0) + +#define PROGCMP(X) \ + (strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0) + + if (PROGCMP("named-checkzone")) progmode = progmode_check; - else if (strcmp(prog_name, "named-compilezone") == 0) + else if (PROGCMP("named-compilezone")) progmode = progmode_compile; else INSIST(0); @@ -265,12 +269,6 @@ main(int argc, char **argv) { isc_result_totext(result)); exit(1); } - result = isc_dir_chdir("/"); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "isc_dir_chdir: %s\n", - isc_result_totext(result)); - exit(1); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***