From owner-svn-src-stable-8@FreeBSD.ORG Mon Mar 3 09:57:07 2014 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 37D19764; Mon, 3 Mar 2014 09:57:07 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1F786113; Mon, 3 Mar 2014 09:57:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s239v6aE039344; Mon, 3 Mar 2014 09:57:06 GMT (envelope-from erwin@svn.freebsd.org) Received: (from erwin@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s239v6IL039338; Mon, 3 Mar 2014 09:57:06 GMT (envelope-from erwin@svn.freebsd.org) Message-Id: <201403030957.s239v6IL039338@svn.freebsd.org> From: Erwin Lansing Date: Mon, 3 Mar 2014 09:57:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r262707 - in stable/8: contrib/bind9 contrib/bind9/bin contrib/bind9/bin/check contrib/bind9/bin/confgen contrib/bind9/bin/dig contrib/bind9/bin/dig/include/dig contrib/bind9/bin/dnssec... X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Mar 2014 09:57:07 -0000 Author: erwin Date: Mon Mar 3 09:57:04 2014 New Revision: 262707 URL: http://svnweb.freebsd.org/changeset/base/262707 Log: MFC: r253983-253984 MFV: r262443 Update BIND to 9.8.7 Note this is a commit straight to stable as BIND no longer exists in head. Sponsored by: DK Hostmaster A/S Added: stable/8/contrib/bind9/lib/dns/rdata/generic/eui48_108.c - copied, changed from r253983, head/contrib/bind9/lib/dns/rdata/generic/eui48_108.c stable/8/contrib/bind9/lib/dns/rdata/generic/eui48_108.h - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/eui48_108.h stable/8/contrib/bind9/lib/dns/rdata/generic/eui64_109.c - copied, changed from r253983, head/contrib/bind9/lib/dns/rdata/generic/eui64_109.c stable/8/contrib/bind9/lib/dns/rdata/generic/eui64_109.h - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/eui64_109.h stable/8/contrib/bind9/lib/dns/rdata/generic/l32_105.c - copied, changed from r253983, head/contrib/bind9/lib/dns/rdata/generic/l32_105.c stable/8/contrib/bind9/lib/dns/rdata/generic/l32_105.h - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/l32_105.h stable/8/contrib/bind9/lib/dns/rdata/generic/l64_106.c - copied, changed from r253983, head/contrib/bind9/lib/dns/rdata/generic/l64_106.c stable/8/contrib/bind9/lib/dns/rdata/generic/l64_106.h - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/l64_106.h stable/8/contrib/bind9/lib/dns/rdata/generic/lp_107.c - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/lp_107.c stable/8/contrib/bind9/lib/dns/rdata/generic/lp_107.h - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/lp_107.h stable/8/contrib/bind9/lib/dns/rdata/generic/nid_104.c - copied, changed from r253983, head/contrib/bind9/lib/dns/rdata/generic/nid_104.c stable/8/contrib/bind9/lib/dns/rdata/generic/nid_104.h - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/nid_104.h stable/8/contrib/bind9/lib/dns/rdata/generic/uri_256.c - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/uri_256.c stable/8/contrib/bind9/lib/dns/rdata/generic/uri_256.h - copied unchanged from r253983, head/contrib/bind9/lib/dns/rdata/generic/uri_256.h stable/8/contrib/bind9/lib/isc/include/isc/regex.h - copied unchanged from r253983, head/contrib/bind9/lib/isc/include/isc/regex.h stable/8/contrib/bind9/lib/isc/include/isc/safe.h - copied unchanged from r262443, vendor/bind9/dist-9.8/lib/isc/include/isc/safe.h stable/8/contrib/bind9/lib/isc/regex.c - copied unchanged from r253983, head/contrib/bind9/lib/isc/regex.c stable/8/contrib/bind9/lib/isc/safe.c - copied unchanged from r262443, vendor/bind9/dist-9.8/lib/isc/safe.c Replaced: stable/8/contrib/bind9/libtool.m4/ - copied from r253983, head/contrib/bind9/libtool.m4/ Deleted: stable/8/contrib/bind9/libtool.m4/lt~obsolete.m4 Modified: stable/8/contrib/bind9/CHANGES stable/8/contrib/bind9/COPYRIGHT stable/8/contrib/bind9/FAQ stable/8/contrib/bind9/FAQ.xml stable/8/contrib/bind9/Makefile.in stable/8/contrib/bind9/README stable/8/contrib/bind9/aclocal.m4 stable/8/contrib/bind9/bin/Makefile.in stable/8/contrib/bind9/bin/check/check-tool.c stable/8/contrib/bind9/bin/check/named-checkconf.8 stable/8/contrib/bind9/bin/check/named-checkconf.c stable/8/contrib/bind9/bin/check/named-checkconf.docbook stable/8/contrib/bind9/bin/check/named-checkconf.html stable/8/contrib/bind9/bin/check/named-checkzone.8 stable/8/contrib/bind9/bin/check/named-checkzone.c stable/8/contrib/bind9/bin/check/named-checkzone.docbook stable/8/contrib/bind9/bin/check/named-checkzone.html stable/8/contrib/bind9/bin/confgen/ddns-confgen.c stable/8/contrib/bind9/bin/confgen/keygen.c stable/8/contrib/bind9/bin/confgen/rndc-confgen.c stable/8/contrib/bind9/bin/dig/dig.1 stable/8/contrib/bind9/bin/dig/dig.c stable/8/contrib/bind9/bin/dig/dig.docbook stable/8/contrib/bind9/bin/dig/dig.html stable/8/contrib/bind9/bin/dig/dighost.c stable/8/contrib/bind9/bin/dig/host.c stable/8/contrib/bind9/bin/dig/include/dig/dig.h stable/8/contrib/bind9/bin/dig/nslookup.1 stable/8/contrib/bind9/bin/dig/nslookup.c stable/8/contrib/bind9/bin/dig/nslookup.docbook stable/8/contrib/bind9/bin/dig/nslookup.html stable/8/contrib/bind9/bin/dnssec/dnssec-keyfromlabel.c stable/8/contrib/bind9/bin/dnssec/dnssec-keygen.c stable/8/contrib/bind9/bin/dnssec/dnssec-revoke.c stable/8/contrib/bind9/bin/dnssec/dnssec-settime.c stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.8 stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.c stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.docbook stable/8/contrib/bind9/bin/dnssec/dnssec-signzone.html stable/8/contrib/bind9/bin/dnssec/dnssectool.c stable/8/contrib/bind9/bin/named/Makefile.in stable/8/contrib/bind9/bin/named/builtin.c stable/8/contrib/bind9/bin/named/client.c stable/8/contrib/bind9/bin/named/config.c stable/8/contrib/bind9/bin/named/control.c stable/8/contrib/bind9/bin/named/controlconf.c stable/8/contrib/bind9/bin/named/include/named/client.h stable/8/contrib/bind9/bin/named/include/named/globals.h stable/8/contrib/bind9/bin/named/include/named/main.h stable/8/contrib/bind9/bin/named/include/named/server.h stable/8/contrib/bind9/bin/named/interfacemgr.c stable/8/contrib/bind9/bin/named/log.c stable/8/contrib/bind9/bin/named/logconf.c stable/8/contrib/bind9/bin/named/lwaddr.c stable/8/contrib/bind9/bin/named/lwdgnba.c stable/8/contrib/bind9/bin/named/lwdgrbn.c stable/8/contrib/bind9/bin/named/lwresd.c stable/8/contrib/bind9/bin/named/main.c stable/8/contrib/bind9/bin/named/named.conf.5 stable/8/contrib/bind9/bin/named/named.conf.docbook stable/8/contrib/bind9/bin/named/named.conf.html stable/8/contrib/bind9/bin/named/query.c stable/8/contrib/bind9/bin/named/server.c stable/8/contrib/bind9/bin/named/statschannel.c stable/8/contrib/bind9/bin/named/tkeyconf.c stable/8/contrib/bind9/bin/named/tsigconf.c stable/8/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c stable/8/contrib/bind9/bin/named/unix/os.c stable/8/contrib/bind9/bin/named/update.c stable/8/contrib/bind9/bin/named/xfrout.c stable/8/contrib/bind9/bin/named/zoneconf.c stable/8/contrib/bind9/bin/nsupdate/Makefile.in stable/8/contrib/bind9/bin/nsupdate/nsupdate.c stable/8/contrib/bind9/bin/rndc/rndc.8 stable/8/contrib/bind9/bin/rndc/rndc.c stable/8/contrib/bind9/bin/rndc/rndc.docbook stable/8/contrib/bind9/bin/rndc/rndc.html stable/8/contrib/bind9/bin/tools/genrandom.c stable/8/contrib/bind9/bin/tools/isc-hmac-fixup.8 stable/8/contrib/bind9/bin/tools/isc-hmac-fixup.docbook stable/8/contrib/bind9/bin/tools/isc-hmac-fixup.html stable/8/contrib/bind9/config.guess stable/8/contrib/bind9/config.h.in stable/8/contrib/bind9/config.sub stable/8/contrib/bind9/config.threads.in stable/8/contrib/bind9/configure.in stable/8/contrib/bind9/doc/arm/Bv9ARM-book.xml stable/8/contrib/bind9/doc/arm/Bv9ARM.ch01.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch02.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch03.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch04.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch05.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch06.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch07.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch08.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch09.html stable/8/contrib/bind9/doc/arm/Bv9ARM.ch10.html stable/8/contrib/bind9/doc/arm/Bv9ARM.html stable/8/contrib/bind9/doc/arm/Bv9ARM.pdf stable/8/contrib/bind9/doc/arm/man.arpaname.html stable/8/contrib/bind9/doc/arm/man.ddns-confgen.html stable/8/contrib/bind9/doc/arm/man.dig.html stable/8/contrib/bind9/doc/arm/man.dnssec-dsfromkey.html stable/8/contrib/bind9/doc/arm/man.dnssec-keyfromlabel.html stable/8/contrib/bind9/doc/arm/man.dnssec-keygen.html stable/8/contrib/bind9/doc/arm/man.dnssec-revoke.html stable/8/contrib/bind9/doc/arm/man.dnssec-settime.html stable/8/contrib/bind9/doc/arm/man.dnssec-signzone.html stable/8/contrib/bind9/doc/arm/man.genrandom.html stable/8/contrib/bind9/doc/arm/man.host.html stable/8/contrib/bind9/doc/arm/man.isc-hmac-fixup.html stable/8/contrib/bind9/doc/arm/man.named-checkconf.html stable/8/contrib/bind9/doc/arm/man.named-checkzone.html stable/8/contrib/bind9/doc/arm/man.named-journalprint.html stable/8/contrib/bind9/doc/arm/man.named.html stable/8/contrib/bind9/doc/arm/man.nsec3hash.html stable/8/contrib/bind9/doc/arm/man.nsupdate.html stable/8/contrib/bind9/doc/arm/man.rndc-confgen.html stable/8/contrib/bind9/doc/arm/man.rndc.conf.html stable/8/contrib/bind9/doc/arm/man.rndc.html stable/8/contrib/bind9/doc/arm/pkcs11.xml stable/8/contrib/bind9/doc/misc/options stable/8/contrib/bind9/isc-config.sh.in stable/8/contrib/bind9/lib/Makefile.in stable/8/contrib/bind9/lib/bind9/Makefile.in stable/8/contrib/bind9/lib/bind9/api stable/8/contrib/bind9/lib/bind9/check.c stable/8/contrib/bind9/lib/dns/Makefile.in stable/8/contrib/bind9/lib/dns/acache.c stable/8/contrib/bind9/lib/dns/acl.c stable/8/contrib/bind9/lib/dns/adb.c stable/8/contrib/bind9/lib/dns/api stable/8/contrib/bind9/lib/dns/cache.c stable/8/contrib/bind9/lib/dns/client.c stable/8/contrib/bind9/lib/dns/db.c stable/8/contrib/bind9/lib/dns/diff.c stable/8/contrib/bind9/lib/dns/dispatch.c stable/8/contrib/bind9/lib/dns/dlz.c stable/8/contrib/bind9/lib/dns/dns64.c stable/8/contrib/bind9/lib/dns/dnssec.c stable/8/contrib/bind9/lib/dns/dst_api.c stable/8/contrib/bind9/lib/dns/dst_internal.h stable/8/contrib/bind9/lib/dns/dst_openssl.h stable/8/contrib/bind9/lib/dns/ecdb.c stable/8/contrib/bind9/lib/dns/gen.c stable/8/contrib/bind9/lib/dns/gssapi_link.c stable/8/contrib/bind9/lib/dns/gssapictx.c stable/8/contrib/bind9/lib/dns/hmac_link.c stable/8/contrib/bind9/lib/dns/include/dns/Makefile.in stable/8/contrib/bind9/lib/dns/include/dns/acache.h stable/8/contrib/bind9/lib/dns/include/dns/db.h stable/8/contrib/bind9/lib/dns/include/dns/masterdump.h stable/8/contrib/bind9/lib/dns/include/dns/message.h stable/8/contrib/bind9/lib/dns/include/dns/name.h stable/8/contrib/bind9/lib/dns/include/dns/ncache.h stable/8/contrib/bind9/lib/dns/include/dns/nsec.h stable/8/contrib/bind9/lib/dns/include/dns/nsec3.h stable/8/contrib/bind9/lib/dns/include/dns/rdata.h stable/8/contrib/bind9/lib/dns/include/dns/result.h stable/8/contrib/bind9/lib/dns/include/dns/rpz.h stable/8/contrib/bind9/lib/dns/include/dns/types.h stable/8/contrib/bind9/lib/dns/include/dns/validator.h stable/8/contrib/bind9/lib/dns/include/dns/view.h stable/8/contrib/bind9/lib/dns/include/dns/zone.h stable/8/contrib/bind9/lib/dns/include/dst/dst.h stable/8/contrib/bind9/lib/dns/include/dst/gssapi.h stable/8/contrib/bind9/lib/dns/journal.c stable/8/contrib/bind9/lib/dns/keydata.c stable/8/contrib/bind9/lib/dns/master.c stable/8/contrib/bind9/lib/dns/masterdump.c stable/8/contrib/bind9/lib/dns/message.c stable/8/contrib/bind9/lib/dns/name.c stable/8/contrib/bind9/lib/dns/ncache.c stable/8/contrib/bind9/lib/dns/nsec.c stable/8/contrib/bind9/lib/dns/nsec3.c stable/8/contrib/bind9/lib/dns/openssl_link.c stable/8/contrib/bind9/lib/dns/openssldh_link.c stable/8/contrib/bind9/lib/dns/openssldsa_link.c stable/8/contrib/bind9/lib/dns/opensslecdsa_link.c stable/8/contrib/bind9/lib/dns/opensslgost_link.c stable/8/contrib/bind9/lib/dns/opensslrsa_link.c stable/8/contrib/bind9/lib/dns/peer.c stable/8/contrib/bind9/lib/dns/portlist.c stable/8/contrib/bind9/lib/dns/rbt.c stable/8/contrib/bind9/lib/dns/rbtdb.c stable/8/contrib/bind9/lib/dns/rcode.c stable/8/contrib/bind9/lib/dns/rdata.c stable/8/contrib/bind9/lib/dns/rdata/any_255/tsig_250.c stable/8/contrib/bind9/lib/dns/rdata/ch_3/a_1.c stable/8/contrib/bind9/lib/dns/rdata/generic/afsdb_18.c stable/8/contrib/bind9/lib/dns/rdata/generic/dlv_32769.c stable/8/contrib/bind9/lib/dns/rdata/generic/dnskey_48.c stable/8/contrib/bind9/lib/dns/rdata/generic/hip_55.c stable/8/contrib/bind9/lib/dns/rdata/generic/ipseckey_45.c stable/8/contrib/bind9/lib/dns/rdata/generic/isdn_20.c stable/8/contrib/bind9/lib/dns/rdata/generic/key_25.c stable/8/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c stable/8/contrib/bind9/lib/dns/rdata/generic/mx_15.c stable/8/contrib/bind9/lib/dns/rdata/generic/opt_41.c stable/8/contrib/bind9/lib/dns/rdata/generic/rrsig_46.c stable/8/contrib/bind9/lib/dns/rdata/generic/rt_21.c stable/8/contrib/bind9/lib/dns/rdata/generic/soa_6.c stable/8/contrib/bind9/lib/dns/rdata/generic/spf_99.c stable/8/contrib/bind9/lib/dns/rdata/generic/sshfp_44.c stable/8/contrib/bind9/lib/dns/rdata/generic/txt_16.c stable/8/contrib/bind9/lib/dns/rdata/hs_4/a_1.c stable/8/contrib/bind9/lib/dns/rdata/in_1/a6_38.c stable/8/contrib/bind9/lib/dns/rdata/in_1/a_1.c stable/8/contrib/bind9/lib/dns/rdata/in_1/aaaa_28.c stable/8/contrib/bind9/lib/dns/rdata/in_1/apl_42.c stable/8/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c stable/8/contrib/bind9/lib/dns/rdata/in_1/nsap_22.c stable/8/contrib/bind9/lib/dns/rdata/in_1/wks_11.c stable/8/contrib/bind9/lib/dns/rdataslab.c stable/8/contrib/bind9/lib/dns/request.c stable/8/contrib/bind9/lib/dns/resolver.c stable/8/contrib/bind9/lib/dns/result.c stable/8/contrib/bind9/lib/dns/rootns.c stable/8/contrib/bind9/lib/dns/rpz.c stable/8/contrib/bind9/lib/dns/sdb.c stable/8/contrib/bind9/lib/dns/sdlz.c stable/8/contrib/bind9/lib/dns/spnego.c stable/8/contrib/bind9/lib/dns/spnego_asn1.c stable/8/contrib/bind9/lib/dns/ssu.c stable/8/contrib/bind9/lib/dns/ssu_external.c stable/8/contrib/bind9/lib/dns/time.c stable/8/contrib/bind9/lib/dns/tkey.c stable/8/contrib/bind9/lib/dns/tsig.c stable/8/contrib/bind9/lib/dns/ttl.c stable/8/contrib/bind9/lib/dns/validator.c stable/8/contrib/bind9/lib/dns/view.c stable/8/contrib/bind9/lib/dns/xfrin.c stable/8/contrib/bind9/lib/dns/zone.c stable/8/contrib/bind9/lib/export/dns/Makefile.in stable/8/contrib/bind9/lib/export/irs/Makefile.in stable/8/contrib/bind9/lib/export/isc/Makefile.in stable/8/contrib/bind9/lib/export/isc/include/isc/Makefile.in stable/8/contrib/bind9/lib/export/isc/nls/Makefile.in stable/8/contrib/bind9/lib/export/isc/nothreads/Makefile.in stable/8/contrib/bind9/lib/export/isc/pthreads/Makefile.in stable/8/contrib/bind9/lib/export/isc/unix/Makefile.in stable/8/contrib/bind9/lib/export/isccfg/Makefile.in stable/8/contrib/bind9/lib/export/samples/Makefile.in stable/8/contrib/bind9/lib/export/samples/nsprobe.c stable/8/contrib/bind9/lib/export/samples/sample-async.c stable/8/contrib/bind9/lib/export/samples/sample-gai.c stable/8/contrib/bind9/lib/export/samples/sample-request.c stable/8/contrib/bind9/lib/export/samples/sample-update.c stable/8/contrib/bind9/lib/export/samples/sample.c stable/8/contrib/bind9/lib/irs/Makefile.in stable/8/contrib/bind9/lib/irs/api stable/8/contrib/bind9/lib/irs/dnsconf.c stable/8/contrib/bind9/lib/irs/getaddrinfo.c stable/8/contrib/bind9/lib/irs/getnameinfo.c stable/8/contrib/bind9/lib/irs/include/irs/Makefile.in stable/8/contrib/bind9/lib/irs/include/irs/resconf.h stable/8/contrib/bind9/lib/irs/resconf.c stable/8/contrib/bind9/lib/isc/Makefile.in stable/8/contrib/bind9/lib/isc/api stable/8/contrib/bind9/lib/isc/app_api.c stable/8/contrib/bind9/lib/isc/backtrace.c stable/8/contrib/bind9/lib/isc/base32.c stable/8/contrib/bind9/lib/isc/base64.c stable/8/contrib/bind9/lib/isc/buffer.c stable/8/contrib/bind9/lib/isc/commandline.c stable/8/contrib/bind9/lib/isc/hash.c stable/8/contrib/bind9/lib/isc/heap.c stable/8/contrib/bind9/lib/isc/hex.c stable/8/contrib/bind9/lib/isc/hmacmd5.c stable/8/contrib/bind9/lib/isc/hmacsha.c stable/8/contrib/bind9/lib/isc/include/isc/Makefile.in stable/8/contrib/bind9/lib/isc/include/isc/app.h stable/8/contrib/bind9/lib/isc/include/isc/buffer.h stable/8/contrib/bind9/lib/isc/include/isc/file.h stable/8/contrib/bind9/lib/isc/include/isc/hash.h stable/8/contrib/bind9/lib/isc/include/isc/list.h stable/8/contrib/bind9/lib/isc/include/isc/mem.h stable/8/contrib/bind9/lib/isc/include/isc/namespace.h stable/8/contrib/bind9/lib/isc/include/isc/platform.h.in stable/8/contrib/bind9/lib/isc/include/isc/radix.h stable/8/contrib/bind9/lib/isc/include/isc/region.h stable/8/contrib/bind9/lib/isc/include/isc/sockaddr.h stable/8/contrib/bind9/lib/isc/include/isc/socket.h stable/8/contrib/bind9/lib/isc/include/isc/stdio.h stable/8/contrib/bind9/lib/isc/include/isc/task.h stable/8/contrib/bind9/lib/isc/include/isc/timer.h stable/8/contrib/bind9/lib/isc/inet_aton.c stable/8/contrib/bind9/lib/isc/inet_pton.c stable/8/contrib/bind9/lib/isc/lex.c stable/8/contrib/bind9/lib/isc/log.c stable/8/contrib/bind9/lib/isc/md5.c stable/8/contrib/bind9/lib/isc/mem.c stable/8/contrib/bind9/lib/isc/netaddr.c stable/8/contrib/bind9/lib/isc/nothreads/Makefile.in stable/8/contrib/bind9/lib/isc/parseint.c stable/8/contrib/bind9/lib/isc/pthreads/thread.c stable/8/contrib/bind9/lib/isc/radix.c stable/8/contrib/bind9/lib/isc/random.c stable/8/contrib/bind9/lib/isc/ratelimiter.c stable/8/contrib/bind9/lib/isc/sha1.c stable/8/contrib/bind9/lib/isc/sha2.c stable/8/contrib/bind9/lib/isc/sockaddr.c stable/8/contrib/bind9/lib/isc/sparc64/include/isc/atomic.h stable/8/contrib/bind9/lib/isc/stats.c stable/8/contrib/bind9/lib/isc/string.c stable/8/contrib/bind9/lib/isc/strtoul.c stable/8/contrib/bind9/lib/isc/symtab.c stable/8/contrib/bind9/lib/isc/task.c stable/8/contrib/bind9/lib/isc/taskpool.c stable/8/contrib/bind9/lib/isc/timer.c stable/8/contrib/bind9/lib/isc/timer_api.c stable/8/contrib/bind9/lib/isc/unix/app.c stable/8/contrib/bind9/lib/isc/unix/entropy.c stable/8/contrib/bind9/lib/isc/unix/file.c stable/8/contrib/bind9/lib/isc/unix/ifiter_getifaddrs.c stable/8/contrib/bind9/lib/isc/unix/ifiter_ioctl.c stable/8/contrib/bind9/lib/isc/unix/ifiter_sysctl.c stable/8/contrib/bind9/lib/isc/unix/include/isc/Makefile.in stable/8/contrib/bind9/lib/isc/unix/include/isc/time.h stable/8/contrib/bind9/lib/isc/unix/interfaceiter.c stable/8/contrib/bind9/lib/isc/unix/net.c stable/8/contrib/bind9/lib/isc/unix/socket.c stable/8/contrib/bind9/lib/isc/unix/stdio.c stable/8/contrib/bind9/lib/isc/unix/time.c stable/8/contrib/bind9/lib/isccc/api stable/8/contrib/bind9/lib/isccc/base64.c stable/8/contrib/bind9/lib/isccc/cc.c stable/8/contrib/bind9/lib/isccc/include/isccc/util.h stable/8/contrib/bind9/lib/isccc/sexpr.c stable/8/contrib/bind9/lib/isccfg/Makefile.in stable/8/contrib/bind9/lib/isccfg/aclconf.c stable/8/contrib/bind9/lib/isccfg/api stable/8/contrib/bind9/lib/isccfg/include/isccfg/cfg.h stable/8/contrib/bind9/lib/isccfg/include/isccfg/grammar.h stable/8/contrib/bind9/lib/isccfg/namedconf.c stable/8/contrib/bind9/lib/isccfg/parser.c stable/8/contrib/bind9/lib/lwres/api stable/8/contrib/bind9/lib/lwres/context.c stable/8/contrib/bind9/lib/lwres/getaddrinfo.c stable/8/contrib/bind9/lib/lwres/gethost.c stable/8/contrib/bind9/lib/lwres/getipnode.c stable/8/contrib/bind9/lib/lwres/getnameinfo.c stable/8/contrib/bind9/lib/lwres/getrrset.c stable/8/contrib/bind9/lib/lwres/herror.c stable/8/contrib/bind9/lib/lwres/lwbuffer.c stable/8/contrib/bind9/lib/lwres/lwconfig.c stable/8/contrib/bind9/lib/lwres/lwinetaton.c stable/8/contrib/bind9/lib/lwres/lwinetpton.c stable/8/contrib/bind9/lib/lwres/lwres_gabn.c stable/8/contrib/bind9/lib/lwres/lwres_gnba.c stable/8/contrib/bind9/lib/lwres/lwres_grbn.c stable/8/contrib/bind9/lib/lwres/lwres_noop.c stable/8/contrib/bind9/lib/lwres/lwresutil.c stable/8/contrib/bind9/lib/lwres/print.c stable/8/contrib/bind9/lib/lwres/strtoul.c stable/8/contrib/bind9/ltmain.sh stable/8/contrib/bind9/make/mkdep.in stable/8/contrib/bind9/make/rules.in stable/8/contrib/bind9/version stable/8/lib/bind/config.h stable/8/lib/bind/dns/code.h stable/8/lib/bind/dns/dns/enumclass.h stable/8/lib/bind/dns/dns/enumtype.h stable/8/lib/bind/dns/dns/rdatastruct.h stable/8/lib/bind/isc/Makefile stable/8/lib/bind/isc/isc/platform.h stable/8/usr.sbin/named/Makefile Directory Properties: stable/8/contrib/bind9/ (props changed) stable/8/lib/bind/ (props changed) stable/8/usr.sbin/named/ (props changed) Modified: stable/8/contrib/bind9/CHANGES ============================================================================== --- stable/8/contrib/bind9/CHANGES Mon Mar 3 09:18:19 2014 (r262706) +++ stable/8/contrib/bind9/CHANGES Mon Mar 3 09:57:04 2014 (r262707) @@ -1,20 +1,668 @@ - --- 9.8.4-P2 released --- + --- 9.8.7 released --- -3516. [security] Removed the check for regex.h in configure in order - to disable regex syntax checking, as it exposes - BIND to a critical flaw in libregex on some - platforms. [RT #32688] + --- 9.8.7rc2 released --- - --- 9.8.4-P1 released --- +3710. [bug] Address double dns_zone_detach when switching to + using automatic empty zones from regular zones. + [RT #35177] -3407. [security] Named could die on specific queries with dns64 enabled. - [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.] +3707. [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND + on a missing resolv.conf file and initializes the + structure as if it had been configured with: - --- 9.8.4 released --- + nameserver ::1 + nameserver 127.0.0.1 + + Note: Callers will need to be updated to treat + ISC_R_FILENOTFOUND as a qualified success or else + they will leak memory. The following code fragment + will work with both old and new versions without + changing the behaviour of the existing code. + + resconf = NULL; + result = irs_resconf_load(mctx, "/etc/resolv.conf", + &resconf); + if (result != ISC_SUCCESS) { + if (resconf != NULL) + irs_resconf_destroy(&resconf); + .... + } + + [RT #35194] + +3706. [contrib] queryperf: Fixed a possible integer overflow when + printing results. [RT #35182] + +3704. [protocol] Accept integer timestamps in RRSIG records. [RT #35185] + + --- 9.8.7rc1 released --- + +3701. [func] named-checkconf can now suppress the printing of + shared secrets by specifying '-x'. [RT #34465] + +3698. [cleanup] Replaced all uses of memcpy() with memmove(). + [RT #35120] + +3697. [bug] Handle "." as a search list element when IDN support + is enabled. [RT #35133] + +3696. [bug] dig failed to handle AXFR style IXFR responses which + span multiple messages. [RT #35137] + +3695. [bug] Address a possible race in dispatch.c. [RT #35107] + +3694. [bug] Warn when a key-directory is configured for a zone, + but does not exist or is not a directory. [RT #35108] + +3693. [security] memcpy was incorrectly called with overlapping + ranges resulting in malformed names being generated + on some platforms. This could cause INSIST failures + when serving NSEC3 signed zones (CVE-2014-0591). + [RT #35120] + +3692. [bug] Two calls to dns_db_getoriginnode were fatal if there + was no data at the node. [RT #35080] + +3689. [bug] Fixed a bug causing an insecure delegation from one + static-stub zone to another to fail with a broken + trust chain. [RT #35081] + + --- 9.8.7b1 released --- + +3688. [bug] loadnode could return a freed node on out of memory. + [RT #35106] + +3683. [cleanup] Add a more detailed "not found" message to rndc + commands which specify a zone name. [RT #35059] + +3681. [port] Update the Windows build system to support feature + selection and WIN64 builds. This is a work in + progress. [RT #34160] + +3679. [bug] dig could fail to clean up TCP sockets still + waiting on connect(). [RT #35074] + +3678. [port] Update config.guess and config.sub. [RT #35060] + +3677. [bug] 'nsupdate' leaked memory if 'realm' was used multiple + times. [RT #35073] + +3676. [bug] "named-checkconf -z" now checks zones of type + hint as well as master. [RT #35046] + +3675. [misc] Provide a place for third parties to add version + information for their extensions in the version + file by setting the EXTENSIONS variable. + +3670. [bug] Address read after free in server side of + lwres_getrrsetbyname. [RT #29075] + +3669. [port] freebsd: --with-gssapi needs -lhx509. [RT #35001] + +3668. [bug] Fix cast in lex.c which could see 0xff treated as eof. + [RT #34993] +3667. [test] dig: add support to keep the TCP socket open between + successive queries (+[no]keepopen). [RT #34918] + +3664. [bug] Updated OpenSSL PKCS#11 patches to fix active list + locking and other bugs. [RT #34855] + +3663. [bug] Address bugs in dns_rdata_fromstruct and + dns_rdata_tostruct for WKS and ISDN types. [RT #34910] + +3662. [bug] 'host' could die if a UDP query timed out. [RT #34870] + +3660. [cleanup] Changed the name of "isc-config.sh" to "bind9-config". + [RT #23825] + +3658. [port] linux: Address platform specific compilation issue + when libcap-devel is installed. [RT #34838] + +3656. [security] Treat an all zero netmask as invalid when generating + the localnets acl. (The prior behavior could + allow unexpected matches when using some versions + of Winsock: CVE-2013-6320.) [RT #34687] + +3655. [cleanup] Simplify TCP message processing when requesting a + zone transfer. [RT #34825] + +3654. [bug] Address race condition with manual notify requests. + [RT #34806] + +3653. [func] Create delegations for all "children" of empty zones + except "forward first". [RT #34826] + +3651. [tuning] Adjust when a master server is deemed unreachable. + [RT #27075] + +3650. [tuning] Use separate rate limiting queues for refresh and + notify requests. [RT #30589] + +3649. [cleanup] Include a comment in .nzf files, giving the name of + the associated view. [RT #34765] + +3648. [test] Updated the ATF test framework to version 0.17. + [RT #25627] + +3646. [bug] Journal filename string could be set incorrectly, + causing garbage in log messages. [RT #34738] + +3645. [protocol] Use case sensitive compression when responding to + queries. [RT #34737] + +3644. [protocol] Check that EDNS subnet client options are well formed. + [RT #34718] + +3641. [bug] Handle changes to sig-validity-interval settings + better. [RT #34625] + +3640. [bug] ndots was not being checked when searching. Only + continue searching on NXDOMAIN responses. Add the + ability to specify ndots to nslookup. [RT #34711] + +3639. [bug] Treat type 65533 (KEYDATA) as opaque except when used + in a key zone. [RT #34238] + + --- 9.8.6 released --- + +3638. [cleanup] Add the ability to handle ENOPROTOOPT in case it is + encountered. [RT #34668] + + --- 9.8.6rc2 released --- + +3637. [bug] 'allow-query-on' was checking the source address + rather than the destination address. [RT #34590] + +3636. [bug] Automatic empty zones now behave better with + forward only "zones" beneath them. [RT #34583] + +3635. [bug] Signatures were not being removed from a zone with + only KSK keys for a algorithm. [RT #34439] + +3634. [func] Report build-id in rndc status. Report build-id + when building from a git repository. [RT #20422] + +3633. [cleanup] Refactor OPT processing in named to make it easier + to support new EDNS options. [RT #34414] + +3632. [bug] Signature from newly inactive keys were not being + removed. [RT #32178] + +3631. [bug] Remove spurious warning about missing signatures when + qtype is SIG. [RT #34600] + +3630. [bug] Ensure correct ID computation for MD5 keys. [RT #33033] + +3627. [bug] RPZ changes were not effective on slaves. [RT #34450] + +3625. [bug] Don't send notify messages to machines outside of the + test setup. + + --- 9.8.6rc1 released --- + +3621. [security] Incorrect bounds checking on private type 'keydata' + can lead to a remotely triggerable REQUIRE failure + (CVE-2013-4854). [RT #34238] + +3615. [cleanup] "configure" now finishes by printing a summary + of optional BIND features and whether they are + active or inactive. ("configure --enable-full-report" + increases the verbosity of the summary.) [RT #31777] + +3614. [port] Check for . [RT #34162] + +3611. [bug] Improved resistance to a theoretical authentication + attack based on differential timing. [RT #33939] + +3610. [cleanup] win32: Some executables had been omitted from the + installer. [RT #34116] + +3608. [port] win32: added todos.pl script to ensure all text files + the win32 build depends on are converted to DOS + newline format. [RT #22067] + +3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error + message. [RT #34045] + + --- 9.8.6b1 released --- + +3605. [port] win32: Addressed several compatibility issues + with newer versions of Visual Studio. [RT #33916] + +3603. [bug] Install . [RT #33956] + +3601. [bug] Added to PKCS#11 openssl patches a value len + attribute in DH derive key. [RT #33928] + +3600. [cleanup] dig: Fixed a typo in the warning output when receiving + an oversized response. [RT #33910] + +3599. [tuning] Check for pointer equivalence in name comparisons. + [RT #18125] + +3594. [maint] Update config.guess and config.sub. [RT #33816] + +3592. [doc] Moved documentation of rndc command options to the + rndc man page. [RT #33506] + +3588. [bug] dig: addressed a memory leak in the sigchase code + that could cause a shutdown crash. [RT #33733] + +3587. [func] 'named -g' now checks the logging configuration but + does not use it. [RT #33473] + +3586. [bug] Handle errors in xmlDocDumpFormatMemoryEnc. [RT #33706] + +3584. [security] Caching data from an incompletely signed zone could + trigger an assertion failure in resolver.c + (CVE-2013-3919). [RT #33690] + +3583. [bug] Address memory leak in GSS-API processing [RT #33574] + +3581. [bug] Changed the tcp-listen-queue default to 10. [RT #33029] + +3580. [bug] Addressed a possible race in acache.c [RT #33602] + +3579. [maint] Updates to PKCS#11 openssl patches, supporting + versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463] + +3578. [bug] 'rndc -c file' now fails if 'file' does not exist. + [RT #33571] + +3577. [bug] Handle zero TTL values better. [RT #33411] + +3576. [bug] Address a shutdown race when validating. [RT #33573] + +3574. [doc] The 'hostname' keyword was missing from server-id + description in the named.conf man page. [RT #33476] + +3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled + zone names containing punctuation marks and other + nonstandard characters. [RT #33419] + +3571. [bug] Address race condition in dns_client_startresolve(). + [RT #33234] + +3566. [func] Log when forwarding updates to master. [RT #33240] + + --- 9.8.5 released --- + +3568. [cleanup] Add a product description line to the version file, + to be reported by named -v/-V. [RT #33366] + +3567. [bug] Silence clang static analyzer warnings. [RT #33365] + +3563. [contrib] zone2sqlite failed with some table names. [RT #33375] + +3561. [bug] dig: issue a warning if an EDNS query returns FORMERR + or NOTIMP. Adjust usage message. [RT #33363] + + --- 9.8.5rc1 released --- + +3560. [bug] isc-config.sh did not honor includedir and libdir + when set via configure. [RT #33345] + +3559. [func] Check that both forms of Sender Policy Framework + records exist or do not exist. [RT #33355] + +3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331] + +3556. [maint] Added AAAA for D.ROOT-SERVERS.NET. + +3555. [bug] Address theoretical race conditions in acache.c + (change #3553 was incomplete). [RT #33252] + +3553. [bug] Address suspected double free in acache. [RT #33252] + +3552. [bug] Wrong getopt option string for 'nsupdate -r'. + [RT #33280] + +3549. [doc] Documentation for "request-nsid" was missing. + [RT #33153] + +3548. [bug] The NSID request code in resolver.c was broken + resulting in invalid EDNS options being sent. + [RT #33153] + +3547. [bug] Some malformed unknown rdata records were not properly + detected and rejected. [RT #33129] + +3056. [func] Added support for URI resource record. [RT #23386] + + --- 9.8.5rc1 released --- + +3546. [func] Add EUI48 and EUI64 types. [RT #33082] + +3544. [contrib] check5011.pl: Script to report the status of + managed keys as recorded in managed-keys.bind. + Contributed by Tony Finch + +3543. [bug] Update socket structure before attaching to socket + manager after accept. [RT #33084] + +3542. [bug] masterformat system test was broken. [RT #33086] + +3541. [bug] Parts of libdns were not properly initialized when + built in libexport mode. [RT #33028] + +3540. [test] libt_api: t_info and t_assert were not thread safe. + +3539. [port] win32: timestamp format didn't match other platforms. + +3538. [test] Running "make test" now requires loopback interfaces + to be set up. [RT #32452] + +3537. [tuning] Slave zones, when updated, now send NOTIFY messages + to peers before being dumped to disk rather than + after. [RT #27242] + +3535. [bug] Minor win32 cleanups. [RT #32962] + +3534. [bug] Extra text after an embedded NULL was ignored when + parsing zone files. [RT #32699] + +3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960] + +3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960] + +3531. [bug] win32: A uninitialized value could be returned on out + of memory. [RT #32960] + +3530. [contrib] Better RTT tracking in queryperf. [RT #30128] + +3526. [cleanup] Set up dependencies for unit tests correctly during + build. [RT #32803] + +3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249] + +3520. [bug] 'mctx' was not being referenced counted in some places + where it should have been. [RT #32794] + + --- 9.8.5b2 released --- + +3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777] + +3515. [port] '%T' is not portable in strftime(). [RT #32763] + +3514. [bug] The ranges for valid key sizes in ddns-confgen and + rndc-confgen were too constrained. Keys up to 512 + bits are now allowed for most algorithms, and up + to 1024 bits for hmac-sha384 and hmac-sha512. + [RT #32753] + +3509. [cleanup] Added a product line to version file to allow for + easy naming of different products (BIND + vs BIND ESV, for example). [RT #32755] + +3508. [contrib] queryperf was incorrectly rejecting the -T option. + [RT #32338] + +3503. [doc] Clarify size_spec syntax. [RT #32449] + +3500. [security] Support NAPTR regular expression validation on + all platforms without using libregex, which + can be vulnerable to memory exhaustion attack + (CVE-2013-2266). [RT #32688] + +3499. [doc] Corrected ARM documentation of built-in zones. + [RT #32694] + +3498. [bug] zone statistics for zones which matched a potential + empty zone could have their zone-statistics setting + overridden. + +3496. [func] Improvements to RPZ performance. The "response-policy" + syntax now includes a "min-ns-dots" clause, with + default 1, to exclude top-level domains from + NSIP and NSDNAME checking. --enable-rpz-nsip and + --enable-rpz-nsdname are now the default. [RT #32251] + +3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT. + When cloning a rdataset do not copy the link contents. + [RT #32651] + +3488. [bug] Use after free error with DH generated keys. [RT #32649] + +3487. [bug] Change 3444 was not complete. There was a additional + place where the NOQNAME proof needed to be saved. + [RT #32629] + +3486. [bug] named could crash when using TKEY-negotiated keys + that had been deleted and then recreated. [RT #32506] + +3485. [cleanup] Only compile openssl_gostlink.c if we support GOST. + +3481. [cleanup] Removed use of const const in atf. + +3479. [bug] Address potential memory leaks in gssapi support + code. [RT #32405] + +3478. [port] Fix a build failure in strict C99 environments + [RT #32475] + +3474. [bug] nsupdate could assert when the local and remote + address families didn't match. [RT #22897] + +3470. [bug] Slave zones could fail to dump when successfully + refreshing after an initial failure. [RT #31276] + + --- 9.8.5b1 released --- + +3468. [security] RPZ rules to generate A records (but not AAAA records) + could trigger an assertion failure when used in + conjunction with DNS64 (CVE-2012-5689). [RT #32141] + +3467. [bug] Added checks in dnssec-keygen and dnssec-settime + to check for delete date < inactive date. [RT #31719] + +3465. [bug] Handle isolated reserved ports. [RT #31778] + +3464. [maint] Updates to PKCS#11 openssl patches, supporting + versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749] + +3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232] + +3462. [doc] Clarify server selection behavior of dig when using + -4 or -6 options. [RT #32181] + +3461. [bug] Negative responses could incorrectly have AD=1 + set. [RT #32237] + +3458. [bug] Return FORMERR when presented with a overly long + domain named in a request. [RT #29682] + +3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836] + +3456. [port] g++47: ATF failed to compile. [RT #32012] + +3455. [contrib] queryperf: fix getopt option list. [RT #32338] + +3454. [port] sparc64: improve atomic support. [RT #25182] + +3452. [bug] Accept duplicate singleton records. [RT #32329] + +3451. [port] Increase per thread stack size from 64K to 1M. + [RT #32230] + +3450. [bug] Stop logfileconfig system test spam system logs. + [RT #32315] + +3449. [bug] gen.c: use the pre-processor to construct format + strings so that compiler can perform sanity checks; + check the snprintf results. [RT #17576] + +3448. [bug] The allow-query-on ACL was not processed correctly. + [RT #29486] + +3447. [port] Add support for libxml2-2.9.x [RT #32231] + +3446. [port] win32: Add source ID (see change #3400) to build. + [RT #31683] + +3445. [bug] Warn about zone files with blank owner names + immediately after $ORIGIN directives. [RT #31848] + +3444. [bug] The NOQNAME proof was not being returned from cached + insecure responses. [RT #21409] + +3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly + rejected when generating keys. [RT #31927] + +3442. [port] Net::DNS 0.69 introduced a non backwards compatible + change. [RT #32216] + +3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13. + +3440. [bug] Reorder get_key_struct to not trigger a assertion when + cleaning up due to out of memory error. [RT #32131] + +3439. [bug] contrib/dlz error checking fixes. [RT #32102] + +3438. [bug] Don't accept unknown data escape in quotes. [RT #32031] + +3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize + buffers with constant data. [RT #32064] + +3436. [bug] Check malloc/calloc return values. [RT #32088] + +3435. [bug] Cross compilation support in configure was broken. + [RT #32078] + +3431. [bug] ddns-confgen: Some valid key algorithms were + not accepted. [RT #31927] + +3430. [bug] win32: isc_time_formatISO8601 was missing the + 'T' between the date and time. [RT #32044] + +3429. [bug] dns_zone_getserial2 could a return success without + returning a valid serial. [RT #32007] + +3428. [cleanup] dig: Add timezone to date output. [RT #2269] + +3427. [bug] dig +trace incorrectly displayed name server + addresses instead of names. [RT #31641] + +3425. [bug] "acacheentry" reference counting was broken resulting + in use after free. [RT #31908] + +3422. [bug] Added a clear error message for when the SOA does not + match the referral. [RT #31281] + +3421. [bug] Named loops when re-signing if all keys are offline. + [RT #31916] + +3420. [bug] Address VPATH compilation issues. [RT #31879] + +3419. [bug] Memory leak on validation cancel. [RT #31869] + +3415. [bug] named could die with a REQUIRE failure if a validation + was canceled. [RT #31804] + +3412. [bug] Copy timeval structure from control message data. + [RT #31548] + +3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition + to UDP. [RT #31690] + +3410. [bug] Addressed Coverity warnings. [RT #31626] + +3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's + from X.509 certificates, for use with DANE + (DNS-based Authentication of Named Entities). + [RT #30513] + +3406. [bug] mem.c: Fix compilation errors when building with + ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled. + Also, ISC_MEM_DEBUG is no longer optional. [RT #31559] + +3405. [bug] Handle time going backwards in acache. [RT #31253] + +3404. [bug] dnssec-signzone: When re-signing a zone, remove + RRSIG and NSEC records from nodes that used to be + in-zone but are now below a zone cut. [RT #31556] + +3403. [bug] Silence noisy OpenSSL logging. [RT #31497] + +3402. [test] The IPv6 interface numbers used for system + tests were incorrect on some platforms. [RT #25085] + +3401. [bug] Addressed Coverity warnings. [RT #31484] + +3400. [cleanup] "named -V" can now report a source ID string, defined + in the "srcid" file in the build tree and normally set + to the most recent git hash. [RT #31494] + +3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298] + +3396. [bug] OPT records were incorrectly removed from signed, + truncated responses. [RT #31439] + +3395. [protocol] Add RFC 6598 reverse zones to built in empty zones + list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA. + [RT #31336] + +3394. [bug] Adjust 'successfully validated after lower casing + signer' log level and category. [RT #31414] + +3393. [bug] 'host -C' could core dump if REFUSED was received. + [RT #31381] + +3391. [bug] A DNSKEY lookup that encountered a CNAME failed. + [RT #31262] + +3390. [bug] Silence clang compiler warnings. [RT #30417] + +3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275] + +3388. [bug] Fixed several Coverity warnings. + Note: This change includes a fix for a bug that + was subsequently determined to be an exploitable + security vulnerability, CVE-2012-5688: named could + die on specific queries with dns64 enabled. + [RT #30996] + +3386. [bug] Address locking violation when generating new NSEC / + NSEC3 chains. [RT #31224] + +3384. [bug] Improved logging of crypto errors. [RT #30963] 3383. [security] A certain combination of records in the RBT could - cause named to hang while populating the additional - section of a response. [RT #31090] + cause named to hang while populating the additional + section of a response. [RT #31090] + +3382. [bug] SOA query from slave used use-v6-udp-ports range, + if set, regardless of the address family in use. + [RT #24173] + +3381. [contrib] Update queryperf to support more RR types. + [RT #30762] + +3380. [bug] named could die if a nonexistent master list was + referenced in a also-notify. [RT #31004] + +3379. [bug] isc_interval_zero and isc_time_epoch should be + "const (type)* const". [RT #31069] + +3378. [bug] Handle missing 'managed-keys-directory' better. + [RT #30625] + +3376. [bug] Lack of EDNS support was being recorded without a + successful response. [RT #30811] + +3375. [func] Check that 'rndc dumpdb' works on a empty cache. + [RT #30808] + +3374. [bug] isc_parse_uint32 failed to return a range error on + systems with 64 bit longs. [RT #30232] + +3372. [bug] Silence spurious "deleted from unreachable cache" + messages. [RT #30501] + +3371. [bug] AD=1 should behave like DO=1 when deciding whether to + add NS RRsets to the additional section or not. + [RT #30479] + + --- 9.8.4 released --- 3373. [bug] win32: open raw files in binary mode. [RT #30944] @@ -135,11 +783,11 @@ --- 9.8.3 released --- 3318. [tuning] Reduce the amount of work performed while holding a - bucket lock when finshed with a fetch context. + bucket lock when finished with a fetch context. [RT #29239] -3314. [bug] The masters list could be updated while refesh_callback - and stub_callback were using it. [RT #26732] +3314. [bug] The masters list could be updated while stub_callback + or refresh_callback were using it. [RT #26732] 3313. [protocol] Add TLSA record type. [RT #28989] @@ -151,7 +799,7 @@ 3310. [test] Increase table size for mutex profiling. [RT #28809] -3309. [bug] resolver.c:fctx_finddone() was not threadsafe. +3309. [bug] resolver.c:fctx_finddone() was not thread safe. [RT #27995] 3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS. @@ -328,7 +976,7 @@ 3234. [bug] 'make depend' produced invalid makefiles. [RT #26830] -3231. [bug] named could fail to send a uncompressable zone. +3231. [bug] named could fail to send a incompressible zone. [RT #26796] 3230. [bug] 'dig axfr' failed to properly handle a multi-message @@ -345,7 +993,7 @@ 3226. [bug] Address minor resource leakages. [RT #26624] -3221. [bug] Fixed a potential coredump on shutdown due to +3221. [bug] Fixed a potential core dump on shutdown due to referencing fetch context after it's been freed. [RT #26720] @@ -369,7 +1017,7 @@ 3209. [func] Add "dnssec-lookaside 'no'". [RT #24858] -3208. [bug] 'dig -y' handle unknown tsig alorithm better. +3208. [bug] 'dig -y' handle unknown tsig algorithm better. [RT #25522] 3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444] @@ -672,7 +1320,7 @@ 3077. [bug] zone.c:zone_refreshkeys() incorrectly called dns_zone_attach(), use zone->irefs instead. [RT #23303] -3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant +3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent timestamp when determining which keys are active. [RT #23642] @@ -686,7 +1334,7 @@ 3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference. [RT #20256] -3071. [bug] has_nsec could be used unintialised in +3071. [bug] has_nsec could be used uninitialized in update.c:next_active. [RT #20256] 3070. [bug] dnssec-signzone potential NULL pointer dereference. @@ -732,7 +1380,7 @@ 3052. [test] Fixed last autosign test report. [RT #23256] -3051. [bug] NS records obsure DNAME records at the bottom of the +3051. [bug] NS records obscure DNAME records at the bottom of the zone if both are present. [RT #23035] 3050. [bug] The autosign system test was timing dependent. @@ -742,7 +1390,7 @@ 3049. [bug] Save and restore the gid when creating creating named.pid at startup. [RT #23290] -3048. [bug] Fully separate view key mangement. [RT #23419] +3048. [bug] Fully separate view key management. [RT #23419] 3047. [bug] DNSKEY NODATA responses not cached fixed in validator.c. Tests added to dnssec system test. @@ -1079,7 +1727,7 @@ no data response. [RT #21744] 2952. [port] win32: named-checkzone and named-checkconf failed - to initialise winsock. [RT #21932] + to initialize winsock. [RT #21932] 2951. [bug] named failed to generate a correct signed response in a optout, delegation only zone with no secure @@ -1125,7 +1773,7 @@ in use. [RT# 21868] 2938. [bug] When generating signed responses, from a signed zone - that uses NSEC3, named would use a uninitialised + that uses NSEC3, named would use a uninitialized pointer if it needed to skip a NSEC3 record because it didn't match the selected NSEC3PARAM record for zone. [RT# 21868] @@ -1179,7 +1827,7 @@ revisit the issue and complete the fix later. [RT #21710] -2930. [experimental] New "rndc addzone" and "rndc delzone" commads +2930. [experimental] New "rndc addzone" and "rndc delzone" commands allow dynamic addition and deletion of zones. To enable this feature, specify a "new-zone-file" option at the view or options level in named.conf. @@ -1355,7 +2003,7 @@ successfully responds to the query using plain DNS. [RT #20930] -2873. [bug] Cancelling a dynamic update via the dns/client module +2873. [bug] Canceling a dynamic update via the dns/client module could trigger an assertion failure. [RT #21133] 2872. [bug] Modify dns/client.c:dns_client_createx() to only @@ -1397,7 +2045,7 @@ 2860. [bug] named-checkconf's usage was out of date. [RT #21039] -2859. [bug] When cancelling validation it was possible to leak +2859. [bug] When canceling validation it was possible to leak memory. [RT #20800] 2858. [bug] RTT estimates were not being adjusted on ICMP errors. @@ -1950,7 +2598,7 @@ 2695. [func] DHCP/DDNS - update fdwatch code for use by DHCP. Modify the api to isc_sockfdwatch_t (the - callback functon for isc_socket_fdwatchcreate) + callback function for isc_socket_fdwatchcreate) to include information about the direction (read or write) and add isc_socket_fdwatchpoke. [RT #20253] @@ -2015,7 +2663,7 @@ sets the time when a key is no longer used for signing but is still published. - The "unpublished" date (-U) is deprecated in - favour of "deleted" (-D). + favor of "deleted" (-D). [RT #20247] 2676. [bug] --with-export-installdir should have been @@ -2461,7 +3109,7 @@ 2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] -2552. [bug] zero-no-soa-ttl-cache was not being honoured. +2552. [bug] zero-no-soa-ttl-cache was not being honored. [RT #19340] 2551. [bug] Potential Reference leak on return. [RT #19341] @@ -2514,7 +3162,7 @@ 2534. [func] Check NAPTR records regular expressions and replacement strings to ensure they are syntactically - valid and consistant. [RT #18168] + valid and consistent. [RT #18168] 2533. [doc] ARM: document @ (at-sign). [RT #17144] Modified: stable/8/contrib/bind9/COPYRIGHT ============================================================================== --- stable/8/contrib/bind9/COPYRIGHT Mon Mar 3 09:18:19 2014 (r262706) +++ stable/8/contrib/bind9/COPYRIGHT Mon Mar 3 09:57:04 2014 (r262707) @@ -1,4 +1,4 @@ -Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any @@ -13,8 +13,6 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.17.14.2 2012/01/04 23:46:18 tbox Exp $ - Portions of this code release fall under one or more of the following Copyright notices. Please see individual source files for details. @@ -99,11 +97,7 @@ are met: 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by the University of - California, Berkeley and its contributors. -4. Neither the name of the University nor the names of its contributors +3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -516,3 +510,29 @@ STRICT LIABILITY, OR TORT (INCLUDING NEG ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +----------------------------------------------------------------------------- + +Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + Modified: stable/8/contrib/bind9/FAQ ============================================================================== --- stable/8/contrib/bind9/FAQ Mon Mar 3 09:18:19 2014 (r262706) +++ stable/8/contrib/bind9/FAQ Mon Mar 3 09:57:04 2014 (r262707) @@ -1,6 +1,6 @@ Frequently Asked Questions about BIND 9 -Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright © 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC") Copyright © 2000-2003 Internet Software Consortium. @@ -869,7 +869,7 @@ A: If you run Tiger(Mac OS 10.4) or late Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.: key "rndc-key" { - algorithm hmac-md5; + algorithm hmac-sha256; secret "uvceheVuqf17ZwIcTydddw=="; }; Modified: stable/8/contrib/bind9/FAQ.xml ============================================================================== --- stable/8/contrib/bind9/FAQ.xml Mon Mar 3 09:18:19 2014 (r262706) +++ stable/8/contrib/bind9/FAQ.xml Mon Mar 3 09:57:04 2014 (r262707) @@ -1,7 +1,7 @@