From owner-svn-src-vendor@freebsd.org Tue Jul 28 17:20:36 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E38B9ADE12; Tue, 28 Jul 2015 17:20:36 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 29C14E07; Tue, 28 Jul 2015 17:20:36 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6SHKaJN028228; Tue, 28 Jul 2015 17:20:36 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6SHKaDb028227; Tue, 28 Jul 2015 17:20:36 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201507281720.t6SHKaDb028227@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Tue, 28 Jul 2015 17:20:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r285968 - vendor/libarchive/dist/libarchive X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 17:20:36 -0000 Author: bdrewery Date: Tue Jul 28 17:20:35 2015 New Revision: 285968 URL: https://svnweb.freebsd.org/changeset/base/285968 Log: Apply upstream changeset fa9e61: Fix --one-file-system to include the directory encountered rather than excluding it. Modified: vendor/libarchive/dist/libarchive/archive_read_disk_posix.c Modified: vendor/libarchive/dist/libarchive/archive_read_disk_posix.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_read_disk_posix.c Tue Jul 28 17:12:41 2015 (r285967) +++ vendor/libarchive/dist/libarchive/archive_read_disk_posix.c Tue Jul 28 17:20:35 2015 (r285968) @@ -974,7 +974,7 @@ next_entry(struct archive_read_disk *a, t->initial_filesystem_id = t->current_filesystem_id; if (!a->traverse_mount_points) { if (t->initial_filesystem_id != t->current_filesystem_id) - return (ARCHIVE_RETRY); + descend = 0; } t->descend = descend; From owner-svn-src-vendor@freebsd.org Tue Jul 28 17:48:37 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 59AE19AC9CF; Tue, 28 Jul 2015 17:48:37 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 488BD1958; Tue, 28 Jul 2015 17:48:37 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6SHmbcv041238; Tue, 28 Jul 2015 17:48:37 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6SHmZOO041232; Tue, 28 Jul 2015 17:48:35 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201507281748.t6SHmZOO041232@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Tue, 28 Jul 2015 17:48:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r285970 - in vendor/libarchive/dist: . libarchive libarchive/test X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 17:48:37 -0000 Author: bdrewery Date: Tue Jul 28 17:48:34 2015 New Revision: 285970 URL: https://svnweb.freebsd.org/changeset/base/285970 Log: Apply upstream changeset bf4f6ec64e: Fix issue 356: properly skip a sparse file entry in a tar file. Added: vendor/libarchive/dist/libarchive/test/test_read_format_gtar_sparse_skip_entry.c (contents, props changed) vendor/libarchive/dist/libarchive/test/test_read_format_gtar_sparse_skip_entry.tar.Z.uu Modified: vendor/libarchive/dist/Makefile.am vendor/libarchive/dist/libarchive/archive_read_support_format_tar.c vendor/libarchive/dist/libarchive/test/CMakeLists.txt Modified: vendor/libarchive/dist/Makefile.am ============================================================================== --- vendor/libarchive/dist/Makefile.am Tue Jul 28 17:32:14 2015 (r285969) +++ vendor/libarchive/dist/Makefile.am Tue Jul 28 17:48:34 2015 (r285970) @@ -395,6 +395,7 @@ libarchive_test_SOURCES= \ libarchive/test/test_read_format_gtar_gz.c \ libarchive/test/test_read_format_gtar_lzma.c \ libarchive/test/test_read_format_gtar_sparse.c \ + libarchive/test/test_read_format_gtar_sparse_skip_entry.c \ libarchive/test/test_read_format_iso_Z.c \ libarchive/test/test_read_format_iso_multi_extent.c \ libarchive/test/test_read_format_iso_xorriso.c \ @@ -622,6 +623,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_read_format_gtar_sparse_1_17_posix01.tar.uu \ libarchive/test/test_read_format_gtar_sparse_1_17_posix10.tar.uu \ libarchive/test/test_read_format_gtar_sparse_1_17_posix10_modified.tar.uu \ + libarchive/test/test_read_format_gtar_sparse_skip_entry.tar.Z.uu \ libarchive/test/test_read_format_iso.iso.Z.uu \ libarchive/test/test_read_format_iso_2.iso.Z.uu \ libarchive/test/test_read_format_iso_joliet.iso.Z.uu \ Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_tar.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_read_support_format_tar.c Tue Jul 28 17:32:14 2015 (r285969) +++ vendor/libarchive/dist/libarchive/archive_read_support_format_tar.c Tue Jul 28 17:48:34 2015 (r285970) @@ -585,13 +585,23 @@ static int archive_read_format_tar_skip(struct archive_read *a) { int64_t bytes_skipped; + int64_t request; + struct sparse_block *p; struct tar* tar; tar = (struct tar *)(a->format->data); - bytes_skipped = __archive_read_consume(a, - tar->entry_bytes_remaining + tar->entry_padding + - tar->entry_bytes_unconsumed); + /* Do not consume the hole of a sparse file. */ + request = 0; + for (p = tar->sparse_list; p != NULL; p = p->next) { + if (!p->hole) + request += p->remaining; + } + if (request > tar->entry_bytes_remaining) + request = tar->entry_bytes_remaining; + request += tar->entry_padding + tar->entry_bytes_unconsumed; + + bytes_skipped = __archive_read_consume(a, request); if (bytes_skipped < 0) return (ARCHIVE_FATAL); Modified: vendor/libarchive/dist/libarchive/test/CMakeLists.txt ============================================================================== --- vendor/libarchive/dist/libarchive/test/CMakeLists.txt Tue Jul 28 17:32:14 2015 (r285969) +++ vendor/libarchive/dist/libarchive/test/CMakeLists.txt Tue Jul 28 17:48:34 2015 (r285970) @@ -110,6 +110,7 @@ IF(ENABLE_TEST) test_read_format_gtar_gz.c test_read_format_gtar_lzma.c test_read_format_gtar_sparse.c + test_read_format_gtar_sparse_skip_entry.c test_read_format_iso_Z.c test_read_format_iso_multi_extent.c test_read_format_iso_xorriso.c Added: vendor/libarchive/dist/libarchive/test/test_read_format_gtar_sparse_skip_entry.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/libarchive/dist/libarchive/test/test_read_format_gtar_sparse_skip_entry.c Tue Jul 28 17:48:34 2015 (r285970) @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2014 Michihiro NAKAJIMA + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD"); + +/* + * To test skip a sparse file entry, this test does not read file data. + */ +DEFINE_TEST(test_read_format_gtar_sparse_skip_entry) +{ + const char *refname = "test_read_format_gtar_sparse_skip_entry.tar.Z.uu"; + struct archive *a; + struct archive_entry *ae; + const void *p; + size_t s; + int64_t o; + + copy_reference_file(refname); + assert((a = archive_read_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_filename(a, refname, 10240)); + + /* Verify regular first file. */ + assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); + assertEqualString("a", archive_entry_pathname(ae)); + assertEqualInt(10737418244, archive_entry_size(ae)); + assertEqualInt(archive_entry_is_encrypted(ae), 0); + assertEqualIntA(a, archive_read_has_encrypted_entries(a), + ARCHIVE_READ_FORMAT_ENCRYPTION_UNSUPPORTED); + + /* Verify regular second file. */ + assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); + assertEqualString("b", archive_entry_pathname(ae)); + assertEqualInt(4, archive_entry_size(ae)); + assertEqualInt(archive_entry_is_encrypted(ae), 0); + assertEqualIntA(a, archive_read_has_encrypted_entries(a), + ARCHIVE_READ_FORMAT_ENCRYPTION_UNSUPPORTED); + + + /* End of archive. */ + assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); + + /* Verify archive format. */ + assertEqualIntA(a, ARCHIVE_FILTER_COMPRESS, archive_filter_code(a, 0)); + assertEqualIntA(a, ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE, + archive_format(a)); + + /* Close the archive. */ + assertEqualInt(ARCHIVE_OK, archive_read_close(a)); + assertEqualInt(ARCHIVE_OK, archive_read_free(a)); + + + /* + * Read just one block of a sparse file and skip it. + */ + assert((a = archive_read_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_filename(a, refname, 10240)); + + /* Verify regular first file. */ + assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); + assertEqualString("a", archive_entry_pathname(ae)); + assertEqualInt(10737418244, archive_entry_size(ae)); + assertEqualInt(archive_entry_is_encrypted(ae), 0); + assertEqualIntA(a, archive_read_has_encrypted_entries(a), + ARCHIVE_READ_FORMAT_ENCRYPTION_UNSUPPORTED); + assertEqualInt(0, archive_read_data_block(a, &p, &s, &o)); + assertEqualInt(4096, s); + assertEqualInt(0, o); + + + /* Verify regular second file. */ + assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); + assertEqualString("b", archive_entry_pathname(ae)); + assertEqualInt(4, archive_entry_size(ae)); + assertEqualInt(archive_entry_is_encrypted(ae), 0); + assertEqualIntA(a, archive_read_has_encrypted_entries(a), + ARCHIVE_READ_FORMAT_ENCRYPTION_UNSUPPORTED); + + + /* End of archive. */ + assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); + + /* Verify archive format. */ + assertEqualIntA(a, ARCHIVE_FILTER_COMPRESS, archive_filter_code(a, 0)); + assertEqualIntA(a, ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE, + archive_format(a)); + + /* Close the archive. */ + assertEqualInt(ARCHIVE_OK, archive_read_close(a)); + assertEqualInt(ARCHIVE_OK, archive_read_free(a)); +} + Added: vendor/libarchive/dist/libarchive/test/test_read_format_gtar_sparse_skip_entry.tar.Z.uu ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/libarchive/dist/libarchive/test/test_read_format_gtar_sparse_skip_entry.tar.Z.uu Tue Jul 28 17:48:34 2015 (r285970) @@ -0,0 +1,15 @@ +begin 644 - +M'YV04,+@05(F#)DRBD:;,V!@T8-6)NE&'#10T<-#;>R(%CAEV28_3R9?LW\(P8-F[`<#%C +M)@T<->#6>`PBC.2^E07;J#'#Q>J-F5DJ<`GBB),J+N;`<3JGC(LV8=2\D<-V +M]DO;N'7S]MTFC9OA/6#,CE'[=N[=$V +M9]RY=212"9YD1EOO*&`DE!&*>645%9IY9589JGE +MEEQVZ>678(8IYIADEFGFF6BFJ>::;+;IYIMPQBGGG'36:>>=>.:IYYY\]NGG +MGX`&*NB@A!9JJ)YB](D@1PZ>U&B#*468484RT11###7<8!8(&-)4PX=^DN@4 +B5%*E6.J*746JTHN'2LFDDZW&*NNLM-9JZZVXYJKKKKR&!0`` +` +end From owner-svn-src-vendor@freebsd.org Fri Jul 31 07:03:17 2015 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 753B39AEC06; Fri, 31 Jul 2015 07:03:17 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 56D151893; Fri, 31 Jul 2015 07:03:17 +0000 (UTC) (envelope-from erwin@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6V73GUR075214; Fri, 31 Jul 2015 07:03:16 GMT (envelope-from erwin@FreeBSD.org) Received: (from erwin@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6V737aT075186; Fri, 31 Jul 2015 07:03:07 GMT (envelope-from erwin@FreeBSD.org) Message-Id: <201507310703.t6V737aT075186@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: erwin set sender to erwin@FreeBSD.org using -f From: Erwin Lansing Date: Fri, 31 Jul 2015 07:03:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r286108 - in vendor/bind9/dist: . doc/arm lib/dns lib/lwres/man X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jul 2015 07:03:17 -0000 Author: erwin Date: Fri Jul 31 07:03:06 2015 New Revision: 286108 URL: https://svnweb.freebsd.org/changeset/base/286108 Log: Vendor import of BIND 9.9.7-P2 Sponsored by: DK Hostmaster A/S Modified: vendor/bind9/dist/CHANGES vendor/bind9/dist/README vendor/bind9/dist/doc/arm/Bv9ARM.ch01.html vendor/bind9/dist/doc/arm/Bv9ARM.ch02.html vendor/bind9/dist/doc/arm/Bv9ARM.ch03.html vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html vendor/bind9/dist/doc/arm/Bv9ARM.ch05.html vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html vendor/bind9/dist/doc/arm/Bv9ARM.ch10.html vendor/bind9/dist/doc/arm/Bv9ARM.ch11.html vendor/bind9/dist/doc/arm/Bv9ARM.ch12.html vendor/bind9/dist/doc/arm/Bv9ARM.ch13.html vendor/bind9/dist/doc/arm/Bv9ARM.html vendor/bind9/dist/doc/arm/Bv9ARM.pdf vendor/bind9/dist/doc/arm/man.arpaname.html vendor/bind9/dist/doc/arm/man.ddns-confgen.html vendor/bind9/dist/doc/arm/man.dig.html vendor/bind9/dist/doc/arm/man.dnssec-checkds.html vendor/bind9/dist/doc/arm/man.dnssec-coverage.html vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html vendor/bind9/dist/doc/arm/man.dnssec-keygen.html vendor/bind9/dist/doc/arm/man.dnssec-revoke.html vendor/bind9/dist/doc/arm/man.dnssec-settime.html vendor/bind9/dist/doc/arm/man.dnssec-signzone.html vendor/bind9/dist/doc/arm/man.dnssec-verify.html vendor/bind9/dist/doc/arm/man.genrandom.html vendor/bind9/dist/doc/arm/man.host.html vendor/bind9/dist/doc/arm/man.isc-hmac-fixup.html vendor/bind9/dist/doc/arm/man.named-checkconf.html vendor/bind9/dist/doc/arm/man.named-checkzone.html vendor/bind9/dist/doc/arm/man.named-journalprint.html vendor/bind9/dist/doc/arm/man.named.html vendor/bind9/dist/doc/arm/man.nsec3hash.html vendor/bind9/dist/doc/arm/man.nsupdate.html vendor/bind9/dist/doc/arm/man.rndc-confgen.html vendor/bind9/dist/doc/arm/man.rndc.conf.html vendor/bind9/dist/doc/arm/man.rndc.html vendor/bind9/dist/doc/arm/notes.html vendor/bind9/dist/doc/arm/notes.pdf vendor/bind9/dist/doc/arm/notes.xml vendor/bind9/dist/lib/dns/api vendor/bind9/dist/lib/dns/tkey.c vendor/bind9/dist/lib/dns/validator.c vendor/bind9/dist/lib/lwres/man/lwres.html vendor/bind9/dist/lib/lwres/man/lwres_buffer.html vendor/bind9/dist/lib/lwres/man/lwres_config.html vendor/bind9/dist/lib/lwres/man/lwres_context.html vendor/bind9/dist/lib/lwres/man/lwres_gabn.html vendor/bind9/dist/lib/lwres/man/lwres_gai_strerror.html vendor/bind9/dist/lib/lwres/man/lwres_getaddrinfo.html vendor/bind9/dist/lib/lwres/man/lwres_gethostent.html vendor/bind9/dist/lib/lwres/man/lwres_getipnode.html vendor/bind9/dist/lib/lwres/man/lwres_getnameinfo.html vendor/bind9/dist/lib/lwres/man/lwres_getrrsetbyname.html vendor/bind9/dist/lib/lwres/man/lwres_gnba.html vendor/bind9/dist/lib/lwres/man/lwres_hstrerror.html vendor/bind9/dist/lib/lwres/man/lwres_inetntop.html vendor/bind9/dist/lib/lwres/man/lwres_noop.html vendor/bind9/dist/lib/lwres/man/lwres_packet.html vendor/bind9/dist/lib/lwres/man/lwres_resutil.html vendor/bind9/dist/version Modified: vendor/bind9/dist/CHANGES ============================================================================== --- vendor/bind9/dist/CHANGES Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/CHANGES Fri Jul 31 07:03:06 2015 (r286108) @@ -1,3 +1,14 @@ + --- 9.9.7-P2 released --- + +4165. [security] A failure to reset a value to NULL in tkey.c could + result in an assertion failure. (CVE-2015-5477) + [RT #40046] + + --- 9.9.7-P1 released --- + +4138. [bug] An uninitialized value in validator.c could result + in an assertion failure. (CVE-2015-4620) [RT #39795] + --- 9.9.7 released --- --- 9.9.7rc2 released --- @@ -8380,7 +8391,7 @@ on the responses. [RT #2454] 1208. [bug] dns_master_load*() failed to log a error message if - an error was detected when parsing the ownername of + an error was detected when parsing the owner name of a record. [RT #2448] 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with Modified: vendor/bind9/dist/README ============================================================================== --- vendor/bind9/dist/README Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/README Fri Jul 31 07:03:06 2015 (r286108) @@ -51,6 +51,15 @@ BIND 9 For up-to-date release notes and errata, see http://www.isc.org/software/bind9/releasenotes +BIND 9.9.7-P2 + + BIND 9.9.7-P1 is a security release addressing the flaw + described in CVE-2015-5477. + +BIND 9.9.7-P1 + + BIND 9.9.7-P1 is a security release addressing the flaw + described in CVE-2015-4620. BIND 9.9.7 Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch01.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch01.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch01.html Fri Jul 31 07:03:06 2015 (r286108) @@ -556,6 +556,6 @@ -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch02.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch02.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch02.html Fri Jul 31 07:03:06 2015 (r286108) @@ -154,6 +154,6 @@ -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch03.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch03.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch03.html Fri Jul 31 07:03:06 2015 (r286108) @@ -665,6 +665,6 @@ controls { -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html Fri Jul 31 07:03:06 2015 (r286108) @@ -1935,6 +1935,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch05.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch05.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch05.html Fri Jul 31 07:03:06 2015 (r286108) @@ -139,6 +139,6 @@ -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html Fri Jul 31 07:03:06 2015 (r286108) @@ -11642,6 +11642,6 @@ HOST-127.EXAMPLE. MX 0 . -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html Fri Jul 31 07:03:06 2015 (r286108) @@ -247,6 +247,6 @@ zone "example.com" { -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html Fri Jul 31 07:03:06 2015 (r286108) @@ -135,6 +135,6 @@ -

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html Fri Jul 31 07:03:06 2015 (r286108) @@ -45,7 +45,7 @@

Table of Contents

-
Release Notes for BIND Version 9.9.7
+
Release Notes for BIND Version 9.9.7-P2
Introduction
Download
@@ -60,13 +60,18 @@

-Release Notes for BIND Version 9.9.7

+Release Notes for BIND Version 9.9.7-P2

Introduction

- This document summarizes changes since the last production release - of BIND on the corresponding major release branch. + This document summarizes changes since BIND 9.9.7. +

+

+ BIND 9.9.7-P2 addresses a security issue described in CVE-2015-5477. +

+

+ BIND 9.9.7-P1 addresses a security issue described in CVE-2015-4620.

@@ -86,42 +91,23 @@

  • - On servers configured to perform DNSSEC validation using - managed trust anchors (i.e., keys configured explicitly - via managed-keys, or implicitly - via dnssec-validation auto; or - dnssec-lookaside auto;), revoking - a trust anchor and sending a new untrusted replacement - could cause named to crash with an - assertion failure. This could occur in the event of a - botched key rollover, or potentially as a result of a - deliberate attack if the attacker was in position to - monitor the victim's DNS traffic. + A specially crafted query could trigger an assertion failure + in message.c.

    - This flaw was discovered by Jan-Piet Mens, and is - disclosed in CVE-2015-1349. [RT #38344] + This flaw was discovered by Jonathan Foote, and is disclosed + in CVE-2015-5477. [RT #39795]

  • - A flaw in delegation handling could be exploited to put - named into an infinite loop, in which - each lookup of a name server triggered additional lookups - of more name servers. This has been addressed by placing - limits on the number of levels of recursion - named will allow (default 7), and - on the number of queries that it will send before - terminating a recursive query (default 50). -

    -

    - The recursion depth limit is configured via the - max-recursion-depth option, and the query limit - via the max-recursion-queries option. + On servers configured to perform DNSSEC validation, an + assertion failure could be triggered on answers from + a specially configured server.

    - The flaw was discovered by Florian Maury of ANSSI, and is - disclosed in CVE-2014-8500. [RT #37580] + This flaw was discovered by Breno Silveira Soares, and is + disclosed in CVE-2015-4620. [RT #39795]

@@ -134,143 +120,12 @@

Feature Changes

-
    -

  • - NXDOMAIN responses to queries of type DS are now cached separately - from those for other types. This helps when using "grafted" zones - of type forward, for which the parent zone does not contain a - delegation, such as local top-level domains. Previously a query - of type DS for such a zone could cause the zone apex to be cached - as NXDOMAIN, blocking all subsequent queries. (Note: This - change is only helpful when DNSSEC validation is not enabled. - "Grafted" zones without a delegation in the parent are not a - recommended configuration.) -

    • -

  • - NOTIFY messages that are sent because a zone has been updated - are now given priority above NOTIFY messages that were scheduled - when the server started up. This should mitigate delays in zone - propagation when servers are restarted frequently. -

    • -

  • - Errors reported when running rndc addzone - (e.g., when a zone file cannot be loaded) have been clarified - to make it easier to diagnose problems. -

    • -

  • - Added support for OPENPGPKEY type. -

    • -

  • - When encountering an authoritative name server whose name is - an alias pointing to another name, the resolver treats - this as an error and skips to the next server. Previously - this happened silently; now the error will be logged to - the newly-created "cname" log category. -

    • -

  • - If named is not configured to validate the answer then - allow fallback to plain DNS on timeout even when we know - the server supports EDNS. This will allow the server to - potentially resolve signed queries when TCP is being - blocked. -

    • -
+

  • None

Bug Fixes

-
    -

  • - dig, host and - nslookup aborted when encountering - a name which, after appending search list elements, - exceeded 255 bytes. Such names are now skipped, but - processing of other names will continue. [RT #36892] -

    • -

  • - The error message generated when - named-checkzone or - named-checkconf -z encounters a - $TTL directive without a value has - been clarified. [RT #37138] -

    • -

  • - Semicolon characters (;) included in TXT records were - incorrectly escaped with a backslash when the record was - displayed as text. This is actually only necessary when there - are no quotation marks. [RT #37159] -

    • -

  • - When files opened for writing by named, - such as zone journal files, were referenced more than once - in named.conf, it could lead to file - corruption as multiple threads wrote to the same file. This - is now detected when loading named.conf - and reported as an error. [RT #37172] -

    • -

  • - dnssec-keygen -S failed to generate successor - keys for some algorithm types (including ECDSA and GOST) due to - a difference in the content of private key files. This has been - corrected. [RT #37183] -

    • -

  • - UPDATE messages that arrived too soon after - an rndc thaw could be lost. [RT #37233] -

    • -

  • - Forwarding of UPDATE messages did not work when they were - signed with SIG(0); they resulted in a BADSIG response code. - [RT #37216] -

    • -

  • - When checking for updates to trust anchors listed in - managed-keys, named - now revalidates keys based on the current set of - active trust anchors, without relying on any cached - record of previous validation. [RT #37506] -

    • -

  • - When NXDOMAIN redirection is in use, queries for a name - that is present in the redirection zone but a type that - is not present will now return NOERROR instead of NXDOMAIN. -

    • -

  • - When a zone contained a delegation to an IPv6 name server - but not an IPv4 name server, it was possible for a memory - reference to be left un-freed. This caused an assertion - failure on server shutdown, but was otherwise harmless. - [RT #37796] -

    • -

  • - Due to an inadvertent removal of code in the previous - release, when named encountered an - authoritative name server which dropped all EDNS queries, - it did not always try plain DNS. This has been corrected. - [RT #37965] -

    • -

  • - A regression caused nsupdate to use the default recursive servers - rather than the SOA MNAME server when sending the UPDATE. -

    • -

  • - Adjusted max-recursion-queries to better accommodate empty - caches. -

    • -

  • - Built-in "empty" zones did not correctly inherit the - "allow-transfer" ACL from the options or view. [RT #38310] -

    • -

  • - A mutex leak was fixed that could cause named - processes to grow to very large sizes. [RT #38454] -

    • -

  • - Fixed some bugs in RFC 5011 trust anchor management, - including a memory leak and a possible loss of state - information.[RT #38458] -

    • -
+

  • None

@@ -310,6 +165,6 @@

-

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch10.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch10.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch10.html Fri Jul 31 07:03:06 2015 (r286108) @@ -163,6 +163,6 @@
-

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch11.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch11.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch11.html Fri Jul 31 07:03:06 2015 (r286108) @@ -514,6 +514,6 @@
-

BIND 9.9.7 (Extended Support Version)

+

BIND 9.9.7-P2 (Extended Support Version)

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch12.html ============================================================================== --- vendor/bind9/dist/doc/arm/Bv9ARM.ch12.html Fri Jul 31 04:50:47 2015 (r286107) +++ vendor/bind9/dist/doc/arm/Bv9ARM.ch12.html Fri Jul 31 07:03:06 2015 (r286108) @@ -47,13 +47,13 @@
BIND 9 DNS Library Support
-
Prerequisite
-
Compilation
-
Installation
-
Known Defects/Restrictions
-
The dns.conf File
-
Sample Applications
-
Library References
+
Prerequisite
+
Compilation
+
Installation
+
Known Defects/Restrictions
+
The dns.conf File
+
Sample Applications
+
Library References
@@ -89,7 +89,7 @@

-Prerequisite

+Prerequisite

GNU make is required to build the export libraries (other part of BIND 9 can still be built with other types of make). In the reminder of this document, "make" means GNU make. Note that @@ -98,7 +98,7 @@

-Compilation

+Compilation
 $ ./configure --enable-exportlib [other flags]
 $ make
@@ -113,7 +113,7 @@ $ make
 

 

-Installation

+Installation

 
 $ cd lib/export
 $ make install
@@ -135,7 +135,7 @@ $ make i
 
 

 

-Known Defects/Restrictions

+Known Defects/Restrictions

 
    
 
  • Currently, win32 is not supported for the export
       library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ make
 
    
 
    
-The dns.conf File
    
+The dns.conf File

 
The IRS library supports an "advanced" configuration file
   related to the DNS library for configuration parameters that
   would be beyond the capability of the
@@ -193,14 +193,14 @@ $ make
 

 

-Sample Applications

+Sample Applications

 
Some sample application programs using this API are
   provided for reference. The following is a brief description of
   these applications.
   

 

 

-sample: a simple stub resolver utility

+sample: a simple stub resolver utility

 

   It sends a query of a given name (of a given optional RR type) to a
   specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $ make
 

 

-sample-async: a simple stub resolver, working asynchronously

+sample-async: a simple stub resolver, working asynchronously

 

   Similar to "sample", but accepts a list
   of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $ make
 

 

-sample-request: a simple DNS transaction client

+sample-request: a simple DNS transaction client

 

   It sends a query to a specified server, and
   prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $ make
 

 

-sample-gai: getaddrinfo() and getnameinfo() test code

+sample-gai: getaddrinfo() and getnameinfo() test code

 

   This is a test program
   to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $ make
 

 

-sample-update: a simple dynamic update client program

+sample-update: a simple dynamic update client program

 

   It accepts a single update command as a
   command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $ sample
 
 

 

-nsprobe: domain/name server checker in terms of RFC 4074

+nsprobe: domain/name server checker in terms of RFC 4074

 

   It checks a set
   of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ sample
 
 

 

-Library References

+Library References

 
As of this writing, there is no formal "manual" of the
   libraries, except this document, header files (some of them
   provide pretty detailed explanations), and sample application
@@ -540,6 +540,6 @@ $ sample
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.ch13.html
==============================================================================
--- vendor/bind9/dist/doc/arm/Bv9ARM.ch13.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/Bv9ARM.ch13.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -140,6 +140,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.html
==============================================================================
--- vendor/bind9/dist/doc/arm/Bv9ARM.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/Bv9ARM.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -41,7 +41,7 @@
 

 

 BIND 9 Administrator Reference Manual

-
BIND Version 9.9.7

+
BIND Version 9.9.7-P2

 
Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")

 
Copyright © 2000-2003 Internet Software Consortium.

 

@@ -234,7 +234,7 @@
 
 
A. Release Notes

 

-
Release Notes for BIND Version 9.9.7

+
Release Notes for BIND Version 9.9.7-P2

 

 
Introduction

 
Download

@@ -262,13 +262,13 @@
 

 
BIND 9 DNS Library Support

 

-
Prerequisite

-
Compilation

-
Installation

-
Known Defects/Restrictions

-
The dns.conf File

-
Sample Applications

-
Library References

+
Prerequisite

+
Compilation

+
Installation

+
Known Defects/Restrictions

+
The dns.conf File

+
Sample Applications

+
Library References

 

 

 
I. Manual pages

@@ -365,6 +365,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/Bv9ARM.pdf
==============================================================================
Binary file (source and/or target). No diff available.

Modified: vendor/bind9/dist/doc/arm/man.arpaname.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.arpaname.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.arpaname.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -50,20 +50,20 @@
 
arpaname  {ipaddress ...}

 
 

-
DESCRIPTION

+
DESCRIPTION

 

       arpaname translates IP addresses (IPv4 and
       IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
     

 

 

-
SEE ALSO

+
SEE ALSO

 

       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -87,6 +87,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/man.ddns-confgen.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.ddns-confgen.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.ddns-confgen.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -50,7 +50,7 @@
 
ddns-confgen  [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name  |   -z zone ] [-q] [name]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
ddns-confgen
       generates a key for use by nsupdate
       and named.  It simplifies configuration
@@ -77,7 +77,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -144,7 +144,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
nsupdate(1),
       named.conf(5),
       named(8),
@@ -152,7 +152,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -176,6 +176,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/man.dig.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.dig.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.dig.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -99,7 +99,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -152,7 +152,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -260,7 +260,7 @@
     

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -618,7 +618,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -664,7 +664,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -678,14 +678,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -693,7 +693,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

@@ -716,6 +716,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc
 
 
 

-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/man.dnssec-checkds.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.dnssec-checkds.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.dnssec-checkds.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -51,7 +51,7 @@
 
dnssec-dsfromkey  [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-checkds
       verifies the correctness of Delegation Signer (DS) or DNSSEC
       Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f file

 

@@ -88,14 +88,14 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-dsfromkey(8),
       dnssec-keygen(8),
       dnssec-signzone(8),
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -118,6 +118,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/man.dnssec-coverage.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.dnssec-coverage.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.dnssec-coverage.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -50,7 +50,7 @@
 
dnssec-coverage  [-K directory] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [zone]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-coverage
       verifies that the DNSSEC keys for a given zone or a set of zones
       have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-f file

 

@@ -168,7 +168,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 

       dnssec-checkds(8),
       dnssec-dsfromkey(8),
@@ -177,7 +177,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -201,6 +201,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -52,14 +52,14 @@
 
dnssec-dsfromkey  [-h] [-V]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-1

 

@@ -144,7 +144,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -159,7 +159,7 @@
     

 

 

-
FILES

+
FILES

 

       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -173,13 +173,13 @@
     

 

 

-
CAVEAT

+
CAVEAT

 

       A keyfile error can give a "file not found" even if the file exists.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -189,7 +189,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -213,6 +213,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-i interval] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-S key] [-t type] [-v level] [-V] [-y] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       generates a key pair of files that referencing a key object stored
       in a cryptographic hardware service module (HSM).  The private key
@@ -66,7 +66,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -209,7 +209,7 @@
 

 

 

-
TIMING OPTIONS

+
TIMING OPTIONS

 

       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -281,7 +281,7 @@
 

 
 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -320,7 +320,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -328,7 +328,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

@@ -352,6 +352,6 @@
 
 
 
-
BIND 9.9.7 (Extended Support Version)

+
BIND 9.9.7-P2 (Extended Support Version)

 
 

Modified: vendor/bind9/dist/doc/arm/man.dnssec-keygen.html
==============================================================================
--- vendor/bind9/dist/doc/arm/man.dnssec-keygen.html	Fri Jul 31 04:50:47 2015	(r286107)
+++ vendor/bind9/dist/doc/arm/man.dnssec-keygen.html	Fri Jul 31 07:03:06 2015	(r286108)
@@ -50,7 +50,7 @@
 
dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v 
 level] [-V] [-z] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS


*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***

From owner-svn-src-vendor@freebsd.org  Fri Jul 31 07:04:35 2015
Return-Path: 
Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 524109AEC6E;
 Fri, 31 Jul 2015 07:04:35 +0000 (UTC)
 (envelope-from erwin@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0E2461B28;
 Fri, 31 Jul 2015 07:04:35 +0000 (UTC)
 (envelope-from erwin@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.70])
 by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6V74YLv075301;
 Fri, 31 Jul 2015 07:04:34 GMT (envelope-from erwin@FreeBSD.org)
Received: (from erwin@localhost)
 by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6V74YP8075300;
 Fri, 31 Jul 2015 07:04:34 GMT (envelope-from erwin@FreeBSD.org)
Message-Id: <201507310704.t6V74YP8075300@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: erwin set sender to
 erwin@FreeBSD.org using -f
From: Erwin Lansing 
Date: Fri, 31 Jul 2015 07:04:34 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-vendor@freebsd.org
Subject: svn commit: r286109 - vendor/bind9/9.9.7-P2
X-SVN-Group: vendor
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-vendor@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the vendor work area tree
 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
X-List-Received-Date: Fri, 31 Jul 2015 07:04:35 -0000

Author: erwin
Date: Fri Jul 31 07:04:33 2015
New Revision: 286109
URL: https://svnweb.freebsd.org/changeset/base/286109

Log:
  Tag the 9.9.7-P2 release
  
  Sponsored by:	DK Hostmaster A/S

Added:
     - copied from r286108, vendor/bind9/dist/
Directory Properties:
  vendor/bind9/9.9.7-P2/   (props changed)