Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Jul 2013 07:12:56 +0000 (UTC)
From:      Erwin Lansing <erwin@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r253592 - in vendor/bind9/dist: . bin bin/check bin/confgen bin/dig bin/dig/include/dig bin/dnssec bin/named bin/named/include/named bin/named/unix bin/nsupdate bin/rndc bin/tools doc/a...
Message-ID:  <201307240712.r6O7CuKL053097@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: erwin
Date: Wed Jul 24 07:12:55 2013
New Revision: 253592
URL: http://svnweb.freebsd.org/changeset/base/253592

Log:
  Vendor import of Bind 9.8.5-P1
  
  Approved by:	delphij (mentor)
  Sponsored by:	DK Hostmaster A/S

Added:
  vendor/bind9/dist/lib/dns/rdata/generic/eui48_108.c
  vendor/bind9/dist/lib/dns/rdata/generic/eui48_108.h
  vendor/bind9/dist/lib/dns/rdata/generic/eui64_109.c
  vendor/bind9/dist/lib/dns/rdata/generic/eui64_109.h
  vendor/bind9/dist/lib/dns/rdata/generic/l32_105.c
  vendor/bind9/dist/lib/dns/rdata/generic/l32_105.h
  vendor/bind9/dist/lib/dns/rdata/generic/l64_106.c
  vendor/bind9/dist/lib/dns/rdata/generic/l64_106.h
  vendor/bind9/dist/lib/dns/rdata/generic/lp_107.c
  vendor/bind9/dist/lib/dns/rdata/generic/lp_107.h
  vendor/bind9/dist/lib/dns/rdata/generic/nid_104.c
  vendor/bind9/dist/lib/dns/rdata/generic/nid_104.h
  vendor/bind9/dist/lib/dns/rdata/generic/uri_256.c
  vendor/bind9/dist/lib/dns/rdata/generic/uri_256.h
  vendor/bind9/dist/lib/isc/include/isc/regex.h
  vendor/bind9/dist/lib/isc/regex.c
  vendor/bind9/dist/libtool.m4/libtool.m4
  vendor/bind9/dist/libtool.m4/ltoptions.m4
  vendor/bind9/dist/libtool.m4/ltsugar.m4
  vendor/bind9/dist/libtool.m4/ltversion.m4
  vendor/bind9/dist/libtool.m4/lt~obsolete.m4
Replaced:
  vendor/bind9/dist/libtool.m4/
Modified:
  vendor/bind9/dist/CHANGES
  vendor/bind9/dist/COPYRIGHT
  vendor/bind9/dist/FAQ
  vendor/bind9/dist/FAQ.xml
  vendor/bind9/dist/Makefile.in
  vendor/bind9/dist/README
  vendor/bind9/dist/aclocal.m4
  vendor/bind9/dist/bin/Makefile.in
  vendor/bind9/dist/bin/check/check-tool.c
  vendor/bind9/dist/bin/check/named-checkconf.c
  vendor/bind9/dist/bin/check/named-checkzone.8
  vendor/bind9/dist/bin/check/named-checkzone.c
  vendor/bind9/dist/bin/check/named-checkzone.docbook
  vendor/bind9/dist/bin/check/named-checkzone.html
  vendor/bind9/dist/bin/confgen/keygen.c
  vendor/bind9/dist/bin/confgen/rndc-confgen.c
  vendor/bind9/dist/bin/dig/dig.1
  vendor/bind9/dist/bin/dig/dig.c
  vendor/bind9/dist/bin/dig/dig.docbook
  vendor/bind9/dist/bin/dig/dig.html
  vendor/bind9/dist/bin/dig/dighost.c
  vendor/bind9/dist/bin/dig/host.c
  vendor/bind9/dist/bin/dig/include/dig/dig.h
  vendor/bind9/dist/bin/dnssec/dnssec-keyfromlabel.c
  vendor/bind9/dist/bin/dnssec/dnssec-keygen.c
  vendor/bind9/dist/bin/dnssec/dnssec-revoke.c
  vendor/bind9/dist/bin/dnssec/dnssec-settime.c
  vendor/bind9/dist/bin/dnssec/dnssec-signzone.c
  vendor/bind9/dist/bin/named/Makefile.in
  vendor/bind9/dist/bin/named/client.c
  vendor/bind9/dist/bin/named/config.c
  vendor/bind9/dist/bin/named/control.c
  vendor/bind9/dist/bin/named/controlconf.c
  vendor/bind9/dist/bin/named/include/named/client.h
  vendor/bind9/dist/bin/named/include/named/globals.h
  vendor/bind9/dist/bin/named/include/named/server.h
  vendor/bind9/dist/bin/named/interfacemgr.c
  vendor/bind9/dist/bin/named/log.c
  vendor/bind9/dist/bin/named/logconf.c
  vendor/bind9/dist/bin/named/lwresd.c
  vendor/bind9/dist/bin/named/main.c
  vendor/bind9/dist/bin/named/named.conf.5
  vendor/bind9/dist/bin/named/named.conf.docbook
  vendor/bind9/dist/bin/named/named.conf.html
  vendor/bind9/dist/bin/named/query.c
  vendor/bind9/dist/bin/named/server.c
  vendor/bind9/dist/bin/named/statschannel.c
  vendor/bind9/dist/bin/named/tkeyconf.c
  vendor/bind9/dist/bin/named/tsigconf.c
  vendor/bind9/dist/bin/named/unix/dlz_dlopen_driver.c
  vendor/bind9/dist/bin/named/update.c
  vendor/bind9/dist/bin/named/xfrout.c
  vendor/bind9/dist/bin/named/zoneconf.c
  vendor/bind9/dist/bin/nsupdate/nsupdate.c
  vendor/bind9/dist/bin/rndc/rndc.c
  vendor/bind9/dist/bin/tools/genrandom.c
  vendor/bind9/dist/bin/tools/isc-hmac-fixup.8
  vendor/bind9/dist/bin/tools/isc-hmac-fixup.docbook
  vendor/bind9/dist/bin/tools/isc-hmac-fixup.html
  vendor/bind9/dist/config.h.in
  vendor/bind9/dist/config.threads.in
  vendor/bind9/dist/configure.in
  vendor/bind9/dist/doc/arm/Bv9ARM-book.xml
  vendor/bind9/dist/doc/arm/Bv9ARM.ch01.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch02.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch03.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch04.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch05.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch06.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch07.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch08.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch09.html
  vendor/bind9/dist/doc/arm/Bv9ARM.ch10.html
  vendor/bind9/dist/doc/arm/Bv9ARM.html
  vendor/bind9/dist/doc/arm/Bv9ARM.pdf
  vendor/bind9/dist/doc/arm/man.arpaname.html
  vendor/bind9/dist/doc/arm/man.ddns-confgen.html
  vendor/bind9/dist/doc/arm/man.dig.html
  vendor/bind9/dist/doc/arm/man.dnssec-dsfromkey.html
  vendor/bind9/dist/doc/arm/man.dnssec-keyfromlabel.html
  vendor/bind9/dist/doc/arm/man.dnssec-keygen.html
  vendor/bind9/dist/doc/arm/man.dnssec-revoke.html
  vendor/bind9/dist/doc/arm/man.dnssec-settime.html
  vendor/bind9/dist/doc/arm/man.dnssec-signzone.html
  vendor/bind9/dist/doc/arm/man.genrandom.html
  vendor/bind9/dist/doc/arm/man.host.html
  vendor/bind9/dist/doc/arm/man.isc-hmac-fixup.html
  vendor/bind9/dist/doc/arm/man.named-checkconf.html
  vendor/bind9/dist/doc/arm/man.named-checkzone.html
  vendor/bind9/dist/doc/arm/man.named-journalprint.html
  vendor/bind9/dist/doc/arm/man.named.html
  vendor/bind9/dist/doc/arm/man.nsec3hash.html
  vendor/bind9/dist/doc/arm/man.nsupdate.html
  vendor/bind9/dist/doc/arm/man.rndc-confgen.html
  vendor/bind9/dist/doc/arm/man.rndc.conf.html
  vendor/bind9/dist/doc/arm/man.rndc.html
  vendor/bind9/dist/doc/arm/pkcs11.xml
  vendor/bind9/dist/doc/misc/options
  vendor/bind9/dist/isc-config.sh.in
  vendor/bind9/dist/lib/Makefile.in
  vendor/bind9/dist/lib/bind9/Makefile.in
  vendor/bind9/dist/lib/bind9/api
  vendor/bind9/dist/lib/bind9/check.c
  vendor/bind9/dist/lib/dns/Makefile.in
  vendor/bind9/dist/lib/dns/acache.c
  vendor/bind9/dist/lib/dns/adb.c
  vendor/bind9/dist/lib/dns/api
  vendor/bind9/dist/lib/dns/cache.c
  vendor/bind9/dist/lib/dns/client.c
  vendor/bind9/dist/lib/dns/db.c
  vendor/bind9/dist/lib/dns/dispatch.c
  vendor/bind9/dist/lib/dns/dlz.c
  vendor/bind9/dist/lib/dns/dnssec.c
  vendor/bind9/dist/lib/dns/dst_api.c
  vendor/bind9/dist/lib/dns/dst_internal.h
  vendor/bind9/dist/lib/dns/dst_openssl.h
  vendor/bind9/dist/lib/dns/ecdb.c
  vendor/bind9/dist/lib/dns/gen.c
  vendor/bind9/dist/lib/dns/gssapictx.c
  vendor/bind9/dist/lib/dns/include/dns/acache.h
  vendor/bind9/dist/lib/dns/include/dns/db.h
  vendor/bind9/dist/lib/dns/include/dns/message.h
  vendor/bind9/dist/lib/dns/include/dns/name.h
  vendor/bind9/dist/lib/dns/include/dns/ncache.h
  vendor/bind9/dist/lib/dns/include/dns/nsec.h
  vendor/bind9/dist/lib/dns/include/dns/nsec3.h
  vendor/bind9/dist/lib/dns/include/dns/rdata.h
  vendor/bind9/dist/lib/dns/include/dns/result.h
  vendor/bind9/dist/lib/dns/include/dns/rpz.h
  vendor/bind9/dist/lib/dns/include/dns/types.h
  vendor/bind9/dist/lib/dns/include/dns/validator.h
  vendor/bind9/dist/lib/dns/include/dns/view.h
  vendor/bind9/dist/lib/dns/include/dns/zone.h
  vendor/bind9/dist/lib/dns/include/dst/dst.h
  vendor/bind9/dist/lib/dns/master.c
  vendor/bind9/dist/lib/dns/message.c
  vendor/bind9/dist/lib/dns/name.c
  vendor/bind9/dist/lib/dns/ncache.c
  vendor/bind9/dist/lib/dns/nsec.c
  vendor/bind9/dist/lib/dns/nsec3.c
  vendor/bind9/dist/lib/dns/openssl_link.c
  vendor/bind9/dist/lib/dns/openssldsa_link.c
  vendor/bind9/dist/lib/dns/opensslecdsa_link.c
  vendor/bind9/dist/lib/dns/opensslgost_link.c
  vendor/bind9/dist/lib/dns/opensslrsa_link.c
  vendor/bind9/dist/lib/dns/peer.c
  vendor/bind9/dist/lib/dns/rbt.c
  vendor/bind9/dist/lib/dns/rbtdb.c
  vendor/bind9/dist/lib/dns/rdata.c
  vendor/bind9/dist/lib/dns/rdata/any_255/tsig_250.c
  vendor/bind9/dist/lib/dns/rdata/generic/dlv_32769.c
  vendor/bind9/dist/lib/dns/rdata/generic/mx_15.c
  vendor/bind9/dist/lib/dns/rdata/generic/sshfp_44.c
  vendor/bind9/dist/lib/dns/rdata/generic/txt_16.c
  vendor/bind9/dist/lib/dns/rdata/in_1/naptr_35.c
  vendor/bind9/dist/lib/dns/rdata/in_1/nsap_22.c
  vendor/bind9/dist/lib/dns/request.c
  vendor/bind9/dist/lib/dns/resolver.c
  vendor/bind9/dist/lib/dns/result.c
  vendor/bind9/dist/lib/dns/rootns.c
  vendor/bind9/dist/lib/dns/rpz.c
  vendor/bind9/dist/lib/dns/sdb.c
  vendor/bind9/dist/lib/dns/sdlz.c
  vendor/bind9/dist/lib/dns/spnego.c
  vendor/bind9/dist/lib/dns/spnego_asn1.c
  vendor/bind9/dist/lib/dns/ssu.c
  vendor/bind9/dist/lib/dns/ssu_external.c
  vendor/bind9/dist/lib/dns/tkey.c
  vendor/bind9/dist/lib/dns/tsig.c
  vendor/bind9/dist/lib/dns/validator.c
  vendor/bind9/dist/lib/dns/view.c
  vendor/bind9/dist/lib/dns/xfrin.c
  vendor/bind9/dist/lib/dns/zone.c
  vendor/bind9/dist/lib/export/dns/Makefile.in
  vendor/bind9/dist/lib/export/irs/Makefile.in
  vendor/bind9/dist/lib/export/isc/Makefile.in
  vendor/bind9/dist/lib/export/isc/include/isc/Makefile.in
  vendor/bind9/dist/lib/export/isc/nls/Makefile.in
  vendor/bind9/dist/lib/export/isc/nothreads/Makefile.in
  vendor/bind9/dist/lib/export/isc/pthreads/Makefile.in
  vendor/bind9/dist/lib/export/isc/unix/Makefile.in
  vendor/bind9/dist/lib/export/isccfg/Makefile.in
  vendor/bind9/dist/lib/export/samples/Makefile.in
  vendor/bind9/dist/lib/export/samples/nsprobe.c
  vendor/bind9/dist/lib/export/samples/sample-async.c
  vendor/bind9/dist/lib/export/samples/sample-gai.c
  vendor/bind9/dist/lib/export/samples/sample-request.c
  vendor/bind9/dist/lib/export/samples/sample-update.c
  vendor/bind9/dist/lib/export/samples/sample.c
  vendor/bind9/dist/lib/irs/api
  vendor/bind9/dist/lib/irs/dnsconf.c
  vendor/bind9/dist/lib/irs/getaddrinfo.c
  vendor/bind9/dist/lib/irs/getnameinfo.c
  vendor/bind9/dist/lib/irs/resconf.c
  vendor/bind9/dist/lib/isc/Makefile.in
  vendor/bind9/dist/lib/isc/api
  vendor/bind9/dist/lib/isc/buffer.c
  vendor/bind9/dist/lib/isc/include/isc/Makefile.in
  vendor/bind9/dist/lib/isc/include/isc/buffer.h
  vendor/bind9/dist/lib/isc/include/isc/file.h
  vendor/bind9/dist/lib/isc/include/isc/list.h
  vendor/bind9/dist/lib/isc/include/isc/mem.h
  vendor/bind9/dist/lib/isc/include/isc/namespace.h
  vendor/bind9/dist/lib/isc/include/isc/region.h
  vendor/bind9/dist/lib/isc/include/isc/sockaddr.h
  vendor/bind9/dist/lib/isc/include/isc/socket.h
  vendor/bind9/dist/lib/isc/include/isc/task.h
  vendor/bind9/dist/lib/isc/include/isc/timer.h
  vendor/bind9/dist/lib/isc/inet_aton.c
  vendor/bind9/dist/lib/isc/mem.c
  vendor/bind9/dist/lib/isc/nothreads/Makefile.in
  vendor/bind9/dist/lib/isc/parseint.c
  vendor/bind9/dist/lib/isc/pthreads/thread.c
  vendor/bind9/dist/lib/isc/ratelimiter.c
  vendor/bind9/dist/lib/isc/sockaddr.c
  vendor/bind9/dist/lib/isc/sparc64/include/isc/atomic.h
  vendor/bind9/dist/lib/isc/symtab.c
  vendor/bind9/dist/lib/isc/task.c
  vendor/bind9/dist/lib/isc/taskpool.c
  vendor/bind9/dist/lib/isc/timer.c
  vendor/bind9/dist/lib/isc/timer_api.c
  vendor/bind9/dist/lib/isc/unix/entropy.c
  vendor/bind9/dist/lib/isc/unix/file.c
  vendor/bind9/dist/lib/isc/unix/include/isc/time.h
  vendor/bind9/dist/lib/isc/unix/net.c
  vendor/bind9/dist/lib/isc/unix/socket.c
  vendor/bind9/dist/lib/isc/unix/time.c
  vendor/bind9/dist/lib/isccc/api
  vendor/bind9/dist/lib/isccc/cc.c
  vendor/bind9/dist/lib/isccfg/Makefile.in
  vendor/bind9/dist/lib/isccfg/aclconf.c
  vendor/bind9/dist/lib/isccfg/api
  vendor/bind9/dist/lib/isccfg/include/isccfg/cfg.h
  vendor/bind9/dist/lib/isccfg/namedconf.c
  vendor/bind9/dist/lib/isccfg/parser.c
  vendor/bind9/dist/lib/lwres/api
  vendor/bind9/dist/lib/lwres/context.c
  vendor/bind9/dist/lib/lwres/getaddrinfo.c
  vendor/bind9/dist/lib/lwres/getipnode.c
  vendor/bind9/dist/lib/lwres/getnameinfo.c
  vendor/bind9/dist/lib/lwres/getrrset.c
  vendor/bind9/dist/lib/lwres/lwinetaton.c
  vendor/bind9/dist/lib/lwres/print.c
  vendor/bind9/dist/ltmain.sh
  vendor/bind9/dist/make/rules.in
  vendor/bind9/dist/version

Modified: vendor/bind9/dist/CHANGES
==============================================================================
--- vendor/bind9/dist/CHANGES	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/CHANGES	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,20 +1,386 @@
-	--- 9.8.4-P2 released ---
+	--- 9.8.5-P1 released ---
 
-3516.	[security]	Removed the check for regex.h in configure in order
-			to disable regex syntax checking, as it exposes
-			BIND to a critical flaw in libregex on some
-			platforms. [RT #32688]
+3584.	[security]	Caching data from an incompletely signed zone could
+			trigger an assertion failure in resolver.c [RT #33690]
 
-	--- 9.8.4-P1 released ---
+	--- 9.8.5 released ---
 
-3407.	[security]	Named could die on specific queries with dns64 enabled.
-			[Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
+3568.	[cleanup]	Add a product description line to the version file,
+			to be reported by named -v/-V. [RT #33366]
 
-	--- 9.8.4 released ---
+3567.	[bug]		Silence clang static analyzer warnings. [RT #33365]
+
+3563.	[contrib]	zone2sqlite failed with some table names. [RT #33375]
+
+3561.	[bug]		dig: issue a warning if an EDNS query returns FORMERR
+			or NOTIMP.  Adjust usage message. [RT #33363]
+
+	--- 9.8.5rc1 released ---
+
+3560.	[bug]		isc-config.sh did not honor includedir and libdir
+			when set via configure. [RT #33345]
+
+3559.	[func]		Check that both forms of Sender Policy Framework
+			records exist or do not exist. [RT #33355]
+
+3558.	[bug]		IXFR of a DLZ stored zone was broken. [RT #33331]
+
+3556.	[maint]		Added AAAA for D.ROOT-SERVERS.NET.
+
+3555.	[bug]		Address theoretical race conditions in acache.c
+			(change #3553 was incomplete). [RT #33252]
+
+3553.	[bug]		Address suspected double free in acache. [RT #33252]
+
+3552.	[bug]		Wrong getopt option string for 'nsupdate -r'.
+			[RT #33280]
+
+3549.	[doc]		Documentation for "request-nsid" was missing.
+			[RT #33153]
+
+3548.	[bug]		The NSID request code in resolver.c was broken
+			resulting in invalid EDNS options being sent.
+			[RT #33153]
+
+3547.	[bug]		Some malformed unknown rdata records were not properly
+			detected and rejected. [RT #33129]
+
+3056.	[func]		Added support for URI resource record. [RT #23386]
+
+	--- 9.8.5rc1 released ---
+
+3546.	[func]		Add EUI48 and EUI64 types. [RT #33082]
+
+3544.	[contrib]	check5011.pl: Script to report the status of
+			managed keys as recorded in managed-keys.bind.
+			Contributed by Tony Finch <dot@dotat.at>
+
+3543.	[bug]		Update socket structure before attaching to socket
+			manager after accept. [RT #33084]
+
+3542.	[bug]		masterformat system test was broken. [RT #33086]
+
+3541.	[bug]		Parts of libdns were not properly initialized when
+			built in libexport mode. [RT #33028]
+
+3540.	[test]		libt_api: t_info and t_assert were not thread safe.
+
+3539.	[port]		win32: timestamp format didn't match other platforms.
+
+3538.	[test]		Running "make test" now requires loopback interfaces
+			to be set up. [RT #32452]
+
+3537.	[tuning]	Slave zones, when updated, now send NOTIFY messages
+			to peers before being dumped to disk rather than
+			after. [RT #27242]
+
+3535.	[bug]		Minor win32 cleanups. [RT #32962]
+
+3534.	[bug]		Extra text after an embedded NULL was ignored when
+			parsing zone files. [RT #32699]
+
+3533.	[contrib]	query-loc-0.4.0: memory leaks. [RT #32960]
+
+3532.	[contrib]	zkt: fixed buffer overrun, resource leaks. [RT #32960]
+
+3531.	[bug]		win32: A uninitialized value could be returned on out
+			of memory. [RT #32960]
+
+3530.	[contrib]	Better RTT tracking in queryperf. [RT #30128]
+
+3526.	[cleanup]	Set up dependencies for unit tests correctly during
+			build. [RT #32803]
+
+3521.	[bug]		Address memory leak in opensslecdsa_link.c. [RT #32249]
+
+3520.	[bug]		'mctx' was not being referenced counted in some places
+			where it should have been.  [RT #32794]
+
+	--- 9.8.5b2 released ---
+
+3517.	[bug]		Reorder destruction to avoid shutdown race. [RT #32777]
+
+3515.	[port]		'%T' is not portable in strftime(). [RT #32763]
+
+3514.	[bug]		The ranges for valid key sizes in ddns-confgen and
+			rndc-confgen were too constrained. Keys up to 512
+			bits are now allowed for most algorithms, and up
+			to 1024 bits for hmac-sha384 and hmac-sha512.
+			[RT #32753]
+
+3509.	[cleanup]	Added a product line to version file to allow for
+			easy naming of different products (BIND
+			vs BIND ESV, for example). [RT #32755]
+
+3508.	[contrib]	queryperf was incorrectly rejecting the -T option.
+			[RT #32338]
+
+3503.	[doc]		Clarify size_spec syntax. [RT #32449]
+
+3500.	[security]	Support NAPTR regular expression validation on
+			all platforms without using libregex, which
+			can be vulnerable to memory exhaustion attack
+			(CVE-2013-2266). [RT #32688]
+
+3499.	[doc]		Corrected ARM documentation of built-in zones.
+			[RT #32694]
+
+3498.	[bug]		zone statistics for zones which matched a potential
+			empty zone could have their zone-statistics setting
+			overridden.
+
+3496.	[func]		Improvements to RPZ performance. The "response-policy"
+			syntax now includes a "min-ns-dots" clause, with
+			default 1, to exclude top-level domains from
+			NSIP and NSDNAME checking. --enable-rpz-nsip and
+			--enable-rpz-nsdname are now the default. [RT #32251]
+
+3489.	[bug]		--enable-developer now turns on ISC_LIST_CHECKINIT.
+			When cloning a rdataset do not copy the link contents.
+			[RT #32651]
+
+3488.	[bug]		Use after free error with DH generated keys. [RT #32649]
+
+3487.	[bug]		Change 3444 was not complete.  There was a additional
+			place where the NOQNAME proof needed to be saved.
+			[RT #32629]
+
+3486.	[bug]		named could crash when using TKEY-negotiated keys
+			that had been deleted and then recreated. [RT #32506]
+
+3485.	[cleanup]	Only compile openssl_gostlink.c if we support GOST.
+
+3481.	[cleanup]	Removed use of const const in atf.
+
+3479.	[bug]		Address potential memory leaks in gssapi support
+			code. [RT #32405]
+
+3478.	[port]		Fix a build failure in strict C99 environments
+			[RT #32475]
+
+3474.	[bug]		nsupdate could assert when the local and remote
+			address families didn't match. [RT #22897]
+
+3470.	[bug]		Slave zones could fail to dump when successfully
+			refreshing after an initial failure. [RT #31276]
+
+	--- 9.8.5b1 released ---
+
+3468.	[security]	RPZ rules to generate A records (but not AAAA records)
+			could trigger an assertion failure when used in
+			conjunction with DNS64 (CVE-2012-5689). [RT #32141]
+
+3467.	[bug]		Added checks in dnssec-keygen and dnssec-settime
+			to check for delete date < inactive date. [RT #31719]
+
+3465.	[bug]		Handle isolated reserved ports. [RT #31778]
+
+3464.	[maint]		Updates to PKCS#11 openssl patches, supporting
+			versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
+
+3463.	[doc]		Clarify managed-keys syntax in ARM. [RT #32232]
+
+3462.	[doc]		Clarify server selection behavior of dig when using
+			-4 or -6 options. [RT #32181]
+
+3461.	[bug]		Negative responses could incorrectly have AD=1
+			set. [RT #32237]
+
+3458.	[bug]		Return FORMERR when presented with a overly long
+			domain named in a request. [RT #29682]
+
+3457.	[protocol]	Add ILNP records (NID, LP, L32, L64). [RT #31836]
+
+3456.	[port]		g++47: ATF failed to compile. [RT #32012]
+
+3455.	[contrib]	queryperf: fix getopt option list. [RT #32338]
+
+3454.	[port]		sparc64: improve atomic support. [RT #25182]
+
+3452.	[bug]		Accept duplicate singleton records. [RT #32329]
+
+3451.	[port]		Increase per thread stack size from 64K to 1M.
+			[RT #32230]
+
+3450.	[bug]		Stop logfileconfig system test spam system logs.
+			[RT #32315]
+
+3449.	[bug]		gen.c: use the pre-processor to construct format
+			strings so that compiler can perform sanity checks;
+			check the snprintf results. [RT #17576]
+
+3448.	[bug]		The allow-query-on ACL was not processed correctly.
+			[RT #29486]
+
+3447.	[port]		Add support for libxml2-2.9.x [RT #32231]
+
+3446.	[port]		win32: Add source ID (see change #3400) to build.
+			[RT #31683]
+
+3445.	[bug]		Warn about zone files with blank owner names
+			immediately after $ORIGIN directives. [RT #31848]
+
+3444.	[bug]		The NOQNAME proof was not being returned from cached
+			insecure responses. [RT #21409]
+
+3443.	[bug]		ddns-confgen: Some TSIG algorithms were incorrectly
+			rejected when generating keys. [RT #31927]
+
+3442.	[port]		Net::DNS 0.69 introduced a non backwards compatible
+			change. [RT #32216]
+
+3441.	[maint]		D.ROOT-SERVERS.NET is now 199.7.91.13.
+
+3440.	[bug]		Reorder get_key_struct to not trigger a assertion when
+			cleaning up due to out of memory error. [RT #32131]
+
+3439.	[bug]		contrib/dlz error checking fixes. [RT #32102]
+
+3438.	[bug]		Don't accept unknown data escape in quotes. [RT #32031]
+
+3437.	[bug]		isc_buffer_init -> isc_buffer_constinit to initialize
+			buffers with constant data. [RT #32064]
+
+3436.	[bug]		Check malloc/calloc return values. [RT #32088]
+
+3435.	[bug]		Cross compilation support in configure was broken.
+			[RT #32078]
+
+3431.	[bug]		ddns-confgen: Some valid key algorithms were
+			not accepted. [RT #31927]
+
+3430.	[bug]		win32: isc_time_formatISO8601 was missing the
+			'T' between the date and time. [RT #32044]
+
+3429.	[bug]		dns_zone_getserial2 could a return success without
+			returning a valid serial. [RT #32007]
+
+3428.	[cleanup]	dig: Add timezone to date output. [RT #2269]
+
+3427.	[bug]		dig +trace incorrectly displayed name server
+			addresses instead of names. [RT #31641]
+
+3425.	[bug]		"acacheentry" reference counting was broken resulting
+			in use after free. [RT #31908]
+
+3422.	[bug]		Added a clear error message for when the SOA does not
+			match the referral. [RT #31281]
+
+3421.	[bug]		Named loops when re-signing if all keys are offline.
+			[RT #31916]
+
+3420.	[bug]		Address VPATH compilation issues. [RT #31879]
+
+3419.	[bug]		Memory leak on validation cancel. [RT #31869]
+
+3415.	[bug]		named could die with a REQUIRE failure if a validation
+			was canceled. [RT #31804]
+
+3412.	[bug]		Copy timeval structure from control message data.
+			[RT #31548]
+
+3411.	[tuning]	Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
+			to UDP. [RT #31690]
+
+3410.	[bug]		Addressed Coverity warnings. [RT #31626]
+
+3409.	[contrib]	contrib/dane/mkdane.sh: Tool to generate TLSA RR's
+			from X.509 certificates, for use with DANE
+			(DNS-based Authentication of Named Entities).
+			[RT #30513]
+
+3406.	[bug]		mem.c: Fix compilation errors when building with
+			ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
+			Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
+
+3405.	[bug]		Handle time going backwards in acache. [RT #31253]
+
+3404.	[bug]		dnssec-signzone: When re-signing a zone, remove
+			RRSIG and NSEC records from nodes that used to be
+			in-zone but are now below a zone cut. [RT #31556]
+
+3403.	[bug]		Silence noisy OpenSSL logging. [RT #31497]
+
+3402.	[test]		The IPv6 interface numbers used for system
+			tests were incorrect on some platforms. [RT #25085]
+
+3401.	[bug]		Addressed Coverity warnings. [RT #31484]
+
+3400.	[cleanup]	"named -V" can now report a source ID string, defined
+			in the "srcid" file in the build tree and normally set
+			to the most recent git hash.  [RT #31494]
+
+3397.	[bug]		dig crashed when using +nssearch with +tcp. [RT #25298]
+
+3396.	[bug]		OPT records were incorrectly removed from signed,
+			truncated responses. [RT #31439]
+
+3395.	[protocol]	Add RFC 6598 reverse zones to built in empty zones
+			list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
+			[RT #31336]
+
+3394.	[bug]		Adjust 'successfully validated after lower casing
+			signer' log level and category. [RT #31414]
+
+3393.	[bug]		'host -C' could core dump if REFUSED was received.
+			[RT #31381]
+
+3391.	[bug]		A DNSKEY lookup that encountered a CNAME failed.
+			[RT #31262]
+
+3390.	[bug]		Silence clang compiler warnings. [RT #30417]
+
+3389.	[bug]		Always return NOERROR (not 0) in TSIG. [RT #31275]
+
+3388.	[bug]		Fixed several Coverity warnings.
+			Note: This change includes a fix for a bug that
+			was subsequently determined to be an exploitable
+			security vulnerability, CVE-2012-5688: named could
+			die on specific queries with dns64 enabled.
+			[RT #30996]
+
+3386.	[bug]		Address locking violation when generating new NSEC /
+			NSEC3 chains. [RT #31224]
+
+3384.	[bug]		Improved logging of crypto errors. [RT #30963]
 
 3383.	[security]	A certain combination of records in the RBT could
-                        cause named to hang while populating the additional
-                        section of a response. [RT #31090]
+			cause named to hang while populating the additional
+			section of a response. [RT #31090]
+
+3382.	[bug]		SOA query from slave used use-v6-udp-ports range,
+			if set, regardless of the address family in use.
+			[RT #24173]
+
+3381.	[contrib]	Update queryperf to support more RR types.
+			[RT #30762]
+
+3380.	[bug]		named could die if a nonexistent master list was
+			referenced in a also-notify. [RT #31004]
+
+3379.	[bug]		isc_interval_zero and isc_time_epoch should be
+			"const (type)* const". [RT #31069]
+
+3378.	[bug]		Handle missing 'managed-keys-directory' better.
+			[RT #30625]
+
+3376.	[bug]		Lack of EDNS support was being recorded without a
+			successful response. [RT #30811]
+
+3375.	[func]		Check that 'rndc dumpdb' works on a empty cache.
+			[RT #30808]
+
+3374.	[bug]		isc_parse_uint32 failed to return a range error on
+			systems with 64 bit longs. [RT #30232]
+
+3372.	[bug]		Silence spurious "deleted from unreachable cache"
+			messages.  [RT #30501]
+
+3371.	[bug]		AD=1 should behave like DO=1 when deciding whether to
+			add NS RRsets to the additional section or not.
+			[RT #30479]
+
+	--- 9.8.4 released ---
 
 3373.	[bug]		win32: open raw files in binary mode. [RT #30944]
 
@@ -135,11 +501,11 @@
 	--- 9.8.3 released ---
 
 3318.	[tuning]	Reduce the amount of work performed while holding a
-			bucket lock when finshed with a fetch context.
+			bucket lock when finished with a fetch context.
 			[RT #29239]
 
-3314.	[bug]		The masters list could be updated while refesh_callback
-			and stub_callback were using it. [RT #26732]
+3314.	[bug]		The masters list could be updated while stub_callback
+			or refresh_callback were using it. [RT #26732]
 
 3313.	[protocol]	Add TLSA record type. [RT #28989]
 
@@ -151,7 +517,7 @@
 
 3310.	[test]		Increase table size for mutex profiling. [RT #28809]
 
-3309.	[bug]		resolver.c:fctx_finddone() was not threadsafe.
+3309.	[bug]		resolver.c:fctx_finddone() was not thread safe.
 			[RT #27995]
 
 3307.	[bug]		Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
@@ -328,7 +694,7 @@
 
 3234.	[bug]		'make depend' produced invalid makefiles. [RT #26830]
 
-3231.	[bug]		named could fail to send a uncompressable zone.
+3231.	[bug]		named could fail to send a incompressible zone.
 			[RT #26796]
 
 3230.	[bug]		'dig axfr' failed to properly handle a multi-message
@@ -345,7 +711,7 @@
 
 3226.	[bug]		Address minor resource leakages. [RT #26624]
 
-3221.	[bug]		Fixed a potential coredump on shutdown due to
+3221.	[bug]		Fixed a potential core dump on shutdown due to
 			referencing fetch context after it's been freed.
 			[RT #26720]
 
@@ -369,7 +735,7 @@
 
 3209.	[func]		Add "dnssec-lookaside 'no'".  [RT #24858]
 
-3208.	[bug]		'dig -y' handle unknown tsig alorithm better.
+3208.	[bug]		'dig -y' handle unknown tsig algorithm better.
 			[RT #25522]
 
 3207.	[contrib]	Fixed build error in Berkeley DB DLZ module. [RT #26444]
@@ -672,7 +1038,7 @@
 3077.	[bug]		zone.c:zone_refreshkeys() incorrectly called
 			dns_zone_attach(), use zone->irefs instead. [RT #23303]
 
-3075.	[bug]		dns_dnssec_findzonekeys{2} used a inconsistant
+3075.	[bug]		dns_dnssec_findzonekeys{2} used a inconsistent
 			timestamp when determining which keys are active.
 			[RT #23642]
 
@@ -686,7 +1052,7 @@
 3072.	[bug]		dns_dns64_aaaaok() potential NULL pointer dereference.
 			[RT #20256]
 
-3071.	[bug]		has_nsec could be used unintialised in
+3071.	[bug]		has_nsec could be used uninitialized in
 			update.c:next_active. [RT #20256]
 
 3070.	[bug]		dnssec-signzone potential NULL pointer dereference.
@@ -732,7 +1098,7 @@
 
 3052.	[test]		Fixed last autosign test report. [RT #23256]
 
-3051.	[bug]		NS records obsure DNAME records at the bottom of the
+3051.	[bug]		NS records obscure DNAME records at the bottom of the
 			zone if both are present. [RT #23035]
 
 3050.	[bug]		The autosign system test was timing dependent.
@@ -742,7 +1108,7 @@
 3049.	[bug]		Save and restore the gid when creating creating
 			named.pid at startup. [RT #23290]
 
-3048.	[bug]		Fully separate view key mangement. [RT #23419]
+3048.	[bug]		Fully separate view key management. [RT #23419]
 
 3047.	[bug]		DNSKEY NODATA responses not cached fixed in
 			validator.c. Tests added to dnssec system test.
@@ -1079,7 +1445,7 @@
 			no data response. [RT #21744]
 
 2952.	[port]		win32: named-checkzone and named-checkconf failed
-			to initialise winsock. [RT #21932]
+			to initialize winsock. [RT #21932]
 
 2951.	[bug]		named failed to generate a correct signed response
 			in a optout, delegation only zone with no secure
@@ -1125,7 +1491,7 @@
 			in use. [RT# 21868]
 
 2938.	[bug]		When generating signed responses, from a signed zone
-			that uses NSEC3, named would use a uninitialised
+			that uses NSEC3, named would use a uninitialized
 			pointer if it needed to skip a NSEC3 record because
 			it didn't match the selected NSEC3PARAM record for
 			zone. [RT# 21868]
@@ -1179,7 +1545,7 @@
 			revisit the issue and complete the fix later.
 			[RT #21710]
 
-2930.	[experimental]	New "rndc addzone" and "rndc delzone" commads
+2930.	[experimental]	New "rndc addzone" and "rndc delzone" commands
 			allow dynamic addition and deletion of zones.
 			To enable this feature, specify a "new-zone-file"
 			option at the view or options level in named.conf.
@@ -1355,7 +1721,7 @@
 			successfully responds to the query using plain DNS.
 			[RT #20930]
 
-2873.	[bug]		Cancelling a dynamic update via the dns/client module
+2873.	[bug]		Canceling a dynamic update via the dns/client module
 			could trigger an assertion failure. [RT #21133]
 
 2872.	[bug]		Modify dns/client.c:dns_client_createx() to only
@@ -1397,7 +1763,7 @@
 
 2860.	[bug]		named-checkconf's usage was out of date. [RT #21039]
 
-2859.	[bug]		When cancelling validation it was possible to leak
+2859.	[bug]		When canceling validation it was possible to leak
 			memory. [RT #20800]
 
 2858.	[bug]		RTT estimates were not being adjusted on ICMP errors.
@@ -1950,7 +2316,7 @@
 
 2695.	[func]		DHCP/DDNS - update fdwatch code for use by
 			DHCP.  Modify the api to isc_sockfdwatch_t (the
-			callback functon for isc_socket_fdwatchcreate)
+			callback function for isc_socket_fdwatchcreate)
 			to include information about the direction (read
 			or write) and add isc_socket_fdwatchpoke.
 			[RT #20253]
@@ -2015,7 +2381,7 @@
 			  sets the time when a key is no longer used for
 			  signing but is still published.
 			- The "unpublished" date (-U) is deprecated in
-			  favour of "deleted" (-D).
+			  favor of "deleted" (-D).
 			[RT #20247]
 
 2676.	[bug]		--with-export-installdir should have been
@@ -2461,7 +2827,7 @@
 
 2553.	[bug]		Reference leak on DNSSEC validation errors. [RT #19291]
 
-2552.	[bug]		zero-no-soa-ttl-cache was not being honoured.
+2552.	[bug]		zero-no-soa-ttl-cache was not being honored.
 			[RT #19340]
 
 2551.	[bug]		Potential Reference leak on return. [RT #19341]
@@ -2514,7 +2880,7 @@
 
 2534.	[func]		Check NAPTR records regular expressions and
 			replacement strings to ensure they are syntactically
-			valid and consistant. [RT #18168]
+			valid and consistent. [RT #18168]
 
 2533.	[doc]		ARM: document @ (at-sign). [RT #17144]
 

Modified: vendor/bind9/dist/COPYRIGHT
==============================================================================
--- vendor/bind9/dist/COPYRIGHT	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/COPYRIGHT	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,4 +1,4 @@
-Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2013  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 1996-2003  Internet Software Consortium.
 
 Permission to use, copy, modify, and/or distribute this software for any

Modified: vendor/bind9/dist/FAQ
==============================================================================
--- vendor/bind9/dist/FAQ	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/FAQ	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,6 +1,6 @@
 Frequently Asked Questions about BIND 9
 
-Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright © 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
 
 Copyright © 2000-2003 Internet Software Consortium.
 
@@ -869,7 +869,7 @@ A: If you run Tiger(Mac OS 10.4) or late
    Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
 
    key "rndc-key" {
-           algorithm hmac-md5;
+           algorithm hmac-sha256;
            secret "uvceheVuqf17ZwIcTydddw==";
    };
 

Modified: vendor/bind9/dist/FAQ.xml
==============================================================================
--- vendor/bind9/dist/FAQ.xml	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/FAQ.xml	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,7 +1,7 @@
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
        "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
 <!--
- - Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2013  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -30,6 +30,7 @@
       <year>2008</year>
       <year>2009</year>
       <year>2010</year>
+      <year>2013</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -1564,7 +1565,7 @@ rand_irqs="3 14 15"</programlisting>
 	<informalexample>
 	  <programlisting>
 key "rndc-key" {
-	algorithm hmac-md5;
+	algorithm hmac-sha256;
 	secret "uvceheVuqf17ZwIcTydddw==";
 };</programlisting>
 	</informalexample>

Modified: vendor/bind9/dist/Makefile.in
==============================================================================
--- vendor/bind9/dist/Makefile.in	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/Makefile.in	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011-2013  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any
@@ -61,9 +61,21 @@ tags:
 	rm -f TAGS
 	find lib bin -name "*.[ch]" -print | @ETAGS@ -
 
-check: test
+test check:
+	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
+	echo I: NOTE: The tests were not run because they require that; \
+	echo I:	the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
+	echo I:	as alias addresses on the loopback interface.  Please run; \
+	echo I:	\'bin/tests/system/ifconfig.sh up\' as root to configure; \
+	echo I:	them, then rerun the tests. Run make force-test to run the; \
+	echo I:	tests anyway.; \
+	exit 1; \
+	fi
+	${MAKE} test-force
 
-test:
+force-test: test-force
+
+test-force:
 	status=0; \
 	(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
 	(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \

Modified: vendor/bind9/dist/README
==============================================================================
--- vendor/bind9/dist/README	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/README	Wed Jul 24 07:12:55 2013	(r253592)
@@ -51,6 +51,11 @@ BIND 9
         For up-to-date release notes and errata, see
         http://www.isc.org/software/bind9/releasenotes
 
+BIND 9.8.5
+
+        BIND 9.8.5 includes several bug fixes and patches security
+        flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
+
 BIND 9.8.4
 
         BIND 9.8.4 includes several bug fixes and patches security

Modified: vendor/bind9/dist/aclocal.m4
==============================================================================
--- vendor/bind9/dist/aclocal.m4	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/aclocal.m4	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,2 +1,5 @@
-sinclude(./libtool.m4)dnl
-
+sinclude(libtool.m4/libtool.m4)dnl
+sinclude(libtool.m4/ltoptions.m4)dnl
+sinclude(libtool.m4/ltsugar.m4)dnl
+sinclude(libtool.m4/ltversion.m4)dnl
+sinclude(libtool.m4/lt~obsolete.m4)dnl

Modified: vendor/bind9/dist/bin/Makefile.in
==============================================================================
--- vendor/bind9/dist/bin/Makefile.in	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/bin/Makefile.in	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig dnssec tests tools nsupdate \
+SUBDIRS =	named rndc dig dnssec tools tests nsupdate \
 		check confgen @PKCS11_TOOLS@
 TARGETS =
 

Modified: vendor/bind9/dist/bin/check/check-tool.c
==============================================================================
--- vendor/bind9/dist/bin/check/check-tool.c	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/bin/check/check-tool.c	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -196,6 +196,10 @@ checkns(dns_zone_t *zone, dns_name_t *na
 		a->type == dns_rdatatype_a);
 	REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
 		aaaa->type == dns_rdatatype_aaaa);
+
+	if (a == NULL || aaaa == NULL)
+		return (answer);
+
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
 	hints.ai_family = PF_UNSPEC;
@@ -258,8 +262,7 @@ checkns(dns_zone_t *zone, dns_name_t *na
 		}
 		return (ISC_TRUE);
 	}
-	if (a == NULL || aaaa == NULL)
-		return (answer);
+
 	/*
 	 * Check that all glue records really exist.
 	 */
@@ -597,7 +600,7 @@ load_zone(isc_mem_t *mctx, const char *z
 
 	dns_zone_settype(zone, dns_zone_master);
 
-	isc_buffer_init(&buffer, zonename, strlen(zonename));
+	isc_buffer_constinit(&buffer, zonename, strlen(zonename));
 	isc_buffer_add(&buffer, strlen(zonename));
 	dns_fixedname_init(&fixorigin);
 	origin = dns_fixedname_name(&fixorigin);

Modified: vendor/bind9/dist/bin/check/named-checkconf.c
==============================================================================
--- vendor/bind9/dist/bin/check/named-checkconf.c	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/bin/check/named-checkconf.c	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2013  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -295,6 +295,18 @@ configure_zone(const char *vclass, const
 	}
 
 	obj = NULL;
+	if (get_maps(maps, "check-spf", &obj)) {
+		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
+			zone_options |= DNS_ZONEOPT_CHECKSPF;
+		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
+			zone_options &= ~DNS_ZONEOPT_CHECKSPF;
+		} else
+			INSIST(0);
+	} else {
+		zone_options |= DNS_ZONEOPT_CHECKSPF;
+	}
+
+	obj = NULL;
 	if (get_checknames(maps, &obj)) {
 		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
 			zone_options |= DNS_ZONEOPT_CHECKNAMES;
@@ -471,6 +483,7 @@ main(int argc, char **argv) {
 			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 

Modified: vendor/bind9/dist/bin/check/named-checkzone.8
==============================================================================
--- vendor/bind9/dist/bin/check/named-checkzone.8	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/bin/check/named-checkzone.8	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -33,9 +33,9 @@
 named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR
@@ -236,6 +236,14 @@ Chroot to
 so that include directives in the configuration file are processed as if run by a similarly chrooted named.
 .RE
 .PP
+\-T \fImode\fR
+.RS 4
+Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are
+\fB"warn"\fR
+(default),
+\fB"ignore"\fR.
+.RE
+.PP
 \-w \fIdirectory\fR
 .RS 4
 chdir to
@@ -281,7 +289,7 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2002 Internet Software Consortium.
 .br

Modified: vendor/bind9/dist/bin/check/named-checkzone.c
==============================================================================
--- vendor/bind9/dist/bin/check/named-checkzone.c	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/bin/check/named-checkzone.c	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2013  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -145,19 +145,21 @@ main(int argc, char **argv) {
 	if (progmode == progmode_compile) {
 		zone_options |= (DNS_ZONEOPT_CHECKNS |
 				 DNS_ZONEOPT_FATALNS |
+				 DNS_ZONEOPT_CHECKSPF |
 				 DNS_ZONEOPT_CHECKDUPRR |
 				 DNS_ZONEOPT_CHECKNAMES |
 				 DNS_ZONEOPT_CHECKNAMESFAIL |
 				 DNS_ZONEOPT_CHECKWILDCARD);
 	} else
-		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
+		zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
+				 DNS_ZONEOPT_CHECKSPF);
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
 	isc_commandline_errprint = ISC_FALSE;
 
 	while ((c = isc_commandline_parse(argc, argv,
-				       "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:"))
+				     "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
 	       != EOF) {
 		switch (c) {
 		case 'c':
@@ -363,6 +365,18 @@ main(int argc, char **argv) {
 			}
 			break;
 
+		case 'T':
+			if (ARGCMP("warn")) {
+				zone_options |= DNS_ZONEOPT_CHECKSPF;
+			} else if (ARGCMP("ignore")) {
+				zone_options &= ~DNS_ZONEOPT_CHECKSPF;
+			} else {
+				fprintf(stderr, "invalid argument to -T: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
+			break;
+
 		case 'W':
 			if (ARGCMP("warn"))
 				zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
@@ -374,6 +388,7 @@ main(int argc, char **argv) {
 			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					prog_name, isc_commandline_option);
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 

Modified: vendor/bind9/dist/bin/check/named-checkzone.docbook
==============================================================================
--- vendor/bind9/dist/bin/check/named-checkzone.docbook	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/bin/check/named-checkzone.docbook	Wed Jul 24 07:12:55 2013	(r253592)
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009, 2010, 2013  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -38,6 +38,7 @@
       <year>2007</year>
       <year>2009</year>
       <year>2010</year>
+      <year>2013</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -75,6 +76,7 @@
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-D</option></arg>
       <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
@@ -98,6 +100,7 @@
       <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-D</option></arg>
       <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
@@ -380,6 +383,18 @@
       </varlistentry>
 
       <varlistentry>
+	<term>-T <replaceable class="parameter">mode</replaceable></term>
+	<listitem>
+	  <para>
+	    Check if Sender Policy Framework records (TXT and SPF)
+	    both exist or both don't exist.  A warning is issued
+	    if they don't match.  Possible modes are
+	    <command>"warn"</command> (default), <command>"ignore"</command>.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term>-w <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>

Modified: vendor/bind9/dist/bin/check/named-checkzone.html
==============================================================================
--- vendor/bind9/dist/bin/check/named-checkzone.html	Wed Jul 24 06:13:00 2013	(r253591)
+++ vendor/bind9/dist/bin/check/named-checkzone.html	Wed Jul 24 07:12:55 2013	(r253592)
@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -29,11 +29,11 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em 
 class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</co
 de></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em 
 class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</co
 de></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543696"></a><h2>DESCRIPTION</h2>
+<a name="id2543716"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -53,7 +53,7 @@
      </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543731"></a><h2>OPTIONS</h2>
+<a name="id2543751"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -214,6 +214,13 @@
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
           </p></dd>
+<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+	    Check if Sender Policy Framework records (TXT and SPF)
+	    both exist or both don't exist.  A warning is issued
+	    if they don't match.  Possible modes are
+	    <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
+	  </p></dd>
 <dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
             chdir to <code class="filename">directory</code> so that
@@ -247,14 +254,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544446"></a><h2>RETURN VALUES</h2>
+<a name="id2544422"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544458"></a><h2>SEE ALSO</h2>
+<a name="id2544434"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
@@ -262,7 +269,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544491"></a><h2>AUTHOR</h2>
+<a name="id2544603"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307240712.r6O7CuKL053097>