Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind Merge conflicts; bugs fixed since the last...
details: https://anonhg.NetBSD.org/src/rev/1678121a208c
branches: trunk
changeset: 354410:1678121a208c
user: christos <christos%NetBSD.org@localhost>
date: Thu Jun 15 15:59:35 2017 +0000
description:
Merge conflicts; bugs fixed since the last import:
4632. [security] The BIND installer on Windows used an unquoted
service path, which can enable privilege escalation.
(CVE-2017-3141) [RT #45229]
4631. [security] Some RPZ configurations could go into an infinite
query loop when encountering responses with TTL=0.
(CVE-2017-3140) [RT #45181]
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
4581. [port] Linux: Add getpid and getrandom to the list of system
calls named uses for seccomp. [RT #44883]
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734]
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
4571. [bug] Out-of-tree builds of backtrace_test failed.
4570. [cleanup] named did not correctly fall back to the built-in
initializing keys if the bind.keys file was present
but empty. [RT #44531]
4568. [contrib] Added a --with-bind option to the dnsperf configure
script to specify BIND prefix path.
4567. [port] Call getprotobyname and getservbyname prior to calling
chroot so that shared libraries get loaded. [RT #44537]
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
4563. [bug] Modified zones would occasionally fail to reload.
[RT #39424]
4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
4560. [bug] mdig: add -m option to enable memory debugging rather
than having it on all the time. [RT #44509]
4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
was turned off. [RT #44509]
4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
[RT #44336]
4553. [bug] Named could deadlock there were multiple changes to
NSEC/NSEC3 parameters for a zone being processed at
the same time. [RT #42770]
4552. [bug] Named could trigger a assertion when sending notify
messages. [RT #44019]
4551. [test] Add system tests for integrity checks of MX and
SRV records. [RT #43953]
4550. [cleanup] Increased the number of available master file
output style flags from 32 to 64. [RT #44043]
4547. [port] Add support for --enable-native-pkcs11 on the AEP
Keyper HSM. [RT #42463]
4543. [bug] dns_client_startupdate now delays sending the update
request until isc_app_ctxrun has been called.
[RT #43976]
4541. [bug] rndc addzone should properly reject non master/slave
zones. [RT #43665]
4539. [bug] Referencing a nonexistent zone with RPZ could lead
to a assertion failure when configuring. [RT #43787]
4538. [bug] Call dns_client_startresolve from client->task.
[RT #43896]
4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
when reusing the event structure. [RT #43885]
4535. [bug] Address race condition in setting / testing of
DNS_REQUEST_F_SENDING. [RT #43889]
4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
4533. [bug] dns_client_update should terminate on prerequisite
failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
and also on BADZONE. [RT #43865]
4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
[RT #43836]
4529. [cleanup] Silence noisy log warning when DSCP probe fails
due to firewall rules. [RT #43847]
4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
4526. [doc] Corrected errors and improved formatting of
grammar definitions in the ARM. [RT #43739]
4525. [doc] Fixed outdated documentation on managed-keys.
[RT #43810]
4524. [bug] The net zero test was broken causing IPv4 servers
with addresses ending in .0 to be rejected. [RT #43776]
4523. [doc] Expand config doc for <querysource4> and
<querysource6>. [RT #43768]
4522. [bug] Handle big gaps in log file version numbers better.
[RT #38688]
4521. [cleanup] Log it as an error if an entropy source is not
found and there is no fallback available. [RT #43659]
4520. [cleanup] Alphabetize more of the grammar when printing it
out. [RT #43755]
4516. [bug] isc_socketmgr_renderjson was missing from the
windows build. [RT #43602]
4515. [port] FreeBSD: Find readline headers when they are in
edit/readline/ instead of readline/. [RT #43658]
4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
[RT #43566]
4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in.
[RT #43556]
4509. [test] Make the rrl system test more reliable on slower
machines by using mdig instead of dig. [RT #43280]
4507. [bug] Named could incorrectly log 'allows updates by IP
address, which is insecure' [RT #43432]
4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494]
4504. [security] Allow the maximum number of records in a zone to
be specified. This provides a control for issues
raised in CVE-2016-6170. [RT #42143]
4503. [cleanup] "make uninstall" now removes files installed by
BIND. (This currently excludes Python files
due to lack of support in setup.py.) [RT #42912]
4502. [func] Report multiple and experimental options when printing
grammar. [RT #43134]
4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526]
4499. [port] MacOSX: silence deprecated function warning
by using arc4random_stir() when available
instead of arc4random_addrandom(). [RT #43503]
4498. [test] Simplify prerequisite checks in system tests.
[RT #43516]
4497. [port] Add support for OpenSSL 1.1.0. [RT #41284]
4496. [func] dig: add +idnout to control whether labels are
display in punycode or not. Requires idn support
to be enabled at compile time. [RT #43398]
4494. [bug] Look for <editline/readline.h>. [RT #43429]
4492. [bug] irs_resconf_load failed to initialize sortlistnxt
causing bad writes if resolv.conf contained a
sortlist directive. [RT #43459]
4491. [bug] Improve message emitted when testing whether sendmsg
works with TOS/TCLASS fails. [RT #43483]
4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
4489. [security] It was possible to trigger assertions when processing
a response containing a DNAME answer. (CVE-2016-8864)
[RT #43465]
4488. [port] Darwin: use -framework for Kerberos. [RT #43418]
4487. [test] Make system tests work on Windows. [RT #42931]
4486. [bug] Look in $prefix/lib/pythonX.Y/site-packages for
the python modules we install. [RT #43330]
4485. [bug] Failure to find readline when requested should be
fatal to configure. [RT #43328]
4484. [func] Check prefixes in acls to make sure the address and
prefix lengths are consistent. Warn only in
BIND 9.11 and earlier. [RT #43367]
4483. [bug] Address use before require check and remove extraneous
dns_message_gettsigkey call in dns_tsig_sign.
[RT #43374]
4476. [test] Fix reclimit test on slower machines. [RT #43283]
4475. [doc] Update named-checkconf documentation. [RT #43153]
4474. [bug] win32: call WSAStartup in fromtext_in_wks so that
getprotobyname and getservbyname work. [RT #43197]
4473. [bug] Only call fsync / _commit on regular files. [RT #43196]
4472. [bug] Named could fail to find the correct NSEC3 records when
a zone was updated between looking for the answer and
looking for the NSEC3 records proving nonexistence
of the answer. [RT #43247]
4471. [cleanup] Revert a query logging change inadvertently
backported from 9.11. [RT #43238]
4467. [security] It was possible to trigger an assertion when
rendering a message. (CVE-2016-2776) [RT #43139]
4466. [bug] Interface scanning didn't work on a Windows system
without a non local IPv6 addresses. [RT #43130]
4464. [bug] Fix windows python support. [RT #43173]
4461. [bug] win32: not all external data was properly marked
as external data for windows dll. [RT #43161]
4458. [cleanup] Update assertions to be more correct, and also remove
use of a reserved word. [RT #43090]
4457. [maint] Added AAAA (2001:500:a8::e) for E.ROOT-SERVERS.NET.
4456. [doc] Add DOCTYPE and lang attribute to <html> tags.
[RT #42587]
4453. [bug] Prefetching of DS records failed to update their
RRSIGs. [RT #42865]
4451. [cleanup] Log more useful information if a PKCS#11 provider
library cannot be loaded. [RT #43076]
4450. [port] Provide more nuanced HSM support which better matches
the specific PKCS11 providers capabilities. [RT #42458]
4448. [bug] win32: ::1 was not being found when iterating
interfaces. [RT #42993]
4446. [bug] The cache_find() and _findrdataset() functions
could find rdatasets that had been marked stale.
[RT #42853]
4445. [cleanup] isc_errno_toresult() can now be used to call the
formerly private function isc__errno2result().
[RT #43050]
4443. [func] Set TCP_MAXSEG in addition to IPV6_USE_MIN_MTU on
TCP sockets. [RT #42864]
4442. [bug] Fix RPZ CIDR tree insertion bug that corrupted
tree data structure with overlapping networks
(longest prefix match was ineffective).
[RT #43035]
4441. [cleanup] Alphabetize host's help output. [RT #43031]
4435. [tuning] Only set IPV6_USE_MIN_MTU for UDP when the message
will not fit into a single IPv4 encapsulated IPv6
UDP packet when transmitted over a Ethernet link.
[RT #42871]
4434. [protocol] Return EDNS EXPIRE option for master zones in addition
to slave zones. [RT #43008]
4433. [cleanup] Report an error when passing an invalid option or
view name to "rndc dumpdb". [RT #42958]
4432. [test] Hide rndc output on expected failures in logfileconfig
system test. [RT #27996]
4431. [bug] named-checkconf now checks the rate-limit clause.
[RT #42970]
4430. [bug] Lwresd died if a search list was not defined.
Found by 0x710DDDD At Alibaba Security. [RT #42895]
4425. [bug] arpaname and named-rrchecker were not being installed
into ${prefix}/bin. [RT #42910]
4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
to provide feedback to the trust-anchor administrators
about how key rollovers are progressing as per
draft-ietf-dnsop-edns-key-tag-02. This can be
disabled using 'trust-anchor-telemetry no;'.
[RT #40583]
4423. [maint] Added missing IPv6 address 2001:500:84::b for
B.ROOT-SERVERS.NET. [RT #42898]
4422. [port] Silence clang warnings in dig.c and dighost.c.
[RT #42451]
4418. [bug] Fix a compiler warning in GSSAPI code. [RT #42879]
4414. [bug] Corrected a bug in the MIPS implementation of
isc_atomic_xadd(). [RT #41965]
4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
was returned. [RT #42733]
4412. [cleanup] Make fixes for GCC 6. ISC_OFFSET_MAXIMUM macro was
removed. [RT #42721]
4409. [bug] DNS64 should exclude mapped addresses by default when
an exclude acl is not defined. [RT #42810]
4407. [performance] Use GCC builtin for clz in RPZ lookup code.
[RT #42818]
4406. [security] getrrsetbyname with a non absolute name could
trigger an infinite recursion bug in lwresd
and named with lwres configured if when combined
with a search list entry
4404. [misc] Allow krb5-config to be used when configuring gssapi.
[RT #42580]
4403. [bug] Rename variables and arguments that shadow: basename,
clone and gai_error.
4397. [bug] Update Windows python support. [RT #42538]
4395. [bug] Improve out-of-tree installation of python modules.
[RT #42586]
4384. [bug] Change 4256 accidentally disabled logging of the
rndc command. [RT #42654]
4379. [bug] An INSIST could be triggered if a zone contains
RRSIG records with expiry fields that loop
using serial number arithmetic. [RT #40571]
4378. [contrib] #include <isc/string.h> for strlcat in zone2ldap.c.
[RT #42525]
4377. [bug] Don't reuse zero TTL responses beyond the current
client set (excludes ANY/SIG/RRSIG queries).
[RT #42142]
4374. [bug] Use SAVE/RESTORE macros in query.c to reduce the
probability of reference counting errors as seen
in 4365. [RT #42405]
4373. [bug] Address undefined behavior in getaddrinfo. [RT #42479]
4372. [bug] Address undefined behavior in libt_api. [RT #42480]
4369. [bug] Fix 'make' and 'make install' out-of-tree python
support. [RT #42484]
4367. [bug] Remove unnecessary assignment of loadtime in
zone_touched. [RT #42440]
4361. [cleanup] Where supported, file modification times returned
by isc_file_getmodtime() are now accurate to the
nanosecond. [RT #41968]
4360. [bug] Silence spurious 'bad key type' message when there is
a existing TSIG key. [RT #42195]
4359. [bug] Inherited 'also-notify' lists were not being checked
by named-checkconf. [RT #42174]
4354. [bug] Check that the received HMAC length matches the
expected length prior to check the contents on the
control channel. This prevents a OOB read error.
This was reported by Lian Yihan, <lianyihan%360.cn@localhost>.
[RT #42215]
4353. [cleanup] Update PKCS#11 header files. [RT #42175]
4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
is scheduled to be disabled in 2017. A warning is
now logged when named is configured to use it,
either explicitly or via "dnssec-lookaside auto;"
[RT #42207]
4351. [bug] 'dig +noignore' didn't work. [RT #42273]
4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
4348. [cleanup] Refactor dnssec-coverage and dnssec-checkds
functionality into an "isc" python module. [RT #39211]
4013. [func] Add a new tcp-only option to server (config) /
peer (struct) to use TCP transport to send
queries (in place of UDP transport with a
TCP fallback on truncated (TC set) response).
[RT #37800]
diffstat:
external/bsd/bind/dist/CHANGES | 416 +-
external/bsd/bind/dist/Makefile.in | 9 +-
external/bsd/bind/dist/README | 54 +-
external/bsd/bind/dist/acconfig.h | 8 +-
external/bsd/bind/dist/bin/check/named-checkconf.8 | 37 +-
external/bsd/bind/dist/bin/check/named-checkconf.c | 4 +-
external/bsd/bind/dist/bin/check/named-checkzone.8 | 6 +-
external/bsd/bind/dist/bin/confgen/ddns-confgen.8 | 6 +-
external/bsd/bind/dist/bin/confgen/keygen.c | 12 +-
external/bsd/bind/dist/bin/confgen/rndc-confgen.8 | 8 +-
external/bsd/bind/dist/bin/confgen/rndc-confgen.c | 28 +-
external/bsd/bind/dist/bin/delv/delv.c | 12 +-
external/bsd/bind/dist/bin/dig/dig.1 | 30 +-
external/bsd/bind/dist/bin/dig/dig.c | 42 +-
external/bsd/bind/dist/bin/dig/dighost.c | 226 +-
external/bsd/bind/dist/bin/dig/host.1 | 263 +-
external/bsd/bind/dist/bin/dig/host.c | 18 +-
external/bsd/bind/dist/bin/dig/include/dig/dig.h | 13 +-
external/bsd/bind/dist/bin/dig/nslookup.c | 18 +-
external/bsd/bind/dist/bin/dnssec/dnssec-dsfromkey.8 | 6 +-
external/bsd/bind/dist/bin/dnssec/dnssec-importkey.8 | 6 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keyfromlabel.8 | 6 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keyfromlabel.c | 21 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keygen.8 | 8 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c | 29 +-
external/bsd/bind/dist/bin/dnssec/dnssec-revoke.8 | 6 +-
external/bsd/bind/dist/bin/dnssec/dnssec-settime.8 | 6 +-
external/bsd/bind/dist/bin/dnssec/dnssec-settime.c | 11 +-
external/bsd/bind/dist/bin/dnssec/dnssec-signzone.8 | 8 +-
external/bsd/bind/dist/bin/dnssec/dnssec-signzone.c | 9 +-
external/bsd/bind/dist/bin/dnssec/dnssec-verify.8 | 6 +-
external/bsd/bind/dist/bin/dnssec/dnssectool.c | 55 +-
external/bsd/bind/dist/bin/dnssec/dnssectool.h | 10 +-
external/bsd/bind/dist/bin/named/client.c | 17 +-
external/bsd/bind/dist/bin/named/config.c | 12 +-
external/bsd/bind/dist/bin/named/control.c | 6 +-
external/bsd/bind/dist/bin/named/include/named/config.h | 8 +-
external/bsd/bind/dist/bin/named/include/named/globals.h | 8 +-
external/bsd/bind/dist/bin/named/include/named/server.h | 7 +-
external/bsd/bind/dist/bin/named/logconf.c | 22 +-
external/bsd/bind/dist/bin/named/lwresd.8 | 6 +-
external/bsd/bind/dist/bin/named/lwsearch.c | 7 +-
external/bsd/bind/dist/bin/named/main.c | 26 +-
external/bsd/bind/dist/bin/named/named.8 | 6 +-
external/bsd/bind/dist/bin/named/named.conf.5 | 10 +-
external/bsd/bind/dist/bin/named/named.conf.docbook | 11 +-
external/bsd/bind/dist/bin/named/named.conf.html | 172 +-
external/bsd/bind/dist/bin/named/query.c | 310 +-
external/bsd/bind/dist/bin/named/server.c | 454 +-
external/bsd/bind/dist/bin/named/unix/os.c | 5 +-
external/bsd/bind/dist/bin/named/update.c | 20 +-
external/bsd/bind/dist/bin/named/xfrout.c | 4 +-
external/bsd/bind/dist/bin/named/zoneconf.c | 11 +-
external/bsd/bind/dist/bin/nsupdate/nsupdate.1 | 14 +-
external/bsd/bind/dist/bin/nsupdate/nsupdate.c | 40 +-
external/bsd/bind/dist/bin/pkcs11/openssl-1.0.1q-patch | 15791 ---------
external/bsd/bind/dist/bin/pkcs11/openssl-1.0.2f-patch | 15964 ----------
external/bsd/bind/dist/bin/pkcs11/pkcs11-destroy.8 | 6 +-
external/bsd/bind/dist/bin/pkcs11/pkcs11-keygen.8 | 6 +-
external/bsd/bind/dist/bin/pkcs11/pkcs11-list.8 | 6 +-
external/bsd/bind/dist/bin/python/dnssec-checkds.8 | 6 +-
external/bsd/bind/dist/bin/python/dnssec-checkds.docbook | 5 +-
external/bsd/bind/dist/bin/rndc/rndc.8 | 6 +-
external/bsd/bind/dist/bin/rndc/rndc.c | 9 +-
external/bsd/bind/dist/bin/rndc/rndc.conf.5 | 6 +-
external/bsd/bind/dist/bin/tests/atomic/t_atomic.c | 6 +-
external/bsd/bind/dist/bin/tests/byname_test.c | 22 +-
external/bsd/bind/dist/bin/tests/dst/t_dst.c | 97 +-
external/bsd/bind/dist/bin/tests/hash_test.c | 10 +-
external/bsd/bind/dist/bin/tests/hashes/t_hashes.c | 33 +-
external/bsd/bind/dist/bin/tests/rdata_test.c | 8 +-
external/bsd/bind/dist/bin/tests/system/builtin/Makefile.in | 56 -
external/bsd/bind/dist/bin/tests/system/builtin/gethostname.c | 51 -
external/bsd/bind/dist/bin/tests/system/dlzexternal/dlopen.c | 30 -
external/bsd/bind/dist/bin/tests/system/fetchlimit/Makefile.in | 53 -
external/bsd/bind/dist/bin/tests/system/fetchlimit/fetchlimit.c | 33 -
external/bsd/bind/dist/bin/tests/system/filter-aaaa/Makefile.in | 55 -
external/bsd/bind/dist/bin/tests/system/filter-aaaa/filter-aaaa.c | 35 -
external/bsd/bind/dist/bin/tests/system/geoip/Makefile.in | 55 -
external/bsd/bind/dist/bin/tests/system/geoip/geoip.c | 33 -
external/bsd/bind/dist/bin/tests/system/lwresd/lwtest.c | 35 +-
external/bsd/bind/dist/bin/tests/system/rpz/Makefile.in | 56 -
external/bsd/bind/dist/bin/tests/system/rpz/rpz.c | 57 -
external/bsd/bind/dist/bin/tests/system/statistics/Makefile.in | 52 -
external/bsd/bind/dist/bin/tests/system/statistics/xmlstats.c | 33 -
external/bsd/bind/dist/bin/tests/system/stub/tests.sh | 4 +-
external/bsd/bind/dist/bin/tests/system/tkey/keycreate.c | 15 +-
external/bsd/bind/dist/bin/tests/system/tkey/keydelete.c | 11 +-
external/bsd/bind/dist/bin/tests/system/tsiggss/Makefile.in | 55 -
external/bsd/bind/dist/bin/tests/system/tsiggss/gssapi_krb.c | 36 -
external/bsd/bind/dist/bin/tools/arpaname.1 | 6 +-
external/bsd/bind/dist/bin/tools/genrandom.8 | 6 +-
external/bsd/bind/dist/bin/tools/isc-hmac-fixup.8 | 6 +-
external/bsd/bind/dist/bin/tools/isc-hmac-fixup.c | 16 +-
external/bsd/bind/dist/bin/tools/named-journalprint.8 | 8 +-
external/bsd/bind/dist/bin/tools/nsec3hash.8 | 6 +-
external/bsd/bind/dist/config.h.in | 39 +-
external/bsd/bind/dist/configure | 876 +-
external/bsd/bind/dist/configure.in | 554 +-
external/bsd/bind/dist/contrib/sdb/ldap/zone2ldap.c | 3 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 1012 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 4619 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 94 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 47 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 223 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 46 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/bind/dist/doc/arm/man.arpaname.html | 47 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 134 +-
external/bsd/bind/dist/doc/arm/man.delv.html | 343 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 642 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 104 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 182 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 211 +-
external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html | 152 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 294 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 335 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 114 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 199 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 411 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 123 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 84 +-
external/bsd/bind/dist/doc/arm/man.host.html | 433 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 61 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 138 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 300 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 60 +-
external/bsd/bind/dist/doc/arm/man.named-rrchecker.html | 66 +-
external/bsd/bind/dist/doc/arm/man.named.html | 305 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 83 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 405 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 163 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 113 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 378 +-
external/bsd/bind/dist/doc/misc/options | 255 +-
external/bsd/bind/dist/isc-config.sh.1 | 6 +-
external/bsd/bind/dist/lib/bind9/check.c | 250 +-
external/bsd/bind/dist/lib/dns/acl.c | 46 +-
external/bsd/bind/dist/lib/dns/adb.c | 12 +-
external/bsd/bind/dist/lib/dns/api | 7 +-
external/bsd/bind/dist/lib/dns/client.c | 124 +-
external/bsd/bind/dist/lib/dns/db.c | 17 +-
external/bsd/bind/dist/lib/dns/dbtable.c | 12 +-
external/bsd/bind/dist/lib/dns/dispatch.c | 13 +-
external/bsd/bind/dist/lib/dns/dnssec.c | 42 +-
external/bsd/bind/dist/lib/dns/dst_api.c | 45 +-
external/bsd/bind/dist/lib/dns/dst_internal.h | 28 +-
external/bsd/bind/dist/lib/dns/dst_openssl.h | 19 +-
external/bsd/bind/dist/lib/dns/dst_parse.c | 40 +-
external/bsd/bind/dist/lib/dns/ecdb.c | 7 +-
external/bsd/bind/dist/lib/dns/gssapictx.c | 10 +-
external/bsd/bind/dist/lib/dns/hmac_link.c | 10 +-
external/bsd/bind/dist/lib/dns/include/dns/db.h | 24 +-
external/bsd/bind/dist/lib/dns/include/dns/events.h | 5 +-
external/bsd/bind/dist/lib/dns/include/dns/keytable.h | 36 +-
external/bsd/bind/dist/lib/dns/include/dns/masterdump.h | 33 +-
external/bsd/bind/dist/lib/dns/include/dns/message.h | 4 +-
external/bsd/bind/dist/lib/dns/include/dns/peer.h | 11 +-
external/bsd/bind/dist/lib/dns/include/dns/rbt.h | 6 +-
external/bsd/bind/dist/lib/dns/include/dns/rdata.h | 17 +-
external/bsd/bind/dist/lib/dns/include/dns/rdataslab.h | 17 +-
external/bsd/bind/dist/lib/dns/include/dns/result.h | 10 +-
external/bsd/bind/dist/lib/dns/include/dns/rrl.h | 12 +-
external/bsd/bind/dist/lib/dns/include/dns/tsig.h | 8 +-
external/bsd/bind/dist/lib/dns/include/dns/types.h | 7 +-
external/bsd/bind/dist/lib/dns/include/dns/view.h | 3 +-
external/bsd/bind/dist/lib/dns/include/dns/zone.h | 40 +-
external/bsd/bind/dist/lib/dns/include/dns/zt.h | 6 +-
external/bsd/bind/dist/lib/dns/include/dst/gssapi.h | 5 +-
external/bsd/bind/dist/lib/dns/iptable.c | 8 +-
external/bsd/bind/dist/lib/dns/keytable.c | 68 +-
external/bsd/bind/dist/lib/dns/masterdump.c | 12 +-
external/bsd/bind/dist/lib/dns/message.c | 17 +-
external/bsd/bind/dist/lib/dns/name.c | 23 +-
external/bsd/bind/dist/lib/dns/ncache.c | 34 +-
external/bsd/bind/dist/lib/dns/openssl_link.c | 77 +-
external/bsd/bind/dist/lib/dns/openssldh_link.c | 283 +-
external/bsd/bind/dist/lib/dns/openssldsa_link.c | 231 +-
external/bsd/bind/dist/lib/dns/opensslecdsa_link.c | 56 +-
external/bsd/bind/dist/lib/dns/opensslgost_link.c | 28 +-
external/bsd/bind/dist/lib/dns/opensslrsa_link.c | 408 +-
external/bsd/bind/dist/lib/dns/peer.c | 31 +-
external/bsd/bind/dist/lib/dns/rbt.c | 6 +-
external/bsd/bind/dist/lib/dns/rbtdb.c | 257 +-
external/bsd/bind/dist/lib/dns/rcode.c | 33 +-
external/bsd/bind/dist/lib/dns/rdata.c | 19 +-
external/bsd/bind/dist/lib/dns/rdata/generic/opt_41.c | 4 +-
external/bsd/bind/dist/lib/dns/rdata/in_1/wks_11.c | 52 +-
external/bsd/bind/dist/lib/dns/rdataset.c | 4 +-
external/bsd/bind/dist/lib/dns/rdataslab.c | 17 +-
external/bsd/bind/dist/lib/dns/request.c | 17 +-
external/bsd/bind/dist/lib/dns/resolver.c | 30 +-
external/bsd/bind/dist/lib/dns/result.c | 13 +-
external/bsd/bind/dist/lib/dns/rootns.c | 5 +-
external/bsd/bind/dist/lib/dns/rpz.c | 37 +-
external/bsd/bind/dist/lib/dns/sdb.c | 7 +-
external/bsd/bind/dist/lib/dns/sdlz.c | 7 +-
external/bsd/bind/dist/lib/dns/spnego.c | 8 +-
external/bsd/bind/dist/lib/dns/tests/Makefile.in | 20 +-
external/bsd/bind/dist/lib/dns/tkey.c | 80 +-
external/bsd/bind/dist/lib/dns/tsec.c | 8 +-
external/bsd/bind/dist/lib/dns/tsig.c | 49 +-
external/bsd/bind/dist/lib/dns/view.c | 5 +-
external/bsd/bind/dist/lib/dns/xfrin.c | 26 +-
external/bsd/bind/dist/lib/dns/zone.c | 207 +-
external/bsd/bind/dist/lib/dns/zt.c | 6 +-
external/bsd/bind/dist/lib/irs/getaddrinfo.c | 10 +-
external/bsd/bind/dist/lib/irs/resconf.c | 31 +-
external/bsd/bind/dist/lib/isc/backtrace-emptytbl.c | 9 +-
external/bsd/bind/dist/lib/isc/hash.c | 6 +-
external/bsd/bind/dist/lib/isc/hmacmd5.c | 67 +-
external/bsd/bind/dist/lib/isc/hmacsha.c | 604 +-
external/bsd/bind/dist/lib/isc/include/isc/backtrace.h | 9 +-
external/bsd/bind/dist/lib/isc/include/isc/event.h | 10 +-
external/bsd/bind/dist/lib/isc/include/isc/hmacmd5.h | 18 +-
external/bsd/bind/dist/lib/isc/include/isc/hmacsha.h | 22 +-
external/bsd/bind/dist/lib/isc/include/isc/lex.h | 4 +-
external/bsd/bind/dist/lib/isc/include/isc/md5.h | 18 +-
external/bsd/bind/dist/lib/isc/include/isc/netaddr.h | 6 +-
external/bsd/bind/dist/lib/isc/include/isc/sha1.h | 12 +-
external/bsd/bind/dist/lib/isc/include/isc/sha2.h | 16 +-
external/bsd/bind/dist/lib/isc/include/isc/sockaddr.h | 6 +-
external/bsd/bind/dist/lib/isc/include/isc/socket.h | 4 +-
external/bsd/bind/dist/lib/isc/include/isc/types.h | 5 +-
external/bsd/bind/dist/lib/isc/lex.c | 4 +-
external/bsd/bind/dist/lib/isc/log.c | 132 +-
external/bsd/bind/dist/lib/isc/md5.c | 38 +-
external/bsd/bind/dist/lib/isc/mips/include/isc/atomic.h | 70 +-
external/bsd/bind/dist/lib/isc/netaddr.c | 12 +-
external/bsd/bind/dist/lib/isc/print.c | 14 +-
external/bsd/bind/dist/lib/isc/radix.c | 8 +-
external/bsd/bind/dist/lib/isc/random.c | 23 +-
external/bsd/bind/dist/lib/isc/ratelimiter.c | 16 +-
external/bsd/bind/dist/lib/isc/sha1.c | 24 +-
external/bsd/bind/dist/lib/isc/sha2.c | 113 +-
external/bsd/bind/dist/lib/isc/task.c | 5 +-
external/bsd/bind/dist/lib/isc/unix/dir.c | 20 +-
external/bsd/bind/dist/lib/isc/unix/errno2result.c | 18 +-
external/bsd/bind/dist/lib/isc/unix/errno2result.h | 11 +-
external/bsd/bind/dist/lib/isc/unix/file.c | 16 +-
external/bsd/bind/dist/lib/isc/unix/include/isc/net.h | 15 +-
external/bsd/bind/dist/lib/isc/unix/include/isc/offset.h | 12 +-
external/bsd/bind/dist/lib/isc/unix/net.c | 22 +-
external/bsd/bind/dist/lib/isc/unix/socket.c | 77 +-
external/bsd/bind/dist/lib/isc/unix/stdio.c | 20 +-
external/bsd/bind/dist/lib/isc/win32/app.c | 5 +-
external/bsd/bind/dist/lib/isc/win32/condition.c | 5 +-
external/bsd/bind/dist/lib/isc/win32/errno2result.c | 18 +-
external/bsd/bind/dist/lib/isc/win32/errno2result.h | 9 +-
external/bsd/bind/dist/lib/isc/win32/include/isc/ipv6.h | 7 +-
external/bsd/bind/dist/lib/isc/win32/include/isc/offset.h | 17 +-
external/bsd/bind/dist/lib/isc/win32/interfaceiter.c | 108 +-
external/bsd/bind/dist/lib/isc/win32/socket.c | 149 +-
external/bsd/bind/dist/lib/isc/win32/stdio.c | 17 +-
external/bsd/bind/dist/lib/isccc/cc.c | 53 +-
external/bsd/bind/dist/lib/isccfg/aclconf.c | 12 +-
external/bsd/bind/dist/lib/isccfg/include/isccfg/grammar.h | 6 +-
external/bsd/bind/dist/lib/isccfg/namedconf.c | 365 +-
external/bsd/bind/dist/lib/isccfg/parser.c | 410 +-
external/bsd/bind/dist/lib/lwres/lwres_grbn.c | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_buffer.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_config.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_context.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_gabn.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_gai_strerror.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_getaddrinfo.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_gethostent.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_getipnode.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_getnameinfo.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_getrrsetbyname.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_gnba.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_hstrerror.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_inetntop.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_noop.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_packet.3 | 6 +-
external/bsd/bind/dist/lib/lwres/man/lwres_resutil.3 | 6 +-
external/bsd/bind/dist/lib/tests/t_api.c | 20 +-
external/bsd/bind/dist/make/rules.in | 6 +-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 4 +-
external/bsd/bind/dist/win32utils/legacy/BINDBuild.dsw.in | 109 +-
external/bsd/bind/include/config.h | 39 +-
external/bsd/bind/include/dns/code.h | 2 +-
external/bsd/bind/include/dns/enumclass.h | 2 +-
external/bsd/bind/include/dns/enumtype.h | 2 +-
external/bsd/bind/include/dns/rdatastruct.h | 2 +-
external/bsd/bind/include/isc/platform.h | 7 +-
external/bsd/bind/lib/libbind9/shlib_version | 4 +-
external/bsd/bind/lib/libdns/shlib_version | 4 +-
external/bsd/bind/lib/libirs/shlib_version | 4 +-
external/bsd/bind/lib/libisc/shlib_version | 4 +-
external/bsd/bind/lib/libisccc/shlib_version | 4 +-
external/bsd/bind/lib/libisccfg/shlib_version | 4 +-
external/bsd/bind/lib/liblwres/shlib_version | 4 +-
295 files changed, 15270 insertions(+), 39899 deletions(-)
diffs (truncated from 79061 to 300 lines):
diff -r ed512bd94ea3 -r 1678121a208c external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Thu Jun 15 15:38:18 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES Thu Jun 15 15:59:35 2017 +0000
@@ -1,12 +1,27 @@
- --- 9.10.4-P8 released ---
+ --- 9.10.5-P1 released ---
+
+4632. [security] The BIND installer on Windows used an unquoted
+ service path, which can enable privilege escalation.
+ (CVE-2017-3141) [RT #45229]
+
+4631. [security] Some RPZ configurations could go into an infinite
+ query loop when encountering responses with TTL=0.
+ (CVE-2017-3140) [RT #45181]
+
+ --- 9.10.5 released ---
+
+ --- 9.10.5rc3 released ---
4582. [security] 'rndc ""' could trigger a assertion failure in named.
(CVE-2017-3138) [RT #44924]
+4581. [port] Linux: Add getpid and getrandom to the list of system
+ calls named uses for seccomp. [RT #44883]
+
4580. [bug] 4578 introduced a regression when handling CNAME to
referral below the current domain. [RT #44850]
- --- 9.10.4-P7 released ---
+ --- 9.10.5rc2 released ---
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
@@ -15,61 +30,340 @@
4575. [security] DNS64 with "break-dnssec yes;" can result in an
assertion failure. (CVE-2017-3136) [RT #44653]
+ --- 9.10.5rc1 released ---
+
+4571. [bug] Out-of-tree builds of backtrace_test failed.
+
+4570. [cleanup] named did not correctly fall back to the built-in
+ initializing keys if the bind.keys file was present
+ but empty. [RT #44531]
+
+4568. [contrib] Added a --with-bind option to the dnsperf configure
+ script to specify BIND prefix path.
+
+4567. [port] Call getprotobyname and getservbyname prior to calling
+ chroot so that shared libraries get loaded. [RT #44537]
+
4564. [maint] Update the built in managed keys to include the
upcoming root KSK. [RT #44579]
- --- 9.10.4-P6 released ---
+4563. [bug] Modified zones would occasionally fail to reload.
+ [RT #39424]
+
+4561. [port] Silence a warning in strict C99 compilers. [RT #44414]
+
+4560. [bug] mdig: add -m option to enable memory debugging rather
+ than having it on all the time. [RT #44509]
+
+4559. [bug] openssl_link.c didn't compile if ISC_MEM_TRACKLINES
+ was turned off. [RT #44509]
4558. [bug] Synthesised CNAME before matching DNAME was still
- being cached when it should not have been. [RT #44318]
+ being cached when it should not have been. [RT #44318]
4557. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
- --- 9.10.4-P5 released ---
+4554. [bug] Remove double unlock in dns_dispatchmgr_setudp.
+ [RT #44336]
+
+4553. [bug] Named could deadlock there were multiple changes to
+ NSEC/NSEC3 parameters for a zone being processed at
+ the same time. [RT #42770]
+
+4552. [bug] Named could trigger a assertion when sending notify
+ messages. [RT #44019]
+
+4551. [test] Add system tests for integrity checks of MX and
+ SRV records. [RT #43953]
+
+4550. [cleanup] Increased the number of available master file
+ output style flags from 32 to 64. [RT #44043]
+
+4547. [port] Add support for --enable-native-pkcs11 on the AEP
+ Keyper HSM. [RT #42463]
+
+ --- 9.10.5b1 released ---
+
+4543. [bug] dns_client_startupdate now delays sending the update
+ request until isc_app_ctxrun has been called.
+ [RT #43976]
+
+4541. [bug] rndc addzone should properly reject non master/slave
+ zones. [RT #43665]
+
+4539. [bug] Referencing a nonexistent zone with RPZ could lead
+ to a assertion failure when configuring. [RT #43787]
+
+4538. [bug] Call dns_client_startresolve from client->task.
+ [RT #43896]
+
+4537. [bug] Handle timeouts better in dig/host/nslookup. [RT #43576]
+
+4536. [bug] ISC_SOCKEVENTATTR_USEMINMTU was not being cleared
+ when reusing the event structure. [RT #43885]
+
+4535. [bug] Address race condition in setting / testing of
+ DNS_REQUEST_F_SENDING. [RT #43889]
+
+4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879]
+
+4533. [bug] dns_client_update should terminate on prerequisite
+ failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET)
+ and also on BADZONE. [RT #43865]
+
+4532. [contrib] Make gen-data-queryperf.py python 3 compatible.
+ [RT #43836]
4530. [bug] Change 4489 broke the handling of CNAME -> DNAME
in responses resulting in SERVFAIL being returned.
[RT #43779]
+4529. [cleanup] Silence noisy log warning when DSCP probe fails
+ due to firewall rules. [RT #43847]
+
4528. [bug] Only set the flag bits for the i/o we are waiting
for on EPOLLERR or EPOLLHUP. [RT #43617]
+4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
+
+4526. [doc] Corrected errors and improved formatting of
+ grammar definitions in the ARM. [RT #43739]
+
+4525. [doc] Fixed outdated documentation on managed-keys.
+ [RT #43810]
+
+4524. [bug] The net zero test was broken causing IPv4 servers
+ with addresses ending in .0 to be rejected. [RT #43776]
+
+4523. [doc] Expand config doc for <querysource4> and
+ <querysource6>. [RT #43768]
+
+4522. [bug] Handle big gaps in log file version numbers better.
+ [RT #38688]
+
+4521. [cleanup] Log it as an error if an entropy source is not
+ found and there is no fallback available. [RT #43659]
+
+4520. [cleanup] Alphabetize more of the grammar when printing it
+ out. [RT #43755]
+
4519. [port] win32: handle ERROR_MORE_DATA. [RT #43534]
4517. [security] Named could mishandle authority sections that were
missing RRSIGs triggering an assertion failure.
(CVE-2016-9444) [RT # 43632]
+4516. [bug] isc_socketmgr_renderjson was missing from the
+ windows build. [RT #43602]
+
+4515. [port] FreeBSD: Find readline headers when they are in
+ edit/readline/ instead of readline/. [RT #43658]
+
+4513. [cleanup] Minimum Python versions are now 2.7 and 3.2.
+ [RT #43566]
+
+4512. [bug] win32: @GEOIP_INC@ missing from delv.vcxproj.in.
+ [RT #43556]
+
4510. [security] Named mishandled some responses where covering RRSIG
records are returned without the requested data
resulting in a assertion failure. (CVE-2016-9147)
[RT #43548]
+4509. [test] Make the rrl system test more reliable on slower
+ machines by using mdig instead of dig. [RT #43280]
+
4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
a class mismatch. (CVE-2016-9131) [RT #43522]
- --- 9.10.4-P4 released ---
+4507. [bug] Named could incorrectly log 'allows updates by IP
+ address, which is insecure' [RT #43432]
+
+4505. [port] Use IP_PMTUDISC_OMIT if available. [RT #35494]
+
+4504. [security] Allow the maximum number of records in a zone to
+ be specified. This provides a control for issues
+ raised in CVE-2016-6170. [RT #42143]
+
+4503. [cleanup] "make uninstall" now removes files installed by
+ BIND. (This currently excludes Python files
+ due to lack of support in setup.py.) [RT #42912]
+
+4502. [func] Report multiple and experimental options when printing
+ grammar. [RT #43134]
+
+4500. [bug] Support modifier I64 in isc__print_printf. [RT #43526]
+
+4499. [port] MacOSX: silence deprecated function warning
+ by using arc4random_stir() when available
+ instead of arc4random_addrandom(). [RT #43503]
+
+4498. [test] Simplify prerequisite checks in system tests.
+ [RT #43516]
+
+4497. [port] Add support for OpenSSL 1.1.0. [RT #41284]
+
+4496. [func] dig: add +idnout to control whether labels are
+ display in punycode or not. Requires idn support
+ to be enabled at compile time. [RT #43398]
+
+4494. [bug] Look for <editline/readline.h>. [RT #43429]
+
+4492. [bug] irs_resconf_load failed to initialize sortlistnxt
+ causing bad writes if resolv.conf contained a
+ sortlist directive. [RT #43459]
+
+4491. [bug] Improve message emitted when testing whether sendmsg
+ works with TOS/TCLASS fails. [RT #43483]
+
+4490. [maint] Added AAAA (2001:500:12::d0d) for G.ROOT-SERVERS.NET.
4489. [security] It was possible to trigger assertions when processing
- a response. (CVE-2016-8864) [RT #43465]
-
- --- 9.10.4-P3 released ---
+ a response containing a DNAME answer. (CVE-2016-8864)
+ [RT #43465]
+
+4488. [port] Darwin: use -framework for Kerberos. [RT #43418]
+
+4487. [test] Make system tests work on Windows. [RT #42931]
+
+4486. [bug] Look in $prefix/lib/pythonX.Y/site-packages for
+ the python modules we install. [RT #43330]
+
+4485. [bug] Failure to find readline when requested should be
+ fatal to configure. [RT #43328]
+
+4484. [func] Check prefixes in acls to make sure the address and
+ prefix lengths are consistent. Warn only in
+ BIND 9.11 and earlier. [RT #43367]
+
+4483. [bug] Address use before require check and remove extraneous
+ dns_message_gettsigkey call in dns_tsig_sign.
+ [RT #43374]
+
+4476. [test] Fix reclimit test on slower machines. [RT #43283]
+
+4475. [doc] Update named-checkconf documentation. [RT #43153]
+
+4474. [bug] win32: call WSAStartup in fromtext_in_wks so that
+ getprotobyname and getservbyname work. [RT #43197]
+
+4473. [bug] Only call fsync / _commit on regular files. [RT #43196]
+
+4472. [bug] Named could fail to find the correct NSEC3 records when
+ a zone was updated between looking for the answer and
+ looking for the NSEC3 records proving nonexistence
+ of the answer. [RT #43247]
+
+4471. [cleanup] Revert a query logging change inadvertently
+ backported from 9.11. [RT #43238]
4468. [bug] Address ECS option handling issues. [RT #43191]
- Note: Only the parts required to restore
- interoperation with ECS clients have been
- included in this security release. The full
- fix is included in BIND 9.10.5.
-
-4467. [security] It was possible to trigger a assertion when rendering
- a message. (CVE-2016-2776) [RT #43139]
-
- --- 9.10.4-P2 released ---
-
-4406. [bug] getrrsetbyname with a non absolute name could
+4467. [security] It was possible to trigger an assertion when
+ rendering a message. (CVE-2016-2776) [RT #43139]
+
+4466. [bug] Interface scanning didn't work on a Windows system
+ without a non local IPv6 addresses. [RT #43130]
+
+4464. [bug] Fix windows python support. [RT #43173]
+
+4461. [bug] win32: not all external data was properly marked
+ as external data for windows dll. [RT #43161]
+
+4458. [cleanup] Update assertions to be more correct, and also remove
+ use of a reserved word. [RT #43090]
+
Home |
Main Index |
Thread Index |
Old Index