Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/ISC]: src/external/mpl/bind/dist --- 9.14.1 released ---
details: https://anonhg.NetBSD.org/src/rev/606979b9bd91
branches: ISC
changeset: 450882:606979b9bd91
user: christos <christos%NetBSD.org@localhost>
date: Sat Apr 27 23:47:13 2019 +0000
description:
--- 9.14.1 released ---
5201. [bug] Fix a possible deadlock in RPZ update code. [GL #973]
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
5199. [security] In certain configurations, named could crash
if nxdomain-redirect was in use and a redirected
query resulted in an NXDOMAIN from the cache.
(CVE-2019-6467) [GL #880]
5198. [bug] If a fetch context was being shut down and, at the same
time, we returned from qname minimization, an INSIST
could be hit. [GL #966]
5197. [bug] dig could die in best effort mode on multiple SIG(0)
records. Similarly on multiple OPT and multiple TSIG
records. [GL #920]
5196. [bug] make install failed with --with-dlopen=no. [GL #955]
5195. [bug] "allow-update" and "allow-update-forwarding" were
treated as configuration errors if used at the
options or view level. [GL #913]
5194. [bug] Enforce non empty ZOMEMD hash. [GL #899]
5193. [bug] EID and NIMLOC failed to do multi-line output
correctly. [GL #899]
5189. [cleanup] Remove revoked root DNSKEY from bind.keys. [GL #945]
5187. [test] Set time zone before running any tests in dnstap_test.
[GL #940]
5186. [cleanup] More dnssec-keygen manual tidying. [GL !1678]
5184. [bug] Missing unlocks in sdlz.c. [GL #936]
5183. [bug] Reinitialize ECS data before reusing client
structures. [GL #881]
--- 9.14.0 released ---
--- 9.14.0rc3 released ---
5182. [bug] Fix a high-load race/crash in handling of
isc_socket_close() in resolver. [GL #834]
5180. [bug] delv now honors the operating system's preferred
ephemeral port range. [GL #925]
5179. [cleanup] Replace some vague type declarations with the more
specific dns_secalg_t and dns_dsdigest_t.
Thanks to Tony Finch. [GL !1498]
5178. [bug] Handle EDQUOT (disk quota) and ENOSPC (disk full)
errors when writing files. [GL #902]
5177. [func] Add the ability to specify in named.conf whether a
response-policy zone's SOA record should be added
to the additional section (add-soa yes/no). [GL #865]
5167. [bug] nxdomain-redirect could sometimes lookup the wrong
redirect name. [GL #892]
--- 9.14.0rc2 released ---
5176. [tests] Remove a dependency on libxml in statschannel system
test. [GL #926]
5175. [bug] Fixed a problem with file input in dnssec-keymgr,
dnssec-coverage and dnssec-checkds when using
python3. [GL #882]
5174. [doc] Tidy dnssec-keygen manual. [GL !1557]
5173. [bug] Fixed a race in socket code that could occur when
accept, send, or recv were called from an event
loop but the socket had been closed by another
thread. [RT #874]
5172. [bug] nsupdate now honors the operating system's preferred
ephemeral port range. [GL #905]
5171. [func] named plugins are now installed into a separate
directory. Supplying a filename (a string without path
separators) in a "plugin" configuration stanza now
causes named to look for that plugin in that directory.
[GL #878]
5170. [test] Added --with-dlz-filesystem to feature-test. [GL !1587]
5169. [bug] The presence of certain types in an otherwise
empty node could cause a crash while processing a
type ANY query. [GL #901]
--- 9.14.0rc1 released ---
5168. [bug] Do not crash on shutdown when RPZ fails to load. Also,
keep previous version of the database if RPZ fails to
load. [GL #813]
5165. [contrib] Removed SDB drivers from contrib; they're obsolete.
[GL #428]
5164. [bug] Correct errno to result translation in dlz filesystem
modules. [GL #884]
5163. [cleanup] Out-of-tree builds failed --enable-dnstap. [GL #836]
5162. [cleanup] Improve dnssec-keymgr manual. Thanks to Tony Finch.
[GL !1518]
5161. [bug] Do not require the SEP bit to be set for mirror zone
trust anchors. [GL #873]
5160. [contrib] Added DNAME support to the DLZ LDAP schema. Also
fixed a compilation bug affecting several DLZ
modules. [GL #872]
5159. [bug] dnssec-coverage was incorrectly ignoring
names specified on the command line without
trailing dots. [GL !1478]
5158. [protocol] Add support for AMTRELAY and ZONEMD. [GL #867]
5157. [bug] Nslookup now errors out if there are extra command
line arguments. [GL #207]
5141. [security] Zone transfer controls for writable DLZ zones were
not effective as the allowzonexfr method was not being
called for such zones. (CVE-2019-6465) [GL #790]
5118. [security] Named could crash if it is managing a key with
`managed-keys` and the authoritative zone is rolling
the key to an unsupported algorithm. (CVE-2018-5745)
[GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag
EDNS options present. (CVE-2018-5744) [GL #772]
diffstat:
external/mpl/bind/dist/CHANGES | 117 +-
external/mpl/bind/dist/PLATFORMS | 12 +-
external/mpl/bind/dist/PLATFORMS.md | 16 +-
external/mpl/bind/dist/README | 20 +-
external/mpl/bind/dist/README.md | 20 +-
external/mpl/bind/dist/bin/check/named-checkconf.c | 4 +-
external/mpl/bind/dist/bin/dnssec/dnssec-cds.c | 22 +-
external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c | 6 +-
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.8 | 85 +-
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.c | 9 +-
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.docbook | 159 +-
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.html | 139 +-
external/mpl/bind/dist/bin/named/named.conf.5 | 6 +-
external/mpl/bind/dist/bin/named/named.conf.docbook | 2 +-
external/mpl/bind/dist/bin/named/server.c | 61 +-
external/mpl/bind/dist/bin/nsupdate/nsupdate.c | 33 +-
external/mpl/bind/dist/bin/plugins/Makefile.in | 17 +-
external/mpl/bind/dist/bin/python/isc/checkds.py.in | 4 +
external/mpl/bind/dist/bin/python/isc/keyzone.py.in | 2 +
external/mpl/bind/dist/bin/tests/system/Makefile.in | 2 +-
external/mpl/bind/dist/bin/tests/system/addzone/setup.sh | 3 -
external/mpl/bind/dist/bin/tests/system/autosign/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/autosign/tests.sh | 14 +-
external/mpl/bind/dist/bin/tests/system/case/setup.sh | 3 +-
external/mpl/bind/dist/bin/tests/system/checkconf/good-allow-update-forwarding-view.conf | 14 +
external/mpl/bind/dist/bin/tests/system/checkconf/good-allow-update-forwarding.conf | 14 +
external/mpl/bind/dist/bin/tests/system/checkconf/good-allow-update-view.conf | 14 +
external/mpl/bind/dist/bin/tests/system/checkconf/good-allow-update.conf | 14 +
external/mpl/bind/dist/bin/tests/system/checkconf/setup.sh | 15 +
external/mpl/bind/dist/bin/tests/system/checkzone/setup.sh | 3 +-
external/mpl/bind/dist/bin/tests/system/coverage/setup.sh | 22 -
external/mpl/bind/dist/bin/tests/system/dialup/clean.sh | 14 +
external/mpl/bind/dist/bin/tests/system/dialup/setup.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/dlv/ns2/sign.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/dlv/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dlz/prereq.sh | 19 +
external/mpl/bind/dist/bin/tests/system/dlzexternal/driver.c | 108 +-
external/mpl/bind/dist/bin/tests/system/dlzexternal/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dnssec/ns3/insecure.example.db | 1 +
external/mpl/bind/dist/bin/tests/system/dnssec/ns3/secure.example.db.in | 1 +
external/mpl/bind/dist/bin/tests/system/dnssec/tests.sh | 80 +-
external/mpl/bind/dist/bin/tests/system/dsdigest/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/dupsigs/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/ecdsa/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/eddsa/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/feature-test.c | 11 +-
external/mpl/bind/dist/bin/tests/system/ifconfig.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/inline/setup.sh | 3 -
external/mpl/bind/dist/bin/tests/system/ixfr/clean.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/ixfr/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/keymgr/setup.sh | 38 -
external/mpl/bind/dist/bin/tests/system/legacy/tests.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/masterformat/setup.sh | 3 +-
external/mpl/bind/dist/bin/tests/system/metadata/setup.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/mirror/ns3/named.args | 2 +-
external/mpl/bind/dist/bin/tests/system/mirror/tests.sh | 18 +-
external/mpl/bind/dist/bin/tests/system/mkeys/ns5/named.conf.in | 1 +
external/mpl/bind/dist/bin/tests/system/nsupdate/setup.sh | 15 +-
external/mpl/bind/dist/bin/tests/system/pending/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/pkcs11/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/redirect/clean.sh | 5 +
external/mpl/bind/dist/bin/tests/system/redirect/ns1/root.db | 2 +-
external/mpl/bind/dist/bin/tests/system/redirect/ns4/named.conf.in | 3 +-
external/mpl/bind/dist/bin/tests/system/redirect/ns5/named.conf.in | 30 +
external/mpl/bind/dist/bin/tests/system/redirect/ns5/root.db.in | 16 +
external/mpl/bind/dist/bin/tests/system/redirect/ns5/sign.sh | 43 +
external/mpl/bind/dist/bin/tests/system/redirect/ns5/signed.db.in | 18 +
external/mpl/bind/dist/bin/tests/system/redirect/ns5/unsigned.db | 18 +
external/mpl/bind/dist/bin/tests/system/redirect/ns6/named.conf.in | 30 +
external/mpl/bind/dist/bin/tests/system/redirect/ns6/root.db | 16 +
external/mpl/bind/dist/bin/tests/system/redirect/setup.sh | 3 +
external/mpl/bind/dist/bin/tests/system/redirect/tests.sh | 16 +
external/mpl/bind/dist/bin/tests/system/resolver/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/resolver/tests.sh | 8 +-
external/mpl/bind/dist/bin/tests/system/rpz/README | 29 +
external/mpl/bind/dist/bin/tests/system/rpz/clean.sh | 2 +
external/mpl/bind/dist/bin/tests/system/rpz/ns3/broken.db.in | 16 +
external/mpl/bind/dist/bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in | 20 +
external/mpl/bind/dist/bin/tests/system/rpz/ns3/manual-update-rpz.db.in | 19 +
external/mpl/bind/dist/bin/tests/system/rpz/ns3/named.conf.in | 8 +
external/mpl/bind/dist/bin/tests/system/rpz/ns6/named.conf.in | 1 +
external/mpl/bind/dist/bin/tests/system/rpz/ns7/named.conf.in | 2 +-
external/mpl/bind/dist/bin/tests/system/rpz/ns8/hints | 11 +
external/mpl/bind/dist/bin/tests/system/rpz/ns8/manual-update-rpz.db.in | 19 +
external/mpl/bind/dist/bin/tests/system/rpz/ns8/named.conf.in | 65 +
external/mpl/bind/dist/bin/tests/system/rpz/setup.sh | 13 +-
external/mpl/bind/dist/bin/tests/system/rpz/tests.sh | 329 ++--
external/mpl/bind/dist/bin/tests/system/rpzrecurse/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/rrchecker/setup.sh | 15 +
external/mpl/bind/dist/bin/tests/system/serve-stale/setup.sh | 2 +
external/mpl/bind/dist/bin/tests/system/serve-stale/tests.sh | 4 +
external/mpl/bind/dist/bin/tests/system/start.pl | 1 +
external/mpl/bind/dist/bin/tests/system/staticstub/setup.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/statistics/tests.sh | 4 +-
external/mpl/bind/dist/bin/tests/system/statschannel/tests.sh | 6 +-
external/mpl/bind/dist/bin/tests/system/stop.pl | 27 +-
external/mpl/bind/dist/bin/tests/system/stress/setup.sh | 5 +
external/mpl/bind/dist/bin/tests/system/tools/setup.sh | 15 +
external/mpl/bind/dist/bin/tests/system/ttl/clean.sh | 2 -
external/mpl/bind/dist/bin/tests/system/upforwd/setup.sh | 1 -
external/mpl/bind/dist/bin/tests/system/views/setup.sh | 6 -
external/mpl/bind/dist/bin/tests/system/xfer/clean.sh | 2 +-
external/mpl/bind/dist/bin/tests/system/xfer/setup.sh | 1 -
external/mpl/bind/dist/bin/tools/dnstap-read.c | 5 +-
external/mpl/bind/dist/bind.keys | 36 +-
external/mpl/bind/dist/bind.keys.h | 74 +-
external/mpl/bind/dist/config.h.in | 6 +
external/mpl/bind/dist/configure | 97 +-
external/mpl/bind/dist/configure.ac | 39 +-
external/mpl/bind/dist/contrib/dlz/drivers/dlz_filesystem_driver.c | 6 +-
external/mpl/bind/dist/contrib/dlz/modules/filesystem/dlz_filesystem_dynamic.c | 6 +-
external/mpl/bind/dist/doc/arm/Bv9ARM-book.xml | 35 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch01.html | 4 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch02.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch03.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch04.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch05.html | 37 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch06.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch07.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch08.html | 659 +---------
external/mpl/bind/dist/doc/arm/Bv9ARM.ch09.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch10.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch11.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.ch12.html | 2 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.html | 7 +-
external/mpl/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/mpl/bind/dist/doc/arm/man.arpaname.html | 2 +-
external/mpl/bind/dist/doc/arm/man.ddns-confgen.html | 2 +-
external/mpl/bind/dist/doc/arm/man.delv.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dig.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-cds.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-checkds.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-coverage.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-importkey.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-keygen.html | 141 +-
external/mpl/bind/dist/doc/arm/man.dnssec-keymgr.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-revoke.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-settime.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-signzone.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnssec-verify.html | 2 +-
external/mpl/bind/dist/doc/arm/man.dnstap-read.html | 2 +-
external/mpl/bind/dist/doc/arm/man.filter-aaaa.html | 2 +-
external/mpl/bind/dist/doc/arm/man.host.html | 2 +-
external/mpl/bind/dist/doc/arm/man.mdig.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-checkconf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-checkzone.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-journalprint.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-nzd2nzf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named-rrchecker.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named.conf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.named.html | 2 +-
external/mpl/bind/dist/doc/arm/man.nsec3hash.html | 2 +-
external/mpl/bind/dist/doc/arm/man.nslookup.html | 2 +-
external/mpl/bind/dist/doc/arm/man.nsupdate.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-destroy.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-keygen.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-list.html | 2 +-
external/mpl/bind/dist/doc/arm/man.pkcs11-tokens.html | 2 +-
external/mpl/bind/dist/doc/arm/man.rndc-confgen.html | 2 +-
external/mpl/bind/dist/doc/arm/man.rndc.conf.html | 2 +-
external/mpl/bind/dist/doc/arm/man.rndc.html | 2 +-
external/mpl/bind/dist/doc/arm/notes.html | 654 +---------
external/mpl/bind/dist/doc/arm/notes.pdf | Bin
external/mpl/bind/dist/doc/arm/notes.txt | 392 +-----
external/mpl/bind/dist/doc/arm/notes.xml | 629 +--------
external/mpl/bind/dist/doc/misc/options | 22 +-
external/mpl/bind/dist/lib/bind9/api | 4 +-
external/mpl/bind/dist/lib/bind9/check.c | 59 +-
external/mpl/bind/dist/lib/dns/Makefile.in | 5 +-
external/mpl/bind/dist/lib/dns/api | 6 +-
external/mpl/bind/dist/lib/dns/byaddr.c | 10 +-
external/mpl/bind/dist/lib/dns/client.c | 46 +-
external/mpl/bind/dist/lib/dns/dnstap.c | 11 +-
external/mpl/bind/dist/lib/dns/ds.c | 31 +-
external/mpl/bind/dist/lib/dns/gen.c | 25 +-
external/mpl/bind/dist/lib/dns/include/dns/Makefile.in | 2 +-
external/mpl/bind/dist/lib/dns/include/dns/dnstap.h | 5 +-
external/mpl/bind/dist/lib/dns/include/dns/ds.h | 4 +-
external/mpl/bind/dist/lib/dns/include/dns/ecs.h | 4 +-
external/mpl/bind/dist/lib/dns/include/dns/rpz.h | 22 +-
external/mpl/bind/dist/lib/dns/message.c | 60 +-
external/mpl/bind/dist/lib/dns/rdata/generic/ds_43.h | 6 +-
external/mpl/bind/dist/lib/dns/rdata/generic/key_25.h | 6 +-
external/mpl/bind/dist/lib/dns/rdata/generic/keydata_65533.h | 6 +-
external/mpl/bind/dist/lib/dns/rdata/generic/zonemd_63.c | 19 +-
external/mpl/bind/dist/lib/dns/rdata/in_1/eid_31.c | 15 +-
external/mpl/bind/dist/lib/dns/rdata/in_1/nimloc_32.c | 15 +-
external/mpl/bind/dist/lib/dns/resolver.c | 15 +-
external/mpl/bind/dist/lib/dns/rpz.c | 21 +-
external/mpl/bind/dist/lib/dns/sdlz.c | 14 +-
external/mpl/bind/dist/lib/dns/tests/dnstap_test.c | 10 +-
external/mpl/bind/dist/lib/dns/tests/rdata_test.c | 52 +-
external/mpl/bind/dist/lib/dns/tests/result_test.c | 3 +-
external/mpl/bind/dist/lib/dns/validator.c | 4 +-
external/mpl/bind/dist/lib/dns/zone.c | 58 +-
external/mpl/bind/dist/lib/irs/api | 2 +-
external/mpl/bind/dist/lib/isc/api | 8 +-
external/mpl/bind/dist/lib/isc/include/isc/quota.h | 9 +-
external/mpl/bind/dist/lib/isc/include/isc/result.h | 6 +-
external/mpl/bind/dist/lib/isc/include/isc/util.h | 23 +-
external/mpl/bind/dist/lib/isc/lex.c | 4 +-
external/mpl/bind/dist/lib/isc/quota.c | 32 +-
external/mpl/bind/dist/lib/isc/result.c | 6 +-
external/mpl/bind/dist/lib/isc/tests/netaddr_test.c | 3 +-
external/mpl/bind/dist/lib/isc/tests/result_test.c | 3 +-
external/mpl/bind/dist/lib/isc/unix/errno2result.c | 8 +-
external/mpl/bind/dist/lib/isc/unix/socket.c | 17 +-
external/mpl/bind/dist/lib/isc/win32/errno2result.c | 4 +-
external/mpl/bind/dist/lib/isc/win32/libisc.def.in | 1 +
external/mpl/bind/dist/lib/isccc/api | 2 +-
external/mpl/bind/dist/lib/isccc/tests/result_test.c | 3 +-
external/mpl/bind/dist/lib/isccfg/api | 2 +-
external/mpl/bind/dist/lib/isccfg/namedconf.c | 4 +-
external/mpl/bind/dist/lib/ns/Makefile.in | 2 +-
external/mpl/bind/dist/lib/ns/api | 6 +-
external/mpl/bind/dist/lib/ns/client.c | 429 +++++-
external/mpl/bind/dist/lib/ns/hooks.c | 47 +-
external/mpl/bind/dist/lib/ns/include/ns/client.h | 23 +-
external/mpl/bind/dist/lib/ns/include/ns/hooks.h | 26 +-
external/mpl/bind/dist/lib/ns/include/ns/interfacemgr.h | 13 +-
external/mpl/bind/dist/lib/ns/interfacemgr.c | 11 +-
external/mpl/bind/dist/lib/ns/query.c | 170 +-
external/mpl/bind/dist/lib/ns/tests/Kyuafile | 1 +
external/mpl/bind/dist/lib/ns/tests/Makefile.in | 11 +-
external/mpl/bind/dist/lib/ns/tests/plugin_test.c | 210 +++
external/mpl/bind/dist/lib/ns/win32/libns.def | 1 +
external/mpl/bind/dist/make/rules.in | 2 +
external/mpl/bind/dist/srcid | 2 +-
external/mpl/bind/dist/version | 6 +-
external/mpl/bind/dist/win32utils/Configure | 90 +-
232 files changed, 3162 insertions(+), 3547 deletions(-)
diffs (truncated from 12085 to 300 lines):
diff -r 29f74c33824a -r 606979b9bd91 external/mpl/bind/dist/CHANGES
--- a/external/mpl/bind/dist/CHANGES Sun Feb 24 18:56:37 2019 +0000
+++ b/external/mpl/bind/dist/CHANGES Sat Apr 27 23:47:13 2019 +0000
@@ -1,4 +1,107 @@
- --- 9.13.7 released ---
+ --- 9.14.1 released ---
+
+5201. [bug] Fix a possible deadlock in RPZ update code. [GL #973]
+
+5200. [security] tcp-clients settings could be exceeded in some cases,
+ which could lead to exhaustion of file descriptors.
+ (CVE-2018-5743) [GL #615]
+
+5199. [security] In certain configurations, named could crash
+ if nxdomain-redirect was in use and a redirected
+ query resulted in an NXDOMAIN from the cache.
+ (CVE-2019-6467) [GL #880]
+
+5198. [bug] If a fetch context was being shut down and, at the same
+ time, we returned from qname minimization, an INSIST
+ could be hit. [GL #966]
+
+5197. [bug] dig could die in best effort mode on multiple SIG(0)
+ records. Similarly on multiple OPT and multiple TSIG
+ records. [GL #920]
+
+5196. [bug] make install failed with --with-dlopen=no. [GL #955]
+
+5195. [bug] "allow-update" and "allow-update-forwarding" were
+ treated as configuration errors if used at the
+ options or view level. [GL #913]
+
+5194. [bug] Enforce non empty ZOMEMD hash. [GL #899]
+
+5193. [bug] EID and NIMLOC failed to do multi-line output
+ correctly. [GL #899]
+
+5189. [cleanup] Remove revoked root DNSKEY from bind.keys. [GL #945]
+
+5187. [test] Set time zone before running any tests in dnstap_test.
+ [GL #940]
+
+5186. [cleanup] More dnssec-keygen manual tidying. [GL !1678]
+
+5184. [bug] Missing unlocks in sdlz.c. [GL #936]
+
+5183. [bug] Reinitialize ECS data before reusing client
+ structures. [GL #881]
+
+ --- 9.14.0 released ---
+
+ --- 9.14.0rc3 released ---
+
+5182. [bug] Fix a high-load race/crash in handling of
+ isc_socket_close() in resolver. [GL #834]
+
+5180. [bug] delv now honors the operating system's preferred
+ ephemeral port range. [GL #925]
+
+5179. [cleanup] Replace some vague type declarations with the more
+ specific dns_secalg_t and dns_dsdigest_t.
+ Thanks to Tony Finch. [GL !1498]
+
+5178. [bug] Handle EDQUOT (disk quota) and ENOSPC (disk full)
+ errors when writing files. [GL #902]
+
+5177. [func] Add the ability to specify in named.conf whether a
+ response-policy zone's SOA record should be added
+ to the additional section (add-soa yes/no). [GL #865]
+
+5167. [bug] nxdomain-redirect could sometimes lookup the wrong
+ redirect name. [GL #892]
+
+ --- 9.14.0rc2 released ---
+
+5176. [tests] Remove a dependency on libxml in statschannel system
+ test. [GL #926]
+
+5175. [bug] Fixed a problem with file input in dnssec-keymgr,
+ dnssec-coverage and dnssec-checkds when using
+ python3. [GL #882]
+
+5174. [doc] Tidy dnssec-keygen manual. [GL !1557]
+
+5173. [bug] Fixed a race in socket code that could occur when
+ accept, send, or recv were called from an event
+ loop but the socket had been closed by another
+ thread. [RT #874]
+
+5172. [bug] nsupdate now honors the operating system's preferred
+ ephemeral port range. [GL #905]
+
+5171. [func] named plugins are now installed into a separate
+ directory. Supplying a filename (a string without path
+ separators) in a "plugin" configuration stanza now
+ causes named to look for that plugin in that directory.
+ [GL #878]
+
+5170. [test] Added --with-dlz-filesystem to feature-test. [GL !1587]
+
+5169. [bug] The presence of certain types in an otherwise
+ empty node could cause a crash while processing a
+ type ANY query. [GL #901]
+
+ --- 9.14.0rc1 released ---
+
+5168. [bug] Do not crash on shutdown when RPZ fails to load. Also,
+ keep previous version of the database if RPZ fails to
+ load. [GL #813]
5165. [contrib] Removed SDB drivers from contrib; they're obsolete.
[GL #428]
@@ -62,7 +165,7 @@
- Zone signing and DNSKEY maintenance events are
now logged to the "dnssec" category
- Messages are now logged when DNSSEC keys are
- pubished, activated, inactivated, deleted,
+ published, activated, inactivated, deleted,
or revoked.
[GL #714]
@@ -267,8 +370,8 @@
5091. [func] Two new global and per-view options min-cache-ttl
and min-ncache-ttl [GL #613]
-5090. [bug] dig and mdig failed to properly preparse dash value
- pairs when value was a seperate argument and started
+5090. [bug] dig and mdig failed to properly pre-parse dash value
+ pairs when value was a separate argument and started
with a dash. [GL #584]
5089. [bug] Restore localhost fallback in dig and host which is
@@ -334,7 +437,7 @@
5072. [bug] Add unit tests for isc_buffer_copyregion() and fix its
behavior for auto-reallocated buffers. [GL #644]
-5071. [bug] Comparision of NXT records was broken. [GL #631]
+5071. [bug] Comparison of NXT records was broken. [GL #631]
5070. [bug] Record types which support a empty rdata field were
not handling the empty rdata field case. [GL #638]
@@ -353,7 +456,7 @@
5065. [bug] Only set IPV6_USE_MIN_MTU on IPv6. [GL #553]
-5064. [test] Initalize TZ environment variable before calling
+5064. [test] Initialize TZ environment variable before calling
dns_test_begin in dnstap_test. [GL #624]
5063. [test] In statschannel test try a few times before failing
@@ -579,7 +682,7 @@
5001. [bug] Fix refcount errors on error paths. [GL !563]
5000. [bug] named_server_servestale() could leave the server in
- exclusive mode if an error occured. [GL #441]
+ exclusive mode if an error occurred. [GL #441]
4999. [cleanup] Remove custom printf implementation in lib/isc/print.c.
[GL #261]
diff -r 29f74c33824a -r 606979b9bd91 external/mpl/bind/dist/PLATFORMS
--- a/external/mpl/bind/dist/PLATFORMS Sun Feb 24 18:56:37 2019 +0000
+++ b/external/mpl/bind/dist/PLATFORMS Sat Apr 27 23:47:13 2019 +0000
@@ -13,7 +13,7 @@
Regularly tested platforms
-As of Jan 2019, BIND 9.13 is fully supported and regularly tested on the
+As of Feb 2019, BIND 9.14 is fully supported and regularly tested on the
following systems:
* Debian 8, 9, 10
@@ -51,7 +51,7 @@
Unsupported platforms
-These are platforms on which BIND 9.13 is known not to build or run:
+These are platforms on which BIND 9.14 is known not to build or run:
* Platforms without at least OpenSSL 1.0.2
* Windows 10 / x86
@@ -88,3 +88,11 @@
The configure command should look like this:
CFLAGS="-march=armv7-a -mfpu=vfpv3-d16 -Os -g" ./configure
+
+NetBSD 6 i386
+
+The i386 build of NetBSD requires the libatomic library, available from
+the gcc5-libs package. Because this library is in a non-standard path, its
+location must be specified in the configure command line:
+
+LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure
diff -r 29f74c33824a -r 606979b9bd91 external/mpl/bind/dist/PLATFORMS.md
--- a/external/mpl/bind/dist/PLATFORMS.md Sun Feb 24 18:56:37 2019 +0000
+++ b/external/mpl/bind/dist/PLATFORMS.md Sat Apr 27 23:47:13 2019 +0000
@@ -23,7 +23,7 @@
### Regularly tested platforms
-As of Jan 2019, BIND 9.13 is fully supported and regularly tested on the
+As of Feb 2019, BIND 9.14 is fully supported and regularly tested on the
following systems:
* Debian 8, 9, 10
@@ -60,7 +60,7 @@
## Unsupported platforms
-These are platforms on which BIND 9.13 is known *not* to build or run:
+These are platforms on which BIND 9.14 is known *not* to build or run:
* Platforms without at least OpenSSL 1.0.2
* Windows 10 / x86
@@ -95,8 +95,18 @@
the processors to support here, therefore the recommended build option is
`-mfpu=vfpv3-d16`.
-The configure command should look like this:
+The `configure` command should look like this:
```
CFLAGS="-march=armv7-a -mfpu=vfpv3-d16 -Os -g" ./configure
```
+
+### NetBSD 6 i386
+
+The i386 build of NetBSD requires the `libatomic` library, available from
+the `gcc5-libs` package. Because this library is in a non-standard path,
+its location must be specified in the `configure` command line:
+
+```
+LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure
+```
diff -r 29f74c33824a -r 606979b9bd91 external/mpl/bind/dist/README
--- a/external/mpl/bind/dist/README Sun Feb 24 18:56:37 2019 +0000
+++ b/external/mpl/bind/dist/README Sat Apr 27 23:47:13 2019 +0000
@@ -5,7 +5,7 @@
1. Introduction
2. Reporting bugs and getting help
3. Contributing to BIND
- 4. BIND 9.13 features
+ 4. BIND 9.14 features
5. Building BIND
6. macOS
7. Dependencies
@@ -100,17 +100,19 @@
including your patch as an attachment, preferably generated by git
format-patch.
-BIND 9.13 features
+BIND 9.14 features
-BIND 9.13 is the newest development branch of BIND 9. It includes a number
-of changes from BIND 9.12 and earlier releases. New features include:
+BIND 9.14.0 is the first release from a new stable branch of BIND 9,
+incorporating all changes from the 9.13 development branch, updating the
+most recent stable branch, 9.12. These changes include:
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
- * Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
+ * Socket and task code has been refactored to improve performance on
+ most modern machines.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
@@ -138,7 +140,13 @@
Special code to support certain legacy operating systems has also been
removed; see the file PLATFORMS.md for details of supported platforms. In
addition to OpenSSL, BIND now requires support for IPv6, threads, and
-standard atomic operations provided by the C compiler.
+standard atomic operations provided by the C compiler. Non-threaded builds
+are no longer supported.
+
+BIND 9.14.1
+
+BIND 9.14.1 is a maintenance release, and addresses security
+vulnerabilities disclosed in CVE-2018-5743 and CVE-2019-6467.
Building BIND
diff -r 29f74c33824a -r 606979b9bd91 external/mpl/bind/dist/README.md
--- a/external/mpl/bind/dist/README.md Sun Feb 24 18:56:37 2019 +0000
+++ b/external/mpl/bind/dist/README.md Sat Apr 27 23:47:13 2019 +0000
@@ -15,7 +15,7 @@
1. [Introduction](#intro)
1. [Reporting bugs and getting help](#help)
1. [Contributing to BIND](#contrib)
-1. [BIND 9.13 features](#features)
+1. [BIND 9.14 features](#features)
1. [Building BIND](#build)
1. [macOS](#macos)
1. [Dependencies](#dependencies)
@@ -117,17 +117,18 @@
including your patch as an attachment, preferably generated by
`git format-patch`.
Home |
Main Index |
Thread Index |
Old Index