[src/ISC]: src/external/mpl/bind/dist Import bind 9.14.8 (security fix -- lim...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/ISC]: src/external/mpl/bind/dist Import bind 9.14.8 (security fix -- lim...
From: christos <christos%NetBSD.org@localhost>
Date: Sun, 24 Nov 2019 21:49:48 +0000
details:   https://anonhg.NetBSD.org/src/rev/1d2a2c83cf34
branches:  ISC
changeset: 461382:1d2a2c83cf34
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Nov 24 19:56:50 2019 +0000

description:
Import bind 9.14.8 (security fix -- limits on concurrent TCP queries)

        --- 9.14.8 released ---

5315.   [bug]           Apply the inital RRSIG expiration spread fixed
                        to all dynamically created records in the zone
                        including NSEC3. Also fix the signature clusters
                        when the server has been offline for prolonged
                        period of times. [GL #1256]

5314.   [func]          Added a new statistics variable "tcp-highwater"
                        that reports the maximum number of simultaneous TCP
                        clients BIND has handled while running. [GL #1206]

5313.   [bug]           The default GeoIP2 database location did not match
                        the ARM.  'named -V' now reports the default
                        location. [GL #1301]

5310.   [bug]           TCP failures were affecting EDNS statistics. [GL #1059]

5308.   [bug]           Don't log DNS_R_UNCHANGED from sync_secure_journal()
                        at ERROR level in receive_secure_serial(). [GL #1288]

5307.   [bug]           Fix hang when named-compilezone output is sent to pipe.
                        Thanks to Tony Finch. [GL !2481]

5306.   [security]      Set a limit on the number of concurrently served
                        pipelined TCP queries. (CVE-2019-6477) [GL #1264]

5305.   [bug]           NSEC Aggressive Cache ("synth-from-dnssec") has been
                        disabled by default because it was found to have
                        a significant performance impact on the recursive
                        service. [GL #1265]

5304.   [bug]           "dnskey-sig-validity 0;" was not being accepted.
                        [GL #876]

5302.   [bug]           Fix checking that "dnstap-output" is defined when
                        "dnstap" is specified in a view. [GL #1281]

5301.   [bug]           Detect partial prefixes / incomplete IPv4 address in
                        acls. [GL #1143]

diffstat:

 external/mpl/bind/dist/CHANGES                                                     |   48 +-
 external/mpl/bind/dist/README                                                      |    5 +
 external/mpl/bind/dist/README.md                                                   |    5 +
 external/mpl/bind/dist/bin/check/check-tool.c                                      |    4 +-
 external/mpl/bind/dist/bin/delv/delv.c                                             |    4 +-
 external/mpl/bind/dist/bin/dig/dighost.c                                           |   36 +-
 external/mpl/bind/dist/bin/dig/host.c                                              |    6 +-
 external/mpl/bind/dist/bin/dig/nslookup.c                                          |    6 +-
 external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c                               |   26 +-
 external/mpl/bind/dist/bin/dnssec/dnssec-importkey.c                               |    6 +-
 external/mpl/bind/dist/bin/dnssec/dnssec-signzone.c                                |   13 +-
 external/mpl/bind/dist/bin/named/config.c                                          |    6 +-
 external/mpl/bind/dist/bin/named/include/named/globals.h                           |   10 +-
 external/mpl/bind/dist/bin/named/main.c                                            |   24 +-
 external/mpl/bind/dist/bin/named/server.c                                          |   60 +-
 external/mpl/bind/dist/bin/named/statschannel.c                                    |    5 +-
 external/mpl/bind/dist/bin/named/win32/os.c                                        |    3 +-
 external/mpl/bind/dist/bin/named/zoneconf.c                                        |   19 +-
 external/mpl/bind/dist/bin/nsupdate/nsupdate.c                                     |    4 +-
 external/mpl/bind/dist/bin/tests/optional/zone_test.c                              |    7 +-
 external/mpl/bind/dist/bin/tests/system/autosign/clean.sh                          |    1 +
 external/mpl/bind/dist/bin/tests/system/autosign/ns3/jitter.nsec3.example.db.in    |   20 +
 external/mpl/bind/dist/bin/tests/system/autosign/ns3/keygen.sh                     |   24 +-
 external/mpl/bind/dist/bin/tests/system/autosign/ns3/named.conf.in                 |    9 +
 external/mpl/bind/dist/bin/tests/system/autosign/tests.sh                          |   76 +
 external/mpl/bind/dist/bin/tests/system/checkconf/bad-ipv4-prefix-dotted1.conf     |    3 +
 external/mpl/bind/dist/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf     |    3 +
 external/mpl/bind/dist/bin/tests/system/checkconf/bad-ipv4-prefix2.conf            |    3 +
 external/mpl/bind/dist/bin/tests/system/checkconf/good-dnskey-validity-3660.conf   |   14 +
 external/mpl/bind/dist/bin/tests/system/checkconf/good-dnskey-validity-zero.conf   |   14 +
 external/mpl/bind/dist/bin/tests/system/conf.sh.common                             |   32 +-
 external/mpl/bind/dist/bin/tests/system/digdelv/tests.sh                           |   12 +-
 external/mpl/bind/dist/bin/tests/system/dlzexternal/driver.c                       |    3 +-
 external/mpl/bind/dist/bin/tests/system/dnstap/bad-missing-dnstap-output-view.conf |    3 +
 external/mpl/bind/dist/bin/tests/system/dnstap/good-dnstap-in-options.conf         |    5 +
 external/mpl/bind/dist/bin/tests/system/dnstap/good-dnstap-in-view.conf            |    8 +
 external/mpl/bind/dist/bin/tests/system/dyndb/driver/syncptr.c                     |   12 +-
 external/mpl/bind/dist/bin/tests/system/filter-aaaa/tests.sh                       |   27 +-
 external/mpl/bind/dist/bin/tests/system/geoip2/tests.sh                            |   22 +-
 external/mpl/bind/dist/bin/tests/system/legacy/tests.sh                            |   23 +
 external/mpl/bind/dist/bin/tests/system/staticstub/tests.sh                        |    2 +-
 external/mpl/bind/dist/bin/tests/system/synthfromdnssec/tests.sh                   |    4 +-
 external/mpl/bind/dist/bin/tests/system/tcp/ans6/ans.py                            |  153 +
 external/mpl/bind/dist/bin/tests/system/tcp/clean.sh                               |    2 +
 external/mpl/bind/dist/bin/tests/system/tcp/ns5/named.conf.in                      |   43 +
 external/mpl/bind/dist/bin/tests/system/tcp/prereq.sh                              |   19 +
 external/mpl/bind/dist/bin/tests/system/tcp/setup.sh                               |    1 +
 external/mpl/bind/dist/bin/tests/system/tcp/tests.sh                               |   90 +
 external/mpl/bind/dist/cocci/dns_name_copy-with-result.spatch                      |   30 +
 external/mpl/bind/dist/cocci/dns_name_copy.spatch                                  |   30 +
 external/mpl/bind/dist/cocci/dns_name_copynf.spatch                                |    6 +
 external/mpl/bind/dist/configure                                                   |    5 +-
 external/mpl/bind/dist/configure.ac                                                |    5 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM-book.xml                                     |   74 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch01.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch02.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch03.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch04.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch05.html                                    |   70 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch06.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch07.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch08.html                                    |  972 ++++++++-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch09.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch10.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch11.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.ch12.html                                    |    2 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.html                                         |   18 +-
 external/mpl/bind/dist/doc/arm/Bv9ARM.pdf                                          |  Bin 
 external/mpl/bind/dist/doc/arm/Makefile.in                                         |   15 +-
 external/mpl/bind/dist/doc/arm/man.arpaname.html                                   |    2 +-
 external/mpl/bind/dist/doc/arm/man.ddns-confgen.html                               |    2 +-
 external/mpl/bind/dist/doc/arm/man.delv.html                                       |    2 +-
 external/mpl/bind/dist/doc/arm/man.dig.html                                        |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-cds.html                                 |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-checkds.html                             |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-coverage.html                            |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-dsfromkey.html                           |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-importkey.html                           |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-keyfromlabel.html                        |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-keygen.html                              |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-keymgr.html                              |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-revoke.html                              |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-settime.html                             |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-signzone.html                            |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnssec-verify.html                              |    2 +-
 external/mpl/bind/dist/doc/arm/man.dnstap-read.html                                |    2 +-
 external/mpl/bind/dist/doc/arm/man.filter-aaaa.html                                |    2 +-
 external/mpl/bind/dist/doc/arm/man.host.html                                       |    2 +-
 external/mpl/bind/dist/doc/arm/man.mdig.html                                       |    2 +-
 external/mpl/bind/dist/doc/arm/man.named-checkconf.html                            |    2 +-
 external/mpl/bind/dist/doc/arm/man.named-checkzone.html                            |    2 +-
 external/mpl/bind/dist/doc/arm/man.named-journalprint.html                         |    2 +-
 external/mpl/bind/dist/doc/arm/man.named-nzd2nzf.html                              |    2 +-
 external/mpl/bind/dist/doc/arm/man.named-rrchecker.html                            |    2 +-
 external/mpl/bind/dist/doc/arm/man.named.conf.html                                 |    2 +-
 external/mpl/bind/dist/doc/arm/man.named.html                                      |    2 +-
 external/mpl/bind/dist/doc/arm/man.nsec3hash.html                                  |    2 +-
 external/mpl/bind/dist/doc/arm/man.nslookup.html                                   |    2 +-
 external/mpl/bind/dist/doc/arm/man.nsupdate.html                                   |    2 +-
 external/mpl/bind/dist/doc/arm/man.pkcs11-destroy.html                             |    2 +-
 external/mpl/bind/dist/doc/arm/man.pkcs11-keygen.html                              |    2 +-
 external/mpl/bind/dist/doc/arm/man.pkcs11-list.html                                |    2 +-
 external/mpl/bind/dist/doc/arm/man.pkcs11-tokens.html                              |    2 +-
 external/mpl/bind/dist/doc/arm/man.rndc-confgen.html                               |    2 +-
 external/mpl/bind/dist/doc/arm/man.rndc.conf.html                                  |    2 +-
 external/mpl/bind/dist/doc/arm/man.rndc.html                                       |    2 +-
 external/mpl/bind/dist/doc/arm/notes-9.14.0.xml                                    |  486 +++++
 external/mpl/bind/dist/doc/arm/notes-9.14.1.xml                                    |   62 +
 external/mpl/bind/dist/doc/arm/notes-9.14.2.xml                                    |   36 +
 external/mpl/bind/dist/doc/arm/notes-9.14.3.xml                                    |   42 +
 external/mpl/bind/dist/doc/arm/notes-9.14.4.xml                                    |   73 +
 external/mpl/bind/dist/doc/arm/notes-9.14.5.xml                                    |   86 +
 external/mpl/bind/dist/doc/arm/notes-9.14.6.xml                                    |   26 +
 external/mpl/bind/dist/doc/arm/notes-9.14.7.xml                                    |   34 +
 external/mpl/bind/dist/doc/arm/notes-9.14.8.xml                                    |   50 +
 external/mpl/bind/dist/doc/arm/notes-download.xml                                  |    2 +-
 external/mpl/bind/dist/doc/arm/notes-eol.xml                                       |    2 +-
 external/mpl/bind/dist/doc/arm/notes-thankyou.xml                                  |    2 +-
 external/mpl/bind/dist/doc/arm/notes.html                                          |  956 ++++++++-
 external/mpl/bind/dist/doc/arm/notes.pdf                                           |  Bin 
 external/mpl/bind/dist/doc/arm/notes.txt                                           |  430 +++-
 external/mpl/bind/dist/doc/arm/notes.xml                                           |   14 +-
 external/mpl/bind/dist/lib/bind9/api                                               |    2 +-
 external/mpl/bind/dist/lib/bind9/check.c                                           |   59 +-
 external/mpl/bind/dist/lib/dns/acl.c                                               |    4 +-
 external/mpl/bind/dist/lib/dns/adb.c                                               |   10 +-
 external/mpl/bind/dist/lib/dns/api                                                 |    4 +-
 external/mpl/bind/dist/lib/dns/client.c                                            |   43 +-
 external/mpl/bind/dist/lib/dns/dnsrps.c                                            |    7 +-
 external/mpl/bind/dist/lib/dns/ecdb.c                                              |   19 +-
 external/mpl/bind/dist/lib/dns/geoip2.c                                            |   33 +-
 external/mpl/bind/dist/lib/dns/gssapi_link.c                                       |    4 +-
 external/mpl/bind/dist/lib/dns/include/dns/acl.h                                   |    4 +-
 external/mpl/bind/dist/lib/dns/include/dns/name.h                                  |   11 +-
 external/mpl/bind/dist/lib/dns/include/dns/tsig.h                                  |   20 +-
 external/mpl/bind/dist/lib/dns/journal.c                                           |    4 +-
 external/mpl/bind/dist/lib/dns/lookup.c                                            |   22 +-
 external/mpl/bind/dist/lib/dns/masterdump.c                                        |   44 +-
 external/mpl/bind/dist/lib/dns/message.c                                           |    4 +-
 external/mpl/bind/dist/lib/dns/name.c                                              |   55 +-
 external/mpl/bind/dist/lib/dns/nsec3.c                                             |    8 +-
 external/mpl/bind/dist/lib/dns/nta.c                                               |    4 +-
 external/mpl/bind/dist/lib/dns/openssldh_link.c                                    |    4 +-
 external/mpl/bind/dist/lib/dns/opensslrsa_link.c                                   |    4 +-
 external/mpl/bind/dist/lib/dns/order.c                                             |    5 +-
 external/mpl/bind/dist/lib/dns/rbt.c                                               |   20 +-
 external/mpl/bind/dist/lib/dns/rbtdb.c                                             |   59 +-
 external/mpl/bind/dist/lib/dns/rcode.c                                             |    4 +-
 external/mpl/bind/dist/lib/dns/rdata.c                                             |    4 +-
 external/mpl/bind/dist/lib/dns/rdata/any_255/tsig_250.c                            |    6 +-
 external/mpl/bind/dist/lib/dns/rdata/ch_3/a_1.c                                    |    6 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/afsdb_18.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/amtrelay_260.c                        |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/avc_258.c                             |   10 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/caa_257.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/cds_59.c                              |   20 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/cert_37.c                             |    6 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/cname_5.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/csync_62.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/dlv_32769.c                           |    3 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/dname_39.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/doa_259.c                             |    7 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/ds_43.c                               |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/eui48_108.c                           |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/eui64_109.c                           |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/gpos_27.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/hinfo_13.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/hip_55.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/ipseckey_45.c                         |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/isdn_20.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/key_25.c                              |    4 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/keydata_65533.c                       |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/l32_105.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/l64_106.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/loc_29.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/lp_107.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/mb_7.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/md_3.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/mf_4.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/mg_8.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/minfo_14.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/mr_9.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/mx_15.c                               |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/naptr_35.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/nid_104.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/ninfo_56.c                            |   13 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/ns_2.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/nsec3_50.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/nsec3param_51.c                       |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/nsec_47.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/null_10.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/nxt_30.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/openpgpkey_61.c                       |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/opt_41.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/proforma.c                            |    6 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/ptr_12.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/rp_17.c                               |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/rrsig_46.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/rt_21.c                               |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/sig_24.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/sink_40.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/smimea_53.c                           |    7 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/soa_6.c                               |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/spf_99.c                              |   11 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/sshfp_44.c                            |    6 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/ta_32768.c                            |    3 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/talink_58.c                           |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/tkey_249.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/tlsa_52.c                             |   10 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/txt_16.c                              |   12 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/uri_256.c                             |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/x25_19.c                              |    9 +-
 external/mpl/bind/dist/lib/dns/rdata/generic/zonemd_63.c                           |    6 +-
 external/mpl/bind/dist/lib/dns/rdata/hs_4/a_1.c                                    |    5 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/a6_38.c                                  |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/a_1.c                                    |    7 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/aaaa_28.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/apl_42.c                                 |    7 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/atma_34.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/dhcid_49.c                               |    6 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/eid_31.c                                 |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/kx_36.c                                  |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/nimloc_32.c                              |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/nsap-ptr_23.c                            |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/nsap_22.c                                |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/px_26.c                                  |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/srv_33.c                                 |    8 +-
 external/mpl/bind/dist/lib/dns/rdata/in_1/wks_11.c                                 |    7 +-
 external/mpl/bind/dist/lib/dns/rdatalist.c                                         |   16 +-
 external/mpl/bind/dist/lib/dns/rdataset.c                                          |    4 +-
 external/mpl/bind/dist/lib/dns/resolver.c                                          |   73 +-
 external/mpl/bind/dist/lib/dns/rrl.c                                               |    7 +-
 external/mpl/bind/dist/lib/dns/sdb.c                                               |   27 +-
 external/mpl/bind/dist/lib/dns/sdlz.c                                              |   24 +-
 external/mpl/bind/dist/lib/dns/spnego_asn1.c                                       |    3 +-
 external/mpl/bind/dist/lib/dns/tests/dnstap_test.c                                 |    4 +-
 external/mpl/bind/dist/lib/dns/tests/dnstest.c                                     |    5 +-
 external/mpl/bind/dist/lib/dns/tests/master_test.c                                 |    5 +-
 external/mpl/bind/dist/lib/dns/tests/rbt_serialize_test.c                          |    5 +-
 external/mpl/bind/dist/lib/dns/tkey.c                                              |    9 +-
 external/mpl/bind/dist/lib/dns/tsig.c                                              |   17 +-
 external/mpl/bind/dist/lib/dns/ttl.c                                               |    3 +-
 external/mpl/bind/dist/lib/dns/update.c                                            |   24 +-
 external/mpl/bind/dist/lib/dns/validator.c                                         |   23 +-
 external/mpl/bind/dist/lib/dns/view.c                                              |   21 +-
 external/mpl/bind/dist/lib/dns/win32/libdns.def.in                                 |    2 +
 external/mpl/bind/dist/lib/dns/zone.c                                              |  121 +-
 external/mpl/bind/dist/lib/dns/zoneverify.c                                        |   52 +-
 external/mpl/bind/dist/lib/isc/api                                                 |    4 +-
 external/mpl/bind/dist/lib/isc/buffer.c                                            |    5 +-
 external/mpl/bind/dist/lib/isc/include/isc/result.h                                |    6 +-
 external/mpl/bind/dist/lib/isc/include/isc/stats.h                                 |   27 +-
 external/mpl/bind/dist/lib/isc/include/isc/types.h                                 |    8 +-
 external/mpl/bind/dist/lib/isc/include/isc/util.h                                  |   18 +-
 external/mpl/bind/dist/lib/isc/pk11.c                                              |    8 +-
 external/mpl/bind/dist/lib/isc/result.c                                            |    6 +-
 external/mpl/bind/dist/lib/isc/sockaddr.c                                          |    3 +-
 external/mpl/bind/dist/lib/isc/stats.c                                             |   53 +-
 external/mpl/bind/dist/lib/isc/task.c                                              |   11 +-
 external/mpl/bind/dist/lib/isc/tests/hmac_test.c                                   |    6 +-
 external/mpl/bind/dist/lib/isc/tests/ht_test.c                                     |    3 +-
 external/mpl/bind/dist/lib/isc/tests/md_test.c                                     |    6 +-
 external/mpl/bind/dist/lib/isc/tests/mem_test.c                                    |    3 +-
 external/mpl/bind/dist/lib/isc/tests/random_test.c                                 |    3 +-
 external/mpl/bind/dist/lib/isc/unix/meminfo.c                                      |    4 +-
 external/mpl/bind/dist/lib/isc/unix/net.c                                          |    4 +-
 external/mpl/bind/dist/lib/isc/unix/resource.c                                     |    3 +-
 external/mpl/bind/dist/lib/isc/unix/socket.c                                       |    5 +-
 external/mpl/bind/dist/lib/isc/win32/app.c                                         |   19 +-
 external/mpl/bind/dist/lib/isc/win32/libisc.def.in                                 |    2 +
 external/mpl/bind/dist/lib/isc/win32/socket.c                                      |    3 +-
 external/mpl/bind/dist/lib/isccfg/aclconf.c                                        |    3 +-
 external/mpl/bind/dist/lib/isccfg/api                                              |    2 +-
 external/mpl/bind/dist/lib/isccfg/parser.c                                         |   53 +-
 external/mpl/bind/dist/lib/ns/api                                                  |    6 +-
 external/mpl/bind/dist/lib/ns/client.c                                             |   92 +-
 external/mpl/bind/dist/lib/ns/include/ns/client.h                                  |    7 +-
 external/mpl/bind/dist/lib/ns/include/ns/stats.h                                   |   13 +-
 external/mpl/bind/dist/lib/ns/interfacemgr.c                                       |    6 +-
 external/mpl/bind/dist/lib/ns/query.c                                              |   89 +-
 external/mpl/bind/dist/lib/ns/stats.c                                              |   19 +-
 external/mpl/bind/dist/lib/ns/update.c                                             |   14 +-
 external/mpl/bind/dist/lib/ns/win32/libns.def                                      |    2 +
 external/mpl/bind/dist/lib/samples/nsprobe.c                                       |    4 +-
 external/mpl/bind/dist/srcid                                                       |    2 +-
 external/mpl/bind/dist/version                                                     |    2 +-
 external/mpl/bind/dist/win32utils/Configure                                        |    7 -
 287 files changed, 5102 insertions(+), 1505 deletions(-)

diffs (truncated from 13263 to 300 lines):

diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/CHANGES
--- a/external/mpl/bind/dist/CHANGES    Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/CHANGES    Sun Nov 24 19:56:50 2019 +0000
@@ -1,8 +1,49 @@
+        --- 9.14.8 released ---
+
+5315.  [bug]           Apply the inital RRSIG expiration spread fixed
+                       to all dynamically created records in the zone
+                       including NSEC3. Also fix the signature clusters
+                       when the server has been offline for prolonged
+                       period of times. [GL #1256]
+
+5314.  [func]          Added a new statistics variable "tcp-highwater"
+                       that reports the maximum number of simultaneous TCP
+                       clients BIND has handled while running. [GL #1206]
+
+5313.  [bug]           The default GeoIP2 database location did not match
+                       the ARM.  'named -V' now reports the default
+                       location. [GL #1301]
+
+5310.  [bug]           TCP failures were affecting EDNS statistics. [GL #1059]
+
+5308.  [bug]           Don't log DNS_R_UNCHANGED from sync_secure_journal()
+                       at ERROR level in receive_secure_serial(). [GL #1288]
+
+5307.  [bug]           Fix hang when named-compilezone output is sent to pipe.
+                       Thanks to Tony Finch. [GL !2481]
+
+5306.  [security]      Set a limit on the number of concurrently served
+                       pipelined TCP queries. (CVE-2019-6477) [GL #1264]
+
+5305.  [bug]           NSEC Aggressive Cache ("synth-from-dnssec") has been
+                       disabled by default because it was found to have
+                       a significant performance impact on the recursive
+                       service. [GL #1265]
+
+5304.  [bug]           "dnskey-sig-validity 0;" was not being accepted.
+                       [GL #876]
+
+5302.  [bug]           Fix checking that "dnstap-output" is defined when
+                       "dnstap" is specified in a view. [GL #1281]
+
+5301.  [bug]           Detect partial prefixes / incomplete IPv4 address in
+                       acls. [GL #1143]
+
        --- 9.14.7 released ---
 
 5299.  [security]      A flaw in DNSSEC verification when transferring
                        mirror zones could allow data to be incorrectly
-                       marked valid. (CVE-2019-6475) [GL #16P]
+                       marked valid. (CVE-2019-6475) [GL #1252]
 
 5298.  [security]      Named could assert if a forwarder returned a
                        referral, rather than resolving the query, when QNAME
@@ -12,6 +53,11 @@
                        is still running before starting a new one; return
                        SERVFAIL and log an error if so. [GL #1191]
 
+5295.  [cleanup]       Split dns_name_copy() calls into dns_name_copy() and
+                       dns_name_copynf() for those calls that can potentially
+                       fail and those that should not fail respectively.
+                       [GL !2265]
+
 5294.  [func]          Fallback to ACE name on output in locale, which does not
                        support converting it to unicode.  [GL #846]
 
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/README
--- a/external/mpl/bind/dist/README     Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/README     Sun Nov 24 19:56:50 2019 +0000
@@ -180,6 +180,11 @@
 BIND 9.14.7 is a maintenance release, and also addresses the security
 vulnerabilities disclosed in CVE-2019-6475 and CVE-2019-6476.
 
+BIND 9.14.8
+
+BIND 9.14.8 is a maintenance release, and also addresses the security
+vulnerability disclosed in CVE-2019-6477.
+
 Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/README.md
--- a/external/mpl/bind/dist/README.md  Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/README.md  Sun Nov 24 19:56:50 2019 +0000
@@ -196,6 +196,11 @@
 BIND 9.14.7 is a maintenance release, and also addresses the security
 vulnerabilities disclosed in CVE-2019-6475 and CVE-2019-6476.
 
+#### BIND 9.14.8
+
+BIND 9.14.8 is a maintenance release, and also addresses the security
+vulnerability disclosed in CVE-2019-6477.
+
 ### <a name="build"/> Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/bin/check/check-tool.c
--- a/external/mpl/bind/dist/bin/check/check-tool.c     Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/bin/check/check-tool.c     Sun Nov 24 19:56:50 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: check-tool.c,v 1.1.1.2 2019/01/09 16:48:17 christos Exp $      */
+/*     $NetBSD: check-tool.c,v 1.1.1.3 2019/11/24 19:57:34 christos Exp $      */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -724,7 +724,7 @@
        FILE *output = stdout;
        const char *flags;
 
-       flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
+       flags = (fileformat == dns_masterformat_text) ? "w" : "wb";
 
        if (debug) {
                if (filename != NULL && strcmp(filename, "-") != 0)
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/bin/delv/delv.c
--- a/external/mpl/bind/dist/bin/delv/delv.c    Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/bin/delv/delv.c    Sun Nov 24 19:56:50 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: delv.c,v 1.1.1.3 2019/02/24 18:56:38 christos Exp $    */
+/*     $NetBSD: delv.c,v 1.1.1.4 2019/11/24 19:56:53 christos Exp $    */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -504,7 +504,7 @@
        isc_result_t result;
        dns_master_style_t *style = NULL;
 
-       REQUIRE(stylep != NULL || *stylep == NULL);
+       REQUIRE(stylep != NULL && *stylep == NULL);
 
        styleflags |= DNS_STYLEFLAG_REL_OWNER;
        if (showcomments)
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/bin/dig/dighost.c
--- a/external/mpl/bind/dist/bin/dig/dighost.c  Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/bin/dig/dighost.c  Sun Nov 24 19:56:50 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dighost.c,v 1.1.1.5 2019/10/17 16:25:40 christos Exp $ */
+/*     $NetBSD: dighost.c,v 1.1.1.6 2019/11/24 19:56:59 christos Exp $ */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -812,8 +812,8 @@
                memmove(looknew->ecs_addr, lookold->ecs_addr, len);
        }
 
-       dns_name_copy(dns_fixedname_name(&lookold->fdomain),
-                     dns_fixedname_name(&looknew->fdomain), NULL);
+       dns_name_copynf(dns_fixedname_name(&lookold->fdomain),
+                          dns_fixedname_name(&looknew->fdomain));
 
        if (servers)
                clone_server_list(lookold->my_server_list,
@@ -1826,7 +1826,7 @@
                                if (lookup->ns_search_only)
                                        lookup->recurse = false;
                                domain = dns_fixedname_name(&lookup->fdomain);
-                               dns_name_copy(name, domain, NULL);
+                               dns_name_copynf(name, domain);
                        }
                        debug("adding server %s", namestr);
                        num = getaddresses(lookup, namestr, &lresult);
@@ -2030,6 +2030,9 @@
        char cookiebuf[256];
        char *origin = NULL;
        char *textname = NULL;
+
+       REQUIRE(lookup != NULL);
+
 #ifdef HAVE_LIBIDN2
        char idn_origin[MXNAME], idn_textname[MXNAME];
 
@@ -2038,7 +2041,6 @@
        check_result(result, "dns_name_settotextfilter");
 #endif /* HAVE_LIBIDN2 */
 
-       REQUIRE(lookup != NULL);
        INSIST(!free_now);
 
        debug("setup_lookup(%p)", lookup);
@@ -2139,22 +2141,26 @@
                        isc_buffer_init(&b, textname, len);
                        isc_buffer_add(&b, len);
                        result = dns_name_fromtext(name, &b, NULL, 0, NULL);
-                       if (result == ISC_R_SUCCESS &&
-                           !dns_name_isabsolute(name))
-                               result = dns_name_concatenate(name,
-                                                             lookup->oname,
-                                                             lookup->name,
-                                                             &lookup->namebuf);
-                       else if (result == ISC_R_SUCCESS)
-                               result = dns_name_copy(name, lookup->name,
-                                                      &lookup->namebuf);
+                       if (result == ISC_R_SUCCESS) {
+                               if (!dns_name_isabsolute(name)) {
+                                       result = dns_name_concatenate(name,
+                                                            lookup->oname,
+                                                            lookup->name,
+                                                            &lookup->namebuf);
+                               } else {
+                                       result = dns_name_copy(name,
+                                                            lookup->name,
+                                                            &lookup->namebuf);
+                               }
+                       }
                        if (result != ISC_R_SUCCESS) {
                                dns_message_puttempname(lookup->sendmsg,
                                                        &lookup->name);
                                dns_message_puttempname(lookup->sendmsg,
                                                        &lookup->oname);
-                               if (result == DNS_R_NAMETOOLONG)
+                               if (result == DNS_R_NAMETOOLONG) {
                                        return (false);
+                               }
                                fatal("'%s' is not in legal name syntax (%s)",
                                      lookup->textname,
                                      isc_result_totext(result));
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/bin/dig/host.c
--- a/external/mpl/bind/dist/bin/dig/host.c     Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/bin/dig/host.c     Sun Nov 24 19:56:50 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: host.c,v 1.1.1.2 2019/01/09 16:48:15 christos Exp $    */
+/*     $NetBSD: host.c,v 1.1.1.3 2019/11/24 19:56:59 christos Exp $    */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -398,7 +398,7 @@
                dns_rdataset_current(rdataset, &rdata);
                result = dns_rdata_tostruct(&rdata, &cname, NULL);
                check_result(result, "dns_rdata_tostruct");
-               dns_name_copy(&cname.cname, qname, NULL);
+               dns_name_copynf(&cname.cname, qname);
                dns_rdata_freestruct(&cname);
        }
 }
@@ -457,7 +457,7 @@
 
                /* Add AAAA and MX lookups. */
                name = dns_fixedname_initname(&fixed);
-               dns_name_copy(query->lookup->name, name, NULL);
+               dns_name_copynf(query->lookup->name, name);
                chase_cnamechain(msg, name);
                dns_name_format(name, namestr, sizeof(namestr));
                lookup = clone_lookup(query->lookup, false);
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/bin/dig/nslookup.c
--- a/external/mpl/bind/dist/bin/dig/nslookup.c Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/bin/dig/nslookup.c Sun Nov 24 19:56:50 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: nslookup.c,v 1.1.1.3 2019/02/24 18:56:39 christos Exp $        */
+/*     $NetBSD: nslookup.c,v 1.1.1.4 2019/11/24 19:56:59 christos Exp $        */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -427,7 +427,7 @@
                dns_rdataset_current(rdataset, &rdata);
                result = dns_rdata_tostruct(&rdata, &cname, NULL);
                check_result(result, "dns_rdata_tostruct");
-               dns_name_copy(&cname.cname, qname, NULL);
+               dns_name_copynf(&cname.cname, qname);
                dns_rdata_freestruct(&cname);
        }
 }
@@ -480,7 +480,7 @@
 
                /* Add AAAA lookup. */
                name = dns_fixedname_initname(&fixed);
-               dns_name_copy(query->lookup->name, name, NULL);
+               dns_name_copynf(query->lookup->name, name);
                chase_cnamechain(msg, name);
                dns_name_format(name, namestr, sizeof(namestr));
                lookup = clone_lookup(query->lookup, false);
diff -r 30fea54b64db -r 1d2a2c83cf34 external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c
--- a/external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c      Thu Oct 17 16:25:39 2019 +0000
+++ b/external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.c      Sun Nov 24 19:56:50 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dnssec-dsfromkey.c,v 1.1.1.5 2019/10/17 16:25:42 christos Exp $        */
+/*     $NetBSD: dnssec-dsfromkey.c,v 1.1.1.6 2019/11/24 19:57:33 christos Exp $        */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -209,9 +209,7 @@
        rdclass = dst_key_class(key);
 
        name = dns_fixedname_initname(&fixed);
-       result = dns_name_copy(dst_key_name(key), name, NULL);
-       if (result != ISC_R_SUCCESS)
-               fatal("can't copy name");
+       dns_name_copynf(dst_key_name(key), name);
 
        dst_key_free(&key);
 }
@@ -350,7 +348,7 @@
        char            *classname = NULL;
        char            *filename = NULL, *dir = NULL, *namestr;
        char            *lookaside = NULL;
-       char            *endp;
+       char            *endp, *arg1;
        int             ch;
        dns_dsdigest_t  dtype = DNS_DSDIGEST_SHA1;
        bool    cds = false;
@@ -478,10 +476,15 @@
Prev by Date: [src/trunk]: src/distrib/notes/common Add "Oxford comma"
Next by Date: [src/trunk]: src/external/mpl/bind/dist Import bind 9.14.8 (security fix -- l...
Previous by Thread: [src/trunk]: src/distrib/notes/common Add "Oxford comma"
Next by Thread: [src/trunk]: src/external/mpl/bind/dist Import bind 9.14.8 (security fix -- l...
Indexes:
Home | Main Index | Thread Index | Old Index