Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src merge 9.8.0-P2:
details: https://anonhg.NetBSD.org/src/rev/475d1f32da9e
branches: trunk
changeset: 765525:475d1f32da9e
user: spz <spz%NetBSD.org@localhost>
date: Sun May 29 15:17:08 2011 +0000
description:
merge 9.8.0-P2:
- fixes CVE-2011-1910: Large RRSIG RRsets and Negative Caching can crash named
- fixes CVE-2011-0414: bind lockup during IXFR
- return a more correct error in case of policy violation
bump version of libdns and libisc
diffstat:
distrib/sets/lists/base/ad.mips64eb | 8 +-
distrib/sets/lists/base/ad.mips64el | 10 +-
distrib/sets/lists/base/md.amd64 | 6 +-
distrib/sets/lists/base/md.sparc64 | 6 +-
distrib/sets/lists/base/shl.mi | 6 +-
external/bsd/bind/dist/bin/named/bind.keys.h | 6 +-
external/bsd/bind/dist/bin/named/query.c | 8 +-
external/bsd/bind/dist/bin/named/server.c | 5 +-
external/bsd/bind/dist/lib/dns/ncache.c | 6 +-
external/bsd/bind/dist/lib/dns/rbtdb.c | 15 ++-
external/bsd/bind/dist/lib/dns/resolver.c | 84 ++------------------
external/bsd/bind/dist/lib/dns/validator.c | 35 +++++---
external/bsd/bind/dist/lib/dns/xfrin.c | 43 ++++++++--
external/bsd/bind/dist/lib/dns/zone.c | 108 ++++++++++++++++++++-------
external/bsd/bind/dist/lib/isc/unix/socket.c | 7 +-
external/bsd/bind/lib/libdns/shlib_version | 4 +-
external/bsd/bind/lib/libisc/shlib_version | 4 +-
17 files changed, 192 insertions(+), 169 deletions(-)
diffs (truncated from 986 to 300 lines):
diff -r 9acf624f35a0 -r 475d1f32da9e distrib/sets/lists/base/ad.mips64eb
--- a/distrib/sets/lists/base/ad.mips64eb Sun May 29 13:31:30 2011 +0000
+++ b/distrib/sets/lists/base/ad.mips64eb Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ad.mips64eb,v 1.49 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: ad.mips64eb,v 1.50 2011/05/29 15:17:08 spz Exp $
./libexec/ld.elf_so-64 base-compat-shlib compat,pic
./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic
./usr/lib/64 base-compat-lib
@@ -82,7 +82,7 @@
./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic
@@ -116,7 +116,7 @@
./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic
@@ -393,7 +393,7 @@
./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic
diff -r 9acf624f35a0 -r 475d1f32da9e distrib/sets/lists/base/ad.mips64el
--- a/distrib/sets/lists/base/ad.mips64el Sun May 29 13:31:30 2011 +0000
+++ b/distrib/sets/lists/base/ad.mips64el Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ad.mips64el,v 1.47 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: ad.mips64el,v 1.48 2011/05/29 15:17:09 spz Exp $
./libexec/ld.elf_so-64 base-compat-shlib compat,pic
./libexec/ld.elf_so-o32 base-sysutil-bin compat,pic
./usr/lib/64 base-compat-lib
@@ -82,7 +82,7 @@
./usr/lib/64/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/64/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/64/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/64/libdwarf.so.0 base-compat-shlib compat,pic
@@ -116,7 +116,7 @@
./usr/lib/64/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/64/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/64/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/64/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/64/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/64/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/64/libisccfg.so.5 base-compat-shlib compat,pic
@@ -359,7 +359,7 @@
./usr/lib/o32/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/o32/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/o32/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/o32/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/o32/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/o32/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/o32/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/o32/libdwarf.so.0 base-compat-shlib compat,pic
@@ -393,7 +393,7 @@
./usr/lib/o32/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/o32/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/o32/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/o32/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/o32/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/o32/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/o32/libisccfg.so.5 base-compat-shlib compat,pic
diff -r 9acf624f35a0 -r 475d1f32da9e distrib/sets/lists/base/md.amd64
--- a/distrib/sets/lists/base/md.amd64 Sun May 29 13:31:30 2011 +0000
+++ b/distrib/sets/lists/base/md.amd64 Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: md.amd64,v 1.122 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: md.amd64,v 1.123 2011/05/29 15:17:09 spz Exp $
./dev/lms0 base-obsolete obsolete
./dev/mms0 base-obsolete obsolete
./libexec/ld.elf_so-i386 base-sys-shlib compat,pic
@@ -85,7 +85,7 @@
./usr/lib/i386/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/i386/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/i386/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/i386/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/i386/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/i386/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/i386/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/i386/libdwarf.so.0 base-compat-shlib compat,pic
@@ -121,7 +121,7 @@
./usr/lib/i386/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/i386/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/i386/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/i386/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/i386/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/i386/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/i386/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/i386/libisccfg.so.5 base-compat-shlib compat,pic
diff -r 9acf624f35a0 -r 475d1f32da9e distrib/sets/lists/base/md.sparc64
--- a/distrib/sets/lists/base/md.sparc64 Sun May 29 13:31:30 2011 +0000
+++ b/distrib/sets/lists/base/md.sparc64 Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: md.sparc64,v 1.115 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: md.sparc64,v 1.116 2011/05/29 15:17:09 spz Exp $
./libexec/ld.elf_so-sparc base-sysutil-bin compat,pic
./sbin/edlabel base-sysutil-root obsolete
./usr/bin/fdformat base-util-bin
@@ -83,7 +83,7 @@
./usr/lib/sparc/libdm.so.0 base-compat-shlib compat,pic
./usr/lib/sparc/libdm.so.0.0 base-compat-shlib compat,pic
./usr/lib/sparc/libdns.so.5 base-compat-shlib compat,pic
-./usr/lib/sparc/libdns.so.5.3 base-compat-shlib compat,pic
+./usr/lib/sparc/libdns.so.5.4 base-compat-shlib compat,pic
./usr/lib/sparc/libdns_sd.so.0 base-compat-shlib compat,pic,mdns
./usr/lib/sparc/libdns_sd.so.0.0 base-compat-shlib compat,pic,mdns
./usr/lib/sparc/libdwarf.so.0 base-compat-shlib compat,pic
@@ -117,7 +117,7 @@
./usr/lib/sparc/libipsec.so.3 base-compat-shlib compat,pic
./usr/lib/sparc/libipsec.so.3.0 base-compat-shlib compat,pic
./usr/lib/sparc/libisc.so.5 base-compat-shlib compat,pic
-./usr/lib/sparc/libisc.so.5.3 base-compat-shlib compat,pic
+./usr/lib/sparc/libisc.so.5.4 base-compat-shlib compat,pic
./usr/lib/sparc/libisccc.so.5 base-compat-shlib compat,pic
./usr/lib/sparc/libisccc.so.5.3 base-compat-shlib compat,pic
./usr/lib/sparc/libisccfg.so.5 base-compat-shlib compat,pic
diff -r 9acf624f35a0 -r 475d1f32da9e distrib/sets/lists/base/shl.mi
--- a/distrib/sets/lists/base/shl.mi Sun May 29 13:31:30 2011 +0000
+++ b/distrib/sets/lists/base/shl.mi Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.584 2011/05/13 01:56:27 christos Exp $
+# $NetBSD: shl.mi,v 1.585 2011/05/29 15:17:09 spz Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -198,7 +198,7 @@
./usr/lib/libdm.so.0.0 base-sys-shlib
./usr/lib/libdns.so base-bind-shlib
./usr/lib/libdns.so.5 base-bind-shlib
-./usr/lib/libdns.so.5.3 base-bind-shlib
+./usr/lib/libdns.so.5.4 base-bind-shlib
./usr/lib/libdns_sd.so base-mdns-shlib mdns
./usr/lib/libdns_sd.so.0 base-mdns-shlib mdns
./usr/lib/libdns_sd.so.0.0 base-mdns-shlib mdns
@@ -255,7 +255,7 @@
./usr/lib/libipsec.so.3.0 base-net-shlib
./usr/lib/libisc.so base-bind-shlib
./usr/lib/libisc.so.5 base-bind-shlib
-./usr/lib/libisc.so.5.3 base-bind-shlib
+./usr/lib/libisc.so.5.4 base-bind-shlib
./usr/lib/libisccc.so base-bind-shlib
./usr/lib/libisccc.so.5 base-bind-shlib
./usr/lib/libisccc.so.5.3 base-bind-shlib
diff -r 9acf624f35a0 -r 475d1f32da9e external/bsd/bind/dist/bin/named/bind.keys.h
--- a/external/bsd/bind/dist/bin/named/bind.keys.h Sun May 29 13:31:30 2011 +0000
+++ b/external/bsd/bind/dist/bin/named/bind.keys.h Sun May 29 15:17:08 2011 +0000
@@ -1,8 +1,8 @@
-/* $NetBSD: bind.keys.h,v 1.2 2011/02/16 03:46:45 christos Exp $ */
+/* $NetBSD: bind.keys.h,v 1.3 2011/05/29 15:17:09 spz Exp $ */
/*
- * Generated by bindkeys.pl 1.7 2011/01/04 23:47:13 tbox Exp
- * From bind.keys 1.7 2011/01/03 23:45:07 each Exp
+ * Generated by bindkeys.pl 1.7 2011-01-04 23:47:13 tbox Exp
+ * From bind.keys 1.7 2011-01-03 23:45:07 each Exp
*/
#define TRUSTED_KEYS "\
# The bind.keys file is used to override the built-in DNSSEC trust anchors\n\
diff -r 9acf624f35a0 -r 475d1f32da9e external/bsd/bind/dist/bin/named/query.c
--- a/external/bsd/bind/dist/bin/named/query.c Sun May 29 13:31:30 2011 +0000
+++ b/external/bsd/bind/dist/bin/named/query.c Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: query.c,v 1.3 2011/05/06 15:28:19 taca Exp $ */
+/* $NetBSD: query.c,v 1.4 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: query.c,v 1.353.8.1 2011-02-03 07:39:02 marka Exp */
+/* Id: query.c,v 1.353.8.2.2.1 2011-04-27 17:06:27 each Exp */
/*! \file */
@@ -4043,8 +4043,8 @@
version = NULL;
result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, &version);
if (result != ISC_R_SUCCESS) {
- *policyp = DNS_RPZ_POLICY_ERROR;
- return (DNS_R_SERVFAIL);
+ *policyp = DNS_RPZ_POLICY_MISS;
+ return (DNS_R_NXDOMAIN);
}
dns_fixedname_init(&fixed);
diff -r 9acf624f35a0 -r 475d1f32da9e external/bsd/bind/dist/bin/named/server.c
--- a/external/bsd/bind/dist/bin/named/server.c Sun May 29 13:31:30 2011 +0000
+++ b/external/bsd/bind/dist/bin/named/server.c Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: server.c,v 1.8 2011/02/16 03:46:46 christos Exp $ */
+/* $NetBSD: server.c,v 1.9 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: server.c,v 1.599.8.3 2011-02-03 12:17:49 tbox Exp */
+/* Id: server.c,v 1.599.8.4 2011-02-16 19:46:12 each Exp */
/*! \file */
@@ -3478,6 +3478,7 @@
if (pview != NULL && pview->managed_keys != NULL) {
dns_zone_attach(pview->managed_keys, &view->managed_keys);
+ dns_zone_setview(pview->managed_keys, view);
dns_view_detach(&pview);
return (ISC_R_SUCCESS);
}
diff -r 9acf624f35a0 -r 475d1f32da9e external/bsd/bind/dist/lib/dns/ncache.c
--- a/external/bsd/bind/dist/lib/dns/ncache.c Sun May 29 13:31:30 2011 +0000
+++ b/external/bsd/bind/dist/lib/dns/ncache.c Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ncache.c,v 1.2 2011/02/16 03:47:04 christos Exp $ */
+/* $NetBSD: ncache.c,v 1.3 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: ncache.c,v 1.50.124.1 2011-02-03 07:39:03 marka Exp */
+/* Id: ncache.c,v 1.50.124.1.2.1 2011-05-27 00:57:31 each Exp */
/*! \file */
@@ -188,7 +188,7 @@
*/
isc_buffer_availableregion(&buffer,
&r);
- if (r.length < 2)
+ if (r.length < 3)
return (ISC_R_NOSPACE);
isc_buffer_putuint16(&buffer,
rdataset->type);
diff -r 9acf624f35a0 -r 475d1f32da9e external/bsd/bind/dist/lib/dns/rbtdb.c
--- a/external/bsd/bind/dist/lib/dns/rbtdb.c Sun May 29 13:31:30 2011 +0000
+++ b/external/bsd/bind/dist/lib/dns/rbtdb.c Sun May 29 15:17:08 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rbtdb.c,v 1.7 2011/02/16 03:47:04 christos Exp $ */
+/* $NetBSD: rbtdb.c,v 1.8 2011/05/29 15:17:09 spz Exp $ */
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: rbtdb.c,v 1.310 2011-01-13 09:53:04 marka Exp */
+/* Id: rbtdb.c,v 1.310.8.1 2011-02-18 23:23:08 each Exp */
/*! \file */
@@ -394,12 +394,15 @@
typedef struct {
/* Unlocked. */
dns_db_t common;
+ /* Locks the data in this struct */
#if DNS_RBTDB_USERWLOCK
isc_rwlock_t lock;
#else
isc_mutex_t lock;
#endif
+ /* Locks the tree structure (prevents nodes appearing/disappearing) */
isc_rwlock_t tree_lock;
+ /* Locks for individual tree nodes */
unsigned int node_lock_count;
rbtdb_nodelock_t * node_locks;
dns_rbtnode_t * origin_node;
@@ -7266,7 +7269,7 @@
REQUIRE(VALID_RBTDB(rbtdb));
- RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read);
+ RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
Home |
Main Index |
Thread Index |
Old Index